function testEmailCleanup()
{
$inStr = <<<EOS
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
<SPAN style="FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt">hello, <o:p></o:p></SPAN><BR>
<SPAN style="FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt">i recently got Batman Arkham City and tried to get catwoman as an add-on character but when i put the code in it said that my code had already been used. <o:p></o:p></SPAN><BR>
<SPAN style="FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt">what can i do, so that i can play catwoman?<o:p></o:p></SPAN><BR>
<BR> </div></body>
</html>
EOS;
$outStr = <<<EOS
<div dir="ltr">
<span style="font-family:Tahoma, 'sans-serif';font-size:10pt;">hello, </span><p></p><br /><span style="font-family:Tahoma, 'sans-serif';font-size:10pt;">i recently got Batman Arkham City and tried to get catwoman as an add-on character but when i put the code in it said that my code had already been used. </span><p></p><br /><span style="font-family:Tahoma, 'sans-serif';font-size:10pt;">what can i do, so that i can play catwoman?</span><p></p><br /><br /></div>
EOS;
$actual = SugarCleaner::cleanHtml($inStr);
// Normalize the line endings - Bug #51227
$outStr = str_replace("\r\n", "\n", $outStr);
$actual = str_replace("\r\n", "\n", $actual);
$this->assertEquals(trim($outStr), trim($actual));
}
/**
* Takes in the request params from a save request and processes
* them for the save.
* @param REQUEST $params Labels as "label_".System label => Display label pairs
* @param string $language Language key, for example 'en_us'
*/
function handleSave($params, $language)
{
$labels = array();
foreach ($params as $key => $value) {
if (preg_match('/^label_/', $key) && strcmp($value, 'no_change') != 0) {
$labels[strtoupper(substr($key, 6))] = SugarCleaner::cleanHtml(from_html($value), false);
}
}
if (!empty($this->packageName)) {
return self::addLabels($language, $labels, $this->moduleName, "custom/modulebuilder/packages/{$this->packageName}/modules/{$this->moduleName}/language");
} else {
$addLabelsResult = true;
$addExtLabelsResult = true;
$extLabels = array();
$extFile = "custom/modules/" . $this->moduleName . "/Ext/Language/" . $language . ".lang.ext.php";
if (is_file($extFile)) {
include $extFile;
foreach ($labels as $key => $value) {
if (isset($mod_strings[$key])) {
$extLabels[$key] = $value;
unset($labels[$key]);
}
}
}
if (!empty($labels)) {
$addLabelsResult = self::addLabels($language, $labels, $this->moduleName);
}
if (!empty($extLabels)) {
$addExtLabelsResult = self::addLabels($language, $extLabels, $this->moduleName, null, true);
}
return $addLabelsResult && $addExtLabelsResult;
}
}
function save($df)
{
$this->ext3 = 'text';
// clean the field of any dangerous html tags like the script tag, etc
$this->ext4 = SugarCleaner::cleanHtml($this->ext4, true);
parent::save($df);
}
/**
* Saves the current comment.
* @param boolean $check_notify
* @return string|bool GUID of saved comment or false.
*/
public function save($check_notify = false)
{
//if a string convert to object
if (is_string($this->data)) {
$this->data = json_decode($this->data, true);
}
if (!empty($this->data['value'])) {
$this->data['value'] = SugarCleaner::cleanHtml($this->data['value']);
}
if (!is_string($this->data)) {
$this->data = json_encode($this->data);
}
$activity = BeanFactory::getBean('Activities', $this->parent_id);
if (!empty($activity) && $activity->id) {
$isNew = empty($this->id) || $this->new_with_id;
if (parent::save($check_notify)) {
if ($isNew) {
$activity->addComment($this);
$this->processCommentTags($activity);
}
return $this->id;
}
}
return false;
}
/**
* @dataProvider getUrls
* @param string $url
*/
function testEmailCleanup($url, $imgShouldBeRemoved)
{
$data = "Test: <img src=\"{$url}\">";
if ($imgShouldBeRemoved) {
$res = str_replace("<img />", "", SugarCleaner::cleanHtml($data));
$this->assertNotContains("<img", $res);
} else {
$this->assertContains("<img", SugarCleaner::cleanHtml($data));
}
}
/**
* Takes in the request params from a save request and processes
* them for the save.
* @param REQUEST $params Labels as "label_".System label => Display label pairs
* @param string $language Language key, for example 'en_us'
*/
function handleSave($params, $language)
{
$labels = array();
foreach ($params as $key => $value) {
if (preg_match('/^label_/', $key) && strcmp($value, 'no_change') != 0) {
$labels[strtoupper(substr($key, 6))] = SugarCleaner::cleanHtml(from_html($value), false);
}
}
if (!empty($this->packageName)) {
return self::addLabels($language, $labels, $this->moduleName, "custom/modulebuilder/packages/{$this->packageName}/modules/{$this->moduleName}/language");
} else {
return self::addLabels($language, $labels, $this->moduleName);
}
}
function save($check_notify = false)
{
$this->name = SugarCleaner::cleanHtml($this->name);
$this->description = SugarCleaner::cleanHtml($this->description);
global $current_user, $sugar_config;
parent::save($check_notify);
$email_template = new EmailTemplate();
if ($_REQUEST['module'] == 'Import') {
//Don't send email on import
return;
}
if (!isAOPEnabled()) {
return;
}
if ($this->internal) {
return;
}
$signature = array();
$addDelimiter = true;
$aop_config = $sugar_config['aop'];
if ($this->assigned_user_id) {
if ($aop_config['contact_email_template_id']) {
$email_template = $email_template->retrieve($aop_config['contact_email_template_id']);
$signature = $current_user->getDefaultSignature();
}
if ($email_template) {
foreach ($this->getContacts() as $contact) {
$GLOBALS['log']->info("AOPCaseUpdates: Calling send email");
$emails = array();
$emails[] = $contact->emailAddress->getPrimaryAddress($contact);
$res = $this->sendEmail($emails, $email_template, $signature, $this->case_id, $addDelimiter, $contact->id);
}
}
} else {
$emails = $this->getEmailForUser();
if ($aop_config['user_email_template_id']) {
$email_template = $email_template->retrieve($aop_config['user_email_template_id']);
}
$addDelimiter = false;
if ($emails && $email_template) {
$GLOBALS['log']->info("AOPCaseUpdates: Calling send email");
$res = $this->sendEmail($emails, $email_template, $signature, $this->case_id, $addDelimiter, $this->contact_id);
}
}
if ($emails && $email_template) {
$GLOBALS['log']->info("AOPCaseUpdates: Calling send email");
$res = $this->sendEmail($emails, $email_template, $signature, $this->case_id, $addDelimiter);
}
}
function save($check_notify = false)
{
$this->name = SugarCleaner::cleanHtml($this->name);
$this->description = SugarCleaner::cleanHtml($this->description);
parent::save($check_notify);
if (file_exists('custom/modules/AOP_Case_Updates/CaseUpdatesHook.php')) {
require_once 'custom/modules/AOP_Case_Updates/CaseUpdatesHook.php';
} else {
require_once 'modules/AOP_Case_Updates/CaseUpdatesHook.php';
}
if (class_exists('CustomCaseUpdatesHook')) {
$hook = new CustomCaseUpdatesHook();
} else {
$hook = new CaseUpdatesHook();
}
$hook->sendCaseUpdate($this);
}
protected function clean($str)
{
return SugarCleaner::cleanHtml($str, false);
}
/**
* Determine which modules have been updated and return an array with the module name as the key
* and the singular/plural entries as the value.
*
* @return array
*/
private function getChangedModules()
{
$count = 0;
$allModuleEntries = array();
$results = array();
$params = $_REQUEST;
$selected_lang = !empty($params['dropdown_lang']) ? $params['dropdown_lang'] : $_SESSION['authenticated_user_language'];
$current_app_list_string = return_app_list_strings_language($selected_lang);
while (isset($params['slot_' . $count])) {
$index = $params['slot_' . $count];
$key = isset($params['key_' . $index]) ? SugarCleaner::stripTags($params['key_' . $index]) : 'BLANK';
$value = isset($params['value_' . $index]) ? SugarCleaner::stripTags($params['value_' . $index]) : '';
$svalue = isset($params['svalue_' . $index]) ? SugarCleaner::stripTags($params['svalue_' . $index]) : $value;
if ($key == 'BLANK') {
$key = '';
}
$key = trim($key);
$value = trim($value);
$svalue = trim($svalue);
//If the module key dne then do not continue with this rename.
if (isset($current_app_list_string['moduleList'][$key])) {
$allModuleEntries[$key] = array('s' => $svalue, 'p' => $value);
} else {
$_REQUEST['delete_' . $count] = TRUE;
}
$count++;
}
foreach ($allModuleEntries as $k => $e) {
$svalue = $e['s'];
$pvalue = $e['p'];
$prev_plural = $current_app_list_string['moduleList'][$k];
$prev_singular = isset($current_app_list_string['moduleListSingular'][$k]) ? $current_app_list_string['moduleListSingular'][$k] : $prev_plural;
if (strcmp($prev_plural, $pvalue) != 0 || strcmp($prev_singular, $svalue) != 0) {
$results[$k] = array('singular' => $svalue, 'plural' => $pvalue, 'prev_singular' => $prev_singular, 'prev_plural' => $prev_plural, 'key_plural' => $k, 'key_singular' => $this->getModuleSingularKey($k));
}
}
return $results;
}
function save($check_notify = false)
{
global $current_user;
if ($this->isDuplicate) {
$GLOBALS['log']->debug("EMAIL - tried to save a duplicate Email record");
} else {
if (empty($this->id)) {
$this->id = create_guid();
$this->new_with_id = true;
}
$this->from_addr_name = $this->cleanEmails($this->from_addr_name);
$this->to_addrs_names = $this->cleanEmails($this->to_addrs_names);
$this->cc_addrs_names = $this->cleanEmails($this->cc_addrs_names);
$this->bcc_addrs_names = $this->cleanEmails($this->bcc_addrs_names);
$this->reply_to_addr = $this->cleanEmails($this->reply_to_addr);
$this->description = SugarCleaner::cleanHtml($this->description);
$this->description_html = SugarCleaner::cleanHtml($this->description_html, true);
$this->raw_source = SugarCleaner::cleanHtml($this->raw_source, true);
$this->saveEmailText();
$this->saveEmailAddresses();
$GLOBALS['log']->debug('-------------------------------> Email called save()');
// handle legacy concatenation of date and time fields
//Bug 39503 - SugarBean is not setting date_sent when seconds missing
if (empty($this->date_sent)) {
global $timedate;
$date_sent_obj = $timedate->fromUser($timedate->merge_date_time($this->date_start, $this->time_start), $current_user);
if (!empty($date_sent_obj) && $date_sent_obj instanceof SugarDateTime) {
$this->date_sent = $date_sent_obj->asDb();
}
}
parent::save($check_notify);
if (!empty($this->parent_type) && !empty($this->parent_id)) {
if (!empty($this->fetched_row) && !empty($this->fetched_row['parent_id']) && !empty($this->fetched_row['parent_type'])) {
if ($this->fetched_row['parent_id'] != $this->parent_id || $this->fetched_row['parent_type'] != $this->parent_type) {
$mod = strtolower($this->fetched_row['parent_type']);
$rel = array_key_exists($mod, $this->field_defs) ? $mod : $mod . "_activities_emails";
//Custom modules rel name
if ($this->load_relationship($rel)) {
$this->{$rel}->delete($this->id, $this->fetched_row['parent_id']);
}
}
}
$mod = strtolower($this->parent_type);
$rel = array_key_exists($mod, $this->field_defs) ? $mod : $mod . "_activities_emails";
//Custom modules rel name
if ($this->load_relationship($rel)) {
$this->{$rel}->add($this->parent_id);
}
}
}
$GLOBALS['log']->debug('-------------------------------> Email save() done');
}
public function filterHTML($bean, $event, $arguments)
{
$bean->description = SugarCleaner::cleanHtml($bean->description, true);
}
/**
* Remove potential xss vectors from strings
* @param string str String to search for XSS attack vectors
* @deprecated
* @return string
*/
function remove_xss($str)
{
return SugarCleaner::cleanHtml($str, false);
}
/**
* Cleans char, varchar, text, etc. fields of XSS type materials
*/
function cleanBean()
{
foreach ($this->field_defs as $key => $def) {
if (isset($def['type'])) {
$type = $def['type'];
}
if (isset($def['dbType'])) {
$type .= $def['dbType'];
}
if ($def['type'] == 'html' || $def['type'] == 'longhtml') {
$this->{$key} = SugarCleaner::cleanHtml($this->{$key}, true);
} elseif ((strpos($type, 'char') !== false || strpos($type, 'text') !== false || $type == 'enum') && !empty($this->{$key})) {
$this->{$key} = SugarCleaner::cleanHtml($this->{$key});
}
}
}
/**
* Takes in the request params from a save request and processes
* them for the save.
*
* @param REQUEST params $params
*/
function saveTabGroups($params)
{
//#30205
global $sugar_config;
//Get the selected tab group language
$grouptab_lang = !empty($params['grouptab_lang']) ? $params['grouptab_lang'] : $_SESSION['authenticated_user_language'];
$tabGroups = array();
$selected_lang = !empty($params['dropdown_lang']) ? $params['dropdown_lang'] : $_SESSION['authenticated_user_language'];
$slot_count = $params['slot_count'];
$completedIndexes = array();
for ($count = 0; $count < $slot_count; $count++) {
if ($params['delete_' . $count] == 1 || !isset($params['slot_' . $count])) {
continue;
}
$index = $params['slot_' . $count];
if (isset($completedIndexes[$index])) {
continue;
}
$labelID = !empty($params['tablabelid_' . $index]) ? $params['tablabelid_' . $index] : 'LBL_GROUPTAB' . $count . '_' . time();
$labelValue = SugarCleaner::stripTags(from_html($params['tablabel_' . $index]), false);
$app_strings = return_application_language($grouptab_lang);
if (empty($app_strings[$labelID]) || $app_strings[$labelID] != $labelValue) {
$contents = return_custom_app_list_strings_file_contents($grouptab_lang);
$new_contents = replace_or_add_app_string($labelID, $labelValue, $contents);
save_custom_app_list_strings_contents($new_contents, $grouptab_lang);
$languages = get_languages();
foreach ($languages as $language => $langlabel) {
if ($grouptab_lang == $language) {
continue;
}
$app_strings = return_application_language($language);
if (!isset($app_strings[$labelID])) {
$contents = return_custom_app_list_strings_file_contents($language);
$new_contents = replace_or_add_app_string($labelID, $labelValue, $contents);
save_custom_app_list_strings_contents($new_contents, $language);
}
}
$app_strings[$labelID] = $labelValue;
}
$tabGroups[$labelID] = array('label' => $labelID);
$tabGroups[$labelID]['modules'] = array();
for ($subcount = 0; isset($params[$index . '_' . $subcount]); $subcount++) {
$tabGroups[$labelID]['modules'][] = $params[$index . '_' . $subcount];
}
$completedIndexes[$index] = true;
}
// Force a rebuild of the app language
global $current_user;
include get_custom_file_if_exists('modules/Administration/RebuildJSLang.php');
sugar_cache_clear('app_strings.' . $grouptab_lang);
$newFile = create_custom_directory('include/tabConfig.php');
write_array_to_file("GLOBALS['tabStructure']", $tabGroups, $newFile);
$GLOBALS['tabStructure'] = $tabGroups;
}
function savePageTitle()
{
global $current_user;
$pages = $current_user->getPreference('pages', $this->type);
$json = getJSONobj();
$newPageName = $json->decode(html_entity_decode($_REQUEST['newPageTitle']));
$pages[$_REQUEST['pageId']]['pageTitle'] = SugarCleaner::stripTags(from_html($newPageName), false);
$current_user->setPreference('pages', $pages, 0, $this->type);
return to_html($pages[$_REQUEST['pageId']]['pageTitle'], ENT_QUOTES);
}
/**
* Gets all modules from the request. This is used to build the singular
* module list for changes so that the entire list is set properly into the
* global array after save. This is also used to get all changed modules.
*
* @return array
*/
protected function getAllModulesFromRequest()
{
// We really only want to get this once
if (!empty($this->requestModules)) {
return $this->requestModules;
}
global $locale;
$count = 0;
$allModuleEntries = array();
$results = array();
$params = $_REQUEST;
if (!empty($_REQUEST['dropdown_lang'])) {
$selected_lang = $_REQUEST['dropdown_lang'];
} else {
$selected_lang = $locale->getAuthenticatedUserLanguage();
}
$current_app_list_string = return_app_list_strings_language($selected_lang);
while (isset($params['slot_' . $count])) {
$index = $params['slot_' . $count];
$key = isset($params['key_' . $index]) ? SugarCleaner::stripTags($params['key_' . $index]) : 'BLANK';
$value = isset($params['value_' . $index]) ? SugarCleaner::stripTags($params['value_' . $index]) : '';
$svalue = isset($params['svalue_' . $index]) ? SugarCleaner::stripTags($params['svalue_' . $index]) : $value;
if ($key == 'BLANK') {
$key = '';
}
$key = trim($key);
$value = trim($value);
$svalue = trim($svalue);
//If the module key dne then do not continue with this rename.
if (isset($current_app_list_string['moduleList'][$key])) {
$allModuleEntries[$key] = array('s' => $svalue, 'p' => $value);
} else {
$_REQUEST['delete_' . $count] = true;
}
$count++;
}
foreach ($allModuleEntries as $k => $e) {
$svalue = $e['s'];
$pvalue = $e['p'];
$prev_plural = $current_app_list_string['moduleList'][$k];
$prev_singular = isset($current_app_list_string['moduleListSingular'][$k]) ? $current_app_list_string['moduleListSingular'][$k] : $prev_plural;
$results[$k] = array('singular' => $svalue, 'plural' => $pvalue, 'prev_singular' => $prev_singular, 'prev_plural' => $prev_plural, 'key_plural' => $k, 'key_singular' => $this->getModuleSingularKey($k), 'changed' => strcmp($prev_plural, $pvalue) != 0 || strcmp($prev_singular, $svalue) != 0);
}
$this->requestModules = $results;
return $results;
}
/**
* @dataProvider getData
* @param string $url
*/
function testEmailCleanup($data, $res)
{
$this->assertEquals($res, SugarCleaner::cleanHtml($data));
}
/**
* Takes in the request params from a save request and processes
* them for the save.
*
* @param REQUEST params $params
*/
public function saveDropDown($params)
{
global $locale;
$emptyMarker = translate('LBL_BLANK');
if (!empty($_REQUEST['dropdown_lang'])) {
$selected_lang = $_REQUEST['dropdown_lang'];
} else {
$selected_lang = $locale->getAuthenticatedUserLanguage();
}
$type = $_REQUEST['view_package'];
$dropdown_name = $params['dropdown_name'];
$json = getJSONobj();
$list_value = str_replace('"":""', '"__empty__":""', $params['list_value']);
//Bug 21362 ENT_QUOTES- convert single quotes to escaped single quotes.
$temp = $json->decode(html_entity_decode(rawurldecode($list_value), ENT_QUOTES));
$dropdown = array();
// dropdown is received as an array of (name,value) pairs - now extract to name=>value format preserving order
// we rely here on PHP to preserve the order of the received name=>value pairs - associative arrays in PHP are ordered
if (is_array($temp)) {
foreach ($temp as $item) {
$dropdown[SugarCleaner::stripTags(from_html($item[0]), false)] = SugarCleaner::stripTags(from_html($item[1]), false);
}
}
if (array_key_exists($emptyMarker, $dropdown)) {
$output = array();
foreach ($dropdown as $key => $value) {
if ($emptyMarker === $key) {
$output[''] = '';
} else {
$output[$key] = $value;
}
}
$dropdown = $output;
}
if ($type != 'studio') {
$mb = new ModuleBuilder();
$module = $mb->getPackageModule($params['view_package'], $params['view_module']);
$this->synchMBDropDown($dropdown_name, $dropdown, $selected_lang, $module);
//Can't use synch on selected lang as we want to overwrite values, not just keys
$module->mblanguage->appListStrings[$selected_lang . '.lang.php'][$dropdown_name] = $dropdown;
$module->mblanguage->save($module->key_name, false, true);
// tyoung - key is required parameter as of
} else {
$contents = return_custom_app_list_strings_file_contents($selected_lang);
$my_list_strings = return_app_list_strings_language($selected_lang);
if ($selected_lang == $GLOBALS['current_language']) {
$GLOBALS['app_list_strings'][$dropdown_name] = $dropdown;
}
//write to contents
$contents = str_replace("?>", '', $contents);
if (empty($contents)) {
$contents = "<?php";
}
// Skip saveExemptDropdowns on upgrades
if (empty($params['skipSaveExemptDropdowns'])) {
$dropdown = $this->saveExemptDropdowns($dropdown, $dropdown_name, $my_list_strings, $selected_lang);
}
//add new drop down to the bottom
if (!empty($params['use_push'])) {
//this is for handling moduleList and such where nothing should be deleted or anything but they can be renamed
$app_list_strings = array();
$filePath = $this->getExtensionFilePath($dropdown_name, $selected_lang);
//Include the original extension to ensure any values sourced from it are kept.
if (sugar_is_file($filePath)) {
include $filePath;
}
foreach ($dropdown as $key => $value) {
//only if the value has changed or does not exist do we want to add it this way
if (!isset($my_list_strings[$dropdown_name][$key]) || strcmp($my_list_strings[$dropdown_name][$key], $value) != 0) {
$app_list_strings[$dropdown_name][$key] = $value;
}
}
//Now that we have all the values, save the overrides to the extension
if (!empty($app_list_strings[$dropdown_name])) {
$contents = "<?php\n //created: " . date('Y-m-d H:i:s') . "\n";
foreach ($app_list_strings[$dropdown_name] as $key => $value) {
$contents .= "\n\$app_list_strings['{$dropdown_name}']['{$key}']=" . var_export_helper($value) . ";";
}
$this->saveContents($dropdown_name, $contents, $selected_lang);
}
} else {
if (empty($params['skip_sync'])) {
// Now synch up the keys in other languages to ensure that removed/added
// Drop down values work properly under all langs.
// If skip_sync, we don't want to sync ALL languages
$this->synchDropDown($dropdown_name, $dropdown, $selected_lang);
}
$contents = $this->getExtensionContents($dropdown_name, $dropdown);
$this->saveContents($dropdown_name, $contents, $selected_lang);
}
}
$this->finalize($selected_lang);
}
function retrieve($id, $encoded = true, $deleted = true)
{
// cn: bug 11915, return SugarBean's retrieve() call bean instead of $this
$ret = parent::retrieve($id, $encoded, $deleted);
if ($ret) {
$ret->retrieveEmailText();
$ret->raw_source = SugarCleaner::cleanHtml($ret->raw_source);
$ret->description = to_html($ret->description);
$ret->description_html = SugarCleaner::cleanHtml($ret->description_html);
$ret->retrieveEmailAddresses();
$ret->date_start = '';
$ret->time_start = '';
$dateSent = explode(' ', $ret->date_sent);
if (!empty($dateSent)) {
$ret->date_start = $dateSent[0];
if (isset($dateSent[1])) {
$ret->time_start = $dateSent[1];
}
}
// for Email 2.0
foreach ($ret as $k => $v) {
$this->{$k} = $v;
}
}
return $ret;
}
/**
* Processes the html with HtmlPurifier
*
* @param string $html
* @return string
*/
protected function cleanHtml($html)
{
return SugarCleaner::cleanHtml($html);
}
<?php
if (!defined('sugarEntry') || !sugarEntry) {
die('Not A Valid Entry Point');
}
/*
* Your installation or use of this SugarCRM file is subject to the applicable
* terms available at
* http://support.sugarcrm.com/06_Customer_Center/10_Master_Subscription_Agreements/.
* If you do not agree to all of the applicable terms or do not have the
* authority to bind the entity as an authorized representative, then do not
* install or use this SugarCRM file.
*
* Copyright (C) SugarCRM Inc. All rights reserved.
*/
if (isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'show_raw') {
if (!class_exists("Email")) {
}
$email = BeanFactory::getBean('Emails', $_REQUEST['metadata']);
echo nl2br(SugarCleaner::cleanHtml($email->raw_source));
} else {
require_once 'include/Popups/Popup_picker.php';
$popup = new Popup_Picker();
echo $popup->process_page();
}
/**
* returns the HTML text part of a multi-part message
*
* @param int msgNo the relative message number for the monitored mailbox
* @param string $type the type of text processed, either 'PLAIN' or 'HTML'
* @return string UTF-8 encoded version of the requested message text
*/
function getMessageText($msgNo, $type, $structure, $fullHeader, $clean_email = true, $bcOffset = "")
{
global $sugar_config;
$msgPart = '';
$bc = $this->buildBreadCrumbs($structure->parts, $type);
//Add an offset if specified
if (!empty($bcOffset)) {
$bc = $this->addBreadCrumbOffset($bc, $bcOffset);
}
if (!empty($bc)) {
// multi-part
// HUGE difference between PLAIN and HTML
if ($type == 'PLAIN') {
$msgPart = $this->getMessageTextFromSingleMimePart($msgNo, $bc, $structure);
} else {
// get part of structure that will
$msgPartRaw = '';
$bcArray = $this->buildBreadCrumbsHTML($structure->parts, $bcOffset);
// construct inline HTML/Rich msg
foreach ($bcArray as $bcArryKey => $bcArr) {
foreach ($bcArr as $type => $bcTrail) {
if ($type == 'html') {
$msgPartRaw .= $this->getMessageTextFromSingleMimePart($msgNo, $bcTrail, $structure);
} else {
// deal with inline image
$part = $this->getPartByPath($bcTrail, $structure->parts);
if (empty($part) || empty($part->id)) {
continue;
}
$partid = substr($part->id, 1, -1);
// strip <> around
if (isset($this->inlineImages[$partid])) {
$imageName = $this->inlineImages[$partid];
$newImagePath = "class=\"image\" src=\"{$this->imagePrefix}{$imageName}\"";
$preImagePath = "src=\"cid:{$partid}\"";
$msgPartRaw = str_replace($preImagePath, $newImagePath, $msgPartRaw);
}
}
}
}
$msgPart = $msgPartRaw;
}
} else {
// either PLAIN message type (flowed) or b0rk3d RFC
// make sure we're working on valid data here.
if ($structure->subtype != $type) {
return '';
}
$decodedHeader = $this->decodeHeader($fullHeader);
// now get actual body contents
$text = imap_body($this->conn, $msgNo);
$upperCaseKeyDecodeHeader = array();
if (is_array($decodedHeader)) {
$upperCaseKeyDecodeHeader = array_change_key_case($decodedHeader, CASE_UPPER);
}
// if
if (isset($upperCaseKeyDecodeHeader[strtoupper('Content-Transfer-Encoding')])) {
$flip = array_flip($this->transferEncoding);
$text = $this->handleTranserEncoding($text, $flip[strtoupper($upperCaseKeyDecodeHeader[strtoupper('Content-Transfer-Encoding')])]);
}
if (is_array($upperCaseKeyDecodeHeader['CONTENT-TYPE']) && isset($upperCaseKeyDecodeHeader['CONTENT-TYPE']['charset']) && !empty($upperCaseKeyDecodeHeader['CONTENT-TYPE']['charset'])) {
// we have an explicit content type, use it
$msgPart = $this->handleCharsetTranslation($text, $upperCaseKeyDecodeHeader['CONTENT-TYPE']['charset']);
} else {
// make a best guess as to what our content type is
$msgPart = $this->convertToUtf8($text);
}
}
// end else clause
$msgPart = $this->customGetMessageText($msgPart);
/* cn: bug 9176 - htmlEntitites hide XSS attacks. */
if ($type == 'PLAIN') {
return SugarCleaner::cleanHtml(to_html($msgPart), false);
}
// Bug 50241: can't process <?xml:namespace .../> properly. Strip <?xml ...> tag first.
$msgPart = preg_replace("/<\\?xml[^>]*>/", "", $msgPart);
return SugarCleaner::cleanHtml($msgPart, false);
}
function handleCreateCase($email, $userId)
{
global $current_user, $mod_strings, $current_language;
$mod_strings = return_module_language($current_language, "Emails");
$GLOBALS['log']->debug('In handleCreateCase in AOPInboundEmail');
$c = new aCase();
$this->getCaseIdFromCaseNumber($email->name, $c);
if (!$this->handleCaseAssignment($email) && $this->isMailBoxTypeCreateCase()) {
// create a case
$GLOBALS['log']->debug('retrieveing email');
$email->retrieve($email->id);
$c = new aCase();
$notes = $email->get_linked_beans('notes', 'Notes');
$noteIds = array();
foreach ($notes as $note) {
$noteIds[] = $note->id;
}
if ($email->description_html) {
$c->description = $this->processImageLinks(SugarCleaner::cleanHtml($email->description_html), $noteIds);
} else {
$c->description = $email->description;
}
$c->assigned_user_id = $userId;
$c->name = $email->name;
$c->status = 'New';
$c->priority = 'P1';
if (!empty($email->reply_to_email)) {
$contactAddr = $email->reply_to_email;
} else {
$contactAddr = $email->from_addr;
}
$GLOBALS['log']->debug('finding related accounts with address ' . $contactAddr);
if ($accountIds = $this->getRelatedId($contactAddr, 'accounts')) {
if (sizeof($accountIds) == 1) {
$c->account_id = $accountIds[0];
$acct = new Account();
$acct->retrieve($c->account_id);
$c->account_name = $acct->name;
}
// if
}
// if
$contactIds = $this->getRelatedId($contactAddr, 'contacts');
if (!empty($contactIds)) {
$c->contact_created_by_id = $contactIds[0];
}
$c->save(true);
$caseId = $c->id;
$c = new aCase();
$c->retrieve($caseId);
if ($c->load_relationship('emails')) {
$c->emails->add($email->id);
}
// if
if (!empty($contactIds) && $c->load_relationship('contacts')) {
if (!$accountIds && count($contactIds) == 1) {
$contact = BeanFactory::getBean('Contacts', $contactIds[0]);
if ($contact->load_relationship('accounts')) {
$acct = $contact->accounts->get();
if ($c->load_relationship('accounts') && !empty($acct[0])) {
$c->accounts->add($acct[0]);
}
}
}
$c->contacts->add($contactIds);
}
// if
foreach ($notes as $note) {
//Link notes to case also
$newNote = BeanFactory::newBean('Notes');
$newNote->name = $note->name;
$newNote->file_mime_type = $note->file_mime_type;
$newNote->filename = $note->filename;
$newNote->parent_type = 'Cases';
$newNote->parent_id = $c->id;
$newNote->save();
$srcFile = "upload://{$note->id}";
$destFile = "upload://{$newNote->id}";
copy($srcFile, $destFile);
}
$c->email_id = $email->id;
$email->parent_type = "Cases";
$email->parent_id = $caseId;
// assign the email to the case owner
$email->assigned_user_id = $c->assigned_user_id;
$email->name = str_replace('%1', $c->case_number, $c->getEmailSubjectMacro()) . " " . $email->name;
$email->save();
$GLOBALS['log']->debug('InboundEmail created one case with number: ' . $c->case_number);
$createCaseTemplateId = $this->get_stored_options('create_case_email_template', "");
if (!empty($this->stored_options)) {
$storedOptions = unserialize(base64_decode($this->stored_options));
}
if (!empty($createCaseTemplateId)) {
$fromName = "";
$fromAddress = "";
if (!empty($this->stored_options)) {
$fromAddress = $storedOptions['from_addr'];
$fromName = from_html($storedOptions['from_name']);
$replyToName = !empty($storedOptions['reply_to_name']) ? from_html($storedOptions['reply_to_name']) : $fromName;
$replyToAddr = !empty($storedOptions['reply_to_addr']) ? $storedOptions['reply_to_addr'] : $fromAddress;
}
// if
$defaults = $current_user->getPreferredEmail();
$fromAddress = !empty($fromAddress) ? $fromAddress : $defaults['email'];
$fromName = !empty($fromName) ? $fromName : $defaults['name'];
$to[0]['email'] = $contactAddr;
// handle to name: address, prefer reply-to
if (!empty($email->reply_to_name)) {
$to[0]['display'] = $email->reply_to_name;
} elseif (!empty($email->from_name)) {
$to[0]['display'] = $email->from_name;
}
$et = new EmailTemplate();
$et->retrieve($createCaseTemplateId);
if (empty($et->subject)) {
$et->subject = '';
}
if (empty($et->body)) {
$et->body = '';
}
if (empty($et->body_html)) {
$et->body_html = '';
}
$et->subject = "Re:" . " " . str_replace('%1', $c->case_number, $c->getEmailSubjectMacro() . " " . $c->name);
$html = trim($email->description_html);
$plain = trim($email->description);
$email->email2init();
$email->from_addr = $email->from_addr_name;
$email->to_addrs = $email->to_addrs_names;
$email->cc_addrs = $email->cc_addrs_names;
$email->bcc_addrs = $email->bcc_addrs_names;
$email->from_name = $email->from_addr;
$email = $email->et->handleReplyType($email, "reply");
$ret = $email->et->displayComposeEmail($email);
$ret['description'] = empty($email->description_html) ? str_replace("\n", "\n<BR/>", $email->description) : $email->description_html;
$reply = new Email();
$reply->type = 'out';
$reply->to_addrs = $to[0]['email'];
$reply->to_addrs_arr = $to;
$reply->cc_addrs_arr = array();
$reply->bcc_addrs_arr = array();
$reply->from_name = $fromName;
$reply->from_addr = $fromAddress;
$reply->reply_to_name = $replyToName;
$reply->reply_to_addr = $replyToAddr;
$reply->name = $et->subject;
$reply->description = $et->body . "<div><hr /></div>" . $email->description;
if (!$et->text_only) {
$reply->description_html = $et->body_html . "<div><hr /></div>" . $email->description;
}
$GLOBALS['log']->debug('saving and sending auto-reply email');
//$reply->save(); // don't save the actual email.
$reply->send();
}
// if
} else {
echo "First if not matching\n";
if (!empty($email->reply_to_email)) {
$contactAddr = $email->reply_to_email;
} else {
$contactAddr = $email->from_addr;
}
$this->handleAutoresponse($email, $contactAddr);
}
echo "End of handle create case\n";
}
/**
* Used to save text on textarea blur. Accessed via Home/CallMethodDashlet.php
* This is an example of how to to call a custom method via ajax
*/
function saveText()
{
$json = getJSONobj();
if (isset($_REQUEST['savedText'])) {
$optionsArray = $this->loadOptions();
$optionsArray['savedText'] = $json->decode(html_entity_decode($_REQUEST['savedText']));
$optionsArray['savedText'] = SugarCleaner::cleanHtml(nl2br($optionsArray['savedText']));
$this->storeOptions($optionsArray);
} else {
$optionsArray['savedText'] = '';
}
echo 'result = ' . $json->encode(array('id' => $_REQUEST['id'], 'savedText' => $optionsArray['savedText']));
}
/**
* @dataProvider getUrls
* @param string $url
*/
function testEmailCleanup($url)
{
$data = "Test: <img src=\"{$url}\">";
$res = str_replace("<img />", "", SugarCleaner::cleanHtml($data));
$this->assertNotContains("<img", $res);
}
/**
* Get cleaner instance
* @return SugarCleaner
*/
public static function getInstance()
{
if (is_null(self::$instance)) {
self::$instance = new self();
}
return self::$instance;
}
/**
* Takes in the request params from a save request and processes
* them for the save.
*
* @param REQUEST params $params
*/
function saveDropDown($params)
{
$count = 0;
$dropdown = array();
$dropdown_name = $params['dropdown_name'];
$selected_lang = !empty($params['dropdown_lang']) ? $params['dropdown_lang'] : $_SESSION['authenticated_user_language'];
$my_list_strings = return_app_list_strings_language($selected_lang);
while (isset($params['slot_' . $count])) {
$index = $params['slot_' . $count];
$key = isset($params['key_' . $index]) ? SugarCleaner::stripTags($params['key_' . $index]) : 'BLANK';
$value = isset($params['value_' . $index]) ? SugarCleaner::stripTags($params['value_' . $index]) : '';
if ($key == 'BLANK') {
$key = '';
}
$key = trim($key);
$value = trim($value);
if (empty($params['delete_' . $index])) {
$dropdown[$key] = $value;
}
$count++;
}
if ($selected_lang == $GLOBALS['current_language']) {
$GLOBALS['app_list_strings'][$dropdown_name] = $dropdown;
}
$contents = return_custom_app_list_strings_file_contents($selected_lang);
//get rid of closing tags they are not needed and are just trouble
$contents = str_replace("?>", '', $contents);
if (empty($contents)) {
$contents = "<?php";
}
//add new drop down to the bottom
if (!empty($params['use_push'])) {
//this is for handling moduleList and such where nothing should be deleted or anything but they can be renamed
foreach ($dropdown as $key => $value) {
//only if the value has changed or does not exist do we want to add it this way
if (!isset($my_list_strings[$dropdown_name][$key]) || strcmp($my_list_strings[$dropdown_name][$key], $value) != 0) {
//clear out the old value
$pattern_match = '/\\s*\\$app_list_strings\\s*\\[\\s*\'' . $dropdown_name . '\'\\s*\\]\\[\\s*\'' . $key . '\'\\s*\\]\\s*=\\s*[\'\\"]{1}.*?[\'\\"]{1};\\s*/ism';
$contents = preg_replace($pattern_match, "\n", $contents);
//add the new ones
$contents .= "\n\$app_list_strings['{$dropdown_name}']['{$key}']=" . var_export_helper($value) . ";";
}
}
} else {
//clear out the old value
$pattern_match = '/\\s*\\$app_list_strings\\s*\\[\\s*\'' . $dropdown_name . '\'\\s*\\]\\s*=\\s*array\\s*\\([^\\)]*\\)\\s*;\\s*/ism';
$contents = preg_replace($pattern_match, "\n", $contents);
//add the new ones
$contents .= "\n\$app_list_strings['{$dropdown_name}']=" . var_export_helper($dropdown) . ";";
}
// Bug 40234 - If we have no contents, we don't write the file. Checking for "<?php" because above it's set to that if empty
if ($contents != "<?php") {
save_custom_app_list_strings_contents($contents, $selected_lang);
sugar_cache_reset();
}
// Bug38011
$repairAndClear = new RepairAndClear();
$repairAndClear->module_list = array(translate('LBL_ALL_MODULES'));
$repairAndClear->show_output = false;
$repairAndClear->clearJsLangFiles();
// ~~~~~~~~
}
/**
* Cleans char, varchar, text, etc. fields of XSS type materials
*/
function cleanBean()
{
foreach ($this->field_defs as $key => $def) {
if (isset($def['type'])) {
$type = $def['type'];
}
if (isset($def['dbType'])) {
$type .= $def['dbType'];
}
if ($def['type'] == 'html' || $def['type'] == 'longhtml') {
$this->{$key} = SugarCleaner::cleanHtml($this->{$key}, true);
} elseif ((strpos($type, 'char') !== false || strpos($type, 'text') !== false || $type == 'enum') && !empty($this->{$key}) && strpos($type, 'json') === false) {
if (!defined('ENTRY_POINT_TYPE') || constant('ENTRY_POINT_TYPE') != 'api') {
// for API, text fields are not cleaned, only HTML fields are
// since text fields supposed to be encoded by HBS templates when displaying
$this->{$key} = SugarCleaner::cleanHtml($this->{$key});
}
}
}
}
/**
* Takes in the request params from a save request and processes
* them for the save.
*
* @param REQUEST params $params
*/
function saveDropDown($params)
{
require_once 'modules/Administration/Common.php';
$emptyMarker = translate('LBL_BLANK');
$selected_lang = !empty($params['dropdown_lang']) ? $params['dropdown_lang'] : $_SESSION['authenticated_user_language'];
$type = $_REQUEST['view_package'];
$dir = '';
$dropdown_name = $params['dropdown_name'];
$json = getJSONobj();
$list_value = str_replace('"":""', '"__empty__":""', $params['list_value']);
//Bug 21362 ENT_QUOTES- convert single quotes to escaped single quotes.
$temp = $json->decode(html_entity_decode(rawurldecode($list_value), ENT_QUOTES));
$dropdown = array();
// dropdown is received as an array of (name,value) pairs - now extract to name=>value format preserving order
// we rely here on PHP to preserve the order of the received name=>value pairs - associative arrays in PHP are ordered
if (is_array($temp)) {
foreach ($temp as $item) {
$dropdown[SugarCleaner::stripTags(from_html($item[0]), false)] = SugarCleaner::stripTags(from_html($item[1]), false);
}
}
if (array_key_exists($emptyMarker, $dropdown)) {
$output = array();
foreach ($dropdown as $key => $value) {
if ($emptyMarker === $key) {
$output[''] = '';
} else {
$output[$key] = $value;
}
}
$dropdown = $output;
}
if ($type != 'studio') {
$mb = new ModuleBuilder();
$module = $mb->getPackageModule($params['view_package'], $params['view_module']);
$this->synchMBDropDown($dropdown_name, $dropdown, $selected_lang, $module);
//Can't use synch on selected lang as we want to overwrite values, not just keys
$module->mblanguage->appListStrings[$selected_lang . '.lang.php'][$dropdown_name] = $dropdown;
$module->mblanguage->save($module->key_name);
// tyoung - key is required parameter as of
} else {
$contents = return_custom_app_list_strings_file_contents($selected_lang);
$my_list_strings = return_app_list_strings_language($selected_lang);
if ($selected_lang == $GLOBALS['current_language']) {
$GLOBALS['app_list_strings'][$dropdown_name] = $dropdown;
}
//write to contents
$contents = str_replace("?>", '', $contents);
if (empty($contents)) {
$contents = "<?php";
}
//add new drop down to the bottom
if (!empty($params['use_push'])) {
//this is for handling moduleList and such where nothing should be deleted or anything but they can be renamed
foreach ($dropdown as $key => $value) {
//only if the value has changed or does not exist do we want to add it this way
if (!isset($my_list_strings[$dropdown_name][$key]) || strcmp($my_list_strings[$dropdown_name][$key], $value) != 0) {
//clear out the old value
$pattern_match = '/\\s*\\$app_list_strings\\s*\\[\\s*\'' . $dropdown_name . '\'\\s*\\]\\[\\s*\'' . $key . '\'\\s*\\]\\s*=\\s*[\'\\"]{1}.*?[\'\\"]{1};\\s*/ism';
$contents = preg_replace($pattern_match, "\n", $contents);
//add the new ones
$contents .= "\n\$GLOBALS['app_list_strings']['{$dropdown_name}']['{$key}']=" . var_export_helper($value) . ";";
}
}
} else {
//Now synch up the keys in other langauges to ensure that removed/added Drop down values work properly under all langs.
$this->synchDropDown($dropdown_name, $dropdown, $selected_lang, $dir);
$contents = $this->getNewCustomContents($dropdown_name, $dropdown, $selected_lang);
}
if (!empty($dir) && !is_dir($dir)) {
$continue = mkdir_recursive($dir);
}
save_custom_app_list_strings_contents($contents, $selected_lang, $dir);
}
sugar_cache_reset();
clearAllJsAndJsLangFilesWithoutOutput();
}
