Skip to content

Commit

Permalink
SuiteCRM 7.12.2 Release
Browse files Browse the repository at this point in the history
  • Loading branch information
clemente-raposo committed Dec 17, 2021
1 parent 5ad60b0 commit 0201c36
Show file tree
Hide file tree
Showing 7 changed files with 128 additions and 66 deletions.
83 changes: 58 additions & 25 deletions ModuleInstall/ModuleScanner.php
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,7 @@ class ModuleScanner
'call_user_func',
'call_user_func_array',
'create_function',
'phpinfo',


//mutliple files per function call
Expand Down Expand Up @@ -575,6 +576,7 @@ public function isPHPFile($contents)
// found <?, it's PHP
return true;
}

return false;
}

Expand All @@ -588,13 +590,14 @@ public function scanFile($file)
{
$issues = array();
if (!$this->isValidExtension($file)) {
$issues[] = translate('ML_INVALID_EXT');
$issues[] = translate('ML_INVALID_EXT', 'Administration');
$this->issues['file'][$file] = $issues;
return $issues;
}
if ($this->isConfigFile($file)) {
$issues[] = translate('ML_OVERRIDE_CORE_FILES');
$issues[] = translate('ML_OVERRIDE_CORE_FILES', 'Administration');
$this->issues['file'][$file] = $issues;

return $issues;
}
$contents = file_get_contents($file);
Expand All @@ -609,7 +612,7 @@ public function scanFile($file)
if (is_string($token[0])) {
switch ($token[0]) {
case '`':
$issues['backtick'] = translate('ML_INVALID_FUNCTION') . " '`'";
$issues['backtick'] = translate('ML_INVALID_FUNCTION', 'Administration') . " '`'";
// no break
case '(':
if ($checkFunction) {
Expand All @@ -625,9 +628,15 @@ public function scanFile($file)
case T_WHITESPACE: break;
case T_EVAL:
if (in_array('eval', $this->blackList) && !in_array('eval', $this->blackListExempt)) {
$issues[]= translate('ML_INVALID_FUNCTION') . ' eval()';
$issues[]= translate('ML_INVALID_FUNCTION', 'Administration') . ' eval()';
}
break;
case T_ECHO:
$issues[]= translate('ML_INVALID_FUNCTION', 'Administration') . ' echo';
break;
case T_EXIT:
$issues[]= translate('ML_INVALID_FUNCTION', 'Administration') . ' exit / die';
break;
case T_STRING:
$token[1] = strtolower($token[1]);
if ($lastToken !== false && $lastToken[0] == T_NEW) {
Expand All @@ -651,21 +660,20 @@ public function scanFile($file)
// check static blacklist for methods
if (!empty($this->methodsBlackList[$token[1]])) {
if ($this->methodsBlackList[$token[1]] == '*') {
$issues[]= translate('ML_INVALID_METHOD') . ' ' .$token[1]. '()';
$issues[]= translate('ML_INVALID_METHOD', 'Administration') . ' ' .$token[1]. '()';
break;
} else {
if ($lastToken[0] == T_DOUBLE_COLON && $index > 2 && $tokens[$index-2][0] == T_STRING) {
$classname = strtolower($tokens[$index-2][1]);
if (in_array($classname, $this->methodsBlackList[$token[1]])) {
$issues[]= translate('ML_INVALID_METHOD') . ' ' .$classname . '::' . $token[1]. '()';
break;
}
}
if ($lastToken[0] == T_DOUBLE_COLON && $index > 2 && $tokens[$index-2][0] == T_STRING) {
$classname = strtolower($tokens[$index-2][1]);
if (in_array($classname, $this->methodsBlackList[$token[1]])) {
$issues[]= translate('ML_INVALID_METHOD', 'Administration') . ' ' .$classname . '::' . $token[1]. '()';
break;
}
}
}
//this is a method call, check the black list
if (in_array($token[1], $this->methodsBlackList)) {
$issues[]= translate('ML_INVALID_METHOD') . ' ' .$token[1]. '()';
$issues[]= translate('ML_INVALID_METHOD', 'Administration') . ' ' .$token[1]. '()';
}
break;
}
Expand All @@ -681,7 +689,7 @@ public function scanFile($file)
// no break
case T_VARIABLE:
$checkFunction = true;
$possibleIssue = translate('ML_INVALID_FUNCTION') . ' ' . $token[1] . '()';
$possibleIssue = translate('ML_INVALID_FUNCTION', 'Administration') . ' ' . $token[1] . '()';
break;

default:
Expand Down Expand Up @@ -866,18 +874,13 @@ public function scanPackage($path)
/**
*This function will take all issues of the current instance and print them to the screen
**/
public function displayIssues($package='Package')
public function displayIssues($package = 'Package')
{
echo '<h2>'.str_replace('{PACKAGE}', $package, translate('ML_PACKAGE_SCANNING')). '</h2><BR><h2 class="error">' . translate('ML_INSTALLATION_FAILED') . '</h2><br><p>' .str_replace('{PACKAGE}', $package, translate('ML_PACKAGE_NOT_CONFIRM')). '</p><ul><li>'. translate('ML_OBTAIN_NEW_PACKAGE') . '<li>' . translate('ML_RELAX_LOCAL').
'</ul></p><br>' . translate('ML_SUGAR_LOADING_POLICY') . ' <a href=" http://kb.sugarcrm.com/custom/module-loader-restrictions-for-sugar-open-cloud/">' . translate('ML_SUITE_KB') . '</a>.'.
'<br>' . translate('ML_AVAIL_RESTRICTION'). ' <a href=" http://developers.sugarcrm.com/wordpress/2009/08/14/module-loader-restrictions/">' . translate('ML_SUITE_DZ') . '</a>.<br><br>';


foreach ($this->issues as $type=>$issues) {
echo '<div class="error"><h2>'. ucfirst($type) .' ' . translate('ML_ISSUES') . '</h2> </div>';
foreach ($this->issues as $type => $issues) {
echo '<h2 class="error">' . ucfirst($type) . ' ' . translate('ML_ISSUES', 'Administration') . '</h2>';
echo '<div id="details' . $type . '" >';
foreach ($issues as $file=>$issue) {
$file = str_replace($this->pathToModule . '/', '', $file);
foreach ($issues as $file => $issue) {
$file = preg_replace('/.*\//', '', $file);
echo '<div style="position:relative;left:10px"><b>' . $file . '</b></div><div style="position:relative;left:20px">';
if (is_array($issue)) {
foreach ($issue as $i) {
Expand All @@ -893,6 +896,36 @@ public function displayIssues($package='Package')
echo "<br><input class='button' onclick='document.location.href=\"index.php?module=Administration&action=UpgradeWizard&view=module\"' type='button' value=\"" . translate('LBL_UW_BTN_BACK_TO_MOD_LOADER') . "\" />";
}

/**
*This function will take all issues of the current instance and add them to a string
**/
public function getIssuesLog($package = 'Package')
{
$message = '';

foreach ($this->issues as $type => $issues) {
$message .= '<h2 class="error">' . ucfirst($type) . ' ' . translate('ML_ISSUES',
'Administration') . '</h2>';
$message .= '<div id="details' . $type . '" >';
foreach ($issues as $file => $issue) {
$file = preg_replace('/.*\//', '', $file);
$message .= '<div style="position:relative;left:10px"><b>' . $file . '</b></div><div style="position:relative;left:20px">';
if (is_array($issue)) {
foreach ($issue as $i) {
$message .= "$i<br>";
}
} else {
$message .= "$issue<br>";
}
$message .= "</div>";
}
$message .= '</div>';
}

return $message;
}


/**
* Lock config settings
*/
Expand All @@ -912,7 +945,7 @@ public function checkConfig($file)
{
$config_hash_after = md5(serialize($GLOBALS['sugar_config']));
if ($config_hash_after != $this->config_hash) {
$this->issues['file'][$file] = array(translate('ML_CONFIG_OVERRIDE'));
$this->issues['file'][$file] = array(translate('ML_CONFIG_OVERRIDE', 'Administration'));
return $this->issues;
}
return false;
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<img width="180px" height="41px" src="https://suitecrm.com/wp-content/uploads/2017/12/logo.png" align="right" />
</a>

# SuiteCRM 7.12.1
# SuiteCRM 7.12.2

[![Build Status](https://travis-ci.org/salesagility/SuiteCRM.svg?branch=hotfix)](https://travis-ci.org/salesagility/SuiteCRM)
[![codecov](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix/graph/badge.svg)](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix)
Expand Down
15 changes: 11 additions & 4 deletions download.php
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@
$mime_type = 'application/octet-stream';
break;
}

if ($doQuery && isset($query)) {
$rs = DBManagerFactory::getInstance()->query($query);
$row = DBManagerFactory::getInstance()->fetchByAssoc($rs);
Expand Down Expand Up @@ -261,7 +261,14 @@
}
} else {
header('Content-type: ' . $mime_type);
if (isset($_REQUEST['preview']) && $_REQUEST['preview'] === 'yes' && $mime_type !== 'text/html') {

$showPreview = false;

if (in_array($row['file_ext'], $sugar_config['allowed_preview'], true)) {
$showPreview = isset($_REQUEST['preview']) && $_REQUEST['preview'] === 'yes' && $mime_type !== 'text/html';
}

if ($showPreview === true) {
header('Content-Disposition: inline; filename="' . $name . '";');
} else {
header('Content-Disposition: attachment; filename="' . $name . '";');
Expand All @@ -281,8 +288,8 @@

ob_start();
echo clean_file_output(file_get_contents($download_location), $mime_type);

$output = ob_get_contents();
ob_end_clean();

echo $output;
Loading

0 comments on commit 0201c36

Please sign in to comment.