Skip to content

Commit 0201c36

Browse files
clemente-raposoclemente-raposo
committed
SuiteCRM 7.12.2 Release
1 parent 5ad60b0 commit 0201c36

File tree

7 files changed

+128
-66
lines changed

7 files changed

+128
-66
lines changed

ModuleInstall/ModuleScanner.php

+58-25
Original file line numberDiff line numberDiff line change
@@ -212,6 +212,7 @@ class ModuleScanner
212212
'call_user_func',
213213
'call_user_func_array',
214214
'create_function',
215+
'phpinfo',
215216

216217

217218
//mutliple files per function call
@@ -575,6 +576,7 @@ public function isPHPFile($contents)
575576
// found <?, it's PHP
576577
return true;
577578
}
579+
578580
return false;
579581
}
580582

@@ -588,13 +590,14 @@ public function scanFile($file)
588590
{
589591
$issues = array();
590592
if (!$this->isValidExtension($file)) {
591-
$issues[] = translate('ML_INVALID_EXT');
593+
$issues[] = translate('ML_INVALID_EXT', 'Administration');
592594
$this->issues['file'][$file] = $issues;
593595
return $issues;
594596
}
595597
if ($this->isConfigFile($file)) {
596-
$issues[] = translate('ML_OVERRIDE_CORE_FILES');
598+
$issues[] = translate('ML_OVERRIDE_CORE_FILES', 'Administration');
597599
$this->issues['file'][$file] = $issues;
600+
598601
return $issues;
599602
}
600603
$contents = file_get_contents($file);
@@ -609,7 +612,7 @@ public function scanFile($file)
609612
if (is_string($token[0])) {
610613
switch ($token[0]) {
611614
case '`':
612-
$issues['backtick'] = translate('ML_INVALID_FUNCTION') . " '`'";
615+
$issues['backtick'] = translate('ML_INVALID_FUNCTION', 'Administration') . " '`'";
613616
// no break
614617
case '(':
615618
if ($checkFunction) {
@@ -625,9 +628,15 @@ public function scanFile($file)
625628
case T_WHITESPACE: break;
626629
case T_EVAL:
627630
if (in_array('eval', $this->blackList) && !in_array('eval', $this->blackListExempt)) {
628-
$issues[]= translate('ML_INVALID_FUNCTION') . ' eval()';
631+
$issues[]= translate('ML_INVALID_FUNCTION', 'Administration') . ' eval()';
629632
}
630633
break;
634+
case T_ECHO:
635+
$issues[]= translate('ML_INVALID_FUNCTION', 'Administration') . ' echo';
636+
break;
637+
case T_EXIT:
638+
$issues[]= translate('ML_INVALID_FUNCTION', 'Administration') . ' exit / die';
639+
break;
631640
case T_STRING:
632641
$token[1] = strtolower($token[1]);
633642
if ($lastToken !== false && $lastToken[0] == T_NEW) {
@@ -651,21 +660,20 @@ public function scanFile($file)
651660
// check static blacklist for methods
652661
if (!empty($this->methodsBlackList[$token[1]])) {
653662
if ($this->methodsBlackList[$token[1]] == '*') {
654-
$issues[]= translate('ML_INVALID_METHOD') . ' ' .$token[1]. '()';
663+
$issues[]= translate('ML_INVALID_METHOD', 'Administration') . ' ' .$token[1]. '()';
655664
break;
656-
} else {
657-
if ($lastToken[0] == T_DOUBLE_COLON && $index > 2 && $tokens[$index-2][0] == T_STRING) {
658-
$classname = strtolower($tokens[$index-2][1]);
659-
if (in_array($classname, $this->methodsBlackList[$token[1]])) {
660-
$issues[]= translate('ML_INVALID_METHOD') . ' ' .$classname . '::' . $token[1]. '()';
661-
break;
662-
}
665+
}
666+
if ($lastToken[0] == T_DOUBLE_COLON && $index > 2 && $tokens[$index-2][0] == T_STRING) {
667+
$classname = strtolower($tokens[$index-2][1]);
668+
if (in_array($classname, $this->methodsBlackList[$token[1]])) {
669+
$issues[]= translate('ML_INVALID_METHOD', 'Administration') . ' ' .$classname . '::' . $token[1]. '()';
670+
break;
663671
}
664672
}
665673
}
666674
//this is a method call, check the black list
667675
if (in_array($token[1], $this->methodsBlackList)) {
668-
$issues[]= translate('ML_INVALID_METHOD') . ' ' .$token[1]. '()';
676+
$issues[]= translate('ML_INVALID_METHOD', 'Administration') . ' ' .$token[1]. '()';
669677
}
670678
break;
671679
}
@@ -681,7 +689,7 @@ public function scanFile($file)
681689
// no break
682690
case T_VARIABLE:
683691
$checkFunction = true;
684-
$possibleIssue = translate('ML_INVALID_FUNCTION') . ' ' . $token[1] . '()';
692+
$possibleIssue = translate('ML_INVALID_FUNCTION', 'Administration') . ' ' . $token[1] . '()';
685693
break;
686694

687695
default:
@@ -866,18 +874,13 @@ public function scanPackage($path)
866874
/**
867875
*This function will take all issues of the current instance and print them to the screen
868876
**/
869-
public function displayIssues($package='Package')
877+
public function displayIssues($package = 'Package')
870878
{
871-
echo '<h2>'.str_replace('{PACKAGE}', $package, translate('ML_PACKAGE_SCANNING')). '</h2><BR><h2 class="error">' . translate('ML_INSTALLATION_FAILED') . '</h2><br><p>' .str_replace('{PACKAGE}', $package, translate('ML_PACKAGE_NOT_CONFIRM')). '</p><ul><li>'. translate('ML_OBTAIN_NEW_PACKAGE') . '<li>' . translate('ML_RELAX_LOCAL').
872-
'</ul></p><br>' . translate('ML_SUGAR_LOADING_POLICY') . ' <a href=" http://kb.sugarcrm.com/custom/module-loader-restrictions-for-sugar-open-cloud/">' . translate('ML_SUITE_KB') . '</a>.'.
873-
'<br>' . translate('ML_AVAIL_RESTRICTION'). ' <a href=" http://developers.sugarcrm.com/wordpress/2009/08/14/module-loader-restrictions/">' . translate('ML_SUITE_DZ') . '</a>.<br><br>';
874-
875-
876-
foreach ($this->issues as $type=>$issues) {
877-
echo '<div class="error"><h2>'. ucfirst($type) .' ' . translate('ML_ISSUES') . '</h2> </div>';
879+
foreach ($this->issues as $type => $issues) {
880+
echo '<h2 class="error">' . ucfirst($type) . ' ' . translate('ML_ISSUES', 'Administration') . '</h2>';
878881
echo '<div id="details' . $type . '" >';
879-
foreach ($issues as $file=>$issue) {
880-
$file = str_replace($this->pathToModule . '/', '', $file);
882+
foreach ($issues as $file => $issue) {
883+
$file = preg_replace('/.*\//', '', $file);
881884
echo '<div style="position:relative;left:10px"><b>' . $file . '</b></div><div style="position:relative;left:20px">';
882885
if (is_array($issue)) {
883886
foreach ($issue as $i) {
@@ -893,6 +896,36 @@ public function displayIssues($package='Package')
893896
echo "<br><input class='button' onclick='document.location.href=\"index.php?module=Administration&action=UpgradeWizard&view=module\"' type='button' value=\"" . translate('LBL_UW_BTN_BACK_TO_MOD_LOADER') . "\" />";
894897
}
895898

899+
/**
900+
*This function will take all issues of the current instance and add them to a string
901+
**/
902+
public function getIssuesLog($package = 'Package')
903+
{
904+
$message = '';
905+
906+
foreach ($this->issues as $type => $issues) {
907+
$message .= '<h2 class="error">' . ucfirst($type) . ' ' . translate('ML_ISSUES',
908+
'Administration') . '</h2>';
909+
$message .= '<div id="details' . $type . '" >';
910+
foreach ($issues as $file => $issue) {
911+
$file = preg_replace('/.*\//', '', $file);
912+
$message .= '<div style="position:relative;left:10px"><b>' . $file . '</b></div><div style="position:relative;left:20px">';
913+
if (is_array($issue)) {
914+
foreach ($issue as $i) {
915+
$message .= "$i<br>";
916+
}
917+
} else {
918+
$message .= "$issue<br>";
919+
}
920+
$message .= "</div>";
921+
}
922+
$message .= '</div>';
923+
}
924+
925+
return $message;
926+
}
927+
928+
896929
/**
897930
* Lock config settings
898931
*/
@@ -912,7 +945,7 @@ public function checkConfig($file)
912945
{
913946
$config_hash_after = md5(serialize($GLOBALS['sugar_config']));
914947
if ($config_hash_after != $this->config_hash) {
915-
$this->issues['file'][$file] = array(translate('ML_CONFIG_OVERRIDE'));
948+
$this->issues['file'][$file] = array(translate('ML_CONFIG_OVERRIDE', 'Administration'));
916949
return $this->issues;
917950
}
918951
return false;

README.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
<img width="180px" height="41px" src="https://suitecrm.com/wp-content/uploads/2017/12/logo.png" align="right" />
33
</a>
44

5-
# SuiteCRM 7.12.1
5+
# SuiteCRM 7.12.2
66

77
[![Build Status](https://travis-ci.org/salesagility/SuiteCRM.svg?branch=hotfix)](https://travis-ci.org/salesagility/SuiteCRM)
88
[![codecov](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix/graph/badge.svg)](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix)

download.php

+11-4
Original file line numberDiff line numberDiff line change
@@ -206,7 +206,7 @@
206206
$mime_type = 'application/octet-stream';
207207
break;
208208
}
209-
209+
210210
if ($doQuery && isset($query)) {
211211
$rs = DBManagerFactory::getInstance()->query($query);
212212
$row = DBManagerFactory::getInstance()->fetchByAssoc($rs);
@@ -261,7 +261,14 @@
261261
}
262262
} else {
263263
header('Content-type: ' . $mime_type);
264-
if (isset($_REQUEST['preview']) && $_REQUEST['preview'] === 'yes' && $mime_type !== 'text/html') {
264+
265+
$showPreview = false;
266+
267+
if (in_array($row['file_ext'], $sugar_config['allowed_preview'], true)) {
268+
$showPreview = isset($_REQUEST['preview']) && $_REQUEST['preview'] === 'yes' && $mime_type !== 'text/html';
269+
}
270+
271+
if ($showPreview === true) {
265272
header('Content-Disposition: inline; filename="' . $name . '";');
266273
} else {
267274
header('Content-Disposition: attachment; filename="' . $name . '";');
@@ -281,8 +288,8 @@
281288

282289
ob_start();
283290
echo clean_file_output(file_get_contents($download_location), $mime_type);
284-
291+
285292
$output = ob_get_contents();
286293
ob_end_clean();
287-
294+
288295
echo $output;

0 commit comments

Comments
 (0)