function testEmailCleanup() { $inStr = <<<EOS <head> <style><!-- .hmmessage P { margin:0px; padding:0px } body.hmmessage { font-size: 10pt; font-family:Tahoma } --></style></head> <body class='hmmessage'><div dir='ltr'> <SPAN style="FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt">hello, <o:p></o:p></SPAN><BR> <SPAN style="FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt">i recently got Batman Arkham City and tried to get catwoman as an add-on character but when i put the code in it said that my code had already been used. <o:p></o:p></SPAN><BR> <SPAN style="FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt">what can i do, so that i can play catwoman?<o:p></o:p></SPAN><BR> <BR> </div></body> </html> EOS; $outStr = <<<EOS <div dir="ltr"> <span style="font-family:Tahoma, 'sans-serif';font-size:10pt;">hello, </span><p></p><br /><span style="font-family:Tahoma, 'sans-serif';font-size:10pt;">i recently got Batman Arkham City and tried to get catwoman as an add-on character but when i put the code in it said that my code had already been used. </span><p></p><br /><span style="font-family:Tahoma, 'sans-serif';font-size:10pt;">what can i do, so that i can play catwoman?</span><p></p><br /><br /></div> EOS; $actual = SugarCleaner::cleanHtml($inStr); // Normalize the line endings - Bug #51227 $outStr = str_replace("\r\n", "\n", $outStr); $actual = str_replace("\r\n", "\n", $actual); $this->assertEquals(trim($outStr), trim($actual)); }
/** * Takes in the request params from a save request and processes * them for the save. * @param REQUEST $params Labels as "label_".System label => Display label pairs * @param string $language Language key, for example 'en_us' */ function handleSave($params, $language) { $labels = array(); foreach ($params as $key => $value) { if (preg_match('/^label_/', $key) && strcmp($value, 'no_change') != 0) { $labels[strtoupper(substr($key, 6))] = SugarCleaner::cleanHtml(from_html($value), false); } } if (!empty($this->packageName)) { return self::addLabels($language, $labels, $this->moduleName, "custom/modulebuilder/packages/{$this->packageName}/modules/{$this->moduleName}/language"); } else { $addLabelsResult = true; $addExtLabelsResult = true; $extLabels = array(); $extFile = "custom/modules/" . $this->moduleName . "/Ext/Language/" . $language . ".lang.ext.php"; if (is_file($extFile)) { include $extFile; foreach ($labels as $key => $value) { if (isset($mod_strings[$key])) { $extLabels[$key] = $value; unset($labels[$key]); } } } if (!empty($labels)) { $addLabelsResult = self::addLabels($language, $labels, $this->moduleName); } if (!empty($extLabels)) { $addExtLabelsResult = self::addLabels($language, $extLabels, $this->moduleName, null, true); } return $addLabelsResult && $addExtLabelsResult; } }
function save($df) { $this->ext3 = 'text'; // clean the field of any dangerous html tags like the script tag, etc $this->ext4 = SugarCleaner::cleanHtml($this->ext4, true); parent::save($df); }
/** * Saves the current comment. * @param boolean $check_notify * @return string|bool GUID of saved comment or false. */ public function save($check_notify = false) { //if a string convert to object if (is_string($this->data)) { $this->data = json_decode($this->data, true); } if (!empty($this->data['value'])) { $this->data['value'] = SugarCleaner::cleanHtml($this->data['value']); } if (!is_string($this->data)) { $this->data = json_encode($this->data); } $activity = BeanFactory::getBean('Activities', $this->parent_id); if (!empty($activity) && $activity->id) { $isNew = empty($this->id) || $this->new_with_id; if (parent::save($check_notify)) { if ($isNew) { $activity->addComment($this); $this->processCommentTags($activity); } return $this->id; } } return false; }
/** * @dataProvider getUrls * @param string $url */ function testEmailCleanup($url, $imgShouldBeRemoved) { $data = "Test: <img src=\"{$url}\">"; if ($imgShouldBeRemoved) { $res = str_replace("<img />", "", SugarCleaner::cleanHtml($data)); $this->assertNotContains("<img", $res); } else { $this->assertContains("<img", SugarCleaner::cleanHtml($data)); } }
/** * Takes in the request params from a save request and processes * them for the save. * @param REQUEST $params Labels as "label_".System label => Display label pairs * @param string $language Language key, for example 'en_us' */ function handleSave($params, $language) { $labels = array(); foreach ($params as $key => $value) { if (preg_match('/^label_/', $key) && strcmp($value, 'no_change') != 0) { $labels[strtoupper(substr($key, 6))] = SugarCleaner::cleanHtml(from_html($value), false); } } if (!empty($this->packageName)) { return self::addLabels($language, $labels, $this->moduleName, "custom/modulebuilder/packages/{$this->packageName}/modules/{$this->moduleName}/language"); } else { return self::addLabels($language, $labels, $this->moduleName); } }
function save($check_notify = false) { $this->name = SugarCleaner::cleanHtml($this->name); $this->description = SugarCleaner::cleanHtml($this->description); global $current_user, $sugar_config; parent::save($check_notify); $email_template = new EmailTemplate(); if ($_REQUEST['module'] == 'Import') { //Don't send email on import return; } if (!isAOPEnabled()) { return; } if ($this->internal) { return; } $signature = array(); $addDelimiter = true; $aop_config = $sugar_config['aop']; if ($this->assigned_user_id) { if ($aop_config['contact_email_template_id']) { $email_template = $email_template->retrieve($aop_config['contact_email_template_id']); $signature = $current_user->getDefaultSignature(); } if ($email_template) { foreach ($this->getContacts() as $contact) { $GLOBALS['log']->info("AOPCaseUpdates: Calling send email"); $emails = array(); $emails[] = $contact->emailAddress->getPrimaryAddress($contact); $res = $this->sendEmail($emails, $email_template, $signature, $this->case_id, $addDelimiter, $contact->id); } } } else { $emails = $this->getEmailForUser(); if ($aop_config['user_email_template_id']) { $email_template = $email_template->retrieve($aop_config['user_email_template_id']); } $addDelimiter = false; if ($emails && $email_template) { $GLOBALS['log']->info("AOPCaseUpdates: Calling send email"); $res = $this->sendEmail($emails, $email_template, $signature, $this->case_id, $addDelimiter, $this->contact_id); } } if ($emails && $email_template) { $GLOBALS['log']->info("AOPCaseUpdates: Calling send email"); $res = $this->sendEmail($emails, $email_template, $signature, $this->case_id, $addDelimiter); } }
function save($check_notify = false) { $this->name = SugarCleaner::cleanHtml($this->name); $this->description = SugarCleaner::cleanHtml($this->description); parent::save($check_notify); if (file_exists('custom/modules/AOP_Case_Updates/CaseUpdatesHook.php')) { require_once 'custom/modules/AOP_Case_Updates/CaseUpdatesHook.php'; } else { require_once 'modules/AOP_Case_Updates/CaseUpdatesHook.php'; } if (class_exists('CustomCaseUpdatesHook')) { $hook = new CustomCaseUpdatesHook(); } else { $hook = new CaseUpdatesHook(); } $hook->sendCaseUpdate($this); }
protected function clean($str) { return SugarCleaner::cleanHtml($str, false); }
/** * Determine which modules have been updated and return an array with the module name as the key * and the singular/plural entries as the value. * * @return array */ private function getChangedModules() { $count = 0; $allModuleEntries = array(); $results = array(); $params = $_REQUEST; $selected_lang = !empty($params['dropdown_lang']) ? $params['dropdown_lang'] : $_SESSION['authenticated_user_language']; $current_app_list_string = return_app_list_strings_language($selected_lang); while (isset($params['slot_' . $count])) { $index = $params['slot_' . $count]; $key = isset($params['key_' . $index]) ? SugarCleaner::stripTags($params['key_' . $index]) : 'BLANK'; $value = isset($params['value_' . $index]) ? SugarCleaner::stripTags($params['value_' . $index]) : ''; $svalue = isset($params['svalue_' . $index]) ? SugarCleaner::stripTags($params['svalue_' . $index]) : $value; if ($key == 'BLANK') { $key = ''; } $key = trim($key); $value = trim($value); $svalue = trim($svalue); //If the module key dne then do not continue with this rename. if (isset($current_app_list_string['moduleList'][$key])) { $allModuleEntries[$key] = array('s' => $svalue, 'p' => $value); } else { $_REQUEST['delete_' . $count] = TRUE; } $count++; } foreach ($allModuleEntries as $k => $e) { $svalue = $e['s']; $pvalue = $e['p']; $prev_plural = $current_app_list_string['moduleList'][$k]; $prev_singular = isset($current_app_list_string['moduleListSingular'][$k]) ? $current_app_list_string['moduleListSingular'][$k] : $prev_plural; if (strcmp($prev_plural, $pvalue) != 0 || strcmp($prev_singular, $svalue) != 0) { $results[$k] = array('singular' => $svalue, 'plural' => $pvalue, 'prev_singular' => $prev_singular, 'prev_plural' => $prev_plural, 'key_plural' => $k, 'key_singular' => $this->getModuleSingularKey($k)); } } return $results; }
function save($check_notify = false) { global $current_user; if ($this->isDuplicate) { $GLOBALS['log']->debug("EMAIL - tried to save a duplicate Email record"); } else { if (empty($this->id)) { $this->id = create_guid(); $this->new_with_id = true; } $this->from_addr_name = $this->cleanEmails($this->from_addr_name); $this->to_addrs_names = $this->cleanEmails($this->to_addrs_names); $this->cc_addrs_names = $this->cleanEmails($this->cc_addrs_names); $this->bcc_addrs_names = $this->cleanEmails($this->bcc_addrs_names); $this->reply_to_addr = $this->cleanEmails($this->reply_to_addr); $this->description = SugarCleaner::cleanHtml($this->description); $this->description_html = SugarCleaner::cleanHtml($this->description_html, true); $this->raw_source = SugarCleaner::cleanHtml($this->raw_source, true); $this->saveEmailText(); $this->saveEmailAddresses(); $GLOBALS['log']->debug('-------------------------------> Email called save()'); // handle legacy concatenation of date and time fields //Bug 39503 - SugarBean is not setting date_sent when seconds missing if (empty($this->date_sent)) { global $timedate; $date_sent_obj = $timedate->fromUser($timedate->merge_date_time($this->date_start, $this->time_start), $current_user); if (!empty($date_sent_obj) && $date_sent_obj instanceof SugarDateTime) { $this->date_sent = $date_sent_obj->asDb(); } } parent::save($check_notify); if (!empty($this->parent_type) && !empty($this->parent_id)) { if (!empty($this->fetched_row) && !empty($this->fetched_row['parent_id']) && !empty($this->fetched_row['parent_type'])) { if ($this->fetched_row['parent_id'] != $this->parent_id || $this->fetched_row['parent_type'] != $this->parent_type) { $mod = strtolower($this->fetched_row['parent_type']); $rel = array_key_exists($mod, $this->field_defs) ? $mod : $mod . "_activities_emails"; //Custom modules rel name if ($this->load_relationship($rel)) { $this->{$rel}->delete($this->id, $this->fetched_row['parent_id']); } } } $mod = strtolower($this->parent_type); $rel = array_key_exists($mod, $this->field_defs) ? $mod : $mod . "_activities_emails"; //Custom modules rel name if ($this->load_relationship($rel)) { $this->{$rel}->add($this->parent_id); } } } $GLOBALS['log']->debug('-------------------------------> Email save() done'); }
public function filterHTML($bean, $event, $arguments) { $bean->description = SugarCleaner::cleanHtml($bean->description, true); }
/** * Remove potential xss vectors from strings * @param string str String to search for XSS attack vectors * @deprecated * @return string */ function remove_xss($str) { return SugarCleaner::cleanHtml($str, false); }
/** * Cleans char, varchar, text, etc. fields of XSS type materials */ function cleanBean() { foreach ($this->field_defs as $key => $def) { if (isset($def['type'])) { $type = $def['type']; } if (isset($def['dbType'])) { $type .= $def['dbType']; } if ($def['type'] == 'html' || $def['type'] == 'longhtml') { $this->{$key} = SugarCleaner::cleanHtml($this->{$key}, true); } elseif ((strpos($type, 'char') !== false || strpos($type, 'text') !== false || $type == 'enum') && !empty($this->{$key})) { $this->{$key} = SugarCleaner::cleanHtml($this->{$key}); } } }
/** * Takes in the request params from a save request and processes * them for the save. * * @param REQUEST params $params */ function saveTabGroups($params) { //#30205 global $sugar_config; //Get the selected tab group language $grouptab_lang = !empty($params['grouptab_lang']) ? $params['grouptab_lang'] : $_SESSION['authenticated_user_language']; $tabGroups = array(); $selected_lang = !empty($params['dropdown_lang']) ? $params['dropdown_lang'] : $_SESSION['authenticated_user_language']; $slot_count = $params['slot_count']; $completedIndexes = array(); for ($count = 0; $count < $slot_count; $count++) { if ($params['delete_' . $count] == 1 || !isset($params['slot_' . $count])) { continue; } $index = $params['slot_' . $count]; if (isset($completedIndexes[$index])) { continue; } $labelID = !empty($params['tablabelid_' . $index]) ? $params['tablabelid_' . $index] : 'LBL_GROUPTAB' . $count . '_' . time(); $labelValue = SugarCleaner::stripTags(from_html($params['tablabel_' . $index]), false); $app_strings = return_application_language($grouptab_lang); if (empty($app_strings[$labelID]) || $app_strings[$labelID] != $labelValue) { $contents = return_custom_app_list_strings_file_contents($grouptab_lang); $new_contents = replace_or_add_app_string($labelID, $labelValue, $contents); save_custom_app_list_strings_contents($new_contents, $grouptab_lang); $languages = get_languages(); foreach ($languages as $language => $langlabel) { if ($grouptab_lang == $language) { continue; } $app_strings = return_application_language($language); if (!isset($app_strings[$labelID])) { $contents = return_custom_app_list_strings_file_contents($language); $new_contents = replace_or_add_app_string($labelID, $labelValue, $contents); save_custom_app_list_strings_contents($new_contents, $language); } } $app_strings[$labelID] = $labelValue; } $tabGroups[$labelID] = array('label' => $labelID); $tabGroups[$labelID]['modules'] = array(); for ($subcount = 0; isset($params[$index . '_' . $subcount]); $subcount++) { $tabGroups[$labelID]['modules'][] = $params[$index . '_' . $subcount]; } $completedIndexes[$index] = true; } // Force a rebuild of the app language global $current_user; include get_custom_file_if_exists('modules/Administration/RebuildJSLang.php'); sugar_cache_clear('app_strings.' . $grouptab_lang); $newFile = create_custom_directory('include/tabConfig.php'); write_array_to_file("GLOBALS['tabStructure']", $tabGroups, $newFile); $GLOBALS['tabStructure'] = $tabGroups; }
function savePageTitle() { global $current_user; $pages = $current_user->getPreference('pages', $this->type); $json = getJSONobj(); $newPageName = $json->decode(html_entity_decode($_REQUEST['newPageTitle'])); $pages[$_REQUEST['pageId']]['pageTitle'] = SugarCleaner::stripTags(from_html($newPageName), false); $current_user->setPreference('pages', $pages, 0, $this->type); return to_html($pages[$_REQUEST['pageId']]['pageTitle'], ENT_QUOTES); }
/** * Gets all modules from the request. This is used to build the singular * module list for changes so that the entire list is set properly into the * global array after save. This is also used to get all changed modules. * * @return array */ protected function getAllModulesFromRequest() { // We really only want to get this once if (!empty($this->requestModules)) { return $this->requestModules; } global $locale; $count = 0; $allModuleEntries = array(); $results = array(); $params = $_REQUEST; if (!empty($_REQUEST['dropdown_lang'])) { $selected_lang = $_REQUEST['dropdown_lang']; } else { $selected_lang = $locale->getAuthenticatedUserLanguage(); } $current_app_list_string = return_app_list_strings_language($selected_lang); while (isset($params['slot_' . $count])) { $index = $params['slot_' . $count]; $key = isset($params['key_' . $index]) ? SugarCleaner::stripTags($params['key_' . $index]) : 'BLANK'; $value = isset($params['value_' . $index]) ? SugarCleaner::stripTags($params['value_' . $index]) : ''; $svalue = isset($params['svalue_' . $index]) ? SugarCleaner::stripTags($params['svalue_' . $index]) : $value; if ($key == 'BLANK') { $key = ''; } $key = trim($key); $value = trim($value); $svalue = trim($svalue); //If the module key dne then do not continue with this rename. if (isset($current_app_list_string['moduleList'][$key])) { $allModuleEntries[$key] = array('s' => $svalue, 'p' => $value); } else { $_REQUEST['delete_' . $count] = true; } $count++; } foreach ($allModuleEntries as $k => $e) { $svalue = $e['s']; $pvalue = $e['p']; $prev_plural = $current_app_list_string['moduleList'][$k]; $prev_singular = isset($current_app_list_string['moduleListSingular'][$k]) ? $current_app_list_string['moduleListSingular'][$k] : $prev_plural; $results[$k] = array('singular' => $svalue, 'plural' => $pvalue, 'prev_singular' => $prev_singular, 'prev_plural' => $prev_plural, 'key_plural' => $k, 'key_singular' => $this->getModuleSingularKey($k), 'changed' => strcmp($prev_plural, $pvalue) != 0 || strcmp($prev_singular, $svalue) != 0); } $this->requestModules = $results; return $results; }
/** * @dataProvider getData * @param string $url */ function testEmailCleanup($data, $res) { $this->assertEquals($res, SugarCleaner::cleanHtml($data)); }
/** * Takes in the request params from a save request and processes * them for the save. * * @param REQUEST params $params */ public function saveDropDown($params) { global $locale; $emptyMarker = translate('LBL_BLANK'); if (!empty($_REQUEST['dropdown_lang'])) { $selected_lang = $_REQUEST['dropdown_lang']; } else { $selected_lang = $locale->getAuthenticatedUserLanguage(); } $type = $_REQUEST['view_package']; $dropdown_name = $params['dropdown_name']; $json = getJSONobj(); $list_value = str_replace('"":""', '"__empty__":""', $params['list_value']); //Bug 21362 ENT_QUOTES- convert single quotes to escaped single quotes. $temp = $json->decode(html_entity_decode(rawurldecode($list_value), ENT_QUOTES)); $dropdown = array(); // dropdown is received as an array of (name,value) pairs - now extract to name=>value format preserving order // we rely here on PHP to preserve the order of the received name=>value pairs - associative arrays in PHP are ordered if (is_array($temp)) { foreach ($temp as $item) { $dropdown[SugarCleaner::stripTags(from_html($item[0]), false)] = SugarCleaner::stripTags(from_html($item[1]), false); } } if (array_key_exists($emptyMarker, $dropdown)) { $output = array(); foreach ($dropdown as $key => $value) { if ($emptyMarker === $key) { $output[''] = ''; } else { $output[$key] = $value; } } $dropdown = $output; } if ($type != 'studio') { $mb = new ModuleBuilder(); $module = $mb->getPackageModule($params['view_package'], $params['view_module']); $this->synchMBDropDown($dropdown_name, $dropdown, $selected_lang, $module); //Can't use synch on selected lang as we want to overwrite values, not just keys $module->mblanguage->appListStrings[$selected_lang . '.lang.php'][$dropdown_name] = $dropdown; $module->mblanguage->save($module->key_name, false, true); // tyoung - key is required parameter as of } else { $contents = return_custom_app_list_strings_file_contents($selected_lang); $my_list_strings = return_app_list_strings_language($selected_lang); if ($selected_lang == $GLOBALS['current_language']) { $GLOBALS['app_list_strings'][$dropdown_name] = $dropdown; } //write to contents $contents = str_replace("?>", '', $contents); if (empty($contents)) { $contents = "<?php"; } // Skip saveExemptDropdowns on upgrades if (empty($params['skipSaveExemptDropdowns'])) { $dropdown = $this->saveExemptDropdowns($dropdown, $dropdown_name, $my_list_strings, $selected_lang); } //add new drop down to the bottom if (!empty($params['use_push'])) { //this is for handling moduleList and such where nothing should be deleted or anything but they can be renamed $app_list_strings = array(); $filePath = $this->getExtensionFilePath($dropdown_name, $selected_lang); //Include the original extension to ensure any values sourced from it are kept. if (sugar_is_file($filePath)) { include $filePath; } foreach ($dropdown as $key => $value) { //only if the value has changed or does not exist do we want to add it this way if (!isset($my_list_strings[$dropdown_name][$key]) || strcmp($my_list_strings[$dropdown_name][$key], $value) != 0) { $app_list_strings[$dropdown_name][$key] = $value; } } //Now that we have all the values, save the overrides to the extension if (!empty($app_list_strings[$dropdown_name])) { $contents = "<?php\n //created: " . date('Y-m-d H:i:s') . "\n"; foreach ($app_list_strings[$dropdown_name] as $key => $value) { $contents .= "\n\$app_list_strings['{$dropdown_name}']['{$key}']=" . var_export_helper($value) . ";"; } $this->saveContents($dropdown_name, $contents, $selected_lang); } } else { if (empty($params['skip_sync'])) { // Now synch up the keys in other languages to ensure that removed/added // Drop down values work properly under all langs. // If skip_sync, we don't want to sync ALL languages $this->synchDropDown($dropdown_name, $dropdown, $selected_lang); } $contents = $this->getExtensionContents($dropdown_name, $dropdown); $this->saveContents($dropdown_name, $contents, $selected_lang); } } $this->finalize($selected_lang); }
function retrieve($id, $encoded = true, $deleted = true) { // cn: bug 11915, return SugarBean's retrieve() call bean instead of $this $ret = parent::retrieve($id, $encoded, $deleted); if ($ret) { $ret->retrieveEmailText(); $ret->raw_source = SugarCleaner::cleanHtml($ret->raw_source); $ret->description = to_html($ret->description); $ret->description_html = SugarCleaner::cleanHtml($ret->description_html); $ret->retrieveEmailAddresses(); $ret->date_start = ''; $ret->time_start = ''; $dateSent = explode(' ', $ret->date_sent); if (!empty($dateSent)) { $ret->date_start = $dateSent[0]; if (isset($dateSent[1])) { $ret->time_start = $dateSent[1]; } } // for Email 2.0 foreach ($ret as $k => $v) { $this->{$k} = $v; } } return $ret; }
/** * Processes the html with HtmlPurifier * * @param string $html * @return string */ protected function cleanHtml($html) { return SugarCleaner::cleanHtml($html); }
<?php if (!defined('sugarEntry') || !sugarEntry) { die('Not A Valid Entry Point'); } /* * Your installation or use of this SugarCRM file is subject to the applicable * terms available at * http://support.sugarcrm.com/06_Customer_Center/10_Master_Subscription_Agreements/. * If you do not agree to all of the applicable terms or do not have the * authority to bind the entity as an authorized representative, then do not * install or use this SugarCRM file. * * Copyright (C) SugarCRM Inc. All rights reserved. */ if (isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'show_raw') { if (!class_exists("Email")) { } $email = BeanFactory::getBean('Emails', $_REQUEST['metadata']); echo nl2br(SugarCleaner::cleanHtml($email->raw_source)); } else { require_once 'include/Popups/Popup_picker.php'; $popup = new Popup_Picker(); echo $popup->process_page(); }
/** * returns the HTML text part of a multi-part message * * @param int msgNo the relative message number for the monitored mailbox * @param string $type the type of text processed, either 'PLAIN' or 'HTML' * @return string UTF-8 encoded version of the requested message text */ function getMessageText($msgNo, $type, $structure, $fullHeader, $clean_email = true, $bcOffset = "") { global $sugar_config; $msgPart = ''; $bc = $this->buildBreadCrumbs($structure->parts, $type); //Add an offset if specified if (!empty($bcOffset)) { $bc = $this->addBreadCrumbOffset($bc, $bcOffset); } if (!empty($bc)) { // multi-part // HUGE difference between PLAIN and HTML if ($type == 'PLAIN') { $msgPart = $this->getMessageTextFromSingleMimePart($msgNo, $bc, $structure); } else { // get part of structure that will $msgPartRaw = ''; $bcArray = $this->buildBreadCrumbsHTML($structure->parts, $bcOffset); // construct inline HTML/Rich msg foreach ($bcArray as $bcArryKey => $bcArr) { foreach ($bcArr as $type => $bcTrail) { if ($type == 'html') { $msgPartRaw .= $this->getMessageTextFromSingleMimePart($msgNo, $bcTrail, $structure); } else { // deal with inline image $part = $this->getPartByPath($bcTrail, $structure->parts); if (empty($part) || empty($part->id)) { continue; } $partid = substr($part->id, 1, -1); // strip <> around if (isset($this->inlineImages[$partid])) { $imageName = $this->inlineImages[$partid]; $newImagePath = "class=\"image\" src=\"{$this->imagePrefix}{$imageName}\""; $preImagePath = "src=\"cid:{$partid}\""; $msgPartRaw = str_replace($preImagePath, $newImagePath, $msgPartRaw); } } } } $msgPart = $msgPartRaw; } } else { // either PLAIN message type (flowed) or b0rk3d RFC // make sure we're working on valid data here. if ($structure->subtype != $type) { return ''; } $decodedHeader = $this->decodeHeader($fullHeader); // now get actual body contents $text = imap_body($this->conn, $msgNo); $upperCaseKeyDecodeHeader = array(); if (is_array($decodedHeader)) { $upperCaseKeyDecodeHeader = array_change_key_case($decodedHeader, CASE_UPPER); } // if if (isset($upperCaseKeyDecodeHeader[strtoupper('Content-Transfer-Encoding')])) { $flip = array_flip($this->transferEncoding); $text = $this->handleTranserEncoding($text, $flip[strtoupper($upperCaseKeyDecodeHeader[strtoupper('Content-Transfer-Encoding')])]); } if (is_array($upperCaseKeyDecodeHeader['CONTENT-TYPE']) && isset($upperCaseKeyDecodeHeader['CONTENT-TYPE']['charset']) && !empty($upperCaseKeyDecodeHeader['CONTENT-TYPE']['charset'])) { // we have an explicit content type, use it $msgPart = $this->handleCharsetTranslation($text, $upperCaseKeyDecodeHeader['CONTENT-TYPE']['charset']); } else { // make a best guess as to what our content type is $msgPart = $this->convertToUtf8($text); } } // end else clause $msgPart = $this->customGetMessageText($msgPart); /* cn: bug 9176 - htmlEntitites hide XSS attacks. */ if ($type == 'PLAIN') { return SugarCleaner::cleanHtml(to_html($msgPart), false); } // Bug 50241: can't process <?xml:namespace .../> properly. Strip <?xml ...> tag first. $msgPart = preg_replace("/<\\?xml[^>]*>/", "", $msgPart); return SugarCleaner::cleanHtml($msgPart, false); }
function handleCreateCase($email, $userId) { global $current_user, $mod_strings, $current_language; $mod_strings = return_module_language($current_language, "Emails"); $GLOBALS['log']->debug('In handleCreateCase in AOPInboundEmail'); $c = new aCase(); $this->getCaseIdFromCaseNumber($email->name, $c); if (!$this->handleCaseAssignment($email) && $this->isMailBoxTypeCreateCase()) { // create a case $GLOBALS['log']->debug('retrieveing email'); $email->retrieve($email->id); $c = new aCase(); $notes = $email->get_linked_beans('notes', 'Notes'); $noteIds = array(); foreach ($notes as $note) { $noteIds[] = $note->id; } if ($email->description_html) { $c->description = $this->processImageLinks(SugarCleaner::cleanHtml($email->description_html), $noteIds); } else { $c->description = $email->description; } $c->assigned_user_id = $userId; $c->name = $email->name; $c->status = 'New'; $c->priority = 'P1'; if (!empty($email->reply_to_email)) { $contactAddr = $email->reply_to_email; } else { $contactAddr = $email->from_addr; } $GLOBALS['log']->debug('finding related accounts with address ' . $contactAddr); if ($accountIds = $this->getRelatedId($contactAddr, 'accounts')) { if (sizeof($accountIds) == 1) { $c->account_id = $accountIds[0]; $acct = new Account(); $acct->retrieve($c->account_id); $c->account_name = $acct->name; } // if } // if $contactIds = $this->getRelatedId($contactAddr, 'contacts'); if (!empty($contactIds)) { $c->contact_created_by_id = $contactIds[0]; } $c->save(true); $caseId = $c->id; $c = new aCase(); $c->retrieve($caseId); if ($c->load_relationship('emails')) { $c->emails->add($email->id); } // if if (!empty($contactIds) && $c->load_relationship('contacts')) { if (!$accountIds && count($contactIds) == 1) { $contact = BeanFactory::getBean('Contacts', $contactIds[0]); if ($contact->load_relationship('accounts')) { $acct = $contact->accounts->get(); if ($c->load_relationship('accounts') && !empty($acct[0])) { $c->accounts->add($acct[0]); } } } $c->contacts->add($contactIds); } // if foreach ($notes as $note) { //Link notes to case also $newNote = BeanFactory::newBean('Notes'); $newNote->name = $note->name; $newNote->file_mime_type = $note->file_mime_type; $newNote->filename = $note->filename; $newNote->parent_type = 'Cases'; $newNote->parent_id = $c->id; $newNote->save(); $srcFile = "upload://{$note->id}"; $destFile = "upload://{$newNote->id}"; copy($srcFile, $destFile); } $c->email_id = $email->id; $email->parent_type = "Cases"; $email->parent_id = $caseId; // assign the email to the case owner $email->assigned_user_id = $c->assigned_user_id; $email->name = str_replace('%1', $c->case_number, $c->getEmailSubjectMacro()) . " " . $email->name; $email->save(); $GLOBALS['log']->debug('InboundEmail created one case with number: ' . $c->case_number); $createCaseTemplateId = $this->get_stored_options('create_case_email_template', ""); if (!empty($this->stored_options)) { $storedOptions = unserialize(base64_decode($this->stored_options)); } if (!empty($createCaseTemplateId)) { $fromName = ""; $fromAddress = ""; if (!empty($this->stored_options)) { $fromAddress = $storedOptions['from_addr']; $fromName = from_html($storedOptions['from_name']); $replyToName = !empty($storedOptions['reply_to_name']) ? from_html($storedOptions['reply_to_name']) : $fromName; $replyToAddr = !empty($storedOptions['reply_to_addr']) ? $storedOptions['reply_to_addr'] : $fromAddress; } // if $defaults = $current_user->getPreferredEmail(); $fromAddress = !empty($fromAddress) ? $fromAddress : $defaults['email']; $fromName = !empty($fromName) ? $fromName : $defaults['name']; $to[0]['email'] = $contactAddr; // handle to name: address, prefer reply-to if (!empty($email->reply_to_name)) { $to[0]['display'] = $email->reply_to_name; } elseif (!empty($email->from_name)) { $to[0]['display'] = $email->from_name; } $et = new EmailTemplate(); $et->retrieve($createCaseTemplateId); if (empty($et->subject)) { $et->subject = ''; } if (empty($et->body)) { $et->body = ''; } if (empty($et->body_html)) { $et->body_html = ''; } $et->subject = "Re:" . " " . str_replace('%1', $c->case_number, $c->getEmailSubjectMacro() . " " . $c->name); $html = trim($email->description_html); $plain = trim($email->description); $email->email2init(); $email->from_addr = $email->from_addr_name; $email->to_addrs = $email->to_addrs_names; $email->cc_addrs = $email->cc_addrs_names; $email->bcc_addrs = $email->bcc_addrs_names; $email->from_name = $email->from_addr; $email = $email->et->handleReplyType($email, "reply"); $ret = $email->et->displayComposeEmail($email); $ret['description'] = empty($email->description_html) ? str_replace("\n", "\n<BR/>", $email->description) : $email->description_html; $reply = new Email(); $reply->type = 'out'; $reply->to_addrs = $to[0]['email']; $reply->to_addrs_arr = $to; $reply->cc_addrs_arr = array(); $reply->bcc_addrs_arr = array(); $reply->from_name = $fromName; $reply->from_addr = $fromAddress; $reply->reply_to_name = $replyToName; $reply->reply_to_addr = $replyToAddr; $reply->name = $et->subject; $reply->description = $et->body . "<div><hr /></div>" . $email->description; if (!$et->text_only) { $reply->description_html = $et->body_html . "<div><hr /></div>" . $email->description; } $GLOBALS['log']->debug('saving and sending auto-reply email'); //$reply->save(); // don't save the actual email. $reply->send(); } // if } else { echo "First if not matching\n"; if (!empty($email->reply_to_email)) { $contactAddr = $email->reply_to_email; } else { $contactAddr = $email->from_addr; } $this->handleAutoresponse($email, $contactAddr); } echo "End of handle create case\n"; }
/** * Used to save text on textarea blur. Accessed via Home/CallMethodDashlet.php * This is an example of how to to call a custom method via ajax */ function saveText() { $json = getJSONobj(); if (isset($_REQUEST['savedText'])) { $optionsArray = $this->loadOptions(); $optionsArray['savedText'] = $json->decode(html_entity_decode($_REQUEST['savedText'])); $optionsArray['savedText'] = SugarCleaner::cleanHtml(nl2br($optionsArray['savedText'])); $this->storeOptions($optionsArray); } else { $optionsArray['savedText'] = ''; } echo 'result = ' . $json->encode(array('id' => $_REQUEST['id'], 'savedText' => $optionsArray['savedText'])); }
/** * @dataProvider getUrls * @param string $url */ function testEmailCleanup($url) { $data = "Test: <img src=\"{$url}\">"; $res = str_replace("<img />", "", SugarCleaner::cleanHtml($data)); $this->assertNotContains("<img", $res); }
/** * Get cleaner instance * @return SugarCleaner */ public static function getInstance() { if (is_null(self::$instance)) { self::$instance = new self(); } return self::$instance; }
/** * Takes in the request params from a save request and processes * them for the save. * * @param REQUEST params $params */ function saveDropDown($params) { $count = 0; $dropdown = array(); $dropdown_name = $params['dropdown_name']; $selected_lang = !empty($params['dropdown_lang']) ? $params['dropdown_lang'] : $_SESSION['authenticated_user_language']; $my_list_strings = return_app_list_strings_language($selected_lang); while (isset($params['slot_' . $count])) { $index = $params['slot_' . $count]; $key = isset($params['key_' . $index]) ? SugarCleaner::stripTags($params['key_' . $index]) : 'BLANK'; $value = isset($params['value_' . $index]) ? SugarCleaner::stripTags($params['value_' . $index]) : ''; if ($key == 'BLANK') { $key = ''; } $key = trim($key); $value = trim($value); if (empty($params['delete_' . $index])) { $dropdown[$key] = $value; } $count++; } if ($selected_lang == $GLOBALS['current_language']) { $GLOBALS['app_list_strings'][$dropdown_name] = $dropdown; } $contents = return_custom_app_list_strings_file_contents($selected_lang); //get rid of closing tags they are not needed and are just trouble $contents = str_replace("?>", '', $contents); if (empty($contents)) { $contents = "<?php"; } //add new drop down to the bottom if (!empty($params['use_push'])) { //this is for handling moduleList and such where nothing should be deleted or anything but they can be renamed foreach ($dropdown as $key => $value) { //only if the value has changed or does not exist do we want to add it this way if (!isset($my_list_strings[$dropdown_name][$key]) || strcmp($my_list_strings[$dropdown_name][$key], $value) != 0) { //clear out the old value $pattern_match = '/\\s*\\$app_list_strings\\s*\\[\\s*\'' . $dropdown_name . '\'\\s*\\]\\[\\s*\'' . $key . '\'\\s*\\]\\s*=\\s*[\'\\"]{1}.*?[\'\\"]{1};\\s*/ism'; $contents = preg_replace($pattern_match, "\n", $contents); //add the new ones $contents .= "\n\$app_list_strings['{$dropdown_name}']['{$key}']=" . var_export_helper($value) . ";"; } } } else { //clear out the old value $pattern_match = '/\\s*\\$app_list_strings\\s*\\[\\s*\'' . $dropdown_name . '\'\\s*\\]\\s*=\\s*array\\s*\\([^\\)]*\\)\\s*;\\s*/ism'; $contents = preg_replace($pattern_match, "\n", $contents); //add the new ones $contents .= "\n\$app_list_strings['{$dropdown_name}']=" . var_export_helper($dropdown) . ";"; } // Bug 40234 - If we have no contents, we don't write the file. Checking for "<?php" because above it's set to that if empty if ($contents != "<?php") { save_custom_app_list_strings_contents($contents, $selected_lang); sugar_cache_reset(); } // Bug38011 $repairAndClear = new RepairAndClear(); $repairAndClear->module_list = array(translate('LBL_ALL_MODULES')); $repairAndClear->show_output = false; $repairAndClear->clearJsLangFiles(); // ~~~~~~~~ }
/** * Cleans char, varchar, text, etc. fields of XSS type materials */ function cleanBean() { foreach ($this->field_defs as $key => $def) { if (isset($def['type'])) { $type = $def['type']; } if (isset($def['dbType'])) { $type .= $def['dbType']; } if ($def['type'] == 'html' || $def['type'] == 'longhtml') { $this->{$key} = SugarCleaner::cleanHtml($this->{$key}, true); } elseif ((strpos($type, 'char') !== false || strpos($type, 'text') !== false || $type == 'enum') && !empty($this->{$key}) && strpos($type, 'json') === false) { if (!defined('ENTRY_POINT_TYPE') || constant('ENTRY_POINT_TYPE') != 'api') { // for API, text fields are not cleaned, only HTML fields are // since text fields supposed to be encoded by HBS templates when displaying $this->{$key} = SugarCleaner::cleanHtml($this->{$key}); } } } }
/** * Takes in the request params from a save request and processes * them for the save. * * @param REQUEST params $params */ function saveDropDown($params) { require_once 'modules/Administration/Common.php'; $emptyMarker = translate('LBL_BLANK'); $selected_lang = !empty($params['dropdown_lang']) ? $params['dropdown_lang'] : $_SESSION['authenticated_user_language']; $type = $_REQUEST['view_package']; $dir = ''; $dropdown_name = $params['dropdown_name']; $json = getJSONobj(); $list_value = str_replace('"":""', '"__empty__":""', $params['list_value']); //Bug 21362 ENT_QUOTES- convert single quotes to escaped single quotes. $temp = $json->decode(html_entity_decode(rawurldecode($list_value), ENT_QUOTES)); $dropdown = array(); // dropdown is received as an array of (name,value) pairs - now extract to name=>value format preserving order // we rely here on PHP to preserve the order of the received name=>value pairs - associative arrays in PHP are ordered if (is_array($temp)) { foreach ($temp as $item) { $dropdown[SugarCleaner::stripTags(from_html($item[0]), false)] = SugarCleaner::stripTags(from_html($item[1]), false); } } if (array_key_exists($emptyMarker, $dropdown)) { $output = array(); foreach ($dropdown as $key => $value) { if ($emptyMarker === $key) { $output[''] = ''; } else { $output[$key] = $value; } } $dropdown = $output; } if ($type != 'studio') { $mb = new ModuleBuilder(); $module = $mb->getPackageModule($params['view_package'], $params['view_module']); $this->synchMBDropDown($dropdown_name, $dropdown, $selected_lang, $module); //Can't use synch on selected lang as we want to overwrite values, not just keys $module->mblanguage->appListStrings[$selected_lang . '.lang.php'][$dropdown_name] = $dropdown; $module->mblanguage->save($module->key_name); // tyoung - key is required parameter as of } else { $contents = return_custom_app_list_strings_file_contents($selected_lang); $my_list_strings = return_app_list_strings_language($selected_lang); if ($selected_lang == $GLOBALS['current_language']) { $GLOBALS['app_list_strings'][$dropdown_name] = $dropdown; } //write to contents $contents = str_replace("?>", '', $contents); if (empty($contents)) { $contents = "<?php"; } //add new drop down to the bottom if (!empty($params['use_push'])) { //this is for handling moduleList and such where nothing should be deleted or anything but they can be renamed foreach ($dropdown as $key => $value) { //only if the value has changed or does not exist do we want to add it this way if (!isset($my_list_strings[$dropdown_name][$key]) || strcmp($my_list_strings[$dropdown_name][$key], $value) != 0) { //clear out the old value $pattern_match = '/\\s*\\$app_list_strings\\s*\\[\\s*\'' . $dropdown_name . '\'\\s*\\]\\[\\s*\'' . $key . '\'\\s*\\]\\s*=\\s*[\'\\"]{1}.*?[\'\\"]{1};\\s*/ism'; $contents = preg_replace($pattern_match, "\n", $contents); //add the new ones $contents .= "\n\$GLOBALS['app_list_strings']['{$dropdown_name}']['{$key}']=" . var_export_helper($value) . ";"; } } } else { //Now synch up the keys in other langauges to ensure that removed/added Drop down values work properly under all langs. $this->synchDropDown($dropdown_name, $dropdown, $selected_lang, $dir); $contents = $this->getNewCustomContents($dropdown_name, $dropdown, $selected_lang); } if (!empty($dir) && !is_dir($dir)) { $continue = mkdir_recursive($dir); } save_custom_app_list_strings_contents($contents, $selected_lang, $dir); } sugar_cache_reset(); clearAllJsAndJsLangFilesWithoutOutput(); }