public function Add($data) { if (($r = self::CheckAuth()) !== false) { return $r; } $arFieldsInfo = CCrmContact::GetFields(); $arFields = array(); $arEl = $data->elementsByName('Field'); foreach ($arEl as $el) { $children = $el->children(); $sFieldName = $el->getAttribute('id'); // Fix for issue #40193 if (!isset($arFieldsInfo[$sFieldName])) { continue; } if (!is_null($children)) { $arFields[$sFieldName] = array(); foreach ($children as $child) { $arFields[$sFieldName][] = $child->content; } } else { $arFields[$sFieldName] = $el->content; } } CCrmFieldMulti::PrepareFields($arFields); if (isset($arFields['PHOTO'])) { $arFile = null; if (CCrmUrlUtil::HasScheme($arFields['PHOTO']) && CCrmUrlUtil::IsSecureUrl($arFields['PHOTO'])) { $arFile = CFile::MakeFileArray($arFields['PHOTO']); if (is_array($arFile)) { $arFile += array('MODULE_ID' => 'crm'); } } if (is_array($arFile)) { $arFields['PHOTO'] = $arFile; } else { unset($arFields['PHOTO']); } } $arUserFields = $GLOBALS['USER_FIELD_MANAGER']->GetUserFields(CCrmContact::$sUFEntityID); foreach ($arUserFields as $FIELD_NAME => $arUserField) { if ($arUserField['USER_TYPE']['BASE_TYPE'] == 'file') { if (!isset($arFields[$FIELD_NAME])) { continue; } if (is_array($arFields[$FIELD_NAME])) { $arFiles = array(); foreach ($arFields[$FIELD_NAME] as $sFilePath) { if (!(CCrmUrlUtil::HasScheme($sFilePath) && CCrmUrlUtil::IsSecureUrl($sFilePath))) { continue; } $arFile = CFile::MakeFileArray($sFilePath); if (is_array($arFile)) { $arFile += array('MODULE_ID' => 'crm'); $arFiles[] = $arFile; } } $arFields[$FIELD_NAME] = $arFiles; } else { $arFile = null; $sFilePath = $arFields[$FIELD_NAME]; if (CCrmUrlUtil::HasScheme($sFilePath) && CCrmUrlUtil::IsSecureUrl($sFilePath)) { $arFile = CFile::MakeFileArray($sFilePath); if (is_array($arFile)) { $arFile += array('MODULE_ID' => 'crm'); } } if (is_array($arFile)) { $arFields[$FIELD_NAME] = $arFile; } else { unset($arFields[$FIELD_NAME]); } } } } $CCrmContact = new CCrmContact(); return $CCrmContact->Add($arFields) ? 'ok' : new CSoapFault('CCrmLead::Add', htmlspecialcharsbx(strip_tags(nl2br($arFields['RESULT_MESSAGE'])))); }
/** * @return string */ public function getFileInfo() { $fileInfo = null; if ($this->encoding === 'B' || $this->encoding === 'BASE64') { $type = $this->type !== '' ? strtolower($this->type) : 'jpg'; if ($type === '' || !in_array($type, explode(',', \CFile::GetImageExtensions()), true)) { $type = 'jpg'; } $filePath = \CTempFile::GetFileName(uniqid('vcard_img') . '.' . $type); CheckDirPath($filePath); //Removing of line folding $encodedData = preg_replace("/\\\\n/i", "\n", $this->value); if (file_put_contents($filePath, base64_decode($encodedData)) !== false) { $fileInfo = \CFile::MakeFileArray($filePath, "image/{$type}"); } } elseif ($this->valueType === 'URI' && \CCrmUrlUtil::HasScheme($this->value) && \CCrmUrlUtil::IsSecureUrl($this->value)) { $fileInfo = \CFile::MakeFileArray($this->value); } return is_array($fileInfo) && strlen(\CFile::CheckImageFile($fileInfo)) === 0 ? $fileInfo : null; }
} if (!function_exists('__CrmEventGetPhones')) { function __CrmEventGetPhones($entityID, $elementID) { $result = array(); $arFields = CCrmFieldMulti::GetEntityFields($entityID, $elementID, 'PHONE', true, false); foreach ($arFields as $arField) { $result[] = array('TITLE' => $arField['ENTITY_NAME'], 'NUMBER' => $arField['VALUE']); } return $result; } } CUtil::InitJSCore(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $eventPage = isset($_POST['EVENT_PAGE']) ? $_POST['EVENT_PAGE'] : ''; if ($eventPage === '' || !CCrmUrlUtil::IsSecureUrl($eventPage)) { $eventPage = $GLOBALS['APPLICATION']->GetCurPage(); } $formID = isset($_POST['FORM_ID']) ? $_POST['FORM_ID'] : ''; if ($formID === '') { $formID = 'CRM_' . trim($_POST['ENTITY_TYPE']) . '_' . trim($_POST['FORM_TYPE']) . '_V12'; } $arResult['EVENT_PAGE'] = CHTTP::urlAddParams($eventPage, array($formID . '_active_tab' => !empty($_POST['TAB_ID']) ? $_POST['TAB_ID'] : 'tab_event')); if (check_bitrix_sessid()) { $entityTypeID = isset($_POST['ENTITY_TYPE']) ? trim($_POST['ENTITY_TYPE']) : ''; $entityID = isset($_POST['ENTITY_ID']) ? intval($_POST['ENTITY_ID']) : 0; $eventID = isset($_POST['EVENT_ID']) ? trim($_POST['EVENT_ID']) : ''; $eventDesc = isset($_POST['EVENT_DESC']) ? trim($_POST['EVENT_DESC']) : ''; $eventDate = isset($_POST['EVENT_DATE']) ? trim($_POST['EVENT_DATE']) : ''; $postFiles = isset($_FILES['ATTACH']) ? $_FILES['ATTACH'] : array(); $attachedFiles = array();
} else { if ($arProps[$currentKey]['PROPERTY_TYPE'] === 'L' && $arProps[$currentKey]['USER_TYPE'] === '') { $propValueHash = md5($data); if (!isset($arPropertyListCache[$propID])) { $arPropertyListCache[$propID] = array(); $propEnumRes = CIBlockPropertyEnum::GetList(array('SORT' => 'ASC', 'VALUE' => 'ASC'), array('IBLOCK_ID' => $catalogID, 'PROPERTY_ID' => $propID)); while ($propEnumValue = $propEnumRes->Fetch()) { $arPropertyListCache[$propID][md5($propEnumValue['VALUE'])] = $propEnumValue['ID']; } } if (isset($arPropertyListCache[$propID][$propValueHash])) { $prop = array('VALUE' => $arPropertyListCache[$propID][$propValueHash]); } } else { if ($arProps[$currentKey]['PROPERTY_TYPE'] === 'F' && $arProps[$currentKey]['USER_TYPE'] === '') { if (CCrmUrlUtil::HasScheme($data) && CCrmUrlUtil::IsSecureUrl($data)) { $data = CFile::MakeFileArray($data); $file = new CFile(); if (is_array($data) && strlen($file->CheckFile($data)) === 0) { $prop = array('VALUE' => array_merge($data, array('MODULE_ID' => 'crm'))); } unset($file); } } else { if ($arProps[$currentKey]['PROPERTY_TYPE'] === 'S' && $arProps[$currentKey]['USER_TYPE'] === 'HTML') { if (strtoupper(substr($data, 0, 6)) !== '[TEXT]') { if ($sanitizer === null || !$sanitizer instanceof CBXSanitizer) { $sanitizer = new CBXSanitizer(); $sanitizer->ApplyDoubleEncode(false); $sanitizer->SetLevel(CBXSanitizer::SECURE_LEVEL_LOW); }
public static function TryResolveFile($var, &$file, $options = array()) { if (!is_array($options)) { $options = array(); } $result = null; if (is_array($var)) { if (isset($options['ENABLE_UPLOAD']) && $options['ENABLE_UPLOAD'] && self::IsUploadedFile($var)) { $result = $var; } } elseif (is_numeric($var)) { if (isset($options['ENABLE_ID']) && $options['ENABLE_ID']) { $result = CFile::MakeFileArray($var); } } elseif (is_string($var)) { $path = CCrmUrlUtil::ToAbsoluteUrl($var); //Parent directories and not secure URLs are not allowed. if ($path !== '' && !CHTTP::isPathTraversalUri($path) && CCrmUrlUtil::IsSecureUrl($path)) { $result = CFile::MakeFileArray($path); } } if (is_array($result)) { $result['MODULE_ID'] = 'crm'; $file = $result; return true; } return false; }
public static function TryResolveFile(&$path, &$file, $arOptions = array()) { $result = null; if (is_numeric($path)) { if (is_array($arOptions) && isset($arOptions['ENABLE_ID']) && $arOptions['ENABLE_ID']) { $result = CFile::MakeFileArray($path); } } elseif (is_string($path)) { $absPath = CCrmUrlUtil::ToAbsoluteUrl($path); //Parent directories and not secure URLs are not allowed. if ($absPath !== '' && preg_match('/[\\/,\\\\]\\.\\.[\\/,\\\\]/', $absPath) !== 1 && CCrmUrlUtil::IsSecureUrl($absPath)) { $result = CFile::MakeFileArray($absPath); } } if (is_array($result)) { $result['MODULE_ID'] = 'crm'; $file = $result; return true; } return false; }