Skip to content

Commit 1618af1

Browse files
mattlorimermattlorimer
committed
7.11.16
1 parent 09bcca2 commit 1618af1

21 files changed

Lines changed: 922 additions & 2264 deletions

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
<img width="180px" height="41px" src="https://suitecrm.com/wp-content/uploads/2017/12/logo.png" align="right" />
33
</a>
44

5-
# SuiteCRM 7.11.15
5+
# SuiteCRM 7.11.16
66

77
[![Build Status](https://travis-ci.org/salesagility/SuiteCRM.svg?branch=hotfix)](https://travis-ci.org/salesagility/SuiteCRM)
88
[![codecov](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix/graph/badge.svg)](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix)

composer.lock

Lines changed: 672 additions & 374 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

download.php

Lines changed: 21 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@
4646

4747
if ((!isset($_REQUEST['isProfile']) && empty($_REQUEST['id'])) || empty($_REQUEST['type']) || !isset($_SESSION['authenticated_user_id'])) {
4848
die("Not a Valid Entry Point");
49-
} else {
49+
}
5050
require_once("data/BeanFactory.php");
5151
$file_type = ''; // bug 45896
5252
require_once("data/BeanFactory.php");
@@ -146,10 +146,9 @@
146146
set_time_limit(0);
147147
readfile('include/SugarFields/Fields/Image/no_image.png');
148148
die();
149-
} else {
150-
die($app_strings['ERR_INVALID_FILE_REFERENCE']);
151149
}
152-
} else {
150+
die($app_strings['ERR_INVALID_FILE_REFERENCE']);
151+
}
153152
$doQuery = true;
154153

155154
if ($file_type == 'documents' && !isset($image_field)) {
@@ -185,10 +184,17 @@
185184

186185
// Fix for issue 1506 and issue 1304 : IE11 and Microsoft Edge cannot display generic 'application/octet-stream' (which is defined as "arbitrary binary data" in RFC 2046).
187186
$mime_type = mime_content_type($local_location);
188-
if ($mime_type == null || $mime_type == '') {
189-
$mime_type = 'application/octet-stream';
190-
}
191187

188+
switch ($mime_type) {
189+
case 'text/html':
190+
$mime_type = 'text/plain';
191+
break;
192+
case null:
193+
case '':
194+
$mime_type = 'application/octet-stream';
195+
break;
196+
}
197+
192198
if ($doQuery && isset($query)) {
193199
$rs = DBManagerFactory::getInstance()->query($query);
194200
$row = DBManagerFactory::getInstance()->fetchByAssoc($rs);
@@ -243,7 +249,7 @@
243249
}
244250
} else {
245251
header('Content-type: ' . $mime_type);
246-
if (isset($_REQUEST['preview']) && $_REQUEST['preview'] === 'yes') {
252+
if (isset($_REQUEST['preview']) && $_REQUEST['preview'] === 'yes' && $mime_type !== 'text/html') {
247253
header('Content-Disposition: inline; filename="' . $name . '";');
248254
} else {
249255
header('Content-Disposition: attachment; filename="' . $name . '";');
@@ -261,6 +267,10 @@
261267
;
262268
}
263269

264-
readfile($download_location);
265-
}
266-
}
270+
ob_start();
271+
echo clean_file_output(file_get_contents($download_location), $mime_type);
272+
273+
$output = ob_get_contents();
274+
ob_end_clean();
275+
276+
echo $output;

files.md5

Lines changed: 107 additions & 1851 deletions
Large diffs are not rendered by default.

include/SugarFields/Fields/File/DetailView.tpl

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -42,10 +42,20 @@
4242
<span class="sugar_field" id="{{if empty($displayParams.idName)}}{{sugarvar key='name'}}{{else}}{{$displayParams.idName}}{{/if}}">
4343
<a href="index.php?entryPoint=download&id={$fields.{{$vardef.fileId}}.value}&type={{$vardef.linkModule}}" class="tabDetailViewDFLink" target='_blank'>{{sugarvar key='value'}}</a>
4444
&nbsp;
45-
<a href="index.php?preview=yes&entryPoint=download&id={$fields.{{$vardef.fileId}}.value}&type={{$vardef.linkModule}}" class="tabDetailViewDFLink" target='_blank' style="border-bottom: 0px;">
46-
<i class="glyphicon glyphicon-eye-open"></i>
47-
</a>
45+
46+
{if $fields.show_preview.value !== false}
47+
<a href="index.php?preview=yes&
48+
entryPoint=download&
49+
id={$fields.{{$vardef.fileId}}.value}&
50+
type={{$vardef.linkModule}}"
51+
class="tabDetailViewDFLink"
52+
target='_blank'
53+
style="border-bottom: 0px;">
54+
<i class="glyphicon glyphicon-eye-open"></i>
55+
</a>
56+
{/if}
4857
</span>
58+
4959
{{if isset($vardef) && isset($vardef.allowEapm) && $vardef.allowEapm}}
5060
{if isset($fields.{{$vardef.docType}}) && !empty($fields.{{$vardef.docType}}.value) && $fields.{{$vardef.docType}}.value != 'SugarCRM' && !empty($fields.{{$vardef.docUrl}}.value) }
5161
{capture name=imageNameCapture assign=imageName}
@@ -55,5 +65,5 @@
5565
{/if}
5666
{{/if}}
5767
{{if !empty($displayParams.enableConnectors)}}
58-
{{sugarvar_connector view='DetailView'}}
68+
{{sugarvar_connector view='DetailView'}}
5969
{{/if}}

include/SugarFields/Fields/File/ListView.tpl

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -39,17 +39,21 @@
3939
*/
4040
4141
*}
42+
4243
<a href="index.php?entryPoint=download&id={$parentFieldArray.ID}&type={if empty($vardef.displayParams.module)}{$displayParams.module}{else}{$vardef.displayParams.module}{/if}" class="tabDetailViewDFLink" target='_blank'>{sugar_fetch object=$parentFieldArray key=$col}
4344
{if isset($vardef.allowEapm) && $vardef.allowEapm && isset($parentFieldArray.DOC_TYPE) }
4445
{capture name=imageNameCapture assign=imageName}
45-
{sugar_fetch object=$parentFieldArray key=DOC_TYPE}_image_inline.png
46+
{sugar_fetch object=$parentFieldArray key=DOC_TYPE}_image_inline.png
4647
{/capture}
4748
{capture name=imageURLCapture assign=imageURL}
48-
{sugar_getimagepath file=$imageName}
49+
{sugar_getimagepath file=$imageName}
4950
{/capture}
5051
{if strlen($imageURL)>1}{sugar_getimage name=$imageName alt=$imageName other_attributes='border="0" '}{/if}
5152
{/if}
5253
</a>&nbsp;
53-
<a href="index.php?preview=yes&entryPoint=download&id={$parentFieldArray.ID}&type={if empty($vardef.displayParams.module)}{$displayParams.module}{else}{$vardef.displayParams.module}{/if}" class="tabDetailViewDFLink" target='_blank' style="border-bottom: 0px;">
54-
<i class="glyphicon glyphicon-eye-open"></i>
55-
</a>
54+
55+
{if isset($parentFieldArray.SHOW_PREVIEW) && $parentFieldArray.SHOW_PREVIEW !== false }
56+
<a href="index.php?preview=yes&entryPoint=download&id={$parentFieldArray.ID}&type={if empty($vardef.displayParams.module)}{$displayParams.module}{else}{$vardef.displayParams.module}{/if}" class="tabDetailViewDFLink" target='_blank' style="border-bottom: 0px;">
57+
<i class="glyphicon glyphicon-eye-open"></i>
58+
</a>
59+
{/if}

include/SugarObjects/templates/file/File.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ class File extends Basic
5656
public $uploadfile;
5757
public $status;
5858
public $file_mime_type;
59+
public $show_preview = true;
5960

6061

6162
/**
@@ -117,6 +118,10 @@ public function fill_in_additional_detail_fields()
117118
$img_name_bare = strtolower($this->file_ext) . '_image_inline';
118119
}
119120

121+
if (empty($this->filename) || stripos($this->filename, 'svg') || stripos($this->file_mime_type , 'svg')){
122+
$this->show_preview = false;
123+
}
124+
120125
//set default file name.
121126
if (!empty($img_name) && file_exists($img_name)) {
122127
$img_name = $img_name_bare;

include/SugarObjects/templates/file/vardefs.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -140,5 +140,11 @@
140140
'source' => 'non-db',
141141
'Comment' => 'Document status for Meta-Data framework',
142142
),
143+
'show_preview' => array(
144+
'name' => 'show_preview',
145+
'type' => 'bool',
146+
'source' => 'non-db',
147+
'reportable' => false
148+
),
143149
)
144150
);

include/utils.php

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2303,6 +2303,20 @@ function clean_string($str, $filter = 'STANDARD', $dieOnBadData = true)
23032303
return $str;
23042304
}
23052305

2306+
function clean_file_output($string, $mine_type)
2307+
{
2308+
$patterns = [];
2309+
2310+
if ($mine_type === 'image/svg+xml') {
2311+
$patterns[] = "/onload=\"window.location='(.*?)'\"/";
2312+
}
2313+
2314+
$string = preg_replace($patterns, '', $string);
2315+
2316+
return $string;
2317+
}
2318+
2319+
23062320
function clean_special_arguments()
23072321
{
23082322
if (isset($_SERVER['PHP_SELF'])) {
@@ -2499,7 +2513,10 @@ function securexss($value)
24992513

25002514
return $new;
25012515
}
2516+
25022517
static $xss_cleanup = ['&quot;' => '&#38;', '"' => '&quot;', "'" => '&#039;', '<' => '&lt;', '>' => '&gt;', '`' => '&#96;'];
2518+
2519+
$value = preg_replace('/^[=@+-]/', '', $value);
25032520
$value = preg_replace(array('/javascript:/i', '/\0/'), array('java script:', ''), $value);
25042521
$value = preg_replace('/javascript:/i', 'java script:', $value);
25052522

install.php

Lines changed: 39 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
* SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
66
*
77
* SuiteCRM is an extension to SugarCRM Community Edition developed by SalesAgility Ltd.
8-
* Copyright (C) 2011 - 2018 SalesAgility Ltd.
8+
* Copyright (C) 2011 - 2020 SalesAgility Ltd.
99
*
1010
* This program is free software; you can redistribute it and/or modify it under
1111
* the terms of the GNU Affero General Public License version 3 as published by the
@@ -37,9 +37,10 @@
3737
* reasonably feasible for technical reasons, the Appropriate Legal Notices must
3838
* display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM".
3939
*/
40-
if (!defined('sugarEntry')) {
41-
define('sugarEntry', true);
42-
}
40+
41+
if (!defined('sugarEntry')) {
42+
define('sugarEntry', true);
43+
}
4344

4445
require_once 'include/utils.php';
4546
@session_start();
@@ -180,6 +181,39 @@ function getSupportedInstallLanguages()
180181
//get the url for the helper link
181182
$help_url = get_help_button_url();
182183

184+
if (isset($sugar_config['installer_locked']) && $sugar_config['installer_locked'] == true) {
185+
if (!empty($_POST['current_step']) && $_POST['current_step'] === '3' && !empty($_POST['goto']) && $_POST['goto'] === $mod_strings['LBL_NEXT']) {
186+
session_unset();
187+
$the_file = 'complete_install.php';
188+
} else {
189+
$the_file = 'installDisabled.php';
190+
$disabled_title = $mod_strings['LBL_DISABLED_DESCRIPTION'];
191+
$disabled_title_2 = $mod_strings['LBL_DISABLED_TITLE_2'];
192+
$disabled_text = <<<EOQ
193+
<p>{$mod_strings['LBL_DISABLED_DESCRIPTION']}</p>
194+
<pre>
195+
'installer_locked' => false,
196+
</pre>
197+
<p>{$mod_strings['LBL_DISABLED_DESCRIPTION_2']}</p>
198+
199+
<p>{$mod_strings['LBL_DISABLED_HELP_1']} <a href="{$mod_strings['LBL_DISABLED_HELP_LNK']}" target="_blank">{$mod_strings['LBL_DISABLED_HELP_2']}</a>.</p>
200+
EOQ;
201+
202+
}
203+
$the_file = 'install/' . clean_string($the_file, 'FILE');
204+
205+
if (is_file($the_file)) {
206+
installerHook('pre_installFileRequire', ['the_file' => $the_file]);
207+
require($the_file);
208+
die();
209+
}
210+
LoggerManager::getLogger()->fatal('Install file not found: ' . $the_file);
211+
die('SuiteCRM Installation has been Disabled');
212+
}
213+
214+
215+
216+
183217
//if this license print, then redirect and exit,
184218
if (isset($_REQUEST['page']) && $_REQUEST['page'] == 'licensePrint') {
185219
include('install/licensePrint.php');
@@ -720,7 +754,7 @@ function getSupportedInstallLanguages()
720754
$sugar_config['unique_key'] = md5(create_guid());
721755
}
722756

723-
$validation_errors = validate_dbConfig('a');
757+
$validation_errors = validate_dbConfig();
724758
if (count($validation_errors) > 0) {
725759
$the_file = 'dbConfig_a.php';
726760
$si_errors = true;

0 commit comments

Comments
 (0)