diff --git a/ModuleInstall/ModuleScanner.php b/ModuleInstall/ModuleScanner.php index ee9fcb3a3ef..bd1bb36ae83 100755 --- a/ModuleInstall/ModuleScanner.php +++ b/ModuleInstall/ModuleScanner.php @@ -611,6 +611,7 @@ public function scanFile($file) $checkFunction = false; $possibleIssue = ''; $lastToken = false; + $return = false; foreach ($tokens as $index=>$token) { if (is_string($token[0])) { switch ($token[0]) { @@ -622,7 +623,16 @@ public function scanFile($file) $issues[] = $possibleIssue; } break; + case ']': + if ($checkFunction){ + $issues[] = $possibleIssue; + } + } + + if ($return && $checkFunction){ + $issues[] = $possibleIssue; } + $checkFunction = false; $possibleIssue = ''; } else { @@ -641,7 +651,8 @@ public function scanFile($file) $issues[]= translate('ML_INVALID_FUNCTION', 'Administration') . ' exit / die'; break; case T_STRING: - $token[1] = strtolower($token[1]); + case T_CONSTANT_ENCAPSED_STRING: + $token[1] = trim(strtolower($token[1]),'\'"'); if ($lastToken !== false && $lastToken[0] == T_NEW) { if (!in_array($token[1], $this->classBlackList)) { break; @@ -688,6 +699,10 @@ public function scanFile($file) if (in_array($token[1], $this->blackListExempt)) { break; } + + if ($lastToken[1] === 'return'){ + $return = true; + } } // no break case T_VARIABLE: diff --git a/README.md b/README.md index ecf7d5b7653..46b297f3304 100755 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ -# SuiteCRM 7.14.5 +# SuiteCRM 7.14.6 [![Build Status](https://travis-ci.org/salesagility/SuiteCRM.svg?branch=hotfix)](https://travis-ci.org/salesagility/SuiteCRM) [![codecov](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix/graph/badge.svg)](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix) diff --git a/composer.lock b/composer.lock index a1cdd761453..712fff9a19a 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "8ddaa2e92629c2543c4b72cf48108edb", + "content-hash": "47bba1eb36fbd153ae6881e530f96a52", "packages": [ { "name": "composer/semver", @@ -3480,16 +3480,16 @@ }, { "name": "smarty/smarty", - "version": "v4.3.1", + "version": "v4.5.3", "source": { "type": "git", "url": "https://github.com/smarty-php/smarty.git", - "reference": "e28cb0915b4e3749bf57d4ebae2984e25395cfe5" + "reference": "9fc96a13dbaf546c3d7bcf95466726578cd4e0fa" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/smarty-php/smarty/zipball/e28cb0915b4e3749bf57d4ebae2984e25395cfe5", - "reference": "e28cb0915b4e3749bf57d4ebae2984e25395cfe5", + "url": "https://api.github.com/repos/smarty-php/smarty/zipball/9fc96a13dbaf546c3d7bcf95466726578cd4e0fa", + "reference": "9fc96a13dbaf546c3d7bcf95466726578cd4e0fa", "shasum": "" }, "require": { @@ -3537,7 +3537,12 @@ "keywords": [ "templating" ], - "time": "2023-03-28T19:47:03+00:00" + "support": { + "forum": "https://github.com/smarty-php/smarty/discussions", + "issues": "https://github.com/smarty-php/smarty/issues", + "source": "https://github.com/smarty-php/smarty/tree/v4.5.3" + }, + "time": "2024-05-28T21:46:01+00:00" }, { "name": "soundasleep/html2text", diff --git a/files.md5 b/files.md5 index fd31a2e7382..5129c464cff 100755 --- a/files.md5 +++ b/files.md5 @@ -1,5 +1,5 @@ '7c960715776e20734ce8839f7d75f277', './Api/Core/Config/slim.php' => 'b134e68765e6a1403577e2a5a06322b8', @@ -102,8 +102,8 @@ $md5_string = array ( './HandleAjaxCall.php' => 'ba153f75c1522957ebe5780bb1401814', './LICENSE.txt' => 'd3f150e4a5bed444763ebe8a81742a95', './ModuleInstall/ExtensionManager.php' => '02f7b94b3f10b904299dbbbf84629004', - './ModuleInstall/ModuleInstaller.php' => '4a284071b31ad18cccaaca6a971f6ca1', - './ModuleInstall/ModuleScanner.php' => '3f9ce4a2deabfb0734b65acd71043550', + './ModuleInstall/ModuleInstaller.php' => '0d683f27d498421d08c17e122b9e0683', + './ModuleInstall/ModuleScanner.php' => 'bf9727afe8a45e77ce2b1aea5359809b', './ModuleInstall/PackageManager/ListViewPackages.php' => '020c6c30fa03ccc2be2092fcd0cf5260', './ModuleInstall/PackageManager/PackageController.php' => '16f99425f4d88521d260cb248df4274f', './ModuleInstall/PackageManager/PackageManager.php' => 'cf868ae4c182cb6e691ffc373f912f68', @@ -116,7 +116,7 @@ $md5_string = array ( './ModuleInstall/PackageManager/tpls/PackageManagerLicense.tpl' => 'df5e267d1df5ce08fb9406e42d5b4816', './ModuleInstall/PackageManager/tpls/PackageManagerScripts.tpl' => '98e396c0aa57329731fda19c790fffb2', './ModuleInstall/extensions.php' => 'de30837895f67175b7fbc04274a837a6', - './README.md' => 'bc368c439352a540a0288f2b2cde6936', + './README.md' => 'ceb5060b8df3e66197b7308c0c484fc1', './RoboFile.php' => '1b4201de0ee50e259424ce2f408e5e87', './SugarSecurity.php' => '84975dd9146d968458af123842c6c370', './TreeData.php' => '32873e20cb5fd33f9d1cdaf18c3cac5c', @@ -508,14 +508,14 @@ $md5_string = array ( './build/travis-ci-apache' => 'e1e212c4eaf679b6ec620cd0b12f4571', './campaign_tracker.php' => '6ee1a89fc24a8db14faba32f6ae8ca15', './composer.json' => '1f1f485a488eb64c21478bba117346a2', - './composer.lock' => 'f1cad98b6629b228dcfb03807f5b0340', + './composer.lock' => '36fc0286574f66e03f06494239596efd', './cron.php' => '9d3563bad78e2349325c8b0f268ecb96', './crossdomain.xml' => '24b7711640c652b21aa89c9d83d6ec13', './data/BeanFactory.php' => 'acc415aa759a183c2fda2ad51b5f4665', './data/Link.php' => '499a295f3e5e248c76270c10adf169a4', './data/Link2.php' => '952dd8bca38c01d0b33cc244ec1988dd', './data/Relationships/EmailAddressRelationship.php' => 'd4f10346966b0d9d4ff3698ae4458ee0', - './data/Relationships/M2MRelationship.php' => 'd44a54ddd5d4cd30d14d33704a1c93fb', + './data/Relationships/M2MRelationship.php' => 'afc42367f7eaae5de60ef3dba16438ee', './data/Relationships/One2MBeanRelationship.php' => '2b7d9f21d371c4501e526e0bfcc084c2', './data/Relationships/One2MRelationship.php' => '1a3a85d5c631712095e52384ef8398ad', './data/Relationships/One2OneBeanRelationship.php' => '377b23eb680efa4c39046f5beec41aaf', @@ -583,7 +583,7 @@ $md5_string = array ( './include/HTTP_WebDAV_Server/Tools/_parse_proppatch.php' => 'e5c3cbd080bc0e5869f0bc1dadb1e8be', './include/HTTP_WebDAV_Server/dav.txt' => 'c5235ed64efa685da638c6dcdb6a9708', './include/HTTP_WebDAV_Server/license.txt' => 'a45bb1bbeed9e26b26c5763df1d3913d', - './include/HtmlSanitizer.php' => 'f40ab2a60144b73aecca811a536957d6', + './include/HtmlSanitizer.php' => 'aa6c9f1125b713da4d9dd72d172f97ab', './include/Imap/Imap2Handler.php' => '3142f90b0ed93390662b424196957a9c', './include/Imap/ImapHandler.php' => 'e27ca4ebd7cde0b2787e9eeb1bc8ed1b', './include/Imap/ImapHandlerException.php' => '11b15b3480f04a04c256ee2ad22da21e', @@ -692,7 +692,7 @@ $md5_string = array ( './include/QuickSearchDefaults.php' => '0886cc24cdeac6f161417013851a29d1', './include/RefreshDatabase.php' => '2f8393d844bd4f327b6880b349fd7dd7', './include/SearchForm/SearchForm.php' => '9c999a18e3b9c749dbdfa68da985fbe2', - './include/SearchForm/SearchForm2.php' => '427124cb4302578fa314816f391b51e0', + './include/SearchForm/SearchForm2.php' => '64748d433c54f6d8962e1c2c74cb8d77', './include/SearchForm/SugarSpot.php' => '5996d87e6a9be7d5f3a90279a364541c', './include/SearchForm/tpls/SearchFormGeneric.tpl' => '98cd213b9bf117885df0f452f8f804f6', './include/SearchForm/tpls/SearchFormGenericAdvanced.tpl' => 'fc5daccc733525ed9841c730bcbf8bb7', @@ -1255,10 +1255,10 @@ $md5_string = array ( './include/Sugarpdf/sugarpdf/sugarpdf.smarty.php' => '3123177f2bb0240b00e37c433d149c66', './include/Sugarpdf/sugarpdf_config.php' => '01452207250f2f90396b4543eeecfde6', './include/Sugarpdf/sugarpdf_default.php' => 'ed59f131878639034df56183b7a121a2', - './include/SuiteEditor/SuiteEditorConnector.php' => 'a776d9b9a8512fa5f5b00c4c9c417698', + './include/SuiteEditor/SuiteEditorConnector.php' => 'b82475b5fccb723f0283dbeac1c4f539', './include/SuiteEditor/SuiteEditorDirectHTML.php' => 'b5f7f66a383397e4a541e0ce51fef039', './include/SuiteEditor/SuiteEditorInterface.php' => 'cdf72097a74c1ca0bf8cbd2f4b5cdb8e', - './include/SuiteEditor/SuiteEditorMozaik.php' => 'a44e4f678cbcaf8c823486be62ab98a3', + './include/SuiteEditor/SuiteEditorMozaik.php' => '586fcd3ac4b2a39d71196716bf316e2d', './include/SuiteEditor/SuiteEditorSettings.php' => '9b21fe20fb23cbeba38f3a10f867c754', './include/SuiteEditor/SuiteEditorSettingsForDirectHTML.php' => '645e6b1379c220af8a79373823a6bb6f', './include/SuiteEditor/SuiteEditorSettingsForMozaik.php' => '043f70f2bdd47dd292eeeff504c1e569', @@ -1402,7 +1402,7 @@ $md5_string = array ( './include/fonts/Times-Italic.afm' => 'c41212e70e19627889aefef85212a47d', './include/fonts/Times-Roman.afm' => 'f257a72c31f6a864f4e0994b1771628c', './include/formbase.php' => 'cb1644b60281877cac33d718293775c8', - './include/generic/DeleteRelationship.php' => '11024145b897e8e8337d3da0d8712d77', + './include/generic/DeleteRelationship.php' => 'c345e9ba51991a3bdb5371a1f95bd1da', './include/generic/LayoutManager.php' => 'c47a2cb97997c9a9c8cfbd20b0a8e83b', './include/generic/Save2.php' => 'e0389f61b2069723400fd8835f82d720', './include/generic/SugarWidgets/SugarWidget.php' => '0e55de3e8acaa1c505cdfe14d396062c', @@ -2417,7 +2417,7 @@ $md5_string = array ( './include/utils/db_utils.php' => 'f8d2c7ccb0547cdb4b885012215953eb', './include/utils/encryption_utils.php' => 'cf87e84efe3764464056e6473aac9c79', './include/utils/external_cache.php' => '7439d9b6252e242a9c852ecb58df44ec', - './include/utils/file_utils.php' => 'e9090db71a0f8137f9c8672734c02ed1', + './include/utils/file_utils.php' => 'a7469aa40d7d51c6c9d0baba3ca7d8ed', './include/utils/layout_utils.php' => 'a9dd36868cebf30587573df43eca4a5b', './include/utils/logic_utils.php' => 'df0882131989fd10f9855cc3b66d4572', './include/utils/mvc_utils.php' => '756f795eecb2cfad8802d5c7ec9bf32f', @@ -2428,7 +2428,7 @@ $md5_string = array ( './include/utils/recaptcha_utils.php' => '73f5eddf707788c1dff4b7d07dc82656', './include/utils/security_utils.php' => 'e953d0b673df3df313ecf1ac975e8f57', './include/utils/sugar_file_utils.php' => 'b455044cfb5f8371884a1bc713dcfd7d', - './include/utils.php' => '382e5b511ca6de2157fa5cd56f02cc38', + './include/utils.php' => '4e01260c33400fb08f48c31164922ebf', './include/vCard.php' => '5bbc76ef3b778e5587cd1883e636ea41', './include/ytree/ExtNode.php' => 'e13e1d0a4be0b76118a256a7562661f7', './include/ytree/JQueryTree.php' => '765d0ce7a2ef6c1cd2b5fa1aff84e872', @@ -2876,7 +2876,7 @@ $md5_string = array ( './lib/Utility/StringUtils.php' => '7408307bc51643889f51611fd63d6ce8', './lib/Utility/StringValidator.php' => 'a6043de790c3b9b5b78fe485f613134f', './lib/Utility/SuiteLogger.php' => '84bfe58093d322ade04c296d1365cdc1', - './lib/Utility/SuiteValidator.php' => '75362c30b6ed2387437565b1340a03c3', + './lib/Utility/SuiteValidator.php' => '45ad426a08e6a0fe94ee2da82d7b8573', './log_file_restricted.html' => '155a93e5d6349e5d7f0280ece884c3a9', './maintenance.php' => '779f8dac6809dfa06293a732a5865409', './metadata/accounts_bugsMetaData.php' => '63e4a98d2832a333b821fe62541b4de4', @@ -3027,7 +3027,7 @@ $md5_string = array ( './modules/AM_ProjectTemplates/Dashlets/AM_ProjectTemplatesDashlet/AM_ProjectTemplatesDashlet.php' => '99d0e7fabe24cabb0c3e6ea8e4587bc2', './modules/AM_ProjectTemplates/Menu.php' => '22283ea4e04291611a47f85a7eff708c', './modules/AM_ProjectTemplates/Save.php' => 'bcda2aecaafcb00c78fb7c756ac754df', - './modules/AM_ProjectTemplates/controller.php' => 'c90ecb77379ce9dcfc2292644afb638d', + './modules/AM_ProjectTemplates/controller.php' => '21a1a9e2912aaf2a1bbd44e462551b47', './modules/AM_ProjectTemplates/create_project.js' => '2f40efcbe5989c91e74e773085bfc95f', './modules/AM_ProjectTemplates/css/style.css' => '7d95119a176531a4aa36a189c4cd2614', './modules/AM_ProjectTemplates/gantt.php' => '5b1067ef2055df2169c345a5a009eece', @@ -3485,7 +3485,7 @@ $md5_string = array ( './modules/AOS_PDF_Templates/samples/smpl_Quote_Group_Sample.php' => '56295ceac9c33d891122c13ef94c119c', './modules/AOS_PDF_Templates/samples/smpl_Quote_Sample.php' => '2c3097b5ddc49a58c3753beb93c14f2b', './modules/AOS_PDF_Templates/sendEmail.php' => 'ad8d8ce6f78f93dec805cf73bd5f7572', - './modules/AOS_PDF_Templates/templateParser.php' => 'a4240e4979829b5a58ade3c2af05fcdf', + './modules/AOS_PDF_Templates/templateParser.php' => 'd58140322e5dd29798144cece05119d9', './modules/AOS_PDF_Templates/vardefs.php' => 'c2222325b41dca6b38ceec42dc1d622a', './modules/AOS_PDF_Templates/views/view.detail.php' => '226618d1d2cc62700ac0c7e53d166455', './modules/AOS_PDF_Templates/views/view.edit.php' => 'cf04ae20b0b07e64ec8569d0da459379', @@ -3588,9 +3588,9 @@ $md5_string = array ( './modules/AOW_Actions/actions/actionBase.php' => '6714b312224fd75d7be513a637f8d355', './modules/AOW_Actions/actions/actionComputeField.css' => '4f63069fbf5aee464d8b0f24e7049276', './modules/AOW_Actions/actions/actionComputeField.js' => '2f39d2288a3dbe7dc85b3b185ce1fdc5', - './modules/AOW_Actions/actions/actionComputeField.php' => '68fb03836513c4b464c32e93d3f59bf7', + './modules/AOW_Actions/actions/actionComputeField.php' => 'efc807cf7f6b11e4c7286a6123d64e23', './modules/AOW_Actions/actions/actionCreateRecord.js' => 'd74993b3fd078cbd54a445c6b3470eda', - './modules/AOW_Actions/actions/actionCreateRecord.php' => '00707767820b2dabcc7833557a8dfdbd', + './modules/AOW_Actions/actions/actionCreateRecord.php' => '2935207f114b130af2f0c205636993c0', './modules/AOW_Actions/actions/actionModifyRecord.php' => 'bc62f7e9bcd0a7d014e85b50a9cb0c01', './modules/AOW_Actions/actions/actionSendEmail.js' => 'e919423e47a93740dc522e812815c156', './modules/AOW_Actions/actions/actionSendEmail.php' => 'fd5b82969e9de58390fb13d569a35b84', @@ -3871,7 +3871,7 @@ $md5_string = array ( './modules/Bugs/views/view.edit.php' => '72fb9b9b89068476faff4a114360498b', './modules/Calendar/Cal.js' => 'bc6138c43cd476b7b51b084745f54cf5', './modules/Calendar/Calendar.php' => '7e5720ffee5b1882eb1abc19f38f2cdb', - './modules/Calendar/CalendarActivity.php' => 'b9324a684bbcbd3384ee1424e7d11383', + './modules/Calendar/CalendarActivity.php' => '05c07a94d7b58d2b4edd428804285d7c', './modules/Calendar/CalendarDisplay.php' => '2d1248541058ef8fb05bab5b8fcb0973', './modules/Calendar/CalendarGrid.php' => 'bba76087327652142e8f20f40e56582f', './modules/Calendar/CalendarUtils.php' => '1b1540220608ea41fd6d21ce3f2e6d94', @@ -4113,7 +4113,7 @@ $md5_string = array ( './modules/Campaigns/WizardEmailSetupSave.php' => '33cad06ea50246a004c9060ed191c577', './modules/Campaigns/WizardHome.html' => '347b5be091dfc343497a518fd5aae913', './modules/Campaigns/WizardHome.php' => '8a0827d9aaa4a5508cf0d2d65e61bab8', - './modules/Campaigns/WizardMarketing.html' => '063cb04668d59f49dd6eb626067baa97', + './modules/Campaigns/WizardMarketing.html' => '961476129a3dcf566dccba599b24e342', './modules/Campaigns/WizardMarketing.php' => '4c15cba6e5951de24f54b9c2a3762106', './modules/Campaigns/WizardMarketingSave.php' => '4ee0c0a8629ec7c6e2c48dd02229c041', './modules/Campaigns/WizardNewsletter.html' => '2b6fa060ccc79e53c21b75fb6788bffb', @@ -4367,7 +4367,7 @@ $md5_string = array ( './modules/Currencies/EditView.js' => 'b7256d35ff8f5a6d6704d58848e4cda9', './modules/Currencies/EditView.tpl' => '052a918216921ffde803259b43d1b366', './modules/Currencies/Forms.php' => '19f6de6cfb192b8ce230ff9536c8fca5', - './modules/Currencies/ListCurrency.php' => '8acebf925b404d190020428a2056bfd1', + './modules/Currencies/ListCurrency.php' => '1ae248af686645c5c0df8c052a2c801c', './modules/Currencies/ListView.html' => '6c257863d5e65f446f7a913684a61318', './modules/Currencies/Menu.php' => 'be48d6684a7ee6dd36643fe9bc738e48', './modules/Currencies/field_arrays.php' => '993895b7b7000dfcb97740c673ac536c', @@ -4535,15 +4535,15 @@ $md5_string = array ( './modules/EmailMan/controller.php' => 'a12eb6ae69fab8d14e010630abc0b46b', './modules/EmailMan/field_arrays.php' => '46faacb2ea303c961a1871ea613a455f', './modules/EmailMan/language/en_us.lang.php' => 'be07937f7e44faea4d8f11b168ad8d23', - './modules/EmailMan/metadata/SearchFields.php' => '16ab0bf5917fd13e2bb8dd99c3444dd8', - './modules/EmailMan/metadata/listviewdefs.php' => '947b4f415e1a9940a0997390400c35f1', - './modules/EmailMan/metadata/searchdefs.php' => 'e7b2db84571e69a69c7faeebbb864331', + './modules/EmailMan/metadata/SearchFields.php' => '56aede9b0ebd49f3972935673bac30cc', + './modules/EmailMan/metadata/listviewdefs.php' => '23583155b46abb268a12674f93bcd832', + './modules/EmailMan/metadata/searchdefs.php' => '3806918473b30c120991e614633e8300', './modules/EmailMan/metadata/subpanels/default.php' => '7b41db3ccd203cf7b32e133951c48df3', './modules/EmailMan/subpanels/default.php' => '7b41db3ccd203cf7b32e133951c48df3', './modules/EmailMan/testOutboundEmail.php' => '8caf6009a210a1e769bea85908b2aed5', './modules/EmailMan/tpls/campaignconfig.tpl' => 'ce45ccf79ccb1822b742834c2cd5dca9', './modules/EmailMan/tpls/config.tpl' => '252bff413d5c10839704fc4d56820d3e', - './modules/EmailMan/vardefs.php' => 'f5e39c351297da9370d7ec2ae55a9cb7', + './modules/EmailMan/vardefs.php' => '4b91abea944a008fe5c85ce8a7922886', './modules/EmailMan/views/view.campaignconfig.php' => 'a784916baea73367ac2cfc2e250bdc10', './modules/EmailMan/views/view.config.php' => '1006c3942282dbbf9df182ad22c2bbf7', './modules/EmailMan/views/view.list.php' => 'a2310bb8c36fa6b58f7ea42b46f4f028', @@ -4575,10 +4575,10 @@ $md5_string = array ( './modules/EmailTemplates/EditViewMain.html' => 'a00c0cf1c50700412f98236bec193944', './modules/EmailTemplates/EmailTemplate.css' => '35fde7e2b6e4dd8ac8727d019f242938', './modules/EmailTemplates/EmailTemplate.js' => '535797d1ff5460c2bbe7d591ea396f57', - './modules/EmailTemplates/EmailTemplate.php' => 'ef48ea6f5d8e0612f1a30f69a4f5e075', + './modules/EmailTemplates/EmailTemplate.php' => 'e67f704f413db2ce55948f052a0e1b44', './modules/EmailTemplates/EmailTemplateData.php' => 'b97302a107ca48a2d100829200c2b385', './modules/EmailTemplates/EmailTemplateFormBase.php' => '349d7cbd96a34de49989f80918d41a1c', - './modules/EmailTemplates/EmailTemplateParser.php' => '072e6cee4ab01ae2cf3d234b332d23cc', + './modules/EmailTemplates/EmailTemplateParser.php' => 'd1383ec1a9f1c0fcb992c56bb7b14742', './modules/EmailTemplates/Menu.php' => '6a5ae0bbf46ff87bc16079b7689c38c5', './modules/EmailTemplates/PopupDocumentsCampaignTemplate.html' => '364d78151773593a6be29438a0eb2021', './modules/EmailTemplates/PopupDocumentsCampaignTemplate.php' => '24bac7246e3b684ad8c91412ca85f490', @@ -4677,7 +4677,7 @@ $md5_string = array ( './modules/Emails/javascript/init.js' => '92ce172cf845e6f872de69160bfcfc9f', './modules/Emails/javascript/vars.js' => 'c85754028c6207fb4fb31d74fe5e81af', './modules/Emails/javascript/viewPrintable.js' => 'fc1988ab7e2587bdf9eafda6771a71cb', - './modules/Emails/language/en_us.lang.php' => '92303f9eda207766a236e397aecf7cef', + './modules/Emails/language/en_us.lang.php' => 'a00c5bca7bef5d7a641e6a104da322fb', './modules/Emails/metadata/SearchFields.php' => 'b47b2a03cb7952ee3bd2573beef9cd65', './modules/Emails/metadata/additionalDetails.php' => '78f4d63b70d1a901a49a36ee79ffcd83', './modules/Emails/metadata/composeviewdefs.php' => '4cc688ab31ce40c70a476304e890f5df', @@ -5215,7 +5215,7 @@ $md5_string = array ( './modules/ModuleBuilder/javascript/JSTransaction.js' => '279f694326dd942559adff933b408784', './modules/ModuleBuilder/javascript/ModuleBuilder.js' => 'c3e7167295194f96d725c301d64361f0', './modules/ModuleBuilder/javascript/SimpleList.js' => '5b24e05531c646a8eab12eef33bafd33', - './modules/ModuleBuilder/javascript/studio2.js' => 'a166be6664505f842e098ee91773294a', + './modules/ModuleBuilder/javascript/studio2.js' => '43b13571ef3ba49d3bfa4a5e6e38a5b0', './modules/ModuleBuilder/javascript/studio2FieldDD.js' => 'ab41e4287f0fa1c1dcfbe424b4d53f12', './modules/ModuleBuilder/javascript/studio2ListDD.js' => '9a720dba2684d8991a583c1c6312e102', './modules/ModuleBuilder/javascript/studio2PanelDD.js' => '93a5285c7147e8deea8afc555e2e79ca', @@ -6091,7 +6091,7 @@ $md5_string = array ( './modules/Users/SetTimezone.tpl' => 'f0fb5ed64fae81a5657ebc8f167967c9', './modules/Users/UpdateTourStatus.php' => 'cc111e28e6df1d96b98678661dd42490', './modules/Users/User.js' => '351f8d8e74bd1bd0a56dcc2bae31b147', - './modules/Users/User.php' => '7d98deef5b524d1485533c34d4db3aa7', + './modules/Users/User.php' => '98cda4e2cfb0e2da86bad7fb2ac4f060', './modules/Users/UserEditView.js' => '421e1c38f1ee78933134b987b7c3c251', './modules/Users/UserEmailOptions.tpl' => '96b848efbf7f6d4fee7b6bf13a1a1aee', './modules/Users/UserEmailSettings.tpl' => '5d9ff3379f63dcf7c5efbbcc3e88d8ed', @@ -6150,7 +6150,7 @@ $md5_string = array ( './modules/Users/password_utils.php' => 'c445ba371decfae7afb76ad09c060e8a', './modules/Users/reassignUserRecords.php' => '30e62154022301ff65b8dc18678a4c06', './modules/Users/tpls/DetailView.tpl' => '2b5edc433a18eab9e1dc24f55c015ced', - './modules/Users/tpls/EditViewFooter.tpl' => '93dc94ea8a18f27d7cfa5d52ec5ba431', + './modules/Users/tpls/EditViewFooter.tpl' => '830b7580c48f286122dcd2751077396d', './modules/Users/tpls/EditViewGroup.tpl' => '97bbb48546d0b13a60dac111abb8358a', './modules/Users/tpls/EditViewHeader.tpl' => '099f5e4896d623b64d44f243c33941b2', './modules/Users/tpls/QuickEditFooter.tpl' => 'a7a723ca20a7e8deaaca503c1e759ced', @@ -6371,7 +6371,7 @@ $md5_string = array ( './soap.php' => 'e28988c2e0b8e2c484587b537a710525', './sugar_version.json' => 'bdfbcefae2f9af559bef6a36367df7bb', './sugar_version.php' => 'db7b6c8d51f87879fce1e6172eedfbed', - './suitecrm_version.php' => '5b1e9b8589921e5d9c63685d85fdfd1c', + './suitecrm_version.php' => 'e5123733bf549b1dee5503908ae83dcf', './themes/SuiteP/css/Dawn/color-palette.scss' => 'e64677d79e1d68c069bdc2dc661c4f99', './themes/SuiteP/css/Dawn/icons.scss' => 'd59f8c5855e7a8df09542a663835a196', './themes/SuiteP/css/Dawn/select.ico' => '22393ad23f16c3f1462455bae8f20279', @@ -6495,9 +6495,9 @@ $md5_string = array ( './themes/SuiteP/css/suitep-base/cases.scss' => '24388474c9ceb4734d9b078377263f82', './themes/SuiteP/css/suitep-base/dashboard.scss' => 'a7f15c2915f3b14277c2dc2191b80377', './themes/SuiteP/css/suitep-base/detailview.scss' => 'a7ece4c3b5ab6c3cc9b2637ac46cf9b3', - './themes/SuiteP/css/suitep-base/editview.scss' => '71ccf720dcef0f64f1ec84237d0be812', + './themes/SuiteP/css/suitep-base/editview.scss' => '15bb682ed4554d73ddfb259d4c3e030f', './themes/SuiteP/css/suitep-base/email.scss' => '812aae974e2c6e066d8a81511d99b28a', - './themes/SuiteP/css/suitep-base/forms.scss' => 'e1626b89c1cf4ac8fc16c5f5532c8ac0', + './themes/SuiteP/css/suitep-base/forms.scss' => 'bc6901a8dee6b6f0dbc144fbc27254cd', './themes/SuiteP/css/suitep-base/jstree.scss' => '946510970bb0774a31a01c2fb57a9552', './themes/SuiteP/css/suitep-base/listview.scss' => '46898f8372bdd796e5ddeed167bd0c30', './themes/SuiteP/css/suitep-base/login.scss' => '25d85a91770e80b7b0357cece6eb5c4b', @@ -6510,7 +6510,7 @@ $md5_string = array ( './themes/SuiteP/css/suitep-base/projects.scss' => '31d48a58629a823d0db72dd3ae976770', './themes/SuiteP/css/suitep-base/search.scss' => '46d20b582efae0b654f662773cbc833d', './themes/SuiteP/css/suitep-base/sidebar.scss' => 'a5c5b91891d118985a7f8565bbf9f557', - './themes/SuiteP/css/suitep-base/studio.scss' => '6e6b30fbb83a9df9252e82d43bc93379', + './themes/SuiteP/css/suitep-base/studio.scss' => '75fee18eeddb45d7f93a2273d8055afc', './themes/SuiteP/css/suitep-base/suitepicon-glyphs.scss' => 'dce95397aa56304167c12d7331d78682', './themes/SuiteP/css/suitep-base/suitepicon.eot' => '15c1ff15c6e7c638bf4d506deed14719', './themes/SuiteP/css/suitep-base/suitepicon.json' => '0095ce0c163dab77687f007684489fa0', diff --git a/include/SearchForm/SearchForm2.php b/include/SearchForm/SearchForm2.php index a873a3ea98c..d6978d10bb9 100755 --- a/include/SearchForm/SearchForm2.php +++ b/include/SearchForm/SearchForm2.php @@ -951,7 +951,7 @@ public function generateSearchWhere($add_custom_fields = false, $module = '') $this->searchFields[$real_field]['value'] = $this->searchFields[$field]['value']; $this->searchFields[$real_field]['operator'] = $this->searchFields[$field]['operator']; - $params['value'] = $this->searchFields[$field]['value']; + $params['value'] = $db->quote($this->searchFields[$field]['value']); $params['operator'] = $this->searchFields[$field]['operator']; unset($this->searchFields[$field]['value']); $field = $real_field; @@ -1049,7 +1049,7 @@ public function generateSearchWhere($add_custom_fields = false, $module = '') } } } else { - $field_value = $parms['value']; + $field_value = $db->quote($parms['value']); } //set db_fields array. diff --git a/include/generic/DeleteRelationship.php b/include/generic/DeleteRelationship.php index 09213ede395..140db74abb4 100755 --- a/include/generic/DeleteRelationship.php +++ b/include/generic/DeleteRelationship.php @@ -61,16 +61,16 @@ require_once('include/formbase.php'); - global $beanFiles,$beanList; + global $beanFiles,$beanList, $db; $bean_name = $beanList[$_REQUEST['module']]; require_once($beanFiles[$bean_name]); $focus = new $bean_name(); if (empty($_REQUEST['linked_id']) || empty($_REQUEST['linked_field']) || empty($_REQUEST['record'])) { die("need linked_field, linked_id and record fields"); } - $linked_field = $_REQUEST['linked_field']; - $record = $_REQUEST['record']; - $linked_id = $_REQUEST['linked_id']; + $linked_field = $db->quote($_REQUEST['linked_field']); + $record = $db->quote($_REQUEST['record']); + $linked_id = $db->quote($_REQUEST['linked_id']); if ($linked_field === 'aclroles') { if (!ACLController::checkAccess($bean_name, 'edit', true)) { ACLController::displayNoAccess(); diff --git a/include/utils/file_utils.php b/include/utils/file_utils.php index 555c28229ab..1bab7558540 100755 --- a/include/utils/file_utils.php +++ b/include/utils/file_utils.php @@ -140,7 +140,7 @@ function write_override_label_to_file($the_name, $the_array, $the_file, $mode = } foreach ($the_array as $labelName => $labelValue) { - $the_string .= '$' . "{$the_name}['{$labelName}'] = '{$labelValue}';\n"; + $the_string .= '$' . "{$the_name}['" . addslashes($labelName) . "'] = '" . addslashes($labelValue) ."';\n"; } return sugar_file_put_contents($the_file, $the_string, LOCK_EX) !== false; diff --git a/lib/Utility/SuiteValidator.php b/lib/Utility/SuiteValidator.php index 23c1e4450f4..0601a9c6d50 100644 --- a/lib/Utility/SuiteValidator.php +++ b/lib/Utility/SuiteValidator.php @@ -58,6 +58,21 @@ public function isValidId(?string $id): bool return is_numeric($id) || (is_string($id) && preg_match($pattern, $id)); } + /** + * @param string|null $key + * @return bool + */ + public function isValidKey(?string $key): bool + { + if (empty($key)) { + return false; + } + + $pattern = $this->getKeyValidationPattern(); + + return is_numeric($key) || preg_match($pattern, $key); + } + /** * @param string $fieldname * @return bool @@ -90,4 +105,20 @@ public function getIdValidationPattern(): string return $pattern; } + + /** + * @return string + */ + protected function getKeyValidationPattern(): string + { + global $sugar_config; + + if (!empty($sugar_config['key_validation_pattern'])) { + $pattern = $sugar_config['key_validation_pattern']; + } else { + $pattern = '/^[A-Z0-9\-\_\.]*$/i'; + } + + return $pattern; + } } diff --git a/modules/AM_ProjectTemplates/controller.php b/modules/AM_ProjectTemplates/controller.php index 196d4eaa093..53100d480e4 100755 --- a/modules/AM_ProjectTemplates/controller.php +++ b/modules/AM_ProjectTemplates/controller.php @@ -39,12 +39,15 @@ public function action_create_project() global $current_user, $db, $mod_strings; $project_name = $_POST['p_name']; - $template_id = $_POST['template_id']; + $template_id = $db->quote($_POST['template_id']); $project_start = $_POST['start_date']; $copy_all = isset($_POST['copy_all_tasks']) ? 1 : 0; - $copy_tasks = isset($_POST['tasks']) ? $_POST['tasks'] : array() ; + $copy_tasks = array(); + if (isset($_POST['tasks']) && is_array($_POST['tasks'])) { + $copy_tasks = $_POST['tasks']; + } //Get project start date if ($project_start!='') { @@ -262,7 +265,7 @@ public function action_generate_chart() include_once('modules/AM_ProjectTemplates/project_table.php'); $project_template = BeanFactory::newBean('AM_ProjectTemplates'); - $pid = $_POST["pid"]; + $pid = $db->quote($_POST["pid"]); $project_template->retrieve($pid); //Get project tasks diff --git a/modules/Users/User.php b/modules/Users/User.php index 65668ff2d91..851ced158eb 100755 --- a/modules/Users/User.php +++ b/modules/Users/User.php @@ -976,9 +976,14 @@ public function saveFormPreferences() $this->setPreference('default_email_charset', $_REQUEST['default_email_charset'], 0, 'global'); } - if (isset($_POST['calendar_publish_key'])) { + $isValidator = new \SuiteCRM\Utility\SuiteValidator(); + + if (isset($_POST['calendar_publish_key']) && $isValidator->isValidKey($_POST['calendar_publish_key'])) { $this->setPreference('calendar_publish_key', $_POST['calendar_publish_key'], 0, 'global'); + } elseif (isset($_POST['calendar_publish_key'])) { + $_POST['calendar_publish_key'] = ''; } + if (isset($_POST['subtheme'])) { $this->setPreference('subtheme', $_POST['subtheme'], 0, 'global'); } diff --git a/modules/Users/tpls/EditViewFooter.tpl b/modules/Users/tpls/EditViewFooter.tpl index e0df3c8b78a..8c262fc2412 100755 --- a/modules/Users/tpls/EditViewFooter.tpl +++ b/modules/Users/tpls/EditViewFooter.tpl @@ -584,12 +584,23 @@ $(document).ready(function () { var checkKey = function (key) { - if (key != '') { + var validation = /^[A-Z0-9\-_.]*$/i; + if (key != '' && validation.test(key)) { + + var encodedKey = key.replace(/[&<>'"]/g, function(tag) { + return ({ + '&': '&', + '<': '<', + '>': '>', + "'": ''', + '"': '"' + }[tag]); + }) $(".calendar_publish_ok").css('display', 'inline'); $(".calendar_publish_none").css('display', 'none'); - $('#cal_pub_key_span').html(key); - $('#ical_pub_key_span').html(key); - $('#search_pub_key_span').html(key); + $('#cal_pub_key_span').html(encodedKey); + $('#ical_pub_key_span').html(encodedKey); + $('#search_pub_key_span').html(encodedKey); } else { $(".calendar_publish_ok").css('display', 'none'); $(".calendar_publish_none").css('display', 'inline'); diff --git a/suitecrm_version.php b/suitecrm_version.php index 3a56182eccd..a3329d98821 100755 --- a/suitecrm_version.php +++ b/suitecrm_version.php @@ -3,5 +3,5 @@ die('Not A Valid Entry Point'); } -$suitecrm_version = '7.14.5'; -$suitecrm_timestamp = '2024-08-14 12:00:00'; +$suitecrm_version = '7.14.6'; +$suitecrm_timestamp = '2024-11-05 12:00:00';