From 613d44931dd646a919fdcb32eeb01884faad5f2e Mon Sep 17 00:00:00 2001 From: Clemente Raposo Date: Thu, 27 Jan 2022 14:00:17 +0000 Subject: [PATCH] SuiteCRM 7.12.3 Release --- README.md | 2 +- files.md5 | 75 ++++++++++++---------- include/InlineEditing/InlineEditing.php | 14 +++++ include/utils.php | 79 +++++++++++++++++++++++- modules/EmailTemplates/EmailTemplate.php | 11 +++- modules/Import/controller.php | 10 +++ modules/Project/controller.php | 18 +++--- suitecrm_version.php | 4 +- 8 files changed, 165 insertions(+), 48 deletions(-) diff --git a/README.md b/README.md index 1e49d450d30..1784207745c 100755 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ -# SuiteCRM 7.12.2 +# SuiteCRM 7.12.3 [![Build Status](https://travis-ci.org/salesagility/SuiteCRM.svg?branch=hotfix)](https://travis-ci.org/salesagility/SuiteCRM) [![codecov](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix/graph/badge.svg)](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix) diff --git a/files.md5 b/files.md5 index 488dfc894c6..524b6aad78c 100755 --- a/files.md5 +++ b/files.md5 @@ -1,5 +1,5 @@ '69a1e7b3d7755a2a63499a16ddae81cf', './Api/Core/Config/slim.php' => 'b134e68765e6a1403577e2a5a06322b8', @@ -92,7 +92,7 @@ $md5_string = array ( './Api/V8/Service/ListViewService.php' => '69fcf4e8e6f036469ff1fdfeca76166d', './Api/V8/Service/LogoutService.php' => '937c253d87b4a72dbd888fec102cb613', './Api/V8/Service/MetaService.php' => '43e410fc841e4da937174d73e027179a', - './Api/V8/Service/ModuleService.php' => 'ba557ee15d50edb935ad3e6fdfbbacfa', + './Api/V8/Service/ModuleService.php' => '9927065a680531cd230d7c1dd6fce8ee', './Api/V8/Service/RelationshipService.php' => '967752c956232952c32bba807498315d', './Api/V8/Service/UserPreferencesService.php' => '7329c91b00f4db576bd18f58ca950186', './Api/V8/Service/UserService.php' => '54213fb8c6df4d8b4dc470a48ca961be', @@ -115,7 +115,7 @@ $md5_string = array ( './ModuleInstall/PackageManager/tpls/PackageManagerLicense.tpl' => 'df5e267d1df5ce08fb9406e42d5b4816', './ModuleInstall/PackageManager/tpls/PackageManagerScripts.tpl' => '98e396c0aa57329731fda19c790fffb2', './ModuleInstall/extensions.php' => '094f4650261f6efbab1b90b119829388', - './README.md' => 'ecdc892452414ccb5cb20142ad118de4', + './README.md' => 'b9d83b3570f46a4e80c328aaf7e184b6', './RoboFile.php' => '045b82c1df69553824d0e4ffcce6e03c', './SugarSecurity.php' => '47e316b2d408e8c5192c8ea4a4f921b3', './TreeData.php' => '32873e20cb5fd33f9d1cdaf18c3cac5c', @@ -504,8 +504,8 @@ $md5_string = array ( './Zend/Validate/Ip.php' => 'e313ef824309253dcfab90ff1d38ac86', './Zend/Version.php' => 'e313ef824309253dcfab90ff1d38ac86', './campaign_tracker.php' => '321e43ca8b664e6ca57ae5589e8c0667', - './composer.json' => '66202f4ba0f73ed829684da3a9a28423', - './composer.lock' => '5d5dddb6ad175a807cf4b7496e64604d', + './composer.json' => '45611132765c8a37f3f61374a71e3a1f', + './composer.lock' => 'fdd7ac81eaeb78690e9426415645f1ff', './cron.php' => '0b8b6bd839a2232a8da074b31feaa708', './crossdomain.xml' => '24b7711640c652b21aa89c9d83d6ec13', './data/BeanFactory.php' => '84b7c36b6a59ea8c5c4069659cc72950', @@ -592,7 +592,7 @@ $md5_string = array ( './include/Imap/ImapTestSettingsEntryHandler.php' => '3292a309c3331e60ab13f48c56e672c8', './include/Imap.php' => '0f93494ddbae70f85acdcbac5e92dbc5', './include/ImapInterface.php' => '1cc17060f7768a0e299fafdd66410baa', - './include/InlineEditing/InlineEditing.php' => '95864a199590f0e31ce66745da7a1d1f', + './include/InlineEditing/InlineEditing.php' => '556f91cf67cb17620fb42a5bd607b7a6', './include/InlineEditing/inlineEditing.js' => 'ebc8c66cf49a2bcc77265461a120fe3c', './include/JSON.php' => '7cff996ad7e96ff1583e0837f5070f29', './include/JsonApiErrorObject.php' => 'bd82e5413b53492f73cb66fa0fe35316', @@ -606,7 +606,7 @@ $md5_string = array ( './include/ListView/ListViewColumnsFilterLink.tpl' => 'f72bf5e08fb157aaa12151efb71ffd50', './include/ListView/ListViewDCMenu.tpl' => 'b65d91f4e0974fb3bad725c4a10dbd38', './include/ListView/ListViewData.php' => '13fd111566fabfe310ca2df58c19820e', - './include/ListView/ListViewDisplay.php' => '7737eb0185150aaa36609d2352b23d73', + './include/ListView/ListViewDisplay.php' => '516709b2a7e1d11ab5193369ecd1d7d8', './include/ListView/ListViewEval.tpl' => '15d45a3ed170599634d26860dc2e9e56', './include/ListView/ListViewFacade.php' => '9b0f0b4cec02511bebbc62beef368744', './include/ListView/ListViewGeneric.tpl' => '225d86344ddc00b4b00bd6716d23ac12', @@ -680,11 +680,11 @@ $md5_string = array ( './include/Pear/Crypt_Blowfish/Blowfish/DefaultKey.php' => '71c33c848e1219ea3cfad5795f02f3cd', './include/Pear/Crypt_Blowfish/Blowfish.php' => '0c73a6dbf2fa10ae60ecb7dde76c67eb', './include/Pear/Crypt_Blowfish/license.txt' => 'a45bb1bbeed9e26b26c5763df1d3913d', - './include/Popups/PopupSmarty.php' => '6d61a9f0c32c67aca68fa014c93b36fa', + './include/Popups/PopupSmarty.php' => '7f37169149cfce47e441eb3ce43f3661', './include/Popups/Popup_picker.php' => 'efc16459685cc015a472689ca0ab3886', './include/Popups/tpls/PopupGeneric.tpl' => '6de12bee73b200444038e28217cdb0e2', './include/Popups/tpls/footer.tpl' => 'fe184f626507e4834c6fc442d140fffc', - './include/Popups/tpls/header.tpl' => '9d78bc4303063a37d330c0451f473304', + './include/Popups/tpls/header.tpl' => '92ce3e74f5bd5b70c2aae5cd1195308e', './include/QuickSearchDefaults.php' => '47ec9bb09aff02c67cd905b5df063830', './include/RefreshDatabase.php' => '2f8393d844bd4f327b6880b349fd7dd7', './include/SearchForm/SearchForm.php' => '4837b9f89087085c3ad8b546099fa2cd', @@ -698,6 +698,9 @@ $md5_string = array ( './include/SearchForm/tpls/footerPopup.tpl' => '794cb10105e35b7b34a5efef5c9e6385', './include/SearchForm/tpls/header.tpl' => '2d1c49e167dbeb93e8e03ec79c1fec2c', './include/SearchForm/tpls/headerPopup.tpl' => '49f913824175dafd993fbc8a1bf7923c', + './include/Services/Batch/BatchJob.php' => 'bada8d2023e3824673b3a709a54e76f7', + './include/Services/NormalizeRecords/NormalizeRecords.php' => 'a0d64b3a4d41c72d4f00dad0b0d62f7d', + './include/Services/NormalizeRecords/NormalizeRecordsSchedulerJob.php' => '8931bcef83a853868bd8f0dc934818d1', './include/Smarty/plugins/block.minify.php' => 'a4a8771c5a8a48c7ab030b0b552957dd', './include/Smarty/plugins/block.nocache.php' => '66bb941778de43b9e52d06a47becb9f5', './include/Smarty/plugins/block.textformat.php' => 'f4e1cc15997ff132066f5e4e09e92054', @@ -847,7 +850,7 @@ $md5_string = array ( './include/SugarDependentDropdown/SugarDependentDropdown.php' => 'b1b2e97806792338acdeb661fc68cacf', './include/SugarDependentDropdown/javascript/SugarDependentDropdown.js' => '14748d0133b9731b97c11b95e3713489', './include/SugarDependentDropdown/metadata/dependentDropdown.php' => 'deb131d92c6a4447d8265600ba46e9b2', - './include/SugarEmailAddress/SugarEmailAddress.js' => 'edeac61482387059c2c18ec30846e318', + './include/SugarEmailAddress/SugarEmailAddress.js' => 'def2d76e0bee474993ae52ce8bafe7c0', './include/SugarEmailAddress/SugarEmailAddress.php' => '141b5619a3476eaef690ae6adba2a126', './include/SugarEmailAddress/getEmailAddressWidget.php' => '732df9ab640f7e9713d81a2a2c5579d0', './include/SugarEmailAddress/templates/forDetailView.tpl' => 'f40f05d1278c144c7e7fd4a1e9e77eb4', @@ -1188,9 +1191,9 @@ $md5_string = array ( './include/SugarObjects/templates/sale/vardefs.php' => '0594cbe418f268edf893cced47b022f3', './include/SugarObjects/translated_prefix.php' => 'ba8e90a225dfa38f779119b10c366d40', './include/SugarPHPMailer.php' => 'f3e4df19eab7a1ec3023c62dc383a85e', - './include/SugarQueue/SugarCronJobs.php' => '1cb6aa2aa673b6f959379ae6b5be7c3b', + './include/SugarQueue/SugarCronJobs.php' => 'ee32b208de3d393fa352f4f578a5b746', './include/SugarQueue/SugarCronRemoteJobs.php' => '07feac4c96f9cb8c0e00a8d9f075f841', - './include/SugarQueue/SugarJobQueue.php' => 'bbe33270efa7f356ebea2bb036eedba1', + './include/SugarQueue/SugarJobQueue.php' => 'ed2f9154587957a89b85121039a05fed', './include/SugarSQLValidate.php' => '828ff22182a14e36e275062bd0d6af2d', './include/SugarTheme/SugarSprites.php' => 'e5fdd274f9638e62a43fe7947aa848e8', './include/SugarTheme/SugarTheme.php' => '65b7b0151114cd5a2295d9fd5563d332', @@ -1727,7 +1730,7 @@ $md5_string = array ( './include/javascript/quickCompose.js' => '047d7eea0263fa0c2cd9bdb53ecf6258', './include/javascript/quicksearch.js' => '97475c83c2614b54f3a0dd63edb2dfb2', './include/javascript/report_additionals.js' => '094fef2462c9d640ee3ef4dc7af613d0', - './include/javascript/sugar_3.js' => 'f262f2b4a08214829e9f29152f05152e', + './include/javascript/sugar_3.js' => '37dafba08d7a447439882819e54de1e1', './include/javascript/sugar_connection_event_listener.js' => 'c8a148e865988e17f9b0328de44803a7', './include/javascript/sugar_yui_overrides.js' => 'd99ea792b967d53cef54e0b870acdd88', './include/javascript/sugarwidgets/SugarYUILoader.js' => '959d552199b65eab09ed534ade65b064', @@ -2443,7 +2446,7 @@ $md5_string = array ( './include/utils/recaptcha_utils.php' => '73f5eddf707788c1dff4b7d07dc82656', './include/utils/security_utils.php' => 'e953d0b673df3df313ecf1ac975e8f57', './include/utils/sugar_file_utils.php' => '1c1915cad8c88feb0edbf5bbaee106c4', - './include/utils.php' => '056c6cb9c2a210087be1b89558cfd63f', + './include/utils.php' => 'f9f3e4dbf04fc441c8c7e2dd56cfd0c7', './include/vCard.php' => '44052bbedcdaba3fdf67cfc10a112e75', './include/ytree/ExtNode.php' => '000d4ccbdb6e0a7628c636128781b5e3', './include/ytree/JQueryTree.php' => '3712d2224b93818b990b876f8405b745', @@ -2586,7 +2589,7 @@ $md5_string = array ( './jssource/src_files/include/SugarCharts/Jit/js/Jit/jit.js' => 'df8355ccd2772130088b1fb667650271', './jssource/src_files/include/SugarCharts/Jit/js/mySugarCharts.js' => '2f84790497e288fd89ba307560f09c5f', './jssource/src_files/include/SugarDependentDropdown/javascript/SugarDependentDropdown.js' => '5ac4fce0d1493f514c531c0dcc7b7ed9', - './jssource/src_files/include/SugarEmailAddress/SugarEmailAddress.js' => '0391c648fd9875ac2143030a97758088', + './jssource/src_files/include/SugarEmailAddress/SugarEmailAddress.js' => '7fbc299c2611654de572274cb52307e3', './jssource/src_files/include/SugarFields/Fields/Address/SugarFieldAddress.js' => 'db716b6f16be88fa2ef807e2784e4fcc', './jssource/src_files/include/SugarFields/Fields/Collection/SugarFieldCollection.js' => '340c33ba887d216fc45a7d5ebf57b2e4', './jssource/src_files/include/SugarFields/Fields/Datetimecombo/Datetimecombo.js' => 'a40673ad62e3fd095b9b48e8b55093a6', @@ -2616,7 +2619,7 @@ $md5_string = array ( './jssource/src_files/include/javascript/quickCompose.js' => '31c8e3efcf325c0c805018587fa585cb', './jssource/src_files/include/javascript/quicksearch.js' => '0329400df3d1b8e4eab0765f8fe9f2e4', './jssource/src_files/include/javascript/report_additionals.js' => 'baca991df446eaf401dda47d1685fad1', - './jssource/src_files/include/javascript/sugar_3.js' => '6589fafd0dff4c08c88184cf31627990', + './jssource/src_files/include/javascript/sugar_3.js' => '1013320f0f4e078b999641d94e979fb6', './jssource/src_files/include/javascript/sugar_connection_event_listener.js' => '431e88e62c5a7005693189d1e9d8e916', './jssource/src_files/include/javascript/sugar_yui_overrides.js' => 'efbf74aa5e7d0af070ae7faab7725538', './jssource/src_files/include/javascript/sugarwidgets/SugarYUILoader.js' => 'abc59adf77cf85c0424dbcb6c356bee8', @@ -2833,7 +2836,7 @@ $md5_string = array ( './lib/Robo/Plugin/Commands/CodeCoverageCommands.php' => '1a96a8253828178473f3e26b454d07ba', './lib/Robo/Plugin/Commands/CodingStandardCommands.php' => '0c2e3276cfb188500172ec7d503926ba', './lib/Robo/Plugin/Commands/ElasticSearchCommands.php' => '33c6a2dfff8e0a3624d7ad4f42059bf9', - './lib/Robo/Plugin/Commands/RepairCommands.php' => '390c3712dee990b71a260a6151e0f6df', + './lib/Robo/Plugin/Commands/RepairCommands.php' => 'ae90c86f61172c980cdc9a62f4e82ac8', './lib/Robo/Plugin/Commands/TestEnvironmentCommands.php' => '88bf24915b2b7c5ef1fa3abafac00eb6', './lib/Robo/Plugin/Commands/TestRunCommands.php' => '82b9f964491714ac90e918deb98874ee', './lib/Robo/Plugin/Commands/UpgradeCommands.php' => '70ce6c722f812d8ea6460dbab872d7cd', @@ -2841,7 +2844,7 @@ $md5_string = array ( './lib/Robo/Traits/RoboTrait.php' => '4959bc9e6576b42dd50e09673a6ce7d1', './lib/Robo/config.php' => 'e466635f4002d1ae74aabf0bc28165be', './lib/Search/AOD/LuceneSearchEngine.php' => '7a589c07fae355ad81ba1893e40e1bb9', - './lib/Search/BasicSearch/BasicSearchEngine.php' => '1d2c5e21d8bc06a90c9df7ad30607685', + './lib/Search/BasicSearch/BasicSearchEngine.php' => '1f6ecd5faa8a58cd6d2e06da6ca35cd3', './lib/Search/ElasticSearch/ElasticSearchClientBuilder.php' => '4743c29fa00cb5d4025c974af7b79156', './lib/Search/ElasticSearch/ElasticSearchEngine.php' => '89b2b27ef2c5dd8e7482360a8e499bfc', './lib/Search/ElasticSearch/ElasticSearchHooks.php' => '8898cc8d7cec43f13352397be9397f3e', @@ -3642,7 +3645,7 @@ $md5_string = array ( './modules/AOW_WorkFlow/Dashlets/AOW_WorkFlowDashlet/AOW_WorkFlowDashlet.meta.php' => '307d5c5c4e36070f26fcd7019a7c3ce7', './modules/AOW_WorkFlow/Dashlets/AOW_WorkFlowDashlet/AOW_WorkFlowDashlet.php' => '9b68831e41b81207bf2e3a1a42b266b2', './modules/AOW_WorkFlow/Menu.php' => 'bda4b71d876e065f7661bce4a91bde57', - './modules/AOW_WorkFlow/aow_utils.php' => '0f06117126fbfe5cc6fa498a6ddbb4b8', + './modules/AOW_WorkFlow/aow_utils.php' => '5e07a03b0697f9b596c5a8a6f5cddb4b', './modules/AOW_WorkFlow/controller.php' => '80bf5d8ed3fec47f72320c318719e630', './modules/AOW_WorkFlow/language/en_us.lang.php' => '3257fefa8880da77ef4c90c08fab9dad', './modules/AOW_WorkFlow/metadata/SearchFields.php' => '125fca8f181fd8c4fbb159fd71096bd7', @@ -3761,6 +3764,7 @@ $md5_string = array ( './modules/Administration/RepairJSFile.php' => '6cb9e4b58abafc8396003ed3437b3927', './modules/Administration/RepairSeedUsers.php' => '81c156caf343411e4620f78a964165c3', './modules/Administration/RepairUploadFolder.php' => '97c12972e1e1e95289b11e2c7b6ee215', + './modules/Administration/RepairUtfEncoding.php' => 'd0b01ff836abe132b18ce4f923942bdf', './modules/Administration/RepairXSS.php' => 'eaf951746f27ec97888300a58efd7c8a', './modules/Administration/Save.php' => 'd6749485322bf9c956460084be84aa8f', './modules/Administration/Search/Controller.php' => 'c2c30ace2e9f962779dbfbcb18567955', @@ -3786,7 +3790,7 @@ $md5_string = array ( './modules/Administration/SyncInboundEmailAccounts.php' => '12d7e813df836c9791c0335e4f04bbe5', './modules/Administration/Updater.html' => '41dafda58b09eb9893644d0e6b13499f', './modules/Administration/Updater.php' => '8c6ed7adff356877fd3a52525e42f7fe', - './modules/Administration/Upgrade.php' => '421dd6e8e39e641bb072d107c9bffccd', + './modules/Administration/Upgrade.php' => 'f6c184f9c7de11b52c9120a121a9682e', './modules/Administration/UpgradeAccess.php' => '518f0ddc85cb427d55161878f2432761', './modules/Administration/UpgradeFields.php' => 'd74cb90a6a24cae3c0b96a97a74d4d62', './modules/Administration/UpgradeHistory.php' => '14ba994d7b1d5eccfc4520855a0c4036', @@ -3805,7 +3809,7 @@ $md5_string = array ( './modules/Administration/index.tpl' => 'e2267cd142b9509c13eaed32180e5e88', './modules/Administration/javascript/Administration.js' => '3548a43145e0b00b880d50fce62126f6', './modules/Administration/javascript/Async.js' => '7cda344ae778c0633b8941dcc6fd2bd6', - './modules/Administration/language/en_us.lang.php' => '6551f061129b2b8e07e79e585921970b', + './modules/Administration/language/en_us.lang.php' => 'c87032b4ab17ef84ebadba8fdcff2b74', './modules/Administration/metadata/SearchFields.php' => '678fb87cfc3b3e95d7e7ea8a72d8da16', './modules/Administration/metadata/adminpaneldefs.php' => 'f4a4741b7165c657d017869bdc10bc67', './modules/Administration/ncc_config.php' => '643e7a46ad14a6aed7431c6679362b95', @@ -3819,6 +3823,9 @@ $md5_string = array ( './modules/Administration/templates/RebuildConfig.tpl' => '48dc46b7bb990f5ac7f08089abe762ae', './modules/Administration/templates/RebuildSprites.tpl' => '912be3ffbaef06b505dd4ff246dd5033', './modules/Administration/templates/RepairDatabase.tpl' => '679065785b1579d266abd55b7ea73fdc', + './modules/Administration/templates/RepairUtfEncoding.tpl' => '495072c5440ed3daeb78e1fa677a15f0', + './modules/Administration/templates/RepairUtfEncodingStatus.tpl' => 'c6aacbb022cd46af969c5f86b7c4da21', + './modules/Administration/templates/RepairUtfEncodingSyncStatus.tpl' => 'ca89d245ab9d0a60c726d2f464126256', './modules/Administration/templates/RepairXSS.tpl' => 'a694a530311524c860865c970d90192b', './modules/Administration/templates/ShortcutBar.tpl' => '9f9ce796937525328d4c947077486974', './modules/Administration/templates/SyncInboundEmailAccounts.tpl' => '9667d27fe5d32e17fccfc1b5740d5a32', @@ -4243,7 +4250,7 @@ $md5_string = array ( './modules/Configurator/UploadFileCheck.php' => '06156db94d3826806ddbe1645c8b67f9', './modules/Configurator/action_view_map.php' => '6c5dabbf48acf9dd009f60a17fecf657', './modules/Configurator/controller.php' => 'f295ce1c2b46b0720de4717312a28d87', - './modules/Configurator/language/en_us.lang.php' => '8f52040964f4b19526f75bd50e0d0013', + './modules/Configurator/language/en_us.lang.php' => 'da79efe6028535003c5f9af8ea191682', './modules/Configurator/metadata/SugarpdfSettingsdefs.php' => 'ca8649f8b1554e8aec32fe8440ff781e', './modules/Configurator/tpls/EditView.tpl' => '95db9efe07fce13f8f4c20437028116e', './modules/Configurator/tpls/SugarpdfSettings.tpl' => 'c97732698b0ba12862887d64a3aa6c6c', @@ -4587,7 +4594,7 @@ $md5_string = array ( './modules/EmailTemplates/EditViewMain.html' => 'fc194c55bf297753a57d7e14b8303685', './modules/EmailTemplates/EmailTemplate.css' => '35fde7e2b6e4dd8ac8727d019f242938', './modules/EmailTemplates/EmailTemplate.js' => '6d1f82028af8d7a22bb9748f4599f973', - './modules/EmailTemplates/EmailTemplate.php' => '73a85c5540f6464697984a957bbccf05', + './modules/EmailTemplates/EmailTemplate.php' => '7e47245abb26d5cfd65d5e73883513ba', './modules/EmailTemplates/EmailTemplateData.php' => '12cdbfc95fc7fba127ea8e82cb5a277a', './modules/EmailTemplates/EmailTemplateFormBase.php' => 'eda7d4bd84521e2aa557a975270b355c', './modules/EmailTemplates/EmailTemplateParser.php' => '73b44dc40b3671955f86b43622669289', @@ -4946,7 +4953,7 @@ $md5_string = array ( './modules/Import/Importer.php' => 'c4bf3967c463f929acff62fa541cc664', './modules/Import/Menu.php' => '776e6242c638410abd3290c9387e134e', './modules/Import/UsersLastImport.php' => 'a1c22f45aa62094045f32acbcba0ba8d', - './modules/Import/controller.php' => '461f26cd01bc94f0fa0f17608183120b', + './modules/Import/controller.php' => 'c0238f4ab8ce515d8f1e6e5f64a0c81a', './modules/Import/language/en_us.lang.php' => '41328cd1de165898134141618e777774', './modules/Import/maps/ImportMap.php' => 'f8a79c733d4ec686203476e5930c0670', './modules/Import/maps/ImportMapAct.php' => '15401c409712de8a08e3dfc7f95df8a0', @@ -5186,7 +5193,7 @@ $md5_string = array ( './modules/ModuleBuilder/parsers/ParserFactory.php' => '9f49fbae9d8aadc97257d4cf18672978', './modules/ModuleBuilder/parsers/StandardField.php' => '4cbf549bc313959427dc126e9afe01e7', './modules/ModuleBuilder/parsers/constants.php' => '01917f1fa30ccbaabf69cf03f3a37946', - './modules/ModuleBuilder/parsers/parser.dropdown.php' => 'b7a832a37f1d550b3b88492082dbc13e', + './modules/ModuleBuilder/parsers/parser.dropdown.php' => 'adfd8f59d8b6072d2aabee8f2ec68ceb', './modules/ModuleBuilder/parsers/parser.label.php' => 'b026e2f0249fe89f848312ece6d1ca1d', './modules/ModuleBuilder/parsers/parser.modifylayoutview.php' => 'f69b0f61304ac1a038a9ee4fc5e64faf', './modules/ModuleBuilder/parsers/parser.modifylistview.php' => '7b370f6ed426a6e1be2f6b0fa422eb76', @@ -5272,7 +5279,7 @@ $md5_string = array ( './modules/ModuleBuilder/views/view.main.php' => '074e242f1ac78fcfa427dcebc90b0115', './modules/ModuleBuilder/views/view.module.php' => 'c30c29ca234963b5784d3799979273d9', './modules/ModuleBuilder/views/view.modulefield.php' => '07ff9a38f0c5499befc6f13ad2a75930', - './modules/ModuleBuilder/views/view.modulefields.php' => '6f6d1c266572fb475abd004e0ec68767', + './modules/ModuleBuilder/views/view.modulefields.php' => '33c0acc4a282b810f7e2915966338d30', './modules/ModuleBuilder/views/view.modulelabels.php' => 'b4fa12db216d215dd43d30c69a7feba0', './modules/ModuleBuilder/views/view.package.php' => '98f14929cf217186a081488380427c5a', './modules/ModuleBuilder/views/view.popupview.php' => 'fd818423e7b49d9a39c746be70091967', @@ -5452,7 +5459,7 @@ $md5_string = array ( './modules/Project/SubPanelView.php' => 'af95a6ef52973f660100c71164dd42fe', './modules/Project/action_view_map.php' => 'bfb14b59f2e972e576ab76d3d5aceac0', './modules/Project/chart.php' => '02539a509ab925faa9a81ccf04a9c058', - './modules/Project/controller.php' => '76888c230e8c8b12b5e43cec7dcc8ac9', + './modules/Project/controller.php' => 'fd5b709ce4807535582234f064f7b1d7', './modules/Project/css/style.css' => 'f46ccefd03710380a8079bede95341ce', './modules/Project/css/style_chart.css' => '233f2a964aeed0a7a4db10aaa8397a5b', './modules/Project/delete_project_tasks.php' => '1c2dab740529a1e5a2fbc0e0ce7965d9', @@ -5509,18 +5516,18 @@ $md5_string = array ( './modules/ProjectTask/Dashlets/MyProjectTaskDashlet/MyProjectTaskDashlet.php' => '8788f8c2f040ed5e661e565a826c203f', './modules/ProjectTask/Delete.php' => '04587ba7508224ebfd7616ea8b1c082a', './modules/ProjectTask/Forms.html' => '285171af66aa2fc32dc0e2ea3566649b', - './modules/ProjectTask/Menu.php' => 'eae05eb5785811dd18acf256f49d1a57', + './modules/ProjectTask/Menu.php' => '1f78da32ae7b9fcf7535d39370bc6538', './modules/ProjectTask/MyProjectTasks.html' => '0844b05b334752964c11bbd6a3e144af', './modules/ProjectTask/MyProjectTasks.php' => 'f953c060173f44b6ba21c03021572762', './modules/ProjectTask/Popup_picker.html' => '9e6300b58fc0f9b1fc56648134bff4ef', './modules/ProjectTask/ProjectTask.js' => 'd64793062468c67b5a64ec0bea53dd48', - './modules/ProjectTask/ProjectTask.php' => '472269f52d743a0f277014056330b173', + './modules/ProjectTask/ProjectTask.php' => '4b9bba394508c5717eeba392c7ab98d5', './modules/ProjectTask/ProjectTaskQuickCreate.php' => '1ee71963d5ea4d00677dba5ae0d406b5', './modules/ProjectTask/Save.php' => '9136fd1f440b024a7ede43a78136cf09', './modules/ProjectTask/SubPanelView.html' => 'c53cc28a2ff53155f2270aee9825201a', './modules/ProjectTask/SubPanelView.php' => 'c9debabdb5ba2a751ef2f3c27a876e80', './modules/ProjectTask/field_arrays.php' => 'a009072f64c6a323a41c9c754984bf20', - './modules/ProjectTask/language/en_us.lang.php' => '104d1df7fab817d7e6697944161cf3d4', + './modules/ProjectTask/language/en_us.lang.php' => '999dd418feafc239f8491d9f45aae52f', './modules/ProjectTask/metadata/SearchFields.php' => 'bee41b7465f34efe9f71ab075dc69425', './modules/ProjectTask/metadata/acldefs.php' => '62fad39b11df9ca9550c4173a651c454', './modules/ProjectTask/metadata/additionalDetails.php' => 'd0f0a7b5ae3b50ea102ecadb94d531f2', @@ -5664,7 +5671,7 @@ $md5_string = array ( './modules/Schedulers/Save.php' => 'f074612e8858b16ed63efc57aa47c689', './modules/Schedulers/Scheduler.php' => '32fea0faf54fc7fd0b72f779c12d6d9a', './modules/Schedulers/Schedulers.js' => '873697808ad38308416065af9fbb8a2f', - './modules/Schedulers/_AddJobsHere.php' => 'ec6d31550e833d51fcfb1581df9ecdb6', + './modules/Schedulers/_AddJobsHere.php' => '46277b3392cf6695b77990fb6771f386', './modules/Schedulers/field_arrays.php' => 'e2671fc2306b56af3562b1b092ae05af', './modules/Schedulers/language/en_us.lang.php' => '6d1b614f0c5c5bff502f2f0db921e54e', './modules/Schedulers/metadata/SearchFields.php' => '89dec0da90e39ab857fcd1bbf6c3423a', @@ -5681,7 +5688,7 @@ $md5_string = array ( './modules/SchedulersJobs/SchedulersJob.php' => 'de4b877af6e1f139022f24914016a082', './modules/SchedulersJobs/field_arrays.php' => 'ccc694be0178a6318076df1a62b82753', './modules/SchedulersJobs/language/en_us.lang.php' => '213c773d3b36dfdc0b2932d936fe091b', - './modules/SchedulersJobs/metadata/subpanels/default.php' => '3cbee2fa23885f2938c4bc6a5cbd4b12', + './modules/SchedulersJobs/metadata/subpanels/default.php' => '40952b491d66cd328be1237e7dc0750c', './modules/SchedulersJobs/vardefs.php' => 'd0606930f15664bf4b40846afead6d3d', './modules/SecurityGroups/AssignGroups.php' => 'd27ab498ec58d4e232b7f7ec607e410c', './modules/SecurityGroups/Forms.php' => 'd41d8cd98f00b204e9800998ecf8427e', @@ -5746,7 +5753,7 @@ $md5_string = array ( './modules/Spots/vardefs.php' => '5e4d751e31f3684b35e34af55d53be25', './modules/Spots/views/view.edit.php' => 'be1fbcd8c6b5871b18244cdb7ef02bb3', './modules/Spots/views/view.list.php' => '0d9934545e44b644cb8f65f33a908004', - './modules/Studio/DropDowns/DropDownHelper.php' => '82a0ffca2c383beee6dc52cb81a48185', + './modules/Studio/DropDowns/DropDownHelper.php' => '459e0789955425379aeae7314e581b10', './modules/Studio/DropDowns/EditView.php' => 'fc1f1181fe3ecf9d446078ef3998a912', './modules/Studio/DropDowns/EditView.tpl' => '1daa9d2575cfd5788576f7c8f06940a5', './modules/Studio/Forms.php' => 'f1b9c09d71cbf6919f46b99b9a0286d3', @@ -6328,7 +6335,7 @@ $md5_string = array ( './soap.php' => 'e28988c2e0b8e2c484587b537a710525', './sugar_version.json' => 'bdfbcefae2f9af559bef6a36367df7bb', './sugar_version.php' => 'db7b6c8d51f87879fce1e6172eedfbed', - './suitecrm_version.php' => 'cc4bc58fefbbe53ff0744c20358fa0fa', + './suitecrm_version.php' => '4c7d3c4f6802cc2a615832b2c09f8c8e', './themes/SuiteP/css/Dawn/color-palette.scss' => 'e64677d79e1d68c069bdc2dc661c4f99', './themes/SuiteP/css/Dawn/icons.scss' => 'd59f8c5855e7a8df09542a663835a196', './themes/SuiteP/css/Dawn/select.ico' => '22393ad23f16c3f1462455bae8f20279', diff --git a/include/InlineEditing/InlineEditing.php b/include/InlineEditing/InlineEditing.php index f6fa00ad463..72fbc9aae34 100755 --- a/include/InlineEditing/InlineEditing.php +++ b/include/InlineEditing/InlineEditing.php @@ -387,13 +387,27 @@ function saveField($field, $id, $module, $value) function getDisplayValue($bean, $field, $method = "save") { + global $log; + if (file_exists("custom/modules/Accounts/metadata/listviewdefs.php")) { $metadata = require("custom/modules/Accounts/metadata/listviewdefs.php"); } else { $metadata = require("modules/Accounts/metadata/listviewdefs.php"); } + if (!$bean->ACLAccess('view')) { + $log->security("getDisplayValue - trying to access unauthorized view/module"); + throw new BadMethodCallException('Unauthorized'); + } + $fieldlist[$field] = $bean->getFieldDefinition($field); + $isSensitive = !empty($fieldlist[$field]['sensitive']); + $notApiVisible = !empty($fieldlist[$field]['api-visible']); + + if ($isSensitive || $notApiVisible){ + $log->security("getDisplayValue - trying to access sensitive field"); + throw new BadMethodCallException('Unauthorized'); + } if (is_array($listViewDefs)) { $fieldlist[$field] = array_merge($fieldlist[$field], $listViewDefs); diff --git a/include/utils.php b/include/utils.php index a6e2c4ee3e7..ef9417dabef 100755 --- a/include/utils.php +++ b/include/utils.php @@ -216,6 +216,13 @@ function make_sugar_config(&$sugar_config) 'html', 'htm', ) : $upload_badext, + 'valid_image_ext' => [ + 'gif', + 'png', + 'jpg', + 'jpeg', + 'svg' + ], 'upload_dir' => $upload_dir, // this must be set!! 'upload_maxsize' => empty($upload_maxsize) ? 30000000 : $upload_maxsize, 'allowed_preview' => [ @@ -470,6 +477,13 @@ function get_sugar_config_defaults(): array 'htm', 'phtml', ], + 'valid_image_ext' => [ + 'gif', + 'png', + 'jpg', + 'jpeg', + 'svg' + ], 'upload_maxsize' => 30000000, 'import_max_execution_time' => 3600, // 'use_php_code_json' => returnPhpJsonStatus(), @@ -538,7 +552,7 @@ function get_sugar_config_defaults(): array if (!is_object($locale)) { $locale = new Localization(); } - + $sugar_config_defaults = sugarArrayMerge($locale->getLocaleConfigDefaults(), $sugar_config_defaults); return $sugar_config_defaults; @@ -5871,3 +5885,66 @@ function getAppString($key) return $app_strings[$key]; } + +/** + * Check if has valid image extension + * @param string $fieldName + * @param string $value + * @return bool + */ +function has_valid_image_extension($fieldName, $name) +{ + global $sugar_config; + + $validExtensions = [ + 'gif', + 'png', + 'jpg', + 'jpeg', + 'svg' + ]; + + if (isset($sugar_config['valid_image_ext']) && is_array($sugar_config['valid_image_ext'])){ + $validExtensions = $sugar_config['valid_image_ext']; + } + + return has_valid_extension($fieldName, $name, $validExtensions); +} + +/** + * Check if has valid extension + * @param string $fieldName + * @param string $name + * @param array $validExtensions + * @return bool + */ +function has_valid_extension($fieldName, $name, $validExtensions) +{ + + if ($name === '.' || empty($name)) { + LoggerManager::getLogger()->security("Invalid ext $fieldName : '$name'."); + + return false; + } + + $validExtensions = array_map('strtolower', $validExtensions); + + $parts = explode('.', $name); + + if (empty($parts)) { + LoggerManager::getLogger()->security("Invalid ext $fieldName : '$name'."); + + return false; + } + + $ext = array_pop($parts); + $trimmedValue = preg_replace('/.*\.([^\.]+)$/', '\1', $ext); + + if (!in_array(strtolower($trimmedValue), $validExtensions, true)) { + LoggerManager::getLogger()->security("Invalid $fieldName: '$name'."); + + return false; + } + + return true; +} diff --git a/modules/EmailTemplates/EmailTemplate.php b/modules/EmailTemplates/EmailTemplate.php index 697ff7f1865..b0b2c4bf000 100755 --- a/modules/EmailTemplates/EmailTemplate.php +++ b/modules/EmailTemplates/EmailTemplate.php @@ -905,7 +905,7 @@ private function repairMozaikClears() private function repairEntryPointImages() { - global $sugar_config; + global $sugar_config, $log; // repair the images url at entry points, change to a public direct link for remote email clients.. @@ -914,8 +914,17 @@ private function repairEntryPointImages() $regex = '#]*[\s]+src=[\s]*["\'](' . preg_quote($siteUrl) . '\/index\.php\?entryPoint=download&type=Notes&id=([a-f0-9]{8}\-[a-f0-9]{4}\-[a-f0-9]{4}\-[a-f0-9]{4}\-[a-f0-9]{12})&filename=.+?)["\']#si'; if (preg_match($regex, $html, $match)) { + $splits = explode('.', $match[1]); + $fileExtension = end($splits); + + $toFile = $match[2] . '.' . $fileExtension; + if (is_string($toFile) && !has_valid_image_extension('repair-entrypoint-images-fileext', $toFile)){ + $log->error("repairEntryPointImages | file with invalid extension '$toFile'"); + return; + } + $this->makePublicImage($match[2], $fileExtension); $newSrc = $sugar_config['site_url'] . '/public/' . $match[2] . '.' . $fileExtension; $this->body_html = to_html(str_replace($match[1], $newSrc, $html)); diff --git a/modules/Import/controller.php b/modules/Import/controller.php index c705a3bfcca..0086cba87b5 100755 --- a/modules/Import/controller.php +++ b/modules/Import/controller.php @@ -146,6 +146,16 @@ public function action_RefreshMapping() return; } + if (isset($fileName) && !hasValidFileName('import_refresh_mapping_file_name', str_replace('upload://', '', $fileName))) { + LoggerManager::getLogger()->fatal('Invalid importFile file name'); + return; + } + + if (strpos($fileName, 'phar://') !== false) { + LoggerManager::getLogger()->fatal('Invalid importFile file path'); + return; + } + $delim = $_REQUEST['delim']; if ($delim === '\t') { diff --git a/modules/Project/controller.php b/modules/Project/controller.php index a591fcf96cf..4c23392fbf5 100755 --- a/modules/Project/controller.php +++ b/modules/Project/controller.php @@ -40,15 +40,15 @@ public function action_generate_chart() $project = BeanFactory::newBean('Project'); $project->retrieve($_POST["pid"]); - + //Get project tasks $Task = BeanFactory::getBean('ProjectTask'); $tasks = $Task->get_full_list("order_number", "project_task.project_id = '".$project->id."'"); - + //Get the start and end date of the project in database format $query = "SELECT min(date_start) FROM project_task WHERE project_id = '{$project->id}'"; $start_date = $db->getOne($query); - + $query = "SELECT max(date_finish) FROM project_task WHERE project_id = '{$project->id}'"; $end_date = $db->getOne($query); @@ -347,12 +347,12 @@ public function action_update_chart() //Get specified dates and users $start = $_POST['start']; //$end = $_POST['end']; - $projects = explode(',', $_POST['projects']); - $users = explode(',', $_POST['users']); - $contacts = explode(',', $_POST['contacts']); - $month = $_POST['month']; + $projects = explode(',', $db->quote($_POST['projects'])); + $users = explode(',', $db->quote($_POST['users'])); + $contacts = explode(',', $db->quote($_POST['contacts'])); + $month = is_numeric($_POST['month']) ? $_POST['month'] : '1' ; $flag = $_POST['flag']; - $chart_type = $_POST['chart_type']; + $chart_type = $db->quote($_POST['chart_type']); //$type = $_POST['type']; $start = new DateTime($start); @@ -499,7 +499,7 @@ public function action_Tooltips() } $Task = BeanFactory::getBean('ProjectTask'); - + $tasks = $Task->get_full_list("date_start", "project_task.assigned_user_id = '".$resource_id."' AND ( ( project_task.date_start BETWEEN '".$start_date."' AND '".$end_date."' ) OR ( project_task.date_finish BETWEEN '".$start_date."' AND '".$end_date."' ) OR ( '".$start_date."' BETWEEN project_task.date_start AND project_task.date_finish ) OR ( '".$end_date."' BETWEEN project_task.date_start AND project_task.date_finish ) ) AND (project_id is not null AND project_id <> '') " . $project_where); echo ''; diff --git a/suitecrm_version.php b/suitecrm_version.php index abee9081fd6..977b2142146 100755 --- a/suitecrm_version.php +++ b/suitecrm_version.php @@ -3,5 +3,5 @@ die('Not A Valid Entry Point'); } -$suitecrm_version = '7.12.2'; -$suitecrm_timestamp = '2021-12-14 17:00:00'; +$suitecrm_version = '7.12.3'; +$suitecrm_timestamp = '2022-01-27 12:00:00';