Skip to content

Commit e93b269

Browse files
committed
SuiteCRM 7.12.5 Release
1 parent e9414a1 commit e93b269

File tree

12 files changed

+127
-55
lines changed

12 files changed

+127
-55
lines changed

Diff for: README.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
<img width="180px" height="41px" src="https://suitecrm.com/wp-content/uploads/2017/12/logo.png" align="right" />
33
</a>
44

5-
# SuiteCRM 7.12.4
5+
# SuiteCRM 7.12.5
66

77
[![Build Status](https://travis-ci.org/salesagility/SuiteCRM.svg?branch=hotfix)](https://travis-ci.org/salesagility/SuiteCRM)
88
[![codecov](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix/graph/badge.svg)](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix)

Diff for: files.md5

+39-33
Large diffs are not rendered by default.

Diff for: modules/AOR_Scheduled_Reports/AOR_Scheduled_Reports.php

+24-4
Original file line numberDiff line numberDiff line change
@@ -83,9 +83,7 @@ public function bean_implements($interface)
8383

8484
public function save($check_notify = false)
8585
{
86-
if (isset($_POST['email_recipients']) && is_array($_POST['email_recipients'])) {
87-
$this->email_recipients = base64_encode(serialize($_POST['email_recipients']));
88-
}
86+
$this->parseRecipients();
8987

9088
return parent::save($check_notify);
9189
}
@@ -180,7 +178,7 @@ public function shouldRun(DateTime $date)
180178
}
181179

182180
$lastRun = $this->last_run ? $timedate->fromDb($this->last_run) : $timedate->fromDb($this->date_entered);
183-
181+
184182
$this->handleTimeZone($lastRun);
185183
$next = $cron->getNextRunDate($lastRun);
186184

@@ -200,4 +198,26 @@ protected function handleTimeZone(DateTime $date)
200198
$date->modify($offset . 'second');
201199
}
202200

201+
/**
202+
* Parse and set recipients
203+
* @return void
204+
*/
205+
protected function parseRecipients(): void
206+
{
207+
$recipients = $_POST['email_recipients'] ?? null;
208+
unset($_POST['email_recipients'], $_REQUEST['email_recipients'], $_GET['email_recipients']);
209+
$this->email_recipients = null;
210+
211+
if (is_array($recipients)) {
212+
$types = $recipients['email_target_type'] ?? [];
213+
$emailInfo = $recipients['email'] ?? [];
214+
$recipients = [
215+
'email_target_type' => $types,
216+
'email' => $emailInfo,
217+
];
218+
219+
$this->email_recipients = base64_encode(serialize($recipients));
220+
}
221+
}
222+
203223
}

Diff for: modules/Calendar/CalendarActivity.php

+3-2
Original file line numberDiff line numberDiff line change
@@ -266,11 +266,12 @@ public static function get_activities(
266266
}
267267

268268
$focus_list = build_related_list_by_user_id($bean, $user_id, $where);
269-
require_once 'modules/SecurityGroups/SecurityGroup.php';
269+
//require_once 'modules/SecurityGroups/SecurityGroup.php';
270270
foreach ($focus_list as $focusBean) {
271271
if (isset($seen_ids[$focusBean->id])) {
272272
continue;
273273
}
274+
/* TODO update currently unused functionality, disabled as expensive
274275
$in_group = SecurityGroup::groupHasAccess($key, $focusBean->id, 'list');
275276
$show_as_busy = !ACLController::checkAccess(
276277
$key,
@@ -279,7 +280,7 @@ public static function get_activities(
279280
'module',
280281
$in_group
281282
);
282-
$focusBean->show_as_busy = $show_as_busy;
283+
$focusBean->show_as_busy = $show_as_busy;*/
283284

284285
$seen_ids[$focusBean->id] = 1;
285286
$act = new CalendarActivity($focusBean);

Diff for: modules/Employees/Employee.php

+5
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,11 @@ public function list_view_parse_additional_sections(&$list_form/*, $xTemplateSec
186186

187187
public function create_export_query($order_by, $where, $relate_link_join = '')
188188
{
189+
global $current_user;
190+
if (!is_admin($current_user)) {
191+
throw new RuntimeException('Not authorized');
192+
}
193+
189194
include('modules/Employees/field_arrays.php');
190195

191196
$cols = '';

Diff for: modules/ModuleBuilder/Module/IconRepository.php

+3-6
Original file line numberDiff line numberDiff line change
@@ -14,14 +14,13 @@ class IconRepository
1414
*/
1515
private static $iconNames = [
1616
AOS_Contracts::class => 'aos-contracts-signature',
17+
AOR_Scheduled_Reports::class => 'aor-reports',
1718
'EmailTemplates' => 'emails',
1819
'Employees' => 'users',
1920
jjwg_Address_Cache::class => 'jjwg-markers',
2021
'ProjectTask' => 'am-tasktemplates',
2122
AM_ProjectTemplates::class => 'am-tasktemplates',
22-
'SurveyQuestionOptions' => self::DEFAULT_ICON,
23-
'SurveyQuestionResponses' => self::DEFAULT_ICON,
24-
'SurveyQuestions' => self::DEFAULT_ICON,
23+
'SurveyQuestionResponses' => 'survey-responses',
2524
'SurveyResponses' => 'survey-responses',
2625
'Prospects' => 'targets'
2726
];
@@ -33,8 +32,6 @@ class IconRepository
3332
*/
3433
public static function getIconName($module)
3534
{
36-
return isset(static::$iconNames[$module])
37-
? static::$iconNames[$module]
38-
: strtolower(str_replace('_', '-', $module));
35+
return static::$iconNames[$module] ?? strtolower(str_replace('_', '-', $module));
3936
}
4037
}

Diff for: modules/ProspectLists/Duplicate.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -55,11 +55,11 @@
5555
if (isset($_POST['isDuplicate']) && $_POST['isDuplicate'] == true) {
5656
$focus->id='';
5757
$focus->name=$mod_strings['LBL_COPY_PREFIX'].' '.$focus->name;
58-
58+
5959
$focus->save();
6060
$return_id=$focus->id;
6161
//duplicate the linked items.
62-
$query = "select * from prospect_lists_prospects where prospect_list_id = '".$_POST['record']."'";
62+
$query = "select * from prospect_lists_prospects where prospect_list_id = '". $focus->db->quote($_POST['record']) ."'";
6363
$result = $focus->db->query($query);
6464
if ($result != null) {
6565
while (($row = $focus->db->fetchByAssoc($result)) != null) {

Diff for: modules/Users/User.php

+30
Original file line numberDiff line numberDiff line change
@@ -606,6 +606,10 @@ public function save($check_notify = false)
606606
{
607607
global $current_user, $mod_strings;
608608

609+
if (!$this->hasSaveAccess()) {
610+
throw new RuntimeException('Not authorized');
611+
}
612+
609613
$msg = '';
610614

611615
$isUpdate = !empty($this->id) && !$this->new_with_id;
@@ -1591,6 +1595,11 @@ public static function getActiveUsers()
15911595

15921596
public function create_export_query($order_by, $where, $relate_link_join = '')
15931597
{
1598+
global $current_user;
1599+
if (!is_admin($current_user)) {
1600+
throw new RuntimeException('Not authorized');
1601+
}
1602+
15941603
include('modules/Users/field_arrays.php');
15951604

15961605
$cols = '';
@@ -2437,4 +2446,25 @@ public function getSubTheme()
24372446
}
24382447
return $subTheme;
24392448
}
2449+
2450+
/**
2451+
* Check if current user can save the current user record
2452+
* @return bool
2453+
*/
2454+
protected function hasSaveAccess(): bool
2455+
{
2456+
global $current_user;
2457+
2458+
if (empty($this->id)) {
2459+
return true;
2460+
}
2461+
2462+
if (empty($current_user->id)) {
2463+
return true;
2464+
}
2465+
2466+
$sameUser = $current_user->id === $this->id;
2467+
2468+
return $sameUser || is_admin($current_user);
2469+
}
24402470
}

Diff for: modules/vCals/vCal.php

+3-3
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,7 @@ public function get_freebusy_lines_cache(&$user_bean)
123123
public function create_sugar_freebusy($user_bean, $start_date_time, $end_date_time)
124124
{
125125
$ical_array = array();
126-
global $DO_USER_TIME_OFFSET, $timedate, $current_user;
126+
global $DO_USER_TIME_OFFSET, $timedate;
127127

128128
$DO_USER_TIME_OFFSET = true;
129129
if (empty($GLOBALS['current_user']) || empty($GLOBALS['current_user']->id)) {
@@ -138,11 +138,11 @@ public function create_sugar_freebusy($user_bean, $start_date_time, $end_date_ti
138138
// loop thru each activity, get start/end time in UTC, and return FREEBUSY strings
139139
foreach ($acts_arr as $act) {
140140
if (empty($act->start_time)) {
141-
$startTime = $timedate->fromUser($act->sugar_bean->date_start, $user_bean);
141+
$act->start_time = $timedate->fromUser($act->sugar_bean->date_start, $user_bean);
142142
}
143143

144144
if (empty($act->end_time)) {
145-
$endTime = $timedate->fromUser($act->sugar_bean->date_finish, $user_bean);
145+
$act->end_time = $timedate->fromUser($act->sugar_bean->date_finish, $user_bean);
146146
}
147147

148148
$ID = $act->sugar_bean->id;

Diff for: suitecrm_version.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -3,5 +3,5 @@
33
die('Not A Valid Entry Point');
44
}
55

6-
$suitecrm_version = '7.12.4';
7-
$suitecrm_timestamp = '2022-02-10 12:00:00';
6+
$suitecrm_version = '7.12.5';
7+
$suitecrm_timestamp = '2022-03-01 12:00:00';

Diff for: tests/unit/phpunit/modules/Employees/EmployeeTest.php

+7
Original file line numberDiff line numberDiff line change
@@ -128,6 +128,8 @@ public function testcreate_export_query(): void
128128
{
129129
$employee = BeanFactory::newBean('Employees');
130130

131+
global $current_user;
132+
$current_user->is_admin = '1';
131133
//test with empty string params
132134
$expected = "SELECT id, user_name, first_name, last_name, description, date_entered, date_modified, modified_user_id, created_by, title, department, is_admin, phone_home, phone_mobile, phone_work, phone_other, phone_fax, address_street, address_city, address_state, address_postalcode, address_country, reports_to_id, portal_only, status, receive_notifications, employee_status, messenger_id, messenger_type, is_group FROM users WHERE users.deleted = 0 ORDER BY users.user_name";
133135
$actual = $employee->create_export_query('', '');
@@ -137,6 +139,11 @@ public function testcreate_export_query(): void
137139
$expected = "SELECT id, user_name, first_name, last_name, description, date_entered, date_modified, modified_user_id, created_by, title, department, is_admin, phone_home, phone_mobile, phone_work, phone_other, phone_fax, address_street, address_city, address_state, address_postalcode, address_country, reports_to_id, portal_only, status, receive_notifications, employee_status, messenger_id, messenger_type, is_group FROM users WHERE users.user_name=\"\" AND users.deleted = 0 ORDER BY users.id";
138140
$actual = $employee->create_export_query('users.id', 'users.user_name=""');
139141
self::assertSame($expected, $actual);
142+
143+
$current_user->is_admin = '0';
144+
$this->expectException(RuntimeException::class);
145+
$employee->create_export_query('', '');
146+
140147
}
141148

142149
public function testpreprocess_fields_on_save(): void

Diff for: tests/unit/phpunit/modules/Users/UserTest.php

+8-2
Original file line numberDiff line numberDiff line change
@@ -683,16 +683,22 @@ public function testcreate_export_query(): void
683683
{
684684
$user = BeanFactory::newBean('Users');
685685

686+
global $current_user;
687+
$current_user->is_admin = '1';
686688
//test with empty string params
687-
$expected = "SELECT id, user_name, first_name, last_name, description, date_entered, date_modified, modified_user_id, created_by, title, department, is_admin, phone_home, phone_mobile, phone_work, phone_other, phone_fax, address_street, address_city, address_state, address_postalcode, address_country, reports_to_id, portal_only, status, receive_notifications, employee_status, messenger_id, messenger_type, is_group FROM users WHERE users.deleted = 0 AND users.is_admin=0 ORDER BY users.user_name";
689+
$expected = "SELECT id, user_name, first_name, last_name, description, date_entered, date_modified, modified_user_id, created_by, title, department, is_admin, phone_home, phone_mobile, phone_work, phone_other, phone_fax, address_street, address_city, address_state, address_postalcode, address_country, reports_to_id, portal_only, status, receive_notifications, employee_status, messenger_id, messenger_type, is_group FROM users WHERE users.deleted = 0 ORDER BY users.user_name";
688690
$actual = $user->create_export_query('', '');
689691
self::assertSame($expected, $actual);
690692

691693

692694
//test with valid string params
693-
$expected = "SELECT id, user_name, first_name, last_name, description, date_entered, date_modified, modified_user_id, created_by, title, department, is_admin, phone_home, phone_mobile, phone_work, phone_other, phone_fax, address_street, address_city, address_state, address_postalcode, address_country, reports_to_id, portal_only, status, receive_notifications, employee_status, messenger_id, messenger_type, is_group FROM users WHERE user_name=\"\" AND users.deleted = 0 AND users.is_admin=0 ORDER BY id";
695+
$expected = "SELECT id, user_name, first_name, last_name, description, date_entered, date_modified, modified_user_id, created_by, title, department, is_admin, phone_home, phone_mobile, phone_work, phone_other, phone_fax, address_street, address_city, address_state, address_postalcode, address_country, reports_to_id, portal_only, status, receive_notifications, employee_status, messenger_id, messenger_type, is_group FROM users WHERE user_name=\"\" AND users.deleted = 0 ORDER BY id";
694696
$actual = $user->create_export_query('id', 'user_name=""');
695697
self::assertSame($expected, $actual);
698+
699+
$current_user->is_admin = '0';
700+
$this->expectException(RuntimeException::class);
701+
$user->create_export_query('', '');
696702
}
697703

698704

0 commit comments

Comments
 (0)