diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..137d46b --- /dev/null +++ b/.gitignore @@ -0,0 +1,11 @@ +cache/* +cache/**/* +test/* +test/**/* +Smarty/templates_c/* +storage/* +storage/**/* +logs/* +backup/* +user_privileges/* +config-dev.inc.php diff --git a/Popup.php b/Popup.php index 4ac345e..f4685e7 100644 --- a/Popup.php +++ b/Popup.php @@ -50,16 +50,16 @@ $smarty->assign("MAINTAB",$act_tab); // This is added to support the type of popup and callback if(isset($_REQUEST['popupmode']) && isset($_REQUEST['callback'])) { - $url = "&popupmode=".$_REQUEST['popupmode']."&callback=".$_REQUEST['callback']; - $smarty->assign("POPUPMODE", $_REQUEST['popupmode']); - $smarty->assign("CALLBACK", $_REQUEST['callback']); + $url = "&popupmode=".vtlib_purify($_REQUEST['popupmode'])."&callback=".vtlib_purify($_REQUEST['callback']); + $smarty->assign("POPUPMODE", vtlib_purify($_REQUEST['popupmode'])); + $smarty->assign("CALLBACK", vtlib_purify($_REQUEST['callback'])); } - + +$focus = CRMEntity::getInstance($currentModule); + switch($currentModule) { case 'Contacts': - require_once("modules/$currentModule/Contacts.php"); - $focus = new Contacts(); $log = LoggerManager::getLogger('contact_list'); $smarty->assign("SINGLE_MOD",'Contact'); if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] !='') @@ -70,8 +70,6 @@ switch($currentModule) $alphabetical = AlphabeticalSearch($currentModule,'Popup','lastname','true','basic',$popuptype,"","",$url); break; case 'Campaigns': - require_once("modules/$currentModule/Campaigns.php"); - $focus = new Campaigns(); $log = LoggerManager::getLogger('campaign_list'); $smarty->assign("SINGLE_MOD",'Campaign'); if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] !='') @@ -80,8 +78,6 @@ switch($currentModule) $alphabetical = AlphabeticalSearch($currentModule,'Popup','campaignname','true','basic',$popuptype,"","",$url); break; case 'Accounts': - require_once("modules/$currentModule/Accounts.php"); - $focus = new Accounts(); $log = LoggerManager::getLogger('account_list'); if (isset($_REQUEST['select'])) $smarty->assign("SELECT",'enable'); $smarty->assign("SINGLE_MOD",'Account'); @@ -92,8 +88,6 @@ switch($currentModule) $alphabetical = AlphabeticalSearch($currentModule,'Popup','accountname','true','basic',$popuptype,"","",$url); break; case 'Leads': - require_once("modules/$currentModule/Leads.php"); - $focus = new Leads(); $log = LoggerManager::getLogger('contact_list'); $smarty->assign("SINGLE_MOD",'Lead'); if (isset($_REQUEST['select'])) $smarty->assign("SELECT",'enable'); @@ -104,8 +98,6 @@ switch($currentModule) $alphabetical = AlphabeticalSearch($currentModule,'Popup','lastname','true','basic',$popuptype,"","",$url); break; case 'Potentials': - require_once("modules/$currentModule/Potentials.php"); - $focus = new Potentials(); $log = LoggerManager::getLogger('potential_list'); if (isset($_REQUEST['select'])) $smarty->assign("SELECT",'enable'); $smarty->assign("SINGLE_MOD",'Opportunity'); @@ -114,23 +106,17 @@ switch($currentModule) $alphabetical = AlphabeticalSearch($currentModule,'Popup','potentialname','true','basic',$popuptype,"","",$url); break; case 'Quotes': - require_once("modules/$currentModule/Quotes.php"); - $focus = new Quotes(); $log = LoggerManager::getLogger('quotes_list'); $smarty->assign("SINGLE_MOD",'Quote'); $alphabetical = AlphabeticalSearch($currentModule,'Popup','subject','true','basic',$popuptype,"","",$url); break; case 'Invoice': - require_once("modules/$currentModule/Invoice.php"); - $focus = new Invoice(); $smarty->assign("SINGLE_MOD",'Invoice'); if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] !='') $smarty->assign("RETURN_MODULE",vtlib_purify($_REQUEST['return_module'])); $alphabetical = AlphabeticalSearch($currentModule,'Popup','subject','true','basic',$popuptype,"","",$url); break; case 'Products': - require_once("modules/$currentModule/$currentModule.php"); - $focus = new $currentModule(); $smarty->assign("SINGLE_MOD",getTranslatedString('SINGLE_'.$currentModule)); if(isset($_REQUEST['curr_row'])) { @@ -144,30 +130,24 @@ switch($currentModule) $alphabetical = AlphabeticalSearch($currentModule,'Popup','productname','true','basic',$popuptype,"","",$url); break; case 'Vendors': - require_once("modules/$currentModule/Vendors.php"); - $focus = new Vendors(); $smarty->assign("SINGLE_MOD",'Vendor'); + if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] !='') + $smarty->assign("RETURN_MODULE",vtlib_purify($_REQUEST['return_module'])); $alphabetical = AlphabeticalSearch($currentModule,'Popup','vendorname','true','basic',$popuptype,"","",$url); break; case 'SalesOrder': - require_once("modules/$currentModule/SalesOrder.php"); - $focus = new SalesOrder(); $smarty->assign("SINGLE_MOD",'SalesOrder'); if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] !='') $smarty->assign("RETURN_MODULE",vtlib_purify($_REQUEST['return_module'])); $alphabetical = AlphabeticalSearch($currentModule,'Popup','subject','true','basic',$popuptype,"","",$url); break; case 'PurchaseOrder': - require_once("modules/$currentModule/PurchaseOrder.php"); - $focus = new PurchaseOrder(); $smarty->assign("SINGLE_MOD",'PurchaseOrder'); if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] !='') $smarty->assign("RETURN_MODULE",vtlib_purify($_REQUEST['return_module'])); $alphabetical = AlphabeticalSearch($currentModule,'Popup','subject','true','basic',$popuptype,"","",$url); break; case 'PriceBooks': - require_once("modules/$currentModule/PriceBooks.php"); - $focus = new PriceBooks(); $smarty->assign("SINGLE_MOD",'PriceBook'); if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] !='') $smarty->assign("RETURN_MODULE",vtlib_purify($_REQUEST['return_module'])); @@ -184,17 +164,14 @@ switch($currentModule) $alphabetical = AlphabeticalSearch($currentModule,'Popup','bookname','true','basic',$popuptype,"","",$url); break; case 'Users': - require_once("modules/$currentModule/Users.php"); - $focus = new Users(); - $smarty->assign("SINGLE_MOD",'Users'); - if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] !='') - $smarty->assign("RETURN_MODULE",vtlib_purify($_REQUEST['return_module'])); - $alphabetical = AlphabeticalSearch($currentModule,'Popup','user_name','true','basic',$popuptype,"","",$url); - if (isset($_REQUEST['select'])) $smarty->assign("SELECT",'enable'); - break; + $smarty->assign("SINGLE_MOD", 'Users'); + if (isset($_REQUEST['return_module']) && $_REQUEST['return_module'] != '') + $smarty->assign("RETURN_MODULE", vtlib_purify($_REQUEST['return_module'])); + $alphabetical = AlphabeticalSearch($currentModule, 'Popup', 'user_name', 'true', 'basic', $popuptype, "", "", $url); + if (isset($_REQUEST['select'])) + $smarty->assign("SELECT", 'enable'); + break; case 'HelpDesk': - require_once("modules/$currentModule/HelpDesk.php"); - $focus = new HelpDesk(); $smarty->assign("SINGLE_MOD",'HelpDesk'); if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] !='') $smarty->assign("RETURN_MODULE",vtlib_purify($_REQUEST['return_module'])); @@ -203,8 +180,6 @@ switch($currentModule) break; case 'Documents': - require_once("modules/$currentModule/Documents.php"); - $focus = new Documents(); $smarty->assign("SINGLE_MOD",'Document'); if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] !='') $smarty->assign("RETURN_MODULE",vtlib_purify($_REQUEST['return_module'])); @@ -224,9 +199,7 @@ switch($currentModule) } // vtlib customization: Generic hook for Popup selection default: - require_once("modules/$currentModule/$currentModule.php"); - $focus = new $currentModule(); - $smarty->assign("SINGLE_MOD", $currentModule); + $smarty->assign("SINGLE_MOD", $currentModule); if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] !='') $smarty->assign("RETURN_MODULE",vtlib_purify($_REQUEST['return_module'])); $alphabetical = AlphabeticalSearch($currentModule,'Popup',$focus->def_basicsearch_col,'true','basic',$popuptype,"","",$url); @@ -246,8 +219,8 @@ $smarty->assign("RETURN_ACTION",vtlib_purify($_REQUEST['return_action'])); //Retreive the list from Database if($currentModule == 'PriceBooks') { - $productid=$_REQUEST['productid']; - $currency_id=$_REQUEST['currencyid']; + $productid= vtlib_purify($_REQUEST['productid']); + $currency_id= vtlib_purify($_REQUEST['currencyid']); if($currency_id == null) $currency_id = fetchCurrency($current_user->id); $query = 'select vtiger_pricebook.*, vtiger_pricebookproductrel.productid, vtiger_pricebookproductrel.listprice, ' . 'vtiger_crmentity.crmid, vtiger_crmentity.smownerid, vtiger_crmentity.modifiedtime ' . @@ -289,7 +262,7 @@ else $smarty->assign("mod_var_value", vtlib_purify($_REQUEST['task_parent_module'])); $smarty->assign("recid_var_name", "task_relmod_id"); $smarty->assign("recid_var_value",vtlib_purify($_REQUEST['task_relmod_id'])); - $where_relquery.= getPopupCheckquery($currentModule,$_REQUEST['task_parent_module'],$_REQUEST['task_relmod_id']); + $where_relquery.= getPopupCheckquery($currentModule, vtlib_purify($_REQUEST['task_parent_module']), vtlib_purify($_REQUEST['task_relmod_id'])); } if($currentModule == 'Products' && !$_REQUEST['record_id'] && ($popuptype == 'inventory_prod' || $popuptype == 'inventory_prod_po')) $where_relquery .=" and vtiger_products.discontinued <> 0 AND (vtiger_products.productid NOT IN (SELECT crmid FROM vtiger_seproductsrel WHERE setype='Products'))"; @@ -326,7 +299,7 @@ else if($currentModule == 'Products' && $_REQUEST['record_id'] && ($popuptype == 'inventory_prod' || $popuptype == 'inventory_prod_po')) { - $product_name = getProductName($_REQUEST['record_id']); + $product_name = getProductName(vtlib_purify($_REQUEST['record_id'])); $smarty->assign("PRODUCT_NAME", $product_name); $smarty->assign("RECORD_ID", vtlib_purify($_REQUEST['record_id'])); } @@ -365,7 +338,7 @@ if(method_exists($focus, 'getQueryByModuleField')) { // END if(PerformancePrefs::getBoolean('LISTVIEW_COMPUTE_PAGE_COUNT', false) === true){ - $count_result = $adb->query( mkCountQuery( $query)); + $count_result = $adb->pquery( mkCountQuery( $query), array()); $noofrows = $adb->query_result($count_result,0,"count"); }else{ $noofrows = null; @@ -375,7 +348,7 @@ if(PerformancePrefs::getBoolean('LISTVIEW_COMPUTE_PAGE_COUNT', false) === true){ if(isset($_REQUEST['start']) && $_REQUEST['start'] != '') { $start = vtlib_purify($_REQUEST['start']); if($start == 'last'){ - $count_result = $adb->query( mkCountQuery($query)); + $count_result = $adb->pquery( mkCountQuery($query), array()); $noofrows = $adb->query_result($count_result,0,"count"); if($noofrows > 0){ $start = ceil($noofrows/$list_max_entries_per_page); @@ -392,7 +365,7 @@ if(isset($_REQUEST['start']) && $_REQUEST['start'] != '') { } $limstart=($start-1)*$list_max_entries_per_page; $query.=" LIMIT $limstart,$list_max_entries_per_page"; -$list_result = $adb->query($query); +$list_result = $adb->pquery($query, array()); //Retreive the Navigation array $navigation_array = VT_getSimpleNavigationValues($start, $list_max_entries_per_page,$noofrows); diff --git a/SendReminder.php b/SendReminder.php index a076162..3a2b460 100644 --- a/SendReminder.php +++ b/SendReminder.php @@ -231,7 +231,7 @@ function getParentMailId($returnmodule,$parentid) if($returnmodule == 'Contacts' || $returnmodule == 'HelpDesk') { if($returnmodule == 'HelpDesk') - $parentid = $_REQUEST['contact_id']; + $parentid = vtlib_purify ($_REQUEST['contact_id']); $tablename = 'vtiger_contactdetails'; $idname = 'contactid'; } diff --git a/Smarty/templates/Buttons_List.tpl b/Smarty/templates/Buttons_List.tpl index 7698e28..777aca9 100644 --- a/Smarty/templates/Buttons_List.tpl +++ b/Smarty/templates/Buttons_List.tpl @@ -116,7 +116,7 @@ {if $MODULE eq 'Contacts' || $MODULE eq 'Leads' || $MODULE eq 'Accounts'|| $MODULE eq 'Products'|| $MODULE eq 'Potentials'|| $MODULE eq 'HelpDesk'|| $MODULE eq 'Vendors' || $CUSTOM_MODULE eq 'true'} {if $CHECK.DuplicatesHandling eq 'yes'} - {$APP.LBL_FIND_DUPICATES} + {$APP.LBL_FIND_DUPLICATES} {else} {/if} diff --git a/Smarty/templates/ComposeEmail.tpl b/Smarty/templates/ComposeEmail.tpl index be7232f..1c1dbc1 100644 --- a/Smarty/templates/ComposeEmail.tpl +++ b/Smarty/templates/ComposeEmail.tpl @@ -17,7 +17,7 @@ {$MOD.TITLE_COMPOSE_MAIL} - + diff --git a/Smarty/templates/DetailView.tpl b/Smarty/templates/DetailView.tpl index e4424c8..7960cf3 100755 --- a/Smarty/templates/DetailView.tpl +++ b/Smarty/templates/DetailView.tpl @@ -222,7 +222,7 @@ function sendfile_email() id="More_Information_Modules_List" class="drop_mnu" style="left: 502px; top: 76px; display: none;"> {foreach key=_RELATION_ID item=_RELATED_MODULE from=$IS_REL_LIST} - + {/foreach}
{$_RELATED_MODULE|@getTranslatedString:$MODULE}
{$_RELATED_MODULE|@getTranslatedString:$_RELATED_MODULE}
@@ -446,7 +446,7 @@ function sendfile_email() {/if} - {elseif $TODO_PERMISSION eq 'true' || $EVENT_PERMISSION eq 'true' || $CONTACT_PERMISSION eq 'true'|| $MODULE eq 'Contacts' || ($MODULE eq 'Documents')} + {elseif $TODO_PERMISSION eq 'true' || $EVENT_PERMISSION eq 'true' || $CONTACT_PERMISSION eq 'true'|| $MODULE eq 'Contacts' || $MODULE eq 'Leads' || ($MODULE eq 'Documents')} {if $MODULE eq 'Contacts'} {assign var=subst value="contact_id"} diff --git a/Smarty/templates/DetailViewFields.tpl b/Smarty/templates/DetailViewFields.tpl index e6fc6b4..50b1e8e 100644 --- a/Smarty/templates/DetailViewFields.tpl +++ b/Smarty/templates/DetailViewFields.tpl @@ -140,33 +140,22 @@ {$keyval}  {elseif $keyid eq 83} - - {$APP.LBL_VAT} {$APP.COVERED_PERCENTAGE} - -   - {$VAT_TAX} - -   - - - - {$APP.LBL_SALES} {$APP.LBL_TAX} {$APP.COVERED_PERCENTAGE} - -   - {$SALES_TAX} - -   - - - - {$APP.LBL_SERVICE} {$APP.LBL_TAX} {$APP.COVERED_PERCENTAGE} - -   - {$SERVICE_TAX} - + {foreach item=tax key=count from=$TAX_DETAILS} + + {$tax.taxlabel} {$APP.COVERED_PERCENTAGE} + + + + {$tax.percentage} + +   + + {/foreach} {elseif $keyid eq 69} -  {$keyval} +  {$keyval} + {elseif $keyid eq 10} +  {$keyval} {else} -  {$keyval} +  {$keyval} {/if} diff --git a/Smarty/templates/DetailViewUI.tpl b/Smarty/templates/DetailViewUI.tpl index 218ad41..e02045c 100644 --- a/Smarty/templates/DetailViewUI.tpl +++ b/Smarty/templates/DetailViewUI.tpl @@ -14,7 +14,7 @@ {if $keyid eq '1' || $keyid eq 2 || $keyid eq '11' || $keyid eq '7' || $keyid eq '9' || $keyid eq '55' || $keyid eq '71' || $keyid eq '72' || $keyid eq '103' || $keyid eq '255' || $keyid eq '14'} - + {if $keyid eq '55' || $keyid eq '255'} {if $keyaccess eq $APP.LBL_NOT_ACCESSIBLE} {$APP.LBL_NOT_ACCESSIBLE} @@ -210,7 +210,7 @@ {elseif $keyid eq '50' || $keyid eq '73' || $keyid eq '51'}  {$keyval} - {elseif $keyid eq '57'} + {elseif $keyid eq '57' || $keyid eq '58'}  {$keyval} {elseif $keyid eq '59'} @@ -374,7 +374,9 @@ {elseif $keyid eq 69} -  {$keyval} +  {$keyval} + {elseif $keyid eq 10} +  {$keyval} {else} -  {$keyval} +  {$keyval} {/if} diff --git a/Smarty/templates/DocumentsListViewEntries.tpl b/Smarty/templates/DocumentsListViewEntries.tpl index 3a76643..e9ba5f7 100644 --- a/Smarty/templates/DocumentsListViewEntries.tpl +++ b/Smarty/templates/DocumentsListViewEntries.tpl @@ -230,7 +230,7 @@ {$MODULE_CREATE} {/if} {$APP.LBL_NOW}. {$APP.LBL_CLICK_THE_LINK}:
-   -{$APP.LBL_CREATE} {$APP.$vowel_conf} {$MOD.$MODULE_CREATE} +   -{$APP.LBL_CREATE} {$APP.$vowel_conf} {$APP.$MODULE_CREATE} diff --git a/Smarty/templates/EmailDetailView.tpl b/Smarty/templates/EmailDetailView.tpl old mode 100755 new mode 100644 index f86bde7..1c73307 --- a/Smarty/templates/EmailDetailView.tpl +++ b/Smarty/templates/EmailDetailView.tpl @@ -15,7 +15,7 @@ {$MOD.TITLE_VTIGERCRM_MAIL} - + diff --git a/Smarty/templates/Header.tpl b/Smarty/templates/Header.tpl index 1443b24..47cd890 100644 --- a/Smarty/templates/Header.tpl +++ b/Smarty/templates/Header.tpl @@ -13,7 +13,7 @@ {$USER} - {$MODULE_NAME|@getTranslatedString:$MODULE_NAME} - {$APP.LBL_BROWSER_TITLE} - + {* vtlib customization: Inclusion of custom javascript and css as registered *} @@ -87,7 +87,7 @@ - +
{$LOGO}{$COMPANY_DETAILS.name}
@@ -118,12 +118,12 @@ {$USER} {* ondemand customization: Header links on the top panel *} - + {* END *} {* vtlib customization: Header links on the top panel *} {if $HEADERLINKS} - @@ -625,14 +626,6 @@ function getFormValidate(divValidate) - - - - - - +
{$APP.LNK_HELP}
{$APP.LBL_FEEDBACK} {$APP.LNK_HELP}
@@ -698,14 +688,6 @@ function openwin() {/foreach}
- - +{if $RETURN_MODULE != ''} +{/if} @@ -102,15 +104,15 @@ function set_focus() {ldelim} {if $recid_var_value neq ''} - + {else} {if $RECORD_ID} - + {else} - + {/if} {/if} - +
{$APP[$MODULE]} {$APP.LBL_RELATED_TO} {$APP[$PARENT_MODULE]}{$MODULE|@getTranslatedString:$MODULE} {$APP.LBL_RELATED_TO} {$PARENT_MODULE|@getTranslatedString:$PARENT_MODULE}{$APP[$MODULE]} > {$PRODUCT_NAME}{$MODULE|@getTranslatedString:$MODULE} > {$PRODUCT_NAME}{$APP[$MODULE]}{$MODULE|@getTranslatedString:$MODULE}{$APP.VTIGER}{'APP_NAME'|@getTranslatedString}
diff --git a/Smarty/templates/PrintEmail.tpl b/Smarty/templates/PrintEmail.tpl index 9a2cc1b..f9ac487 100644 --- a/Smarty/templates/PrintEmail.tpl +++ b/Smarty/templates/PrintEmail.tpl @@ -16,7 +16,7 @@ {$MOD.TITLE_VTIGERCRM_MAIL} - + diff --git a/Smarty/templates/RelatedListContents.tpl b/Smarty/templates/RelatedListContents.tpl index b850d52..a464714 100644 --- a/Smarty/templates/RelatedListContents.tpl +++ b/Smarty/templates/RelatedListContents.tpl @@ -76,7 +76,7 @@ function loadRelatedListBlock(urldata,target,imagesuffix) { } }else{ $(imagesuffix+'_linkForSelectAll').hide(); - rel_toggleSelect(false,imagesuffix+'_selected_id',relatedModule); + //rel_toggleSelect(false,imagesuffix+'_selected_id',relatedModule); } updateParentCheckbox(obj,imagesuffix); } diff --git a/Smarty/templates/RolePopup.tpl b/Smarty/templates/RolePopup.tpl old mode 100755 new mode 100644 index d757bdc..74cfef5 --- a/Smarty/templates/RolePopup.tpl +++ b/Smarty/templates/RolePopup.tpl @@ -51,7 +51,7 @@
- +
{$CMOD.LBL_ASSIGN_ROLE}{$APP.VTIGER}{'APP_NAME'|@getTranslatedString}
diff --git a/Smarty/templates/Settings/CustomModEntityNo.tpl b/Smarty/templates/Settings/CustomModEntityNo.tpl index 53cdc37..6240333 100644 --- a/Smarty/templates/Settings/CustomModEntityNo.tpl +++ b/Smarty/templates/Settings/CustomModEntityNo.tpl @@ -154,9 +154,7 @@ function updateModEntityExisting(button, form) { {assign var = "selected_val" value=""} {/if} {assign var="MODULE_LABEL" value=$value} - {if $APP.$value neq ''} - {assign var="MODULE_LABEL" value=$APP.$value} - {/if} + {assign var="MODULE_LABEL" value=$value|getTranslatedString:$value} {/foreach} diff --git a/Smarty/templates/Settings/ModuleManager/ModuleManagerAjax.tpl b/Smarty/templates/Settings/ModuleManager/ModuleManagerAjax.tpl index 46b2ee5..d8a9542 100644 --- a/Smarty/templates/Settings/ModuleManager/ModuleManagerAjax.tpl +++ b/Smarty/templates/Settings/ModuleManager/ModuleManagerAjax.tpl @@ -53,7 +53,7 @@ function vtlib_modulemanager_toggleTab(shownode, hidenode, highlighttab, dehighl {if $modinfo.customized eq true} {assign var="totalCustomModules" value=$totalCustomModules+1} - {assign var="modulelabel" value=$modulename} + {assign var="modulelabel" value=$modulename|getTranslatedString:$modulename} {if $APP.$modulename}{assign var="modulelabel" value=$APP.$modulename}{/if} diff --git a/Smarty/templates/ShowAuditTrail.tpl b/Smarty/templates/ShowAuditTrail.tpl index fa8e658..149d4da 100644 --- a/Smarty/templates/ShowAuditTrail.tpl +++ b/Smarty/templates/ShowAuditTrail.tpl @@ -23,7 +23,7 @@ - +
{$MOD.LBL_AUDIT_TRAIL}{$APP.VTIGER}{'APP_NAME'|@getTranslatedString}
diff --git a/Smarty/templates/com_vtiger_workflow/EditWorkflow.tpl b/Smarty/templates/com_vtiger_workflow/EditWorkflow.tpl index e9bdb4f..88fe948 100644 --- a/Smarty/templates/com_vtiger_workflow/EditWorkflow.tpl +++ b/Smarty/templates/com_vtiger_workflow/EditWorkflow.tpl @@ -12,7 +12,7 @@ {include file='SetMenu.tpl'}
{include file='com_vtiger_workflow/ModuleTitle.tpl'} -
+ {include file='com_vtiger_workflow/EditWorkflowMeta.tpl'} {include file='com_vtiger_workflow/EditWorkflowBasicInfo.tpl'} diff --git a/Smarty/templates/com_vtiger_workflow/taskforms/VTEmailTask.tpl b/Smarty/templates/com_vtiger_workflow/taskforms/VTEmailTask.tpl index ddc6321..dd4b457 100644 --- a/Smarty/templates/com_vtiger_workflow/taskforms/VTEmailTask.tpl +++ b/Smarty/templates/com_vtiger_workflow/taskforms/VTEmailTask.tpl @@ -44,7 +44,7 @@ var moduleName = '{$entityName}'; + {if $MODULE eq 'Calendar'}  {$APP.Event} @@ -28,17 +28,21 @@ {if $MODULE eq 'Leads'} - - - - + + + + + + + + - + {else} diff --git a/Smarty/templates/modules/PickList/PickList.tpl b/Smarty/templates/modules/PickList/PickList.tpl index f8dd235..62f16f4 100644 --- a/Smarty/templates/modules/PickList/PickList.tpl +++ b/Smarty/templates/modules/PickList/PickList.tpl @@ -46,9 +46,7 @@ - +
#{$MOD.FieldLabel}{$MOD.FieldType}
{$MOD.LBL_MAPPING_OTHER_MODULES}
#{$MOD.FieldLabel}{$MOD.FieldType}
{$MOD.LBL_MAPPING_OTHER_MODULES}
{$MOD.LBL_CURRENCY_TOOL}
{$APP.Accounts} {$APP.Contacts} {$APP.Potentials}{$MOD.LBL_CURRENCY_TOOL}
{$MOD.LBL_USERS}{$MOD.VTLIB_LBL_MODULE_MANAGER} > {$MODULE} > {'LBL_FIELD_SETTINGS'|@getTranslatedString:$MODULE}{$MOD.VTLIB_LBL_MODULE_MANAGER} > {$MODULE|@getTranslatedString:$MODULE} > {'LBL_FIELD_SETTINGS'|@getTranslatedString:$MODULE}
diff --git a/backup/.htaccess b/backup/.htaccess new file mode 100644 index 0000000..e019832 --- /dev/null +++ b/backup/.htaccess @@ -0,0 +1 @@ +deny from all diff --git a/config.help.link.php b/config.help.link.php index 44fc0ed..853ff67 100644 --- a/config.help.link.php +++ b/config.help.link.php @@ -8,8 +8,8 @@ * All Rights Reserved. *************************************************************************************/ -$helpLinks = array( - 'WORKFLOW_TRIGGER_TYPES' => 'http://wiki.vtiger.com/index.php/Vtiger530:Module_Workflow', -); +define('WORKFLOW_TRIGGER_TYPES','http://wiki.vtiger.com/index.php/Vtiger530:Module_Workflow'); +define('BASE_HELP_WIKI','http://wiki.vtiger.com'); +define('MAIN_HELP_PAGE','http://wiki.vtiger.com/index.php/Main_Page'); ?> diff --git a/config.template.php b/config.template.php index 1446fda..91ac7fc 100644 --- a/config.template.php +++ b/config.template.php @@ -27,10 +27,10 @@ $CALCULATOR_DISPLAY = 'true'; $CHAT_DISPLAY = 'true'; $USE_RTE = 'true'; -// url for customer portal (Example: http://vtiger.com/portal) -$PORTAL_URL = 'http://vtiger.com/customerportal'; +// url for customer portal (Example: http://your_support_domain.tld/portal) +$PORTAL_URL = 'http://your_support_domain.tld/customerportal'; -// helpdesk support email id and support name (Example: 'support@vtiger.com' and 'vtiger support') +// helpdesk support email id and support name (Example: 'support@your_support_domain.tld' and 'your-support name') $HELPDESK_SUPPORT_EMAIL_ID = '_USER_SUPPORT_EMAIL_'; $HELPDESK_SUPPORT_NAME = 'your-support name'; $HELPDESK_SUPPORT_EMAIL_REPLY_ID = $HELPDESK_SUPPORT_EMAIL_ID; @@ -200,4 +200,7 @@ if(isset($default_timezone) && function_exists('date_default_timezone_set')) { /** minimum cron frequency -- In minutes */ $MINIMUM_CRON_FREQUENCY = 15; +// Override with developer settings +@include('config-dev.inc.php'); + ?> \ No newline at end of file diff --git a/copyright.html b/copyright.html index 2c2aa51..bb5b252 100644 --- a/copyright.html +++ b/copyright.html @@ -1,27 +1,224 @@ + - - Copyright - + +coreBOS Licence and Copyright + + - - -
This software is a collective work consisting of the following major Open Source components:
-Apache software, MySQL server, PHP, SugarCRM, ADOdb, Smarty, PHPMailer, phpSysinfo, MagpieRSS and others, each licensed under a separate Open Source License. -vtiger.com is not affiliated with nor endorsed by any of the above providers. See Copyrights for details.);
+
+

coreBOS Licence and Copyright

+This software is a collective work consisting of various Open Source components like:
+Apache software, MySQL server, PHP, vtiger CRM, ADOdb, Smarty, JQuery, PHPMailer, MagpieRSS, just to mention a few, each Licenced under a separate Open Source Licence. +neither coreBOS nor TSolucio (the company behind coreBOS) are affiliated with nor endorsed by any of the above providers.
+
+In general the whole application is Licenced under the Vtiger Public Licence (VPL), which is an adaption of Mozilla Public Licence. Where this may produce conflicts with third party libraries used, each library will maintain their own Licence. If any licensing conflicts are detected and require our action please contact us at corebos@tsolucio.com and we will attend at the shortest possible . +
+At the application's root directory you will find the complete contents of the VPL Licence in the file licenceAgreement.html
+
+The full licence can be read next:
+ +

Vtiger Public Licence

+ +
+The vtiger Public License Version 1.1 is based on the Mozilla Public License Version 1.1 +
+vtiger Public License +Version 1.1 +

+Copyright (c) 2004-2005 www.vtiger.com All rights reserved. +

+PLEASE READ THE FOLLOWING LICENSE AGREEMENT CAREFULLY. ANY USE OF SOFTWARE DOWNLOADED OR ORDERED FROM VTIGER IS PERMITTED ONLY UNDER LICENSE WITH VTIGER. BY DOWNLOADING THIS SOFTWARE YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT. +
    +
  1. Definitions. +
    +
    1.0. "Commercial Use" means distribution or otherwise making the Covered Code available to a third party. + +

    1.1. ''Contributor'' means each entity that creates or contributes to the creation of Modifications. + +

    1.2. ''Contributor Version'' means the combination of the Original Code, prior Modifications used by a Contributor, and the Modifications made by that particular Contributor. + +

    1.3. ''Covered Code'' means the Original Code or Modifications or the combination of the Original Code and Modifications, in each case including portions thereof. + +

    1.4. ''Electronic Distribution Mechanism'' means a mechanism generally accepted in the software development community for the electronic transfer of data. + +

    1.5. ''Executable'' means Covered Code in any form other than Source Code. + +

    1.6. ''Initial Developer'' means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhibit A. + +

    1.7. ''Larger Work'' means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. + +

    1.8. ''License'' means this document. +
    +
    1.8.1. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein. +
    +

    1.9. ''Modifications'' means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: +
    +
    A. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications.
    + +
    B. Any new file that contains any part of the Original Code or previous Modifications.
    +
    +

    1.10. ''Original Code'' means Source Code of computer software code which is described in the Source Code notice required by Exhibit A as Original Code, and which, at the time of its release under this License is not already Covered Code governed by this License. + +

    1.10.1. "Patent Claims" means any patent claim(s), now owned or hereafter acquired, including without limitation, method, process, and apparatus claims, in any patent Licensable by grantor. + +

    1.11. ''Source Code'' means the preferred form of the Covered Code for making modifications to it, including all modules it contains, plus any associated interface definition files, scripts used to control compilation and installation of an Executable, or source code differential comparisons against either the Original Code or another well known, available Covered Code of the Contributor's choice. The Source Code can be in a compressed or archival form, provided the appropriate decompression or de-archiving software is widely available for no charge. + +

    1.12. "You'' (or "Your") means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License or a future version of this License issued under Section 6.1. For legal entities, "You'' includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, "control'' means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. +

    +
  2. +Source Code License. +
    +
    +
    2.1.The Initial Developer Grant.
    + The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims: +
    +
    (a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer to use, reproduce, modify, display, perform, sublicense and distribute the Original Code (or portions thereof) with or without Modifications, and/or as part of a Larger Work; and +
    (b) under Patents Claims infringed by the making, using or selling of Original Code, to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Code (or portions thereof). +
    (c) the licenses granted in this Section 2.1(a) and (b) are effective on the date Initial Developer first distributes Original Code under the terms of this License. - - +
    (d) Notwithstanding Section 2.1(b) above, no patent license is granted: 1) for code that You delete from the Original Code; 2) separate from the Original Code; or 3) for infringements caused by: i) the modification of the Original Code or ii) the combination of the Original Code with other software or devices. +
    +

    2.2. Contributor Grant. + Subject to third party intellectual property claims, each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license +
    +
    (a) under intellectual property rights (other than patent or trademark) Licensable by Contributor, to use, reproduce, modify, display, perform, sublicense and distribute the Modifications created by such Contributor (or portions thereof) either on an unmodified basis, with other Modifications, as Covered Code and/or as part of a Larger Work; and + +
    (b) under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: 1) Modifications made by that Contributor (or portions thereof); and 2) the combination of Modifications made by that Contributor with its Contributor Version (or portions of such combination). + +
    (c) the licenses granted in Sections 2.2(a) and 2.2(b) are effective on the date Contributor first makes Commercial Use of the Covered Code. + +
    (d) Notwithstanding Section 2.2(b) above, no patent license is granted: 1) for any code that Contributor has deleted from the Contributor Version; 2) separate from the Contributor Version; 3) for infringements caused by: i) third party modifications of Contributor Version or ii) the combination of Modifications made by that Contributor with other software (except as part of the Contributor Version) or other devices; or 4) under Patent Claims infringed by Covered Code in the absence of Modifications made by that Contributor. +
    +

    +
  3. +Distribution Obligations. +
    +
    3.1. Application of License. + The Modifications which You create or to which You contribute are governed by the terms of this License, including without limitation Section 2.2. The Source Code version of Covered Code may be distributed only under the terms of this License or a future version of this License released under Section 6.1, and You must include a copy of this License with every copy of the Source Code You distribute. You may not offer or impose any terms on any Source Code version that alters or restricts the applicable version of this License or the recipients' rights hereunder. However, You may include an additional document offering the additional rights described in Section 3.5. + +

    3.2. Availability of Source Code. + Any Modification which You create or to which You contribute must be made available in Source Code form under the terms of this License either on the same media as an Executable version or via an accepted Electronic Distribution Mechanism to anyone to whom you made an Executable version available; and if made available via Electronic Distribution Mechanism, must remain available for at least twelve (12) months after the date it initially became available, or at least six (6) months after a subsequent version of that particular Modification has been made available to such recipients. You are responsible for ensuring that the Source Code version remains available even if the Electronic Distribution Mechanism is maintained by a third party. + +

    3.3. Description of Modifications. + You must cause all Covered Code to which You contribute to contain a file documenting the changes You made to create that Covered Code and the date of any change. You must include a prominent statement that the Modification is derived, directly or indirectly, from Original Code provided by the Initial Developer and including the name of the Initial Developer in (a) the Source Code, and (b) in any notice in an Executable version or related documentation in which You describe the origin or ownership of the Covered Code. + +

    3.4. Intellectual Property Matters +
    +
    (a) Third Party Claims. + If Contributor has knowledge that a license under a third party's intellectual property rights is required to exercise the rights granted by such Contributor under Sections 2.1 or 2.2, Contributor must include a text file with the Source Code distribution titled "LEGAL'' which describes the claim and the party making the claim in sufficient detail that a recipient will know whom to contact. If Contributor obtains such knowledge after the Modification is made available as described in Section 3.2, Contributor shall promptly modify the LEGAL file in all copies Contributor makes available thereafter and shall take other steps (such as notifying appropriate mailing lists or newsgroups) reasonably calculated to inform those who received the Covered Code that new knowledge has been obtained. + +
    (b)Contributor APIs. + If Contributor's Modifications include an application programming interface and Contributor has knowledge of patent licenses which are reasonably necessary to implement that API, Contributor must also include this information in the LEGAL file. + +
    (c)Representations. + Contributor represents that, except as disclosed pursuant to Section 3.4(a) above, Contributor believes that Contributor's Modifications are Contributor's original creation(s) and/or Contributor has sufficient rights to grant the rights conveyed by this License. +
    +
    + +

    3.5. Required Notices. + You must duplicate the notice in Exhibit A in each file of the Source Code. If it is not possible to put such notice in a particular Source Code file due to its structure, then You must include such notice in a location (such as a relevant directory) where a user would be likely to look for such a notice. If You created one or more Modification(s) You may add your name as a Contributor to the notice described in Exhibit A. You must also duplicate this License in any documentation for the Source Code where You describe recipients' rights or ownership rights relating to Covered Code. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Code. However, You may do so only on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear than any such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty, support, indemnity or liability terms You offer. + +

    3.6. Distribution of Executable Versions. + You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this License, including a description of how and where You have fulfilled the obligations of Section 3.2. The notice must be conspicuously included in any notice in an Executable version, related documentation or collateral in which You describe recipients' rights relating to the Covered Code. You may distribute the Executable version of Covered Code or ownership rights under a license of Your choice, which may contain terms different from this License, provided that You are in compliance with the terms of this License and that the license for the Executable version does not attempt to limit or alter the recipient's rights in the Source Code version from the rights set forth in this License. If You distribute the Executable version under a different license You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or any Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer. + +

    3.7. Larger Works. + You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Code. +

    +
  4. +Inability to Comply Due to Statute or Regulation. +
    +
    If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Code due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be included in the LEGAL file described in Section 3.4 and must be included with all distributions of the Source Code. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it. +

    +
  5. +Application of this License. +
    +This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code. +

    +
  6. +Versions of the License. +
    +
    6.1. New Versions. + vtiger may publish revised and/or new versions of the License from time to time. Each version will be given a distinguishing version number. + +

    6.2. Effect of New Versions. + Once Covered Code has been published under a particular version of the License, You may always continue to use it under the terms of that version. You may also choose to use such Covered Code under the terms of any subsequent version of the License published by vtiger. No one other than vtiger has the right to modify the terms applicable to Covered Code created under this License. + +

    6.3. Derivative Works. + If You create or use a modified version of this License (which you may only do in order to apply it to code which is not already Covered Code governed by this License), You must (a) rename Your license so that the phrases ''vtiger'or any confusingly similar phrase do not appear in your license (except to note that your license differs from this License) and (b) otherwise make it clear that Your version of the license contains terms which differ from the vtiger Public License. (Filling in the name of the Initial Developer, Original Code or Contributor in the notice described in Exhibit A shall not of themselves be deemed to be modifications of this License.) +

    +
  7. +DISCLAIMER OF WARRANTY. +
    +COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS'' BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. +

    +
  8. +TERMINATION. + +
    + 8.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. All sublicenses to the Covered Code which are properly granted shall survive any termination of this License. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive. + +

    8.2. If You initiate litigation by asserting a patent infringement claim (excluding declatory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You file such action is referred to as "Participant") alleging that: + + (a) such Participant's Contributor Version directly or indirectly infringes any patent, then any and all rights granted by such Participant to You under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively, unless if within 60 days after receipt of notice You either: (i) agree in writing to pay Participant a mutually agreeable reasonable royalty for Your past and future use of Modifications made by such Participant, or (ii) withdraw Your litigation claim with respect to the Contributor Version against such Participant. If within 60 days of notice, a reasonable royalty and payment arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above. + + (b) any software, hardware, or device, other than such Participant's Contributor Version, directly or indirectly infringes any patent, then any rights granted to You by such Participant under Sections 2.1(b) and 2.2(b) are revoked effective as of the date You first made, used, sold, distributed, or had made, Modifications made by that Participant. + +

    8.3. If You assert a patent infringement claim against Participant alleging that such Participant's Contributor Version directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or license. + +

    8.4. In the event of termination under Sections 8.1 or 8.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or any distributor hereunder prior to termination shall survive termination. +

    +
  9. +LIMITATION OF LIABILITY. +
    + UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. +

    +
  10. +U.S. GOVERNMENT END USERS. +
    +The Covered Code is a ''commercial item,'' as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of ''commercial computer software'' and ''commercial computer software documentation,'' as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered Code with only those rights set forth herein. +

    +
  11. +MISCELLANEOUS. +
    + This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by Indian laws (except to the extent applicable law, if any, provides otherwise), excluding its conflict-of-law provisions. With respect to disputes in which at least one party is a citizen of, or an entity chartered or registered to do business in India, any litigation relating to this License shall be subject to the jurisdiction of the Courts in Chennai, with venue lying in Tamil Nadu State, India, with the losing party responsible for costs, including without limitation, court costs and reasonable attorneys' fees and expenses. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not apply to this License. +

    +
  12. +RESPONSIBILITY FOR CLAIMS. +
    + As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of liability. +

    +
  13. +MULTIPLE-LICENSED CODE. +
    + Initial Developer may designate portions of the Covered Code as "Multiple-Licensed". "Multiple-Licensed" means that the Initial Developer permits you to utilize portions of the Covered Code under Your choice of the MPL or the alternative licenses, if any, specified by the Initial Developer in the file described in Exhibit A. +

    +
    14. +
+ +EXHIBIT A -vtiger Public License. +

+"The contents of this file are subject to the vtiger Public License Version 1.1 (the "License"); you may not use this file except in compliance with the License." +

+Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. +

+The Original Code is vtiger Outlook Plug-in. +

+The Initial Developer of the Original Code is vtiger. Portions created by vtiger are Copyright (C) www.vtiger.com. All Rights Reserved. +

+Contributor(s): ______________________________________. +

+ [NOTE: The text of this Exhibit A may differ slightly from the text of the notices in the Source Code files of the Original Code. You should use the text of this Exhibit A rather than the text found in the Original Code Source Code for Your Modifications.] + +

+
+ + diff --git a/cron/MailScanner.service b/cron/MailScanner.service index e5a5d98..ba074d1 100644 --- a/cron/MailScanner.service +++ b/cron/MailScanner.service @@ -59,7 +59,7 @@ $debug = true; if(isset($_REQUEST['scannername'])) { // Target scannername specified? - $scannername = $_REQUEST['scannername']; + $scannername = vtlib_purify($_REQUEST['scannername']); $scannerinfo = new Vtiger_MailScannerInfo($scannername); service_MailScanner_performScanNow($scannerinfo, $debug); diff --git a/cron/send_mail.php b/cron/send_mail.php index f817ac8..2326308 100755 --- a/cron/send_mail.php +++ b/cron/send_mail.php @@ -51,7 +51,7 @@ function sendmail($to,$from,$subject,$contents,$mail_server,$mail_server_usernam $mail->IsHTML(true); // set email format to HTML $mail->AltBody = "This is the body in plain text for non-HTML mail clients"; - $mail->Sender= getReturnPath($mail->Host); + $mail->Sender= getReturnPath($mail->Host, $mail->From); if(!$mail->Send()) { echo "Message could not be sent.

"; diff --git a/data/CRMEntity.php b/data/CRMEntity.php index 738fe8c..0407139 100755 --- a/data/CRMEntity.php +++ b/data/CRMEntity.php @@ -220,7 +220,7 @@ class CRMEntity { if ($_REQUEST['mode'] == 'edit') { if ($id != '' && $_REQUEST['fileid'] != '') { $delquery = 'delete from vtiger_seattachmentsrel where crmid = ? and attachmentsid = ?'; - $delparams = array($id, $_REQUEST['fileid']); + $delparams = array($id, vtlib_purify($_REQUEST['fileid'])); $adb->pquery($delquery, $delparams); } } @@ -292,6 +292,7 @@ class CRMEntity { if ($this->mode == 'edit') { $description_val = from_html($this->column_fields['description'], ($insertion_mode == 'edit') ? true : false); + checkFileAccessForInclusion('user_privileges/user_privileges_' . $current_user->id . '.php'); require('user_privileges/user_privileges_' . $current_user->id . '.php'); $tabid = getTabid($module); if ($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) { @@ -391,6 +392,7 @@ class CRMEntity { if ($insertion_mode == 'edit') { $update = array(); $update_params = array(); + checkFileAccessForInclusion('user_privileges/user_privileges_' . $current_user->id . '.php'); require('user_privileges/user_privileges_' . $current_user->id . '.php'); if ($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) { $sql = "select * from vtiger_field where tabid in (" . generateQuestionMarks($tabid) . ") and tablename=? and displaytype in (1,3) and presence in (0,2) group by columnname"; @@ -2010,8 +2012,10 @@ class CRMEntity { $condvalue = $table_name . "." . $column_name; $condition = "$pritablename.$secfieldname=$condvalue"; } - $secQuery = "select $table_name.* from $table_name inner join vtiger_crmentity on " . - "vtiger_crmentity.crmid=$table_name.$column_name and vtiger_crmentity.deleted=0"; + //$secQuery = "select $table_name.* from $table_name inner join vtiger_crmentity on " . + // "vtiger_crmentity.crmid=$table_name.$column_name and vtiger_crmentity.deleted=0"; + $secQuery2 = "inner join vtiger_crmentity as crmentity$table_name on " . + "crmentity$table_name.crmid=$table_name.$column_name and crmentity$table_name.deleted=0"; $query = ''; if ($pritablename == 'vtiger_crmentityrel') { $condition = "($table_name.$column_name={$tmpname}.{$secfieldname} " . @@ -2031,7 +2035,10 @@ class CRMEntity { } - $query .= " left join ($secQuery) as $table_name on {$condition}"; + //$query .= " left join ($secQuery) as $table_name on {$condition}"; + //performance improvement, this should be equivalent to the subquery but masses faster + $query .= " left join $table_name on {$condition}"; + $query .= " $secQuery2"; return $query; } @@ -2431,6 +2438,7 @@ class CRMEntity { * return array $list_buttons - for module (eg: 'Accounts') */ function getListButtons($app_strings) { + global $currentModule; $list_buttons = Array(); if (isPermitted($currentModule, 'Delete', '') == 'yes') diff --git a/include/CustomFieldUtil.php b/include/CustomFieldUtil.php index e220bd4..d75bfd8 100644 --- a/include/CustomFieldUtil.php +++ b/include/CustomFieldUtil.php @@ -256,7 +256,7 @@ function getCalendarCustomFields($tabid,$mode='edit',$col_fields='') { if ($mode == 'edit') { $custquery .= " AND vtiger_profile2field.readonly = 0"; } - $custquery .= " ORDER BY vtiger_field.fieldid"; + $custquery .= " GROUP BY vtiger_field.fieldid"; array_push($custparams, $profileList); } $custresult = $adb->pquery($custquery, $custparams); @@ -272,6 +272,10 @@ function getCalendarCustomFields($tabid,$mode='edit',$col_fields='') { $maxlength = $adb->query_result($custresult,$i,"maximumlength"); $generatedtype = $adb->query_result($custresult,$i,"generatedtype"); $typeofdata = $adb->query_result($custresult,$i,"typeofdata"); + $defaultvalue = $adb->query_result($custresult,$i,"defaultvalue"); + if(empty($col_fields[$fieldname])) { + $col_fields[$fieldname] = $defaultvalue; + } if ($mode == 'edit') $custfld = getOutputHtml($uitype, $fieldname, $fieldlabel, $maxlength, $col_fields,$generatedtype,'Calendar',$mode, $typeofdata); diff --git a/include/ListView/ListViewController.php b/include/ListView/ListViewController.php index 2eea4bd..94cb25a 100644 --- a/include/ListView/ListViewController.php +++ b/include/ListView/ListViewController.php @@ -443,11 +443,13 @@ class ListViewController { } } elseif ( in_array($uitype,array(7,9,90)) ) { $value = "".textlength_check($value)."

"; + } elseif ($field->getUIType() == 55) { + $value = getTranslatedString($value,$currentModule); } else { $value = textlength_check($value); } - $parenttab = getParentTab(); + $parenttab = getParentTab(); $nameFields = $this->queryGenerator->getModuleNameFields($module); $nameFieldList = explode(',',$nameFields); if(in_array($fieldName, $nameFieldList) && $module != 'Emails' ) { diff --git a/include/ListView/RelatedListViewContents.php b/include/ListView/RelatedListViewContents.php index e8d3a8d..0ce5456 100644 --- a/include/ListView/RelatedListViewContents.php +++ b/include/ListView/RelatedListViewContents.php @@ -46,8 +46,8 @@ if($ajaxaction == "LOADRELATEDLIST") { !$resetCookie) { //TODO for 5.3 this should be COOKIE not REQUEST, change here else where // this logic is used for listview checkbox selection propogation. - $checkedRecordIdString = $_REQUEST[$relatedModule.'_all']; - $checkedRecordIdString = rtrim($checkedRecordIdString); + $checkedRecordIdString = (empty($_REQUEST[$relatedModule.'_all']) ? $_COOKIE[$relatedModule.'_all'] : $_REQUEST[$relatedModule.'_all']); + $checkedRecordIdString = rtrim($checkedRecordIdString,';'); $checkedRecordIdList = explode(';', $checkedRecordIdString); $relatedListData["checked"]=array(); if (isset($relatedListData['entries'])) { diff --git a/include/QueryGenerator/QueryGenerator.php b/include/QueryGenerator/QueryGenerator.php index f8ae71b..ce4b863 100644 --- a/include/QueryGenerator/QueryGenerator.php +++ b/include/QueryGenerator/QueryGenerator.php @@ -449,10 +449,12 @@ class QueryGenerator { $tableJoinMapping['vtiger_attachmentsfolder'] = 'INNER JOIN'; } + $alias_count=2; foreach ($tableJoinCondition as $fieldName=>$conditionInfo) { foreach ($conditionInfo as $tableName=>$condition) { if(!empty($tableList[$tableName])) { - $tableNameAlias = $tableName.'2'; + $tableNameAlias = $tableName.$alias_count; + $alias_count++; $condition = str_replace($tableName, $tableNameAlias, $condition); } else { $tableNameAlias = ''; diff --git a/include/Webservices/AuthToken.php b/include/Webservices/AuthToken.php index 7779348..6786e01 100644 --- a/include/Webservices/AuthToken.php +++ b/include/Webservices/AuthToken.php @@ -14,6 +14,10 @@ $user = new Users(); $userid = $user->retrieve_user_id($username); + if (empty($userid)) { + throw new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED,'Given user cannot be found'); + } + $authToken = uniqid(); $servertime = time(); diff --git a/include/Webservices/DeleteUser.php b/include/Webservices/DeleteUser.php index c19378b..ab74b5a 100644 --- a/include/Webservices/DeleteUser.php +++ b/include/Webservices/DeleteUser.php @@ -25,7 +25,7 @@ function vtws_deleteUser($id, $newOwnerId,$user){ $meta = $handler->getMeta(); $entityName = $meta->getObjectEntityName($id); - $types = vtws_listtypes($user); + $types = vtws_listtypes(null, $user); if(!in_array($entityName,$types['types'])){ throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to perform the operation is denied, EntityName = ".$entityName); diff --git a/include/Webservices/GetUpdates.php b/include/Webservices/GetUpdates.php index 0577af3..b5423c7 100644 --- a/include/Webservices/GetUpdates.php +++ b/include/Webservices/GetUpdates.php @@ -11,7 +11,7 @@ require_once 'include/Webservices/Utils.php'; require_once 'include/Webservices/ModuleTypes.php'; require_once 'include/utils/CommonUtils.php'; - function vtws_sync($mtime,$elementType,$syncType,$user){ + function vtws_sync($mtime,$elementType,$syncType='',$user=''){ global $adb, $recordString,$modifiedTimeString; $numRecordsLimit = 100; diff --git a/include/Webservices/Login.php b/include/Webservices/Login.php index dd20363..5856fcb 100644 --- a/include/Webservices/Login.php +++ b/include/Webservices/Login.php @@ -13,6 +13,9 @@ $user = new Users(); $userId = $user->retrieve_user_id($username); + if (empty($userId)) { + throw new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED,'Given user cannot be found'); + } $token = vtws_getActiveToken($userId); if($token == null){ throw new WebServiceException(WebServiceErrorCode::$INVALIDTOKEN,"Specified token is invalid or expired"); diff --git a/include/fields/CurrencyField.php b/include/fields/CurrencyField.php index e2fcaf5..8a60ef1 100644 --- a/include/fields/CurrencyField.php +++ b/include/fields/CurrencyField.php @@ -197,6 +197,8 @@ class CurrencyField { $number = str_replace('.', $decimalSeparator, $value); return $number; } + $negativeNumber=($value<0); + $value=abs($value); if($currencyPattern == $this->CURRENCY_PATTERN_SINGLE_GROUPING) { // Separate the numeric and decimal parts $numericParts = explode('.', $value); @@ -215,6 +217,7 @@ class CurrencyField { } // Re-create the currency value combining the whole number and the decimal part using Decimal separator $number = implode($decimalSeparator, $numericParts); + if ($negativeNumber) $number='-'.$number; return $number; } if($currencyPattern == $this->CURRENCY_PATTERN_THOUSAND_GROUPING) { @@ -239,6 +242,7 @@ class CurrencyField { } // Re-create the currency value combining the whole number and the decimal part using Decimal separator $number = implode($decimalSeparator, $numericParts); + if ($negativeNumber) $number='-'.$number; return $number; } if($currencyPattern == $this->CURRENCY_PATTERN_MIXED_GROUPING) { @@ -275,6 +279,7 @@ class CurrencyField { } // Re-create the currency value combining the whole number and the decimal part using Decimal separator $number = implode($decimalSeparator, $numericParts); + if ($negativeNumber) $number='-'.$number; return $number; } return $number; diff --git a/include/images/AppStore.png b/include/images/AppStore.png deleted file mode 100644 index 3906d6e..0000000 Binary files a/include/images/AppStore.png and /dev/null differ diff --git a/include/images/AppStoreQRCode.png b/include/images/AppStoreQRCode.png deleted file mode 100644 index 3b92ecb..0000000 Binary files a/include/images/AppStoreQRCode.png and /dev/null differ diff --git a/include/images/ExchangeConnector.png b/include/images/ExchangeConnector.png deleted file mode 100644 index a358931..0000000 Binary files a/include/images/ExchangeConnector.png and /dev/null differ diff --git a/include/images/GooglePlay.png b/include/images/GooglePlay.png deleted file mode 100644 index 9a172e3..0000000 Binary files a/include/images/GooglePlay.png and /dev/null differ diff --git a/include/images/GooglePlayQRCode.png b/include/images/GooglePlayQRCode.png deleted file mode 100644 index c9cf7ac..0000000 Binary files a/include/images/GooglePlayQRCode.png and /dev/null differ diff --git a/include/images/OutlookPlugin.png b/include/images/OutlookPlugin.png deleted file mode 100644 index daaa0da..0000000 Binary files a/include/images/OutlookPlugin.png and /dev/null differ diff --git a/include/images/vtigercrm_icon.ico b/include/images/vtigercrm_icon.ico deleted file mode 100644 index 12406bd..0000000 Binary files a/include/images/vtigercrm_icon.ico and /dev/null differ diff --git a/include/install/images/app_logo.png b/include/install/images/app_logo.png new file mode 100644 index 0000000..07424e7 Binary files /dev/null and b/include/install/images/app_logo.png differ diff --git a/include/install/images/logobackempty.gif b/include/install/images/logobackempty.gif new file mode 100644 index 0000000..cc3d74b Binary files /dev/null and b/include/install/images/logobackempty.gif differ diff --git a/include/install/images/vtigercrm5.gif b/include/install/images/vtigercrm5.gif deleted file mode 100644 index 71c6e61..0000000 Binary files a/include/install/images/vtigercrm5.gif and /dev/null differ diff --git a/include/install/language/en_us.lang.php b/include/install/language/en_us.lang.php index f06fff7..101eb7e 100644 --- a/include/install/language/en_us.lang.php +++ b/include/install/language/en_us.lang.php @@ -26,16 +26,16 @@ $optionalModuleStrings = array( ); $installationStrings = array( - 'LBL_VTIGER_CRM_5' => 'vtiger CRM 5', + 'APP_NAME' => 'coreBOS', 'LBL_CONFIG_WIZARD' => 'Configuration Wizard', 'LBL_WELCOME' => 'Welcome', 'LBL_WELCOME_CONFIG_WIZARD' => 'Welcome to Configuration Wizard', - 'LBL_ABOUT_CONFIG_WIZARD' => 'This configuration wizard helps you install vtigerCRM ', - 'LBL_ABOUT_VTIGER' => 'vtiger CRM is a community-driven, fully open source, CRM software project.

- The aim of the project is to provide the best and most open CRM solution with the lowest total cost of ownership to small and medium enterprises.

- The product is widely used throughout the world, with over a thousand downloads a day.

- vtiger CRM has an active community of developers and users, with contributors from many different countries.

- It is available in many languages, with a strong partner network in dozens of countries.', + 'LBL_ABOUT_CONFIG_WIZARD' => 'This configuration wizard helps you install coreBOS ', + 'LBL_ABOUT_VTIGER' => 'coreBOS is a community-driven, fully open source, Business empowering software project.

+ The aim of the project is to provide a powerful software environment for your company to grow upon with the lowest total cost of ownership for small and medium enterprises.

+ The product is widely used throughout the world.

+ coreBOS has an active community of developers and users, with contributors from many different countries.

+ It is available in many languages.', 'LBL_INSTALL' => 'Install', 'LBL_MIGRATE' => 'Migrate', 'ERR_RESTRICTED_FILE_ACCESS' => 'Sorry! Attempt to access restricted file', @@ -57,7 +57,7 @@ $installationStrings = array( 'MSG_CONFIG_FILE_CREATED' => 'Configuration file (config.inc.php) was successfully created', 'LBL_FINISH' => 'Finish', 'LBL_CONFIG_COMPLETED' => 'Configuration Completed', - 'LBL_PHP_VERSION_GT_5' => 'PHP version >= 5.2', + 'LBL_PHP_VERSION_GT_5' => 'PHP version >= 5.3', 'LBL_YES' => 'Yes', 'LBL_NO' => 'No', 'LBL_NOT_CONFIGURED' => 'Not Configured', @@ -72,7 +72,7 @@ $installationStrings = array( 'LBL_NOT_RECOMMENDED' => 'Not Recommended', 'LBL_PHP_DIRECTIVES_HAVE_RECOMMENDED_VALUES' => 'Your PHP directives have the Recommended values', 'MSG_PROVIDE_READ_WRITE_ACCESS_TO_PROCEED' => 'Provide Read/Write access to the files and directories listed to Proceed', - 'WARNING_PHP_DIRECTIVES_NOT_RECOMMENDED_STILL_WANT_TO_PROCEED' => 'Some of the PHP Settings do not meet the recommended values. This might affect some of the features of vtiger CRM. Are you sure, you want to proceed?', + 'WARNING_PHP_DIRECTIVES_NOT_RECOMMENDED_STILL_WANT_TO_PROCEED' => 'Some of the PHP Settings do not meet the recommended values. This might affect some of the features of coreBOS. Are you sure, you want to proceed?', 'LBL_CHANGE' => 'Change', 'LBL_DATABASE_INFORMATION' => 'Database Information', 'LBL_CRM_CONFIGURATION' => 'CRM Configuration', @@ -98,7 +98,7 @@ $installationStrings = array( 'LBL_MISSING_REQUIRED_FIELDS' => 'Missing required fields', 'ERR_ADMIN_EMAIL_INVALID' => 'The email id in the admin email field is invalid', 'ERR_STANDARDUSER_EMAIL_INVALID' => 'The email id in the standard user email field is invalid', - 'WARNING_LOCALHOST_IN_SITE_URL' => 'Specify the exact host name instead of \"localhost\" in Site URL field, otherwise you will experience some issues while working with vtiger plug-ins. Do you wish to Continue?', + 'WARNING_LOCALHOST_IN_SITE_URL' => 'Specify the exact host name instead of \"localhost\" in Site URL field, otherwise you will experience some issues while working with coreBOS plug-ins. Do you wish to Continue?', 'LBL_DATABASE_CONFIGURATION' => 'Database Configuration', 'LBL_ENABLED' => 'Enabled', 'LBL_NOT_ENABLED' => 'Not Enabled', @@ -127,16 +127,15 @@ $installationStrings = array( 'LBL_LOGIN_USING_ADMIN' => 'Please log in using the "admin" user name and the password you entered in step 3/4', 'LBL_SET_OUTGOING_EMAIL_SERVER' => 'Do not forget to set the outgoing email server (setup accessible from Settings->Outgoing Server)', 'LBL_RENAME_HTACCESS_FILE' => 'Rename htaccess.txt file to .htaccess to control public file access', - 'MSG_HTACCESS_DETAILS' => 'This .htaccess file will work if "AllowOverride All" is set on Apache server configuration file (httpd.conf) for the DocumentRoot or for the current vtiger path.
+ 'MSG_HTACCESS_DETAILS' => 'This .htaccess file will work if "AllowOverride All" is set on Apache server configuration file (httpd.conf) for the DocumentRoot or for the current coreBOS path.
If this AllowOverride is set as None ie., "AllowOverride None" then .htaccess file will not take into effect.
If AllowOverride is None then add the following configuration in the apache server configuration file (httpd.conf)
- <Directory "C:/Program Files/vtigercrm/apache/htdocs/vtigerCRM">
Options -Indexes
</Directory>
+ <Directory "C:/Program Files/corebos/apache/htdocs/coreBOS">
Options -Indexes
</Directory>
So that without .htaccess file we can restrict the directory listing', 'LBL_YOU_ARE_IMPORTANT' => 'You are very important to us!', 'LBL_PRIDE_BEING_ASSOCIATED' => 'We take pride in being associated with you', - 'LBL_TALK_TO_US_AT_FORUMS' => 'Talk to us at forums', - 'LBL_DISCUSS_WITH_US_AT_BLOGS' => 'Discuss with us at blogs', - 'LBL_WE_AIM_TO_BE_BEST' => 'We aim to be - simply the best', + 'LBL_TALK_TO_US_AT_FORUMS' => 'Talk to us in our Google+ Community or LinkedIn Group', + 'LBL_WE_AIM_TO_BE_BEST' => 'We aim to help you do your business', 'LBL_SPACE_FOR_YOU' => 'Come on over, there is space for you too!', 'LBL_NO_OPTIONAL_MODULES_FOUND' => 'No Optional Modules found', 'LBL_PREVIOUS_INSTALLATION_INFORMATION' => 'Previous Installation Information', @@ -169,7 +168,7 @@ $installationStrings = array( 'LBL_DATABASE_CHECK' => 'Database Check', 'MSG_TABLES_IN_INNODB' => 'Required tables were detected to be in proper Engine type (InnoDB)', 'MSG_CLOSE_WINDOW_TO_PROCEED' => 'You can close this window and proceed further with migration', - 'LBL_RECOMMENDATION_FOR_PROPERLY_WORKING_CRM' => 'For proper functionality of vtiger CRM, we recommend the following', + 'LBL_RECOMMENDATION_FOR_PROPERLY_WORKING_CRM' => 'For proper functionality of coreBOS, we recommend the following', 'LBL_TABLES_SHOULD_BE_INNODB' => 'Tables to have InnoDB engine type', 'QUESTION_WHAT_IS_INNODB' => 'What is InnoDB', 'LBL_TABLES_CHARSET_TO_BE_UTF8' => 'To get complete UTF-8 support, tables should have default charset UTF8', @@ -207,7 +206,7 @@ $installationStrings = array( 'MSG_DATABASE_COPY_SUCCEDED' => 'Database copy was successfully created.
Click Next » to proceed', 'MSG_SUCCESSFULLY_FIXED_TABLE_TYPES' => 'Successfully changed tables to InnoDB engine', 'LBL_MIGRATION' => 'Migration', - 'LBL_SOURCE_VERSION_NOT_SET' => 'Source Version is not set. Please check vtigerversion.php and continue the Patch Process', + 'LBL_SOURCE_VERSION_NOT_SET' => 'Source Version is not set. Please check corebosversion.php and continue the Patch Process', 'LBL_GOING_TO_APPLY_DB_CHANGES' => 'Going to apply the Database Changes', 'LBL_DATABASE_CHANGES' => 'Database changes', 'LBL_STARTS' => 'Starts', diff --git a/include/install/resources/utils.php b/include/install/resources/utils.php index d12b3c0..70fe4cb 100644 --- a/include/install/resources/utils.php +++ b/include/install/resources/utils.php @@ -779,10 +779,10 @@ ini_set('memory_limit','64M'); \$CHAT_DISPLAY = 'true'; \$USE_RTE = 'true'; -// url for customer portal (Example: http://vtiger.com/portal) -\$PORTAL_URL = 'http://vtiger.com/customerportal'; +// url for customer portal (Example: http://your_support_domain.tld/portal) +\$PORTAL_URL = 'http://your_support_domain.tld/customerportal'; -// helpdesk support email id and support name (Example: 'support@vtiger.com' and 'vtiger support') +// helpdesk support email id and support name (Example: 'support@your_support_domain.tld' and 'your-support name') \$HELPDESK_SUPPORT_EMAIL_ID = '{$this->adminEmail}'; \$HELPDESK_SUPPORT_NAME = 'your-support name'; \$HELPDESK_SUPPORT_EMAIL_REPLY_ID = \$HELPDESK_SUPPORT_EMAIL_ID; diff --git a/include/js/Inventory.js b/include/js/Inventory.js index becc268..2836c99 100644 --- a/include/js/Inventory.js +++ b/include/js/Inventory.js @@ -338,8 +338,8 @@ function validateInventory(module) if (!emptyCheck("productName"+i,alert_arr.LINE_ITEM,"text")) return false if (!emptyCheck("qty"+i,"Qty","text")) return false - if (!numValidate("qty"+i,"Qty","any")) return false - if (!numConstComp("qty"+i,"Qty","G","0")) return false + if (!numValidate("qty"+i,"Qty","any",true)) return false + //if (!numConstComp("qty"+i,"Qty","G","0")) return false if (!emptyCheck("listPrice"+i,alert_arr.LIST_PRICE,"text")) return false if (!numValidate("listPrice"+i,alert_arr.LIST_PRICE,"any")) return false } @@ -747,7 +747,7 @@ function setDiscount(currObj,curr_row) var discount_checks = new Array(); discount_checks = document.getElementsByName("discount"+curr_row); - + calcProductTotal(curr_row); if(discount_checks[0].checked == true) { document.getElementById("discount_type"+curr_row).value = 'zero'; diff --git a/include/js/ListView.js b/include/js/ListView.js index 20ea717..20fa615 100644 --- a/include/js/ListView.js +++ b/include/js/ListView.js @@ -105,6 +105,19 @@ function mass_edit_formload(idstring,module,parenttab) { var excludedRecords=document.getElementById("excludedRecords").value; var viewid =getviewId(); $("status").style.display="inline"; + var urlstring = ''; + var searchtype = document.basicSearch.searchtype.value; + if(document.basicSearch.searchtype.searchlaunched != undefined && document.basicSearch.searchtype.searchlaunched=='basic') { + search_fld_val= $('bas_searchfield').options[$('bas_searchfield').selectedIndex].value; + search_txt_val= encodeURIComponent(document.basicSearch.search_text.value); + if (search_txt_val!='') { // if the search fields are not empty + urlstring = '&query=true&ajax=true&search=true&search_field='+search_fld_val+'&searchtype=BasicSearch&search_text='+search_txt_val; + } + } else if(document.basicSearch.searchtype.searchlaunched != undefined && document.basicSearch.searchtype.searchlaunched=='advance' && checkAdvancedFilter()) { + var advft_criteria = $('advft_criteria').value; + var advft_criteria_groups = $('advft_criteria_groups').value; + urlstring = '&query=true&ajax=true&search=true&advft_criteria='+advft_criteria+'&advft_criteria_groups='+advft_criteria_groups+'&searchtype=advance'; + } new Ajax.Request( 'index.php', { @@ -113,7 +126,7 @@ function mass_edit_formload(idstring,module,parenttab) { scope: 'command' }, method: 'post', - postBody:"module="+encodeURIComponent(module)+"&action="+encodeURIComponent(module+'Ajax')+"&parenttab="+encodeURIComponent(parenttab)+"&file=MassEdit&mode=ajax&idstring="+idstring+"&viewname="+viewid+"&excludedRecords="+excludedRecords, + postBody:"module="+encodeURIComponent(module)+"&action="+encodeURIComponent(module+'Ajax')+"&parenttab="+encodeURIComponent(parenttab)+"&file=MassEdit&mode=ajax&idstring="+idstring+"&viewname="+viewid+"&excludedRecords="+excludedRecords+urlstring, onComplete: function(response) { $("status").style.display="none"; var result = response.responseText; diff --git a/include/js/dtlviewajax.js b/include/js/dtlviewajax.js index 283bbe4..1ec96a9 100644 --- a/include/js/dtlviewajax.js +++ b/include/js/dtlviewajax.js @@ -452,7 +452,7 @@ function dtlViewAjaxSave(fieldLabel,module,uitype,tableName,fieldName,crmId) desc = desc.replace(/(^|[\n ])((www|ftp)\.[\w\-]+\.[\w\-.\~]+(?:\/[^ \"\t\n\r<]*)?)/g, "$1$2"); desc = desc.replace(/(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)/i, "$1$2@$3"); desc = desc.replace(/,\"|\.\"|\)\"|\)\.\"|\.\)\"/, "\""); - desc = desc.replace(/[\n\r]+/g, "
 "); + desc = desc.replace(/[\n\r]/g, "
 "); getObj(dtlView).innerHTML = desc; } else diff --git a/include/js/general.js b/include/js/general.js index 095e10d..d79cc33 100755 --- a/include/js/general.js +++ b/include/js/general.js @@ -226,8 +226,8 @@ function emptyCheck(fldName,fldLabel, fldType) { return true } }else if((fldType == "textarea") - && (typeof(CKEDITOR)!=='undefined' && CKEDITOR.intances[fldName] !== 'undefined')) { - var textObj = CKEDITOR.intances[fldName]; + && (typeof(CKEDITOR)!=='undefined' && CKEDITOR.instances[fldName] !== 'undefined')) { + var textObj = CKEDITOR.instances[fldName]; // thank you Stefan (from developers list) var textValue = textObj.getData(); if (trim(textValue) == '' || trim(textValue) == '
') { alert(fldLabel+alert_arr.CANNOT_BE_NONE); @@ -254,7 +254,7 @@ function patternValidate(fldName,fldLabel,type) { /*changes made to fix -- ticket#3278 & ticket#3461 var re=new RegExp(/^.+@.+\..+$/)*/ //Changes made to fix tickets #4633, #5111 to accomodate all possible email formats - var re=new RegExp(/^[a-zA-Z0-9]+([!"#$%&'()*+,./:;<=>?@\^_`{|}~-]?[a-zA-Z0-9])*@[a-zA-Z0-9]+([\_\-\.]?[a-zA-Z0-9]+)*\.([\-\_]?[a-zA-Z0-9])+(\.?[a-zA-Z0-9]+)?$/); + var re=new RegExp(/^[a-zA-Z0-9]+([!"#$%&'()*+,./:;<=>?@\^_`{|}~-]?[a-zA-Z0-9]+[\_\-]?)*@[a-zA-Z0-9]+([\_\-\.]?[a-zA-Z0-9]+)*\.([\-\_]?[a-zA-Z0-9])+(\.?[a-zA-Z0-9]+)?$/); } if (type.toUpperCase()=="DATE") {//DATE validation @@ -1977,7 +1977,7 @@ function ReplyCompose(id,mode) openPopUp('xComposeEmail',this,url,'createemailWin',820,689,'menubar=no,toolbar=no,location=no,status=no,resizable=no,scrollbars=yes'); } -function OpenCompose(id,mode) +function OpenCompose(id,mode,crmid) { switch(mode) { @@ -1991,16 +1991,16 @@ function OpenCompose(id,mode) url = 'index.php?module=Emails&action=EmailsAjax&file=EditView&record='+id+'&forward=true'; break; case 'Invoice': - url = 'index.php?module=Emails&action=EmailsAjax&file=EditView&attachment='+mode+'_'+id+'.pdf'; + url = 'index.php?module=Emails&action=EmailsAjax&file=EditView&attachment='+mode+'_'+id+'.pdf&invmodid='+crmid; break; case 'PurchaseOrder': - url = 'index.php?module=Emails&action=EmailsAjax&file=EditView&attachment='+mode+'_'+id+'.pdf'; + url = 'index.php?module=Emails&action=EmailsAjax&file=EditView&attachment='+mode+'_'+id+'.pdf&invmodid='+crmid; break; case 'SalesOrder': - url = 'index.php?module=Emails&action=EmailsAjax&file=EditView&attachment='+mode+'_'+id+'.pdf'; + url = 'index.php?module=Emails&action=EmailsAjax&file=EditView&attachment='+mode+'_'+id+'.pdf&invmodid='+crmid; break; case 'Quote': - url = 'index.php?module=Emails&action=EmailsAjax&file=EditView&attachment='+mode+'_'+id+'.pdf'; + url = 'index.php?module=Emails&action=EmailsAjax&file=EditView&attachment='+mode+'_'+id+'.pdf&invmodid='+crmid; break; case 'Documents': url = 'index.php?module=Emails&action=EmailsAjax&file=EditView&attachment='+id+''; @@ -2206,7 +2206,7 @@ function fnDropDown(obj,Lay){ } else tagName.style.left= leftSide + 'px'; - tagName.style.top= topSide + 28 +'px'; + tagName.style.top= topSide + 22 +'px'; tagName.style.display = 'block'; } diff --git a/include/js/popup.js b/include/js/popup.js deleted file mode 100644 index 3711704..0000000 --- a/include/js/popup.js +++ /dev/null @@ -1,20 +0,0 @@ -/********************************************************************************* - ** The contents of this file are subject to the vtiger CRM Public License Version 1.0 - * ("License"); You may not use this file except in compliance with the License - * The Original Code is: vtiger CRM Open Source - * The Initial Developer of the Original Code is vtiger. - * Portions created by vtiger are Copyright (C) vtiger. - * All Rights Reserved. - * - ********************************************************************************/ - -function mypopup() -{ - mywindow = window.open("copyright.html","mywindow", "height=115, width=575"); - mywindow.moveTo(210,620); -} - -function newpopup(str){ - window.open (str,"mywinw","menubar=1,resizable=1,scrollbars=yes"); -// window.parent.close(); -} diff --git a/include/language/en_us.lang.php b/include/language/en_us.lang.php index 898ff7d..43bf960 100644 --- a/include/language/en_us.lang.php +++ b/include/language/en_us.lang.php @@ -20,7 +20,8 @@ * Contributor(s): ______________________________________.. ********************************************************************************/ $app_strings = array ( -'LBL_BROWSER_TITLE' => 'vtiger CRM 5 - Commercial Open Source CRM', +'LBL_BROWSER_TITLE' => 'coreBOS', +'APP_NAME' => 'coreBOS', 'LBL_MY_ACCOUNT' => 'My Organization', 'LBL_MY_PREFERENCES' => 'My Preferences', 'LBL_ADMIN' => 'Admin', @@ -34,8 +35,8 @@ $app_strings = array ( 'all'=>'All', 'LBL_UPCOMING_EVENTS'=>'Upcoming Activities', 'LBL_PENDING_EVENTS'=>'Pending Activities', -'NTC_WELCOME_MESSAGE' => 'Welcome to vtiger CRM!', -'NTC_DESCRIPTION' => 'Use a valid username and password to login to the vtiger CRM.', +'NTC_WELCOME_MESSAGE' => 'Welcome to coreBOS!', +'NTC_DESCRIPTION' => 'Use a valid username and password to login to the coreBOS.', 'NTC_WELCOME' => 'Welcome', 'NTC_NO_ITEMS_DISPLAY' => 'none', 'LBL_OR' => 'or', @@ -140,7 +141,7 @@ $app_strings = array ( 'LBL_LIST_OF' => 'of', 'LNK_PRINT' => 'Print', 'LNK_HELP' => 'Help', -'LNK_VTDOCS' => 'vtiger Docs', +'LNK_VTDOCS' => 'coreBOS Docs', 'LNK_ABOUT' => 'About', 'LNK_OUTLOOK' => './include/images/outlook_download.gif', 'SINGLE_Accounts' => 'Organization', @@ -217,6 +218,7 @@ $app_strings = array ( 'NTC_MERGE_CONFIRMATION' => 'Are you sure you want to merge this record?', 'LBL_MERGE_BUTTON_TITLE' => 'Merge', 'LBL_MERGE_BUTTON_KEY' => 'Merge', +'DownloadMergeFile'=>'Download merged document', 'LBL_SELECTEMAILTEMPLATE_BUTTON_TITLE' => 'Select Email Template', 'LBL_SELECTEMAILTEMPLATE_BUTTON_KEY' => 'Select Email Template', 'LBL_SELECTEMAILTEMPLATE_BUTTON_LABEL' => 'Select Email Template', @@ -602,7 +604,6 @@ $app_strings = array ( 'LBL_CPY_MAILING_ADDRESS' => 'Copy Mailing Address', 'LBL_CPY_OTHER_ADDRESS' => 'Copy Other Address', 'LBL_PERMISSION' => 'You are not permitted to execute this Operation', -'VTIGER' => 'vtiger', 'LBL_DIRECT_AMOUNT_DISCOUNT' => 'Direct Amount Discount', 'LBL_NO_DISCOUNT_FOR_THIS_PRODUCT' => 'No Discount for this Product', 'LBL_NO_DISCOUNT_FOR_THIS_LINE_ITEM'=> 'No Discount for this line item', @@ -821,7 +822,7 @@ $app_strings = array ( 'MSG_THANK_YOU'=>'Thank You', 'MSG_HAS_BEEN_CREATED_FOR'=>'has been created for', 'MSG_THANKS'=>'Thanks,', -'MSG_VTIGERTEAM'=>' vTiger Team', +'MSG_VTIGERTEAM'=>' coreBOS Team', 'MSG_IS_NOT_UPLOADED'=>'is not uploaded. Allowed file types - jpeg, png, jpg, pjpeg, x-png or gif', 'MSG_IMAGE_ERROR'=>'Image not found', diff --git a/include/pclzip.lib.php b/include/pclzip.lib.php new file mode 100644 index 0000000..5b84607 --- /dev/null +++ b/include/pclzip.lib.php @@ -0,0 +1,5872 @@ +zipname = $p_zipname; + $this->zip_fd = 0; + $this->magic_quotes_status = -1; + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 1); + return; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : + // create($p_filelist, $p_add_dir="", $p_remove_dir="") + // create($p_filelist, $p_option, $p_option_value, ...) + // Description : + // This method supports two different synopsis. The first one is historical. + // This method creates a Zip Archive. The Zip file is created in the + // filesystem. The files and directories indicated in $p_filelist + // are added in the archive. See the parameters description for the + // supported format of $p_filelist. + // When a directory is in the list, the directory and its content is added + // in the archive. + // In this synopsis, the function takes an optional variable list of + // options. See bellow the supported options. + // Parameters : + // $p_filelist : An array containing file or directory names, or + // a string containing one filename or one directory name, or + // a string containing a list of filenames and/or directory + // names separated by spaces. + // $p_add_dir : A path to add before the real path of the archived file, + // in order to have it memorized in the archive. + // $p_remove_dir : A path to remove from the real path of the file to archive, + // in order to have a shorter path memorized in the archive. + // When $p_add_dir and $p_remove_dir are set, $p_remove_dir + // is removed first, before $p_add_dir is added. + // Options : + // PCLZIP_OPT_ADD_PATH : + // PCLZIP_OPT_REMOVE_PATH : + // PCLZIP_OPT_REMOVE_ALL_PATH : + // PCLZIP_OPT_COMMENT : + // PCLZIP_CB_PRE_ADD : + // PCLZIP_CB_POST_ADD : + // Return Values : + // 0 on failure, + // The list of the added files, with a status of the add action. + // (see PclZip::listContent() for list entry format) + // -------------------------------------------------------------------------------- + function create($p_filelist) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, 'PclZip::create', "filelist='$p_filelist', ..."); + $v_result=1; + + // ----- Reset the error handler + $this->privErrorReset(); + + // ----- Set default values + $v_options = array(); + $v_options[PCLZIP_OPT_NO_COMPRESSION] = FALSE; + + // ----- Look for variable options arguments + $v_size = func_num_args(); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "$v_size arguments passed to the method"); + + // ----- Look for arguments + if ($v_size > 1) { + // ----- Get the arguments + $v_arg_list = func_get_args(); + + // ----- Remove from the options list the first argument + array_shift($v_arg_list); + $v_size--; + + // ----- Look for first arg + if ((is_integer($v_arg_list[0])) && ($v_arg_list[0] > 77000)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Variable list of options detected"); + + // ----- Parse the options + $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, + array (PCLZIP_OPT_REMOVE_PATH => 'optional', + PCLZIP_OPT_REMOVE_ALL_PATH => 'optional', + PCLZIP_OPT_ADD_PATH => 'optional', + PCLZIP_CB_PRE_ADD => 'optional', + PCLZIP_CB_POST_ADD => 'optional', + PCLZIP_OPT_NO_COMPRESSION => 'optional', + PCLZIP_OPT_COMMENT => 'optional' + //, PCLZIP_OPT_CRYPT => 'optional' + )); + if ($v_result != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + } + + // ----- Look for 2 args + // Here we need to support the first historic synopsis of the + // method. + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Static synopsis"); + + // ----- Get the first argument + $v_options[PCLZIP_OPT_ADD_PATH] = $v_arg_list[0]; + + // ----- Look for the optional second argument + if ($v_size == 2) { + $v_options[PCLZIP_OPT_REMOVE_PATH] = $v_arg_list[1]; + } + else if ($v_size > 2) { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, + "Invalid number / type of arguments"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return 0; + } + } + } + + // ----- Init + $v_string_list = array(); + $v_att_list = array(); + $v_filedescr_list = array(); + $p_result_list = array(); + + // ----- Look if the $p_filelist is really an array + if (is_array($p_filelist)) { + + // ----- Look if the first element is also an array + // This will mean that this is a file description entry + if (isset($p_filelist[0]) && is_array($p_filelist[0])) { + $v_att_list = $p_filelist; + } + + // ----- The list is a list of string names + else { + $v_string_list = $p_filelist; + } + } + + // ----- Look if the $p_filelist is a string + else if (is_string($p_filelist)) { + // ----- Create a list from the string + $v_string_list = explode(PCLZIP_SEPARATOR, $p_filelist); + } + + // ----- Invalid variable type for $p_filelist + else { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid variable type p_filelist"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + + // ----- Reformat the string list + if (sizeof($v_string_list) != 0) { + foreach ($v_string_list as $v_string) { + if ($v_string != '') { + $v_att_list[][PCLZIP_ATT_FILE_NAME] = $v_string; + } + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Ignore an empty filename"); + } + } + } + + // ----- For each file in the list check the attributes + $v_supported_attributes + = array ( PCLZIP_ATT_FILE_NAME => 'mandatory' + ,PCLZIP_ATT_FILE_NEW_SHORT_NAME => 'optional' + ,PCLZIP_ATT_FILE_NEW_FULL_NAME => 'optional' + ,PCLZIP_ATT_FILE_MTIME => 'optional' + ,PCLZIP_ATT_FILE_CONTENT => 'optional' + ,PCLZIP_ATT_FILE_COMMENT => 'optional' + ); + foreach ($v_att_list as $v_entry) { + $v_result = $this->privFileDescrParseAtt($v_entry, + $v_filedescr_list[], + $v_options, + $v_supported_attributes); + if ($v_result != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + } + + // ----- Expand the filelist (expand directories) + $v_result = $this->privFileDescrExpand($v_filedescr_list, $v_options); + if ($v_result != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + + // ----- Call the create fct + $v_result = $this->privCreate($v_filedescr_list, $p_result_list, $v_options); + if ($v_result != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $p_result_list); + return $p_result_list; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : + // add($p_filelist, $p_add_dir="", $p_remove_dir="") + // add($p_filelist, $p_option, $p_option_value, ...) + // Description : + // This method supports two synopsis. The first one is historical. + // This methods add the list of files in an existing archive. + // If a file with the same name already exists, it is added at the end of the + // archive, the first one is still present. + // If the archive does not exist, it is created. + // Parameters : + // $p_filelist : An array containing file or directory names, or + // a string containing one filename or one directory name, or + // a string containing a list of filenames and/or directory + // names separated by spaces. + // $p_add_dir : A path to add before the real path of the archived file, + // in order to have it memorized in the archive. + // $p_remove_dir : A path to remove from the real path of the file to archive, + // in order to have a shorter path memorized in the archive. + // When $p_add_dir and $p_remove_dir are set, $p_remove_dir + // is removed first, before $p_add_dir is added. + // Options : + // PCLZIP_OPT_ADD_PATH : + // PCLZIP_OPT_REMOVE_PATH : + // PCLZIP_OPT_REMOVE_ALL_PATH : + // PCLZIP_OPT_COMMENT : + // PCLZIP_OPT_ADD_COMMENT : + // PCLZIP_OPT_PREPEND_COMMENT : + // PCLZIP_CB_PRE_ADD : + // PCLZIP_CB_POST_ADD : + // Return Values : + // 0 on failure, + // The list of the added files, with a status of the add action. + // (see PclZip::listContent() for list entry format) + // -------------------------------------------------------------------------------- + function add($p_filelist) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, 'PclZip::add', "filelist='$p_filelist', ..."); + $v_result=1; + + // ----- Reset the error handler + $this->privErrorReset(); + + // ----- Set default values + $v_options = array(); + $v_options[PCLZIP_OPT_NO_COMPRESSION] = FALSE; + + // ----- Look for variable options arguments + $v_size = func_num_args(); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "$v_size arguments passed to the method"); + + // ----- Look for arguments + if ($v_size > 1) { + // ----- Get the arguments + $v_arg_list = func_get_args(); + + // ----- Remove form the options list the first argument + array_shift($v_arg_list); + $v_size--; + + // ----- Look for first arg + if ((is_integer($v_arg_list[0])) && ($v_arg_list[0] > 77000)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Variable list of options detected"); + + // ----- Parse the options + $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, + array (PCLZIP_OPT_REMOVE_PATH => 'optional', + PCLZIP_OPT_REMOVE_ALL_PATH => 'optional', + PCLZIP_OPT_ADD_PATH => 'optional', + PCLZIP_CB_PRE_ADD => 'optional', + PCLZIP_CB_POST_ADD => 'optional', + PCLZIP_OPT_NO_COMPRESSION => 'optional', + PCLZIP_OPT_COMMENT => 'optional', + PCLZIP_OPT_ADD_COMMENT => 'optional', + PCLZIP_OPT_PREPEND_COMMENT => 'optional' + //, PCLZIP_OPT_CRYPT => 'optional' + )); + if ($v_result != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + } + + // ----- Look for 2 args + // Here we need to support the first historic synopsis of the + // method. + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Static synopsis"); + + // ----- Get the first argument + $v_options[PCLZIP_OPT_ADD_PATH] = $v_add_path = $v_arg_list[0]; + + // ----- Look for the optional second argument + if ($v_size == 2) { + $v_options[PCLZIP_OPT_REMOVE_PATH] = $v_arg_list[1]; + } + else if ($v_size > 2) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid number / type of arguments"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return 0; + } + } + } + + // ----- Init + $v_string_list = array(); + $v_att_list = array(); + $v_filedescr_list = array(); + $p_result_list = array(); + + // ----- Look if the $p_filelist is really an array + if (is_array($p_filelist)) { + + // ----- Look if the first element is also an array + // This will mean that this is a file description entry + if (isset($p_filelist[0]) && is_array($p_filelist[0])) { + $v_att_list = $p_filelist; + } + + // ----- The list is a list of string names + else { + $v_string_list = $p_filelist; + } + } + + // ----- Look if the $p_filelist is a string + else if (is_string($p_filelist)) { + // ----- Create a list from the string + $v_string_list = explode(PCLZIP_SEPARATOR, $p_filelist); + } + + // ----- Invalid variable type for $p_filelist + else { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid variable type '".gettype($p_filelist)."' for p_filelist"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + + // ----- Reformat the string list + if (sizeof($v_string_list) != 0) { + foreach ($v_string_list as $v_string) { + $v_att_list[][PCLZIP_ATT_FILE_NAME] = $v_string; + } + } + + // ----- For each file in the list check the attributes + $v_supported_attributes + = array ( PCLZIP_ATT_FILE_NAME => 'mandatory' + ,PCLZIP_ATT_FILE_NEW_SHORT_NAME => 'optional' + ,PCLZIP_ATT_FILE_NEW_FULL_NAME => 'optional' + ,PCLZIP_ATT_FILE_MTIME => 'optional' + ,PCLZIP_ATT_FILE_CONTENT => 'optional' + ,PCLZIP_ATT_FILE_COMMENT => 'optional' + ); + foreach ($v_att_list as $v_entry) { + $v_result = $this->privFileDescrParseAtt($v_entry, + $v_filedescr_list[], + $v_options, + $v_supported_attributes); + if ($v_result != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + } + + // ----- Expand the filelist (expand directories) + $v_result = $this->privFileDescrExpand($v_filedescr_list, $v_options); + if ($v_result != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + + // ----- Call the create fct + $v_result = $this->privAdd($v_filedescr_list, $p_result_list, $v_options); + if ($v_result != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $p_result_list); + return $p_result_list; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : listContent() + // Description : + // This public method, gives the list of the files and directories, with their + // properties. + // The properties of each entries in the list are (used also in other functions) : + // filename : Name of the file. For a create or add action it is the filename + // given by the user. For an extract function it is the filename + // of the extracted file. + // stored_filename : Name of the file / directory stored in the archive. + // size : Size of the stored file. + // compressed_size : Size of the file's data compressed in the archive + // (without the headers overhead) + // mtime : Last known modification date of the file (UNIX timestamp) + // comment : Comment associated with the file + // folder : true | false + // index : index of the file in the archive + // status : status of the action (depending of the action) : + // Values are : + // ok : OK ! + // filtered : the file / dir is not extracted (filtered by user) + // already_a_directory : the file can not be extracted because a + // directory with the same name already exists + // write_protected : the file can not be extracted because a file + // with the same name already exists and is + // write protected + // newer_exist : the file was not extracted because a newer file exists + // path_creation_fail : the file is not extracted because the folder + // does not exists and can not be created + // write_error : the file was not extracted because there was a + // error while writing the file + // read_error : the file was not extracted because there was a error + // while reading the file + // invalid_header : the file was not extracted because of an archive + // format error (bad file header) + // Note that each time a method can continue operating when there + // is an action error on a file, the error is only logged in the file status. + // Return Values : + // 0 on an unrecoverable failure, + // The list of the files in the archive. + // -------------------------------------------------------------------------------- + function listContent() + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, 'PclZip::listContent', ""); + $v_result=1; + + // ----- Reset the error handler + $this->privErrorReset(); + + // ----- Check archive + if (!$this->privCheckFormat()) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return(0); + } + + // ----- Call the extracting fct + $p_list = array(); + if (($v_result = $this->privList($p_list)) != 1) + { + unset($p_list); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0, PclZip::errorInfo()); + return(0); + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $p_list); + return $p_list; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : + // extract($p_path="./", $p_remove_path="") + // extract([$p_option, $p_option_value, ...]) + // Description : + // This method supports two synopsis. The first one is historical. + // This method extract all the files / directories from the archive to the + // folder indicated in $p_path. + // If you want to ignore the 'root' part of path of the memorized files + // you can indicate this in the optional $p_remove_path parameter. + // By default, if a newer file with the same name already exists, the + // file is not extracted. + // + // If both PCLZIP_OPT_PATH and PCLZIP_OPT_ADD_PATH aoptions + // are used, the path indicated in PCLZIP_OPT_ADD_PATH is append + // at the end of the path value of PCLZIP_OPT_PATH. + // Parameters : + // $p_path : Path where the files and directories are to be extracted + // $p_remove_path : First part ('root' part) of the memorized path + // (if any similar) to remove while extracting. + // Options : + // PCLZIP_OPT_PATH : + // PCLZIP_OPT_ADD_PATH : + // PCLZIP_OPT_REMOVE_PATH : + // PCLZIP_OPT_REMOVE_ALL_PATH : + // PCLZIP_CB_PRE_EXTRACT : + // PCLZIP_CB_POST_EXTRACT : + // Return Values : + // 0 or a negative value on failure, + // The list of the extracted files, with a status of the action. + // (see PclZip::listContent() for list entry format) + // -------------------------------------------------------------------------------- + function extract() + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::extract", ""); + $v_result=1; + + // ----- Reset the error handler + $this->privErrorReset(); + + // ----- Check archive + if (!$this->privCheckFormat()) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return(0); + } + + // ----- Set default values + $v_options = array(); +// $v_path = "./"; + $v_path = ''; + $v_remove_path = ""; + $v_remove_all_path = false; + + // ----- Look for variable options arguments + $v_size = func_num_args(); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "$v_size arguments passed to the method"); + + // ----- Default values for option + $v_options[PCLZIP_OPT_EXTRACT_AS_STRING] = FALSE; + + // ----- Look for arguments + if ($v_size > 0) { + // ----- Get the arguments + $v_arg_list = func_get_args(); + + // ----- Look for first arg + if ((is_integer($v_arg_list[0])) && ($v_arg_list[0] > 77000)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Variable list of options"); + + // ----- Parse the options + $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, + array (PCLZIP_OPT_PATH => 'optional', + PCLZIP_OPT_REMOVE_PATH => 'optional', + PCLZIP_OPT_REMOVE_ALL_PATH => 'optional', + PCLZIP_OPT_ADD_PATH => 'optional', + PCLZIP_CB_PRE_EXTRACT => 'optional', + PCLZIP_CB_POST_EXTRACT => 'optional', + PCLZIP_OPT_SET_CHMOD => 'optional', + PCLZIP_OPT_BY_NAME => 'optional', + PCLZIP_OPT_BY_EREG => 'optional', + PCLZIP_OPT_BY_PREG => 'optional', + PCLZIP_OPT_BY_INDEX => 'optional', + PCLZIP_OPT_EXTRACT_AS_STRING => 'optional', + PCLZIP_OPT_EXTRACT_IN_OUTPUT => 'optional', + PCLZIP_OPT_REPLACE_NEWER => 'optional' + ,PCLZIP_OPT_STOP_ON_ERROR => 'optional' + ,PCLZIP_OPT_EXTRACT_DIR_RESTRICTION => 'optional' + )); + if ($v_result != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + + // ----- Set the arguments + if (isset($v_options[PCLZIP_OPT_PATH])) { + $v_path = $v_options[PCLZIP_OPT_PATH]; + } + if (isset($v_options[PCLZIP_OPT_REMOVE_PATH])) { + $v_remove_path = $v_options[PCLZIP_OPT_REMOVE_PATH]; + } + if (isset($v_options[PCLZIP_OPT_REMOVE_ALL_PATH])) { + $v_remove_all_path = $v_options[PCLZIP_OPT_REMOVE_ALL_PATH]; + } + if (isset($v_options[PCLZIP_OPT_ADD_PATH])) { + // ----- Check for '/' in last path char + if ((strlen($v_path) > 0) && (substr($v_path, -1) != '/')) { + $v_path .= '/'; + } + $v_path .= $v_options[PCLZIP_OPT_ADD_PATH]; + } + } + + // ----- Look for 2 args + // Here we need to support the first historic synopsis of the + // method. + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Static synopsis"); + + // ----- Get the first argument + $v_path = $v_arg_list[0]; + + // ----- Look for the optional second argument + if ($v_size == 2) { + $v_remove_path = $v_arg_list[1]; + } + else if ($v_size > 2) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid number / type of arguments"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0, PclZip::errorInfo()); + return 0; + } + } + } + + // ----- Trace + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "path='$v_path', remove_path='$v_remove_path', remove_all_path='".($v_remove_path?'true':'false')."'"); + + // ----- Call the extracting fct + $p_list = array(); + $v_result = $this->privExtractByRule($p_list, $v_path, $v_remove_path, + $v_remove_all_path, $v_options); + if ($v_result < 1) { + unset($p_list); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0, PclZip::errorInfo()); + return(0); + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $p_list); + return $p_list; + } + // -------------------------------------------------------------------------------- + + + // -------------------------------------------------------------------------------- + // Function : + // extractByIndex($p_index, $p_path="./", $p_remove_path="") + // extractByIndex($p_index, [$p_option, $p_option_value, ...]) + // Description : + // This method supports two synopsis. The first one is historical. + // This method is doing a partial extract of the archive. + // The extracted files or folders are identified by their index in the + // archive (from 0 to n). + // Note that if the index identify a folder, only the folder entry is + // extracted, not all the files included in the archive. + // Parameters : + // $p_index : A single index (integer) or a string of indexes of files to + // extract. The form of the string is "0,4-6,8-12" with only numbers + // and '-' for range or ',' to separate ranges. No spaces or ';' + // are allowed. + // $p_path : Path where the files and directories are to be extracted + // $p_remove_path : First part ('root' part) of the memorized path + // (if any similar) to remove while extracting. + // Options : + // PCLZIP_OPT_PATH : + // PCLZIP_OPT_ADD_PATH : + // PCLZIP_OPT_REMOVE_PATH : + // PCLZIP_OPT_REMOVE_ALL_PATH : + // PCLZIP_OPT_EXTRACT_AS_STRING : The files are extracted as strings and + // not as files. + // The resulting content is in a new field 'content' in the file + // structure. + // This option must be used alone (any other options are ignored). + // PCLZIP_CB_PRE_EXTRACT : + // PCLZIP_CB_POST_EXTRACT : + // Return Values : + // 0 on failure, + // The list of the extracted files, with a status of the action. + // (see PclZip::listContent() for list entry format) + // -------------------------------------------------------------------------------- + //function extractByIndex($p_index, options...) + function extractByIndex($p_index) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::extractByIndex", "index='$p_index', ..."); + $v_result=1; + + // ----- Reset the error handler + $this->privErrorReset(); + + // ----- Check archive + if (!$this->privCheckFormat()) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return(0); + } + + // ----- Set default values + $v_options = array(); +// $v_path = "./"; + $v_path = ''; + $v_remove_path = ""; + $v_remove_all_path = false; + + // ----- Look for variable options arguments + $v_size = func_num_args(); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "$v_size arguments passed to the method"); + + // ----- Default values for option + $v_options[PCLZIP_OPT_EXTRACT_AS_STRING] = FALSE; + + // ----- Look for arguments + if ($v_size > 1) { + // ----- Get the arguments + $v_arg_list = func_get_args(); + + // ----- Remove form the options list the first argument + array_shift($v_arg_list); + $v_size--; + + // ----- Look for first arg + if ((is_integer($v_arg_list[0])) && ($v_arg_list[0] > 77000)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Variable list of options"); + + // ----- Parse the options + $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, + array (PCLZIP_OPT_PATH => 'optional', + PCLZIP_OPT_REMOVE_PATH => 'optional', + PCLZIP_OPT_REMOVE_ALL_PATH => 'optional', + PCLZIP_OPT_EXTRACT_AS_STRING => 'optional', + PCLZIP_OPT_ADD_PATH => 'optional', + PCLZIP_CB_PRE_EXTRACT => 'optional', + PCLZIP_CB_POST_EXTRACT => 'optional', + PCLZIP_OPT_SET_CHMOD => 'optional', + PCLZIP_OPT_REPLACE_NEWER => 'optional' + ,PCLZIP_OPT_STOP_ON_ERROR => 'optional' + ,PCLZIP_OPT_EXTRACT_DIR_RESTRICTION => 'optional' + )); + if ($v_result != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + + // ----- Set the arguments + if (isset($v_options[PCLZIP_OPT_PATH])) { + $v_path = $v_options[PCLZIP_OPT_PATH]; + } + if (isset($v_options[PCLZIP_OPT_REMOVE_PATH])) { + $v_remove_path = $v_options[PCLZIP_OPT_REMOVE_PATH]; + } + if (isset($v_options[PCLZIP_OPT_REMOVE_ALL_PATH])) { + $v_remove_all_path = $v_options[PCLZIP_OPT_REMOVE_ALL_PATH]; + } + if (isset($v_options[PCLZIP_OPT_ADD_PATH])) { + // ----- Check for '/' in last path char + if ((strlen($v_path) > 0) && (substr($v_path, -1) != '/')) { + $v_path .= '/'; + } + $v_path .= $v_options[PCLZIP_OPT_ADD_PATH]; + } + if (!isset($v_options[PCLZIP_OPT_EXTRACT_AS_STRING])) { + $v_options[PCLZIP_OPT_EXTRACT_AS_STRING] = FALSE; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Option PCLZIP_OPT_EXTRACT_AS_STRING not set."); + } + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Option PCLZIP_OPT_EXTRACT_AS_STRING set."); + } + } + + // ----- Look for 2 args + // Here we need to support the first historic synopsis of the + // method. + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Static synopsis"); + + // ----- Get the first argument + $v_path = $v_arg_list[0]; + + // ----- Look for the optional second argument + if ($v_size == 2) { + $v_remove_path = $v_arg_list[1]; + } + else if ($v_size > 2) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid number / type of arguments"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return 0; + } + } + } + + // ----- Trace + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "index='$p_index', path='$v_path', remove_path='$v_remove_path', remove_all_path='".($v_remove_path?'true':'false')."'"); + + // ----- Trick + // Here I want to reuse extractByRule(), so I need to parse the $p_index + // with privParseOptions() + $v_arg_trick = array (PCLZIP_OPT_BY_INDEX, $p_index); + $v_options_trick = array(); + $v_result = $this->privParseOptions($v_arg_trick, sizeof($v_arg_trick), $v_options_trick, + array (PCLZIP_OPT_BY_INDEX => 'optional' )); + if ($v_result != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + $v_options[PCLZIP_OPT_BY_INDEX] = $v_options_trick[PCLZIP_OPT_BY_INDEX]; + + // ----- Call the extracting fct + if (($v_result = $this->privExtractByRule($p_list, $v_path, $v_remove_path, $v_remove_all_path, $v_options)) < 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0, PclZip::errorInfo()); + return(0); + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $p_list); + return $p_list; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : + // delete([$p_option, $p_option_value, ...]) + // Description : + // This method removes files from the archive. + // If no parameters are given, then all the archive is emptied. + // Parameters : + // None or optional arguments. + // Options : + // PCLZIP_OPT_BY_INDEX : + // PCLZIP_OPT_BY_NAME : + // PCLZIP_OPT_BY_EREG : + // PCLZIP_OPT_BY_PREG : + // Return Values : + // 0 on failure, + // The list of the files which are still present in the archive. + // (see PclZip::listContent() for list entry format) + // -------------------------------------------------------------------------------- + function delete() + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::delete", ""); + $v_result=1; + + // ----- Reset the error handler + $this->privErrorReset(); + + // ----- Check archive + if (!$this->privCheckFormat()) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return(0); + } + + // ----- Set default values + $v_options = array(); + + // ----- Look for variable options arguments + $v_size = func_num_args(); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "$v_size arguments passed to the method"); + + // ----- Look for arguments + if ($v_size > 0) { + // ----- Get the arguments + $v_arg_list = func_get_args(); + + // ----- Parse the options + $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, + array (PCLZIP_OPT_BY_NAME => 'optional', + PCLZIP_OPT_BY_EREG => 'optional', + PCLZIP_OPT_BY_PREG => 'optional', + PCLZIP_OPT_BY_INDEX => 'optional' )); + if ($v_result != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + } + + // ----- Magic quotes trick + $this->privDisableMagicQuotes(); + + // ----- Call the delete fct + $v_list = array(); + if (($v_result = $this->privDeleteByRule($v_list, $v_options)) != 1) { + $this->privSwapBackMagicQuotes(); + unset($v_list); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0, PclZip::errorInfo()); + return(0); + } + + // ----- Magic quotes trick + $this->privSwapBackMagicQuotes(); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_list); + return $v_list; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : deleteByIndex() + // Description : + // ***** Deprecated ***** + // delete(PCLZIP_OPT_BY_INDEX, $p_index) should be prefered. + // -------------------------------------------------------------------------------- + function deleteByIndex($p_index) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::deleteByIndex", "index='$p_index'"); + + $p_list = $this->delete(PCLZIP_OPT_BY_INDEX, $p_index); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $p_list); + return $p_list; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : properties() + // Description : + // This method gives the properties of the archive. + // The properties are : + // nb : Number of files in the archive + // comment : Comment associated with the archive file + // status : not_exist, ok + // Parameters : + // None + // Return Values : + // 0 on failure, + // An array with the archive properties. + // -------------------------------------------------------------------------------- + function properties() + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::properties", ""); + + // ----- Reset the error handler + $this->privErrorReset(); + + // ----- Magic quotes trick + $this->privDisableMagicQuotes(); + + // ----- Check archive + if (!$this->privCheckFormat()) { + $this->privSwapBackMagicQuotes(); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return(0); + } + + // ----- Default properties + $v_prop = array(); + $v_prop['comment'] = ''; + $v_prop['nb'] = 0; + $v_prop['status'] = 'not_exist'; + + // ----- Look if file exists + if (@is_file($this->zipname)) + { + // ----- Open the zip file + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Open file in binary read mode"); + if (($this->zip_fd = @fopen($this->zipname, 'rb')) == 0) + { + $this->privSwapBackMagicQuotes(); + + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open archive \''.$this->zipname.'\' in binary read mode'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), 0); + return 0; + } + + // ----- Read the central directory informations + $v_central_dir = array(); + if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) + { + $this->privSwapBackMagicQuotes(); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return 0; + } + + // ----- Close the zip file + $this->privCloseFd(); + + // ----- Set the user attributes + $v_prop['comment'] = $v_central_dir['comment']; + $v_prop['nb'] = $v_central_dir['entries']; + $v_prop['status'] = 'ok'; + } + + // ----- Magic quotes trick + $this->privSwapBackMagicQuotes(); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_prop); + return $v_prop; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : duplicate() + // Description : + // This method creates an archive by copying the content of an other one. If + // the archive already exist, it is replaced by the new one without any warning. + // Parameters : + // $p_archive : The filename of a valid archive, or + // a valid PclZip object. + // Return Values : + // 1 on success. + // 0 or a negative value on error (error code). + // -------------------------------------------------------------------------------- + function duplicate($p_archive) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::duplicate", ""); + $v_result = 1; + + // ----- Reset the error handler + $this->privErrorReset(); + + // ----- Look if the $p_archive is a PclZip object + if ((is_object($p_archive)) && (get_class($p_archive) == 'pclzip')) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "The parameter is valid PclZip object '".$p_archive->zipname."'"); + + // ----- Duplicate the archive + $v_result = $this->privDuplicate($p_archive->zipname); + } + + // ----- Look if the $p_archive is a string (so a filename) + else if (is_string($p_archive)) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "The parameter is a filename '$p_archive'"); + + // ----- Check that $p_archive is a valid zip file + // TBC : Should also check the archive format + if (!is_file($p_archive)) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_MISSING_FILE, "No file with filename '".$p_archive."'"); + $v_result = PCLZIP_ERR_MISSING_FILE; + } + else { + // ----- Duplicate the archive + $v_result = $this->privDuplicate($p_archive); + } + } + + // ----- Invalid variable + else + { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid variable type p_archive_to_add"); + $v_result = PCLZIP_ERR_INVALID_PARAMETER; + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : merge() + // Description : + // This method merge the $p_archive_to_add archive at the end of the current + // one ($this). + // If the archive ($this) does not exist, the merge becomes a duplicate. + // If the $p_archive_to_add archive does not exist, the merge is a success. + // Parameters : + // $p_archive_to_add : It can be directly the filename of a valid zip archive, + // or a PclZip object archive. + // Return Values : + // 1 on success, + // 0 or negative values on error (see below). + // -------------------------------------------------------------------------------- + function merge($p_archive_to_add) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::merge", ""); + $v_result = 1; + + // ----- Reset the error handler + $this->privErrorReset(); + + // ----- Check archive + if (!$this->privCheckFormat()) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 0); + return(0); + } + + // ----- Look if the $p_archive_to_add is a PclZip object + if ((is_object($p_archive_to_add)) && (get_class($p_archive_to_add) == 'pclzip')) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "The parameter is valid PclZip object"); + + // ----- Merge the archive + $v_result = $this->privMerge($p_archive_to_add); + } + + // ----- Look if the $p_archive_to_add is a string (so a filename) + else if (is_string($p_archive_to_add)) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "The parameter is a filename"); + + // ----- Create a temporary archive + $v_object_archive = new PclZip($p_archive_to_add); + + // ----- Merge the archive + $v_result = $this->privMerge($v_object_archive); + } + + // ----- Invalid variable + else + { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid variable type p_archive_to_add"); + $v_result = PCLZIP_ERR_INVALID_PARAMETER; + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + + + // -------------------------------------------------------------------------------- + // Function : errorCode() + // Description : + // Parameters : + // -------------------------------------------------------------------------------- + function errorCode() + { + if (PCLZIP_ERROR_EXTERNAL == 1) { + return(PclErrorCode()); + } + else { + return($this->error_code); + } + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : errorName() + // Description : + // Parameters : + // -------------------------------------------------------------------------------- + function errorName($p_with_code=false) + { + $v_name = array ( PCLZIP_ERR_NO_ERROR => 'PCLZIP_ERR_NO_ERROR', + PCLZIP_ERR_WRITE_OPEN_FAIL => 'PCLZIP_ERR_WRITE_OPEN_FAIL', + PCLZIP_ERR_READ_OPEN_FAIL => 'PCLZIP_ERR_READ_OPEN_FAIL', + PCLZIP_ERR_INVALID_PARAMETER => 'PCLZIP_ERR_INVALID_PARAMETER', + PCLZIP_ERR_MISSING_FILE => 'PCLZIP_ERR_MISSING_FILE', + PCLZIP_ERR_FILENAME_TOO_LONG => 'PCLZIP_ERR_FILENAME_TOO_LONG', + PCLZIP_ERR_INVALID_ZIP => 'PCLZIP_ERR_INVALID_ZIP', + PCLZIP_ERR_BAD_EXTRACTED_FILE => 'PCLZIP_ERR_BAD_EXTRACTED_FILE', + PCLZIP_ERR_DIR_CREATE_FAIL => 'PCLZIP_ERR_DIR_CREATE_FAIL', + PCLZIP_ERR_BAD_EXTENSION => 'PCLZIP_ERR_BAD_EXTENSION', + PCLZIP_ERR_BAD_FORMAT => 'PCLZIP_ERR_BAD_FORMAT', + PCLZIP_ERR_DELETE_FILE_FAIL => 'PCLZIP_ERR_DELETE_FILE_FAIL', + PCLZIP_ERR_RENAME_FILE_FAIL => 'PCLZIP_ERR_RENAME_FILE_FAIL', + PCLZIP_ERR_BAD_CHECKSUM => 'PCLZIP_ERR_BAD_CHECKSUM', + PCLZIP_ERR_INVALID_ARCHIVE_ZIP => 'PCLZIP_ERR_INVALID_ARCHIVE_ZIP', + PCLZIP_ERR_MISSING_OPTION_VALUE => 'PCLZIP_ERR_MISSING_OPTION_VALUE', + PCLZIP_ERR_INVALID_OPTION_VALUE => 'PCLZIP_ERR_INVALID_OPTION_VALUE', + PCLZIP_ERR_UNSUPPORTED_COMPRESSION => 'PCLZIP_ERR_UNSUPPORTED_COMPRESSION', + PCLZIP_ERR_UNSUPPORTED_ENCRYPTION => 'PCLZIP_ERR_UNSUPPORTED_ENCRYPTION' + ,PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE => 'PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE' + ,PCLZIP_ERR_DIRECTORY_RESTRICTION => 'PCLZIP_ERR_DIRECTORY_RESTRICTION' + ); + + if (isset($v_name[$this->error_code])) { + $v_value = $v_name[$this->error_code]; + } + else { + $v_value = 'NoName'; + } + + if ($p_with_code) { + return($v_value.' ('.$this->error_code.')'); + } + else { + return($v_value); + } + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : errorInfo() + // Description : + // Parameters : + // -------------------------------------------------------------------------------- + function errorInfo($p_full=false) + { + if (PCLZIP_ERROR_EXTERNAL == 1) { + return(PclErrorString()); + } + else { + if ($p_full) { + return($this->errorName(true)." : ".$this->error_string); + } + else { + return($this->error_string." [code ".$this->error_code."]"); + } + } + } + // -------------------------------------------------------------------------------- + + +// -------------------------------------------------------------------------------- +// ***** UNDER THIS LINE ARE DEFINED PRIVATE INTERNAL FUNCTIONS ***** +// ***** ***** +// ***** THESES FUNCTIONS MUST NOT BE USED DIRECTLY ***** +// -------------------------------------------------------------------------------- + + + + // -------------------------------------------------------------------------------- + // Function : privCheckFormat() + // Description : + // This method check that the archive exists and is a valid zip archive. + // Several level of check exists. (futur) + // Parameters : + // $p_level : Level of check. Default 0. + // 0 : Check the first bytes (magic codes) (default value)) + // 1 : 0 + Check the central directory (futur) + // 2 : 1 + Check each file header (futur) + // Return Values : + // true on success, + // false on error, the error code is set. + // -------------------------------------------------------------------------------- + function privCheckFormat($p_level=0) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privCheckFormat", ""); + $v_result = true; + + // ----- Reset the file system cache + clearstatcache(); + + // ----- Reset the error handler + $this->privErrorReset(); + + // ----- Look if the file exits + if (!is_file($this->zipname)) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_MISSING_FILE, "Missing archive file '".$this->zipname."'"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, false, PclZip::errorInfo()); + return(false); + } + + // ----- Check that the file is readeable + if (!is_readable($this->zipname)) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, "Unable to read archive '".$this->zipname."'"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, false, PclZip::errorInfo()); + return(false); + } + + // ----- Check the magic code + // TBC + + // ----- Check the central header + // TBC + + // ----- Check each file header + // TBC + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privParseOptions() + // Description : + // This internal methods reads the variable list of arguments ($p_options_list, + // $p_size) and generate an array with the options and values ($v_result_list). + // $v_requested_options contains the options that can be present and those that + // must be present. + // $v_requested_options is an array, with the option value as key, and 'optional', + // or 'mandatory' as value. + // Parameters : + // See above. + // Return Values : + // 1 on success. + // 0 on failure. + // -------------------------------------------------------------------------------- + function privParseOptions(&$p_options_list, $p_size, &$v_result_list, $v_requested_options=false) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privParseOptions", ""); + $v_result=1; + + // ----- Read the options + $i=0; + while ($i<$p_size) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Looking for table index $i, option = '".PclZipUtilOptionText($p_options_list[$i])."(".$p_options_list[$i].")'"); + + // ----- Check if the option is supported + if (!isset($v_requested_options[$p_options_list[$i]])) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid optional parameter '".$p_options_list[$i]."' for this method"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Look for next option + switch ($p_options_list[$i]) { + // ----- Look for options that request a path value + case PCLZIP_OPT_PATH : + case PCLZIP_OPT_REMOVE_PATH : + case PCLZIP_OPT_ADD_PATH : + // ----- Check the number of parameters + if (($i+1) >= $p_size) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Get the value + $v_result_list[$p_options_list[$i]] = PclZipUtilTranslateWinPath($p_options_list[$i+1], FALSE); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "".PclZipUtilOptionText($p_options_list[$i])." = '".$v_result_list[$p_options_list[$i]]."'"); + $i++; + break; + + case PCLZIP_OPT_EXTRACT_DIR_RESTRICTION : + // ----- Check the number of parameters + if (($i+1) >= $p_size) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Get the value + if ( is_string($p_options_list[$i+1]) + && ($p_options_list[$i+1] != '')) { + $v_result_list[$p_options_list[$i]] = PclZipUtilTranslateWinPath($p_options_list[$i+1], FALSE); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "".PclZipUtilOptionText($p_options_list[$i])." = '".$v_result_list[$p_options_list[$i]]."'"); + $i++; + } + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "".PclZipUtilOptionText($p_options_list[$i])." set with an empty value is ignored."); + } + break; + + // ----- Look for options that request an array of string for value + case PCLZIP_OPT_BY_NAME : + // ----- Check the number of parameters + if (($i+1) >= $p_size) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Get the value + if (is_string($p_options_list[$i+1])) { + $v_result_list[$p_options_list[$i]][0] = $p_options_list[$i+1]; + } + else if (is_array($p_options_list[$i+1])) { + $v_result_list[$p_options_list[$i]] = $p_options_list[$i+1]; + } + else { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Wrong parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + ////--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "".PclZipUtilOptionText($p_options_list[$i])." = '".$v_result_list[$p_options_list[$i]]."'"); + $i++; + break; + + // ----- Look for options that request an EREG or PREG expression + case PCLZIP_OPT_BY_EREG : + case PCLZIP_OPT_BY_PREG : + //case PCLZIP_OPT_CRYPT : + // ----- Check the number of parameters + if (($i+1) >= $p_size) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Get the value + if (is_string($p_options_list[$i+1])) { + $v_result_list[$p_options_list[$i]] = $p_options_list[$i+1]; + } + else { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Wrong parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "".PclZipUtilOptionText($p_options_list[$i])." = '".$v_result_list[$p_options_list[$i]]."'"); + $i++; + break; + + // ----- Look for options that takes a string + case PCLZIP_OPT_COMMENT : + case PCLZIP_OPT_ADD_COMMENT : + case PCLZIP_OPT_PREPEND_COMMENT : + // ----- Check the number of parameters + if (($i+1) >= $p_size) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, + "Missing parameter value for option '" + .PclZipUtilOptionText($p_options_list[$i]) + ."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Get the value + if (is_string($p_options_list[$i+1])) { + $v_result_list[$p_options_list[$i]] = $p_options_list[$i+1]; + } + else { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, + "Wrong parameter value for option '" + .PclZipUtilOptionText($p_options_list[$i]) + ."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "".PclZipUtilOptionText($p_options_list[$i])." = '".$v_result_list[$p_options_list[$i]]."'"); + $i++; + break; + + // ----- Look for options that request an array of index + case PCLZIP_OPT_BY_INDEX : + // ----- Check the number of parameters + if (($i+1) >= $p_size) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Get the value + $v_work_list = array(); + if (is_string($p_options_list[$i+1])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Index value is a string '".$p_options_list[$i+1]."'"); + + // ----- Remove spaces + $p_options_list[$i+1] = strtr($p_options_list[$i+1], ' ', ''); + + // ----- Parse items + $v_work_list = explode(",", $p_options_list[$i+1]); + } + else if (is_integer($p_options_list[$i+1])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Index value is an integer '".$p_options_list[$i+1]."'"); + $v_work_list[0] = $p_options_list[$i+1].'-'.$p_options_list[$i+1]; + } + else if (is_array($p_options_list[$i+1])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Index value is an array"); + $v_work_list = $p_options_list[$i+1]; + } + else { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Value must be integer, string or array for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Reduce the index list + // each index item in the list must be a couple with a start and + // an end value : [0,3], [5-5], [8-10], ... + // ----- Check the format of each item + $v_sort_flag=false; + $v_sort_value=0; + for ($j=0; $j= $p_size) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Get the value + $v_result_list[$p_options_list[$i]] = $p_options_list[$i+1]; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "".PclZipUtilOptionText($p_options_list[$i])." = '".$v_result_list[$p_options_list[$i]]."'"); + $i++; + break; + + // ----- Look for options that request a call-back + case PCLZIP_CB_PRE_EXTRACT : + case PCLZIP_CB_POST_EXTRACT : + case PCLZIP_CB_PRE_ADD : + case PCLZIP_CB_POST_ADD : + /* for futur use + case PCLZIP_CB_PRE_DELETE : + case PCLZIP_CB_POST_DELETE : + case PCLZIP_CB_PRE_LIST : + case PCLZIP_CB_POST_LIST : + */ + // ----- Check the number of parameters + if (($i+1) >= $p_size) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Get the value + $v_function_name = $p_options_list[$i+1]; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "call-back ".PclZipUtilOptionText($p_options_list[$i])." = '".$v_function_name."'"); + + // ----- Check that the value is a valid existing function + if (!function_exists($v_function_name)) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Function '".$v_function_name."()' is not an existing function for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Set the attribute + $v_result_list[$p_options_list[$i]] = $v_function_name; + $i++; + break; + + default : + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, + "Unknown parameter '" + .$p_options_list[$i]."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Next options + $i++; + } + + // ----- Look for mandatory options + if ($v_requested_options !== false) { + for ($key=reset($v_requested_options); $key=key($v_requested_options); $key=next($v_requested_options)) { + // ----- Look for mandatory option + if ($v_requested_options[$key] == 'mandatory') { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Detect a mandatory option : ".PclZipUtilOptionText($key)."(".$key.")"); + // ----- Look if present + if (!isset($v_result_list[$key])) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Missing mandatory parameter ".PclZipUtilOptionText($key)."(".$key.")"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + } + } + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privFileDescrParseAtt() + // Description : + // Parameters : + // Return Values : + // 1 on success. + // 0 on failure. + // -------------------------------------------------------------------------------- + function privFileDescrParseAtt(&$p_file_list, &$p_filedescr, $v_options, $v_requested_options=false) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privFileDescrParseAtt", ""); + $v_result=1; + + // ----- For each file in the list check the attributes + foreach ($p_file_list as $v_key => $v_value) { + + // ----- Check if the option is supported + if (!isset($v_requested_options[$v_key])) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid file attribute '".$v_key."' for this file"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Look for attribute + switch ($v_key) { + case PCLZIP_ATT_FILE_NAME : + if (!is_string($v_value)) { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type ".gettype($v_value).". String expected for attribute '".PclZipUtilOptionText($v_key)."'"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + $p_filedescr['filename'] = PclZipUtilPathReduction($v_value); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "".PclZipUtilOptionText($v_key)." = '".$v_value."'"); + + if ($p_filedescr['filename'] == '') { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid empty filename for attribute '".PclZipUtilOptionText($v_key)."'"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + break; + + case PCLZIP_ATT_FILE_NEW_SHORT_NAME : + if (!is_string($v_value)) { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type ".gettype($v_value).". String expected for attribute '".PclZipUtilOptionText($v_key)."'"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + $p_filedescr['new_short_name'] = PclZipUtilPathReduction($v_value); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "".PclZipUtilOptionText($v_key)." = '".$v_value."'"); + + if ($p_filedescr['new_short_name'] == '') { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid empty short filename for attribute '".PclZipUtilOptionText($v_key)."'"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + break; + + case PCLZIP_ATT_FILE_NEW_FULL_NAME : + if (!is_string($v_value)) { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type ".gettype($v_value).". String expected for attribute '".PclZipUtilOptionText($v_key)."'"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + $p_filedescr['new_full_name'] = PclZipUtilPathReduction($v_value); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "".PclZipUtilOptionText($v_key)." = '".$v_value."'"); + + if ($p_filedescr['new_full_name'] == '') { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid empty full filename for attribute '".PclZipUtilOptionText($v_key)."'"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + break; + + // ----- Look for options that takes a string + case PCLZIP_ATT_FILE_COMMENT : + if (!is_string($v_value)) { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type ".gettype($v_value).". String expected for attribute '".PclZipUtilOptionText($v_key)."'"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + $p_filedescr['comment'] = $v_value; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "".PclZipUtilOptionText($v_key)." = '".$v_value."'"); + break; + + case PCLZIP_ATT_FILE_MTIME : + if (!is_integer($v_value)) { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type ".gettype($v_value).". Integer expected for attribute '".PclZipUtilOptionText($v_key)."'"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + $p_filedescr['mtime'] = $v_value; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "".PclZipUtilOptionText($v_key)." = '".$v_value."'"); + break; + + case PCLZIP_ATT_FILE_CONTENT : + $p_filedescr['content'] = $v_value; + ////--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "".PclZipUtilOptionText($v_key)." = '".$v_value."'"); + break; + + default : + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, + "Unknown parameter '".$v_key."'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Look for mandatory options + if ($v_requested_options !== false) { + for ($key=reset($v_requested_options); $key=key($v_requested_options); $key=next($v_requested_options)) { + // ----- Look for mandatory option + if ($v_requested_options[$key] == 'mandatory') { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Detect a mandatory option : ".PclZipUtilOptionText($key)."(".$key.")"); + // ----- Look if present + if (!isset($p_file_list[$key])) { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Missing mandatory parameter ".PclZipUtilOptionText($key)."(".$key.")"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + } + } + } + + // end foreach + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privFileDescrExpand() + // Description : + // Parameters : + // Return Values : + // 1 on success. + // 0 on failure. + // -------------------------------------------------------------------------------- + function privFileDescrExpand(&$p_filedescr_list, &$p_options) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privFileDescrExpand", ""); + $v_result=1; + + // ----- Create a result list + $v_result_list = array(); + + // ----- Look each entry + for ($i=0; $iprivCalculateStoredFilename($v_descr, $p_options); + + // ----- Add the descriptor in result list + $v_result_list[sizeof($v_result_list)] = $v_descr; + + // ----- Look for folder + if ($v_descr['type'] == 'folder') { + // ----- List of items in folder + $v_dirlist_descr = array(); + $v_dirlist_nb = 0; + if ($v_folder_handler = @opendir($v_descr['filename'])) { + while (($v_item_handler = @readdir($v_folder_handler)) !== false) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Looking for '".$v_item_handler."' in the directory"); + + // ----- Skip '.' and '..' + if (($v_item_handler == '.') || ($v_item_handler == '..')) { + continue; + } + + // ----- Compose the full filename + $v_dirlist_descr[$v_dirlist_nb]['filename'] = $v_descr['filename'].'/'.$v_item_handler; + + // ----- Look for different stored filename + // Because the name of the folder was changed, the name of the + // files/sub-folders also change + if ($v_descr['stored_filename'] != $v_descr['filename']) { + if ($v_descr['stored_filename'] != '') { + $v_dirlist_descr[$v_dirlist_nb]['new_full_name'] = $v_descr['stored_filename'].'/'.$v_item_handler; + } + else { + $v_dirlist_descr[$v_dirlist_nb]['new_full_name'] = $v_item_handler; + } + } + + $v_dirlist_nb++; + } + + @closedir($v_folder_handler); + } + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Unable to open dir '".$v_descr['filename']."' in read mode. Skipped."); + // TBC : unable to open folder in read mode + } + + // ----- Expand each element of the list + if ($v_dirlist_nb != 0) { + // ----- Expand + if (($v_result = $this->privFileDescrExpand($v_dirlist_descr, $p_options)) != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Concat the resulting list + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Merging result list (size '".sizeof($v_result_list)."') with dirlist (size '".sizeof($v_dirlist_descr)."')"); + $v_result_list = array_merge($v_result_list, $v_dirlist_descr); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "merged result list is size '".sizeof($v_result_list)."'"); + } + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Nothing in this folder to expand."); + } + + // ----- Free local array + unset($v_dirlist_descr); + } + } + + // ----- Get the result list + $p_filedescr_list = $v_result_list; + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privCreate() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privCreate($p_filedescr_list, &$p_result_list, &$p_options) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privCreate", "list"); + $v_result=1; + $v_list_detail = array(); + + // ----- Magic quotes trick + $this->privDisableMagicQuotes(); + + // ----- Open the file in write mode + if (($v_result = $this->privOpenFd('wb')) != 1) + { + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Add the list of files + $v_result = $this->privAddList($p_filedescr_list, $p_result_list, $p_options); + + // ----- Close + $this->privCloseFd(); + + // ----- Magic quotes trick + $this->privSwapBackMagicQuotes(); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privAdd() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privAdd($p_filedescr_list, &$p_result_list, &$p_options) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privAdd", "list"); + $v_result=1; + $v_list_detail = array(); + + // ----- Look if the archive exists or is empty + if ((!is_file($this->zipname)) || (filesize($this->zipname) == 0)) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Archive does not exist, or is empty, create it."); + + // ----- Do a create + $v_result = $this->privCreate($p_filedescr_list, $p_result_list, $p_options); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // ----- Magic quotes trick + $this->privDisableMagicQuotes(); + + // ----- Open the zip file + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Open file in binary read mode"); + if (($v_result=$this->privOpenFd('rb')) != 1) + { + // ----- Magic quotes trick + $this->privSwapBackMagicQuotes(); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Read the central directory informations + $v_central_dir = array(); + if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) + { + $this->privCloseFd(); + $this->privSwapBackMagicQuotes(); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Go to beginning of File + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position in file : ".ftell($this->zip_fd)."'"); + @rewind($this->zip_fd); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position in file : ".ftell($this->zip_fd)."'"); + + // ----- Creates a temporay file + $v_zip_temp_name = PCLZIP_TEMPORARY_DIR.uniqid('pclzip-').'.tmp'; + + // ----- Open the temporary file in write mode + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Open file in binary read mode"); + if (($v_zip_temp_fd = @fopen($v_zip_temp_name, 'wb')) == 0) + { + $this->privCloseFd(); + $this->privSwapBackMagicQuotes(); + + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open temporary file \''.$v_zip_temp_name.'\' in binary write mode'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Copy the files from the archive to the temporary file + // TBC : Here I should better append the file and go back to erase the central dir + $v_size = $v_central_dir['offset']; + while ($v_size != 0) + { + $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Read $v_read_size bytes"); + $v_buffer = fread($this->zip_fd, $v_read_size); + @fwrite($v_zip_temp_fd, $v_buffer, $v_read_size); + $v_size -= $v_read_size; + } + + // ----- Swap the file descriptor + // Here is a trick : I swap the temporary fd with the zip fd, in order to use + // the following methods on the temporary fil and not the real archive + $v_swap = $this->zip_fd; + $this->zip_fd = $v_zip_temp_fd; + $v_zip_temp_fd = $v_swap; + + // ----- Add the files + $v_header_list = array(); + if (($v_result = $this->privAddFileList($p_filedescr_list, $v_header_list, $p_options)) != 1) + { + fclose($v_zip_temp_fd); + $this->privCloseFd(); + @unlink($v_zip_temp_name); + $this->privSwapBackMagicQuotes(); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Store the offset of the central dir + $v_offset = @ftell($this->zip_fd); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "New offset of central dir : $v_offset"); + + // ----- Copy the block of file headers from the old archive + $v_size = $v_central_dir['size']; + while ($v_size != 0) + { + $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Read $v_read_size bytes"); + $v_buffer = @fread($v_zip_temp_fd, $v_read_size); + @fwrite($this->zip_fd, $v_buffer, $v_read_size); + $v_size -= $v_read_size; + } + + // ----- Create the Central Dir files header + for ($i=0, $v_count=0; $iprivWriteCentralFileHeader($v_header_list[$i])) != 1) { + fclose($v_zip_temp_fd); + $this->privCloseFd(); + @unlink($v_zip_temp_name); + $this->privSwapBackMagicQuotes(); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + $v_count++; + } + + // ----- Transform the header to a 'usable' info + $this->privConvertHeader2FileInfo($v_header_list[$i], $p_result_list[$i]); + } + + // ----- Zip file comment + $v_comment = $v_central_dir['comment']; + if (isset($p_options[PCLZIP_OPT_COMMENT])) { + $v_comment = $p_options[PCLZIP_OPT_COMMENT]; + } + if (isset($p_options[PCLZIP_OPT_ADD_COMMENT])) { + $v_comment = $v_comment.$p_options[PCLZIP_OPT_ADD_COMMENT]; + } + if (isset($p_options[PCLZIP_OPT_PREPEND_COMMENT])) { + $v_comment = $p_options[PCLZIP_OPT_PREPEND_COMMENT].$v_comment; + } + + // ----- Calculate the size of the central header + $v_size = @ftell($this->zip_fd)-$v_offset; + + // ----- Create the central dir footer + if (($v_result = $this->privWriteCentralHeader($v_count+$v_central_dir['entries'], $v_size, $v_offset, $v_comment)) != 1) + { + // ----- Reset the file list + unset($v_header_list); + $this->privSwapBackMagicQuotes(); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Swap back the file descriptor + $v_swap = $this->zip_fd; + $this->zip_fd = $v_zip_temp_fd; + $v_zip_temp_fd = $v_swap; + + // ----- Close + $this->privCloseFd(); + + // ----- Close the temporary file + @fclose($v_zip_temp_fd); + + // ----- Magic quotes trick + $this->privSwapBackMagicQuotes(); + + // ----- Delete the zip file + // TBC : I should test the result ... + @unlink($this->zipname); + + // ----- Rename the temporary file + // TBC : I should test the result ... + //@rename($v_zip_temp_name, $this->zipname); + PclZipUtilRename($v_zip_temp_name, $this->zipname); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privOpenFd() + // Description : + // Parameters : + // -------------------------------------------------------------------------------- + function privOpenFd($p_mode) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privOpenFd", 'mode='.$p_mode); + $v_result=1; + + // ----- Look if already open + if ($this->zip_fd != 0) + { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Zip file \''.$this->zipname.'\' already open'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Open the zip file + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Open file in '.$p_mode.' mode'); + if (($this->zip_fd = @fopen($this->zipname, $p_mode)) == 0) + { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open archive \''.$this->zipname.'\' in '.$p_mode.' mode'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privCloseFd() + // Description : + // Parameters : + // -------------------------------------------------------------------------------- + function privCloseFd() + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privCloseFd", ""); + $v_result=1; + + if ($this->zip_fd != 0) + @fclose($this->zip_fd); + $this->zip_fd = 0; + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privAddList() + // Description : + // $p_add_dir and $p_remove_dir will give the ability to memorize a path which is + // different from the real path of the file. This is usefull if you want to have PclTar + // running in any directory, and memorize relative path from an other directory. + // Parameters : + // $p_list : An array containing the file or directory names to add in the tar + // $p_result_list : list of added files with their properties (specially the status field) + // $p_add_dir : Path to add in the filename path archived + // $p_remove_dir : Path to remove in the filename path archived + // Return Values : + // -------------------------------------------------------------------------------- +// function privAddList($p_list, &$p_result_list, $p_add_dir, $p_remove_dir, $p_remove_all_dir, &$p_options) + function privAddList($p_filedescr_list, &$p_result_list, &$p_options) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privAddList", "list"); + $v_result=1; + + // ----- Add the files + $v_header_list = array(); + if (($v_result = $this->privAddFileList($p_filedescr_list, $v_header_list, $p_options)) != 1) + { + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Store the offset of the central dir + $v_offset = @ftell($this->zip_fd); + + // ----- Create the Central Dir files header + for ($i=0,$v_count=0; $iprivWriteCentralFileHeader($v_header_list[$i])) != 1) { + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + $v_count++; + } + + // ----- Transform the header to a 'usable' info + $this->privConvertHeader2FileInfo($v_header_list[$i], $p_result_list[$i]); + } + + // ----- Zip file comment + $v_comment = ''; + if (isset($p_options[PCLZIP_OPT_COMMENT])) { + $v_comment = $p_options[PCLZIP_OPT_COMMENT]; + } + + // ----- Calculate the size of the central header + $v_size = @ftell($this->zip_fd)-$v_offset; + + // ----- Create the central dir footer + if (($v_result = $this->privWriteCentralHeader($v_count, $v_size, $v_offset, $v_comment)) != 1) + { + // ----- Reset the file list + unset($v_header_list); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privAddFileList() + // Description : + // Parameters : + // $p_filedescr_list : An array containing the file description + // or directory names to add in the zip + // $p_result_list : list of added files with their properties (specially the status field) + // Return Values : + // -------------------------------------------------------------------------------- + function privAddFileList($p_filedescr_list, &$p_result_list, &$p_options) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privAddFileList", "filedescr_list"); + $v_result=1; + $v_header = array(); + + // ----- Recuperate the current number of elt in list + $v_nb = sizeof($p_result_list); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Before add, list have ".$v_nb." elements"); + + // ----- Loop on the files + for ($j=0; ($jprivAddFile($p_filedescr_list[$j], $v_header, + $p_options); + if ($v_result != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Store the file infos + $p_result_list[$v_nb++] = $v_header; + } + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "After add, list have ".$v_nb." elements"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privAddFile() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privAddFile($p_filedescr, &$p_header, &$p_options) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privAddFile", "filename='".$p_filedescr['filename']."'"); + $v_result=1; + + // ----- Working variable + $p_filename = $p_filedescr['filename']; + + // TBC : Already done in the fileAtt check ... ? + if ($p_filename == "") { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid file list parameter (invalid or empty list)"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Look for a stored different filename + /* TBC : Removed + if (isset($p_filedescr['stored_filename'])) { + $v_stored_filename = $p_filedescr['stored_filename']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, 'Stored filename is NOT the same "'.$v_stored_filename.'"'); + } + else { + $v_stored_filename = $p_filedescr['stored_filename']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, 'Stored filename is the same'); + } + */ + + // ----- Set the file properties + clearstatcache(); + $p_header['version'] = 20; + $p_header['version_extracted'] = 10; + $p_header['flag'] = 0; + $p_header['compression'] = 0; + $p_header['crc'] = 0; + $p_header['compressed_size'] = 0; + $p_header['filename_len'] = strlen($p_filename); + $p_header['extra_len'] = 0; + $p_header['disk'] = 0; + $p_header['internal'] = 0; + $p_header['offset'] = 0; + $p_header['filename'] = $p_filename; +// TBC : Removed $p_header['stored_filename'] = $v_stored_filename; + $p_header['stored_filename'] = $p_filedescr['stored_filename']; + $p_header['extra'] = ''; + $p_header['status'] = 'ok'; + $p_header['index'] = -1; + + // ----- Look for regular file + if ($p_filedescr['type']=='file') { + $p_header['external'] = 0x00000000; + $p_header['size'] = filesize($p_filename); + } + + // ----- Look for regular folder + else if ($p_filedescr['type']=='folder') { + $p_header['external'] = 0x00000010; + $p_header['mtime'] = filemtime($p_filename); + $p_header['size'] = filesize($p_filename); + } + + // ----- Look for virtual file + else if ($p_filedescr['type'] == 'virtual_file') { + $p_header['external'] = 0x00000000; + $p_header['size'] = strlen($p_filedescr['content']); + } + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Header external extension '".sprintf("0x%X",$p_header['external'])."'"); + + // ----- Look for filetime + if (isset($p_filedescr['mtime'])) { + $p_header['mtime'] = $p_filedescr['mtime']; + } + else if ($p_filedescr['type'] == 'virtual_file') { + $p_header['mtime'] = mktime(); + } + else { + $p_header['mtime'] = filemtime($p_filename); + } + + // ------ Look for file comment + if (isset($p_filedescr['comment'])) { + $p_header['comment_len'] = strlen($p_filedescr['comment']); + $p_header['comment'] = $p_filedescr['comment']; + } + else { + $p_header['comment_len'] = 0; + $p_header['comment'] = ''; + } + + // ----- Look for pre-add callback + if (isset($p_options[PCLZIP_CB_PRE_ADD])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "A pre-callback '".$p_options[PCLZIP_CB_PRE_ADD]."()') is defined for the extraction"); + + // ----- Generate a local information + $v_local_header = array(); + $this->privConvertHeader2FileInfo($p_header, $v_local_header); + + // ----- Call the callback + // Here I do not use call_user_func() because I need to send a reference to the + // header. + eval('$v_result = '.$p_options[PCLZIP_CB_PRE_ADD].'(PCLZIP_CB_PRE_ADD, $v_local_header);'); + if ($v_result == 0) { + // ----- Change the file status + $p_header['status'] = "skipped"; + $v_result = 1; + } + + // ----- Update the informations + // Only some fields can be modified + if ($p_header['stored_filename'] != $v_local_header['stored_filename']) { + $p_header['stored_filename'] = PclZipUtilPathReduction($v_local_header['stored_filename']); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "New stored filename is '".$p_header['stored_filename']."'"); + } + } + + // ----- Look for empty stored filename + if ($p_header['stored_filename'] == "") { + $p_header['status'] = "filtered"; + } + + // ----- Check the path length + if (strlen($p_header['stored_filename']) > 0xFF) { + $p_header['status'] = 'filename_too_long'; + } + + // ----- Look if no error, or file not skipped + if ($p_header['status'] == 'ok') { + + // ----- Look for a file +// if (is_file($p_filename)) + if ( ($p_filedescr['type'] == 'file') + || ($p_filedescr['type'] == 'virtual_file')) { + + // ----- Get content from real file + if ($p_filedescr['type'] == 'file') { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "'".$p_filename."' is a file"); + + // ----- Open the source file + if (($v_file = @fopen($p_filename, "rb")) == 0) { + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, "Unable to open file '$p_filename' in binary read mode"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Read the file content + $v_content = @fread($v_file, $p_header['size']); + + // ----- Close the file + @fclose($v_file); + } + else if ($p_filedescr['type'] == 'virtual_file') { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Add by string"); + $v_content = $p_filedescr['content']; + } + + // ----- Calculate the CRC + $p_header['crc'] = @crc32($v_content); + + // ----- Look for no compression + if ($p_options[PCLZIP_OPT_NO_COMPRESSION]) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "File will not be compressed"); + // ----- Set header parameters + $p_header['compressed_size'] = $p_header['size']; + $p_header['compression'] = 0; + } + + // ----- Look for normal compression + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "File will be compressed"); + // ----- Compress the content + $v_content = @gzdeflate($v_content); + + // ----- Set header parameters + $p_header['compressed_size'] = strlen($v_content); + $p_header['compression'] = 8; + } + + // ----- Look for encryption + /* + if ((isset($p_options[PCLZIP_OPT_CRYPT])) + && ($p_options[PCLZIP_OPT_CRYPT] != "")) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "File need to be crypted ...."); + + // Should be a random header + $v_header = 'xxxxxxxxxxxx'; + $v_content_compressed = PclZipUtilZipEncrypt($v_content_compressed, + $p_header['compressed_size'], + $v_header, + $p_header['crc'], + "test"); + + $p_header['compressed_size'] += 12; + $p_header['flag'] = 1; + + // ----- Add the header to the data + $v_content_compressed = $v_header.$v_content_compressed; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Size after header : ".strlen($v_content_compressed).""); + } + */ + + // ----- Call the header generation + if (($v_result = $this->privWriteFileHeader($p_header)) != 1) { + @fclose($v_file); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Write the compressed (or not) content + @fwrite($this->zip_fd, $v_content, $p_header['compressed_size']); + } + + // ----- Look for a directory + else if ($p_filedescr['type'] == 'folder') { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "'".$p_filename."' is a folder"); + // ----- Look for directory last '/' + if (@substr($p_header['stored_filename'], -1) != '/') { + $p_header['stored_filename'] .= '/'; + } + + // ----- Set the file properties + $p_header['size'] = 0; + //$p_header['external'] = 0x41FF0010; // Value for a folder : to be checked + $p_header['external'] = 0x00000010; // Value for a folder : to be checked + + // ----- Call the header generation + if (($v_result = $this->privWriteFileHeader($p_header)) != 1) + { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + } + } + + // ----- Look for post-add callback + if (isset($p_options[PCLZIP_CB_POST_ADD])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "A post-callback '".$p_options[PCLZIP_CB_POST_ADD]."()') is defined for the extraction"); + + // ----- Generate a local information + $v_local_header = array(); + $this->privConvertHeader2FileInfo($p_header, $v_local_header); + + // ----- Call the callback + // Here I do not use call_user_func() because I need to send a reference to the + // header. + eval('$v_result = '.$p_options[PCLZIP_CB_POST_ADD].'(PCLZIP_CB_POST_ADD, $v_local_header);'); + if ($v_result == 0) { + // ----- Ignored + $v_result = 1; + } + + // ----- Update the informations + // Nothing can be modified + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privCalculateStoredFilename() + // Description : + // Based on file descriptor properties and global options, this method + // calculate the filename that will be stored in the archive. + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privCalculateStoredFilename(&$p_filedescr, &$p_options) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privCalculateStoredFilename", "filename='".$p_filedescr['filename']."'"); + $v_result=1; + + // ----- Working variables + $p_filename = $p_filedescr['filename']; + if (isset($p_options[PCLZIP_OPT_ADD_PATH])) { + $p_add_dir = $p_options[PCLZIP_OPT_ADD_PATH]; + } + else { + $p_add_dir = ''; + } + if (isset($p_options[PCLZIP_OPT_REMOVE_PATH])) { + $p_remove_dir = $p_options[PCLZIP_OPT_REMOVE_PATH]; + } + else { + $p_remove_dir = ''; + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Remove path ='".$p_remove_dir."'"); + if (isset($p_options[PCLZIP_OPT_REMOVE_ALL_PATH])) { + $p_remove_all_dir = $p_options[PCLZIP_OPT_REMOVE_ALL_PATH]; + } + else { + $p_remove_all_dir = 0; + } + + // ----- Look for full name change + if (isset($p_filedescr['new_full_name'])) { + $v_stored_filename = $p_filedescr['new_full_name']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Changing full name of '".$p_filename."' for '".$v_stored_filename."'"); + } + + // ----- Look for path and/or short name change + else { + + // ----- Look for short name change + if (isset($p_filedescr['new_short_name'])) { + $v_path_info = pathinfo($p_filename); + $v_dir = ''; + if ($v_path_info['dirname'] != '') { + $v_dir = $v_path_info['dirname'].'/'; + } + $v_stored_filename = $v_dir.$p_filedescr['new_short_name']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Changing short name of '".$p_filename."' for '".$v_stored_filename."'"); + } + else { + // ----- Calculate the stored filename + $v_stored_filename = $p_filename; + } + + // ----- Look for all path to remove + if ($p_remove_all_dir) { + $v_stored_filename = basename($p_filename); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Remove all path selected change '".$p_filename."' for '".$v_stored_filename."'"); + } + // ----- Look for partial path remove + else if ($p_remove_dir != "") { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Partial path to remove"); + if (substr($p_remove_dir, -1) != '/') + $p_remove_dir .= "/"; + + if ( (substr($p_filename, 0, 2) == "./") + || (substr($p_remove_dir, 0, 2) == "./")) { + + if ( (substr($p_filename, 0, 2) == "./") + && (substr($p_remove_dir, 0, 2) != "./")) { + $p_remove_dir = "./".$p_remove_dir; + } + if ( (substr($p_filename, 0, 2) != "./") + && (substr($p_remove_dir, 0, 2) == "./")) { + $p_remove_dir = substr($p_remove_dir, 2); + } + } + + $v_compare = PclZipUtilPathInclusion($p_remove_dir, + $v_stored_filename); + if ($v_compare > 0) { + if ($v_compare == 2) { + $v_stored_filename = ""; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Path to remove is the current folder"); + } + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Remove path '$p_remove_dir' in file '$v_stored_filename'"); + $v_stored_filename = substr($v_stored_filename, + strlen($p_remove_dir)); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Result is '$v_stored_filename'"); + } + } + } + // ----- Look for path to add + if ($p_add_dir != "") { + if (substr($p_add_dir, -1) == "/") + $v_stored_filename = $p_add_dir.$v_stored_filename; + else + $v_stored_filename = $p_add_dir."/".$v_stored_filename; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Add path '$p_add_dir' in file '$p_filename' = '$v_stored_filename'"); + } + } + + // ----- Filename (reduce the path of stored name) + $v_stored_filename = PclZipUtilPathReduction($v_stored_filename); + $p_filedescr['stored_filename'] = $v_stored_filename; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Stored filename will be '".$p_filedescr['stored_filename']."', strlen ".strlen($p_filedescr['stored_filename'])); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privWriteFileHeader() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privWriteFileHeader(&$p_header) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privWriteFileHeader", 'file="'.$p_header['filename'].'", stored as "'.$p_header['stored_filename'].'"'); + $v_result=1; + + // ----- Store the offset position of the file + $p_header['offset'] = ftell($this->zip_fd); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, 'File offset of the header :'.$p_header['offset']); + + // ----- Transform UNIX mtime to DOS format mdate/mtime + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Date : \''.date("d/m/y H:i:s", $p_header['mtime']).'\''); + $v_date = getdate($p_header['mtime']); + $v_mtime = ($v_date['hours']<<11) + ($v_date['minutes']<<5) + $v_date['seconds']/2; + $v_mdate = (($v_date['year']-1980)<<9) + ($v_date['mon']<<5) + $v_date['mday']; + + // ----- Packed data + $v_binary_data = pack("VvvvvvVVVvv", 0x04034b50, + $p_header['version_extracted'], $p_header['flag'], + $p_header['compression'], $v_mtime, $v_mdate, + $p_header['crc'], $p_header['compressed_size'], + $p_header['size'], + strlen($p_header['stored_filename']), + $p_header['extra_len']); + + // ----- Write the first 148 bytes of the header in the archive + fputs($this->zip_fd, $v_binary_data, 30); + + // ----- Write the variable fields + if (strlen($p_header['stored_filename']) != 0) + { + fputs($this->zip_fd, $p_header['stored_filename'], strlen($p_header['stored_filename'])); + } + if ($p_header['extra_len'] != 0) + { + fputs($this->zip_fd, $p_header['extra'], $p_header['extra_len']); + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privWriteCentralFileHeader() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privWriteCentralFileHeader(&$p_header) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privWriteCentralFileHeader", 'file="'.$p_header['filename'].'", stored as "'.$p_header['stored_filename'].'"'); + $v_result=1; + + // TBC + //for(reset($p_header); $key = key($p_header); next($p_header)) { + // //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "header[$key] = ".$p_header[$key]); + //} + + // ----- Transform UNIX mtime to DOS format mdate/mtime + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Date : \''.date("d/m/y H:i:s", $p_header['mtime']).'\''); + $v_date = getdate($p_header['mtime']); + $v_mtime = ($v_date['hours']<<11) + ($v_date['minutes']<<5) + $v_date['seconds']/2; + $v_mdate = (($v_date['year']-1980)<<9) + ($v_date['mon']<<5) + $v_date['mday']; + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Comment size : \''.$p_header['comment_len'].'\''); + + // ----- Packed data + $v_binary_data = pack("VvvvvvvVVVvvvvvVV", 0x02014b50, + $p_header['version'], $p_header['version_extracted'], + $p_header['flag'], $p_header['compression'], + $v_mtime, $v_mdate, $p_header['crc'], + $p_header['compressed_size'], $p_header['size'], + strlen($p_header['stored_filename']), + $p_header['extra_len'], $p_header['comment_len'], + $p_header['disk'], $p_header['internal'], + $p_header['external'], $p_header['offset']); + + // ----- Write the 42 bytes of the header in the zip file + fputs($this->zip_fd, $v_binary_data, 46); + + // ----- Write the variable fields + if (strlen($p_header['stored_filename']) != 0) + { + fputs($this->zip_fd, $p_header['stored_filename'], strlen($p_header['stored_filename'])); + } + if ($p_header['extra_len'] != 0) + { + fputs($this->zip_fd, $p_header['extra'], $p_header['extra_len']); + } + if ($p_header['comment_len'] != 0) + { + fputs($this->zip_fd, $p_header['comment'], $p_header['comment_len']); + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privWriteCentralHeader() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privWriteCentralHeader($p_nb_entries, $p_size, $p_offset, $p_comment) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privWriteCentralHeader", 'nb_entries='.$p_nb_entries.', size='.$p_size.', offset='.$p_offset.', comment="'.$p_comment.'"'); + $v_result=1; + + // ----- Packed data + $v_binary_data = pack("VvvvvVVv", 0x06054b50, 0, 0, $p_nb_entries, + $p_nb_entries, $p_size, + $p_offset, strlen($p_comment)); + + // ----- Write the 22 bytes of the header in the zip file + fputs($this->zip_fd, $v_binary_data, 22); + + // ----- Write the variable fields + if (strlen($p_comment) != 0) + { + fputs($this->zip_fd, $p_comment, strlen($p_comment)); + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privList() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privList(&$p_list) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privList", "list"); + $v_result=1; + + // ----- Magic quotes trick + $this->privDisableMagicQuotes(); + + // ----- Open the zip file + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Open file in binary read mode"); + if (($this->zip_fd = @fopen($this->zipname, 'rb')) == 0) + { + // ----- Magic quotes trick + $this->privSwapBackMagicQuotes(); + + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open archive \''.$this->zipname.'\' in binary read mode'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Read the central directory informations + $v_central_dir = array(); + if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) + { + $this->privSwapBackMagicQuotes(); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Go to beginning of Central Dir + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Offset : ".$v_central_dir['offset']."'"); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Position in file : ".ftell($this->zip_fd)."'"); + @rewind($this->zip_fd); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Position in file : ".ftell($this->zip_fd)."'"); + if (@fseek($this->zip_fd, $v_central_dir['offset'])) + { + $this->privSwapBackMagicQuotes(); + + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ARCHIVE_ZIP, 'Invalid archive size'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Position in file : ".ftell($this->zip_fd)."'"); + + // ----- Read each entry + for ($i=0; $i<$v_central_dir['entries']; $i++) + { + // ----- Read the file header + if (($v_result = $this->privReadCentralFileHeader($v_header)) != 1) + { + $this->privSwapBackMagicQuotes(); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + $v_header['index'] = $i; + + // ----- Get the only interesting attributes + $this->privConvertHeader2FileInfo($v_header, $p_list[$i]); + unset($v_header); + } + + // ----- Close the zip file + $this->privCloseFd(); + + // ----- Magic quotes trick + $this->privSwapBackMagicQuotes(); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privConvertHeader2FileInfo() + // Description : + // This function takes the file informations from the central directory + // entries and extract the interesting parameters that will be given back. + // The resulting file infos are set in the array $p_info + // $p_info['filename'] : Filename with full path. Given by user (add), + // extracted in the filesystem (extract). + // $p_info['stored_filename'] : Stored filename in the archive. + // $p_info['size'] = Size of the file. + // $p_info['compressed_size'] = Compressed size of the file. + // $p_info['mtime'] = Last modification date of the file. + // $p_info['comment'] = Comment associated with the file. + // $p_info['folder'] = true/false : indicates if the entry is a folder or not. + // $p_info['status'] = status of the action on the file. + // $p_info['crc'] = CRC of the file content. + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privConvertHeader2FileInfo($p_header, &$p_info) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privConvertHeader2FileInfo", "Filename='".$p_header['filename']."'"); + $v_result=1; + + // ----- Get the interesting attributes + $p_info['filename'] = $p_header['filename']; + $p_info['stored_filename'] = $p_header['stored_filename']; + $p_info['size'] = $p_header['size']; + $p_info['compressed_size'] = $p_header['compressed_size']; + $p_info['mtime'] = $p_header['mtime']; + $p_info['comment'] = $p_header['comment']; + $p_info['folder'] = (($p_header['external']&0x00000010)==0x00000010); + $p_info['index'] = $p_header['index']; + $p_info['status'] = $p_header['status']; + $p_info['crc'] = $p_header['crc']; + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privExtractByRule() + // Description : + // Extract a file or directory depending of rules (by index, by name, ...) + // Parameters : + // $p_file_list : An array where will be placed the properties of each + // extracted file + // $p_path : Path to add while writing the extracted files + // $p_remove_path : Path to remove (from the file memorized path) while writing the + // extracted files. If the path does not match the file path, + // the file is extracted with its memorized path. + // $p_remove_path does not apply to 'list' mode. + // $p_path and $p_remove_path are commulative. + // Return Values : + // 1 on success,0 or less on error (see error code list) + // -------------------------------------------------------------------------------- + function privExtractByRule(&$p_file_list, $p_path, $p_remove_path, $p_remove_all_path, &$p_options) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privExtractByRule", "path='$p_path', remove_path='$p_remove_path', remove_all_path='".($p_remove_all_path?'true':'false')."'"); + $v_result=1; + + // ----- Magic quotes trick + $this->privDisableMagicQuotes(); + + // ----- Check the path + if ( ($p_path == "") + || ( (substr($p_path, 0, 1) != "/") + && (substr($p_path, 0, 3) != "../") + && (substr($p_path,1,2)!=":/"))) + $p_path = "./".$p_path; + + // ----- Reduce the path last (and duplicated) '/' + if (($p_path != "./") && ($p_path != "/")) + { + // ----- Look for the path end '/' + while (substr($p_path, -1) == "/") + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Destination path [$p_path] ends by '/'"); + $p_path = substr($p_path, 0, strlen($p_path)-1); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Modified to [$p_path]"); + } + } + + // ----- Look for path to remove format (should end by /) + if (($p_remove_path != "") && (substr($p_remove_path, -1) != '/')) + { + $p_remove_path .= '/'; + } + $p_remove_path_size = strlen($p_remove_path); + + // ----- Open the zip file + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Open file in binary read mode"); + if (($v_result = $this->privOpenFd('rb')) != 1) + { + $this->privSwapBackMagicQuotes(); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Read the central directory informations + $v_central_dir = array(); + if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) + { + // ----- Close the zip file + $this->privCloseFd(); + $this->privSwapBackMagicQuotes(); + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Start at beginning of Central Dir + $v_pos_entry = $v_central_dir['offset']; + + // ----- Read each entry + $j_start = 0; + for ($i=0, $v_nb_extracted=0; $i<$v_central_dir['entries']; $i++) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Read next file header entry : '$i'"); + + // ----- Read next Central dir entry + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Position before rewind : ".ftell($this->zip_fd)."'"); + @rewind($this->zip_fd); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Position after rewind : ".ftell($this->zip_fd)."'"); + if (@fseek($this->zip_fd, $v_pos_entry)) + { + // ----- Close the zip file + $this->privCloseFd(); + $this->privSwapBackMagicQuotes(); + + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ARCHIVE_ZIP, 'Invalid archive size'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Position after fseek : ".ftell($this->zip_fd)."'"); + + // ----- Read the file header + $v_header = array(); + if (($v_result = $this->privReadCentralFileHeader($v_header)) != 1) + { + // ----- Close the zip file + $this->privCloseFd(); + $this->privSwapBackMagicQuotes(); + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Store the index + $v_header['index'] = $i; + + // ----- Store the file position + $v_pos_entry = ftell($this->zip_fd); + + // ----- Look for the specific extract rules + $v_extract = false; + + // ----- Look for extract by name rule + if ( (isset($p_options[PCLZIP_OPT_BY_NAME])) + && ($p_options[PCLZIP_OPT_BY_NAME] != 0)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Extract with rule 'ByName'"); + + // ----- Look if the filename is in the list + for ($j=0; ($j strlen($p_options[PCLZIP_OPT_BY_NAME][$j])) + && (substr($v_header['stored_filename'], 0, strlen($p_options[PCLZIP_OPT_BY_NAME][$j])) == $p_options[PCLZIP_OPT_BY_NAME][$j])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "The directory is in the file path"); + $v_extract = true; + } + } + // ----- Look for a filename + elseif ($v_header['stored_filename'] == $p_options[PCLZIP_OPT_BY_NAME][$j]) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "The file is the right one."); + $v_extract = true; + } + } + } + + // ----- Look for extract by ereg rule + else if ( (isset($p_options[PCLZIP_OPT_BY_EREG])) + && ($p_options[PCLZIP_OPT_BY_EREG] != "")) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Extract by ereg '".$p_options[PCLZIP_OPT_BY_EREG]."'"); + + if (ereg($p_options[PCLZIP_OPT_BY_EREG], $v_header['stored_filename'])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Filename match the regular expression"); + $v_extract = true; + } + } + + // ----- Look for extract by preg rule + else if ( (isset($p_options[PCLZIP_OPT_BY_PREG])) + && ($p_options[PCLZIP_OPT_BY_PREG] != "")) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Extract with rule 'ByEreg'"); + + if (preg_match($p_options[PCLZIP_OPT_BY_PREG], $v_header['stored_filename'])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Filename match the regular expression"); + $v_extract = true; + } + } + + // ----- Look for extract by index rule + else if ( (isset($p_options[PCLZIP_OPT_BY_INDEX])) + && ($p_options[PCLZIP_OPT_BY_INDEX] != 0)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Extract with rule 'ByIndex'"); + + // ----- Look if the index is in the list + for ($j=$j_start; ($j=$p_options[PCLZIP_OPT_BY_INDEX][$j]['start']) && ($i<=$p_options[PCLZIP_OPT_BY_INDEX][$j]['end'])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Found as part of an index range"); + $v_extract = true; + } + if ($i>=$p_options[PCLZIP_OPT_BY_INDEX][$j]['end']) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Do not look this index range for next loop"); + $j_start = $j+1; + } + + if ($p_options[PCLZIP_OPT_BY_INDEX][$j]['start']>$i) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Index range is greater than index, stop loop"); + break; + } + } + } + + // ----- Look for no rule, which means extract all the archive + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Extract with no rule (extract all)"); + $v_extract = true; + } + + // ----- Check compression method + if ( ($v_extract) + && ( ($v_header['compression'] != 8) + && ($v_header['compression'] != 0))) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Unsupported compression method (".$v_header['compression'].")"); + $v_header['status'] = 'unsupported_compression'; + + // ----- Look for PCLZIP_OPT_STOP_ON_ERROR + if ( (isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) + && ($p_options[PCLZIP_OPT_STOP_ON_ERROR]===true)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "PCLZIP_OPT_STOP_ON_ERROR is selected, extraction will be stopped"); + + $this->privSwapBackMagicQuotes(); + + PclZip::privErrorLog(PCLZIP_ERR_UNSUPPORTED_COMPRESSION, + "Filename '".$v_header['stored_filename']."' is " + ."compressed by an unsupported compression " + ."method (".$v_header['compression'].") "); + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + } + + // ----- Check encrypted files + if (($v_extract) && (($v_header['flag'] & 1) == 1)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Unsupported file encryption"); + $v_header['status'] = 'unsupported_encryption'; + + // ----- Look for PCLZIP_OPT_STOP_ON_ERROR + if ( (isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) + && ($p_options[PCLZIP_OPT_STOP_ON_ERROR]===true)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "PCLZIP_OPT_STOP_ON_ERROR is selected, extraction will be stopped"); + + $this->privSwapBackMagicQuotes(); + + PclZip::privErrorLog(PCLZIP_ERR_UNSUPPORTED_ENCRYPTION, + "Unsupported encryption for " + ." filename '".$v_header['stored_filename'] + ."'"); + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + } + + // ----- Look for real extraction + if (($v_extract) && ($v_header['status'] != 'ok')) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "No need for extract"); + $v_result = $this->privConvertHeader2FileInfo($v_header, + $p_file_list[$v_nb_extracted++]); + if ($v_result != 1) { + $this->privCloseFd(); + $this->privSwapBackMagicQuotes(); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + $v_extract = false; + } + + // ----- Look for real extraction + if ($v_extract) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Extracting file '".$v_header['filename']."', index '$i'"); + + // ----- Go to the file position + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position before rewind : ".ftell($this->zip_fd)."'"); + @rewind($this->zip_fd); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position after rewind : ".ftell($this->zip_fd)."'"); + if (@fseek($this->zip_fd, $v_header['offset'])) + { + // ----- Close the zip file + $this->privCloseFd(); + + $this->privSwapBackMagicQuotes(); + + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ARCHIVE_ZIP, 'Invalid archive size'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position after fseek : ".ftell($this->zip_fd)."'"); + + // ----- Look for extraction as string + if ($p_options[PCLZIP_OPT_EXTRACT_AS_STRING]) { + + // ----- Extracting the file + $v_result1 = $this->privExtractFileAsString($v_header, $v_string); + if ($v_result1 < 1) { + $this->privCloseFd(); + $this->privSwapBackMagicQuotes(); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result1); + return $v_result1; + } + + // ----- Get the only interesting attributes + if (($v_result = $this->privConvertHeader2FileInfo($v_header, $p_file_list[$v_nb_extracted])) != 1) + { + // ----- Close the zip file + $this->privCloseFd(); + $this->privSwapBackMagicQuotes(); + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Set the file content + $p_file_list[$v_nb_extracted]['content'] = $v_string; + + // ----- Next extracted file + $v_nb_extracted++; + + // ----- Look for user callback abort + if ($v_result1 == 2) { + break; + } + } + // ----- Look for extraction in standard output + elseif ( (isset($p_options[PCLZIP_OPT_EXTRACT_IN_OUTPUT])) + && ($p_options[PCLZIP_OPT_EXTRACT_IN_OUTPUT])) { + // ----- Extracting the file in standard output + $v_result1 = $this->privExtractFileInOutput($v_header, $p_options); + if ($v_result1 < 1) { + $this->privCloseFd(); + $this->privSwapBackMagicQuotes(); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result1); + return $v_result1; + } + + // ----- Get the only interesting attributes + if (($v_result = $this->privConvertHeader2FileInfo($v_header, $p_file_list[$v_nb_extracted++])) != 1) { + $this->privCloseFd(); + $this->privSwapBackMagicQuotes(); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Look for user callback abort + if ($v_result1 == 2) { + break; + } + } + // ----- Look for normal extraction + else { + // ----- Extracting the file + $v_result1 = $this->privExtractFile($v_header, + $p_path, $p_remove_path, + $p_remove_all_path, + $p_options); + if ($v_result1 < 1) { + $this->privCloseFd(); + $this->privSwapBackMagicQuotes(); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result1); + return $v_result1; + } + + // ----- Get the only interesting attributes + if (($v_result = $this->privConvertHeader2FileInfo($v_header, $p_file_list[$v_nb_extracted++])) != 1) + { + // ----- Close the zip file + $this->privCloseFd(); + $this->privSwapBackMagicQuotes(); + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Look for user callback abort + if ($v_result1 == 2) { + break; + } + } + } + } + + // ----- Close the zip file + $this->privCloseFd(); + $this->privSwapBackMagicQuotes(); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privExtractFile() + // Description : + // Parameters : + // Return Values : + // + // 1 : ... ? + // PCLZIP_ERR_USER_ABORTED(2) : User ask for extraction stop in callback + // -------------------------------------------------------------------------------- + function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_all_path, &$p_options) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, 'PclZip::privExtractFile', "path='$p_path', remove_path='$p_remove_path', remove_all_path='".($p_remove_all_path?'true':'false')."'"); + $v_result=1; + + // ----- Read the file header + if (($v_result = $this->privReadFileHeader($v_header)) != 1) + { + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Found file '".$v_header['filename']."', size '".$v_header['size']."'"); + + // ----- Check that the file header is coherent with $p_entry info + if ($this->privCheckFileHeaders($v_header, $p_entry) != 1) { + // TBC + } + + // ----- Look for all path to remove + if ($p_remove_all_path == true) { + // ----- Look for folder entry that not need to be extracted + if (($p_entry['external']&0x00000010)==0x00000010) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "The entry is a folder : need to be filtered"); + + $p_entry['status'] = "filtered"; + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "All path is removed"); + // ----- Get the basename of the path + $p_entry['filename'] = basename($p_entry['filename']); + } + + // ----- Look for path to remove + else if ($p_remove_path != "") + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Look for some path to remove"); + if (PclZipUtilPathInclusion($p_remove_path, $p_entry['filename']) == 2) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "The folder is the same as the removed path '".$p_entry['filename']."'"); + + // ----- Change the file status + $p_entry['status'] = "filtered"; + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + $p_remove_path_size = strlen($p_remove_path); + if (substr($p_entry['filename'], 0, $p_remove_path_size) == $p_remove_path) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Found path '$p_remove_path' to remove in file '".$p_entry['filename']."'"); + + // ----- Remove the path + $p_entry['filename'] = substr($p_entry['filename'], $p_remove_path_size); + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Resulting file is '".$p_entry['filename']."'"); + } + } + + // ----- Add the path + if ($p_path != '') { + $p_entry['filename'] = $p_path."/".$p_entry['filename']; + } + + // ----- Check a base_dir_restriction + if (isset($p_options[PCLZIP_OPT_EXTRACT_DIR_RESTRICTION])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Check the extract directory restriction"); + $v_inclusion + = PclZipUtilPathInclusion($p_options[PCLZIP_OPT_EXTRACT_DIR_RESTRICTION], + $p_entry['filename']); + if ($v_inclusion == 0) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "PCLZIP_OPT_EXTRACT_DIR_RESTRICTION is selected, file is outside restriction"); + + PclZip::privErrorLog(PCLZIP_ERR_DIRECTORY_RESTRICTION, + "Filename '".$p_entry['filename']."' is " + ."outside PCLZIP_OPT_EXTRACT_DIR_RESTRICTION"); + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + } + + // ----- Look for pre-extract callback + if (isset($p_options[PCLZIP_CB_PRE_EXTRACT])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "A pre-callback '".$p_options[PCLZIP_CB_PRE_EXTRACT]."()') is defined for the extraction"); + + // ----- Generate a local information + $v_local_header = array(); + $this->privConvertHeader2FileInfo($p_entry, $v_local_header); + + // ----- Call the callback + // Here I do not use call_user_func() because I need to send a reference to the + // header. + eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT].'(PCLZIP_CB_PRE_EXTRACT, $v_local_header);'); + if ($v_result == 0) { + // ----- Change the file status + $p_entry['status'] = "skipped"; + $v_result = 1; + } + + // ----- Look for abort result + if ($v_result == 2) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "User callback abort the extraction"); + // ----- This status is internal and will be changed in 'skipped' + $p_entry['status'] = "aborted"; + $v_result = PCLZIP_ERR_USER_ABORTED; + } + + // ----- Update the informations + // Only some fields can be modified + $p_entry['filename'] = $v_local_header['filename']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "New filename is '".$p_entry['filename']."'"); + } + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Extracting file (with path) '".$p_entry['filename']."', size '$v_header[size]'"); + + // ----- Look if extraction should be done + if ($p_entry['status'] == 'ok') { + + // ----- Look for specific actions while the file exist + if (file_exists($p_entry['filename'])) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "File '".$p_entry['filename']."' already exists"); + + // ----- Look if file is a directory + if (is_dir($p_entry['filename'])) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Existing file '".$p_entry['filename']."' is a directory"); + + // ----- Change the file status + $p_entry['status'] = "already_a_directory"; + + // ----- Look for PCLZIP_OPT_STOP_ON_ERROR + // For historical reason first PclZip implementation does not stop + // when this kind of error occurs. + if ( (isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) + && ($p_options[PCLZIP_OPT_STOP_ON_ERROR]===true)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "PCLZIP_OPT_STOP_ON_ERROR is selected, extraction will be stopped"); + + PclZip::privErrorLog(PCLZIP_ERR_ALREADY_A_DIRECTORY, + "Filename '".$p_entry['filename']."' is " + ."already used by an existing directory"); + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + } + // ----- Look if file is write protected + else if (!is_writeable($p_entry['filename'])) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Existing file '".$p_entry['filename']."' is write protected"); + + // ----- Change the file status + $p_entry['status'] = "write_protected"; + + // ----- Look for PCLZIP_OPT_STOP_ON_ERROR + // For historical reason first PclZip implementation does not stop + // when this kind of error occurs. + if ( (isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) + && ($p_options[PCLZIP_OPT_STOP_ON_ERROR]===true)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "PCLZIP_OPT_STOP_ON_ERROR is selected, extraction will be stopped"); + + PclZip::privErrorLog(PCLZIP_ERR_WRITE_OPEN_FAIL, + "Filename '".$p_entry['filename']."' exists " + ."and is write protected"); + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + } + + // ----- Look if the extracted file is older + else if (filemtime($p_entry['filename']) > $p_entry['mtime']) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Existing file '".$p_entry['filename']."' is newer (".date("l dS of F Y h:i:s A", filemtime($p_entry['filename'])).") than the extracted file (".date("l dS of F Y h:i:s A", $p_entry['mtime']).")"); + // ----- Change the file status + if ( (isset($p_options[PCLZIP_OPT_REPLACE_NEWER])) + && ($p_options[PCLZIP_OPT_REPLACE_NEWER]===true)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "PCLZIP_OPT_REPLACE_NEWER is selected, file will be replaced"); + } + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "File will not be replaced"); + $p_entry['status'] = "newer_exist"; + + // ----- Look for PCLZIP_OPT_STOP_ON_ERROR + // For historical reason first PclZip implementation does not stop + // when this kind of error occurs. + if ( (isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) + && ($p_options[PCLZIP_OPT_STOP_ON_ERROR]===true)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "PCLZIP_OPT_STOP_ON_ERROR is selected, extraction will be stopped"); + + PclZip::privErrorLog(PCLZIP_ERR_WRITE_OPEN_FAIL, + "Newer version of '".$p_entry['filename']."' exists " + ."and option PCLZIP_OPT_REPLACE_NEWER is not selected"); + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + } + } + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Existing file '".$p_entry['filename']."' is older than the extrated one - will be replaced by the extracted one (".date("l dS of F Y h:i:s A", filemtime($p_entry['filename'])).") than the extracted file (".date("l dS of F Y h:i:s A", $p_entry['mtime']).")"); + } + } + + // ----- Check the directory availability and create it if necessary + else { + if ((($p_entry['external']&0x00000010)==0x00000010) || (substr($p_entry['filename'], -1) == '/')) + $v_dir_to_check = $p_entry['filename']; + else if (!strstr($p_entry['filename'], "/")) + $v_dir_to_check = ""; + else + $v_dir_to_check = dirname($p_entry['filename']); + + if (($v_result = $this->privDirCheck($v_dir_to_check, (($p_entry['external']&0x00000010)==0x00000010))) != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Unable to create path for '".$p_entry['filename']."'"); + + // ----- Change the file status + $p_entry['status'] = "path_creation_fail"; + + // ----- Return + ////--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + //return $v_result; + $v_result = 1; + } + } + } + + // ----- Look if extraction should be done + if ($p_entry['status'] == 'ok') { + + // ----- Do the extraction (if not a folder) + if (!(($p_entry['external']&0x00000010)==0x00000010)) + { + // ----- Look for not compressed file + if ($p_entry['compression'] == 0) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Extracting an un-compressed file"); + + // ----- Opening destination file + if (($v_dest_file = @fopen($p_entry['filename'], 'wb')) == 0) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Error while opening '".$p_entry['filename']."' in write binary mode"); + + // ----- Change the file status + $p_entry['status'] = "write_error"; + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Read '".$p_entry['size']."' bytes"); + + // ----- Read the file by PCLZIP_READ_BLOCK_SIZE octets blocks + $v_size = $p_entry['compressed_size']; + while ($v_size != 0) + { + $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Read $v_read_size bytes"); + $v_buffer = @fread($this->zip_fd, $v_read_size); + /* Try to speed up the code + $v_binary_data = pack('a'.$v_read_size, $v_buffer); + @fwrite($v_dest_file, $v_binary_data, $v_read_size); + */ + @fwrite($v_dest_file, $v_buffer, $v_read_size); + $v_size -= $v_read_size; + } + + // ----- Closing the destination file + fclose($v_dest_file); + + // ----- Change the file mtime + touch($p_entry['filename'], $p_entry['mtime']); + + + } + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Extracting a compressed file (Compression method ".$p_entry['compression'].")"); + // ----- TBC + // Need to be finished + if (($p_entry['flag'] & 1) == 1) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "File is encrypted"); + /* + // ----- Read the encryption header + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Read 12 encryption header bytes"); + $v_encryption_header = @fread($this->zip_fd, 12); + + // ----- Read the encrypted & compressed file in a buffer + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Read '".($p_entry['compressed_size']-12)."' compressed & encrypted bytes"); + $v_buffer = @fread($this->zip_fd, $p_entry['compressed_size']-12); + + // ----- Decrypt the buffer + $this->privDecrypt($v_encryption_header, $v_buffer, + $p_entry['compressed_size']-12, $p_entry['crc']); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Buffer is '".$v_buffer."'"); + */ + } + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Read '".$p_entry['compressed_size']."' compressed bytes"); + // ----- Read the compressed file in a buffer (one shot) + $v_buffer = @fread($this->zip_fd, $p_entry['compressed_size']); + } + + // ----- Decompress the file + $v_file_content = @gzinflate($v_buffer); + unset($v_buffer); + if ($v_file_content === FALSE) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Unable to inflate compressed file"); + + // ----- Change the file status + // TBC + $p_entry['status'] = "error"; + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Opening destination file + if (($v_dest_file = @fopen($p_entry['filename'], 'wb')) == 0) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Error while opening '".$p_entry['filename']."' in write binary mode"); + + // ----- Change the file status + $p_entry['status'] = "write_error"; + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Write the uncompressed data + @fwrite($v_dest_file, $v_file_content, $p_entry['size']); + unset($v_file_content); + + // ----- Closing the destination file + @fclose($v_dest_file); + + // ----- Change the file mtime + @touch($p_entry['filename'], $p_entry['mtime']); + } + + // ----- Look for chmod option + if (isset($p_options[PCLZIP_OPT_SET_CHMOD])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "chmod option activated '".$p_options[PCLZIP_OPT_SET_CHMOD]."'"); + + // ----- Change the mode of the file + @chmod($p_entry['filename'], $p_options[PCLZIP_OPT_SET_CHMOD]); + } + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Extraction done"); + } + } + + // ----- Change abort status + if ($p_entry['status'] == "aborted") { + $p_entry['status'] = "skipped"; + } + + // ----- Look for post-extract callback + elseif (isset($p_options[PCLZIP_CB_POST_EXTRACT])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "A post-callback '".$p_options[PCLZIP_CB_POST_EXTRACT]."()') is defined for the extraction"); + + // ----- Generate a local information + $v_local_header = array(); + $this->privConvertHeader2FileInfo($p_entry, $v_local_header); + + // ----- Call the callback + // Here I do not use call_user_func() because I need to send a reference to the + // header. + eval('$v_result = '.$p_options[PCLZIP_CB_POST_EXTRACT].'(PCLZIP_CB_POST_EXTRACT, $v_local_header);'); + + // ----- Look for abort result + if ($v_result == 2) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "User callback abort the extraction"); + $v_result = PCLZIP_ERR_USER_ABORTED; + } + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privExtractFileInOutput() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privExtractFileInOutput(&$p_entry, &$p_options) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, 'PclZip::privExtractFileInOutput', ""); + $v_result=1; + + // ----- Read the file header + if (($v_result = $this->privReadFileHeader($v_header)) != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Found file '".$v_header['filename']."', size '".$v_header['size']."'"); + + // ----- Check that the file header is coherent with $p_entry info + if ($this->privCheckFileHeaders($v_header, $p_entry) != 1) { + // TBC + } + + // ----- Look for pre-extract callback + if (isset($p_options[PCLZIP_CB_PRE_EXTRACT])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "A pre-callback '".$p_options[PCLZIP_CB_PRE_EXTRACT]."()') is defined for the extraction"); + + // ----- Generate a local information + $v_local_header = array(); + $this->privConvertHeader2FileInfo($p_entry, $v_local_header); + + // ----- Call the callback + // Here I do not use call_user_func() because I need to send a reference to the + // header. + eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT].'(PCLZIP_CB_PRE_EXTRACT, $v_local_header);'); + if ($v_result == 0) { + // ----- Change the file status + $p_entry['status'] = "skipped"; + $v_result = 1; + } + + // ----- Look for abort result + if ($v_result == 2) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "User callback abort the extraction"); + // ----- This status is internal and will be changed in 'skipped' + $p_entry['status'] = "aborted"; + $v_result = PCLZIP_ERR_USER_ABORTED; + } + + // ----- Update the informations + // Only some fields can be modified + $p_entry['filename'] = $v_local_header['filename']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "New filename is '".$p_entry['filename']."'"); + } + + // ----- Trace + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Extracting file (with path) '".$p_entry['filename']."', size '$v_header[size]'"); + + // ----- Look if extraction should be done + if ($p_entry['status'] == 'ok') { + + // ----- Do the extraction (if not a folder) + if (!(($p_entry['external']&0x00000010)==0x00000010)) { + // ----- Look for not compressed file + if ($p_entry['compressed_size'] == $p_entry['size']) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Extracting an un-compressed file"); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Reading '".$p_entry['size']."' bytes"); + + // ----- Read the file in a buffer (one shot) + $v_buffer = @fread($this->zip_fd, $p_entry['compressed_size']); + + // ----- Send the file to the output + echo $v_buffer; + unset($v_buffer); + } + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Extracting a compressed file"); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Reading '".$p_entry['size']."' bytes"); + + // ----- Read the compressed file in a buffer (one shot) + $v_buffer = @fread($this->zip_fd, $p_entry['compressed_size']); + + // ----- Decompress the file + $v_file_content = gzinflate($v_buffer); + unset($v_buffer); + + // ----- Send the file to the output + echo $v_file_content; + unset($v_file_content); + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Extraction done"); + } + } + + // ----- Change abort status + if ($p_entry['status'] == "aborted") { + $p_entry['status'] = "skipped"; + } + + // ----- Look for post-extract callback + elseif (isset($p_options[PCLZIP_CB_POST_EXTRACT])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "A post-callback '".$p_options[PCLZIP_CB_POST_EXTRACT]."()') is defined for the extraction"); + + // ----- Generate a local information + $v_local_header = array(); + $this->privConvertHeader2FileInfo($p_entry, $v_local_header); + + // ----- Call the callback + // Here I do not use call_user_func() because I need to send a reference to the + // header. + eval('$v_result = '.$p_options[PCLZIP_CB_POST_EXTRACT].'(PCLZIP_CB_POST_EXTRACT, $v_local_header);'); + + // ----- Look for abort result + if ($v_result == 2) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "User callback abort the extraction"); + $v_result = PCLZIP_ERR_USER_ABORTED; + } + } + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privExtractFileAsString() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privExtractFileAsString(&$p_entry, &$p_string) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, 'PclZip::privExtractFileAsString', "p_entry['filename']='".$p_entry['filename']."'"); + $v_result=1; + + // ----- Read the file header + $v_header = array(); + if (($v_result = $this->privReadFileHeader($v_header)) != 1) + { + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Found file '".$v_header['filename']."', size '".$v_header['size']."'"); + + // ----- Check that the file header is coherent with $p_entry info + if ($this->privCheckFileHeaders($v_header, $p_entry) != 1) { + // TBC + } + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Extracting file in string (with path) '".$p_entry['filename']."', size '$v_header[size]'"); + + // ----- Do the extraction (if not a folder) + if (!(($p_entry['external']&0x00000010)==0x00000010)) + { + // ----- Look for not compressed file +// if ($p_entry['compressed_size'] == $p_entry['size']) + if ($p_entry['compression'] == 0) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Extracting an un-compressed file"); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Reading '".$p_entry['size']."' bytes"); + + // ----- Reading the file + $p_string = @fread($this->zip_fd, $p_entry['compressed_size']); + } + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Extracting a compressed file (compression method '".$p_entry['compression']."')"); + + // ----- Reading the file + $v_data = @fread($this->zip_fd, $p_entry['compressed_size']); + + // ----- Decompress the file + if (($p_string = @gzinflate($v_data)) === FALSE) { + // TBC + } + } + + // ----- Trace + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Extraction done"); + } + else { + // TBC : error : can not extract a folder in a string + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privReadFileHeader() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privReadFileHeader(&$p_header) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privReadFileHeader", ""); + $v_result=1; + + // ----- Read the 4 bytes signature + $v_binary_data = @fread($this->zip_fd, 4); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Binary data is : '".sprintf("%08x", $v_binary_data)."'"); + $v_data = unpack('Vid', $v_binary_data); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Binary signature is : '".sprintf("0x%08x", $v_data['id'])."'"); + + // ----- Check signature + if ($v_data['id'] != 0x04034b50) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Invalid File header"); + + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'Invalid archive structure'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Read the first 42 bytes of the header + $v_binary_data = fread($this->zip_fd, 26); + + // ----- Look for invalid block size + if (strlen($v_binary_data) != 26) + { + $p_header['filename'] = ""; + $p_header['status'] = "invalid_header"; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Invalid block size : ".strlen($v_binary_data)); + + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, "Invalid block size : ".strlen($v_binary_data)); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Extract the values + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Header : '".$v_binary_data."'"); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Header (Hex) : '".bin2hex($v_binary_data)."'"); + $v_data = unpack('vversion/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len', $v_binary_data); + + // ----- Get filename + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "File name length : ".$v_data['filename_len']); + $p_header['filename'] = fread($this->zip_fd, $v_data['filename_len']); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Filename : \''.$p_header['filename'].'\''); + + // ----- Get extra_fields + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Extra field length : ".$v_data['extra_len']); + if ($v_data['extra_len'] != 0) { + $p_header['extra'] = fread($this->zip_fd, $v_data['extra_len']); + } + else { + $p_header['extra'] = ''; + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Extra field : \''.bin2hex($p_header['extra']).'\''); + + // ----- Extract properties + $p_header['version_extracted'] = $v_data['version']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Version need to extract : ('.$p_header['version_extracted'].') \''.($p_header['version_extracted']/10).'.'.($p_header['version_extracted']%10).'\''); + $p_header['compression'] = $v_data['compression']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Compression method : \''.$p_header['compression'].'\''); + $p_header['size'] = $v_data['size']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Size : \''.$p_header['size'].'\''); + $p_header['compressed_size'] = $v_data['compressed_size']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Compressed Size : \''.$p_header['compressed_size'].'\''); + $p_header['crc'] = $v_data['crc']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'CRC : \''.sprintf("0x%X", $p_header['crc']).'\''); + $p_header['flag'] = $v_data['flag']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Flag : \''.$p_header['flag'].'\''); + $p_header['filename_len'] = $v_data['filename_len']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Filename_len : \''.$p_header['filename_len'].'\''); + + // ----- Recuperate date in UNIX format + $p_header['mdate'] = $v_data['mdate']; + $p_header['mtime'] = $v_data['mtime']; + if ($p_header['mdate'] && $p_header['mtime']) + { + // ----- Extract time + $v_hour = ($p_header['mtime'] & 0xF800) >> 11; + $v_minute = ($p_header['mtime'] & 0x07E0) >> 5; + $v_seconde = ($p_header['mtime'] & 0x001F)*2; + + // ----- Extract date + $v_year = (($p_header['mdate'] & 0xFE00) >> 9) + 1980; + $v_month = ($p_header['mdate'] & 0x01E0) >> 5; + $v_day = $p_header['mdate'] & 0x001F; + + // ----- Get UNIX date format + $p_header['mtime'] = mktime($v_hour, $v_minute, $v_seconde, $v_month, $v_day, $v_year); + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Date : \''.date("d/m/y H:i:s", $p_header['mtime']).'\''); + } + else + { + $p_header['mtime'] = time(); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Date is actual : \''.date("d/m/y H:i:s", $p_header['mtime']).'\''); + } + + // TBC + //for(reset($v_data); $key = key($v_data); next($v_data)) { + // //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Attribut[$key] = ".$v_data[$key]); + //} + + // ----- Set the stored filename + $p_header['stored_filename'] = $p_header['filename']; + + // ----- Set the status field + $p_header['status'] = "ok"; + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privReadCentralFileHeader() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privReadCentralFileHeader(&$p_header) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privReadCentralFileHeader", ""); + $v_result=1; + + // ----- Read the 4 bytes signature + $v_binary_data = @fread($this->zip_fd, 4); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Binary data is : '".sprintf("%08x", $v_binary_data)."'"); + $v_data = unpack('Vid', $v_binary_data); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Binary signature is : '".sprintf("0x%08x", $v_data['id'])."'"); + + // ----- Check signature + if ($v_data['id'] != 0x02014b50) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Invalid Central Dir File signature"); + + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'Invalid archive structure'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Read the first 42 bytes of the header + $v_binary_data = fread($this->zip_fd, 42); + + // ----- Look for invalid block size + if (strlen($v_binary_data) != 42) + { + $p_header['filename'] = ""; + $p_header['status'] = "invalid_header"; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Invalid block size : ".strlen($v_binary_data)); + + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, "Invalid block size : ".strlen($v_binary_data)); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Extract the values + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Header : '".$v_binary_data."'"); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Header (Hex) : '".bin2hex($v_binary_data)."'"); + $p_header = unpack('vversion/vversion_extracted/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len/vcomment_len/vdisk/vinternal/Vexternal/Voffset', $v_binary_data); + + // ----- Get filename + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "File name length : ".$p_header['filename_len']); + if ($p_header['filename_len'] != 0) + $p_header['filename'] = fread($this->zip_fd, $p_header['filename_len']); + else + $p_header['filename'] = ''; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Filename : \''.$p_header['filename'].'\''); + + // ----- Get extra + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Extra length : ".$p_header['extra_len']); + if ($p_header['extra_len'] != 0) + $p_header['extra'] = fread($this->zip_fd, $p_header['extra_len']); + else + $p_header['extra'] = ''; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Extra : \''.$p_header['extra'].'\''); + + // ----- Get comment + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Comment length : ".$p_header['comment_len']); + if ($p_header['comment_len'] != 0) + $p_header['comment'] = fread($this->zip_fd, $p_header['comment_len']); + else + $p_header['comment'] = ''; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Comment : \''.$p_header['comment'].'\''); + + // ----- Extract properties + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Version : \''.($p_header['version']/10).'.'.($p_header['version']%10).'\''); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Version need to extract : \''.($p_header['version_extracted']/10).'.'.($p_header['version_extracted']%10).'\''); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Size : \''.$p_header['size'].'\''); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Compressed Size : \''.$p_header['compressed_size'].'\''); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'CRC : \''.sprintf("0x%X", $p_header['crc']).'\''); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Flag : \''.$p_header['flag'].'\''); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Offset : \''.$p_header['offset'].'\''); + + // ----- Recuperate date in UNIX format + //if ($p_header['mdate'] && $p_header['mtime']) + // TBC : bug : this was ignoring time with 0/0/0 + if (1) + { + // ----- Extract time + $v_hour = ($p_header['mtime'] & 0xF800) >> 11; + $v_minute = ($p_header['mtime'] & 0x07E0) >> 5; + $v_seconde = ($p_header['mtime'] & 0x001F)*2; + + // ----- Extract date + $v_year = (($p_header['mdate'] & 0xFE00) >> 9) + 1980; + $v_month = ($p_header['mdate'] & 0x01E0) >> 5; + $v_day = $p_header['mdate'] & 0x001F; + + // ----- Get UNIX date format + $p_header['mtime'] = @mktime($v_hour, $v_minute, $v_seconde, $v_month, $v_day, $v_year); + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Date : \''.date("d/m/y H:i:s", $p_header['mtime']).'\''); + } + else + { + $p_header['mtime'] = time(); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Date is actual : \''.date("d/m/y H:i:s", $p_header['mtime']).'\''); + } + + // ----- Set the stored filename + $p_header['stored_filename'] = $p_header['filename']; + + // ----- Set default status to ok + $p_header['status'] = 'ok'; + + // ----- Look if it is a directory + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Internal (Hex) : '".sprintf("Ox%04X", $p_header['internal'])."'"); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "External (Hex) : '".sprintf("Ox%04X", $p_header['external'])."' (".(($p_header['external']&0x00000010)==0x00000010?'is a folder':'is a file').')'); + if (substr($p_header['filename'], -1) == '/') { + //$p_header['external'] = 0x41FF0010; + $p_header['external'] = 0x00000010; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Force folder external : \''.sprintf("Ox%04X", $p_header['external']).'\''); + } + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Header of filename : \''.$p_header['filename'].'\''); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privCheckFileHeaders() + // Description : + // Parameters : + // Return Values : + // 1 on success, + // 0 on error; + // -------------------------------------------------------------------------------- + function privCheckFileHeaders(&$p_local_header, &$p_central_header) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privCheckFileHeaders", ""); + $v_result=1; + + // ----- Check the static values + // TBC + if ($p_local_header['filename'] != $p_central_header['filename']) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Bad check "filename" : TBC To Be Completed'); + } + if ($p_local_header['version_extracted'] != $p_central_header['version_extracted']) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Bad check "version_extracted" : TBC To Be Completed'); + } + if ($p_local_header['flag'] != $p_central_header['flag']) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Bad check "flag" : TBC To Be Completed'); + } + if ($p_local_header['compression'] != $p_central_header['compression']) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Bad check "compression" : TBC To Be Completed'); + } + if ($p_local_header['mtime'] != $p_central_header['mtime']) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Bad check "mtime" : TBC To Be Completed'); + } + if ($p_local_header['filename_len'] != $p_central_header['filename_len']) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Bad check "filename_len" : TBC To Be Completed'); + } + + // ----- Look for flag bit 3 + if (($p_local_header['flag'] & 8) == 8) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Purpose bit flag bit 3 set !'); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'File size, compression size and crc found in central header'); + $p_local_header['size'] = $p_central_header['size']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Size : \''.$p_local_header['size'].'\''); + $p_local_header['compressed_size'] = $p_central_header['compressed_size']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Compressed Size : \''.$p_local_header['compressed_size'].'\''); + $p_local_header['crc'] = $p_central_header['crc']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'CRC : \''.sprintf("0x%X", $p_local_header['crc']).'\''); + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privReadEndCentralDir() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privReadEndCentralDir(&$p_central_dir) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privReadEndCentralDir", ""); + $v_result=1; + + // ----- Go to the end of the zip file + $v_size = filesize($this->zipname); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Size of the file :$v_size"); + @fseek($this->zip_fd, $v_size); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Position at end of zip file : \''.ftell($this->zip_fd).'\''); + if (@ftell($this->zip_fd) != $v_size) + { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'Unable to go to the end of the archive \''.$this->zipname.'\''); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- First try : look if this is an archive with no commentaries (most of the time) + // in this case the end of central dir is at 22 bytes of the file end + $v_found = 0; + if ($v_size > 26) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Look for central dir with no comment'); + @fseek($this->zip_fd, $v_size-22); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Position after min central position : \''.ftell($this->zip_fd).'\''); + if (($v_pos = @ftell($this->zip_fd)) != ($v_size-22)) + { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'Unable to seek back to the middle of the archive \''.$this->zipname.'\''); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Read for bytes + $v_binary_data = @fread($this->zip_fd, 4); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Binary data is : '".sprintf("%08x", $v_binary_data)."'"); + $v_data = @unpack('Vid', $v_binary_data); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Binary signature is : '".sprintf("0x%08x", $v_data['id'])."'"); + + // ----- Check signature + if ($v_data['id'] == 0x06054b50) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Found central dir at the default position."); + $v_found = 1; + } + + $v_pos = ftell($this->zip_fd); + } + + // ----- Go back to the maximum possible size of the Central Dir End Record + if (!$v_found) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Start extended search of end central dir'); + $v_maximum_size = 65557; // 0xFFFF + 22; + if ($v_maximum_size > $v_size) + $v_maximum_size = $v_size; + @fseek($this->zip_fd, $v_size-$v_maximum_size); + if (@ftell($this->zip_fd) != ($v_size-$v_maximum_size)) + { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'Unable to seek back to the middle of the archive \''.$this->zipname.'\''); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Position after max central position : \''.ftell($this->zip_fd).'\''); + + // ----- Read byte per byte in order to find the signature + $v_pos = ftell($this->zip_fd); + $v_bytes = 0x00000000; + while ($v_pos < $v_size) + { + // ----- Read a byte + $v_byte = @fread($this->zip_fd, 1); + + // ----- Add the byte + $v_bytes = ($v_bytes << 8) | Ord($v_byte); + + // ----- Compare the bytes + if ($v_bytes == 0x504b0506) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, 'Found End Central Dir signature at position : \''.ftell($this->zip_fd).'\''); + $v_pos++; + break; + } + + $v_pos++; + } + + // ----- Look if not found end of central dir + if ($v_pos == $v_size) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Unable to find End of Central Dir Record signature"); + + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, "Unable to find End of Central Dir Record signature"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + } + + // ----- Read the first 18 bytes of the header + $v_binary_data = fread($this->zip_fd, 18); + + // ----- Look for invalid block size + if (strlen($v_binary_data) != 18) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "Invalid End of Central Dir Record size : ".strlen($v_binary_data)); + + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, "Invalid End of Central Dir Record size : ".strlen($v_binary_data)); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Extract the values + ////--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Central Dir Record : '".$v_binary_data."'"); + ////--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Central Dir Record (Hex) : '".bin2hex($v_binary_data)."'"); + $v_data = unpack('vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size', $v_binary_data); + + // ----- Check the global size + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Comment length : ".$v_data['comment_size']); + if (($v_pos + $v_data['comment_size'] + 18) != $v_size) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "The central dir is not at the end of the archive. Some trailing bytes exists after the archive."); + + // ----- Removed in release 2.2 see readme file + // The check of the file size is a little too strict. + // Some bugs where found when a zip is encrypted/decrypted with 'crypt'. + // While decrypted, zip has training 0 bytes + if (0) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, + 'The central dir is not at the end of the archive.' + .' Some trailing bytes exists after the archive.'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + } + + // ----- Get comment + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Comment size : \''.$v_data['comment_size'].'\''); + if ($v_data['comment_size'] != 0) { + $p_central_dir['comment'] = fread($this->zip_fd, $v_data['comment_size']); + } + else + $p_central_dir['comment'] = ''; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Comment : \''.$p_central_dir['comment'].'\''); + + $p_central_dir['entries'] = $v_data['entries']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Nb of entries : \''.$p_central_dir['entries'].'\''); + $p_central_dir['disk_entries'] = $v_data['disk_entries']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Nb of entries for this disk : \''.$p_central_dir['disk_entries'].'\''); + $p_central_dir['offset'] = $v_data['offset']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Offset of Central Dir : \''.$p_central_dir['offset'].'\''); + $p_central_dir['size'] = $v_data['size']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Size of Central Dir : \''.$p_central_dir['size'].'\''); + $p_central_dir['disk'] = $v_data['disk']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Disk number : \''.$p_central_dir['disk'].'\''); + $p_central_dir['disk_start'] = $v_data['disk_start']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, 'Start disk number : \''.$p_central_dir['disk_start'].'\''); + + // TBC + //for(reset($p_central_dir); $key = key($p_central_dir); next($p_central_dir)) { + // //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "central_dir[$key] = ".$p_central_dir[$key]); + //} + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privDeleteByRule() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privDeleteByRule(&$p_result_list, &$p_options) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privDeleteByRule", ""); + $v_result=1; + $v_list_detail = array(); + + // ----- Open the zip file + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Open file in binary read mode"); + if (($v_result=$this->privOpenFd('rb')) != 1) + { + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Read the central directory informations + $v_central_dir = array(); + if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) + { + $this->privCloseFd(); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Go to beginning of File + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position in file : ".ftell($this->zip_fd)."'"); + @rewind($this->zip_fd); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position in file : ".ftell($this->zip_fd)."'"); + + // ----- Scan all the files + // ----- Start at beginning of Central Dir + $v_pos_entry = $v_central_dir['offset']; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position before rewind : ".ftell($this->zip_fd)."'"); + @rewind($this->zip_fd); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position after rewind : ".ftell($this->zip_fd)."'"); + if (@fseek($this->zip_fd, $v_pos_entry)) + { + // ----- Close the zip file + $this->privCloseFd(); + + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ARCHIVE_ZIP, 'Invalid archive size'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position after fseek : ".ftell($this->zip_fd)."'"); + + // ----- Read each entry + $v_header_list = array(); + $j_start = 0; + for ($i=0, $v_nb_extracted=0; $i<$v_central_dir['entries']; $i++) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Read next file header entry (index '$i')"); + + // ----- Read the file header + $v_header_list[$v_nb_extracted] = array(); + if (($v_result = $this->privReadCentralFileHeader($v_header_list[$v_nb_extracted])) != 1) + { + // ----- Close the zip file + $this->privCloseFd(); + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Filename (index '$i') : '".$v_header_list[$v_nb_extracted]['stored_filename']."'"); + + // ----- Store the index + $v_header_list[$v_nb_extracted]['index'] = $i; + + // ----- Look for the specific extract rules + $v_found = false; + + // ----- Look for extract by name rule + if ( (isset($p_options[PCLZIP_OPT_BY_NAME])) + && ($p_options[PCLZIP_OPT_BY_NAME] != 0)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Extract with rule 'ByName'"); + + // ----- Look if the filename is in the list + for ($j=0; ($j strlen($p_options[PCLZIP_OPT_BY_NAME][$j])) + && (substr($v_header_list[$v_nb_extracted]['stored_filename'], 0, strlen($p_options[PCLZIP_OPT_BY_NAME][$j])) == $p_options[PCLZIP_OPT_BY_NAME][$j])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "The directory is in the file path"); + $v_found = true; + } + elseif ( (($v_header_list[$v_nb_extracted]['external']&0x00000010)==0x00000010) /* Indicates a folder */ + && ($v_header_list[$v_nb_extracted]['stored_filename'].'/' == $p_options[PCLZIP_OPT_BY_NAME][$j])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "The entry is the searched directory"); + $v_found = true; + } + } + // ----- Look for a filename + elseif ($v_header_list[$v_nb_extracted]['stored_filename'] == $p_options[PCLZIP_OPT_BY_NAME][$j]) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "The file is the right one."); + $v_found = true; + } + } + } + + // ----- Look for extract by ereg rule + else if ( (isset($p_options[PCLZIP_OPT_BY_EREG])) + && ($p_options[PCLZIP_OPT_BY_EREG] != "")) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Extract by ereg '".$p_options[PCLZIP_OPT_BY_EREG]."'"); + + if (ereg($p_options[PCLZIP_OPT_BY_EREG], $v_header_list[$v_nb_extracted]['stored_filename'])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Filename match the regular expression"); + $v_found = true; + } + } + + // ----- Look for extract by preg rule + else if ( (isset($p_options[PCLZIP_OPT_BY_PREG])) + && ($p_options[PCLZIP_OPT_BY_PREG] != "")) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Extract with rule 'ByEreg'"); + + if (preg_match($p_options[PCLZIP_OPT_BY_PREG], $v_header_list[$v_nb_extracted]['stored_filename'])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Filename match the regular expression"); + $v_found = true; + } + } + + // ----- Look for extract by index rule + else if ( (isset($p_options[PCLZIP_OPT_BY_INDEX])) + && ($p_options[PCLZIP_OPT_BY_INDEX] != 0)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Extract with rule 'ByIndex'"); + + // ----- Look if the index is in the list + for ($j=$j_start; ($j=$p_options[PCLZIP_OPT_BY_INDEX][$j]['start']) && ($i<=$p_options[PCLZIP_OPT_BY_INDEX][$j]['end'])) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Found as part of an index range"); + $v_found = true; + } + if ($i>=$p_options[PCLZIP_OPT_BY_INDEX][$j]['end']) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Do not look this index range for next loop"); + $j_start = $j+1; + } + + if ($p_options[PCLZIP_OPT_BY_INDEX][$j]['start']>$i) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Index range is greater than index, stop loop"); + break; + } + } + } + else { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "No argument mean remove all file"); + $v_found = true; + } + + // ----- Look for deletion + if ($v_found) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "File '".$v_header_list[$v_nb_extracted]['stored_filename']."', index '$i' need to be deleted"); + unset($v_header_list[$v_nb_extracted]); + } + else + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 2, "File '".$v_header_list[$v_nb_extracted]['stored_filename']."', index '$i' will not be deleted"); + $v_nb_extracted++; + } + } + + // ----- Look if something need to be deleted + if ($v_nb_extracted > 0) { + + // ----- Creates a temporay file + $v_zip_temp_name = PCLZIP_TEMPORARY_DIR.uniqid('pclzip-').'.tmp'; + + // ----- Creates a temporary zip archive + $v_temp_zip = new PclZip($v_zip_temp_name); + + // ----- Open the temporary zip file in write mode + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Open file in binary write mode"); + if (($v_result = $v_temp_zip->privOpenFd('wb')) != 1) { + $this->privCloseFd(); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Look which file need to be kept + for ($i=0; $izip_fd)."'"); + @rewind($this->zip_fd); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position after rewind : ".ftell($this->zip_fd)."'"); + if (@fseek($this->zip_fd, $v_header_list[$i]['offset'])) { + // ----- Close the zip file + $this->privCloseFd(); + $v_temp_zip->privCloseFd(); + @unlink($v_zip_temp_name); + + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ARCHIVE_ZIP, 'Invalid archive size'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position after fseek : ".ftell($this->zip_fd)."'"); + + // ----- Read the file header + $v_local_header = array(); + if (($v_result = $this->privReadFileHeader($v_local_header)) != 1) { + // ----- Close the zip file + $this->privCloseFd(); + $v_temp_zip->privCloseFd(); + @unlink($v_zip_temp_name); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Check that local file header is same as central file header + if ($this->privCheckFileHeaders($v_local_header, + $v_header_list[$i]) != 1) { + // TBC + } + unset($v_local_header); + + // ----- Write the file header + if (($v_result = $v_temp_zip->privWriteFileHeader($v_header_list[$i])) != 1) { + // ----- Close the zip file + $this->privCloseFd(); + $v_temp_zip->privCloseFd(); + @unlink($v_zip_temp_name); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Offset for this file is '".$v_header_list[$i]['offset']."'"); + + // ----- Read/write the data block + if (($v_result = PclZipUtilCopyBlock($this->zip_fd, $v_temp_zip->zip_fd, $v_header_list[$i]['compressed_size'])) != 1) { + // ----- Close the zip file + $this->privCloseFd(); + $v_temp_zip->privCloseFd(); + @unlink($v_zip_temp_name); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + } + + // ----- Store the offset of the central dir + $v_offset = @ftell($v_temp_zip->zip_fd); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "New offset of central dir : $v_offset"); + + // ----- Re-Create the Central Dir files header + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Creates the new central directory"); + for ($i=0; $iprivWriteCentralFileHeader($v_header_list[$i])) != 1) { + $v_temp_zip->privCloseFd(); + $this->privCloseFd(); + @unlink($v_zip_temp_name); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Transform the header to a 'usable' info + $v_temp_zip->privConvertHeader2FileInfo($v_header_list[$i], $p_result_list[$i]); + } + + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Creates the central directory footer"); + + // ----- Zip file comment + $v_comment = ''; + if (isset($p_options[PCLZIP_OPT_COMMENT])) { + $v_comment = $p_options[PCLZIP_OPT_COMMENT]; + } + + // ----- Calculate the size of the central header + $v_size = @ftell($v_temp_zip->zip_fd)-$v_offset; + + // ----- Create the central dir footer + if (($v_result = $v_temp_zip->privWriteCentralHeader(sizeof($v_header_list), $v_size, $v_offset, $v_comment)) != 1) { + // ----- Reset the file list + unset($v_header_list); + $v_temp_zip->privCloseFd(); + $this->privCloseFd(); + @unlink($v_zip_temp_name); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Close + $v_temp_zip->privCloseFd(); + $this->privCloseFd(); + + // ----- Delete the zip file + // TBC : I should test the result ... + @unlink($this->zipname); + + // ----- Rename the temporary file + // TBC : I should test the result ... + //@rename($v_zip_temp_name, $this->zipname); + PclZipUtilRename($v_zip_temp_name, $this->zipname); + + // ----- Destroy the temporary archive + unset($v_temp_zip); + } + + // ----- Remove every files : reset the file + else if ($v_central_dir['entries'] != 0) { + $this->privCloseFd(); + + if (($v_result = $this->privOpenFd('wb')) != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + if (($v_result = $this->privWriteCentralHeader(0, 0, 0, '')) != 1) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + $this->privCloseFd(); + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privDirCheck() + // Description : + // Check if a directory exists, if not it creates it and all the parents directory + // which may be useful. + // Parameters : + // $p_dir : Directory path to check. + // Return Values : + // 1 : OK + // -1 : Unable to create directory + // -------------------------------------------------------------------------------- + function privDirCheck($p_dir, $p_is_dir=false) + { + $v_result = 1; + + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privDirCheck", "entry='$p_dir', is_dir='".($p_is_dir?"true":"false")."'"); + + // ----- Remove the final '/' + if (($p_is_dir) && (substr($p_dir, -1)=='/')) + { + $p_dir = substr($p_dir, 0, strlen($p_dir)-1); + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Looking for entry '$p_dir'"); + + // ----- Check the directory availability + if ((is_dir($p_dir)) || ($p_dir == "")) + { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, "'$p_dir' is a directory"); + return 1; + } + + // ----- Extract parent directory + $p_parent_dir = dirname($p_dir); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Parent directory is '$p_parent_dir'"); + + // ----- Just a check + if ($p_parent_dir != $p_dir) + { + // ----- Look for parent directory + if ($p_parent_dir != "") + { + if (($v_result = $this->privDirCheck($p_parent_dir)) != 1) + { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + } + } + + // ----- Create the directory + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Create directory '$p_dir'"); + if (!@mkdir($p_dir, 0777)) + { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_DIR_CREATE_FAIL, "Unable to create directory '$p_dir'"); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result, "Directory '$p_dir' created"); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privMerge() + // Description : + // If $p_archive_to_add does not exist, the function exit with a success result. + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privMerge(&$p_archive_to_add) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privMerge", "archive='".$p_archive_to_add->zipname."'"); + $v_result=1; + + // ----- Look if the archive_to_add exists + if (!is_file($p_archive_to_add->zipname)) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Archive to add does not exist. End of merge."); + + // ----- Nothing to merge, so merge is a success + $v_result = 1; + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Look if the archive exists + if (!is_file($this->zipname)) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Archive does not exist, duplicate the archive_to_add."); + + // ----- Do a duplicate + $v_result = $this->privDuplicate($p_archive_to_add->zipname); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Open the zip file + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Open file in binary read mode"); + if (($v_result=$this->privOpenFd('rb')) != 1) + { + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Read the central directory informations + $v_central_dir = array(); + if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) + { + $this->privCloseFd(); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Go to beginning of File + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position in zip : ".ftell($this->zip_fd)."'"); + @rewind($this->zip_fd); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position in zip : ".ftell($this->zip_fd)."'"); + + // ----- Open the archive_to_add file + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Open archive_to_add in binary read mode"); + if (($v_result=$p_archive_to_add->privOpenFd('rb')) != 1) + { + $this->privCloseFd(); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Read the central directory informations + $v_central_dir_to_add = array(); + if (($v_result = $p_archive_to_add->privReadEndCentralDir($v_central_dir_to_add)) != 1) + { + $this->privCloseFd(); + $p_archive_to_add->privCloseFd(); + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Go to beginning of File + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position in archive_to_add : ".ftell($p_archive_to_add->zip_fd)."'"); + @rewind($p_archive_to_add->zip_fd); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Position in archive_to_add : ".ftell($p_archive_to_add->zip_fd)."'"); + + // ----- Creates a temporay file + $v_zip_temp_name = PCLZIP_TEMPORARY_DIR.uniqid('pclzip-').'.tmp'; + + // ----- Open the temporary file in write mode + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Open file in binary read mode"); + if (($v_zip_temp_fd = @fopen($v_zip_temp_name, 'wb')) == 0) + { + $this->privCloseFd(); + $p_archive_to_add->privCloseFd(); + + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open temporary file \''.$v_zip_temp_name.'\' in binary write mode'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Copy the files from the archive to the temporary file + // TBC : Here I should better append the file and go back to erase the central dir + $v_size = $v_central_dir['offset']; + while ($v_size != 0) + { + $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Read $v_read_size bytes"); + $v_buffer = fread($this->zip_fd, $v_read_size); + @fwrite($v_zip_temp_fd, $v_buffer, $v_read_size); + $v_size -= $v_read_size; + } + + // ----- Copy the files from the archive_to_add into the temporary file + $v_size = $v_central_dir_to_add['offset']; + while ($v_size != 0) + { + $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Read $v_read_size bytes"); + $v_buffer = fread($p_archive_to_add->zip_fd, $v_read_size); + @fwrite($v_zip_temp_fd, $v_buffer, $v_read_size); + $v_size -= $v_read_size; + } + + // ----- Store the offset of the central dir + $v_offset = @ftell($v_zip_temp_fd); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "New offset of central dir : $v_offset"); + + // ----- Copy the block of file headers from the old archive + $v_size = $v_central_dir['size']; + while ($v_size != 0) + { + $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Read $v_read_size bytes"); + $v_buffer = @fread($this->zip_fd, $v_read_size); + @fwrite($v_zip_temp_fd, $v_buffer, $v_read_size); + $v_size -= $v_read_size; + } + + // ----- Copy the block of file headers from the archive_to_add + $v_size = $v_central_dir_to_add['size']; + while ($v_size != 0) + { + $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Read $v_read_size bytes"); + $v_buffer = @fread($p_archive_to_add->zip_fd, $v_read_size); + @fwrite($v_zip_temp_fd, $v_buffer, $v_read_size); + $v_size -= $v_read_size; + } + + // ----- Merge the file comments + $v_comment = $v_central_dir['comment'].' '.$v_central_dir_to_add['comment']; + + // ----- Calculate the size of the (new) central header + $v_size = @ftell($v_zip_temp_fd)-$v_offset; + + // ----- Swap the file descriptor + // Here is a trick : I swap the temporary fd with the zip fd, in order to use + // the following methods on the temporary fil and not the real archive fd + $v_swap = $this->zip_fd; + $this->zip_fd = $v_zip_temp_fd; + $v_zip_temp_fd = $v_swap; + + // ----- Create the central dir footer + if (($v_result = $this->privWriteCentralHeader($v_central_dir['entries']+$v_central_dir_to_add['entries'], $v_size, $v_offset, $v_comment)) != 1) + { + $this->privCloseFd(); + $p_archive_to_add->privCloseFd(); + @fclose($v_zip_temp_fd); + $this->zip_fd = null; + + // ----- Reset the file list + unset($v_header_list); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Swap back the file descriptor + $v_swap = $this->zip_fd; + $this->zip_fd = $v_zip_temp_fd; + $v_zip_temp_fd = $v_swap; + + // ----- Close + $this->privCloseFd(); + $p_archive_to_add->privCloseFd(); + + // ----- Close the temporary file + @fclose($v_zip_temp_fd); + + // ----- Delete the zip file + // TBC : I should test the result ... + @unlink($this->zipname); + + // ----- Rename the temporary file + // TBC : I should test the result ... + //@rename($v_zip_temp_name, $this->zipname); + PclZipUtilRename($v_zip_temp_name, $this->zipname); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privDuplicate() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privDuplicate($p_archive_filename) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZip::privDuplicate", "archive_filename='$p_archive_filename'"); + $v_result=1; + + // ----- Look if the $p_archive_filename exists + if (!is_file($p_archive_filename)) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Archive to duplicate does not exist. End of duplicate."); + + // ----- Nothing to duplicate, so duplicate is a success. + $v_result = 1; + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Open the zip file + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Open file in binary read mode"); + if (($v_result=$this->privOpenFd('wb')) != 1) + { + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Open the temporary file in write mode + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Open file in binary read mode"); + if (($v_zip_temp_fd = @fopen($p_archive_filename, 'rb')) == 0) + { + $this->privCloseFd(); + + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open archive file \''.$p_archive_filename.'\' in binary write mode'); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, PclZip::errorCode(), PclZip::errorInfo()); + return PclZip::errorCode(); + } + + // ----- Copy the files from the archive to the temporary file + // TBC : Here I should better append the file and go back to erase the central dir + $v_size = filesize($p_archive_filename); + while ($v_size != 0) + { + $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Read $v_read_size bytes"); + $v_buffer = fread($v_zip_temp_fd, $v_read_size); + @fwrite($this->zip_fd, $v_buffer, $v_read_size); + $v_size -= $v_read_size; + } + + // ----- Close + $this->privCloseFd(); + + // ----- Close the temporary file + @fclose($v_zip_temp_fd); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privErrorLog() + // Description : + // Parameters : + // -------------------------------------------------------------------------------- + function privErrorLog($p_error_code=0, $p_error_string='') + { + if (PCLZIP_ERROR_EXTERNAL == 1) { + PclError($p_error_code, $p_error_string); + } + else { + $this->error_code = $p_error_code; + $this->error_string = $p_error_string; + } + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privErrorReset() + // Description : + // Parameters : + // -------------------------------------------------------------------------------- + function privErrorReset() + { + if (PCLZIP_ERROR_EXTERNAL == 1) { + PclErrorReset(); + } + else { + $this->error_code = 0; + $this->error_string = ''; + } + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privDecrypt() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privDecrypt($p_encryption_header, &$p_buffer, $p_size, $p_crc) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, 'PclZip::privDecrypt', "size=".$p_size.""); + $v_result=1; + + // ----- To Be Modified ;-) + $v_pwd = "test"; + + $p_buffer = PclZipUtilZipDecrypt($p_buffer, $p_size, $p_encryption_header, + $p_crc, $v_pwd); + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privDisableMagicQuotes() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privDisableMagicQuotes() + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, 'PclZip::privDisableMagicQuotes', ""); + $v_result=1; + + // ----- Look if function exists + if ( (!function_exists("get_magic_quotes_runtime")) + || (!function_exists("set_magic_quotes_runtime"))) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Functions *et_magic_quotes_runtime are not supported"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Look if already done + if ($this->magic_quotes_status != -1) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "magic_quote already disabled"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Get and memorize the magic_quote value + $this->magic_quotes_status = @get_magic_quotes_runtime(); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Current magic_quotes_runtime status is '".($this->magic_quotes_status==0?'disable':'enable')."'"); + + // ----- Disable magic_quotes + if ($this->magic_quotes_status == 1) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Disable magic_quotes"); + @set_magic_quotes_runtime(0); + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : privSwapBackMagicQuotes() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function privSwapBackMagicQuotes() + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, 'PclZip::privSwapBackMagicQuotes', ""); + $v_result=1; + + // ----- Look if function exists + if ( (!function_exists("get_magic_quotes_runtime")) + || (!function_exists("set_magic_quotes_runtime"))) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Functions *et_magic_quotes_runtime are not supported"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Look if something to do + if ($this->magic_quotes_status != -1) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "magic_quote not modified"); + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + + // ----- Swap back magic_quotes + if ($this->magic_quotes_status == 1) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Enable back magic_quotes"); + @set_magic_quotes_runtime($this->magic_quotes_status); + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + } + // End of class + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : PclZipUtilPathReduction() + // Description : + // Parameters : + // Return Values : + // -------------------------------------------------------------------------------- + function PclZipUtilPathReduction($p_dir) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZipUtilPathReduction", "dir='$p_dir'"); + $v_result = ""; + + // ----- Look for not empty path + if ($p_dir != "") { + // ----- Explode path by directory names + $v_list = explode("/", $p_dir); + + // ----- Study directories from last to first + $v_skip = 0; + for ($i=sizeof($v_list)-1; $i>=0; $i--) { + // ----- Look for current path + if ($v_list[$i] == ".") { + // ----- Ignore this directory + // Should be the first $i=0, but no check is done + } + else if ($v_list[$i] == "..") { + $v_skip++; + } + else if ($v_list[$i] == "") { + // ----- First '/' i.e. root slash + if ($i == 0) { + $v_result = "/".$v_result; + if ($v_skip > 0) { + // ----- It is an invalid path, so the path is not modified + // TBC + $v_result = $p_dir; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 3, "Invalid path is unchanged"); + $v_skip = 0; + } + } + // ----- Last '/' i.e. indicates a directory + else if ($i == (sizeof($v_list)-1)) { + $v_result = $v_list[$i]; + } + // ----- Double '/' inside the path + else { + // ----- Ignore only the double '//' in path, + // but not the first and last '/' + } + } + else { + // ----- Look for item to skip + if ($v_skip > 0) { + $v_skip--; + } + else { + $v_result = $v_list[$i].($i!=(sizeof($v_list)-1)?"/".$v_result:""); + } + } + } + + // ----- Look for skip + if ($v_skip > 0) { + while ($v_skip > 0) { + $v_result = '../'.$v_result; + $v_skip--; + } + } + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : PclZipUtilPathInclusion() + // Description : + // This function indicates if the path $p_path is under the $p_dir tree. Or, + // said in an other way, if the file or sub-dir $p_path is inside the dir + // $p_dir. + // The function indicates also if the path is exactly the same as the dir. + // This function supports path with duplicated '/' like '//', but does not + // support '.' or '..' statements. + // Parameters : + // Return Values : + // 0 if $p_path is not inside directory $p_dir + // 1 if $p_path is inside directory $p_dir + // 2 if $p_path is exactly the same as $p_dir + // -------------------------------------------------------------------------------- + function PclZipUtilPathInclusion($p_dir, $p_path) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZipUtilPathInclusion", "dir='$p_dir', path='$p_path'"); + $v_result = 1; + + // ----- Look for path beginning by ./ + if ( ($p_dir == '.') + || ((strlen($p_dir) >=2) && (substr($p_dir, 0, 2) == './'))) { + $p_dir = PclZipUtilTranslateWinPath(getcwd(), FALSE).'/'.substr($p_dir, 1); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Replacing ./ by full path in p_dir '".$p_dir."'"); + } + if ( ($p_path == '.') + || ((strlen($p_path) >=2) && (substr($p_path, 0, 2) == './'))) { + $p_path = PclZipUtilTranslateWinPath(getcwd(), FALSE).'/'.substr($p_path, 1); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Replacing ./ by full path in p_path '".$p_path."'"); + } + + // ----- Explode dir and path by directory separator + $v_list_dir = explode("/", $p_dir); + $v_list_dir_size = sizeof($v_list_dir); + $v_list_path = explode("/", $p_path); + $v_list_path_size = sizeof($v_list_path); + + // ----- Study directories paths + $i = 0; + $j = 0; + while (($i < $v_list_dir_size) && ($j < $v_list_path_size) && ($v_result)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Working on dir($i)='".$v_list_dir[$i]."' and path($j)='".$v_list_path[$j]."'"); + + // ----- Look for empty dir (path reduction) + if ($v_list_dir[$i] == '') { + $i++; + continue; + } + if ($v_list_path[$j] == '') { + $j++; + continue; + } + + // ----- Compare the items + if (($v_list_dir[$i] != $v_list_path[$j]) && ($v_list_dir[$i] != '') && ( $v_list_path[$j] != '')) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Items ($i,$j) are different"); + $v_result = 0; + } + + // ----- Next items + $i++; + $j++; + } + + // ----- Look if everything seems to be the same + if ($v_result) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Look for tie break"); + // ----- Skip all the empty items + while (($j < $v_list_path_size) && ($v_list_path[$j] == '')) $j++; + while (($i < $v_list_dir_size) && ($v_list_dir[$i] == '')) $i++; + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Looking on dir($i)='".($i < $v_list_dir_size?$v_list_dir[$i]:'')."' and path($j)='".($j < $v_list_path_size?$v_list_path[$j]:'')."'"); + + if (($i >= $v_list_dir_size) && ($j >= $v_list_path_size)) { + // ----- There are exactly the same + $v_result = 2; + } + else if ($i < $v_list_dir_size) { + // ----- The path is shorter than the dir + $v_result = 0; + } + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : PclZipUtilCopyBlock() + // Description : + // Parameters : + // $p_mode : read/write compression mode + // 0 : src & dest normal + // 1 : src gzip, dest normal + // 2 : src normal, dest gzip + // 3 : src & dest gzip + // Return Values : + // -------------------------------------------------------------------------------- + function PclZipUtilCopyBlock($p_src, $p_dest, $p_size, $p_mode=0) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZipUtilCopyBlock", "size=$p_size, mode=$p_mode"); + $v_result = 1; + + if ($p_mode==0) + { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Src offset before read :".(@ftell($p_src))); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Dest offset before write :".(@ftell($p_dest))); + while ($p_size != 0) + { + $v_read_size = ($p_size < PCLZIP_READ_BLOCK_SIZE ? $p_size : PCLZIP_READ_BLOCK_SIZE); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Read $v_read_size bytes"); + $v_buffer = @fread($p_src, $v_read_size); + @fwrite($p_dest, $v_buffer, $v_read_size); + $p_size -= $v_read_size; + } + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Src offset after read :".(@ftell($p_src))); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Dest offset after write :".(@ftell($p_dest))); + } + else if ($p_mode==1) + { + while ($p_size != 0) + { + $v_read_size = ($p_size < PCLZIP_READ_BLOCK_SIZE ? $p_size : PCLZIP_READ_BLOCK_SIZE); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Read $v_read_size bytes"); + $v_buffer = @gzread($p_src, $v_read_size); + @fwrite($p_dest, $v_buffer, $v_read_size); + $p_size -= $v_read_size; + } + } + else if ($p_mode==2) + { + while ($p_size != 0) + { + $v_read_size = ($p_size < PCLZIP_READ_BLOCK_SIZE ? $p_size : PCLZIP_READ_BLOCK_SIZE); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Read $v_read_size bytes"); + $v_buffer = @fread($p_src, $v_read_size); + @gzwrite($p_dest, $v_buffer, $v_read_size); + $p_size -= $v_read_size; + } + } + else if ($p_mode==3) + { + while ($p_size != 0) + { + $v_read_size = ($p_size < PCLZIP_READ_BLOCK_SIZE ? $p_size : PCLZIP_READ_BLOCK_SIZE); + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 4, "Read $v_read_size bytes"); + $v_buffer = @gzread($p_src, $v_read_size); + @gzwrite($p_dest, $v_buffer, $v_read_size); + $p_size -= $v_read_size; + } + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : PclZipUtilRename() + // Description : + // This function tries to do a simple rename() function. If it fails, it + // tries to copy the $p_src file in a new $p_dest file and then unlink the + // first one. + // Parameters : + // $p_src : Old filename + // $p_dest : New filename + // Return Values : + // 1 on success, 0 on failure. + // -------------------------------------------------------------------------------- + function PclZipUtilRename($p_src, $p_dest) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZipUtilRename", "source=$p_src, destination=$p_dest"); + $v_result = 1; + + // ----- Try to rename the files + if (!@rename($p_src, $p_dest)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Fail to rename file, try copy+unlink"); + + // ----- Try to copy & unlink the src + if (!@copy($p_src, $p_dest)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Fail to copy file"); + $v_result = 0; + } + else if (!@unlink($p_src)) { + //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 5, "Fail to unlink old filename"); + $v_result = 0; + } + } + + // ----- Return + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : PclZipUtilOptionText() + // Description : + // Translate option value in text. Mainly for debug purpose. + // Parameters : + // $p_option : the option value. + // Return Values : + // The option text value. + // -------------------------------------------------------------------------------- + function PclZipUtilOptionText($p_option) + { + //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, "PclZipUtilOptionText", "option='".$p_option."'"); + + $v_list = get_defined_constants(); + for (reset($v_list); $v_key = key($v_list); next($v_list)) { + $v_prefix = substr($v_key, 0, 10); + if (( ($v_prefix == 'PCLZIP_OPT') + || ($v_prefix == 'PCLZIP_CB_') + || ($v_prefix == 'PCLZIP_ATT')) + && ($v_list[$v_key] == $p_option)) { + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_key); + return $v_key; + } + } + + $v_result = 'Unknown'; + + //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, $v_result); + return $v_result; + } + // -------------------------------------------------------------------------------- + + // -------------------------------------------------------------------------------- + // Function : PclZipUtilTranslateWinPath() + // Description : + // Translate windows path by replacing '\' by '/' and optionally removing + // drive letter. + // Parameters : + // $p_path : path to translate. + // $p_remove_disk_letter : true | false + // Return Values : + // The path translated. + // -------------------------------------------------------------------------------- + function PclZipUtilTranslateWinPath($p_path, $p_remove_disk_letter=true) + { + if (stristr(php_uname(), 'windows')) { + // ----- Look for potential disk letter + if (($p_remove_disk_letter) && (($v_position = strpos($p_path, ':')) != false)) { + $p_path = substr($p_path, $v_position+1); + } + // ----- Change potential windows directory separator + if ((strpos($p_path, '\\') > 0) || (substr($p_path, 0,1) == '\\')) { + $p_path = strtr($p_path, '\\', '/'); + } + } + return $p_path; + } + // -------------------------------------------------------------------------------- + + +?> diff --git a/include/utils/CommonUtils.php b/include/utils/CommonUtils.php index 4fac8c2..d8bcce5 100755 --- a/include/utils/CommonUtils.php +++ b/include/utils/CommonUtils.php @@ -2842,6 +2842,36 @@ function checkFileAccessForInclusion($filepath) { } } +/** Function to check the file deletion within the deletable (safe) directories*/ +function checkFileAccessForDeletion($filepath) { + global $root_directory; + // Set the base directory to compare with + $use_root_directory = $root_directory; + if (empty($use_root_directory)) { + $use_root_directory = realpath(dirname(__FILE__) . '/../../.'); + } + + $safeDirectories = array('storage', 'cache', 'test'); + + $realfilepath = realpath($filepath); + + /** Replace all \\ with \ first */ + $realfilepath = str_replace('\\\\', '\\', $realfilepath); + $rootdirpath = str_replace('\\\\', '\\', $use_root_directory); + + /** Replace all \ with / now */ + $realfilepath = str_replace('\\', '/', $realfilepath); + $rootdirpath = str_replace('\\', '/', $rootdirpath); + + $relativeFilePath = str_replace($rootdirpath, '', $realfilepath); + $filePathParts = explode('/', $relativeFilePath); + + if (stripos($realfilepath, $rootdirpath) !== 0 || !in_array($filePathParts[0], $safeDirectories)) { + die("Sorry! Attempt to access restricted file."); + } + +} + /** Function to check the file access is made within web root directory. */ function checkFileAccess($filepath) { if (!isFileAccessible($filepath)) { @@ -3248,12 +3278,39 @@ function getMenuStructure($selectModule = '') { return $resultant_array; } +function getReturnPath($host, $from_email) { + $returnname = 'info'; + $returnpath = $from_email; + // Remove the trailing protocol information + if (preg_match("/[^:]+:\/\/(.*)/", $host, $m)) { + $host = $m[1]; + } + // Remove the port address if any + if (preg_match("/([^:]+):.*/", $host, $m)) { + $host = $m[1]; + } + // Remove any extra-spaces + $host = trim($host); + + // Review if the host is not local + if (!in_array(strtolower($host), array('localhost'))) { + list($from_name, $from_domain) = explode('@', $from_email); + + //strip [,] from domain name in case ip address is used as domain: xyz@[192.45.32.67] + preg_replace("/[\[\]]/",$from_domain,$from_domain); -function getReturnPath($host){ - $arr=explode('.',$host); - unset($arr[0]); - $domain=implode('.',$arr); - $Return_Path='noreply@'.$domain; - return $Return_Path; + // If from-email domain is not matching (or sub-domain) of host + // reset the return-path + if (strpos($host, $from_domain)== false) { + $from_domain = trim($from_domain); + + if(preg_match( '/^((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))$/', $host)){ + $returnpath = $returnname . '@[' . $host.']'; + }else{ + $returnpath = $returnname . '@' . $host; + } + } + } + return $returnpath; } ?> \ No newline at end of file diff --git a/include/utils/DetailViewUtils.php b/include/utils/DetailViewUtils.php index 5151d58..b03a14b 100755 --- a/include/utils/DetailViewUtils.php +++ b/include/utils/DetailViewUtils.php @@ -61,9 +61,7 @@ function getDetailViewOutputHtml($uitype, $fieldname, $fieldlabel, $col_fields, $parent_id = $col_fields[$fieldname]; if (!empty($parent_id)) { $parent_module = getSalesEntityType($parent_id); - $valueTitle = $parent_module; - if ($app_strings[$valueTitle]) - $valueTitle = $app_strings[$valueTitle]; + $valueTitle = getTranslatedString($parent_module,$parent_module); $displayValueArray = getEntityName($parent_module, $parent_id); if (!empty($displayValueArray)) { @@ -71,8 +69,14 @@ function getDetailViewOutputHtml($uitype, $fieldname, $fieldlabel, $col_fields, $displayValue = $value; } } + // vtlib customization: For listview javascript triggers + $modMetaInfo=getEntityFieldNames($parent_module); + $modEName=(is_array($modMetaInfo['fieldname']) ? $modMetaInfo['fieldname'][0] : $modMetaInfo['fieldname']); + $vtlib_metainfo = ""; + // END $label_fld = array($fieldlabel, - "$displayValue"); + "$displayValue$vtlib_metainfo"); } else { $moduleSpecificMessage = 'MODULE_NOT_SELECTED'; if ($mod_strings[$moduleSpecificMessage] != "") { diff --git a/include/utils/InventoryUtils.php b/include/utils/InventoryUtils.php index e7da975..91ece5c 100644 --- a/include/utils/InventoryUtils.php +++ b/include/utils/InventoryUtils.php @@ -107,7 +107,7 @@ function sendPrdStckMail($product_id,$upd_qty,$prod_name,$qtyinstk,$qty,$module) { //send mail to the handler $handler = getRecordOwnerId($product_id); - $handler_name = getOwnerName($handler); + $handler_name = getOwnerName(array_shift(array_values($handler))); if(vtws_isRecordOwnerUser($handler)) { $to_address = getUserEmail($handler); } else { diff --git a/include/utils/ListViewUtils.php b/include/utils/ListViewUtils.php index 8c4e10b..aa79ddc 100755 --- a/include/utils/ListViewUtils.php +++ b/include/utils/ListViewUtils.php @@ -3785,15 +3785,15 @@ function getListViewDeleteLink($module, $entity_id, $relatedlist, $returnset) { $del_link .= "&parenttab=" . $tabname . "&return_viewname=" . $viewname . $url; // vtlib customization: override default delete link for custom modules - $requestModule = vtlib_purify($_REQUEST['module']); - $requestRecord = vtlib_purify($_REQUEST['record']); + $requestModule = $current_module; $requestAction = vtlib_purify($_REQUEST['action']); - $parenttab = vtlib_purify($_REQUEST['parenttab']); $isCustomModule = vtlib_isCustomModule($requestModule); if ($requestAction == $requestModule . "Ajax") { $requestAction = vtlib_purify($_REQUEST['file']); } if ($isCustomModule && !in_array($requestAction, Array('index', 'ListView'))) { + $requestRecord = vtlib_purify($_REQUEST['record']); + $parenttab = vtlib_purify($_REQUEST['parenttab']); $del_link = "index.php?module=$requestModule&action=updateRelations&parentid=$requestRecord"; $del_link .= "&destination_module=$module&idlist=$entity_id&mode=delete&parenttab=$parenttab"; } @@ -3815,9 +3815,10 @@ function getEntityId($module, $entityName) { $entityidfield = $adb->query_result($result, 0, 'entityidfield'); if (!(strpos($fieldsname, ',') === false)) { $fieldlists = explode(',', $fieldsname); - $fieldsname = "concat("; + $fieldsname = "trim(concat("; // Add trim function to weed-out extra character values $fieldsname = $fieldsname . implode(",' ',", $fieldlists); - $fieldsname = $fieldsname . ")"; + $fieldsname = $fieldsname . "))"; + $entityName = trim($entityName); // Trim the input to be consistent in comparison } if ($entityName != '') { diff --git a/include/utils/MergeUtils.php b/include/utils/MergeUtils.php new file mode 100644 index 0000000..6a36d90 --- /dev/null +++ b/include/utils/MergeUtils.php @@ -0,0 +1,166 @@ +extract(PCLZIP_OPT_PATH,$wordtemplatedownloadpath.'/'.$temp_dir) == 0) + { + die("Error s: ".$archive->errorInfo(true)); + } + //delete the template + //unlink($wordtemplatedownloadpath.'/'.$filename); + return $temp_dir; +} + +function packen($filename,$wordtemplatedownloadpath,$temp_dir, $concontent,$stylecontent) +{ + //global $filename, $wordtemplatedownloadpath; + //write a new content.xml + $handle=fopen($wordtemplatedownloadpath.'/'.$temp_dir.'/content.xml',"w"); + fwrite($handle,$concontent); + fclose($handle); + + //write a new styles.xml + $handle2=fopen($wordtemplatedownloadpath.'/'.$temp_dir.'/styles.xml',"w"); + fwrite($handle2,$stylecontent); + fclose($handle2); + + $archive = new PclZip($wordtemplatedownloadpath.'/'.$filename); + //make a new archive (or .odt file) + $v_list = $archive->add($wordtemplatedownloadpath.'/'.$temp_dir,PCLZIP_OPT_REMOVE_PATH, $wordtemplatedownloadpath.'/'.$temp_dir); + if ($v_list == 0) + { + die("Error : ".$archive->errorInfo(true)); + } +} + +function remove_dir($dir) +{ + $handle = opendir($dir); + while (false!==($item = readdir($handle))) + { + if($item != '.' && $item != '..') + { + if(is_dir($dir.'/'.$item)) + { + remove_dir($dir.'/'.$item); + } + else + { + unlink($dir.'/'.$item); + } + } + } + closedir($handle); + if(rmdir($dir)) + { + $success = true; + } + return $success; +} + + +/** +* @see http://sourceforge.net/projects/phprtf +*/ +function utf8Unicode($str) { + return unicodeToEntitiesPreservingAscii(utf8ToUnicode($str)); +} + + +/** +* @see http://sourceforge.net/projects/phprtf +*/ +function unicodeToEntitiesPreservingAscii($unicode) { + $entities = ''; + foreach( $unicode as $value ) { + if ($value != 65279) { + $entities .= ( $value > 127 ) ? '\uc0\u' . $value . ' ' : chr( $value ); + } + } + return $entities; +} +/** +* @see http://sourceforge.net/projects/phprtf +* @see http://www.randomchaos.com/documents/?source=php_and_unicode +*/ +function utf8ToUnicode($str) { + $unicode = array(); + $values = array(); + $lookingFor = 1; + + for ($i = 0; $i < strlen($str); $i++ ) { + $thisValue = ord($str[$i]); + + if ($thisValue < 128) { + $unicode[] = $thisValue; + } else { + if ( count( $values ) == 0 ) { + $lookingFor = ( $thisValue < 224 ) ? 2 : 3; + } + + $values[] = $thisValue; + + if ( count( $values ) == $lookingFor ) { + $number = ( $lookingFor == 3 ) ? + ( ( $values[0] % 16 ) * 4096 ) + ( ( $values[1] % 64 ) * 64 ) + ( $values[2] % 64 ): + ( ( $values[0] % 32 ) * 64 ) + ( $values[1] % 64 ); + $unicode[] = $number; + $values = array(); + $lookingFor = 1; + } + } + } + return $unicode; +} + + +?> diff --git a/include/utils/SearchUtils.php b/include/utils/SearchUtils.php index 2fb5ad4..d8c991e 100755 --- a/include/utils/SearchUtils.php +++ b/include/utils/SearchUtils.php @@ -872,7 +872,7 @@ function getSearchURL($input) { if(empty($advft_criteria)) return $urlString; $advft_criteria_groups = vtlib_purify($input['advft_criteria_groups']); - $urlString .= '&advft_criteria='.$advft_criteria.'&advft_criteria_groups='.$advft_criteria_groups.'&searchtype=advance'; + $urlString .= '&advft_criteria='.urlencode($advft_criteria).'&advft_criteria_groups='.urlencode($advft_criteria_groups).'&searchtype=advance'; } elseif($input['type']=='dbrd'){ if(isset($input['leadsource'])) { @@ -1081,6 +1081,18 @@ function getUnifiedWhere($listquery,$module,$search_val){ $columnname = "accountname"; $tablename = "vtiger_account"; } + if($module == 'HelpDesk' && $columnname == 'parent_id') { + $columnname = "accountname"; + $tablename = "vtiger_account"; + if(strstr($listquery,$tablename)){ + if($where != ''){ + $where .= " OR "; + } + $where .= $tablename.".".$columnname." LIKE '". formatForSqlLike($search_val) ."'"; + } + $columnname = "firstname"; + $tablename = "vtiger_contactdetails"; + } // END //Before form the where condition, check whether the table for the field has been added in the listview query diff --git a/include/utils/UserInfoUtil.php b/include/utils/UserInfoUtil.php index d9148b9..a2bfb29 100755 --- a/include/utils/UserInfoUtil.php +++ b/include/utils/UserInfoUtil.php @@ -1472,7 +1472,7 @@ $log->debug("Entering getProfileTabsPermission(".$profileid.") method ..."); // Once that is done, Webmails need to be removed permanently. $emailsTabId = getTabid('Emails'); $webmailsTabid = getTabid('Webmails'); - if(array_key_exists($emailsTabId, $copy)) { + if(array_key_exists($emailsTabId, $copy) and !empty($webmailsTabid)) { $copy[$webmailsTabid] = $copy[$emailsTabId]; } diff --git a/include/utils/VtlibUtils.php b/include/utils/VtlibUtils.php index 4a85f87..c079140 100644 --- a/include/utils/VtlibUtils.php +++ b/include/utils/VtlibUtils.php @@ -539,6 +539,15 @@ $__htmlpurifier_instance = false; function vtlib_purify($input, $ignore=false) { global $__htmlpurifier_instance, $root_directory, $default_charset; + static $purified_cache = array(); + + if (!is_array($input)) { // thank you Boris and Adam (from developers list) + $md5OfInput = md5($input); + if (array_key_exists($md5OfInput, $purified_cache)) { + return $purified_cache[$md5OfInput]; + } + } + $use_charset = $default_charset; $use_root_directory = $root_directory; @@ -568,6 +577,7 @@ function vtlib_purify($input, $ignore=false) { $value = $__htmlpurifier_instance->purify($input); } } + $purified_cache[$md5OfInput] = $value; } $value = str_replace('&','&',$value); return $value; @@ -607,4 +617,18 @@ function vtlib_module_icon($modulename){ return "modules/Vtiger/Vtiger.png"; } +/** + * Function to return the valid SQl input. + * @param $string + * @param $skipEmpty Skip the check if string is empty. + * @return $string/false + */ +function vtlib_purifyForSql($string, $skipEmpty=true) { + $pattern = "/^[_a-zA-Z0-9.]+$/"; + if ((empty($string) && $skipEmpty) || preg_match($pattern, $string)) { + return $string; + } + return false; +} + ?> diff --git a/include/utils/export.php b/include/utils/export.php index dad5069..3e0accd 100755 --- a/include/utils/export.php +++ b/include/utils/export.php @@ -111,8 +111,8 @@ function export($type){ $sorder = $focus->getSortOrder(); $order_by = $focus->getOrderBy(); - $search_type = $_REQUEST['search_type']; - $export_data = $_REQUEST['export_data']; + $search_type = vtlib_purify($_REQUEST['search_type']); + $export_data = vtlib_purify($_REQUEST['export_data']); if(isset($_SESSION['export_where']) && $_SESSION['export_where']!='' && $search_type == 'includesearch'){ $where =$_SESSION['export_where']; @@ -132,7 +132,7 @@ function export($type){ $params = array(); if(($search_type == 'withoutsearch' || $search_type == 'includesearch') && $export_data == 'selecteddata'){ - $idstring = explode(";", $_REQUEST['idstring']); + $idstring = explode(";", vtlib_purify($_REQUEST['idstring'])); if($type == 'Accounts' && count($idstring) > 0) { $query .= ' and vtiger_account.accountid in ('. generateQuestionMarks($idstring) .')'; array_push($params, $idstring); @@ -236,7 +236,7 @@ function export($type){ } /** Send the output header and invoke function for contents output */ -$moduleName = $_REQUEST['module']; +$moduleName = vtlib_purify($_REQUEST['module']); $moduleName = getTranslatedString($moduleName, $moduleName); $moduleName = str_replace(" ","_",$moduleName); header("Content-Disposition:attachment;filename=$moduleName.csv"); diff --git a/include/utils/utils.php b/include/utils/utils.php index 2773099..594276a 100755 --- a/include/utils/utils.php +++ b/include/utils/utils.php @@ -1010,8 +1010,8 @@ function to_html($string, $encode=true) global $log,$default_charset; //$log->debug("Entering to_html(".$string.",".$encode.") method ..."); global $toHtml; - $action = $_REQUEST['action']; - $search = $_REQUEST['search']; + $action = vtlib_purify($_REQUEST['action']); + $search = vtlib_purify($_REQUEST['search']); $doconvert = false; @@ -4858,7 +4858,7 @@ function getBlockName($blockid) { } function validateAlphaNumericInput($string){ - preg_match('/^[\w _\-]+$/', $string, $matches); + preg_match('/^[\w _\-\/]+$/', $string, $matches); if(count($matches) == 0) { return false; } diff --git a/index.php b/index.php index 0333c89..fc8592c 100644 --- a/index.php +++ b/index.php @@ -23,7 +23,7 @@ global $entityDel; global $display; global $category; -if(version_compare(phpversion(), '5.2.0') < 0) { +if(version_compare(phpversion(), '5.2.0') < 0 or version_compare(phpversion(), '5.4.0','ge') > 0) { insert_charset_header(); $serverPhpVersion = phpversion(); require_once('phpversionfail.php'); @@ -109,12 +109,14 @@ if (!isset($dbconfig['db_hostname']) || $dbconfig['db_status']=='_DB_STAT_') { header("Location: install.php"); exit(); } - + // load up the config_override.php file. This is used to provide default user settings if (is_file('config_override.php')) { require_once('config_override.php'); } +// load global help links +require_once 'config.help.link.php'; /** * Check for vtiger installed version and codebase @@ -601,21 +603,23 @@ if($action == "DetailView") } // set user, theme and language cookies so that login screen defaults to last values +$siteURLParts = parse_url($site_URL); $cookieDomain = $siteURLParts['host']; if (isset($_SESSION['authenticated_user_id'])) { $log->debug("setting cookie ck_login_id_vtiger to ".$_SESSION['authenticated_user_id']); - setcookie('ck_login_id_vtiger', $_SESSION['authenticated_user_id']); + setcookie('ck_login_id_vtiger', $_SESSION['authenticated_user_id'],0,null,$cookieDomain,false,true); } if (isset($_SESSION['vtiger_authenticated_user_theme'])) { $log->debug("setting cookie ck_login_theme_vtiger to ".$_SESSION['vtiger_authenticated_user_theme']); - setcookie('ck_login_theme_vtiger', $_SESSION['vtiger_authenticated_user_theme']); + setcookie('ck_login_theme_vtiger', $_SESSION['vtiger_authenticated_user_theme'],0,null,$cookieDomain,false,true); } if (isset($_SESSION['authenticated_user_language'])) { $log->debug("setting cookie ck_login_language_vtiger to ".$_SESSION['authenticated_user_language']); - setcookie('ck_login_language_vtiger', $_SESSION['authenticated_user_language']); + setcookie('ck_login_language_vtiger', $_SESSION['authenticated_user_language'],0,null,$cookieDomain,false,true); } if($_REQUEST['module'] == 'Documents' && $action == 'DownloadFile') { + checkFileAccess('modules/Documents/DownloadFile.php'); include('modules/Documents/DownloadFile.php'); exit; } @@ -814,22 +818,10 @@ if((!$viewAttachment) && (!$viewAttachment && $action != 'home_rss') && $action { echo $copyrightstatement; - // Status tracking - $statimage = ''; - if($currentModule == 'Users' && empty($current_user->id)) { - global $disable_stats_tracking; - if(isset($disable_stats_tracking) && !empty($disable_stats_tracking)) { - $statimage = ""; - } else { - $statimage = "|"; - } - } // END - echo ""; echo "


"; - echo ""; - echo "
Powered by vtiger CRM $vtiger_current_version© 2004-".date('Y')." vtiger.com | ".$app_strings['LNK_READ_LICENSE']." | ".getTranslatedString('LNK_PRIVACY_POLICY')." $statimage
"; + echo "Powered by ".getTranslatedString('APP_NAME')." $vtiger_current_version"; + echo "© 2004-".date('Y')." $coreBOS_app_name | ".$app_strings['LNK_READ_LICENSE']." | ".getTranslatedString('LNK_PRIVACY_POLICY').""; // echo "
"; // Under the Sugar Public License referenced above, you are required to leave in all copyright statements diff --git a/install/CheckSystem.php b/install/CheckSystem.php index 4220c19..016a73b 100644 --- a/install/CheckSystem.php +++ b/install/CheckSystem.php @@ -56,7 +56,7 @@ $check_mysql_extension = Common_Install_Wizard_Utils::check_mysql_extension(); - <?php echo $installationStrings['LBL_VTIGER_CRM_5']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_INSTALLATION_CHECK']?> + <?php echo $installationStrings['APP_NAME']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_INSTALLATION_CHECK']?> @@ -69,7 +69,7 @@ $check_mysql_extension = Common_Install_Wizard_Utils::check_mysql_extension(); - +
<?php echo $installationStrings['LBL_CONFIG_WIZARD']; ?><?php echo $installationStrings['LBL_VTIGER_CRM_5']; ?><?php echo $installationStrings['APP_NAME']; ?>
@@ -264,7 +264,7 @@ $check_mysql_extension = Common_Install_Wizard_Utils::check_mysql_extension();
- +
www.vtiger.com
diff --git a/install/ConfirmConfig.php b/install/ConfirmConfig.php index d02de59..669a396 100644 --- a/install/ConfirmConfig.php +++ b/install/ConfirmConfig.php @@ -66,7 +66,7 @@ if($next == true) { - <?php echo $installationStrings['LBL_VTIGER_CRM_5']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_CONFIRM_SETTINGS']?> + <?php echo $installationStrings['APP_NAME']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_CONFIRM_SETTINGS']?> @@ -76,7 +76,7 @@ if($next == true) { - +
<?php echo $installationStrings['LBL_CONFIG_WIZARD']; ?><?php echo $installationStrings['LBL_VTIGER_CRM_5']; ?><?php echo $installationStrings['APP_NAME']; ?>
@@ -211,7 +211,7 @@ if($next == true) { - +
www.vtiger.com
diff --git a/install/ConfirmMigrationConfig.php b/install/ConfirmMigrationConfig.php index e77d97d..95be79a 100644 --- a/install/ConfirmMigrationConfig.php +++ b/install/ConfirmMigrationConfig.php @@ -83,7 +83,7 @@ include("modules/Migration/versions.php"); - <?php echo $installationStrings['LBL_VTIGER_CRM_5']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_CONFIRM_SETTINGS']?> + <?php echo $installationStrings['APP_NAME']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_CONFIRM_SETTINGS']?> @@ -97,7 +97,7 @@ include("modules/Migration/versions.php"); - +
<?php echo $installationStrings['LBL_CONFIG_WIZARD']; ?><?php echo $installationStrings['LBL_VTIGER_CRM_5']; ?><?php echo $installationStrings['APP_NAME']; ?>
@@ -225,7 +225,7 @@ include("modules/Migration/versions.php"); - +
www.vtiger.com
diff --git a/install/CreateTables.php b/install/CreateTables.php index 191ee9d..779150b 100644 --- a/install/CreateTables.php +++ b/install/CreateTables.php @@ -54,7 +54,7 @@ session_destroy(); - <?php echo $installationStrings['LBL_VTIGER_CRM_5']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_FINISH']?> + <?php echo $installationStrings['APP_NAME']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_FINISH']?> @@ -67,7 +67,7 @@ session_destroy(); - +
<?php echo $installationStrings['LBL_CONFIG_WIZARD']; ?><?php echo $installationStrings['LBL_VTIGER_CRM_5']; ?><?php echo $installationStrings['APP_NAME']; ?>
@@ -102,7 +102,7 @@ session_destroy();
- vtigercrm-

+



@@ -33,7 +33,7 @@ - +
<?php echo $installationStrings['LBL_CONFIG_WIZARD']; ?><?php echo $installationStrings['LBL_VTIGER_CRM_5']; ?><?php echo $installationStrings['APP_NAME']; ?>
@@ -66,24 +66,13 @@ $renamefile = $renameResult['renamefile']; $ins_file_renamed = $renameResult['install_file_renamed']; $ins_dir_renamed = $renameResult['install_directory_renamed']; -// Status tracking -$statimage = ''; @include_once('config.inc.php'); -global $disable_stats_tracking; -if(isset($application_unique_key) && !empty($application_unique_key)) { - if(isset($disable_stats_tracking) && !empty($disable_stats_tracking)) { - $statimage = ""; - } else { - $statimage = "|"; - } -} ?>
- vtigercrm- +
  @@ -121,9 +110,8 @@ if(isset($application_unique_key) && !empty($application_unique_key)) {
    @@ -182,7 +170,7 @@ if(isset($application_unique_key) && !empty($application_unique_key)) {
- | +
www.vtiger.com
diff --git a/install/LicenceAgreement.php b/install/LicenceAgreement.php index 8e3626f..91e8ca5 100644 --- a/install/LicenceAgreement.php +++ b/install/LicenceAgreement.php @@ -12,7 +12,7 @@ - <?php echo $installationStrings['LBL_VTIGER_CRM_5']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_INSTALLATION_CHECK']?> + <?php echo $installationStrings['APP_NAME']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_INSTALLATION_CHECK']?> @@ -23,7 +23,7 @@ - +
<?php echo $installationStrings['LBL_CONFIG_WIZARD']; ?><?php echo $installationStrings['LBL_VTIGER_CRM_5']; ?><?php echo $installationStrings['APP_NAME']; ?>
@@ -91,7 +91,7 @@ - +
www.vtiger.com
diff --git a/install/MigrationComplete.php b/install/MigrationComplete.php index 1abec15..9437b24 100644 --- a/install/MigrationComplete.php +++ b/install/MigrationComplete.php @@ -18,7 +18,7 @@ session_destroy(); - <?php echo $installationStrings['LBL_VTIGER_CRM_5']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_FINISH']?> + <?php echo $installationStrings['APP_NAME']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_FINISH']?> @@ -30,7 +30,7 @@ session_destroy(); - +
<?php echo $installationStrings['LBL_CONFIG_WIZARD']; ?><?php echo $installationStrings['LBL_VTIGER_CRM_5']; ?><?php echo $installationStrings['APP_NAME']; ?>
@@ -106,7 +106,6 @@ $_SESSION['VTIGER_DB_VERSION']= $vtiger_current_version;
    • -
    • @@ -147,7 +146,7 @@ $_SESSION['VTIGER_DB_VERSION']= $vtiger_current_version; - +
    www.vtiger.com
    diff --git a/install/MigrationProcess.php b/install/MigrationProcess.php index 89e423c..0fdaf2a 100644 --- a/install/MigrationProcess.php +++ b/install/MigrationProcess.php @@ -29,7 +29,7 @@ Migration_Utils::copyRequiredFiles($_SESSION['migration_info']['source_directory - <?php echo $installationStrings['LBL_VTIGER_CRM_5']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_MIGRATION']?> + <?php echo $installationStrings['APP_NAME']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_MIGRATION']?> @@ -47,7 +47,7 @@ if($_REQUEST['migration_start'] != 'true') { - +
    <?php echo $installationStrings['LBL_CONFIG_WIZARD']; ?><?php echo $installationStrings['LBL_VTIGER_CRM_5']; ?><?php echo $installationStrings['APP_NAME']; ?>
    @@ -118,7 +118,7 @@ if($_REQUEST['migration_start'] != 'true') { - +
    www.vtiger.com
    diff --git a/install/PreMigrationActions.php b/install/PreMigrationActions.php index b27e2f6..be53b61 100644 --- a/install/PreMigrationActions.php +++ b/install/PreMigrationActions.php @@ -27,7 +27,7 @@ $_SESSION['pre_migration'] = true; - <?php echo $installationStrings['LBL_VTIGER_CRM_5']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_PRE_MIGRATION_TOOLS']?> + <?php echo $installationStrings['APP_NAME']. ' - ' . $installationStrings['LBL_CONFIG_WIZARD']. ' - ' . $installationStrings['LBL_PRE_MIGRATION_TOOLS']?> @@ -124,7 +124,7 @@ $_SESSION['pre_migration'] = true; - +
    <?php echo $installationStrings['LBL_CONFIG_WIZARD']; ?><?php echo $installationStrings['LBL_VTIGER_CRM_5']; ?><?php echo $installationStrings['APP_NAME']; ?>
    @@ -253,7 +253,7 @@ $_SESSION['pre_migration'] = true; - +
    www.vtiger.com
    "; echo ""; - break; - + exit; } } } @@ -678,13 +677,16 @@ class Reports extends CRMEntity{ ); $fields_datatype = array('productid'=>'V', 'serviceid'=>'V', - 'listprice'=>'I', - 'discount'=>'I', - 'quantity'=>'I', + 'listprice'=>'N', + 'discount'=>'N', + 'quantity'=>'N', 'comment'=>'V', ); foreach($fields as $fieldcolname=>$label){ $fieldtypeofdata = $fields_datatype[$fieldcolname]; + if($fieldcolname != 'productid' || $fieldcolname !='serviceid') + $optionvalue = $fieldtablename.$module.":".$fieldcolname.":".$module."_".$label.":".$fieldcolname.":".$fieldtypeofdata; + else $optionvalue = $fieldtablename.":".$fieldcolname.":".$module."_".$label.":".$fieldcolname.":".$fieldtypeofdata; $module_columnlist[$optionvalue] = $label; } @@ -1506,7 +1508,7 @@ function getEscapedColumns($selectedfields) { $typeofdata = explode("~",$columntototalrow["typeofdata"]); - if($typeofdata[0] == "N" || $typeofdata[0] == "I") + if($typeofdata[0] == "N" || $typeofdata[0] == "NN" || $typeofdata[0] == "I" || $typeofdata[0] == "T") { $options = Array(); if(isset($this->columnssummary)) diff --git a/modules/Reports/ScheduledReports.php b/modules/Reports/ScheduledReports.php index 46c38a8..5e489f0 100644 --- a/modules/Reports/ScheduledReports.php +++ b/modules/Reports/ScheduledReports.php @@ -141,7 +141,7 @@ class VTScheduledReport extends Reports { $vtigerMailer->Body = $contents; $vtigerMailer->ContentType = "text/html"; - $baseFileName = preg_replace('/[^a-zA-Z0-9_-\s]/', '', $this->reportname).'_'. preg_replace('/[^a-zA-Z0-9_-\s]/', '', $currentTime); + $baseFileName = utf8_decode(preg_replace('/[^a-zA-Z0-9_-\s]/', '', $this->reportname).'_'. preg_replace('/[^a-zA-Z0-9_-\s]/', '', $currentTime)); $oReportRun = new ReportRun($this->id); $reportFormat = $this->scheduledFormat; @@ -151,14 +151,14 @@ class VTScheduledReport extends Reports { $fileName = $baseFileName.'.pdf'; $filePath = 'storage/'.$fileName; $attachments[$fileName] = $filePath; - $pdf = $oReportRun->getReportPDF(); + $pdf = $oReportRun->getReportPDF(NULL); $pdf->Output($filePath,'F'); } if ($reportFormat == 'excel' || $reportFormat == 'both') { $fileName = $baseFileName.'.xls'; $filePath = 'storage/'.$fileName; $attachments[$fileName] = $filePath; - $oReportRun->writeReportToExcelFile($filePath); + $oReportRun->writeReportToExcelFile($filePath, NULL); } foreach($attachments as $attachmentName => $path) { diff --git a/modules/Reports/language/en_us.lang.php b/modules/Reports/language/en_us.lang.php index 1fb224d..da87224 100644 --- a/modules/Reports/language/en_us.lang.php +++ b/modules/Reports/language/en_us.lang.php @@ -191,8 +191,8 @@ $mod_strings = Array( 'Next 60 Days'=>'Next 60 Days', 'Next 90 Days'=>'Next 90 Days', 'Next 120 Days'=>'Next 120 Days', -'TITLE_VTIGERCRM_CREATE_REPORT' => 'vtiger CRM - Create Report', -'TITLE_VTIGERCRM_PRINT_REPORT' => 'vtiger - Print Report', +'TITLE_VTIGERCRM_CREATE_REPORT' => 'Create Report', +'TITLE_VTIGERCRM_PRINT_REPORT' => 'Print Report', 'NO_FILTER_SELECTED' => 'No filter Selected', 'LBL_GENERATE_NOW'=>'Generate Now', diff --git a/modules/Rss/language/en_us.lang.php b/modules/Rss/language/en_us.lang.php index 9378674..d31b758 100644 --- a/modules/Rss/language/en_us.lang.php +++ b/modules/Rss/language/en_us.lang.php @@ -31,7 +31,7 @@ $mod_strings = Array( 'LBL_STARRED_RSS'=>'Starred Feeds', 'LBL_POP_CRM_RSS'=>'Popular CRM Related Feeds', 'LBL_ALL_RSS_FEEDS'=>'All RSS Feeds', -'LBL_VTIGER_RSS_READER'=>'vtiger RSS Reader', +'LBL_VTIGER_RSS_READER'=>'RSS Reader', 'LBL_MORE'=>'More...', 'LBL_SUBJECT'=>'Subject', diff --git a/modules/SalesOrder/CreateSOPDF.php b/modules/SalesOrder/CreateSOPDF.php index 1c6182e..5f5e319 100644 --- a/modules/SalesOrder/CreateSOPDF.php +++ b/modules/SalesOrder/CreateSOPDF.php @@ -10,6 +10,7 @@ ********************************************************************************/ include_once 'modules/SalesOrder/SalesOrderPDFController.php'; +$currentModule = vtlib_purify($_REQUEST['module']); $controller = new Vtiger_SalesOrderPDFController($currentModule); $controller->loadRecord(vtlib_purify($_REQUEST['record'])); $salesorder_no = getModuleSequenceNumber($currentModule,vtlib_purify($_REQUEST['record'])); diff --git a/modules/SalesOrder/SendPDFMail.php b/modules/SalesOrder/SendPDFMail.php index 676d1f4..073e180 100644 --- a/modules/SalesOrder/SendPDFMail.php +++ b/modules/SalesOrder/SendPDFMail.php @@ -9,10 +9,12 @@ * ********************************************************************************/ include_once 'modules/SalesOrder/SalesOrderPDFController.php'; + +$currentModule = vtlib_purify($_REQUEST['module']); $controller = new Vtiger_SalesOrderPDFController($currentModule); $controller->loadRecord(vtlib_purify($_REQUEST['record'])); -$filenameid = $_REQUEST['record']; +$filenameid = vtlib_purify($_REQUEST['record']); $salesorder_no = getModuleSequenceNumber($currentModule,vtlib_purify($_REQUEST['record'])); if(empty($filenameid)) $filenameid = time(); $filepath="storage/SalesOrder_".$salesorder_no.".pdf"; diff --git a/modules/Settings/CreateCustomField.php b/modules/Settings/CreateCustomField.php index 4a97be3..21fa200 100755 --- a/modules/Settings/CreateCustomField.php +++ b/modules/Settings/CreateCustomField.php @@ -120,7 +120,7 @@ if(isset($_REQUEST["duplicate"]) && $_REQUEST["duplicate"] == "yes") $fieldlength=vtlib_purify($_REQUEST["fldlength"]); $decimalvalue=vtlib_purify($_REQUEST["flddecimal"]); $fldVal = vtlib_purify($_REQUEST["fldPickList"]); - $selectedvalue = $typeVal[$_REQUEST["fldType"]]; + $selectedvalue = $typeVal[vtlib_purify($_REQUEST["fldType"])]; } elseif($fieldid == '') { diff --git a/modules/Settings/CurrencyDelete.php b/modules/Settings/CurrencyDelete.php index 1e57c5d..24e3fe2 100644 --- a/modules/Settings/CurrencyDelete.php +++ b/modules/Settings/CurrencyDelete.php @@ -9,8 +9,8 @@ * ********************************************************************************/ -$del_id = $_REQUEST['delete_currency_id']; -$tran_id = $_REQUEST['transfer_currency_id']; +$del_id = vtlib_purify($_REQUEST['delete_currency_id']); +$tran_id = vtlib_purify($_REQUEST['transfer_currency_id']); // Transfer all the data refering to currency $del_id to currency $tran_id transferCurrency($del_id, $tran_id); diff --git a/modules/Settings/CurrencyDeleteStep1.php b/modules/Settings/CurrencyDeleteStep1.php index 5bd8160..b5497a2 100644 --- a/modules/Settings/CurrencyDeleteStep1.php +++ b/modules/Settings/CurrencyDeleteStep1.php @@ -17,7 +17,7 @@ global $app_strings; global $theme; $theme_path="themes/".$theme."/"; -$delete_currency_id = $_REQUEST['id']; +$delete_currency_id = vtlib_purify($_REQUEST['id']); $sql = "select * from vtiger_currency_info where id=?"; $result = $adb->pquery($sql, array($delete_currency_id)); $delete_currencyname = $adb->query_result($result,0,"currency_name"); diff --git a/modules/Settings/CurrencyEditView.php b/modules/Settings/CurrencyEditView.php index 271318c..39f2a7b 100644 --- a/modules/Settings/CurrencyEditView.php +++ b/modules/Settings/CurrencyEditView.php @@ -15,7 +15,7 @@ $theme_path="themes/".$theme."/"; $image_path=$theme_path."images/"; $smarty=new vtigerCRM_Smarty; -if(isset($_REQUEST['record']) && $_REQUEST['record']!='') +if(isset($_REQUEST['record']) && $_REQUEST['record'] != '' ) { $tempid = vtlib_purify($_REQUEST['record']); $currency = ''; diff --git a/modules/Settings/CustomModEntityNo.php b/modules/Settings/CustomModEntityNo.php index a834d46..cb779fb 100644 --- a/modules/Settings/CustomModEntityNo.php +++ b/modules/Settings/CustomModEntityNo.php @@ -110,7 +110,7 @@ function getCRMSupportedModules() { global $adb; $sql="select tabid,name from vtiger_tab where isentitytype = 1 and presence = 0 and tabid in(select distinct tabid from vtiger_field where uitype='4')"; - $result = $adb->query($sql); + $result = $adb->pquery($sql, array()); while($moduleinfo=$adb->fetch_array($result)) { $modulelist[$moduleinfo['name']] = $moduleinfo['name']; diff --git a/modules/Settings/DeleteCustomField.php b/modules/Settings/DeleteCustomField.php index f6df007..6a3cb10 100644 --- a/modules/Settings/DeleteCustomField.php +++ b/modules/Settings/DeleteCustomField.php @@ -87,6 +87,11 @@ if($uitype == 15) { $deltablequery = 'drop table vtiger_'.$adb->sql_escape_string($colName); $adb->pquery($deltablequery, array()); + + $deltablequery_seq = 'drop table vtiger_'.$adb->sql_escape_string($colName).'_seq'; + $adb->pquery($deltablequery_seq, array()); + //Remove picklist dependencies + $adb->query("DELETE FROM vtiger_picklist_dependency WHERE vtiger_picklist_dependency.targetfield = '".$colName."'"); } header("Location:index.php?module=Settings&action=CustomFieldList&fld_module=".$fld_module."&parenttab=Settings"); diff --git a/modules/Settings/DeleteMailAccount.php b/modules/Settings/DeleteMailAccount.php index a79eebd..b5247a9 100644 --- a/modules/Settings/DeleteMailAccount.php +++ b/modules/Settings/DeleteMailAccount.php @@ -11,9 +11,9 @@ global $adb; if($_REQUEST['idstring'] != '') - $idlist = $_REQUEST['idstring']; + $idlist = vtlib_purify ($_REQUEST['idstring']); elseif($_REQUEST['idlist'] != '') - $idlist = $_REQUEST['idlist']; + $idlist = vtlib_purify ($_REQUEST['idlist']); $selected_array = explode(";",$idlist); foreach($selected_array as $account_id) { diff --git a/modules/Settings/EditCompanyDetails.php b/modules/Settings/EditCompanyDetails.php index 6d7ff63..d5408f6 100644 --- a/modules/Settings/EditCompanyDetails.php +++ b/modules/Settings/EditCompanyDetails.php @@ -17,7 +17,7 @@ $smarty = new vtigerCRM_Smarty; //error handling if(isset($_REQUEST['flag']) && $_REQUEST['flag'] != '') { - $flag = $_REQUEST['flag']; + $flag = vtlib_purify($_REQUEST['flag']); switch($flag) { case 1: diff --git a/modules/Settings/EditInventoryNotification.php b/modules/Settings/EditInventoryNotification.php index 99dbf8c..5919627 100755 --- a/modules/Settings/EditInventoryNotification.php +++ b/modules/Settings/EditInventoryNotification.php @@ -23,7 +23,7 @@ $image_path=$theme_path."images/"; $smarty = new vtigerCRM_Smarty; if(isset($_REQUEST['record']) && $_REQUEST['record']!='') { - $id = $_REQUEST['record']; + $id = vtlib_purify($_REQUEST['record']); $sql="select * from vtiger_inventorynotification where notificationid = ?"; $result = $adb->pquery($sql, array($id)); if($adb->num_rows($result) ==1); diff --git a/modules/Settings/EditNotification.php b/modules/Settings/EditNotification.php index e4afabc..e8acb86 100644 --- a/modules/Settings/EditNotification.php +++ b/modules/Settings/EditNotification.php @@ -22,7 +22,7 @@ $smarty = new vtigerCRM_Smarty; if(isset($_REQUEST['record']) && $_REQUEST['record']!='') { //Added to show the previous selected value when editing - $id = $_REQUEST['record']; + $id = vtlib_purify($_REQUEST['record']); $query='select vtiger_emailtemplates.templateid,vtiger_emailtemplates.templatename from vtiger_notificationscheduler inner join vtiger_emailtemplates on vtiger_emailtemplates.templateid=vtiger_notificationscheduler.notificationbody where schedulednotificationid=?'; $result = $adb->pquery($query, array($id)); diff --git a/modules/Settings/LayoutBlockList.php b/modules/Settings/LayoutBlockList.php index 7f82094..5d3f33e 100644 --- a/modules/Settings/LayoutBlockList.php +++ b/modules/Settings/LayoutBlockList.php @@ -20,7 +20,7 @@ $image_path=$theme_path."images/"; require_once('modules/Vtiger/layout_utils.php'); $smarty=new vtigerCRM_Smarty; -$subMode = $_REQUEST['sub_mode']; +$subMode = vtlib_purify($_REQUEST['sub_mode']); $smarty->assign("MOD",$mod_strings); $smarty->assign("APP",$app_strings); $smarty->assign("THEME", $theme); @@ -393,19 +393,19 @@ function changeFieldOrder() { if(!empty($_REQUEST['what_to_do'])) { if($_REQUEST['what_to_do']=='block_down') { $sql="select * from vtiger_blocks where blockid=?"; - $result = $adb->pquery($sql, array($_REQUEST['blockid'])); + $result = $adb->pquery($sql, array(vtlib_purify($_REQUEST['blockid']))); $row= $adb->fetch_array($result); $current_sequence=$row[sequence]; $sql_next="select * from vtiger_blocks where sequence > ? and tabid=? limit 0,1"; - $result_next = $adb->pquery($sql_next, array($current_sequence,$_REQUEST[tabid])); + $result_next = $adb->pquery($sql_next, array($current_sequence, vtlib_purify($_REQUEST[tabid]))); $row_next= $adb->fetch_array($result_next); $next_sequence=$row_next[sequence]; $next_id=$row_next[blockid]; $sql_up_current="update vtiger_blocks set sequence=? where blockid=?"; - $result_up_current = $adb->pquery($sql_up_current, array($next_sequence,$_REQUEST['blockid'])); + $result_up_current = $adb->pquery($sql_up_current, array($next_sequence, vtlib_purify($_REQUEST['blockid']))); $sql_up_next="update vtiger_blocks set sequence=? where blockid=?"; @@ -414,12 +414,12 @@ function changeFieldOrder() { if($_REQUEST['what_to_do']=='block_up') { $sql="select * from vtiger_blocks where blockid=?"; - $result = $adb->pquery($sql, array($_REQUEST['blockid'])); + $result = $adb->pquery($sql, array(vtlib_purify($_REQUEST['blockid']))); $row= $adb->fetch_array($result); $current_sequence=$row[sequence]; $sql_previous="select * from vtiger_blocks where sequence < ? and tabid=? order by sequence desc limit 0,1"; - $result_previous = $adb->pquery($sql_previous, array($current_sequence,$_REQUEST[tabid])); + $result_previous = $adb->pquery($sql_previous, array($current_sequence, vtlib_purify($_REQUEST[tabid]))); $row_previous= $adb->fetch_array($result_previous); $previous_sequence=$row_previous[sequence]; $previous_id=$row_previous[blockid]; @@ -435,15 +435,15 @@ function changeFieldOrder() { if($_REQUEST['what_to_do']=='down' || $_REQUEST['what_to_do']=='Right') { $sql="select * from vtiger_field where fieldid=? and vtiger_field.presence in (0,2)"; - $result = $adb->pquery($sql, array($_REQUEST['fieldid'])); + $result = $adb->pquery($sql, array(vtlib_purify($_REQUEST['fieldid']))); $row= $adb->fetch_array($result); $current_sequence=$row['sequence']; if($_REQUEST['what_to_do']=='down') { $sql_next="select * from vtiger_field where sequence > ? and block = ? and vtiger_field.presence in (0,2) order by sequence limit 1,1"; - $sql_next_params = array($current_sequence, $_REQUEST['blockid']); + $sql_next_params = array($current_sequence, vtlib_purify($_REQUEST['blockid'])); }else { $sql_next="select * from vtiger_field where sequence > ? and block = ? and vtiger_field.presence in (0,2) order by sequence limit 0,1"; - $sql_next_params = array($current_sequence, $_REQUEST['blockid']); + $sql_next_params = array($current_sequence, vtlib_purify($_REQUEST['blockid'])); } $result_next = $adb->pquery($sql_next,$sql_next_params); @@ -452,7 +452,7 @@ function changeFieldOrder() { $next_id=$row_next['fieldid']; $sql_up_current="update vtiger_field set sequence=? where fieldid=?"; - $result_up_current = $adb->pquery($sql_up_current, array($next_sequence,$_REQUEST['fieldid'])); + $result_up_current = $adb->pquery($sql_up_current, array($next_sequence, vtlib_purify($_REQUEST['fieldid']))); $sql_up_next="update vtiger_field set sequence=? where fieldid=?"; $result_up_next = $adb->pquery($sql_up_next, array($current_sequence,$next_id)); @@ -461,16 +461,16 @@ function changeFieldOrder() { if($_REQUEST['what_to_do']=='up' || $_REQUEST['what_to_do']=='Left') { $sql="select * from vtiger_field where fieldid=? and vtiger_field.presence in (0,2)"; - $result = $adb->pquery($sql, array($_REQUEST['fieldid'])); + $result = $adb->pquery($sql, array(vtlib_purify($_REQUEST['fieldid']))); $row= $adb->fetch_array($result); $current_sequence=$row['sequence']; if($_REQUEST['what_to_do']=='up') { $sql_previous="select * from vtiger_field where sequence < ? and block=? and vtiger_field.presence in (0,2) order by sequence desc limit 1,1"; - $sql_prev_params = array($current_sequence,$_REQUEST['blockid']); + $sql_prev_params = array($current_sequence, vtlib_purify($_REQUEST['blockid'])); }else { $sql_previous="select * from vtiger_field where sequence < ? and block=? and vtiger_field.presence in (0,2) order by sequence desc limit 0,1"; - $sql_prev_params = array($current_sequence,$_REQUEST['blockid']); + $sql_prev_params = array($current_sequence, vtlib_purify($_REQUEST['blockid'])); } $result_previous = $adb->pquery($sql_previous,$sql_prev_params); @@ -479,7 +479,7 @@ function changeFieldOrder() { $previous_id=$row_previous['fieldid']; $sql_up_current="update vtiger_field set sequence=? where fieldid=?"; - $result_up_current = $adb->pquery($sql_up_current, array($previous_sequence,$_REQUEST['fieldid'])); + $result_up_current = $adb->pquery($sql_up_current, array($previous_sequence, vtlib_purify($_REQUEST['fieldid']))); $sql_up_previous="update vtiger_field set sequence=? where fieldid=?"; $result_up_previous = $adb->pquery($sql_up_previous, array($current_sequence,$previous_id)); @@ -488,12 +488,12 @@ function changeFieldOrder() { if($_REQUEST['what_to_do']=='show') { $sql_up_display="update vtiger_blocks set display_status='1' where blockid=?"; - $result_up_display = $adb->pquery($sql_up_display, array($_REQUEST['blockid'])); + $result_up_display = $adb->pquery($sql_up_display, array(vtlib_purify($_REQUEST['blockid']))); } if($_REQUEST['what_to_do']=='hide') { $sql_up_display="update vtiger_blocks set display_status='0' where blockid=?"; - $result_up_display = $adb->pquery($sql_up_display, array($_REQUEST['blockid'])); + $result_up_display = $adb->pquery($sql_up_display, array(vtlib_purify($_REQUEST['blockid']))); } } } @@ -531,7 +531,7 @@ function getFieldInfo($fieldname,$typeofdata,$quickcreate,$massedit,$presence,$s function updateFieldProperties() { global $adb,$smarty,$log; - $fieldid = $_REQUEST['fieldid']; + $fieldid = vtlib_purify($_REQUEST['fieldid']); $req_sql = "select * from vtiger_field where fieldid = ? and fieldname not in('salutationtype') and vtiger_field.presence in (0,2)"; $req_result = $adb->pquery($req_sql, array($fieldid)); @@ -555,10 +555,10 @@ function updateFieldProperties() { $focus = CRMEntity::getInstance($fld_module); $fieldtype = explode("~",$typeofdata); - $mandatory_checked= $_REQUEST['ismandatory']; - $quickcreate_checked = $_REQUEST['quickcreate']; - $presence_check = $_REQUEST['isPresent']; - $massedit_check = $_REQUEST['massedit']; + $mandatory_checked= vtlib_purify($_REQUEST['ismandatory']); + $quickcreate_checked = vtlib_purify($_REQUEST['quickcreate']); + $presence_check = vtlib_purify($_REQUEST['isPresent']); + $massedit_check = vtlib_purify($_REQUEST['massedit']); $defaultvalue = vtlib_purify($_REQUEST['defaultvalue']); if(!empty($defaultvalue)) { @@ -651,10 +651,10 @@ function updateFieldProperties() { function deleteCustomField() { global $adb; - $fld_module = $_REQUEST["fld_module"]; - $id = $_REQUEST["fld_id"]; - $colName = $_REQUEST["colName"]; - $uitype = $_REQUEST["uitype"]; + $fld_module = vtlib_purify($_REQUEST["fld_module"]); + $id = vtlib_purify($_REQUEST["fld_id"]); + $colName = vtlib_purify($_REQUEST["colName"]); + $uitype = vtlib_purify($_REQUEST["uitype"]); $fieldquery = 'select * from vtiger_field where fieldid = ?'; $res = $adb->pquery($fieldquery,array($id)); @@ -716,6 +716,11 @@ function deleteCustomField() { if($uitype == 15) { $deltablequery = 'drop table vtiger_'.$adb->sql_escape_string($colName); $adb->pquery($deltablequery, array()); + + $deltablequery_seq = 'drop table vtiger_'.$adb->sql_escape_string($colName).'_seq'; + $adb->pquery($deltablequery_seq, array()); + //Remove picklist dependencies + $adb->query("DELETE FROM vtiger_picklist_dependency WHERE vtiger_picklist_dependency.targetfield = '".$colName."'"); } } @@ -723,11 +728,11 @@ function deleteCustomField() { function addblock() { global $mod_strings,$log,$adb; - $fldmodule=$_REQUEST['fld_module']; - $mode=$_REQUEST['mode']; + $fldmodule = vtlib_purify($_REQUEST['fld_module']); + $mode= vtlib_purify($_REQUEST['mode']); - $newblocklabel = trim($_REQUEST['blocklabel']); - $after_block = $_REQUEST['after_blockid']; + $newblocklabel = trim(vtlib_purify($_REQUEST['blocklabel'])); + $after_block = vtlib_purify($_REQUEST['after_blockid']); $tabid = getTabid($fldmodule); $flag = 0; @@ -770,7 +775,7 @@ function addblock() { function deleteBlock() { global $adb; - $blockid = $_REQUEST['blockid']; + $blockid = vtlib_purify($_REQUEST['blockid']); $deleteblock = 'delete from vtiger_blocks where blockid = ? and iscustom = 1'; $res = $adb->pquery($deleteblock,array($blockid)); @@ -789,7 +794,7 @@ function addCustomField() { $tabid = getTabid($fldmodule); if ($fldmodule == 'Calendar' && isset($_REQUEST['activity_type'])) { - $activitytype = $_REQUEST['activity_type']; + $activitytype = vtlib_purify($_REQUEST['activity_type']); if ($activitytype == 'E') $tabid = '16'; if ($activitytype == 'T') $tabid = '9'; } @@ -822,11 +827,11 @@ function addCustomField() { } } //Assigning the uitype - $fldlength=$_REQUEST['fldLength']; + $fldlength = vtlib_purify($_REQUEST['fldLength']); $uitype=''; $fldPickList=''; if(isset($_REQUEST['fldDecimal']) && $_REQUEST['fldDecimal'] != '') { - $decimal=$_REQUEST['fldDecimal']; + $decimal = vtlib_purify($_REQUEST['fldDecimal']); }else { $decimal=0; } @@ -946,7 +951,7 @@ function addCustomField() { $qry="select picklistid from vtiger_picklist where name=?"; $picklistid = $adb->query_result($adb->pquery($qry, array($columnName)), 0,'picklistid'); $pickArray = Array(); - $fldPickList = $_REQUEST['fldPickList']; + $fldPickList = vtlib_purify($_REQUEST['fldPickList']); $pickArray = explode("\n",$fldPickList); $count = count($pickArray); global $default_charset; @@ -983,23 +988,23 @@ function addCustomField() { function show_move_hiddenfields($submode) { global $adb,$log; - $selected_fields = $_REQUEST['selected']; + $selected_fields = vtlib_purify($_REQUEST['selected']); $selected = trim($selected_fields,":"); $sel_arr = array(); $sel_arr = explode(":",$selected); - $sequence = $adb->pquery('select max(sequence) as maxseq from vtiger_field where block = ? and tabid = ?',array($_REQUEST['blockid'],$_REQUEST['tabid'])); + $sequence = $adb->pquery('select max(sequence) as maxseq from vtiger_field where block = ? and tabid = ?',array(vtlib_purify($_REQUEST['blockid']), vtlib_purify($_REQUEST['tabid']))); $max = $adb->query_result($sequence,0,'maxseq'); $max_seq = $max + 1; if($submode == 'showhiddenfields') { for($i=0; $i< count($sel_arr);$i++) { - $res = $adb->pquery('update vtiger_field set presence = 2,sequence = ? where block = ? and fieldid = ?', array($max_seq,$_REQUEST['blockid'],$sel_arr[$i])); + $res = $adb->pquery('update vtiger_field set presence = 2,sequence = ? where block = ? and fieldid = ?', array($max_seq, vtlib_purify($_REQUEST['blockid']),$sel_arr[$i])); $max_seq++; } } else { for($i=0; $i< count($sel_arr);$i++) { - $res = $adb->pquery('update vtiger_field set sequence = ? , block = ? where fieldid = ?', array($max_seq,$_REQUEST['blockid'],$sel_arr[$i])); + $res = $adb->pquery('update vtiger_field set sequence = ? , block = ? where fieldid = ?', array($max_seq, vtlib_purify($_REQUEST['blockid']),$sel_arr[$i])); $max_seq++; } } @@ -1027,27 +1032,27 @@ function getRelatedListInfo($module) { function changeRelatedListOrder() { global $adb,$log; - $tabid = $_REQUEST['tabid']; - $what_todo = $_REQUEST['what_to_do']; + $tabid = vtlib_purify($_REQUEST['tabid']); + $what_todo = vtlib_purify($_REQUEST['what_to_do']); if(!empty($_REQUEST['what_to_do'])) { if($_REQUEST['what_to_do'] == 'move_up') { - $currentsequence = $_REQUEST['sequence']; + $currentsequence = vtlib_purify($_REQUEST['sequence']); $previous_relation = $adb->pquery('select relation_id,sequence from vtiger_relatedlists where sequence < ? and tabid = ? order by sequence desc limit 0,1',array($currentsequence,$tabid)); $previous_sequence = $adb->query_result($previous_relation,0,'sequence'); $previous_relationid = $adb->query_result($previous_relation,0,'relation_id'); - $adb->pquery('update vtiger_relatedlists set sequence = ? where relation_id = ? and tabid = ?',array($previous_sequence,$_REQUEST['id'],$tabid)); + $adb->pquery('update vtiger_relatedlists set sequence = ? where relation_id = ? and tabid = ?',array($previous_sequence, vtlib_purify($_REQUEST['id']),$tabid)); $adb->pquery('update vtiger_relatedlists set sequence = ? where tabid = ? and relation_id = ?',array($currentsequence,$tabid,$previous_relationid)); }elseif($_REQUEST['what_to_do'] == 'move_down') { - $currentsequence = $_REQUEST['sequence']; + $currentsequence = vtlib_purify($_REQUEST['sequence']); $next_relation = $adb->pquery('select relation_id,sequence from vtiger_relatedlists where sequence > ? and tabid = ? order by sequence limit 0,1',array($currentsequence,$tabid)); $next_sequence = $adb->query_result($next_relation,0,'sequence'); $next_relationid = $adb->query_result($next_relation,0,'relation_id'); - $adb->pquery('update vtiger_relatedlists set sequence = ? where relation_id = ? and tabid = ?',array($next_sequence,$_REQUEST['id'],$tabid)); + $adb->pquery('update vtiger_relatedlists set sequence = ? where relation_id = ? and tabid = ?',array($next_sequence, vtlib_purify($_REQUEST['id']),$tabid)); $adb->pquery('update vtiger_relatedlists set sequence = ? where tabid = ? and relation_id = ?',array($currentsequence,$tabid,$next_relationid)); } diff --git a/modules/Settings/MailScanner.php b/modules/Settings/MailScanner.php index d5914bc..a588461 100644 --- a/modules/Settings/MailScanner.php +++ b/modules/Settings/MailScanner.php @@ -12,10 +12,10 @@ require_once('include/utils/utils.php'); require_once('Smarty_setup.php'); -$mode = $_REQUEST['mode']; +$mode = vtlib_purify($_REQUEST['mode']); if($mode == 'Ajax' && !empty($_REQUEST['xmode'])) { - $mode = $_REQUEST['xmode']; + $mode = vtlib_purify($_REQUEST['xmode']); } /** Based on the mode include the MailScanner file. */ diff --git a/modules/Settings/MailScanner/MailScannerEdit.php b/modules/Settings/MailScanner/MailScannerEdit.php index d6a06ee..5fb74c2 100644 --- a/modules/Settings/MailScanner/MailScannerEdit.php +++ b/modules/Settings/MailScanner/MailScannerEdit.php @@ -20,7 +20,7 @@ $smarty->assign("APP", $app_strings); $smarty->assign("THEME", $theme); $smarty->assign("IMAGE_PATH","themes/$theme/images/"); -$scannername = $_REQUEST['scannername']; +$scannername = vtlib_purify($_REQUEST['scannername']); $scannerinfo = new Vtiger_MailScannerInfo($scannername); diff --git a/modules/Settings/MailScanner/MailScannerFolder.php b/modules/Settings/MailScanner/MailScannerFolder.php index 068d178..4f9ff1b 100644 --- a/modules/Settings/MailScanner/MailScannerFolder.php +++ b/modules/Settings/MailScanner/MailScannerFolder.php @@ -20,7 +20,7 @@ $smarty->assign("APP", $app_strings); $smarty->assign("THEME", $theme); $smarty->assign("IMAGE_PATH","themes/$theme/images/"); -$scannername = $_REQUEST['scannername']; +$scannername = vtlib_purify($_REQUEST['scannername']); $scannerinfo = new Vtiger_MailScannerInfo($scannername); $smarty->assign("SCANNERINFO", $scannerinfo->getAsMap()); diff --git a/modules/Settings/MailScanner/MailScannerFolderSave.php b/modules/Settings/MailScanner/MailScannerFolderSave.php index 3d17786..9d4cfa2 100644 --- a/modules/Settings/MailScanner/MailScannerFolderSave.php +++ b/modules/Settings/MailScanner/MailScannerFolderSave.php @@ -11,14 +11,14 @@ require_once('modules/Settings/MailScanner/core/MailScannerInfo.php'); require_once('Smarty_setup.php'); -$scannername = $_REQUEST['scannername']; +$scannername = vtlib_purify($_REQUEST['scannername']); $scannerinfo = new Vtiger_MailScannerInfo($scannername); $folderinfo = Array(); foreach($_REQUEST as $key=>$value) { $matches = Array(); - if(preg_match("/folder_([0-9]+)/", $key, $matches)) { - $folderinfo[$value] = Array('folderid'=>$matches[1], 'enabled'=>1); + if(preg_match("/folder_([0-9]+)/", vtlib_purify($key), $matches)) { + $folderinfo[vtlib_purify($value)] = Array('folderid'=>$matches[1], 'enabled'=>1); } } $scannerinfo->enableFoldersForScan($folderinfo); diff --git a/modules/Settings/MailScanner/MailScannerFolderUpdate.php b/modules/Settings/MailScanner/MailScannerFolderUpdate.php index 5319b49..48f21ce 100644 --- a/modules/Settings/MailScanner/MailScannerFolderUpdate.php +++ b/modules/Settings/MailScanner/MailScannerFolderUpdate.php @@ -21,7 +21,7 @@ $smarty->assign("APP", $app_strings); $smarty->assign("THEME", $theme); $smarty->assign("IMAGE_PATH","themes/$theme/images/"); -$scannername = $_REQUEST['scannername']; +$scannername = vtlib_purify($_REQUEST['scannername']); $scannerinfo = new Vtiger_MailScannerInfo($scannername); $mailbox = new Vtiger_MailBox($scannerinfo); diff --git a/modules/Settings/MailScanner/MailScannerRemove.php b/modules/Settings/MailScanner/MailScannerRemove.php index 79ff6f8..c6fb278 100644 --- a/modules/Settings/MailScanner/MailScannerRemove.php +++ b/modules/Settings/MailScanner/MailScannerRemove.php @@ -12,7 +12,7 @@ require_once('modules/Settings/MailScanner/core/MailScannerInfo.php'); require_once('modules/Settings/MailScanner/core/MailBox.php'); -$scannerinfo = new Vtiger_MailScannerInfo(trim($_REQUEST['scannername'])); +$scannerinfo = new Vtiger_MailScannerInfo(trim(vtlib_purify($_REQUEST['scannername']))); $scannerinfo->delete(); diff --git a/modules/Settings/MailScanner/MailScannerRule.php b/modules/Settings/MailScanner/MailScannerRule.php index 8cf0ce2..f043c63 100644 --- a/modules/Settings/MailScanner/MailScannerRule.php +++ b/modules/Settings/MailScanner/MailScannerRule.php @@ -14,7 +14,7 @@ require_once('Smarty_setup.php'); global $app_strings, $mod_strings, $currentModule, $theme, $current_language; -$scannername = $_REQUEST['scannername']; +$scannername = vtlib_purify($_REQUEST['scannername']); $scannerinfo = new Vtiger_MailScannerInfo($scannername); $smarty = new vtigerCRM_Smarty; diff --git a/modules/Settings/MailScanner/MailScannerRuleDelete.php b/modules/Settings/MailScanner/MailScannerRuleDelete.php index f4f0fb4..4c2f5fe 100644 --- a/modules/Settings/MailScanner/MailScannerRuleDelete.php +++ b/modules/Settings/MailScanner/MailScannerRuleDelete.php @@ -10,8 +10,8 @@ ********************************************************************************/ require_once('modules/Settings/MailScanner/core/MailScannerRule.php'); -$scannername = $_REQUEST['scannername']; -$scannerruleid= $_REQUEST['ruleid']; +$scannername = vtlib_purify($_REQUEST['scannername']); +$scannerruleid= vtlib_purify($_REQUEST['ruleid']); $scannerrule = new Vtiger_MailScannerRule($scannerruleid); $scannerrule->delete(); diff --git a/modules/Settings/MailScanner/MailScannerRuleEdit.php b/modules/Settings/MailScanner/MailScannerRuleEdit.php index 2ec6240..94b335e 100644 --- a/modules/Settings/MailScanner/MailScannerRuleEdit.php +++ b/modules/Settings/MailScanner/MailScannerRuleEdit.php @@ -21,8 +21,8 @@ $smarty->assign("APP", $app_strings); $smarty->assign("THEME", $theme); $smarty->assign("IMAGE_PATH","themes/$theme/images/"); -$scannername = $_REQUEST['scannername']; -$scannerruleid= $_REQUEST['ruleid']; +$scannername = vtlib_purify($_REQUEST['scannername']); +$scannerruleid= vtlib_purify($_REQUEST['ruleid']); $scannerinfo = new Vtiger_MailScannerInfo($scannername); $scannerrule = new Vtiger_MailScannerRule($scannerruleid); diff --git a/modules/Settings/MailScanner/MailScannerRuleMove.php b/modules/Settings/MailScanner/MailScannerRuleMove.php index 0f081e7..b6ab941 100644 --- a/modules/Settings/MailScanner/MailScannerRuleMove.php +++ b/modules/Settings/MailScanner/MailScannerRuleMove.php @@ -11,9 +11,9 @@ require_once('modules/Settings/MailScanner/core/MailScannerRule.php'); -$mode = $_REQUEST['mode']; -$targetruleid = $_REQUEST['targetruleid']; -$ruleid = $_REQUEST['ruleid']; +$mode = vtlib_purify($_REQUEST['mode']); +$targetruleid = vtlib_purify($_REQUEST['targetruleid']); +$ruleid = vtlib_purify($_REQUEST['ruleid']); if($mode == 'rulemove_up') { Vtiger_MailScannerRule::resetSequence($ruleid, $targetruleid); diff --git a/modules/Settings/MailScanner/MailScannerRuleSave.php b/modules/Settings/MailScanner/MailScannerRuleSave.php index dc785d9..f8dab0a 100644 --- a/modules/Settings/MailScanner/MailScannerRuleSave.php +++ b/modules/Settings/MailScanner/MailScannerRuleSave.php @@ -15,25 +15,25 @@ require_once('Smarty_setup.php'); global $app_strings, $mod_strings, $currentModule, $theme, $current_language; -$scannername = $_REQUEST['scannername']; -$scannerruleid= $_REQUEST['ruleid']; -$scanneractionid=$_REQUEST['actionid']; +$scannername = vtlib_purify($_REQUEST['scannername']); +$scannerruleid= vtlib_purify($_REQUEST['ruleid']); +$scanneractionid= vtlib_purify($_REQUEST['actionid']); $scannerinfo = new Vtiger_MailScannerInfo($scannername); $scannerrule = new Vtiger_MailScannerRule($scannerruleid); $scannerrule->scannerid = $scannerinfo->scannerid; -$scannerrule->fromaddress = $_REQUEST['rule_from']; -$scannerrule->toaddress = $_REQUEST['rule_to']; -$scannerrule->subjectop = $_REQUEST['rule_subjectop']; -$scannerrule->subject = $_REQUEST['rule_subject']; -$scannerrule->bodyop = $_REQUEST['rule_bodyop']; -$scannerrule->body = $_REQUEST['rule_body']; -$scannerrule->matchusing= $_REQUEST['rule_matchusing']; +$scannerrule->fromaddress = vtlib_purify($_REQUEST['rule_from']); +$scannerrule->toaddress = vtlib_purify($_REQUEST['rule_to']); +$scannerrule->subjectop = vtlib_purify($_REQUEST['rule_subjectop']); +$scannerrule->subject = vtlib_purify($_REQUEST['rule_subject']); +$scannerrule->bodyop = vtlib_purify($_REQUEST['rule_bodyop']); +$scannerrule->body = vtlib_purify($_REQUEST['rule_body']); +$scannerrule->matchusing= vtlib_purify($_REQUEST['rule_matchusing']); $scannerrule->update(); -$scannerrule->updateAction($scanneractionid, $_REQUEST['rule_actiontext']); +$scannerrule->updateAction($scanneractionid, vtlib_purify($_REQUEST['rule_actiontext'])); include('modules/Settings/MailScanner/MailScannerRule.php'); diff --git a/modules/Settings/MailScanner/MailScannerSave.php b/modules/Settings/MailScanner/MailScannerSave.php index 28710ee..3c547dd 100644 --- a/modules/Settings/MailScanner/MailScannerSave.php +++ b/modules/Settings/MailScanner/MailScannerSave.php @@ -36,14 +36,14 @@ $newscannerinfo->ssltype = vtlib_purify(trim($_REQUEST['mailboxinfo_ssltype'] $newscannerinfo->sslmethod = vtlib_purify(trim($_REQUEST['mailboxinfo_sslmethod'])); $newscannerinfo->searchfor = vtlib_purify(trim($_REQUEST['mailboxinfo_searchfor'])); $newscannerinfo->markas = vtlib_purify(trim($_REQUEST['mailboxinfo_markas'])); -$newscannerinfo->isvalid =($_REQUEST['mailboxinfo_enable'] == 'true')? true : false; +$newscannerinfo->isvalid =(vtlib_purify($_REQUEST['mailboxinfo_enable']) == 'true')? true : false; // Rescan all folders on next run? -$rescanfolder = ($_REQUEST['mailboxinfo_rescan_folders'] == 'true')? true : false; +$rescanfolder = (vtlib_purify($_REQUEST['mailboxinfo_rescan_folders']) == 'true')? true : false; $isconnected = false; -$scannerinfo = new Vtiger_MailScannerInfo(trim($_REQUEST['hidden_scannername'])); +$scannerinfo = new Vtiger_MailScannerInfo(vtlib_purify(trim($_REQUEST['hidden_scannername']))); if(!$scannerinfo->compare($newscannerinfo)) { $mailbox = new Vtiger_MailBox($newscannerinfo); diff --git a/modules/Settings/MenuEditor.php b/modules/Settings/MenuEditor.php index dc4c25f..7440c71 100755 --- a/modules/Settings/MenuEditor.php +++ b/modules/Settings/MenuEditor.php @@ -10,9 +10,9 @@ include_once('vtlib/Vtiger/Utils.php'); require_once('include/utils/CommonUtils.php'); require_once('Smarty_setup.php'); -$module_disable = $_REQUEST['module_disable']; -$module_name = $_REQUEST['module_name']; -$module_enable = $_REQUEST['module_enable']; +$module_disable = vtlib_purify($_REQUEST['module_disable']); +$module_name = vtlib_purify($_REQUEST['module_name']); +$module_enable = vtlib_purify($_REQUEST['module_enable']); global $mod_strings,$app_strings,$theme; global $log; require_once('include/utils/CommonUtils.php'); @@ -23,7 +23,7 @@ $smarty->assign("ALLMENUS",getAllMenuModules()); $smarty->assign("APP",$app_strings); $smarty->assign("THEME",$theme); $smarty->assign("ASSIGNED_VALUES",getTopMenuModules()); -if($_REQUEST['ajax'] == true) { +if(vtlib_purify($_REQUEST['ajax']) == true) { $smarty->display("Settings/MenuEditorAssign.tpl"); } else { $smarty->display('Settings/MenuEditor.tpl'); diff --git a/modules/Settings/ModifyPickList.php b/modules/Settings/ModifyPickList.php index 36673c5..afa3779 100644 --- a/modules/Settings/ModifyPickList.php +++ b/modules/Settings/ModifyPickList.php @@ -37,8 +37,8 @@ if($mode == 'addnew') { - $newValues = $_REQUEST['newValues']; - $selectedRoles = $_REQUEST['selectedRoles']; + $newValues = vtlib_purify($_REQUEST['newValues']); + $selectedRoles = vtlib_purify($_REQUEST['selectedRoles']); $newPicklist = explode(",",$newValues); $roleIds = explode(":",$selectedRoles); @@ -73,16 +73,16 @@ } if($mode == 'replace') { - $mode_type = $_REQUEST['mode_type']; - $replaceWith = addslashes($_REQUEST['replaceFields']); + $mode_type = vtlib_purify($_REQUEST['mode_type']); + $replaceWith = addslashes(vtlib_purify($_REQUEST['replaceFields'])); if($replaceWith == '--None--') { $replaceWith=''; } - $selectedFields = $_REQUEST['selectedFields']; + $selectedFields = vtlib_purify($_REQUEST['selectedFields']); $unwantedPicklist = explode(',',$selectedFields); - $selectedRoles = $_REQUEST['selectedRoles']; + $selectedRoles = vtlib_purify($_REQUEST['selectedRoles']); $roleIds = explode(":",$selectedRoles); foreach($unwantedPicklist as $key => $val) @@ -188,8 +188,8 @@ if($mode == "transfer") { $option=''; - $selectedFields = $_REQUEST['selectedFields']; - $pick_arr = explode(",",$_REQUEST['selectedFields']); + $selectedFields = vtlib_purify($_REQUEST['selectedFields']); + $pick_arr = explode(",", vtlib_purify($_REQUEST['selectedFields'])); foreach($pick_arr as $v) { $v = urldecode($v); diff --git a/modules/Settings/ModuleManager.php b/modules/Settings/ModuleManager.php index f9488d3..af9f58e 100644 --- a/modules/Settings/ModuleManager.php +++ b/modules/Settings/ModuleManager.php @@ -10,8 +10,8 @@ include_once('vtlib/Vtiger/Utils.php'); -if($_REQUEST['module_settings'] == 'true') { - $targetmodule = $_REQUEST['formodule']; +if(vtlib_purify($_REQUEST['module_settings']) == 'true') { + $targetmodule = vtlib_purify($_REQUEST['formodule']); $targetSettingPage = "modules/$targetmodule/Settings.php"; if(file_exists($targetSettingPage)) { @@ -22,14 +22,14 @@ if($_REQUEST['module_settings'] == 'true') { else{ $modulemanager_uploaddir = 'test/vtlib'; - if($_REQUEST['module_import'] != '') { + if(vtlib_purify($_REQUEST['module_import']) != '') { require_once('modules/Settings/ModuleManager/Import.php'); exit; - } else if($_REQUEST['module_update'] != '') { + } else if(vtlib_purify ($_REQUEST['module_update']) != '') { require_once('modules/Settings/ModuleManager/Update.php'); exit; - } else if($_REQUEST['module_import_cancel'] == 'true') { - $uploadfile = $_REQUEST['module_import_file']; + } else if(vtlib_purify ($_REQUEST['module_import_cancel']) == 'true') { + $uploadfile = vtlib_purify($_REQUEST['module_import_file']); $uploadfilename = "$modulemanager_uploaddir/$uploadfile"; checkFileAccess($uploadfilename); if(file_exists($uploadfilename)) unlink($uploadfilename); @@ -44,10 +44,10 @@ else{ $smarty->assign("THEME", $theme); $smarty->assign("IMAGE_PATH", "themes/$theme/images/"); - $module_disable = $_REQUEST['module_disable']; - $module_name = $_REQUEST['module_name']; - $module_enable = $_REQUEST['module_enable']; - $module_type = $_REQUEST['module_type']; + $module_disable = vtlib_purify($_REQUEST['module_disable']); + $module_name = vtlib_purify($_REQUEST['module_name']); + $module_enable = vtlib_purify($_REQUEST['module_enable']); + $module_type = vtlib_purify($_REQUEST['module_type']); if($module_name != '') { if($module_type == 'language') { diff --git a/modules/Settings/ModuleManager/Export.php b/modules/Settings/ModuleManager/Export.php index e634390..0da086a 100644 --- a/modules/Settings/ModuleManager/Export.php +++ b/modules/Settings/ModuleManager/Export.php @@ -8,7 +8,7 @@ * All Rights Reserved. ********************************************************************************/ -$module_export = $_REQUEST['module_export']; +$module_export = vtlib_purify($_REQUEST['module_export']); require_once("vtlib/Vtiger/Package.php"); require_once("vtlib/Vtiger/Module.php"); diff --git a/modules/Settings/Save.php b/modules/Settings/Save.php index 8292602..31e25f7 100644 --- a/modules/Settings/Save.php +++ b/modules/Settings/Save.php @@ -7,9 +7,11 @@ * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. ********************************************************************************/ +global $mod_strings,$adb,$root_directory; +checkFileAccessForInclusion($root_directory."include/database/PearDatabase.php"); require_once($root_directory."include/database/PearDatabase.php"); -global $mod_strings,$adb; + $server=vtlib_purify($_REQUEST['server']); $port=vtlib_purify($_REQUEST['port']); $server_username=vtlib_purify($_REQUEST['server_username']); diff --git a/modules/Settings/SaveCompany.php b/modules/Settings/SaveCompany.php index 871f67f..09508f9 100644 --- a/modules/Settings/SaveCompany.php +++ b/modules/Settings/SaveCompany.php @@ -10,16 +10,16 @@ require_once("include/database/PearDatabase.php"); -$organization_name=$_REQUEST['organization_name']; -$org_name=$_REQUEST['org_name']; -$organization_address=$_REQUEST['organization_address']; -$organization_city=$_REQUEST['organization_city']; -$organization_state=$_REQUEST['organization_state']; -$organization_code=$_REQUEST['organization_code']; -$organization_country=$_REQUEST['organization_country']; -$organization_phone=$_REQUEST['organization_phone']; -$organization_fax=$_REQUEST['organization_fax']; -$organization_website=$_REQUEST['organization_website']; +$organization_name= $_REQUEST['organization_name']; +$org_name= vtlib_purify($_REQUEST['org_name']); +$organization_address= vtlib_purify($_REQUEST['organization_address']); +$organization_city= vtlib_purify($_REQUEST['organization_city']); +$organization_state= vtlib_purify($_REQUEST['organization_state']); +$organization_code= vtlib_purify($_REQUEST['organization_code']); +$organization_country= vtlib_purify($_REQUEST['organization_country']); +$organization_phone= vtlib_purify($_REQUEST['organization_phone']); +$organization_fax= vtlib_purify($_REQUEST['organization_fax']); +$organization_website= vtlib_purify($_REQUEST['organization_website']); $sql="select * from vtiger_organizationdetails where organizationname = ?"; $result = $adb->pquery($sql, array($org_name)); diff --git a/modules/Settings/SaveCurrencyInfo.php b/modules/Settings/SaveCurrencyInfo.php index 8e4fd18..2074916 100755 --- a/modules/Settings/SaveCurrencyInfo.php +++ b/modules/Settings/SaveCurrencyInfo.php @@ -11,26 +11,26 @@ require_once('include/database/PearDatabase.php'); global $adb; $db = PearDatabase::getInstance(); -$currency_name = $_REQUEST['currency_name']; -$currency_code= $_REQUEST['currency_code']; -$currency_symbol= $_REQUEST['currency_symbol']; -$conversion_rate= $_REQUEST['conversion_rate']; +$currency_name = vtlib_purify($_REQUEST['currency_name']); +$currency_code= vtlib_purify($_REQUEST['currency_code']); +$currency_symbol= vtlib_purify($_REQUEST['currency_symbol']); +$conversion_rate= vtlib_purify($_REQUEST['conversion_rate']); if(isset($_REQUEST['currency_status']) && $_REQUEST['currency_status'] != '') - $currency_status= $_REQUEST['currency_status']; + $currency_status= vtlib_purify($_REQUEST['currency_status']); else $currency_status= 'Active'; -if(isset($_REQUEST['record']) && $_REQUEST['record']!='') +if(isset($_REQUEST['record']) && $_REQUEST['record'] !='') { - $cur_status_res = $adb->pquery("select currency_status from vtiger_currency_info where id=?", array($_REQUEST['record'])); + $cur_status_res = $adb->pquery("select currency_status from vtiger_currency_info where id=?", array(vtlib_purify($_REQUEST['record']))); $old_cur_status = $adb->query_result($cur_status_res,0,'currency_status'); if($currency_status != $old_cur_status && $currency_status == 'Inactive') { - $transfer_cur_id = $_REQUEST['transfer_currency_id']; - if($transfer_cur_id != null) transferCurrency($_REQUEST['record'], $transfer_cur_id); + $transfer_cur_id = vtlib_purify($_REQUEST['transfer_currency_id']); + if($transfer_cur_id != null) transferCurrency(vtlib_purify($_REQUEST['record']), $transfer_cur_id); } $sql = "update vtiger_currency_info set currency_name =?, currency_code =?, currency_symbol =?, conversion_rate =?,currency_status=? where id =?"; - $params = array($currency_name, $currency_code, $currency_symbol, $conversion_rate, $currency_status, $_REQUEST['record']); + $params = array($currency_name, $currency_code, $currency_symbol, $conversion_rate, $currency_status, vtlib_purify($_REQUEST['record'])); } else { diff --git a/modules/Settings/SaveEnableBackup.php b/modules/Settings/SaveEnableBackup.php index 72c26f9..1d9658e 100644 --- a/modules/Settings/SaveEnableBackup.php +++ b/modules/Settings/SaveEnableBackup.php @@ -9,7 +9,7 @@ * ********************************************************************************/ -if(isset($_REQUEST['enable_ftp_backup']) && $_REQUEST['enable_ftp_backup'] != '') +if(isset($_REQUEST['enable_ftp_backup']) && vtlib_purify($_REQUEST['enable_ftp_backup']) != '') { global $root_directory; $filename = $root_directory.'user_privileges/enable_backup.php'; @@ -44,7 +44,7 @@ if(isset($_REQUEST['enable_ftp_backup']) && $_REQUEST['enable_ftp_backup'] != '' fputs($handle, $new_buffer); fclose($handle); } -elseif(isset($_REQUEST['GetBackupDetail']) && $_REQUEST['GetBackupDetail'] != '' && $_REQUEST['servertype'] == 'ftp_backup') +elseif(isset($_REQUEST['GetBackupDetail']) && vtlib_purify ($_REQUEST['GetBackupDetail']) != '' && $_REQUEST['servertype'] == 'ftp_backup') { require_once("include/database/PearDatabase.php"); global $mod_strings,$adb; @@ -58,7 +58,7 @@ elseif(isset($_REQUEST['GetBackupDetail']) && $_REQUEST['GetBackupDetail'] != '' echo "FAILURE"; } -if(isset($_REQUEST['enable_local_backup']) && $_REQUEST['enable_local_backup'] != '') +if(isset($_REQUEST['enable_local_backup']) && vtlib_purify($_REQUEST['enable_local_backup']) != '') { global $root_directory; $filename = $root_directory.'user_privileges/enable_backup.php'; @@ -92,7 +92,7 @@ if(isset($_REQUEST['enable_local_backup']) && $_REQUEST['enable_local_backup'] ! fputs($handle, $new_buffer); fclose($handle); } -elseif(isset($_REQUEST['GetBackupDetail']) && $_REQUEST['GetBackupDetail'] != '' && $_REQUEST['servertype'] == 'local_backup') +elseif(isset($_REQUEST['GetBackupDetail']) && vtlib_purify ($_REQUEST['GetBackupDetail']) != '' && $_REQUEST['servertype'] == 'local_backup') { require_once("include/database/PearDatabase.php"); global $mod_strings,$adb; diff --git a/modules/Settings/SaveInventoryNotification.php b/modules/Settings/SaveInventoryNotification.php index 168a783..3f81ea5 100755 --- a/modules/Settings/SaveInventoryNotification.php +++ b/modules/Settings/SaveInventoryNotification.php @@ -13,7 +13,7 @@ require_once('include/database/PearDatabase.php'); require_once('include/utils/VtlibUtils.php'); global $adb; -if(isset($_REQUEST['record']) && $_REQUEST['record']!='') +if(isset($_REQUEST['record']) && vtlib_purify($_REQUEST['record']) !='') { $query="UPDATE vtiger_inventorynotification set notificationsubject=?, notificationbody=?, status=? where notificationid=?"; $params = array(vtlib_purify($_REQUEST['notifysubject']), vtlib_purify($_REQUEST['notifybody']), vtlib_purify($_REQUEST['status']), vtlib_purify($_REQUEST['record']) ); diff --git a/modules/Settings/SaveNotification.php b/modules/Settings/SaveNotification.php index 1a55954..afd8ee8 100755 --- a/modules/Settings/SaveNotification.php +++ b/modules/Settings/SaveNotification.php @@ -22,7 +22,7 @@ if($notifysubject != '' && $notifybody != '') if(isset($_REQUEST['record']) && $_REQUEST['record']!='') { $query="UPDATE vtiger_notificationscheduler set notificationsubject=?, notificationbody=?, active =? where schedulednotificationid=?"; - $params = array($notifysubject, $notifybody, $_REQUEST['active'], $_REQUEST['record']); + $params = array($notifysubject, $notifybody, vtlib_purify($_REQUEST['active']), vtlib_purify($_REQUEST['record'])); $adb->pquery($query, $params); } $loc = "Location: index.php?action=SettingsAjax&file=listnotificationschedulers&module=Settings&directmode=ajax"; diff --git a/modules/Settings/SaveRole.php b/modules/Settings/SaveRole.php index 9e70b9a..3f34be3 100644 --- a/modules/Settings/SaveRole.php +++ b/modules/Settings/SaveRole.php @@ -10,8 +10,8 @@ require_once('include/database/PearDatabase.php'); global $adb, $mod_strings; -$rolename = $_REQUEST['roleName']; -$mode = $_REQUEST['mode']; +$rolename = vtlib_purify($_REQUEST['roleName']); +$mode = vtlib_purify($_REQUEST['mode']); if(isset($_REQUEST['dup_check']) && $_REQUEST['dup_check']!='') { if($mode != 'edit') @@ -21,7 +21,7 @@ if(isset($_REQUEST['dup_check']) && $_REQUEST['dup_check']!='') } else { - $roleid=$_REQUEST['roleid']; + $roleid= vtlib_purify($_REQUEST['roleid']); $query = 'select rolename from vtiger_role where rolename=? and roleid !=?'; $params = array($rolename, $roleid); } @@ -37,11 +37,11 @@ if(isset($_REQUEST['dup_check']) && $_REQUEST['dup_check']!='') } } -$parentRoleId=$_REQUEST['parent']; +$parentRoleId= vtlib_purify($_REQUEST['parent']); //Inserting values into Role Table if(isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'edit') { - $roleId = $_REQUEST['roleid']; + $roleId = vtlib_purify($_REQUEST['roleid']); $selected_col_string = $_REQUEST['selectedColumnsString']; $profile_array = explode(';',$selected_col_string); updateRole($roleId,$rolename,$profile_array); @@ -49,7 +49,7 @@ if(isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'edit') } elseif(isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'create') { - $selected_col_string = $_REQUEST['selectedColumnsString']; + $selected_col_string = vtlib_purify($_REQUEST['selectedColumnsString']); $profile_array = explode(';',$selected_col_string); //Inserting into vtiger_role Table $roleId = createRole($rolename,$parentRoleId,$profile_array); diff --git a/modules/Settings/SaveSharingRule.php b/modules/Settings/SaveSharingRule.php index 2de05b5..b1bf00e 100644 --- a/modules/Settings/SaveSharingRule.php +++ b/modules/Settings/SaveSharingRule.php @@ -11,19 +11,19 @@ require_once('include/database/PearDatabase.php'); global $adb; -$sharing_module=$_REQUEST['sharing_module']; +$sharing_module= vtlib_purify($_REQUEST['sharing_module']); $tabid=getTabid($sharing_module); -$sharedby = explode('::',$_REQUEST[$sharing_module.'_share']); -$sharedto = explode('::',$_REQUEST[$sharing_module.'_access']); +$sharedby = explode('::', vtlib_purify($_REQUEST[$sharing_module.'_share'])); +$sharedto = explode('::', vtlib_purify($_REQUEST[$sharing_module.'_access'])); $share_entity_type = $sharedby[0]; $to_entity_type = $sharedto[0]; $share_entity_id= $sharedby[1]; $to_entity_id=$sharedto[1]; -$module_sharing_access=$_REQUEST['share_memberType']; +$module_sharing_access= vtlib_purify($_REQUEST['share_memberType']); -$mode=$_REQUEST['mode']; +$mode= vtlib_purify($_REQUEST['mode']); $relatedShareModuleArr=getRelatedSharingModules($tabid); if($mode == 'create') @@ -34,20 +34,20 @@ if($mode == 'create') foreach($relatedShareModuleArr as $reltabid=>$ds_rm_id) { $reltabname=getTabModuleName($reltabid); - $relSharePermission=$_REQUEST[$reltabname.'_accessopt']; + $relSharePermission= vtlib_purify($_REQUEST[$reltabname.'_accessopt']); addRelatedModuleSharingPermission($shareId,$tabid,$reltabid,$relSharePermission); } } elseif($mode == 'edit') { - $shareId=$_REQUEST['shareId']; + $shareId= vtlib_purify($_REQUEST['shareId']); updateSharingRule($shareId,$tabid,$share_entity_type,$to_entity_type,$share_entity_id,$to_entity_id,$module_sharing_access); //Adding the Related ModulePermission Sharing foreach($relatedShareModuleArr as $reltabid=>$ds_rm_id) { $reltabname=getTabModuleName($reltabid); - $relSharePermission=$_REQUEST[$reltabname.'_accessopt']; + $relSharePermission= vtlib_purify($_REQUEST[$reltabname.'_accessopt']); updateRelatedModuleSharingPermission($shareId,$tabid,$reltabid,$relSharePermission); } } diff --git a/modules/Settings/SettingsAjax.php b/modules/Settings/SettingsAjax.php index 7f732f4..a5adc79 100644 --- a/modules/Settings/SettingsAjax.php +++ b/modules/Settings/SettingsAjax.php @@ -9,10 +9,11 @@ ********************************************************************************/ if(isset($_REQUEST['file']) && ($_REQUEST['file'] !='')) { - checkFileAccessForInclusion('modules/Settings/'.$_REQUEST['file'].'.php'); - require_once('modules/Settings/'.$_REQUEST['file'].'.php'); + checkFileAccessForInclusion('modules/Settings/'.vtlib_purify($_REQUEST['file']).'.php'); + require_once('modules/Settings/'.vtlib_purify($_REQUEST['file']).'.php'); } if(isset($_REQUEST['orgajax']) && ($_REQUEST['orgajax'] !='')) { + checkFileAccessForInclusion('modules/Settings/CreateSharingRule.php'); require_once('modules/Settings/CreateSharingRule.php'); } elseif(isset($_REQUEST['announce_save']) && ($_REQUEST['announce_save'] != '')) { $date_var = date('Y-m-d H:i:s'); diff --git a/modules/Settings/TaxConfig.php b/modules/Settings/TaxConfig.php index f176104..befdf8a 100644 --- a/modules/Settings/TaxConfig.php +++ b/modules/Settings/TaxConfig.php @@ -26,8 +26,8 @@ $sh_tax_details = getAllTaxes('all','sh'); if($_REQUEST['save_tax'] == 'true') { for($i=0;$ipquery($sql, array($org_name)); - $org_name = decode_html($adb->query_result($result,0,'organizationname')); - $org_logo = $adb->query_result($result,0,'logoname'); + $organization_logoname = $filename; + if (!isset($organization_logoname)) + $organization_logoname = ""; + $sql = "SELECT * FROM vtiger_organizationdetails WHERE organizationname = ?"; + $result = $adb->pquery($sql, array($org_name)); + $org_name = decode_html($adb->query_result($result, 0, 'organizationname')); + $org_logo = $adb->query_result($result, 0, 'logoname'); - if($org_name=='') - { + if ($org_name == '') { $organizationId = $this->db->getUniqueID('vtiger_organizationdetails'); - $sql="INSERT INTO vtiger_organizationdetails + $sql = "INSERT INTO vtiger_organizationdetails (organization_id,organizationname, address, city, state, code, country, phone, fax, website, logoname) values (?,?,?,?,?,?,?,?,?,?)"; - $params = array($organizationId,$organization_name, $organization_address, $organization_city, $organization_state, $organization_code, - $organization_country, $organization_phone, $organization_fax, $organization_website, $organization_logoname); - } - else - { - if($savelogo=="true") - { - $organization_logoname=$filename; - } - elseif($savelogo=="false" && $error_flag=="") - { - $savelogo="true"; - $organization_logoname=$_REQUEST['PREV_FILE']; + $params = array($organizationId, $organization_name, $organization_address, $organization_city, $organization_state, $organization_code, + $organization_country, $organization_phone, $organization_fax, $organization_website, $organization_logoname); + } else { + if ($savelogo == "true") { + $organization_logoname = $filename; + } elseif ($savelogo == "false" && $error_flag == "") { + $savelogo = "true"; + $organization_logoname = vtlib_purify($_REQUEST['PREV_FILE']); + } else { + $organization_logoname = vtlib_purify($_REQUEST['PREV_FILE']); } - else - { - $organization_logoname=$_REQUEST['PREV_FILE']; - } - if($nologo_specified=="true") - { - $savelogo="true"; - $organization_logoname=$org_logo; + if ($nologo_specified == "true") { + $savelogo = "true"; + $organization_logoname = $org_logo; } $sql = "UPDATE vtiger_organizationdetails SET organizationname = ?, address = ?, city = ?, state = ?, code = ?, country = ?, phone = ?, fax = ?, website = ?, logoname = ? WHERE organizationname = ?"; - $params = array($organization_name, $organization_address, $organization_city, $organization_state, $organization_code, - $organization_country, $organization_phone, $organization_fax, $organization_website, decode_html($organization_logoname), $org_name); + $params = array($organization_name, $organization_address, $organization_city, $organization_state, $organization_code, + $organization_country, $organization_phone, $organization_fax, $organization_website, decode_html($organization_logoname), $org_name); } $adb->pquery($sql, $params); - if($savelogo=="true") - { + if ($savelogo == "true") { header("Location: index.php?parenttab=Settings&module=Settings&action=OrganizationConfig"); + } elseif ($savelogo == "false") { + header("Location: index.php?parenttab=Settings&module=Settings&action=EditCompanyDetails&flag=" . $error_flag); } - elseif($savelogo=="false") - { - - header("Location: index.php?parenttab=Settings&module=Settings&action=EditCompanyDetails&flag=".$error_flag); - } - - - } + } +} else { + $error_flag = 2; + header("Location: index.php?parenttab=Settings&module=Settings&action=EditCompanyDetails&flag=" . $error_flag); +} ?> diff --git a/modules/Settings/deleteemailtemplate.php b/modules/Settings/deleteemailtemplate.php index 4fb5504..24bfe0f 100755 --- a/modules/Settings/deleteemailtemplate.php +++ b/modules/Settings/deleteemailtemplate.php @@ -8,7 +8,7 @@ * All Rights Reserved. ********************************************************************************/ -$idlist = $_REQUEST['idlist']; +$idlist = vtlib_purify($_REQUEST['idlist']); $id_array=explode(';', $idlist); for($i=0;$i < count($id_array)-1;$i++) { diff --git a/modules/Settings/deletewordtemplate.php b/modules/Settings/deletewordtemplate.php index 3df8fe9..097d01d 100755 --- a/modules/Settings/deletewordtemplate.php +++ b/modules/Settings/deletewordtemplate.php @@ -8,7 +8,7 @@ * All Rights Reserved. ********************************************************************************/ -$idlist = $_REQUEST['idlist']; +$idlist = vtlib_purify($_REQUEST['idlist']); $id_array=explode(';', $idlist); for($i=0; $i < count($id_array)-1; $i++) { diff --git a/modules/Settings/detailviewemailtemplate.php b/modules/Settings/detailviewemailtemplate.php index 7fd22b3..a3e7aac 100644 --- a/modules/Settings/detailviewemailtemplate.php +++ b/modules/Settings/detailviewemailtemplate.php @@ -36,7 +36,7 @@ $smarty->assign("IMAGE_PATH", $image_path); if(isset($_REQUEST['templateid']) && $_REQUEST['templateid']!='') { $log->info("The templateid is set"); - $tempid = $_REQUEST['templateid']; + $tempid = vtlib_purify($_REQUEST['templateid']); $sql = "select * from vtiger_emailtemplates where templateid=?"; $result = $adb->pquery($sql, array($tempid)); $emailtemplateResult = $adb->fetch_array($result); diff --git a/modules/Settings/editemailtemplate.php b/modules/Settings/editemailtemplate.php index c9c73c1..127a7df 100644 --- a/modules/Settings/editemailtemplate.php +++ b/modules/Settings/editemailtemplate.php @@ -28,7 +28,7 @@ $mode = 'create'; if(isset($_REQUEST['templateid']) && $_REQUEST['templateid']!='') { $mode = 'edit'; - $templateid = $_REQUEST['templateid']; + $templateid = vtlib_purify($_REQUEST['templateid']); $log->debug("the templateid is set to the value ".$templateid); } $sql = "select * from vtiger_emailtemplates where templateid=?"; diff --git a/modules/Settings/language/en_us.lang.php b/modules/Settings/language/en_us.lang.php index 9d79fad..1646071 100644 --- a/modules/Settings/language/en_us.lang.php +++ b/modules/Settings/language/en_us.lang.php @@ -872,7 +872,7 @@ $mod_strings = Array( 'LBL_SELECT_ENTITY'=>'Select an entity below', 'LBL_CAN_BE_ACCESSED_BY'=>'Can be accessed by', 'LBL_PERMISSIONS'=>'Permissions', -'LBL_DOC_MSWORD'=>'File has to be a Document of type doc/msword', +'LBL_DOC_MSWORD'=>'File has to be a Document of type doc/msword, or OpenOffice/odt or Rich Text Format/rtf', 'LBL_NODOC'=>'No doc File in this directory.Please try again!', //Added for error messages on Company Info. @@ -1127,7 +1127,7 @@ $mod_strings = Array( 'VTLIB_LBL_VERIFY_IMPORT_DETAILS'=>'Verify Import Details', 'VTLIB_LBL_MODULE_NAME'=>'Module Name', 'VTLIB_LBL_MODULE_DIR'=>'Module Directory', -'VTLIB_LBL_REQ_VTIGER_VERSION'=>'Req. vtiger version', +'VTLIB_LBL_REQ_VTIGER_VERSION'=>'Required version', 'VTLIB_LBL_LICENSE'=>'License', 'VTLIB_LBL_LICENSE_ACCEPT_AGREEMENT'=>'I accept the license agreement.', 'VTLIB_LBL_PROCEED_WITH_IMPORT'=>'Do you want to proceed with the import?', diff --git a/modules/Settings/listnotificationschedulers.php b/modules/Settings/listnotificationschedulers.php index 64c1340..fb75e26 100644 --- a/modules/Settings/listnotificationschedulers.php +++ b/modules/Settings/listnotificationschedulers.php @@ -44,7 +44,7 @@ $smarty->assign("THEME", $theme); $smarty->assign("IMAGE_PATH",$image_path); $smarty->assign("APP", $app_strings); $smarty->assign("CMOD", $mod_strings); -if($_REQUEST['directmode'] != '') +if(vtlib_purify($_REQUEST['directmode']) != '') $smarty->display("Settings/EmailNotificationContents.tpl"); else $smarty->display("Settings/EmailNotification.tpl"); diff --git a/modules/Settings/listroles.php b/modules/Settings/listroles.php index e79c468..3e3ba09 100644 --- a/modules/Settings/listroles.php +++ b/modules/Settings/listroles.php @@ -163,7 +163,7 @@ $smarty->assign("MOD", return_module_language($current_language,'Settings')); $smarty->assign("CMOD", $mod_strings); $smarty->assign("ROLETREE", $roleout); -if($_REQUEST['ajax'] == 'true') +if(vtlib_purify($_REQUEST['ajax']) == 'true') { $smarty->display("RoleTree.tpl"); } diff --git a/modules/Settings/mailmergedownloadfile.php b/modules/Settings/mailmergedownloadfile.php index 5228a47..46f665e 100755 --- a/modules/Settings/mailmergedownloadfile.php +++ b/modules/Settings/mailmergedownloadfile.php @@ -14,7 +14,7 @@ require_once('include/database/PearDatabase.php'); global $fileId, $default_charset; -$templateid = $_REQUEST['record']; +$templateid = vtlib_purify($_REQUEST['record']); $dbQuery = "SELECT filename,filetype, data "; $dbQuery .= "FROM vtiger_wordtemplates "; $dbQuery .= "WHERE templateid=?"; diff --git a/modules/Settings/profilePrivileges.php b/modules/Settings/profilePrivileges.php index 2a64e62..797681e 100644 --- a/modules/Settings/profilePrivileges.php +++ b/modules/Settings/profilePrivileges.php @@ -36,12 +36,12 @@ if($_REQUEST['mode'] =='create' && $_REQUEST['radiobutton'] != 'baseprofile') $smarty = new vtigerCRM_Smarty; -if(isset($_REQUEST['selected_tab']) && $_REQUEST['selected_tab']!='') +if(isset($_REQUEST['selected_tab']) && vtlib_purify($_REQUEST['selected_tab']) != '') $smarty->assign("SELECTED_TAB", vtlib_purify($_REQUEST['selected_tab'])); else $smarty->assign("SELECTED_TAB", "global_privileges"); -if(isset($_REQUEST['selected_module']) && $_REQUEST['selected_module']!='') +if(isset($_REQUEST['selected_module']) && vtlib_purify($_REQUEST['selected_module']) != '') $smarty->assign("SELECTED_MODULE", vtlib_purify($_REQUEST['selected_module'])); else $smarty->assign("SELECTED_MODULE", "field_Leads"); @@ -58,13 +58,13 @@ $smarty->assign("MOD", return_module_language($current_language,'Settings')); $smarty->assign("APP", $app_strings); $smarty->assign("THEME", $theme); $smarty->assign("CMOD", $mod_strings); -if(isset($_REQUEST['return_action']) && $_REQUEST['return_action'] != '') +if(isset($_REQUEST['return_action']) && vtlib_purify($_REQUEST['return_action']) != '') $smarty->assign("RETURN_ACTION", vtlib_purify($_REQUEST['return_action'])); -if(isset($_REQUEST['profile_name']) && $_REQUEST['profile_name'] != '' && $_REQUEST['mode'] == 'create') +if(isset($_REQUEST['profile_name']) && vtlib_purify($_REQUEST['profile_name']) != '' && $_REQUEST['mode'] == 'create') { - $profileName=$_REQUEST['profile_name']; + $profileName= vtlib_purify($_REQUEST['profile_name']); $smarty->assign("PROFILE_NAME", to_html($profileName)); } else @@ -76,7 +76,7 @@ else //$smarty->assign("PROFILE_NAME", to_html($profileName)); -if(isset($_REQUEST['profile_description']) && $_REQUEST['profile_description'] != '' && $_REQUEST['mode'] == 'create') +if(isset($_REQUEST['profile_description']) && vtlib_purify($_REQUEST['profile_description']) != '' && $_REQUEST['mode'] == 'create') $profileDescription = vtlib_purify($_REQUEST['profile_description']); else @@ -89,8 +89,8 @@ else $smarty->assign("PROFILE_DESCRIPTION", $profileDescription); -if(isset($_REQUEST['mode']) && $_REQUEST['mode'] != '') { - $mode = vtlib_purify($_REQUEST['mode']); +if(isset($_REQUEST['mode']) && vtlib_purify($_REQUEST['mode']) != '') { + $mode = $_REQUEST['mode']; $smarty->assign("MODE", $mode); } diff --git a/modules/Settings/saveemailtemplate.php b/modules/Settings/saveemailtemplate.php index a3b611b..9f6de07 100755 --- a/modules/Settings/saveemailtemplate.php +++ b/modules/Settings/saveemailtemplate.php @@ -12,10 +12,10 @@ require_once('include/utils/utils.php'); global $log; $db = PearDatabase::getInstance(); $folderName = vtlib_purify($_REQUEST["foldername"]); -$templateName = from_html($_REQUEST["templatename"]); +$templateName = vtlib_purify($_REQUEST["templatename"]); $templateid = vtlib_purify($_REQUEST["templateid"]); -$description = from_html($_REQUEST["description"]); -$subject = from_html($_REQUEST["subject"]); +$description = vtlib_purify($_REQUEST["description"]); +$subject = vtlib_purify($_REQUEST["subject"]); $body = fck_from_html($_REQUEST["body"]); if(isset($templateid) && $templateid !='') diff --git a/modules/Settings/savewordtemplate.php b/modules/Settings/savewordtemplate.php index c85c743..e13140f 100755 --- a/modules/Settings/savewordtemplate.php +++ b/modules/Settings/savewordtemplate.php @@ -14,7 +14,7 @@ global $upload_badext; $uploaddir = $root_directory ."/test/upload/" ;// set this to wherever // Arbitrary File Upload Vulnerability fix - Philip if(isset($_REQUEST['binFile_hidden'])) { - $file = $_REQUEST['binFile_hidden']; + $file = vtlib_purify($_REQUEST['binFile_hidden']); } else { $file = $_FILES['binFile']['name']; } @@ -37,7 +37,8 @@ if(move_uploaded_file($_FILES["binFile"]["tmp_name"],$uploaddir.$_FILES["binFile if($filesize != 0) { - if($file_type_value == "msword" || $file_type_value == "doc" || $file_type_value == "document") + $merge_ext = array('msword','doc','document','rtf','odt','vnd.oasis.opendocument.text','octet-stream','vnd.oasi'); + if (in_array($file_type_value, $merge_ext)) { if($result!=false) { @@ -137,8 +138,9 @@ else } -function deleteFile($dir,$filename) -{ - unlink($dir.$filename); +function deleteFile($dir,$filename) { + //added file check before deleting. + checkFileAccessForDeletion($dir.$filename); + unlink($dir.$filename); } ?> \ No newline at end of file diff --git a/modules/Settings/upload.php b/modules/Settings/upload.php index 016bd4d..377ee04 100755 --- a/modules/Settings/upload.php +++ b/modules/Settings/upload.php @@ -27,7 +27,7 @@ $smarty = new vtigerCRM_Smarty; //echo '
    ';print_r($_REQUEST);echo '
    '; if(isset($_REQUEST['flag']) && $_REQUEST['flag'] != '') { - $flag = $_REQUEST['flag']; + $flag = vtlib_purify($_REQUEST['flag']); switch($flag) { case 1: @@ -42,7 +42,7 @@ if(isset($_REQUEST['flag']) && $_REQUEST['flag'] != '') } } -$tempModule=$_REQUEST['tempModule']; +$tempModule= vtlib_purify($_REQUEST['tempModule']); $smarty->assign("MOD", return_module_language($current_language,'Settings')); $smarty->assign("THEME", $theme); $smarty->assign("IMAGE_PATH",$image_path); diff --git a/modules/Users/AddMailAccount.php b/modules/Users/AddMailAccount.php index ad404c0..1a4b5f8 100644 --- a/modules/Users/AddMailAccount.php +++ b/modules/Users/AddMailAccount.php @@ -30,7 +30,7 @@ $smarty->assign("IMAGE_PATH", $image_path); if(isset($_REQUEST['record']) && $_REQUEST['record']!='') { $sql = "select * from vtiger_mail_accounts where user_id=?"; - $result = $adb->pquery($sql, array($_REQUEST['record'])); + $result = $adb->pquery($sql, array(vtlib_purify($_REQUEST['record']))); $rowcount = $adb->num_rows($result); if ($rowcount!=0) diff --git a/modules/Users/Authenticate.php b/modules/Users/Authenticate.php index 1125d43..0a646de 100644 --- a/modules/Users/Authenticate.php +++ b/modules/Users/Authenticate.php @@ -30,8 +30,8 @@ global $mod_strings, $default_charset; $focus = new Users(); // Add in defensive code here. -$focus->column_fields["user_name"] = to_html($_REQUEST['user_name']); -$user_password = vtlib_purify($_REQUEST['user_password']); +$focus->column_fields["user_name"] = to_html(vtlib_purify($_REQUEST['user_name'])); +$user_password = $_REQUEST['user_password']; $focus->load_user($user_password); @@ -145,4 +145,4 @@ else header("Location: index.php"); } -?> \ No newline at end of file +?> diff --git a/modules/Users/CreateUserPrivilegeFile.php b/modules/Users/CreateUserPrivilegeFile.php index 48704b3..5c264ce 100644 --- a/modules/Users/CreateUserPrivilegeFile.php +++ b/modules/Users/CreateUserPrivilegeFile.php @@ -111,6 +111,7 @@ function createUserPrivilegesfile($userid) function createUserSharingPrivilegesfile($userid) { global $adb, $root_directory; + checkFileAccessForInclusion('user_privileges/user_privileges_'.$userid.'.php'); require('user_privileges/user_privileges_'.$userid.'.php'); $handle=@fopen($root_directory.'user_privileges/sharing_privileges_'.$userid.'.php',"w+"); @@ -1538,6 +1539,7 @@ function constructTwoDimensionalCharIntSingleValueArray($var) function populateSharingtmptables($userid) { global $adb; + checkFileAccessForInclusion('user_privileges/sharing_privileges_'.$userid.'.php'); require('user_privileges/sharing_privileges_'.$userid.'.php'); //Deleting from the existing vtiger_tables $table_arr=Array('vtiger_tmp_read_user_sharing_per', 'vtiger_tmp_write_user_sharing_per','vtiger_tmp_read_group_sharing_per','vtiger_tmp_write_group_sharing_per','vtiger_tmp_read_user_rel_sharing_per','vtiger_tmp_write_user_rel_sharing_per','vtiger_tmp_read_group_rel_sharing_per','vtiger_tmp_write_group_rel_sharing_per'); @@ -1594,6 +1596,7 @@ function populateSharingPrivileges($enttype,$userid,$module,$pertype, $var_name_ $tabid=getTabid($module); if(!$var_name_arr) { + checkFileAccessForInclusion('user_privileges/sharing_privileges_'.$userid.'.php'); require('user_privileges/sharing_privileges_'.$userid.'.php'); } @@ -1696,6 +1699,7 @@ function populateRelatedSharingPrivileges($enttype,$userid,$module,$relmodule,$p $reltabid=getTabid($relmodule); if(!$var_name_arr) { + checkFileAccessForInclusion('user_privileges/sharing_privileges_'.$userid.'.php'); require('user_privileges/sharing_privileges_'.$userid.'.php'); } diff --git a/modules/Users/DefaultDataPopulator.php b/modules/Users/DefaultDataPopulator.php index dec68f8..6994d9a 100644 --- a/modules/Users/DefaultDataPopulator.php +++ b/modules/Users/DefaultDataPopulator.php @@ -854,7 +854,7 @@ class DefaultDataPopulator extends CRMEntity { $this->db->query("insert into vtiger_field values (23," . $this->db->getUniqueID("vtiger_field") . ",'taxtype','vtiger_invoice',1,'16','hdnTaxType','Tax Type',1,2,'',100,13,$invoicebasicblock,3,'V~O',3,null,'BAS',1)"); $this->db->query("insert into vtiger_field values (23," . $this->db->getUniqueID("vtiger_field") . ",'discount_percent','vtiger_invoice',1,'1','hdnDiscountPercent','Discount Percent',1,2,'',100,13,$invoicebasicblock,3,'N~O',3,null,'BAS',1)"); $this->db->query("insert into vtiger_field values (23," . $this->db->getUniqueID("vtiger_field") . ",'discount_amount','vtiger_invoice',1,'72','hdnDiscountAmount','Discount Amount',1,2,'',100,13,$invoicebasicblock,3,'N~O',3,null,'BAS',1)"); - $this->db->query("insert into vtiger_field values (23," . $this->db->getUniqueID("vtiger_field") . ",'s_h_amount','vtiger_invoice',1,'72','hdnS_H_Amount','S&H Amount',1,2,'',100,14,57,3,'N~O',3,null,'BAS',1)"); + $this->db->query("insert into vtiger_field values (23," . $this->db->getUniqueID("vtiger_field") . ",'s_h_amount','vtiger_invoice',1,'72','hdnS_H_Amount','S&H Amount',1,2,'',100,14,67,3,'N~O',3,null,'BAS',1)"); $this->db->query("insert into vtiger_field values (23," . $this->db->getUniqueID("vtiger_field") . ",'accountid','vtiger_invoice',1,'73','account_id','Account Name',1,2,'',100,14,$invoicebasicblock,1,'I~M',3,null,'BAS',1)"); $this->db->query("insert into vtiger_field values (23," . $this->db->getUniqueID("vtiger_field") . ",'invoicestatus','vtiger_invoice',1,'15','invoicestatus','Status',1,2,'',100,15,$invoicebasicblock,1,'V~O',3,null,'BAS',1)"); @@ -1860,8 +1860,8 @@ Should any need arise,please do give us a call.'; //Insert into vtiger_organizationdetails vtiger_table $organizationId = $this->db->getUniqueID('vtiger_organizationdetails'); $this->db->query("insert into vtiger_organizationdetails(organization_id,organizationname,address,city,state,country,code,phone,fax,website,logoname) - values ($organizationId,'vtiger',' 40-41-42, Sivasundar Apartments, Flat D-II, Shastri Street, Velachery','Chennai', - 'Tamil Nadu','India','600 042','+91-44-5202-1990','+91-44-5202-1990','www.vtiger.com','vtiger-crm-logo.gif')"); + values ($organizationId,'Your Company',' Your Address','Your City', + 'Your State','Your Country','ZIP CODE','+99-98-7654-3210','+99-98-7654-3210','www.your-company.tld','app-logo.png')"); $this->db->query("insert into vtiger_actionmapping values(0,'Save',0)"); diff --git a/modules/Users/Delete.php b/modules/Users/Delete.php index 18080c3..4e04990 100755 --- a/modules/Users/Delete.php +++ b/modules/Users/Delete.php @@ -9,7 +9,7 @@ ********************************************************************************/ $sql= 'delete from vtiger_salesmanactivityrel where smid=? and activityid = ?'; -$adb->pquery($sql, array($_REQUEST['record'], $_REQUEST['return_id'])); +$adb->pquery($sql, array(vtlib_purify($_REQUEST['record']), vtlib_purify($_REQUEST['return_id']))); if($_REQUEST['return_module'] == 'Calendar') $mode ='&activity_mode=Events'; diff --git a/modules/Users/DeleteGroup.php b/modules/Users/DeleteGroup.php index e693df0..1e5b524 100755 --- a/modules/Users/DeleteGroup.php +++ b/modules/Users/DeleteGroup.php @@ -11,17 +11,17 @@ require_once('include/utils/UserInfoUtil.php'); global $adb; -$del_id = $_REQUEST['delete_group_id']; -$transfer_group_id = $_REQUEST['transfer_group_id']; -$assignType = $_REQUEST['assigntype']; +$del_id = vtlib_purify($_REQUEST['delete_group_id']); +$transfer_group_id = vtlib_purify($_REQUEST['transfer_group_id']); +$assignType = vtlib_purify($_REQUEST['assigntype']); if($assignType == 'T') { - $transferId = $_REQUEST['transfer_group_id']; + $transferId = vtlib_purify($_REQUEST['transfer_group_id']); } elseif($assignType == 'U') { - $transferId = $_REQUEST['transfer_user_id']; + $transferId = vtlib_purify($_REQUEST['transfer_user_id']); } //Updating the user2 vtiger_role vtiger_table diff --git a/modules/Users/DeleteRole.php b/modules/Users/DeleteRole.php index b5950e3..5846071 100755 --- a/modules/Users/DeleteRole.php +++ b/modules/Users/DeleteRole.php @@ -11,8 +11,8 @@ require_once 'modules/Users/Role.php'; require_once ('config.php'); global $adb; -$del_id = $_REQUEST['delete_role_id']; -$tran_id = $_REQUEST['user_role']; +$del_id = vtlib_purify($_REQUEST['delete_role_id']); +$tran_id = vtlib_purify($_REQUEST['user_role']); $role = Vtiger_Role::getInstanceById($del_id); $targetRole = Vtiger_Role::getInstanceById($tran_id); diff --git a/modules/Users/DeleteSharingRule.php b/modules/Users/DeleteSharingRule.php index fa99227..feba9d1 100755 --- a/modules/Users/DeleteSharingRule.php +++ b/modules/Users/DeleteSharingRule.php @@ -9,7 +9,7 @@ ********************************************************************************/ require_once('include/utils/UserInfoUtil.php'); global $adb; -$shareid = $_REQUEST['shareid']; +$shareid = vtlib_purify($_REQUEST['shareid']); deleteSharingRule($shareid); header("Location: index.php?module=Settings&action=OrgSharingDetailView&parenttab=Settings"); diff --git a/modules/Users/DeleteUser.php b/modules/Users/DeleteUser.php index da92f3f..a3aee2d 100644 --- a/modules/Users/DeleteUser.php +++ b/modules/Users/DeleteUser.php @@ -11,10 +11,10 @@ require_once 'modules/Users/Users.php'; global $adb; -$del_id = $_REQUEST['delete_user_id']; -$tran_id = $_REQUEST['transfer_user_id']; +$del_id = vtlib_purify($_REQUEST['delete_user_id']); +$tran_id = vtlib_purify($_REQUEST['transfer_user_id']); -$userObj = new Users(); +$userObj = new Users(); $userObj->transformOwnerShipAndDelete($del_id, $tran_id); //if check to delete user from detail view diff --git a/modules/Users/DetailView.php b/modules/Users/DetailView.php index 7365288..1ce0f22 100644 --- a/modules/Users/DetailView.php +++ b/modules/Users/DetailView.php @@ -41,8 +41,8 @@ $focus = new Users(); if(!empty($_REQUEST['record'])) { - $focus->retrieve_entity_info($_REQUEST['record'],'Users'); - $focus->id = $_REQUEST['record']; + $focus->retrieve_entity_info(vtlib_purify($_REQUEST['record']),'Users'); + $focus->id = vtlib_purify($_REQUEST['record']); } else { @@ -127,7 +127,7 @@ if(isset($focus->imagename) && $focus->imagename!='') if(isset($_REQUEST['modechk']) && $_REQUEST['modechk'] != '' ) { - $modepref = $_REQUEST['modechk']; + $modepref = vtlib_purify($_REQUEST['modechk']); } if($_REQUEST['modechk'] == 'prefview') $parenttab = ''; diff --git a/modules/Users/DetailViewAjax.php b/modules/Users/DetailViewAjax.php index 1fd8c9d..9b7154a 100644 --- a/modules/Users/DetailViewAjax.php +++ b/modules/Users/DetailViewAjax.php @@ -14,7 +14,7 @@ require_once('include/database/PearDatabase.php'); global $adb ,$mod_strings ; $local_log =& LoggerManager::getLogger('UsersAjax'); -$ajaxaction = $_REQUEST["ajxaction"]; +$ajaxaction = vtlib_purify($_REQUEST["ajxaction"]); if($ajaxaction == "DETAILVIEW") { if(empty($_SESSION['Users_FORM_TOKEN']) || $_SESSION['Users_FORM_TOKEN'] @@ -22,10 +22,10 @@ if($ajaxaction == "DETAILVIEW") echo ":#:ERR".($app_strings['LBL_PERMISSION']); die; } - $userid = $_REQUEST["recordid"]; - $tablename = $_REQUEST["tableName"]; - $fieldname = $_REQUEST["fldName"]; - $fieldvalue = utf8RawUrlDecode($_REQUEST["fieldValue"]); + $userid = vtlib_purify($_REQUEST["recordid"]); + $tablename = vtlib_purify($_REQUEST["tableName"]); + $fieldname = vtlib_purify($_REQUEST["fldName"]); + $fieldvalue = utf8RawUrlDecode(vtlib_purify($_REQUEST["fieldValue"])); if($userid != "") { $userObj = new Users(); diff --git a/modules/Users/EditView.php b/modules/Users/EditView.php index 2d3f72e..5bd5bab 100755 --- a/modules/Users/EditView.php +++ b/modules/Users/EditView.php @@ -41,7 +41,7 @@ if(isset($_REQUEST['record']) && isset($_REQUEST['record'])) { $smarty->assign("ID",vtlib_purify($_REQUEST['record'])); $mode='edit'; if (!is_admin($current_user) && $_REQUEST['record'] != $current_user->id) die ("Unauthorized access to user administration."); - $focus->retrieve_entity_info($_REQUEST['record'],'Users'); + $focus->retrieve_entity_info(vtlib_purify($_REQUEST['record']),'Users'); $smarty->assign("USERNAME", getFullNameFromArray('Users', $focus->column_fields)); }else { diff --git a/modules/Users/Forms.php b/modules/Users/Forms.php index 44cee95..a101330 100755 --- a/modules/Users/Forms.php +++ b/modules/Users/Forms.php @@ -30,7 +30,7 @@ require_once('include/Zend/Json.php'); function checkAsteriskDetails(){ global $adb,$current_user; $sql = "select * from vtiger_asterisk"; - $result = $adb->query($sql); + $result = $adb->pquery($sql, array()); $count = $adb->num_rows($result); if($count > 0){ diff --git a/modules/Users/Login.php b/modules/Users/Login.php index bbe98be..8307019 100644 --- a/modules/Users/Login.php +++ b/modules/Users/Login.php @@ -31,7 +31,7 @@ else $login_user_name = trim(vtlib_purify($_REQUEST['default_user_name']), '"\''); } elseif (isset($_REQUEST['ck_login_id_vtiger'])) { - $login_user_name = getUserName($_REQUEST['ck_login_id_vtiger']); + $login_user_name = getUserName(vtlib_purify($_REQUEST['ck_login_id_vtiger'])); } else { diff --git a/modules/Users/RenameProfile.php b/modules/Users/RenameProfile.php index 3f18c6f..f4e4a48 100644 --- a/modules/Users/RenameProfile.php +++ b/modules/Users/RenameProfile.php @@ -13,8 +13,8 @@ global $adb; $profileid = vtlib_purify($_REQUEST['profileid']); if(strtolower($default_charset) == 'utf-8') { - $profilename = $_REQUEST['profilename']; - $profileDesc = $_REQUEST['description']; + $profilename = vtlib_purify($_REQUEST['profilename']); + $profileDesc = vtlib_purify($_REQUEST['description']); } else { $profilename = utf8RawUrlDecode($_REQUEST['profilename']); $profileDesc = utf8RawUrlDecode($_REQUEST['description']); diff --git a/modules/Users/RoleDragDrop.php b/modules/Users/RoleDragDrop.php index ec6f96d..0c581a2 100644 --- a/modules/Users/RoleDragDrop.php +++ b/modules/Users/RoleDragDrop.php @@ -10,8 +10,8 @@ ********************************************************************************/ require_once('include/utils/UserInfoUtil.php'); -$toid=$_REQUEST['parentId']; -$fromid=$_REQUEST['childId']; +$toid= vtlib_purify($_REQUEST['parentId']); +$fromid= vtlib_purify($_REQUEST['childId']); global $adb,$mod_strings; diff --git a/modules/Users/RolePopup.php b/modules/Users/RolePopup.php index 3ccb432..accf700 100755 --- a/modules/Users/RolePopup.php +++ b/modules/Users/RolePopup.php @@ -76,7 +76,7 @@ $query = "select * from vtiger_role"; $result = $adb->pquery($query, array()); $num_rows=$adb->num_rows($result); $mask_roleid=Array(); -$del_roleid=$_REQUEST['maskid']; +$del_roleid= vtlib_purify($_REQUEST['maskid']); if($del_roleid != '' && strlen($del_roleid) >0) { $mask_roleid= getRoleAndSubordinatesRoleIds($del_roleid); @@ -124,7 +124,7 @@ function indent($hrarray,$roleout,$role_det,$mask_roleid='') } else { - $type =$_REQUEST['type']; + $type = vtlib_purify($_REQUEST['type']); if($type == '') { $roleout .= ' '.$rolename.''; diff --git a/modules/Users/Save.php b/modules/Users/Save.php index f982337..bfdf968 100644 --- a/modules/Users/Save.php +++ b/modules/Users/Save.php @@ -27,9 +27,9 @@ $log =& LoggerManager::getLogger('index'); global $adb; -$user_name = $_REQUEST['userName']; +$user_name = vtlib_purify($_REQUEST['userName']); if(isset($_REQUEST['status']) && $_REQUEST['status'] != '') - $_REQUEST['status']=$_REQUEST['status']; + $_REQUEST['status']= vtlib_purify ($_REQUEST['status']); else $_REQUEST['status']='Active'; @@ -51,6 +51,26 @@ if(isset($_REQUEST['dup_check']) && $_REQUEST['dup_check'] != '') die; } } +if($_REQUEST['user_role'] != '' && !is_admin($current_user) && $_REQUEST['user_role'] != $current_user->roleid){ + $log->fatal("SECURITY:Non-Admin user:". $current_user->id . " attempted to change user role"); + echo ""; + echo "
    "; + echo "
    + + + + + + + + +
    SECURITY: Non-Admin user attempted to change user role
    + $app_strings[LBL_GO_BACK]
    +
    "; + echo "
    "; + exit; +} + if((empty($_SESSION['Users_FORM_TOKEN']) || $_SESSION['Users_FORM_TOKEN'] !== (int)$_REQUEST['form_token']) && $_REQUEST['deleteImage'] != 'true' && $_REQUEST['changepassword'] != 'true') { @@ -66,7 +86,7 @@ $focus = new Users(); if(isset($_REQUEST["record"]) && $_REQUEST["record"] != '') { $focus->mode='edit'; - $focus->id = $_REQUEST["record"]; + $focus->id = vtlib_purify($_REQUEST["record"]); } else { @@ -75,7 +95,7 @@ else if($_REQUEST['deleteImage'] == 'true') { - $focus->id = $_REQUEST['recordid']; + $focus->id = vtlib_purify($_REQUEST['recordid']); $focus->deleteImage(); echo "SUCCESS"; exit; @@ -83,9 +103,9 @@ if($_REQUEST['deleteImage'] == 'true') { if($_REQUEST['changepassword'] == 'true') { $focus->retrieve_entity_info($_REQUEST['record'],'Users'); - $focus->id = $_REQUEST['record']; + $focus->id = vtlib_purify($_REQUEST['record']); if (isset($_REQUEST['new_password'])) { - if (!$focus->change_password($_REQUEST['old_password'], $_REQUEST['new_password'])) { + if (!$focus->change_password(vtlib_purify($_REQUEST['old_password']), vtlib_purify($_REQUEST['new_password']))) { header("Location: index.php?action=Error&module=Users&error_string=".urlencode($focus->error_string)); exit; } @@ -194,4 +214,4 @@ if ($error_str != '') { header($location); -?> \ No newline at end of file +?> diff --git a/modules/Users/SaveGroup.php b/modules/Users/SaveGroup.php index 48cc343..b22c27c 100755 --- a/modules/Users/SaveGroup.php +++ b/modules/Users/SaveGroup.php @@ -13,14 +13,14 @@ global $adb, $mod_strings; $groupName = from_html(trim($_REQUEST['groupName'])); $description = from_html($_REQUEST['description']); -$mode = $_REQUEST['mode']; +$mode = vtlib_purify($_REQUEST['mode']); if(isset($_REQUEST['dup_check']) && $_REQUEST['dup_check']!='') { if($mode != 'edit') { $query = 'select groupname from vtiger_groups where groupname=?'; $params = array($groupName); } else { - $groupid = $_REQUEST['groupid']; + $groupid = vtlib_purify($_REQUEST['groupid']); $query = 'select groupname from vtiger_groups where groupname=? and groupid !=?'; $params = array($groupName, $groupid); } @@ -104,8 +104,8 @@ function constructGroupMemberArray($member_array) //Inserting values into Role Table if(isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'edit') { - $groupId = $_REQUEST['groupId']; - $selected_col_string = $_REQUEST['selectedColumnsString']; + $groupId = vtlib_purify($_REQUEST['groupId']); + $selected_col_string = vtlib_purify($_REQUEST['selectedColumnsString']); $member_array = explode(';',$selected_col_string); $groupMemberArray=constructGroupMemberArray($member_array); updateGroup($groupId,$groupName,$groupMemberArray,$description); @@ -114,7 +114,7 @@ function constructGroupMemberArray($member_array) } elseif(isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'create') { - $selected_col_string = $_REQUEST['selectedColumnsString']; + $selected_col_string = vtlib_purify($_REQUEST['selectedColumnsString']); $member_array = explode(';',$selected_col_string); $groupMemberArray=constructGroupMemberArray($member_array); $groupId=createGroup($groupName,$groupMemberArray,$description); diff --git a/modules/Users/SaveMailAccount.php b/modules/Users/SaveMailAccount.php index 1dd4cf7..da44da4 100644 --- a/modules/Users/SaveMailAccount.php +++ b/modules/Users/SaveMailAccount.php @@ -10,18 +10,18 @@ require_once("include/database/PearDatabase.php"); require_once("modules/Users/Users.php"); global $current_user; -$displayname=$_REQUEST['displayname']; +$displayname= vtlib_purify($_REQUEST['displayname']); $userid = $current_user->id; -$email=$_REQUEST['email']; -$account_name=$_REQUEST['account_name']; -$mailprotocol=$_REQUEST['mailprotocol']; -$server_username = $_REQUEST['server_username']; -$server_password = $_REQUEST['server_password']; -$mail_servername = $_REQUEST['mail_servername']; -$box_refresh = $_REQUEST['box_refresh']; -$mails_per_page = $_REQUEST['mails_per_page']; -$ssltype = $_REQUEST["ssltype"]; -$sslmeth = $_REQUEST["sslmeth"]; +$email= vtlib_purify($_REQUEST['email']); +$account_name= vtlib_purify($_REQUEST['account_name']); +$mailprotocol= vtlib_purify($_REQUEST['mailprotocol']); +$server_username = vtlib_purify($_REQUEST['server_username']); +$server_password = vtlib_purify($_REQUEST['server_password']); +$mail_servername = vtlib_purify($_REQUEST['mail_servername']); +$box_refresh = vtlib_purify($_REQUEST['box_refresh']); +$mails_per_page = vtlib_purify($_REQUEST['mails_per_page']); +$ssltype = vtlib_purify($_REQUEST["ssltype"]); +$sslmeth = vtlib_purify($_REQUEST["sslmeth"]); if($mails_per_page == '') $mails_per_page='0'; diff --git a/modules/Users/SaveProfile.php b/modules/Users/SaveProfile.php index fb5b153..1dee064 100644 --- a/modules/Users/SaveProfile.php +++ b/modules/Users/SaveProfile.php @@ -42,10 +42,10 @@ $num_act_per = $adb->num_rows($act_perr_result); $num_act_util_per = $adb->num_rows($act_utility_result); //Updating vtiger_profile2global permissons vtiger_table - $view_all_req=$_REQUEST['view_all']; + $view_all_req= vtlib_purify($_REQUEST['view_all']); $view_all = getPermissionValue($view_all_req); - $edit_all_req=$_REQUEST['edit_all']; + $edit_all_req= vtlib_purify($_REQUEST['edit_all']); $edit_all = getPermissionValue($edit_all_req); diff --git a/modules/Users/ShowHistory.php b/modules/Users/ShowHistory.php index a3524a5..91503f1 100755 --- a/modules/Users/ShowHistory.php +++ b/modules/Users/ShowHistory.php @@ -37,7 +37,7 @@ $smarty = new vtigerCRM_Smarty; $category = getParenttab(); -$userid = $_REQUEST['record']; +$userid = vtlib_purify($_REQUEST['record']); $username = getUserName($userid); $qry = "Select * from vtiger_loginhistory where user_name= ?"; $qry_result = $adb->pquery($qry, array($username)); diff --git a/modules/Users/TemplateMerge.php b/modules/Users/TemplateMerge.php index c333de9..b17819e 100644 --- a/modules/Users/TemplateMerge.php +++ b/modules/Users/TemplateMerge.php @@ -13,7 +13,7 @@ global $default_charset; if(isset($_REQUEST['templateid']) && $_REQUEST['templateid'] !='') { - $templatedetails = getTemplateDetails($_REQUEST['templateid']); + $templatedetails = getTemplateDetails(vtlib_purify($_REQUEST['templateid'])); } ?>
    diff --git a/modules/Users/UpdateProfileChanges.php b/modules/Users/UpdateProfileChanges.php index 382bccd..101e327 100755 --- a/modules/Users/UpdateProfileChanges.php +++ b/modules/Users/UpdateProfileChanges.php @@ -29,10 +29,10 @@ $num_act_per = $adb->num_rows($act_perr_result); $num_act_util_per = $adb->num_rows($act_utility_result); //Updating vtiger_profile2global permissons vtiger_table - $view_all_req=$_REQUEST['view_all']; + $view_all_req= vtlib_purify($_REQUEST['view_all']); $view_all = getPermissionValue($view_all_req); - $edit_all_req=$_REQUEST['edit_all']; + $edit_all_req= vtlib_purify($_REQUEST['edit_all']); $edit_all = getPermissionValue($edit_all_req); $update_query = "update vtiger_profile2globalpermissions set globalactionpermission=? where globalactionid=1 and profileid=?"; diff --git a/modules/Users/UserDeleteStep1.php b/modules/Users/UserDeleteStep1.php index 30162b2..a2a81b9 100644 --- a/modules/Users/UserDeleteStep1.php +++ b/modules/Users/UserDeleteStep1.php @@ -16,7 +16,7 @@ global $mod_strings, $app_strings; global $theme; $theme_path = "themes/" . $theme . "/"; -$delete_user_id = $_REQUEST['record']; +$delete_user_id = vtlib_purify($_REQUEST['record']); $delete_user_name = getUserFullName($delete_user_id); diff --git a/modules/Users/UserGroups.php b/modules/Users/UserGroups.php index 676da8b..f6bc5ef 100644 --- a/modules/Users/UserGroups.php +++ b/modules/Users/UserGroups.php @@ -13,7 +13,7 @@ require_once('include/utils/GetUserGroups.php'); require_once('Smarty_setup.php'); -$user_id = $_REQUEST['record']; +$user_id = vtlib_purify($_REQUEST['record']); global $current_user; global $mod_strings; $smarty = new vtigerCRM_Smarty; diff --git a/modules/Users/Users.php b/modules/Users/Users.php index f2be4fb..bb38b4c 100755 --- a/modules/Users/Users.php +++ b/modules/Users/Users.php @@ -578,7 +578,11 @@ class Users extends CRMEntity { global $adb; $query = "SELECT id from vtiger_users where user_name=? AND deleted=0"; $result =$adb->pquery($query, array($user_name)); + if ($result and $adb->num_rows($result)>0) { $userid = $adb->query_result($result,0,'id'); + } else { + $userid = 0; + } return $userid; } @@ -661,6 +665,7 @@ class Users extends CRMEntity { */ function retrieveCurrentUserInfoFromFile($userid) { + checkFileAccessForInclusion('user_privileges/user_privileges_'.$userid.'.php'); require('user_privileges/user_privileges_'.$userid.'.php'); foreach($this->column_fields as $field=>$value_iter) { if(isset($user_info[$field])) { @@ -1212,7 +1217,7 @@ class Users extends CRMEntity { $tc = $adb->getUniqueID("vtiger_homestuff"); $visibility=0; $sql="insert into vtiger_homestuff values($tc, 15, 'Tag Cloud', $uid, $visibility, 'Tag Cloud')"; - $adb->query($sql); + $adb->pquery($sql, array()); // Customization global $VtigerOndemandConfig; @@ -1232,46 +1237,46 @@ class Users extends CRMEntity { $sql="insert into vtiger_homedefault values(".$s1.",'ALVT',5,'Accounts')"; - $adb->query($sql); + $adb->pquery($sql, array()); $sql="insert into vtiger_homedefault values(".$s2.",'HDB',5,'Dashboard')"; - $adb->query($sql); + $adb->pquery($sql, array()); $sql="insert into vtiger_homedefault values(".$s3.",'PLVT',5,'Potentials')"; - $adb->query($sql); + $adb->pquery($sql, array()); $sql="insert into vtiger_homedefault values(".$s4.",'QLTQ',5,'Quotes')"; - $adb->query($sql); + $adb->pquery($sql, array()); $sql="insert into vtiger_homedefault values(".$s5.",'CVLVT',5,'NULL')"; - $adb->query($sql); + $adb->pquery($sql, array()); $sql="insert into vtiger_homedefault values(".$s6.",'HLT',5,'HelpDesk')"; - $adb->query($sql); + $adb->pquery($sql, array()); $sql="insert into vtiger_homedefault values(".$s7.",'UA',5,'Calendar')"; $adb->pquery($sql,array()); $sql="insert into vtiger_homedefault values(".$s8.",'GRT',5,'NULL')"; - $adb->query($sql); + $adb->pquery($sql, array()); $sql="insert into vtiger_homedefault values(".$s9.",'OLTSO',5,'SalesOrder')"; - $adb->query($sql); + $adb->pquery($sql, array()); $sql="insert into vtiger_homedefault values(".$s10.",'ILTI',5,'Invoice')"; - $adb->query($sql); + $adb->pquery($sql, array()); $sql="insert into vtiger_homedefault values(".$s11.",'MNL',5,'Leads')"; - $adb->query($sql); + $adb->pquery($sql, array()); $sql="insert into vtiger_homedefault values(".$s12.",'OLTPO',5,'PurchaseOrder')"; - $adb->query($sql); + $adb->pquery($sql, array()); $sql="insert into vtiger_homedefault values(".$s13.",'PA',5,'Calendar')"; $adb->pquery($sql,array()); $sql="insert into vtiger_homedefault values(".$s14.",'LTFAQ',5,'Faq')"; - $adb->query($sql); + $adb->pquery($sql, array()); } @@ -1291,12 +1296,12 @@ class Users extends CRMEntity { { $save_array[] = $this->homeorder_array[$i]; $qry=" update vtiger_homestuff,vtiger_homedefault set vtiger_homestuff.visible=0 where vtiger_homestuff.stuffid=vtiger_homedefault.stuffid and vtiger_homestuff.userid=".$id." and vtiger_homedefault.hometype='".$this->homeorder_array[$i]."'";//To show the default Homestuff on the the Home Page - $result=$adb->query($qry); + $result=$adb->pquery($qry, array()); } else { $qry="update vtiger_homestuff,vtiger_homedefault set vtiger_homestuff.visible=1 where vtiger_homestuff.stuffid=vtiger_homedefault.stuffid and vtiger_homestuff.userid=".$id." and vtiger_homedefault.hometype='".$this->homeorder_array[$i]."'";//To hide the default Homestuff on the the Home Page - $result=$adb->query($qry); + $result=$adb->pquery($qry, array()); } } if($save_array !="") @@ -1410,6 +1415,9 @@ class Users extends CRMEntity { //delete from user vtiger_table; $sql = "delete from vtiger_users where id=?"; $adb->pquery($sql, array($userId)); + //Delete user extension in asterisk. + $sql = "delete from vtiger_asteriskextensions where userid=?"; + $adb->pquery($sql, array($userId)); } /** diff --git a/modules/Users/about_us.php b/modules/Users/about_us.php index c60b30c..00bc220 100644 --- a/modules/Users/about_us.php +++ b/modules/Users/about_us.php @@ -35,7 +35,11 @@ global $mod_strings; <?php echo $mod_strings['TITLE_VTIGER_CRM_5'];?> - + "; echo ""; diff --git a/modules/Webmails/download.php b/modules/Webmails/download.php index 937e8e4..99dbe4f 100644 --- a/modules/Webmails/download.php +++ b/modules/Webmails/download.php @@ -14,7 +14,7 @@ require_once('modules/Webmails/MailBox.php'); if(isset($_REQUEST["mailbox"]) && $_REQUEST["mailbox"] != "") { - $mailbox=$_REQUEST["mailbox"]; + $mailbox= vtlib_purify($_REQUEST["mailbox"]); } else { @@ -25,11 +25,11 @@ $mail = $MailBox->mbox; if(!isset($HTTP_USER_AGENT)) $HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT']; -$mailid = $_REQUEST['mailid']; -$mime = $_REQUEST['mime']; -$filename = $_REQUEST['filename']; -$transfer = $_REQUEST['transfer']; -$part = $_REQUEST['part']; +$mailid = vtlib_purify($_REQUEST['mailid']); +$mime = vtlib_purify($_REQUEST['mime']); +$filename = vtlib_purify($_REQUEST['filename']); +$transfer = vtlib_purify($_REQUEST['transfer']); +$part = vtlib_purify($_REQUEST['part']); $filename = base64_decode($filename); $filename = preg_replace('/[\\/:\*\?"<>\|;]/', '_', str_replace(' ', ' ', $filename)); $isIE = $isIE6 = 0; diff --git a/modules/com_vtiger_workflow/VTSimpleTemplate.inc b/modules/com_vtiger_workflow/VTSimpleTemplate.inc index bd22f99..87db3f4 100644 --- a/modules/com_vtiger_workflow/VTSimpleTemplate.inc +++ b/modules/com_vtiger_workflow/VTSimpleTemplate.inc @@ -80,7 +80,7 @@ class VTSimpleTemplate{ } function parseTemplate(){ - return preg_replace_callback('/\\$(\w+|\((\w+) : \(([_\w]+)\) (\w+)\)),?/', array($this,"matchHandler"), $this->template); + return preg_replace_callback('/\\$(\w+|\((\w+) : \(([_\w]+)\) (\w+)\))/', array($this,"matchHandler"), $this->template); } function getMetaValue($fieldname){ diff --git a/modules/com_vtiger_workflow/VTTaskManager.inc b/modules/com_vtiger_workflow/VTTaskManager.inc index 659f1c7..cd24b7f 100644 --- a/modules/com_vtiger_workflow/VTTaskManager.inc +++ b/modules/com_vtiger_workflow/VTTaskManager.inc @@ -172,9 +172,11 @@ } public function formatTimeForTimePicker($time) { + $AM_PM = array('am', 'pm'); + if (in_array(strtolower(substr($time, -2)),$AM_PM)) + return $time; // ya tiene el formato correcto, devolverlo sin más list($h, $m, $s) = explode(':', $time); $mn = str_pad($m - $m % 15, 2, 0, STR_PAD_LEFT); - $AM_PM = array('am', 'pm'); return str_pad(($h%12), 2, 0, STR_PAD_LEFT).':'.$mn.$AM_PM[($h/12)%2]; } diff --git a/modules/com_vtiger_workflow/deletetask.php b/modules/com_vtiger_workflow/deletetask.php index 695fdc5..df98b9a 100644 --- a/modules/com_vtiger_workflow/deletetask.php +++ b/modules/com_vtiger_workflow/deletetask.php @@ -18,7 +18,7 @@ require_once('VTWorkflowUtils.php'); $util = new VTWorkflowUtils(); $module = new VTWorkflowApplication("deltetask"); $mod = return_module_language($current_language, $module->name); - + $request = vtlib_purify($request); // this cleans all values of the array if(!$util->checkAdminAccess()){ $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']); $util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']); diff --git a/modules/com_vtiger_workflow/edittask.php b/modules/com_vtiger_workflow/edittask.php index 55ece8e..c4d7831 100644 --- a/modules/com_vtiger_workflow/edittask.php +++ b/modules/com_vtiger_workflow/edittask.php @@ -20,6 +20,7 @@ require_once("VTWorkflowUtils.php"); function vtTaskEdit($adb, $request, $current_language, $app_strings){ global $theme; $util = new VTWorkflowUtils(); + $request = vtlib_purify($request); // this cleans all values of the array $image_path = "themes/$theme/images/"; $module = new VTWorkflowApplication('edittask'); diff --git a/modules/com_vtiger_workflow/editworkflow.php b/modules/com_vtiger_workflow/editworkflow.php index b4547c1..2537ecd 100644 --- a/modules/com_vtiger_workflow/editworkflow.php +++ b/modules/com_vtiger_workflow/editworkflow.php @@ -19,11 +19,10 @@ require_once("VTTaskManager.inc"); require_once("VTWorkflowApplication.inc"); require_once "VTWorkflowTemplateManager.inc"; require_once "VTWorkflowUtils.php"; -require_once 'config.help.link.php'; function vtWorkflowEdit($adb, $request, $requestUrl, $current_language, $app_strings){ - global $theme, $helpLinks; + global $theme; $util = new VTWorkflowUtils(); $image_path = "themes/$theme/images/"; @@ -83,7 +82,7 @@ function vtWorkflowEdit($adb, $request, $requestUrl, $current_language, $app_str $smarty->assign("saveType", isset($workflow->id)?"edit":"new"); $smarty->assign("module", $module); - $smarty->assign("WORKFLOW_TRIGGER_TYPES_HELP_LINK", $helpLinks['WORKFLOW_TRIGGER_TYPES']); + $smarty->assign("WORKFLOW_TRIGGER_TYPES_HELP_LINK", WORKFLOW_TRIGGER_TYPES); $smarty->display("{$module->name}/EditWorkflow.tpl"); } diff --git a/modules/com_vtiger_workflow/savetask.php b/modules/com_vtiger_workflow/savetask.php index 21103a0..f0af66d 100644 --- a/modules/com_vtiger_workflow/savetask.php +++ b/modules/com_vtiger_workflow/savetask.php @@ -18,7 +18,7 @@ require_once("VTWorkflowApplication.inc"); $util = new VTWorkflowUtils(); $module = new VTWorkflowApplication("savetask"); $mod = return_module_language($current_language, $module->name); - + $request = vtlib_purify($request); // this cleans all values of the array if(!$util->checkAdminAccess()){ $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']); $util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']); diff --git a/modules/com_vtiger_workflow/savetemplate.php b/modules/com_vtiger_workflow/savetemplate.php index 64eef09..d5a4769 100644 --- a/modules/com_vtiger_workflow/savetemplate.php +++ b/modules/com_vtiger_workflow/savetemplate.php @@ -20,7 +20,7 @@ function vtSaveWorkflowTemplate($adb, $request){ $util = new VTWorkflowUtils(); $module = new VTWorkflowApplication("savetemplate"); $mod = return_module_language($current_language, $module->name); - + $request = vtlib_purify($request); // this cleans all values of the array if(!$util->checkAdminAccess()){ $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']); $util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']); diff --git a/modules/com_vtiger_workflow/saveworkflow.php b/modules/com_vtiger_workflow/saveworkflow.php index 206e356..807dd03 100644 --- a/modules/com_vtiger_workflow/saveworkflow.php +++ b/modules/com_vtiger_workflow/saveworkflow.php @@ -19,7 +19,7 @@ require_once("VTWorkflowUtils.php"); $util = new VTWorkflowUtils(); $module = new VTWorkflowApplication("saveworkflow"); $mod = return_module_language($current_language, $module->name); - + $request = vtlib_purify($request); // this cleans all values of the array if(!$util->checkAdminAccess()){ $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']); $util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']); diff --git a/modules/com_vtiger_workflow/tasks/VTCreateTodoTask.inc b/modules/com_vtiger_workflow/tasks/VTCreateTodoTask.inc index efbb1de..b45bcf5 100644 --- a/modules/com_vtiger_workflow/tasks/VTCreateTodoTask.inc +++ b/modules/com_vtiger_workflow/tasks/VTCreateTodoTask.inc @@ -64,9 +64,8 @@ class VTCreateTodoTask extends VTTask{ 'taskpriority'=>$this->priority, 'taskstatus'=>$this->status, 'assigned_user_id'=>$userId, - 'time_start'=> $startDate->getDisplayTime(), - 'sendnotification'=>($this->sendNotification!='' && $this->sendNotification!='N')? - true: false, + 'time_start'=> self::conv12to24hour($this->time), + 'sendnotification'=>($this->sendNotification!='' && $this->sendNotification!='N')? true: false, 'date_start'=>$date, 'due_date'=>$date, 'visibility'=>'all', diff --git a/modules/uploads/add2db.php b/modules/uploads/add2db.php index 686938e..aca59a6 100644 --- a/modules/uploads/add2db.php +++ b/modules/uploads/add2db.php @@ -15,11 +15,11 @@ global $current_user, $upload_badext; $vtigerpath = $_SERVER['REQUEST_URI']; $vtigerpath = str_replace("/index.php?module=uploads&action=add2db", "", $vtigerpath); -$crmid = $_REQUEST['return_id']; +$crmid = vtlib_purify($_REQUEST['return_id']); $log->debug("DEBUG In add2db.php"); if(isset($_REQUEST['filename_hidden'])) { - $file = $_REQUEST['filename_hidden']; + $file = vtlib_purify($_REQUEST['filename_hidden']); } else { $file = $_FILES['filename']['name']; } @@ -39,13 +39,13 @@ $log->debug("DEBUG In add2db.php"); if($filesize != 0) { - $desc = $_REQUEST['txtDescription']; - $subject = $_REQUEST['uploadsubject']; + $desc = vtlib_purify($_REQUEST['txtDescription']); + $subject = vtlib_purify($_REQUEST['uploadsubject']); $date_var = $adb->formatDate(date('Y-m-d H:i:s'), true); $current_date = getdate(); $current_date = $adb->formatDate(date('Y-m-d H:i:s'), true); $query = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?,?,?,?,?,?,?)"; - $params = array($current_id, $current_user->id, $current_user->id, $_REQUEST['return_module'].' Attachment', $desc, $date_var, $current_date); + $params = array($current_id, $current_user->id, $current_user->id, vtlib_purify($_REQUEST['return_module']).' Attachment', $desc, $date_var, $current_date); $result = $adb->pquery($query, $params); # Added by DG 26 Oct 2005 @@ -53,7 +53,7 @@ $log->debug("DEBUG In add2db.php"); $log->debug("DEBUG return_module: ".$_REQUEST['return_module']); if ($_REQUEST['return_module'] == 'Contacts') { - $crmid = $_REQUEST['return_id']; + $crmid = vtlib_purify($_REQUEST['return_id']); $query = 'select accountid from vtiger_contactdetails where contactid=?'; $result = $adb->pquery($query, array($crmid)); if($adb->num_rows($result) != 0) diff --git a/modules/uploads/deleteattachments.php b/modules/uploads/deleteattachments.php index df85404..06cc6fd 100644 --- a/modules/uploads/deleteattachments.php +++ b/modules/uploads/deleteattachments.php @@ -9,7 +9,7 @@ ********************************************************************************/ require_once('include/database/PearDatabase.php'); -$id=$_REQUEST['record']; +$id= vtlib_purify($_REQUEST['record']); $sql = "delete from vtiger_seattachmentsrel where attachmentsid =?"; $adb->pquery($sql, array($id)); diff --git a/modules/uploads/downloadfile.php b/modules/uploads/downloadfile.php index dca60af..12e27d4 100644 --- a/modules/uploads/downloadfile.php +++ b/modules/uploads/downloadfile.php @@ -15,10 +15,10 @@ require_once('include/database/PearDatabase.php'); global $adb; global $fileId, $default_charset, $app_strings; -$attachmentsid = $_REQUEST['fileid']; -$entityid = $_REQUEST['entityid']; +$attachmentsid = vtlib_purify($_REQUEST['fileid']); +$entityid = vtlib_purify($_REQUEST['entityid']); -$returnmodule=$_REQUEST['return_module']; +$returnmodule= vtlib_purify($_REQUEST['return_module']); $deletecheck = false; if(!empty($entityid)) $deletecheck = $adb->pquery("SELECT deleted FROM vtiger_crmentity WHERE crmid=?", array($entityid)); diff --git a/modules/uploads/upload.php b/modules/uploads/upload.php index a43de41..a3db802 100644 --- a/modules/uploads/upload.php +++ b/modules/uploads/upload.php @@ -73,9 +73,9 @@ $theme_path="themes/".$theme."/"; - vtiger CRM 5 - PHP Version Check + <?php echo $coreBOS_app_name; ?> - PHP Version Check @@ -23,7 +23,7 @@ - +
     vtiger CRM 5<?php echo $coreBOS_app_name; ?>
    @@ -36,7 +36,7 @@
    - PHP 5.2.x or above is required. Your current PHP version is + PHP 5.2.x or PHP 5.3.x is required. Your current PHP version is
    - Kindly upgrade the PHP installation, and try again!
    + Kindly adapt your PHP installation, and try again!
    @@ -68,7 +68,7 @@ - +
    www.vtiger.com
    diff --git a/schema/.htaccess b/schema/.htaccess new file mode 100644 index 0000000..e019832 --- /dev/null +++ b/schema/.htaccess @@ -0,0 +1 @@ +deny from all diff --git a/soap/customerportal.php b/soap/customerportal.php index 48bdc87..92178f8 100755 --- a/soap/customerportal.php +++ b/soap/customerportal.php @@ -448,19 +448,19 @@ function get_combo_values($input_array) if($RowCount > 0){ $admin_role = $adb->query_result($roleres,0,'roleid'); } - $result1 = $adb->pquery("select vtiger_ticketpriorities.ticketpriorities from vtiger_ticketpriorities inner join vtiger_role2picklist on vtiger_role2picklist.picklistvalueid = vtiger_ticketpriorities.picklist_valueid and vtiger_role2picklist.roleid='$admin_role'", array()); + $result1 = $adb->pquery("select vtiger_ticketpriorities.ticketpriorities from vtiger_ticketpriorities inner join vtiger_role2picklist on vtiger_role2picklist.picklistvalueid = vtiger_ticketpriorities.picklist_valueid and vtiger_role2picklist.roleid='$admin_role' order by sortorderid", array()); for($i=0;$i<$adb->num_rows($result1);$i++) { $output['ticketpriorities']['ticketpriorities'][$i] = $adb->query_result($result1,$i,"ticketpriorities"); } - $result2 = $adb->pquery("select vtiger_ticketseverities.ticketseverities from vtiger_ticketseverities inner join vtiger_role2picklist on vtiger_role2picklist.picklistvalueid = vtiger_ticketseverities.picklist_valueid and vtiger_role2picklist.roleid='$admin_role'", array()); + $result2 = $adb->pquery("select vtiger_ticketseverities.ticketseverities from vtiger_ticketseverities inner join vtiger_role2picklist on vtiger_role2picklist.picklistvalueid = vtiger_ticketseverities.picklist_valueid and vtiger_role2picklist.roleid='$admin_role' order by sortorderid", array()); for($i=0;$i<$adb->num_rows($result2);$i++) { $output['ticketseverities']['ticketseverities'][$i] = $adb->query_result($result2,$i,"ticketseverities"); } - $result3 = $adb->pquery("select vtiger_ticketcategories.ticketcategories from vtiger_ticketcategories inner join vtiger_role2picklist on vtiger_role2picklist.picklistvalueid = vtiger_ticketcategories.picklist_valueid and vtiger_role2picklist.roleid='$admin_role'", array()); + $result3 = $adb->pquery("select vtiger_ticketcategories.ticketcategories from vtiger_ticketcategories inner join vtiger_role2picklist on vtiger_role2picklist.picklistvalueid = vtiger_ticketcategories.picklist_valueid and vtiger_role2picklist.roleid='$admin_role' order by sortorderid", array()); for($i=0;$i<$adb->num_rows($result3);$i++) { $output['ticketcategories']['ticketcategories'][$i] = $adb->query_result($result3,$i,"ticketcategories"); @@ -638,6 +638,28 @@ function save_faq_comment($input_array) function get_tickets_list($input_array) { + //To avoid SQL injection we are type casting as well as bound the id variable. + $id = (int) vtlib_purify($input_array['id']); + + $only_mine = $input_array['onlymine']; + $where = vtlib_purifyForSql($input_array['where']); //addslashes is already added with where condition fields in portal itself + $match = $input_array['match']; + $sessionid = $input_array['sessionid']; + + if(!validateSession($id,$sessionid)) + return null; + + //To avoid SQL injection we are type casting as well as bound the id variable. + $id = (int) vtlib_purify($input_array['id']); + + $only_mine = $input_array['onlymine']; + $where = vtlib_purifyForSql($input_array['where']); //addslashes is already added with where condition fields in portal itself + $match = $input_array['match']; + $sessionid = $input_array['sessionid']; + + if(!validateSession($id,$sessionid)) + return null; + require_once('modules/HelpDesk/HelpDesk.php'); require_once('include/utils/UserInfoUtil.php'); @@ -651,15 +673,6 @@ function get_tickets_list($input_array) { $show_all = show_all('HelpDesk'); $current_user = $user->retrieveCurrentUserInfoFromFile($userid); - $id = $input_array['id']; - $only_mine = $input_array['onlymine']; - $where = $input_array['where']; //addslashes is already added with where condition fields in portal itself - $match = $input_array['match']; - $sessionid = $input_array['sessionid']; - - if(!validateSession($id,$sessionid)) - return null; - // Prepare where conditions based on search query $join_type = ''; $where_conditions = ''; @@ -1174,9 +1187,12 @@ function get_picklists($input_array) $adb->println("INPUT ARRAY for the function get_picklists"); $adb->println($input_array); - $id = $input_array['id']; + //To avoid SQL injection we are type casting as well as bound the id variable + $id = (int) vtlib_purify($input_array['id']); $sessionid = $input_array['sessionid']; - $picklist_name = $adb->sql_escape_string($input_array['picklist_name']); + //To avoid SQL injection. + $picklist_name = vtlib_purifyForSql($input_array['picklist_name']); + if(empty($picklist_name)) return null; if(!validateSession($id,$sessionid)) return null; @@ -1396,17 +1412,16 @@ function validateSession($id, $sessionid) global $adb; $adb->println("Inside function validateSession($id, $sessionid)"); + if(empty($sessionid)) return false; + $server_sessionid = getServerSessionId($id); $adb->println("Checking Server session id and customer input session id ==> $server_sessionid == $sessionid"); - if($server_sessionid == $sessionid) - { + if($server_sessionid == $sessionid) { $adb->println("Session id match. Authenticated to do the current operation."); return true; - } - else - { + } else { $adb->println("Session id does not match. Not authenticated to do the current operation."); return false; } @@ -1428,8 +1443,11 @@ function getServerSessionId($id) $sessionid = Vtiger_Soap_CustomerPortal::lookupSessionId($id); if($sessionid === false) { $query = "select * from vtiger_soapservice where type='customer' and id=?"; - $sessionid = $adb->query_result($adb->pquery($query, array($id)),0,'sessionid'); + $result = $adb->pquery($query, array($id)); + if($adb->num_rows($result) > 0) { + $sessionid = $adb->query_result($result,0,'sessionid'); Vtiger_Soap_CustomerPortal::updateSessionId($id, $sessionid); + } } return $sessionid; } @@ -1527,6 +1545,7 @@ function get_vendor_name($vendorid) function get_list_values($id,$module,$sessionid,$only_mine='true') { + checkFileAccessForInclusion('modules/'.$module.'/'.$module.'.php'); require_once('modules/'.$module.'/'.$module.'.php'); require_once('include/utils/UserInfoUtil.php'); global $adb,$log,$current_user; @@ -1535,6 +1554,9 @@ function get_list_values($id,$module,$sessionid,$only_mine='true') if($check == false){ return array("#MODULE INACTIVE#"); } + + //To avoid SQL injection we are type casting as well as bound the id variable. + $id = (int) vtlib_purify($id); $user = new Users(); $userid = getPortalUserid(); $current_user = $user->retrieveCurrentUserInfoFromFile($userid); @@ -1661,6 +1683,7 @@ function get_list_values($id,$module,$sessionid,$only_mine='true') $output[0][$module]['head'][0][$i]['fielddata'] = $fieldlabel; $fieldvalue = $adb->query_result($res,$j,$fieldname); + $fieldValuesToRound = array('total','subtotal','adjustment','discount_amount','s_h_amount','pre_tax_total','received','balance','unit_price'); if($module == 'Quotes') { @@ -1669,6 +1692,9 @@ function get_list_values($id,$module,$sessionid,$only_mine='true') $filename = $fieldid.'_Quotes.pdf'; $fieldvalue = ''.$fieldvalue.''; } + if(in_array($fieldname, $fieldValuesToRound)){ + $fieldvalue = round($fieldvalue, 2); + } if($fieldname == 'total'){ $sym = getCurrencySymbol($res,$j,'currency_id'); $fieldvalue = $sym.$fieldvalue; @@ -1681,6 +1707,9 @@ function get_list_values($id,$module,$sessionid,$only_mine='true') $filename = $fieldid.'_Invoice.pdf'; $fieldvalue = ''.$fieldvalue.''; } + if(in_array($fieldname, $fieldValuesToRound)){ + $fieldvalue = round($fieldvalue, 2); + } if($fieldname == 'total'){ $sym = getCurrencySymbol($res,$j,'currency_id'); $fieldvalue = $sym.$fieldvalue; @@ -1733,6 +1762,9 @@ function get_list_values($id,$module,$sessionid,$only_mine='true') $fieldvalue = 'No'; } } + if(in_array($fieldname, $fieldValuesToRound)){ + $fieldvalue = round($fieldvalue, 2); + } if($fieldname == 'unit_price'){ $sym = getCurrencySymbol($res,$j,'currency_id'); $fieldvalue = $sym.$fieldvalue; @@ -2042,9 +2074,14 @@ function get_product_list_values($id,$modulename,$sessionid,$only_mine='true') if($check == false){ return array("#MODULE INACTIVE#"); } + + //To avoid SQL injection we are type casting as well as bound the id variable. + $id = (int) vtlib_purify($id); $user = new Users(); $userid = getPortalUserid(); $current_user = $user->retrieveCurrentUserInfoFromFile($userid); + //To avoid SQL injection we are type casting as well as bound the id variable + $id = (int) vtlib_purify($id); $entity_ids_list = array(); $show_all=show_all($modulename); @@ -2113,6 +2150,7 @@ function get_product_list_values($id,$modulename,$sessionid,$only_mine='true') where vtiger_inventoryproductrel.productid = vtiger_products.productid AND vtiger_crmentity.deleted=0 and (accountid in (". generateQuestionMarks($entity_ids_list) .") or contactid in (". generateQuestionMarks($entity_ids_list) ."))"; $params[] = array($entity_ids_list,$entity_ids_list); } + $fieldValuesToRound = array('unit_price','weight','commissionrate','qtyinstock'); for($k=0;$kpquery($query[$k],$params[$k]); @@ -2131,6 +2169,9 @@ function get_product_list_values($id,$modulename,$sessionid,$only_mine='true') $fieldvalue = $adb->query_result($res[$k],$j,$fieldname); $fieldid = $adb->query_result($res[$k],$j,'productid'); + if(in_array($fieldname, $fieldValuesToRound)){ + $fieldvalue = round($fieldvalue, 2); + } if($fieldname == 'entityid') { $crmid = $fieldvalue; $module = $adb->query_result($res[$k],$j,'setype'); @@ -2202,11 +2243,12 @@ function get_details($id,$module,$customerid,$sessionid) } else if($module == 'Documents'){ $query = "SELECT - vtiger_notes.*,vtiger_crmentity.*,vtiger_attachmentsfolder.foldername + vtiger_notes.*,vtiger_crmentity.*,vtiger_attachmentsfolder.foldername,vtiger_notescf.* FROM vtiger_notes INNER JOIN vtiger_crmentity on vtiger_crmentity.crmid = vtiger_notes.notesid LEFT JOIN vtiger_attachmentsfolder ON vtiger_notes.folderid = vtiger_attachmentsfolder.folderid + LEFT JOIN vtiger_notescf ON vtiger_notescf.notesid = vtiger_notes.notesid where vtiger_notes.notesid=(". generateQuestionMarks($id) .") AND vtiger_crmentity.deleted=0"; } else if($module == 'HelpDesk'){ @@ -2271,7 +2313,7 @@ function get_details($id,$module,$customerid,$sessionid) INNER JOIN vtiger_crmentity ON vtiger_assets.assetsid = vtiger_crmentity.crmid INNER JOIN vtiger_assetscf - ON vtiger_assets.assetsid = vtiger_assets.assetsid + ON vtiger_assetscf.assetsid = vtiger_assets.assetsid WHERE vtiger_crmentity.deleted = 0 AND vtiger_assets.assetsid = (". generateQuestionMarks($id) .")"; } else if ($module == 'Project') { $query = "SELECT vtiger_project.*, vtiger_projectcf.*, vtiger_crmentity.* @@ -2438,6 +2480,7 @@ function get_details($id,$module,$customerid,$sessionid) } if($fieldname == 'unit_price'){ $sym = getCurrencySymbol($res,0,'currency_id'); + $fieldvalue = round($fieldvalue, 2); $fieldvalue = $sym.$fieldvalue; } $output[0][$module][$i]['fieldvalue'] = $fieldvalue; @@ -2776,6 +2819,7 @@ function get_documents($id,$module,$customerid,$sessionid) * $customerid :: INT contact's Id' */ function get_project_components($id,$module,$customerid,$sessionid) { + checkFileAccessForInclusion("modules/$module/$module.php"); require_once("modules/$module/$module.php"); require_once('include/utils/UserInfoUtil.php'); @@ -2817,7 +2861,7 @@ function get_project_components($id,$module,$customerid,$sessionid) { INNER JOIN vtiger_crmentity ON vtiger_crmentity.crmid = vtiger_projectmilestone.projectmilestoneid AND vtiger_crmentity.deleted = 0"; } - $res = $adb->pquery($query,array($id)); + $res = $adb->pquery($query,array(vtlib_purify($id))); $noofdata = $adb->num_rows($res); for( $j= 0;$j < $noofdata; ++$j) { @@ -2936,6 +2980,8 @@ function get_service_list_values($id,$modulename,$sessionid,$only_mine='true') $user = new Users(); $userid = getPortalUserid(); $current_user = $user->retrieveCurrentUserInfoFromFile($userid); + //To avoid SQL injection we are type casting as well as bound the id variable + $id = (int) vtlib_purify($id); $entity_ids_list = array(); $show_all=show_all($modulename); @@ -3018,6 +3064,8 @@ function get_service_list_values($id,$modulename,$sessionid,$only_mine='true') getFieldVisibilityPermission('Services',$current_user->id,$fieldname); } + $fieldValuesToRound = array('unit_price','commissionrate'); + for($k=0;$kpquery($query[$k],$params[$k]); @@ -3037,6 +3085,9 @@ function get_service_list_values($id,$modulename,$sessionid,$only_mine='true') $fieldvalue = $adb->query_result($res[$k],$j,$fieldname); $fieldid = $adb->query_result($res[$k],$j,'serviceid'); + if(in_array($fieldname, $fieldValuesToRound)){ + $fieldvalue = round($fieldvalue, 2); + } if($fieldname == 'entityid') { $crmid = $fieldvalue; $module = $adb->query_result($res[$k],$j,'setype'); @@ -3216,7 +3267,6 @@ function getDefaultAssigneeId() { } } return $defaultassignee; - $log->debug("Exiting customerportal function getPortalUserid"); } /* Begin the HTTP listener service and exit. */ diff --git a/soap/firefoxtoolbar.php b/soap/firefoxtoolbar.php index 1267cfd..4aadc92 100644 --- a/soap/firefoxtoolbar.php +++ b/soap/firefoxtoolbar.php @@ -835,11 +835,12 @@ function GetPicklistValues($username,$sessionid,$tablename) $current_user->retrieve_entity_info($user_id,'Users'); require_once("include/utils/UserInfoUtil.php"); $roleid = fetchUserRole($user_id); + checkFileAccessForInclusion('user_privileges/user_privileges_'.$current_user->id.'.php'); require('user_privileges/user_privileges_'.$current_user->id.'.php'); if($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) { $query = "select " . $adb->sql_escape_string($tablename) . " from vtiger_". $adb->sql_escape_string($tablename); - $result1 = $adb->query($query); + $result1 = $adb->pquery($query, array()); for($i=0;$i<$adb->num_rows($result1);$i++) { $output[$i] = decode_html($adb->query_result($result1,$i,$tablename)); diff --git a/soap/thunderbirdplugin.php b/soap/thunderbirdplugin.php index 988293e..3df07b1 100644 --- a/soap/thunderbirdplugin.php +++ b/soap/thunderbirdplugin.php @@ -192,6 +192,8 @@ function SearchContactsByEmail($username,$password,$emailaddress) $seed_contact = new Contacts(); $output_list = Array(); + if(filter_var($emailaddress, FILTER_VALIDATE_EMAIL) == false ) return null; + $response = $seed_contact->get_searchbyemailid($username,$emailaddress); $contactList = $response['list']; @@ -278,7 +280,7 @@ function GetContacts($username,$password) $output_list = Array(); $query = $seed_contact->get_contactsforol($username); - $result = $adb->query($query); + $result = $adb->pquery($query, array()); while($contact = $adb->fetch_array($result)) { @@ -382,7 +384,9 @@ function AddContact($user_name,$first_name, $last_name, $email_address ,$account $user_id = $seed_user->retrieve_user_id($user_name); $current_user = $seed_user; $current_user->retrieve_entity_info($user_id,"Users"); + checkFileAccessForInclusion('user_privileges/user_privileges_'.$current_user->id.'.php'); require('user_privileges/user_privileges_'.$current_user->id.'.php'); + checkFileAccessForInclusion('user_privileges/sharing_privileges_'.$current_user->id.'.php'); require('user_privileges/sharing_privileges_'.$current_user->id.'.php'); if($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) { @@ -447,7 +451,9 @@ function AddLead($user_name, $first_name, $last_name, $email_address ,$account_n $user_id = $seed_user->retrieve_user_id($user_name); $current_user = $seed_user; $current_user->retrieve_entity_info($user_id,"Users"); + checkFileAccessForInclusion('user_privileges/user_privileges_'.$current_user->id.'.php'); require('user_privileges/user_privileges_'.$current_user->id.'.php'); + checkFileAccessForInclusion('user_privileges/sharing_privileges_'.$current_user->id.'.php'); require('user_privileges/sharing_privileges_'.$current_user->id.'.php'); if($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) { diff --git a/soap/vtigerolservice.php b/soap/vtigerolservice.php index 2de9094..7e3e29e 100644 --- a/soap/vtigerolservice.php +++ b/soap/vtigerolservice.php @@ -288,6 +288,9 @@ function SearchContactsByEmail($username,$session,$emailaddress) $seed_contact = new Contacts(); $output_list = Array(); + //To avoid Blind SQL injection we are validating the Email address. + if(filter_var($emailaddress, FILTER_VALIDATE_EMAIL) == false ) return null; + $response = $seed_contact->get_searchbyemailid($username,$emailaddress); $contactList = $response['list']; @@ -457,12 +460,14 @@ function CheckActivityPermission($username,$session) function AddEmailAttachment($emailid,$filedata,$filename,$filesize,$filetype,$username,$session) { - if(!validateSession($username,$session)) - return null; - global $adb; + if(!validateSession($username,$session)) return null; + + if(empty($emailid)) return null; + + global $adb, $upload_badext; require_once('modules/Users/Users.php'); require_once('include/utils/utils.php'); - $filename = preg_replace('/\s+/', '_', $filename);//replace space with _ in filename + $filename = vtlib_purifyForSql(sanitizeUploadFileName(str_replace('..','_',$filename), $upload_badext)); // Avoid relative file path attacks. $date_var = date('Y-m-d H:i:s'); $seed_user = new Users(); @@ -1381,17 +1386,16 @@ function validateSession($username, $sessionid) $seed_user = new Users(); $id = $seed_user->retrieve_user_id($username); + if(empty($sessionid)) return false; + $server_sessionid = getServerSessionId($id); $adb->println("Checking Server session id and customer input session id ==> $server_sessionid == $sessionid"); - if($server_sessionid == $sessionid) - { + if($server_sessionid == $sessionid) { $adb->println("Session id match. Authenticated to do the current operation."); return true; - } - else - { + } else { $adb->println("Session id does not match. Not authenticated to do the current operation."); return false; } @@ -1419,9 +1423,12 @@ function getServerSessionId($id) //To avoid SQL injection we are type casting as well as bound the id variable. In each and every function we will call this function $id = (int) $id; - $query = "select * from vtiger_soapservice where type='Outlook' and id={$id}"; - $sessionid = $adb->query_result($adb->query($query),0,'sessionid'); - + $query = "SELECT * FROM vtiger_soapservice WHERE type='Outlook' AND id = ?"; + $result = $adb->pquery($query, array($id)); + $sessionid = ''; + if($adb->num_rows($result) > 0) { + $sessionid = $adb->query_result($result,0,'sessionid'); + } return $sessionid; } /* Begin the HTTP listener service and exit. */ diff --git a/soap/webforms.php.deprecated b/soap/webforms.php.deprecated deleted file mode 100644 index 33ed94f..0000000 --- a/soap/webforms.php.deprecated +++ /dev/null @@ -1,199 +0,0 @@ -configureWSDL('vtigersoap'); - - -$server->register( - 'create_lead_from_webform', - array( - 'lastname'=>'xsd:string', - 'email'=>'xsd:string', - 'phone'=>'xsd:string', - 'company'=>'xsd:string', - 'country'=>'xsd:string', - 'description'=>'xsd:string', - 'assigned_user_id'=>'xsd:string' - ), - array('return'=>'xsd:string'), - $NAMESPACE); - -$server->register( - 'create_contact_from_webform', - array( - 'first_name'=>'xsd:string', - 'last_name'=>'xsd:string', - 'email_address'=>'xsd:string', - 'home_phone'=>'xsd:string', - 'department'=>'xsd:string', - 'description'=>'xsd:string', - 'assigned_user_id'=>'xsd:string' - ), - array('return'=>'xsd:string'), - $NAMESPACE); - -$server->register( - 'unsubscribe_email', - array( - 'email_address'=>'xsd:string' - ), - array('return'=>'xsd:string'), - $NAMESPACE); - - -/** function used to create lead from webform from the passed details - * @param string $lastname - last name of the lead - * @param string $email - email of the lead - * @param string $phone - phone number of the lead - * @param string $company - company name of the lead - * @param string $country - country name of the lead - * @param string $description - description to create a lead - * @param int $assigned_user_id - assigned to user for the lead - * return message success or failure about the lead creation - */ -function create_lead_from_webform($lastname, $email, $phone, $company, $country, $description, $assigned_user_id) -{ - global $adb; - $adb->println("Create New Lead from Web Form - Starts"); - - if($assigned_user_id == '') - { - //if the user id is empty then assign it to the admin user - $assigned_user_id = $adb->query_result($adb->pquery("select id from vtiger_users where user_name=?", array('admin')),0,'id'); - } - - require_once("modules/Leads/Leads.php"); - $focus = new Leads(); - $focus->column_fields['lastname'] = $lastname; - $focus->column_fields['email'] = trim($email); - $focus->column_fields['phone'] = $phone; - $focus->column_fields['company'] = $company; - $focus->column_fields['country'] = $country; - $focus->column_fields['description'] = $description; - $focus->column_fields['assigned_user_id'] = $assigned_user_id; - - $focus->save("Leads"); - //$focus->retrieve_entity_info($focus->id,"Leads"); - - $adb->println("Create New Lead from Web Form - Ends"); - - if($focus->id != '') - $msg = 'Thank you for your interest. Information has been successfully added as Lead in vtigerCRM.'; - else - $msg = "Lead creation failed. Please try again"; - - return $msg; -} - -/** function used to create contact from webform from the passed details - * @param string $first_name - first name to create contact - * @param string $last_name - last name to create contact - * @param string $email_address - email address to create contact - * @param string $home_phone - phone number of home to create contact - * @param string $department - department to create contact - * @param string $description - description to create contact - * @param int $assigned_user_id - assigned to user for the contact - * return message success or failure about the contact creation - */ -function create_contact_from_webform($first_name, $last_name, $email_address, $home_phone, $department,$description, $assigned_user_id) -{ - global $adb; - - $adb->println("Create New Contact from Web Form - Starts"); - if($assigned_user_id == '') - { - //if the user id is empty then assign it to the admin user - $assigned_user_id = $adb->query_result($adb->pquery("select id from vtiger_users where user_name=?", array('admin')),0,'id'); - } - - require_once('modules/Contacts/Contacts.php'); - $focus = new Contacts(); - - $focus->column_fields['firstname'] = $first_name; - $focus->column_fields['lastname'] = $last_name; - $focus->column_fields['email'] = trim($email_address); - $focus->column_fields['homephone'] = $home_phone; - $focus->column_fields['department'] = $department; - $focus->column_fields['description'] = $description; - $focus->column_fields['assigned_user_id'] = $assigned_user_id; - - $focus->save("Contacts"); - //$focus->retrieve_entity_info($focus->id,"Contacts"); - - $adb->println("Create New Contact from Web Form - Ends"); - - if($focus->id != '') - $msg = 'Thank you for your interest. Information has been successfully added as Contact in vtigerCRM.'; - else - $msg = "Contact creation failed. Please try again"; - - return $msg; -} - -/** function used to unsubscribe the mail - * @param string $emailid - email address to unsubscribe - * return message about the success or failure status about the unsubscribe - */ -function unsubscribe_email($emailid) -{ - global $adb; - $adb->println("Enter into the function unsubscribe_email($emailid)"); - - $emailid = trim($emailid); - - $contact_res = $adb->pquery("select emailoptout from vtiger_contactdetails where email=?", array($emailid)); - $contact_noofrows = $adb->num_rows($contact_res); - $emailoptout = $adb->query_result($contact_res,0,'emailoptout'); - - if($contact_noofrows > 0) - { - if($emailoptout != 1) - { - $adb->pquery("update vtiger_contactdetails set emailoptout=1 where email=?", array($emailid)); - $msg = "You have been unsubscribed."; - } - else - { - $msg = "You are already unsubscribed."; - } - } - else - { - $msg = "There are no record available for this mail address."; - } - - $adb->println("Exit from the function unsubscribe_email($emailid)"); - return $msg; -} - - -//$log->fatal("In soap.php"); - -/* Begin the HTTP listener service and exit. */ -$server->service($HTTP_RAW_POST_DATA); - -exit(); - - - -?> diff --git a/test/logo/app-logo.png b/test/logo/app-logo.png new file mode 100644 index 0000000..ec2dea1 Binary files /dev/null and b/test/logo/app-logo.png differ diff --git a/test/logo/vtiger-crm-logo.gif b/test/logo/vtiger-crm-logo.gif deleted file mode 100644 index 6005cbd..0000000 Binary files a/test/logo/vtiger-crm-logo.gif and /dev/null differ diff --git a/themes/alphagrey/images/vtiger-crm.gif b/themes/alphagrey/images/vtiger-crm.gif deleted file mode 100644 index ba12aa2..0000000 Binary files a/themes/alphagrey/images/vtiger-crm.gif and /dev/null differ diff --git a/themes/alphagrey/style.css b/themes/alphagrey/style.css index b8977c3..93d922e 100644 --- a/themes/alphagrey/style.css +++ b/themes/alphagrey/style.css @@ -1942,7 +1942,7 @@ textarea { border-left:1px solid #eaeaea; border-top:1px solid #eaeaea; border-right:1px solid #999; - border-left:1px solid #999;; + border-left:1px solid #999; } .mailClientCSSButton { @@ -2398,7 +2398,7 @@ div.goog-te-sectional-gadget-all{ bottom: 0; background: url(images/help_header.png) repeat-x; border-top:2px solid #717351; - heigth:30px; + height:30px; } div#vtigerHelpPopupLay{ @@ -2475,7 +2475,7 @@ input { font-weight: bold; } .mm_message p { - border: 2px solid #AAAAAA;; + border: 2px solid #AAAAAA; padding: 2px; position: fixed; left: 50%; @@ -2648,7 +2648,7 @@ a.allMnu:Hover{ } .searchBtn{ width:48px; - height:31px; + height:24px; } .selectall{ diff --git a/themes/bluelagoon/images/vtiger-crm.gif b/themes/bluelagoon/images/vtiger-crm.gif deleted file mode 100644 index c4b351f..0000000 Binary files a/themes/bluelagoon/images/vtiger-crm.gif and /dev/null differ diff --git a/themes/bluelagoon/style.css b/themes/bluelagoon/style.css index 83238d7..d533a11 100644 --- a/themes/bluelagoon/style.css +++ b/themes/bluelagoon/style.css @@ -1900,7 +1900,7 @@ textarea { border-left:1px solid #eaeaea; border-top:1px solid #eaeaea; border-right:1px solid #939271; - border-left:1px solid #939271;; + border-left:1px solid #939271; } .mailClientCSSButton { @@ -2391,7 +2391,7 @@ vtigerHelpWelcomePopupLay #contentOfHelp{ bottom: 0; background: url(images/help_header.png) repeat-x; border-top:2px solid #717351; - heigth:30px; + height:30px; } div#vtigerHelpPopupLay{ position : relative !important; @@ -2465,7 +2465,7 @@ input { font-weight: bold; } .mm_message p { - border: 2px solid #4F94CD;; + border: 2px solid #4F94CD; padding: 2px; position: fixed; left: 50%; @@ -2652,7 +2652,7 @@ a.allMnu:Hover{ } .searchBtn{ width:48px; - height:31px; + height:24px; } .selectall{ diff --git a/themes/images/aboutUS.jpg b/themes/images/aboutUS.jpg deleted file mode 100644 index 2f4d1e8..0000000 Binary files a/themes/images/aboutUS.jpg and /dev/null differ diff --git a/themes/images/bullets.gif b/themes/images/bullets.gif deleted file mode 100644 index e2e7037..0000000 Binary files a/themes/images/bullets.gif and /dev/null differ diff --git a/themes/images/calc_logo.gif b/themes/images/calc_logo.gif index 4d57039..26c040e 100644 Binary files a/themes/images/calc_logo.gif and b/themes/images/calc_logo.gif differ diff --git a/themes/images/favicon.ico b/themes/images/favicon.ico new file mode 100644 index 0000000..9541b20 Binary files /dev/null and b/themes/images/favicon.ico differ diff --git a/themes/images/honestCRM.gif b/themes/images/honestCRM.gif deleted file mode 100644 index 09a61da..0000000 Binary files a/themes/images/honestCRM.gif and /dev/null differ diff --git a/themes/images/honestCRMTop.gif b/themes/images/honestCRMTop.gif deleted file mode 100644 index a9c6eb8..0000000 Binary files a/themes/images/honestCRMTop.gif and /dev/null differ diff --git a/themes/images/loginTopHeaderBg.gif b/themes/images/loginTopHeaderBg.gif deleted file mode 100644 index b96580b..0000000 Binary files a/themes/images/loginTopHeaderBg.gif and /dev/null differ diff --git a/themes/images/loginTopHeaderName.gif b/themes/images/loginTopHeaderName.gif deleted file mode 100644 index 7d2252a..0000000 Binary files a/themes/images/loginTopHeaderName.gif and /dev/null differ diff --git a/themes/images/loginTopVersion.gif b/themes/images/loginTopVersion.gif deleted file mode 100644 index 98eb772..0000000 Binary files a/themes/images/loginTopVersion.gif and /dev/null differ diff --git a/themes/images/logo_mail.jpg b/themes/images/logo_mail.jpg index 532a5d0..c7b2758 100644 Binary files a/themes/images/logo_mail.jpg and b/themes/images/logo_mail.jpg differ diff --git a/themes/images/logout.png b/themes/images/logout.png new file mode 100644 index 0000000..b051cb0 Binary files /dev/null and b/themes/images/logout.png differ diff --git a/themes/images/report_newHdr.gif b/themes/images/report_newHdr.gif index c4fa2e2..ec8e86b 100644 Binary files a/themes/images/report_newHdr.gif and b/themes/images/report_newHdr.gif differ diff --git a/themes/images/titleMailClient.gif b/themes/images/titleMailClient.gif index 539fc3b..55c8477 100644 Binary files a/themes/images/titleMailClient.gif and b/themes/images/titleMailClient.gif differ diff --git a/themes/images/titleMySites.gif b/themes/images/titleMySites.gif index e8f4a78..c57a6aa 100644 Binary files a/themes/images/titleMySites.gif and b/themes/images/titleMySites.gif differ diff --git a/themes/images/titleRSSReader.gif b/themes/images/titleRSSReader.gif index 634e4f6..bcc44ee 100644 Binary files a/themes/images/titleRSSReader.gif and b/themes/images/titleRSSReader.gif differ diff --git a/themes/images/vtiger-paw.jpg b/themes/images/vtiger-paw.jpg deleted file mode 100644 index 2646df1..0000000 Binary files a/themes/images/vtiger-paw.jpg and /dev/null differ diff --git a/themes/images/vtiger.jpg b/themes/images/vtiger.jpg deleted file mode 100644 index edb02f2..0000000 Binary files a/themes/images/vtiger.jpg and /dev/null differ diff --git a/themes/images/vtigerName.gif b/themes/images/vtigerName.gif deleted file mode 100644 index b1e2679..0000000 Binary files a/themes/images/vtigerName.gif and /dev/null differ diff --git a/themes/images/vtigercrm_icon.ico b/themes/images/vtigercrm_icon.ico deleted file mode 100644 index 12406bd..0000000 Binary files a/themes/images/vtigercrm_icon.ico and /dev/null differ diff --git a/themes/images/vtigerlogo.jpg b/themes/images/vtigerlogo.jpg deleted file mode 100644 index 9e8e92d..0000000 Binary files a/themes/images/vtigerlogo.jpg and /dev/null differ diff --git a/themes/softed/images/vtiger-crm.gif b/themes/softed/images/vtiger-crm.gif deleted file mode 100644 index 9a15488..0000000 Binary files a/themes/softed/images/vtiger-crm.gif and /dev/null differ diff --git a/themes/softed/style.css b/themes/softed/style.css index 452fd27..375a603 100644 --- a/themes/softed/style.css +++ b/themes/softed/style.css @@ -2038,7 +2038,7 @@ textarea { border-left:1px solid #eaeaea; border-top:1px solid #eaeaea; border-right:1px solid #939271; - border-left:1px solid #939271;; + border-left:1px solid #939271; } .mailClientCSSButton { @@ -2536,7 +2536,7 @@ div.goog-te-sectional-gadget-all{ bottom: 0; background: url(images/help_header.png) repeat-x; border-top:2px solid #717351; - heigth:30px; + height:30px; } div#vtigerHelpPopupLay{ position : relative !important; @@ -2824,7 +2824,7 @@ a.allMnu:Hover{ } .searchBtn{ width:48px; - height:31px; + height:24px; } .selectall{ diff --git a/themes/woodspice/images/vtiger-crm.gif b/themes/woodspice/images/vtiger-crm.gif deleted file mode 100644 index 78739d0..0000000 Binary files a/themes/woodspice/images/vtiger-crm.gif and /dev/null differ diff --git a/themes/woodspice/style.css b/themes/woodspice/style.css index 565c179..ba30286 100644 --- a/themes/woodspice/style.css +++ b/themes/woodspice/style.css @@ -1993,7 +1993,7 @@ textarea { border-left:1px solid #eaeaea; border-top:1px solid #eaeaea; border-right:1px solid #939271; - border-left:1px solid #939271;; + border-left:1px solid #939271 } .mailClientCSSButton { @@ -2426,7 +2426,7 @@ div.goog-te-sectional-gadget-all{ bottom: 0; background: url(images/help_header.png) repeat-x; border-top:2px solid #717351; - heigth:30px; + height:30px; } div#vtigerHelpPopupLay{ position : relative !important; @@ -2669,7 +2669,7 @@ a.drop_down_usersettings_name{ } .searchBtn{ width:48px; - height:31px; + height:24px; } .selectall{ diff --git a/upgrade2coreBOS.php b/upgrade2coreBOS.php new file mode 100644 index 0000000..1a67f34 --- /dev/null +++ b/upgrade2coreBOS.php @@ -0,0 +1,152 @@ +'; +echo "vtlib $moduleTitle"; +echo ''; +echo ''; +echo ''; +echo '
    '; +echo ''; +echo "

    $moduleTitle

    "; +echo '    		'; +echo 'coreBOS'; +echo '
    '; +echo '
    '; + +// Turn on debugging level +$Vtiger_Utils_Log = true; + +require_once 'include/utils/utils.php'; +include_once('vtlib/Vtiger/Module.php'); +require 'modules/com_vtiger_workflow/VTEntityMethodManager.inc'; +global $current_user,$adb; +set_time_limit(0); +ini_set('memory_limit','1024M'); + +$current_user = new Users(); +$current_user->retrieveCurrentUserInfoFromFile(1); // admin +if(isset($_SESSION['authenticated_user_language']) && $_SESSION['authenticated_user_language'] != '') { + $current_language = $_SESSION['authenticated_user_language']; +} else { + if(!empty($current_user->language)) { + $current_language = $current_user->language; + } else { + $current_language = $default_language; + } +} +$app_strings = return_application_language($current_language); + +$query_count=0; +$success_query_count=0; +$failure_query_count=0; +$success_query_array=array(); +$failure_query_array=array(); + +function ExecuteQuery($query) { + global $adb,$log; + global $query_count, $success_query_count, $failure_query_count, $success_query_array, $failure_query_array; + + $status = $adb->query($query); + $query_count++; + if(is_object($status)) { + echo ' + + '.get_class($status).' + S + '.$query.' + '; + $success_query_array[$success_query_count++] = $query; + $log->debug("Query Success ==> $query"); + } else { + echo ' + + '.$status.' + F + '.$query.' + '; + $failure_query_array[$failure_query_count++] = $query; + $log->debug("Query Failed ==> $query \n Error is ==> [".$adb->database->ErrorNo()."]".$adb->database->ErrorMsg()); + } +} +function putMsg($msg) { + echo ''.$msg.''; +} + +echo ""; + +ExecuteQuery("update vtiger_field set block=67 where tabid=23 and columnname='s_h_amount'"); +ExecuteQuery("ALTER TABLE vtiger_loginhistory CHANGE user_name user_name VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL"); + +$delimg = array('include/images/AppStore.png', + 'include/images/AppStoreQRCode.png', + 'include/images/ExchangeConnector.png', + 'include/images/GooglePlay.png', + 'include/images/GooglePlayQRCode.png', + 'include/images/OutlookPlugin.png', + 'include/images/vtigercrm_icon.ico', + 'themes/alphagrey/images/vtiger-crm.gif', + 'themes/bluelagoon/images/vtiger-crm.gif', + 'themes/images/aboutUS.jpg', + 'themes/images/bullets.gif', + 'themes/images/honestCRM.gif', + 'themes/images/honestCRMTop.gif', + 'themes/images/loginTopHeaderBg.gif', + 'themes/images/loginTopHeaderName.gif', + 'themes/images/loginTopVersion.gif', + 'themes/images/vtiger-paw.jpg', + 'themes/images/vtiger.jpg', + 'themes/images/vtigerName.gif', + 'themes/images/vtigercrm_icon.ico', + 'themes/images/vtigerlogo.jpg', + 'themes/softed/images/vtiger-crm.gif', + 'themes/woodspice/images/vtiger-crm.gif', + 'test/logo/vtiger-crm-logo.gif', +); +foreach ($delimg as $dimg) { + @unlink($dimg); + putmsg("image $dimg deleted"); +} + +?> +
    +

    +Failed Queries Log +
    + '.$failed_query.''; + ?> +
    +

    + + + + + + + + + + + + + +
    + Total Number of queries executed : + + +
    + Queries Successed : + + + + +
    + Queries Failed : + + + + +
    + + diff --git a/vtigercron.php b/vtigercron.php index f8505de..afe2d16 100644 --- a/vtigercron.php +++ b/vtigercron.php @@ -20,7 +20,7 @@ if(PHP_SAPI === "cli" || (isset($_SESSION["authenticated_user_id"]) && isset($_S $cronTasks = false; if (isset($_REQUEST['service'])) { // Run specific service - $cronTasks = array(Vtiger_Cron::getInstance($_REQUEST['service'])); + $cronTasks = array(Vtiger_Cron::getInstance(vtlib_purify($_REQUEST['service']))); } else { // Run all service @@ -46,7 +46,7 @@ foreach ($cronTasks as $cronTask) { // Mark the status - running $cronTask->markRunning(); - checkFileAccess($cronTask->getHandlerFile()); + checkFileAccess($cronTask->getHandlerFile()); require_once $cronTask->getHandlerFile(); // Mark the status - finished diff --git a/vtigerversion.php b/vtigerversion.php index b520150..9aec5d2 100644 --- a/vtigerversion.php +++ b/vtigerversion.php @@ -11,5 +11,7 @@ $patch_version = ''; $modified_database = ''; $vtiger_current_version = '5.4.0'; $_SESSION['vtiger_version'] = $vtiger_current_version; - +$coreBOS_app_version = '1.0'; +$coreBOS_app_name ='coreBOS'; +$coreBOS_app_url = 'http://corebos.org'; ?> \ No newline at end of file diff --git a/vtlib/ModuleDir/5.4.0/ModuleFile.php b/vtlib/ModuleDir/5.4.0/ModuleFile.php index a608b41..1c97b04 100755 --- a/vtlib/ModuleDir/5.4.0/ModuleFile.php +++ b/vtlib/ModuleDir/5.4.0/ModuleFile.php @@ -267,6 +267,7 @@ class ModuleClass extends CRMEntity { " WHERE uitype='10' AND vtiger_fieldmodulerel.module=?", array($thismodule)); $linkedFieldsCount = $this->db->num_rows($linkedModulesQuery); + $rel_mods[$this->table_name] = 1; for($i=0; $i<$linkedFieldsCount; $i++) { $related_module = $this->db->query_result($linkedModulesQuery, $i, 'relmodule'); $fieldname = $this->db->query_result($linkedModulesQuery, $i, 'fieldname'); @@ -275,7 +276,17 @@ class ModuleClass extends CRMEntity { $other = CRMEntity::getInstance($related_module); vtlib_setup_modulevars($related_module, $other); - $query .= " LEFT JOIN $other->table_name ON $other->table_name.$other->table_index = $this->table_name.$columnname"; + if($rel_mods[$other->table_name]) { + $rel_mods[$other->table_name] = $rel_mods[$other->table_name] + 1; + $alias = $other->table_name.$rel_mods[$other->table_name]; + $query_append = "as $alias"; + } else { + $alias = $other->table_name; + $query_append = ''; + $rel_mods[$other->table_name] = 1; + } + + $query .= " LEFT JOIN $other->table_name $query_append ON $alias.$other->table_index = $this->table_name.$columnname"; } $query .= $this->getNonAdminAccessControlQuery($thismodule,$current_user); diff --git a/vtlib/Vtiger/Access.php b/vtlib/Vtiger/Access.php index 3d7efd8..c895d4c 100644 --- a/vtlib/Vtiger/Access.php +++ b/vtlib/Vtiger/Access.php @@ -69,8 +69,8 @@ class Vtiger_Access { static function initSharing($moduleInstance) { global $adb; - $result = $adb->query("SELECT share_action_id from vtiger_org_share_action_mapping WHERE share_action_name in - ('Public: Read Only', 'Public: Read, Create/Edit', 'Public: Read, Create/Edit, Delete', 'Private')"); + $query = "SELECT share_action_id FROM vtiger_org_share_action_mapping WHERE share_action_name IN (?,?,?,?)"; + $result = $adb->pquery($query, array('Public: Read Only', 'Public: Read, Create/Edit', 'Public: Read, Create/Edit, Delete', 'Private')); for($index = 0; $index < $adb->num_rows($result); ++$index) { $actionid = $adb->query_result($result, $index, 'share_action_id'); diff --git a/vtlib/Vtiger/Field.php b/vtlib/Vtiger/Field.php index 930e71e..850c8fe 100644 --- a/vtlib/Vtiger/Field.php +++ b/vtlib/Vtiger/Field.php @@ -85,8 +85,8 @@ class Vtiger_Field extends Vtiger_FieldBasic { ++$sortid; // Associate picklist values to all the role - $adb->query("INSERT INTO vtiger_role2picklist(roleid, picklistvalueid, picklistid, sortid) SELECT roleid, - $new_picklistvalueid, $new_picklistid, $sortid FROM vtiger_role"); + $adb->pquery("INSERT INTO vtiger_role2picklist(roleid, picklistvalueid, picklistid, sortid) SELECT roleid, + $new_picklistvalueid, $new_picklistid, $sortid FROM vtiger_role", array()); } } diff --git a/vtlib/Vtiger/Filter.php b/vtlib/Vtiger/Filter.php index dd327ec..897b3bd 100644 --- a/vtlib/Vtiger/Filter.php +++ b/vtlib/Vtiger/Filter.php @@ -281,9 +281,9 @@ class Vtiger_Filter { $cvids[] = $adb->query_result($cvidres, $index, 'cvid'); } if(!empty($cvids)) { - $adb->query("DELETE FROM vtiger_cvadvfilter WHERE cvid IN (" . implode(',', $cvids) . ")"); - $adb->query("DELETE FROM vtiger_cvcolumnlist WHERE cvid IN (" . implode(',', $cvids) . ")"); - $adb->query("DELETE FROM vtiger_customview WHERE cvid IN (" . implode(',', $cvids) . ")"); + $adb->pquery("DELETE FROM vtiger_cvadvfilter WHERE cvid IN (" . implode(',', $cvids) . ")", array()); + $adb->pquery("DELETE FROM vtiger_cvcolumnlist WHERE cvid IN (" . implode(',', $cvids) . ")", array()); + $adb->pquery("DELETE FROM vtiger_customview WHERE cvid IN (" . implode(',', $cvids) . ")", array()); } } } diff --git a/vtlib/Vtiger/LanguageExport.php b/vtlib/Vtiger/LanguageExport.php index 60237d9..befdd1f 100644 --- a/vtlib/Vtiger/LanguageExport.php +++ b/vtlib/Vtiger/LanguageExport.php @@ -110,8 +110,8 @@ class Vtiger_LanguageExport extends Vtiger_Package { $languageinfo = Array(); if($hastable) { - if($includeInActive) $result = $adb->query('SELECT * FROM '.self::TABLENAME); - else $result = $adb->query('SELECT * FROM '.self::TABLENAME . ' WHERE active=1'); + if($includeInActive) $result = $adb->pquery('SELECT * FROM '.self::TABLENAME, array()); + else $result = $adb->pquery('SELECT * FROM '.self::TABLENAME . ' WHERE active=?', array(1)); for($index = 0; $index < $adb->num_rows($result); ++$index) { $resultrow = $adb->fetch_array($result); diff --git a/vtlib/Vtiger/Link.php b/vtlib/Vtiger/Link.php index 1b0f07f..1affbab 100644 --- a/vtlib/Vtiger/Link.php +++ b/vtlib/Vtiger/Link.php @@ -222,6 +222,7 @@ class Vtiger_Link { $instance = new self(); $instance->initialize($row); if(!empty($row['handler_path']) && isFileAccessible($row['handler_path'])) { + checkFileAccessForInclusion($row['handler_path']); require_once $row['handler_path']; $linkData = new Vtiger_LinkData($instance, $current_user); $ignore = call_user_func(array($row['handler_class'], $row['handler']), $linkData); diff --git a/vtlib/Vtiger/Mailer.php b/vtlib/Vtiger/Mailer.php index 04de965..842ac3d 100644 --- a/vtlib/Vtiger/Mailer.php +++ b/vtlib/Vtiger/Mailer.php @@ -57,7 +57,7 @@ class Vtiger_Mailer extends PHPMailer { $this->ConfigSenderInfo($adb->query_result($result, 0, 'from_email_field')); $this->_serverConfigured = true; - $this->Sender= getReturnPath($this->Host); + $this->Sender= getReturnPath($this->Host, $this->From); } } @@ -214,7 +214,7 @@ class Vtiger_Mailer extends PHPMailer { if(!Vtiger_Utils::CheckTable('vtiger_mailer_queue')) return; $mailer = new self(); - $queue = $adb->query('SELECT * FROM vtiger_mailer_queue WHERE failed != 1'); + $queue = $adb->pquery('SELECT * FROM vtiger_mailer_queue WHERE failed != ?', array(1)); if($adb->num_rows($queue)) { for($index = 0; $index < $adb->num_rows($queue); ++$index) { $mailer->reinitialize(); diff --git a/vtlib/Vtiger/Module.php b/vtlib/Vtiger/Module.php index 5627d03..d46aedf 100644 --- a/vtlib/Vtiger/Module.php +++ b/vtlib/Vtiger/Module.php @@ -177,6 +177,7 @@ class Vtiger_Module extends Vtiger_ModuleBasic { $instance = false; $filepath = "modules/$modulename/$modulename.php"; if(Vtiger_Utils::checkFileAccessForInclusion($filepath, false)) { + checkFileAccessForInclusion($filepath); include_once($filepath); if(class_exists($modulename)) { $instance = new $modulename(); diff --git a/vtlib/Vtiger/ModuleBasic.php b/vtlib/Vtiger/ModuleBasic.php index d30b97b..b91674c 100644 --- a/vtlib/Vtiger/ModuleBasic.php +++ b/vtlib/Vtiger/ModuleBasic.php @@ -103,7 +103,7 @@ class Vtiger_ModuleBasic { */ function __getUniqueId() { global $adb; - $result = $adb->query("SELECT MAX(tabid) AS max_seq FROM vtiger_tab"); + $result = $adb->pquery("SELECT MAX(tabid) AS max_seq FROM vtiger_tab", array()); $maxseq = $adb->query_result($result, 0, 'max_seq'); return ++$maxseq; } @@ -114,7 +114,7 @@ class Vtiger_ModuleBasic { */ function __getNextSequence() { global $adb; - $result = $adb->query("SELECT MAX(tabsequence) AS max_tabseq FROM vtiger_tab"); + $result = $adb->pquery("SELECT MAX(tabsequence) AS max_tabseq FROM vtiger_tab", array()); $maxtabseq = $adb->query_result($result, 0, 'max_tabseq'); return ++$maxtabseq; } diff --git a/vtlib/Vtiger/PackageExport.php b/vtlib/Vtiger/PackageExport.php index dfed5ce..e1074f6 100644 --- a/vtlib/Vtiger/PackageExport.php +++ b/vtlib/Vtiger/PackageExport.php @@ -149,7 +149,7 @@ class Vtiger_PackageExport { global $vtiger_current_version, $adb; $moduleid = $moduleInstance->id; - $sqlresult = $adb->query("SELECT * FROM vtiger_tab_info WHERE tabid = $moduleid"); + $sqlresult = $adb->pquery("SELECT * FROM vtiger_tab_info WHERE tabid = ?", array($moduleid)); $vtigerMinVersion = $vtiger_current_version; $vtigerMaxVersion = false; $noOfPreferences = $adb->num_rows($sqlresult); @@ -180,12 +180,12 @@ class Vtiger_PackageExport { $moduleid = $moduleInstance->id; - $sqlresult = $adb->query("SELECT * FROM vtiger_parenttabrel WHERE tabid = $moduleid"); + $sqlresult = $adb->pquery("SELECT * FROM vtiger_parenttabrel WHERE tabid = ?", array($moduleid)); $parenttabid = $adb->query_result($sqlresult, 0, 'parenttabid'); $menu = Vtiger_Menu::getInstance($parenttabid); $parent_name = $menu->label; - $sqlresult = $adb->query("SELECT * FROM vtiger_tab WHERE tabid = $moduleid"); + $sqlresult = $adb->pquery("SELECT * FROM vtiger_tab WHERE tabid = ?", array($moduleid)); $tabresultrow = $adb->fetch_array($sqlresult); $tabname = $tabresultrow['name']; @@ -422,7 +422,7 @@ class Vtiger_PackageExport { $cvid = $adb->query_result($customviewres, $cvindex, 'cvid'); - $cvcolumnres = $adb->query("SELECT * FROM vtiger_cvcolumnlist WHERE cvid=$cvid"); + $cvcolumnres = $adb->pquery("SELECT * FROM vtiger_cvcolumnlist WHERE cvid=?", array($cvid)); $cvcolumncount=$adb->num_rows($cvcolumnres); $this->openNode('customview'); diff --git a/vtlib/Vtiger/Profile.php b/vtlib/Vtiger/Profile.php index 614a4d1..9d468c7 100644 --- a/vtlib/Vtiger/Profile.php +++ b/vtlib/Vtiger/Profile.php @@ -63,7 +63,7 @@ class Vtiger_Profile { static function getAllIds() { global $adb; $profileids = Array(); - $result = $adb->query('SELECT profileid FROM vtiger_profile'); + $result = $adb->pquery('SELECT profileid FROM vtiger_profile', array()); for($index = 0; $index < $adb->num_rows($result); ++$index) { $profileids[] = $adb->query_result($result, $index, 'profileid'); } @@ -79,8 +79,8 @@ class Vtiger_Profile { global $adb; $actionids = Array(); - $result = $adb->query("SELECT actionid from vtiger_actionmapping WHERE actionname IN - ('Save','EditView','Delete','index','DetailView')"); + $result = $adb->pquery("SELECT actionid from vtiger_actionmapping WHERE actionname IN + (?,?,?,?,?)", array('Save','EditView','Delete','index','DetailView')); /* * NOTE: Other actionname (actionid >= 5) is considered as utility (tools) for a profile. * Gather all the actionid for associating to profile. diff --git a/vtlib/Vtiger/Utils.php b/vtlib/Vtiger/Utils.php index 6583023..a96e46b 100644 --- a/vtlib/Vtiger/Utils.php +++ b/vtlib/Vtiger/Utils.php @@ -149,7 +149,7 @@ class Vtiger_Utils { $adb->dieOnError = false; $tablename = Vtiger_Utils::SQLEscape($tablename); - $tablecheck = $adb->query("SELECT 1 FROM $tablename LIMIT 1"); + $tablecheck = $adb->pquery("SELECT 1 FROM $tablename LIMIT 1", array()); $tablePresent = true; if(empty($tablecheck)) @@ -183,7 +183,7 @@ class Vtiger_Utils { } $sql .= $suffixTableMeta; } - $adb->query($sql); + $adb->pquery($sql, array()); $adb->dieOnError = $org_dieOnError; } @@ -195,7 +195,7 @@ class Vtiger_Utils { */ static function AlterTable($tablename, $criteria) { global $adb; - $adb->query("ALTER TABLE " . $tablename . $criteria); + $adb->pquery("ALTER TABLE " . $tablename . $criteria, array()); } /** @@ -221,7 +221,7 @@ class Vtiger_Utils { if($supressdie) $adb->dieOnError = false; - $adb->query($sqlquery); + $adb->pquery($sqlquery, array()); $adb->dieOnError = $old_dieOnError; } @@ -233,7 +233,7 @@ class Vtiger_Utils { static function CreateTableSql($tablename) { global $adb; - $create_table = $adb->query("SHOW CREATE TABLE $tablename"); + $create_table = $adb->pquery("SHOW CREATE TABLE $tablename", array()); $sql = decode_html($adb->query_result($create_table, 0, 1)); return $sql; } diff --git a/webservice.php b/webservice.php index 8348717..516b3bf 100644 --- a/webservice.php +++ b/webservice.php @@ -16,6 +16,7 @@ require_once("include/Webservices/SessionManager.php"); require_once("include/Zend/Json.php"); require_once('include/logging.php'); + checkFileAccessForInclusion("include/language/$default_language.lang.php"); require_once "include/language/$default_language.lang.php"; $API_VERSION = "0.22"; @@ -115,6 +116,7 @@ $includes = $operationManager->getOperationIncludes(); foreach($includes as $ind=>$path){ + checkFileAccessForInclusion($path); require_once($path); } $rawOutput = $operationManager->runOperation($operationInput,$current_user); diff --git a/Smarty/templates/CustomView.tpl b/Smarty/templates/CustomView.tpl index 1681f99..7f18783 100644 --- a/Smarty/templates/CustomView.tpl +++ b/Smarty/templates/CustomView.tpl @@ -576,6 +576,7 @@ function mandatoryCheck()
    +
    diff --git a/modules/CustomView/Save.php b/modules/CustomView/Save.php index 4ee0d82..305d1ba 100644 --- a/modules/CustomView/Save.php +++ b/modules/CustomView/Save.php @@ -13,6 +13,8 @@ global $adb; global $log, $current_user; $cvid = (int) vtlib_purify($_REQUEST["record"]); +$buttonname = vtlib_purify($_REQUEST["newsave"]); +if ($buttonname) unset($cvid); $cvmodule = vtlib_purify($_REQUEST["cvmodule"]); $parenttab = getParentTab(); $return_action = vtlib_purify($_REQUEST["return_action"]);