From 436f4210ed42ea37d86951b428b0bf18b38cf7c2 Mon Sep 17 00:00:00 2001 From: Jack Anderson Date: Thu, 2 Nov 2023 13:57:10 +0000 Subject: [PATCH] SuiteCRM 7.12.14 Release --- ModuleInstall/ModuleScanner.php | 2 + README.md | 2 +- download.php | 2 +- files.md5 | 51 +++--- include/Dashlets/DashletGeneric.php | 2 +- include/Dashlets/DashletGenericChart.php | 2 +- include/HtmlSanitizer.php | 117 +++++++++---- include/utils.php | 22 ++- include/utils/php_zip_utils.php | 11 +- .../src_files/include/javascript/jquery.js | 4 - .../AOS_PDF_Templates/AOS_PDF_Templates.php | 6 +- .../Administration/language/en_us.lang.php | 1 + modules/Documents/Document.php | 2 +- modules/Emails/Email.php | 6 +- modules/Home/SubpanelCreates.php | 6 +- modules/Import/sources/ImportFile.php | 26 +-- modules/InboundEmail/InboundEmail.php | 7 +- modules/InboundEmail/language/en_us.lang.php | 1 + modules/SurveyResponses/Lines/Lines.php | 6 +- modules/UpgradeWizard/commit.php | 6 + .../jjwg_Areas/javascript/jquery-1.4.2.min.js | 154 ------------------ .../jjwg_Areas/javascript/jquery-1.8.0.min.js | 2 - .../jjwg_Areas/views/view.area_edit_map.php | 4 +- .../jjwg_Maps/DataTables/media/js/jquery.js | 2 - modules/jjwg_Maps/controller.php | 12 +- .../jjwg_Maps/javascript/jquery-1.8.0.min.js | 2 - modules/jjwg_Maps/views/view.map_markers.php | 2 +- suitecrm_version.php | 4 +- 28 files changed, 198 insertions(+), 266 deletions(-) delete mode 100755 jssource/src_files/include/javascript/jquery.js delete mode 100755 modules/jjwg_Areas/javascript/jquery-1.4.2.min.js delete mode 100755 modules/jjwg_Areas/javascript/jquery-1.8.0.min.js delete mode 100755 modules/jjwg_Maps/DataTables/media/js/jquery.js delete mode 100755 modules/jjwg_Maps/javascript/jquery-1.8.0.min.js diff --git a/ModuleInstall/ModuleScanner.php b/ModuleInstall/ModuleScanner.php index 919c9fb2049..914f24b6f85 100755 --- a/ModuleInstall/ModuleScanner.php +++ b/ModuleInstall/ModuleScanner.php @@ -602,6 +602,8 @@ public function scanFile($file) } $contents = file_get_contents($file); if (!$this->isPHPFile($contents)) { + $issues[] = translate('ML_INVALID_PHP_FILE', 'Administration'); + $this->issues['file'][$file] = $issues; return $issues; } $tokens = @token_get_all($contents); diff --git a/README.md b/README.md index cadbda0cda6..03994493561 100755 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ -# SuiteCRM 7.12.13 +# SuiteCRM 7.12.14 [![Build Status](https://travis-ci.org/salesagility/SuiteCRM.svg?branch=hotfix)](https://travis-ci.org/salesagility/SuiteCRM) [![codecov](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix/graph/badge.svg)](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix) diff --git a/download.php b/download.php index 717c2a7ebcc..e644fbb4717 100755 --- a/download.php +++ b/download.php @@ -272,7 +272,7 @@ $row['file_ext'] = pathinfo($name, PATHINFO_EXTENSION); } - if (in_array($row['file_ext'], $allowedPreview, true)) { + if (!empty($row['file_ext']) && in_array($row['file_ext'], $allowedPreview, true)) { $showPreview = isset($_REQUEST['preview']) && $_REQUEST['preview'] === 'yes' && $mime_type !== 'text/html'; } diff --git a/files.md5 b/files.md5 index 866db8759ad..1f5970ed18f 100755 --- a/files.md5 +++ b/files.md5 @@ -1,5 +1,5 @@ '69a1e7b3d7755a2a63499a16ddae81cf', './Api/Core/Config/slim.php' => 'b134e68765e6a1403577e2a5a06322b8', @@ -103,7 +103,7 @@ $md5_string = array ( './LICENSE.txt' => 'd3f150e4a5bed444763ebe8a81742a95', './ModuleInstall/ExtensionManager.php' => 'e9699caa01beb5c4fdae7cc9c8cc4bc6', './ModuleInstall/ModuleInstaller.php' => '3b475e896de4476bffaa026184bef72a', - './ModuleInstall/ModuleScanner.php' => '5bd029e1955c5c243ce4cc567cc99367', + './ModuleInstall/ModuleScanner.php' => '69fa36d934d483cba1f80cec577a0385', './ModuleInstall/PackageManager/ListViewPackages.php' => 'dd40ddc497010be809cb03c63499ac4f', './ModuleInstall/PackageManager/PackageController.php' => '03db58edbce570e532e1c55dbb657889', './ModuleInstall/PackageManager/PackageManager.php' => 'ad764627f0515370ef800ba88dfe49e8', @@ -116,7 +116,7 @@ $md5_string = array ( './ModuleInstall/PackageManager/tpls/PackageManagerLicense.tpl' => 'df5e267d1df5ce08fb9406e42d5b4816', './ModuleInstall/PackageManager/tpls/PackageManagerScripts.tpl' => '98e396c0aa57329731fda19c790fffb2', './ModuleInstall/extensions.php' => '094f4650261f6efbab1b90b119829388', - './README.md' => '7f18bd75a95720a9e6ac03ba4e1de94f', + './README.md' => '67869ab12bf3b94a2bb6b6ddf09f9f5e', './RoboFile.php' => '045b82c1df69553824d0e4ffcce6e03c', './SugarSecurity.php' => '47e316b2d408e8c5192c8ea4a4f921b3', './TreeData.php' => '32873e20cb5fd33f9d1cdaf18c3cac5c', @@ -525,7 +525,7 @@ $md5_string = array ( './data/SugarBean.php' => '29f70a2ff02ffea10630200a90e7b0a0', './deprecated.php' => 'f5f507fd6314f38d29c97e2cc2c62239', './dictionary.php' => 'b7c1370fb75a2940c04db74627c4462c', - './download.php' => 'ffc5806938cc1f888c7ddedb79f7bedf', + './download.php' => 'deaf5c4453b9dc23d8b11a6e7829ade3', './emailmandelivery.php' => 'e079e094dd3d4e361670a179f50b1fdd', './export.php' => '138c918c6590f83908ad67ef3dab26df', './ical_server.php' => '36acd0eb4bdabcdb8c70497b5cc79d16', @@ -533,10 +533,10 @@ $md5_string = array ( './include/Dashlets/Dashlet.php' => '91c1cde556ac8143c3b06ee71dc588b4', './include/Dashlets/DashletCacheBuilder.php' => '98a49e1176f330a59598e764ce0c6359', './include/Dashlets/DashletFooter.tpl' => '63e2f0394e217d1f0dcd196182e9e3a3', - './include/Dashlets/DashletGeneric.php' => 'b109e8009b7868743772014e3b0c1e3e', + './include/Dashlets/DashletGeneric.php' => '90a65f376f5baf4801f40c56d8dd9e31', './include/Dashlets/DashletGenericAutoRefresh.tpl' => '0f10a2b69155ed5e4410ac4d38e0f2b7', './include/Dashlets/DashletGenericAutoRefreshDynamic.tpl' => '089ffd3373df9108b5186a3f8f4d74a2', - './include/Dashlets/DashletGenericChart.php' => 'aa6e3b5add4fe39ea7e4849e35ba46db', + './include/Dashlets/DashletGenericChart.php' => '77af1816e1a6d9834b5f2403e6a41548', './include/Dashlets/DashletGenericChartConfigure.tpl' => '9f96a9502f11a433a8bd6922fbb12b83', './include/Dashlets/DashletGenericConfigure.tpl' => '48f74b38e7d5b0fe2604716a12657948', './include/Dashlets/DashletGenericDisplay.tpl' => 'c80c7333525eec262638be62b297b0df', @@ -583,7 +583,7 @@ $md5_string = array ( './include/HTTP_WebDAV_Server/Tools/_parse_proppatch.php' => '0470fafdca7c8b29ccbd4efef2e452f0', './include/HTTP_WebDAV_Server/dav.txt' => 'c5235ed64efa685da638c6dcdb6a9708', './include/HTTP_WebDAV_Server/license.txt' => 'a45bb1bbeed9e26b26c5763df1d3913d', - './include/HtmlSanitizer.php' => 'efcd753e725f16eb9212bc3bb2ed2cff', + './include/HtmlSanitizer.php' => 'fa20ab50f192064c9bbf5ef5b414ff03', './include/Imap/ImapHandler.php' => 'dbabb67c1d5c7d66dd0e9848a5d1956a', './include/Imap/ImapHandlerException.php' => '43d045dace421f51ad30eab02e1d1e91', './include/Imap/ImapHandlerFactory.php' => '0b015e476295d1edaa6bd55fe0717cf7', @@ -2384,14 +2384,14 @@ $md5_string = array ( './include/utils/layout_utils.php' => 'f1bfbecd81ffaea9483b39ee7925a523', './include/utils/logic_utils.php' => 'df0882131989fd10f9855cc3b66d4572', './include/utils/mvc_utils.php' => '38de4382713debfb1cbbe33442a8fc5b', - './include/utils/php_zip_utils.php' => 'fd759e7471d677391672e08f00f805eb', + './include/utils/php_zip_utils.php' => 'f2e832f6233283c7f5c42247ccd415ed', './include/utils/progress_bar_utils.php' => '4f5a6b35107d886de7b9e89a7a6d53f6', './include/utils/recaptcha_disabled.tpl' => '4c252c4595a636c6c4da465073c71f8d', './include/utils/recaptcha_enabled.tpl' => 'c99f2dfafa79e047697b69d4e9d8b4be', './include/utils/recaptcha_utils.php' => '73f5eddf707788c1dff4b7d07dc82656', './include/utils/security_utils.php' => 'e953d0b673df3df313ecf1ac975e8f57', './include/utils/sugar_file_utils.php' => '1c1915cad8c88feb0edbf5bbaee106c4', - './include/utils.php' => '80454524089c3b5c7c48a4bd4572c0aa', + './include/utils.php' => 'b7926809902daadf441df61871214d6e', './include/vCard.php' => '44052bbedcdaba3fdf67cfc10a112e75', './include/ytree/ExtNode.php' => '000d4ccbdb6e0a7628c636128781b5e3', './include/ytree/JQueryTree.php' => '3712d2224b93818b990b876f8405b745', @@ -2550,7 +2550,6 @@ $md5_string = array ( './jssource/src_files/include/javascript/importWizard.js' => '14a471f8264f098a09120a794db0f23b', './jssource/src_files/include/javascript/include.js' => 'f5eebf525217f709a81cbeb9d671c77b', './jssource/src_files/include/javascript/iscroll.js' => 'b6c232e3c54b2a1320b22c7ad920c842', - './jssource/src_files/include/javascript/jquery.js' => '219073097031d9c1a95a1291d66f3a10', './jssource/src_files/include/javascript/jsclass_async.js' => '6d2f3226cf797a3830fb0f96a49b8b2c', './jssource/src_files/include/javascript/jsclass_base.js' => '0e99f15d99c783d457d96e3198c0cb95', './jssource/src_files/include/javascript/menu.js' => '8e8add77d513333cc56ff829c23befbe', @@ -3421,7 +3420,7 @@ $md5_string = array ( './modules/AOS_Line_Item_Groups/language/en_us.lang.php' => 'd37c1dadfc78cc7fcea0d9c4979a074a', './modules/AOS_Line_Item_Groups/vardefs.php' => '46060ba279f6cb09a03bde31e4df3c5c', './modules/AOS_PDF_Templates/AOS_PDF_Templates.js' => '7fcfe37015e01fd38c820a4bb0cd781e', - './modules/AOS_PDF_Templates/AOS_PDF_Templates.php' => '50b2c744b3ba75223314c7872294ed80', + './modules/AOS_PDF_Templates/AOS_PDF_Templates.php' => '71ba4fb2c6279f44e458f24c8a34f501', './modules/AOS_PDF_Templates/AOS_PDF_Templates_sugar.php' => '992b26786dccf17e92fa7114a1e9876f', './modules/AOS_PDF_Templates/Dashlets/AOS_PDF_TemplatesDashlet/AOS_PDF_TemplatesDashlet.meta.php' => 'dc00131c990ff4134d6bc822e354f794', './modules/AOS_PDF_Templates/Dashlets/AOS_PDF_TemplatesDashlet/AOS_PDF_TemplatesDashlet.php' => '8f97c6ce7e0796bd1708a99152a9947c', @@ -3755,7 +3754,7 @@ $md5_string = array ( './modules/Administration/index.tpl' => 'e2267cd142b9509c13eaed32180e5e88', './modules/Administration/javascript/Administration.js' => '3548a43145e0b00b880d50fce62126f6', './modules/Administration/javascript/Async.js' => '7cda344ae778c0633b8941dcc6fd2bd6', - './modules/Administration/language/en_us.lang.php' => '86d83c01b69b776d1552f94b066724a7', + './modules/Administration/language/en_us.lang.php' => 'ce918b939cb150b4d5322d288dc642f2', './modules/Administration/metadata/SearchFields.php' => '678fb87cfc3b3e95d7e7ea8a72d8da16', './modules/Administration/metadata/adminpaneldefs.php' => 'f4a4741b7165c657d017869bdc10bc67', './modules/Administration/ncc_config.php' => '643e7a46ad14a6aed7431c6679362b95', @@ -4359,7 +4358,7 @@ $md5_string = array ( './modules/Documents/Dashlets/MyDocumentsDashlet/MyDocumentsDashlet.meta.php' => '6395a7dee7a518dcf67466193f6843da', './modules/Documents/Dashlets/MyDocumentsDashlet/MyDocumentsDashlet.php' => 'eae0fb058a00f2c6c9d7d1b344123832', './modules/Documents/Delete.php' => '2b72fce384c5da744b0fa4ce34308e49', - './modules/Documents/Document.php' => '2ef16f55488c50d97a422dc301506da2', + './modules/Documents/Document.php' => 'f81ef6a52992762634149ccdd3a9811d', './modules/Documents/DocumentExternalApiDropDown.php' => 'ec6c00f1da1ee4fbf7b1975ff7339b73', './modules/Documents/DocumentPopupPicker.php' => '1d40656390377251fd352a2dd72b8b5e', './modules/Documents/DocumentSoap.php' => '1341b97fc14652e84807feb290d8aba4', @@ -4569,7 +4568,7 @@ $md5_string = array ( './modules/Emails/Dashlets/MyEmailsDashlet/MyEmailsDashlet.meta.php' => '31dc1ea85cee70a8abab57f66cd77684', './modules/Emails/Dashlets/MyEmailsDashlet/MyEmailsDashlet.php' => 'ca55901c82bab1060a87e98af0ca524f', './modules/Emails/Delete.php' => '9c783f1e16850cfe4de22d719d7ce8ca', - './modules/Emails/Email.php' => 'da0933084b76101c68fec1d4d355d78d', + './modules/Emails/Email.php' => 'c9b163e9af52444985ea2f855679bf22', './modules/Emails/EmailException.php' => '360377b7b2b00fc5d6bb9935c3c92a3f', './modules/Emails/EmailFromValidator.php' => '275e4e1167d68361483e18bae111fdc3', './modules/Emails/EmailUI.css' => '79ef2b93606dc4b6d4e04b679c0b898f', @@ -4869,7 +4868,7 @@ $md5_string = array ( './modules/Home/RenameDashboardPages.php' => 'a53ff577efe538faa0c5e6da60c965bf', './modules/Home/SaveSubpanelLayout.php' => 'f318bd2fb19c1cded433f061c6aff87f', './modules/Home/Search.php' => '36224951ebbcafc53026913c9d362a81', - './modules/Home/SubpanelCreates.php' => 'cb4f90e57c71a02058d28fd8b1344b69', + './modules/Home/SubpanelCreates.php' => 'fb29da9f155224855bf2f94e501fc5fa', './modules/Home/SubpanelEdits.php' => 'bf409b605f1138f675bad999c0310c2c', './modules/Home/UnifiedSearch.php' => '1ea2510cfd52f732433b4b88d3efca04', './modules/Home/UnifiedSearchAdvanced.php' => '65a8d1ea3af7f33e5d7d6663162f85da', @@ -4912,7 +4911,7 @@ $md5_string = array ( './modules/Import/maps/ImportMapTab.php' => '992343b262b205982ef2b51142ee8259', './modules/Import/sources/ExternalSourceEAPMAdapter.php' => 'f199a12b3c8b4aa6ac6d615f538b2bab', './modules/Import/sources/ImportDataSource.php' => '1576a0726829780073e4668a08d9b418', - './modules/Import/sources/ImportFile.php' => 'd558a166e1e26a3f38bbf0c9774b9bc4', + './modules/Import/sources/ImportFile.php' => '1e36d14c766a51c68a3788d32229e8e7', './modules/Import/tpls/confirm.tpl' => '2d689a3c97b5a725fd61b9bc41e31ff4', './modules/Import/tpls/confirm_table.tpl' => '14ecd4b787bb194be69597000f64766a', './modules/Import/tpls/dupcheck.tpl' => '83dbbb14d49269bcfa14222551ee4ad4', @@ -4946,7 +4945,7 @@ $md5_string = array ( './modules/InboundEmail/EditView.html' => '785f83b87c343cc1d8fbf27e5208472a', './modules/InboundEmail/EditView.php' => '220f324796e33920332b9b432c7a952f', './modules/InboundEmail/InboundEmail.js' => 'f37733f6ef00da52b9230d9168f13a29', - './modules/InboundEmail/InboundEmail.php' => 'bcf0be4d1881f5e94eed744775b1a672', + './modules/InboundEmail/InboundEmail.php' => '8be721cc45d8b912d02540c5c6c17028', './modules/InboundEmail/ListView.html' => '8b0dd15b6993338cccd5bb39ae7184d4', './modules/InboundEmail/ListView.php' => 'dda0cffd64113ebf057d34ab35e637e6', './modules/InboundEmail/Menu.php' => 'eed62ccb742c392298bc1dfe9878eb97', @@ -4958,7 +4957,7 @@ $md5_string = array ( './modules/InboundEmail/View.html' => 'aeaf0daf6157c5a74738a47145576ee0', './modules/InboundEmail/field_arrays.php' => '8daa51b73ea6499fbf2ab18767c0fe78', './modules/InboundEmail/index.php' => '22be0681c56292809306913fb48f3178', - './modules/InboundEmail/language/en_us.lang.php' => 'bfa663d5408d00baaa1631d53ff123a2', + './modules/InboundEmail/language/en_us.lang.php' => 'c108ce15da68f0b3da381364eb56665b', './modules/InboundEmail/temp.php' => '181b066ddeb4e0acbd93ec891ab2fb6f', './modules/InboundEmail/tpls/checkImap.tpl' => 'e6ffd2a625f24091435894426d47016c', './modules/InboundEmail/tpls/systemSettingsForm.tpl' => 'f9fd7244167a1822c4673637ba9db2ba', @@ -5804,7 +5803,7 @@ $md5_string = array ( './modules/SurveyQuestions/vardefs.php' => '16b43a905861d58fded0e354af9feadf', './modules/SurveyResponses/Dashlets/SurveyResponsesDashlet/SurveyResponsesDashlet.meta.php' => '2029533f5e4a8cfb20f444e576ed6f4f', './modules/SurveyResponses/Dashlets/SurveyResponsesDashlet/SurveyResponsesDashlet.php' => '8f47633dd50fbad4126ce188893de260', - './modules/SurveyResponses/Lines/Lines.php' => 'dd2ecbdc3c1b29da73f4a1717ba5b0ba', + './modules/SurveyResponses/Lines/Lines.php' => '988205d9e9557b8d7ab8c4a90d117421', './modules/SurveyResponses/Menu.php' => '3b2c2396d71dfddccdb0b98746a288f0', './modules/SurveyResponses/SurveyResponses.php' => '63d5a947ac39277353387f12d5270f2a', './modules/SurveyResponses/language/en_us.lang.php' => '568e6587ec744766727cc387357f334c', @@ -5934,7 +5933,7 @@ $md5_string = array ( './modules/UpgradeWizard/UpgradeRemoval.php' => '096349be5f1f92a27c92e7f7cd9d2e54', './modules/UpgradeWizard/UploadFileCheck.php' => '2c5fa62ee12c728b5a7f6ef5db6e0c11', './modules/UpgradeWizard/cancel.php' => '4c75c6f9d0aba4f6e92c280e8d0da048', - './modules/UpgradeWizard/commit.php' => '8ecfd0308e2163c6c4538f75cfec32c0', + './modules/UpgradeWizard/commit.php' => 'b017ecd0a6f9d8effcd40cbba6862bde', './modules/UpgradeWizard/commitJson.php' => 'ee4ba0d32434641623d0a5640b2c5092', './modules/UpgradeWizard/deleteCache.php' => '470b767cd3878224be42bb061718f9f3', './modules/UpgradeWizard/end.php' => '2f9479befa990b4071724584b76e21bd', @@ -6088,8 +6087,6 @@ $md5_string = array ( './modules/jjwg_Areas/Dashlets/jjwg_AreasDashlet/jjwg_AreasDashlet.php' => '49ba8401049b6891d05e0a5db18213fb', './modules/jjwg_Areas/Menu.php' => 'db9a041ba4d987d61dce99facd0bc0a7', './modules/jjwg_Areas/controller.php' => '4607aeb9392caa8b4a41f91199ee7f69', - './modules/jjwg_Areas/javascript/jquery-1.4.2.min.js' => 'df0ff7fe7cd0e9795a02c58de82f6d69', - './modules/jjwg_Areas/javascript/jquery-1.8.0.min.js' => '3a728460147fb9af7faf0e587b9fbf42', './modules/jjwg_Areas/javascript/polygon.js' => '5564f16134124604a92deca440f9cb5b', './modules/jjwg_Areas/javascript/polygon.min.js' => '88c68030af6b2ed0a1be070a38895d5b', './modules/jjwg_Areas/jjwg_Areas.php' => 'e284c622e94a90f9a2fb665d4b470644', @@ -6114,7 +6111,7 @@ $md5_string = array ( './modules/jjwg_Areas/views/view.area_detail_map.config.php' => 'a4a1a2db6e299ba0bf21d666eba81cc8', './modules/jjwg_Areas/views/view.area_detail_map.php' => 'c54cce1ad4fa2a235364dbcf3d89fde8', './modules/jjwg_Areas/views/view.area_edit_map.config.php' => '0370581c39d39d559563d56a038e7585', - './modules/jjwg_Areas/views/view.area_edit_map.php' => '0f999a08cf533ec592cbbbcae75e0560', + './modules/jjwg_Areas/views/view.area_edit_map.php' => '3b4c873f16a096eec30ba6b6f7f9341f', './modules/jjwg_Maps/Dashlets/jjwg_MapsDashlet/jjwg_MapsDashlet.meta.php' => 'c1e36a9c7a7ea0c8e5f5f361549a7403', './modules/jjwg_Maps/Dashlets/jjwg_MapsDashlet/jjwg_MapsDashlet.php' => '6c643a18dc80bfd7bb4657d02688d964', './modules/jjwg_Maps/DataTables/media/css/demo_page.css' => 'c44a3deb74de1d0bef75378b3349808d', @@ -6135,12 +6132,10 @@ $md5_string = array ( './modules/jjwg_Maps/DataTables/media/images/sort_desc_disabled.png' => 'bda51e15154a18257b4f955a222fd66f', './modules/jjwg_Maps/DataTables/media/js/jquery.dataTables.js' => '28e78e8c1897d5a8bcf7e18b2f2ba0b6', './modules/jjwg_Maps/DataTables/media/js/jquery.dataTables.min.js' => '114c26084cb472c6a5f8b58908472ad7', - './modules/jjwg_Maps/DataTables/media/js/jquery.js' => '1d14cd3798bc4d6aaf65dd625870723f', './modules/jjwg_Maps/DataTables/media/language/en_us.lang.js' => '9e19e7e9a539a1d5be8497664ee526e2', './modules/jjwg_Maps/Menu.php' => '395a879d1c60de5c2259e7619fcbfae6', - './modules/jjwg_Maps/controller.php' => 'f6da38aa56afe0377e0516919dacb7a8', + './modules/jjwg_Maps/controller.php' => 'f446812d998bda11d1f66afd769e33c8', './modules/jjwg_Maps/entry_point_registry.php' => 'dd4912e7404b060ee9d641b257f062ad', - './modules/jjwg_Maps/javascript/jquery-1.8.0.min.js' => '3a728460147fb9af7faf0e587b9fbf42', './modules/jjwg_Maps/javascript/jquery.iframe-auto-height.plugin.1.9.3.js' => 'eca62fdb5373049723a1bd397a53dbe0', './modules/jjwg_Maps/javascript/jquery.iframe-auto-height.plugin.1.9.3.min.js' => '2b37e15942fea54fdb2914f539e3669b', './modules/jjwg_Maps/javascript/markerclusterer.js' => '219761245abf10089f85d78d167ce9f8', @@ -6179,7 +6174,7 @@ $md5_string = array ( './modules/jjwg_Maps/views/view.geocoding_test.php' => '30b44061a5aa17b57a471cbfe7b3d7a9', './modules/jjwg_Maps/views/view.map_display.php' => 'af4105ad376402e53078bdf6dc2d5476', './modules/jjwg_Maps/views/view.map_markers.config.php' => '5621247ba5c6f27010336bf2d28a1b3c', - './modules/jjwg_Maps/views/view.map_markers.php' => '9c365198abb0f56f20e0ef1a6d58e94e', + './modules/jjwg_Maps/views/view.map_markers.php' => '7b7e69ec8b0245a68e325e6ee5af644c', './modules/jjwg_Maps/views/view.quick_radius.php' => 'f72434e2dcaba162a9b73ceaca764792', './modules/jjwg_Maps/views/view.quick_radius_display.php' => 'd282094ab293017e5a14d3e3df78ee51', './modules/jjwg_Markers/Dashlets/jjwg_MarkersDashlet/jjwg_MarkersDashlet.meta.php' => '5b84b577c76e37039b2c82b54fdf7994', @@ -6282,7 +6277,7 @@ $md5_string = array ( './soap.php' => 'e28988c2e0b8e2c484587b537a710525', './sugar_version.json' => 'bdfbcefae2f9af559bef6a36367df7bb', './sugar_version.php' => 'db7b6c8d51f87879fce1e6172eedfbed', - './suitecrm_version.php' => '845918436e2f220106def3626ab9def8', + './suitecrm_version.php' => 'e8a52cba126e5e8628d58120fe59f8b0', './themes/SuiteP/css/Dawn/color-palette.scss' => 'e64677d79e1d68c069bdc2dc661c4f99', './themes/SuiteP/css/Dawn/icons.scss' => 'd59f8c5855e7a8df09542a663835a196', './themes/SuiteP/css/Dawn/select.ico' => '22393ad23f16c3f1462455bae8f20279', diff --git a/include/Dashlets/DashletGeneric.php b/include/Dashlets/DashletGeneric.php index 598d5508473..8247fa8f6a7 100755 --- a/include/Dashlets/DashletGeneric.php +++ b/include/Dashlets/DashletGeneric.php @@ -541,7 +541,7 @@ public function saveOptions($req) } } if (!empty($req['dashletTitle'])) { - $options['title'] = $req['dashletTitle']; + $options['title'] = htmlentities(html_entity_decode($req['dashletTitle'])); } // Don't save the options for myItemsOnly if we're not even showing the options. diff --git a/include/Dashlets/DashletGenericChart.php b/include/Dashlets/DashletGenericChart.php index f99915b33e4..005258e34b4 100755 --- a/include/Dashlets/DashletGenericChart.php +++ b/include/Dashlets/DashletGenericChart.php @@ -229,7 +229,7 @@ public function saveOptions( } if (!empty($req['dashletTitle'])) { - $options['title'] = $req['dashletTitle']; + $options['title'] = htmlentities(html_entity_decode($req['dashletTitle'])); } $options['autoRefresh'] = empty($req['autoRefresh']) ? '0' : $req['autoRefresh']; diff --git a/include/HtmlSanitizer.php b/include/HtmlSanitizer.php index 776350a6c7e..e16e4fe96d3 100644 --- a/include/HtmlSanitizer.php +++ b/include/HtmlSanitizer.php @@ -24,7 +24,7 @@ class HtmlSanitizer /** * SugarCleaner constructor. */ - public function __construct() + public function __construct(array $extraConfigs = []) { $configurator = new \Configurator(); $sugar_config = $configurator->config; @@ -36,29 +36,31 @@ public function __construct() create_cache_directory("htmlclean/"); } - $config->set('HTML.Doctype', 'XHTML 1.0 Transitional'); - $config->set('Core.Encoding', 'UTF-8'); + $baseConfigs = []; + $baseConfigs['HTML.Doctype'] = 'XHTML 1.0 Transitional'; + $baseConfigs['Core.Encoding'] = 'UTF-8'; $hidden_tags = array('script' => true, 'style' => true, 'title' => true, 'head' => true); - $config->set('Core.HiddenElements', $hidden_tags); - $config->set('Cache.SerializerPath', sugar_cached("htmlclean")); - $config->set('URI.Base', isset($sugar_config['site_url']) ? $sugar_config['site_url'] : null); - $config->set('CSS.Proprietary', true); - $config->set('HTML.TidyLevel', 'light'); - $config->set('HTML.ForbiddenElements', array('body' => true, 'html' => true)); - $config->set('AutoFormat.RemoveEmpty', true); - $config->set('Cache.SerializerPermissions', 0775); - $config->set('Filter.ExtractStyleBlocks.TidyImpl', false); + $baseConfigs['Core.HiddenElements'] = $hidden_tags; + $baseConfigs['URI.Base'] = $sugar_config['site_url'] ?? null; + $baseConfigs['CSS.Proprietary'] = true; + $baseConfigs['HTML.TidyLevel'] = 'light'; + $baseConfigs['HTML.ForbiddenElements'] = array('body' => true, 'html' => true); + $baseConfigs['AutoFormat.RemoveEmpty'] = true; + $baseConfigs['Cache.SerializerPermissions'] = 0775; + $baseConfigs['Filter.ExtractStyleBlocks.TidyImpl'] = false; if (!empty($sugar_config['html_allow_objects'])) { - $config->set('HTML.SafeObject', true); - $config->set('HTML.SafeEmbed', true); + $baseConfigs['HTML.SafeObject'] = true; + $baseConfigs['HTML.SafeEmbed'] = true; } - $config->set('Output.FlashCompat', true); - $config->set('Filter.Custom', array(new HTMLPurifierFilterXmp())); - $config->set('HTML.DefinitionID', 'Sugar HTML Def'); - $config->set('HTML.DefinitionRev', 2); - $config->set('Cache.SerializerPath', sugar_cached('htmlclean/')); - $config->set('Attr.EnableID', true); - $config->set('Attr.IDPrefix', 'sugar_text_'); + $baseConfigs['Output.FlashCompat'] = true; + $baseConfigs['Filter.Custom'] = array(new HTMLPurifierFilterXmp()); + $baseConfigs['HTML.DefinitionID'] = 'Sugar HTML Def'; + $baseConfigs['HTML.DefinitionRev'] = 2; + $baseConfigs['Cache.SerializerPath'] = sugar_cached('htmlclean/'); + $baseConfigs['Attr.EnableID'] = true; + $baseConfigs['Attr.IDPrefix'] = 'sugar_text_'; + + $this->applyConfigs($baseConfigs, $extraConfigs, $config); if ($def = $config->maybeGetRawHTMLDefinition()) { $iframe = $def->addElement( @@ -109,20 +111,43 @@ public static function getInstance() * @return string clean html */ public static function cleanHtml($dirtyHtml, $removeHtml = false) + { + return self::getInstance()->clean($dirtyHtml, $removeHtml); + } + + /** + * @param $dirtyHtml + * @param bool $isEncoded + * @return string + */ + public static function stripTags($dirtyHtml, $isEncoded = true) + { + if ($isEncoded) { + $dirtyHtml = from_html($dirtyHtml); + } + $dirtyHtml = filter_var($dirtyHtml, FILTER_SANITIZE_STRIPPED, FILTER_FLAG_NO_ENCODE_QUOTES); + return $isEncoded ? to_html($dirtyHtml) : $dirtyHtml; + } + + /** + * @param string $dirtyHtml + * @param bool $removeHtml + * @return string + */ + public function clean(string $dirtyHtml, bool $removeHtml): string { // $encode_html previously effected the decoding process. // we should decode regardless, just in case, the calling method passing encoded html //Prevent that the email address in Outlook format are removed $pattern = '/(.*)(<([a-zA-Z0-9.!#$%&\'*+\=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*)>)(.*)/'; $replacement = '${1}<${3}> ${4}'; - $dirtyHtml = preg_replace($pattern, $replacement, $dirtyHtml); + $dirtyHtml = preg_replace($pattern, $replacement, $dirtyHtml); $dirty_html_decoded = html_entity_decode($dirtyHtml); // Re-encode html if ($removeHtml === true) { // remove all HTML tags - $sugarCleaner = self::getInstance(); - $purifier = $sugarCleaner->purifier; + $purifier = $this->purifier; $clean_html = $purifier->purify($dirty_html_decoded); } else { // encode all HTML tags @@ -133,16 +158,44 @@ public static function cleanHtml($dirtyHtml, $removeHtml = false) } /** - * @param $dirtyHtml - * @param bool $isEncoded - * @return string + * @param array $baseConfigs + * @param array $extraConfigs + * @param \HTMLPurifier_Config $config */ - public static function stripTags($dirtyHtml, $isEncoded = true) + protected function applyConfigs(array $baseConfigs, array $extraConfigs, \HTMLPurifier_Config $config): void { - if ($isEncoded) { - $dirtyHtml = from_html($dirtyHtml); + $configKeys = array_keys($baseConfigs); + if (!empty($extraConfigs)) { + $configKeys = array_merge($configKeys, array_keys($extraConfigs)); + } + + foreach ($configKeys as $configKey) { + // no base config, set the custom config + if (!isset($baseConfigs[$configKey])) { + $config->set($configKey, $extraConfigs[$configKey]); + continue; + } + + // no extra config, set the base config + if (!isset($extraConfigs[$configKey])) { + $config->set($configKey, $baseConfigs[$configKey]); + continue; + } + + // both values are arrays, merge and set + if (is_array($baseConfigs[$configKey]) && is_array($extraConfigs[$configKey])) { + $config->set($configKey, array_merge($baseConfigs[$configKey], $extraConfigs[$configKey])); + continue; + } + + // custom value does not match base value type, keep base value + if (is_array($baseConfigs[$configKey]) && !is_array($extraConfigs[$configKey])) { + $config->set($configKey, $baseConfigs[$configKey]); + continue; + } + + //Override base value with custom value + $config->set($configKey, $extraConfigs[$configKey]); } - $dirtyHtml = filter_var($dirtyHtml, FILTER_SANITIZE_STRIPPED, FILTER_FLAG_NO_ENCODE_QUOTES); - return $isEncoded ? to_html($dirtyHtml) : $dirtyHtml; } } diff --git a/include/utils.php b/include/utils.php index 244674e7da5..3fa5502d5f2 100755 --- a/include/utils.php +++ b/include/utils.php @@ -231,7 +231,6 @@ function make_sugar_config(&$sugar_config) 'upload_dir' => $upload_dir, // this must be set!! 'upload_maxsize' => empty($upload_maxsize) ? 30000000 : $upload_maxsize, 'allowed_preview' => [ - 'pdf', 'gif', 'png', 'jpeg', @@ -280,6 +279,10 @@ function make_sugar_config(&$sugar_config) 'min_cron_interval' => 30, // minimal interval between cron jobs ), 'strict_id_validation' => false, + 'legacy_email_behaviour' => false, + 'valid_imap_ports' => [ + '110', '143', '993', '995' + ] ); } @@ -495,7 +498,6 @@ function get_sugar_config_defaults(): array 'bmp' ], 'allowed_preview' => [ - 'pdf', 'gif', 'png', 'jpeg', @@ -569,6 +571,10 @@ function get_sugar_config_defaults(): array 'enable' => true, 'gc_probability' => 1, 'gc_divisor' => 100, + ], + 'legacy_email_behaviour' => false, + 'valid_imap_ports' => [ + '110', '143', '993', '995' ] ]; @@ -2627,7 +2633,7 @@ function securexss($uncleanString) $partialString = str_replace(array_keys($xss_cleanup), $xss_cleanup, $uncleanString); $antiXss = new AntiXSS(); - $antiXss->removeEvilAttributes(['style']); + $antiXss->removeEvilAttributes(['style', 'onerror']); return $antiXss->xss_clean($partialString); } @@ -2651,21 +2657,23 @@ function securexsskey($value, $die = true) * @param string|null $value * @return string */ -function purify_html(?string $value): string { +function purify_html(?string $value, array $extraOptions = []): string { if (($value ?? '') === '') { return ''; } - $cleanedValue = htmlentities(SugarCleaner::cleanHtml($value, true)); + $sanitizer = new SuiteCRM\HtmlSanitizer($extraOptions); + + $cleanedValue = htmlentities($sanitizer->clean($value, true)); $decoded = html_entity_decode($cleanedValue); $doubleDecoded = html_entity_decode($decoded); if (stripos($decoded, ' - + - + diff --git a/suitecrm_version.php b/suitecrm_version.php index 8ddf03c50c5..29510e512c2 100755 --- a/suitecrm_version.php +++ b/suitecrm_version.php @@ -3,5 +3,5 @@ die('Not A Valid Entry Point'); } -$suitecrm_version = '7.12.13'; -$suitecrm_timestamp = '2023-10-03 12:00:00'; +$suitecrm_version = '7.12.14'; +$suitecrm_timestamp = '2023-11-14 12:00:00';