SuiteCRM 8.1.1 Release

salesagility · May 24, 2022 · 6f1ee18 · 6f1ee18
1 parent 083c44d
commit 6f1ee18
Show file tree

Hide file tree

Showing 17 changed files with 378 additions and 18 deletions.
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
   <img width="180px" height="41px" src="https://suitecrm.com/wp-content/uploads/2017/12/logo.png" align="right" />
 </a>
 
-# SuiteCRM 8.1.0
+# SuiteCRM 8.1.1
 
 [![LICENSE](https://img.shields.io/github/license/suitecrm/suitecrm.svg)](https://github.com/salesagility/suitecrm/blob/hotfix/LICENSE.txt)
 [![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/salesagility/SuiteCRM-Core/issues)

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-8.1.0
+8.1.1
diff --git a/core/app/common/package.json b/core/app/common/package.json
@@ -1,6 +1,6 @@
 {
   "name": "common",
-  "version": "8.1.0",
+  "version": "8.1.1",
   "peerDependencies": {
     "@angular/common": "^12.1.0",
     "@angular/core": "^12.1.0",

diff --git a/core/app/core/package.json b/core/app/core/package.json
@@ -1,6 +1,6 @@
 {
   "name": "core",
-  "version": "8.1.0",
+  "version": "8.1.1",
   "peerDependencies": {
     "@angular/common": "^12.1.0",
     "@angular/core": "^12.1.0",

diff --git a/core/backend/Data/LegacyHandler/FilterMapper/LegacyFilterMapper.php b/core/backend/Data/LegacyHandler/FilterMapper/LegacyFilterMapper.php
@@ -28,6 +28,7 @@
 namespace App\Data\LegacyHandler\FilterMapper;
 
 use App\Engine\LegacyHandler\LegacyHandler;
+use DBManagerFactory;
 use FilterMapper;
 
 class LegacyFilterMapper extends LegacyHandler
@@ -71,7 +72,13 @@ public function mapFilters(array $criteria, string $type): array
      */
     public function getOrderBy(array $sort): string
     {
-        return $sort['orderBy'] ?? 'date_entered';
+        $this->init();
+
+        $db = DBManagerFactory::getInstance();
+        $result = $db->quote($sort['orderBy'] ?? 'date_entered');
+
+        $this->close();
+        return $result;
     }
 
     /**
@@ -81,6 +88,12 @@ public function getOrderBy(array $sort): string
      */
     public function getSortOrder(array $sort): string
     {
-        return $sort['sortOrder'] ?? 'DESC';
+        $result = $sort['sortOrder'] ?? 'DESC';
+
+        if (in_array(strtolower($result), ['asc', 'desc'])) {
+            return $result;
+        }
+
+        return 'DESC';
     }
 }
diff --git a/core/backend/Data/LegacyHandler/SecurityFiltersTrait.php b/core/backend/Data/LegacyHandler/SecurityFiltersTrait.php
@@ -29,6 +29,7 @@
 namespace App\Data\LegacyHandler;
 
 use ACLController;
+use DBManagerFactory;
 use SecurityGroup;
 use SugarBean;
 
@@ -96,11 +97,12 @@ public function addSecurityWhereClause(SugarBean $bean, string $where, string $t
      */
     public function getOwnerWhere(string $table, string $user_id): string
     {
+        $db = DBManagerFactory::getInstance();
         if (isset($this->field_defs['assigned_user_id'])) {
-            return " $table.assigned_user_id ='$user_id' ";
+            return " $table.assigned_user_id ='" . $db->quote($user_id) . "' ";
         }
         if (isset($this->field_defs['created_by'])) {
-            return " $table.created_by ='$user_id' ";
+            return " $table.created_by ='" . $db->quote($user_id) . "' ";
         }
 
         return '';

diff --git a/core/modules/History/Statistics/Subpanels/SubPanelHistoryLastDate.php b/core/modules/History/Statistics/Subpanels/SubPanelHistoryLastDate.php
@@ -32,6 +32,7 @@
 use App\Statistics\Entity\Statistic;
 use App\Data\LegacyHandler\PresetDataHandlers\SubpanelDataQueryHandler;
 use App\Statistics\Service\StatisticsProviderInterface;
+use DBManagerFactory;
 
 
 /**
@@ -167,8 +168,9 @@ protected function calculateQueryResult($queries, $dateNow, string $id): array
             }
 
             if ($tableName === 'meetings' || $tableName === 'calls') {
+                $db = DBManagerFactory::getInstance();
                 $parts['select'] = "SELECT " . $tableName . ".`date_end` AS `" . $tableName . "_date_end`";
-                $where = "" . $tableName . ".`date_end` <= '$dateNow' AND " . $tableName . ".parent_id = '$id' ";
+                $where = "" . $tableName . ".`date_end` <= '$dateNow' AND " . $tableName . ".parent_id = '" . $db->quote($id). "' ";
                 if (!empty($parts['where'])) {
                     $where = " AND " . $where;
                 }

diff --git a/core/modules/Quotes/Statistics/Subpanels/SubPanelQuotesTotal.php b/core/modules/Quotes/Statistics/Subpanels/SubPanelQuotesTotal.php
@@ -32,6 +32,7 @@
 use App\Data\LegacyHandler\PresetDataHandlers\SubpanelDataQueryHandler;
 use App\Statistics\Service\StatisticsProviderInterface;
 use App\Statistics\StatisticsHandlingTrait;
+use DBManagerFactory;
 
 class SubPanelQuotesTotal extends SubpanelDataQueryHandler implements StatisticsProviderInterface
 {
@@ -71,11 +72,14 @@ public function getData(array $query): Statistic
         $dateNow = date("Y-m-d");
         global $app_strings;
 
+        $db = DBManagerFactory::getInstance();
+        $relateId = $db->quote($id);
+
         $queries = $this->getQueries($module, $id, $subpanel);
         $parts = $queries[0];
         $parts['select'] = 'SELECT q.`expiration`';
         $parts['from'] = ' FROM aos_quotes as q ';
-        $parts['where'] = " WHERE q.`expiration` >= '$dateNow'AND q.deleted = 0  AND (q.billing_account_id = '$id' OR q.billing_contact_id = '$id') ";
+        $parts['where'] = " WHERE q.`expiration` >= '$dateNow' AND q.deleted = 0  AND (q.billing_account_id = '$relateId' OR q.billing_contact_id = '$relateId') ";
         $parts['order_by'] = ' ORDER BY q.expiration ASC LIMIT 1 ';
         $innerQuery = $this->joinQueryParts($parts);
         $result = $this->fetchRow($innerQuery);

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "suitecrm",
-  "version": "8.1.0",
+  "version": "8.1.1",
   "scripts": {
     "ng": "ng",
     "start": "npm run start:shell",

diff --git a/public/legacy/include/portability/ApiBeanMapper/ApiBeanMapper.php b/public/legacy/include/portability/ApiBeanMapper/ApiBeanMapper.php
@@ -39,6 +39,7 @@
 require_once __DIR__ . '/ApiBeanModuleMappers.php';
 require_once __DIR__ . '/ModuleMappers/SavedSearch/SavedSearchMappers.php';
 require_once __DIR__ . '/ModuleMappers/AOP_Case_Updates/CaseUpdatesMappers.php';
+require_once __DIR__ . '/../Bean/Field/Validation/FieldValidatorRegistry.php';
 
 class ApiBeanMapper
 {
@@ -165,6 +166,8 @@ public function toBean(SugarBean $bean, array $values): void
                 continue;
             }
 
+            $this->validate($bean->module_name, $field, $properties, $values[$field] ?? null, $idFields);
+
             $bean->$field = $values[$field];
         }
 
@@ -691,4 +694,35 @@ protected function isIdField($idFields, $field): bool
     {
         return isset($idFields[$field]);
     }
+
+    /**
+     * Validate field
+     * @param string $module
+     * @param string $field
+     * @param array $definition
+     * @param mixed $value
+     * @param array $idFields
+     * @return void
+     */
+    private function validate(string $module, string $field, array $definition, $value, array $idFields): void
+    {
+        $type = $definition['type'];
+
+        if ($this->isIdField($idFields, $field)) {
+            $type = 'id';
+        }
+
+        if ($field === 'id') {
+            $type = 'id';
+        }
+
+        $registry = FieldValidatorRegistry::getInstance();
+
+        $errors = $registry->validate($field, $type, $definition, $value, $module);
+
+        if (!empty($errors)) {
+            $registry->logErrors($errors, 'ApiBeanMapper field validation');
+            throw new InvalidArgumentException("Invalid $field field value ");
+        }
+    }
 }
diff --git a/public/legacy/include/portability/Bean/Field/Validation/FieldValidatorInterface.php b/public/legacy/include/portability/Bean/Field/Validation/FieldValidatorInterface.php
@@ -0,0 +1,37 @@
+<?php
+
+interface FieldValidatorInterface
+{
+    /**
+     * Validate field
+     * @param string $field
+     * @param array $definition
+     * @param mixed $value
+     * @return string error message
+     */
+    public function validate(string $field, array $definition, $value): string;
+
+    /**
+     * Get target type
+     * @return string
+     */
+    public function getType(): string;
+
+    /**
+     * Get validator key
+     * @return string
+     */
+    public function getKey(): string;
+
+    /**
+     * Get target module field
+     * @return string
+     */
+    public function getModuleField(): string;
+
+    /**
+     * Get target module
+     * @return string
+     */
+    public function getModule(): string;
+}
diff --git a/public/legacy/include/portability/Bean/Field/Validation/FieldValidatorRegistry.php b/public/legacy/include/portability/Bean/Field/Validation/FieldValidatorRegistry.php
@@ -0,0 +1,164 @@
+<?php
+
+require_once __DIR__ . '/FieldValidatorInterface.php';
+require_once __DIR__ . '/IdFieldValidator.php';
+require_once __DIR__ . '/../../../Log/ErrorLoggingTrait.php';
+
+class FieldValidatorRegistry
+{
+    use ErrorLoggingTrait;
+    /**
+     * @var FieldValidatorInterface[][][]
+     */
+    protected $typeValidators = [];
+
+    /**
+     * @var FieldValidatorInterface[][][]
+     */
+    protected $moduleFieldValidators = [];
+
+    /**
+     * @var FieldValidatorRegistry
+     */
+    private static $instance;
+
+    /**
+     * FieldValidationRegistry constructor.
+     * Singleton
+     */
+    private function __construct()
+    {
+        $this->add(new IdFieldValidator());
+    }
+
+    /**
+     * Get instance
+     * @return FieldValidatorRegistry
+     */
+    public static function getInstance(): FieldValidatorRegistry
+    {
+        if (empty(self::$instance)) {
+            self::$instance = new FieldValidatorRegistry();
+        }
+
+        return self::$instance;
+    }
+
+    /**
+     * Get type validators
+     * @param string $type
+     * @param string $module
+     * @return FieldValidatorInterface[]
+     */
+    public function getTypeValidators(string $type, string $module = 'default'): array {
+        $defaultModuleValidators = $this->typeValidators['default'] ?? [];
+        $defaultFieldTypeValidators = $defaultModuleValidators[$type] ?? [];
+
+        if ($module !== 'default') {
+            $moduleValidators = $this->typeValidators[$module] ?? [];
+            $fieldTypeValidators = $moduleValidators[$type] ?? [];
+
+            $defaultFieldTypeValidators = array_merge($defaultFieldTypeValidators, $fieldTypeValidators);
+        }
+
+        return $defaultFieldTypeValidators ?? [];
+    }
+
+    /**
+     * Get module field validators
+     * @param string $field
+     * @param string $module
+     * @return FieldValidatorInterface[]
+     */
+    public function getModuleFieldValidators(string $field, string $module = 'default'): array {
+        $defaultModuleValidators = $this->moduleFieldValidators['default'] ?? [];
+        $defaultFieldValidators = $defaultModuleValidators[$field] ?? [];
+
+        if ($module !== 'default') {
+            $moduleValidators = $this->moduleFieldValidators[$module] ?? [];
+            $fieldTypeValidators = $moduleValidators[$field] ?? [];
+
+            $defaultFieldValidators = array_merge($defaultFieldValidators, $fieldTypeValidators);
+        }
+
+        return $defaultFieldValidators ?? [];
+    }
+
+    /**
+     * Get field validators + type validators
+     * @param string $field
+     * @param string $type
+     * @param string $module
+     * @return FieldValidatorInterface[]
+     */
+    public function getValidators(string $field, string $type, string $module = 'default'): array {
+        $fieldValidators = $this->getModuleFieldValidators($field, $module) ?? [];
+        $typeValidators = $this->getTypeValidators($type, $module) ?? [];
+
+        return array_merge($typeValidators, $fieldValidators) ?? [];
+    }
+
+    /**
+     * Get field validators + type validators
+     * @param string $field
+     * @param string $type
+     * @param array $definition
+     * @param mixed $value
+     * @param string $module
+     * @return string[]
+     */
+    public function validate(string $field, string $type, array $definition, $value, string $module = 'default'): array {
+        $validators = $this->getValidators($field, $type, $module);
+
+        if (empty($validators)) {
+            return [];
+        }
+
+
+        $errors = [];
+        foreach ($validators as $key => $validator) {
+            $error = $validator->validate($field, $definition, $value);
+
+            if (!empty($error)) {
+                $errors[$key] = $error;
+            }
+        }
+
+        return $errors;
+    }
+
+    /**
+     * Add validator
+     * @param FieldValidatorInterface $validator
+     */
+    public function add(FieldValidatorInterface $validator): void {
+
+        $type = $validator->getType();
+        $key = $validator->getKey();
+
+        $module = $validator->getModule() ?? 'default';
+        if (empty($module)) {
+            $module = 'default';
+        }
+
+        $field = $validator->getModuleField() ?? 'all';
+        if (empty($field)) {
+            $field = 'all';
+        }
+
+        if ($field !== 'all') {
+            $moduleValidators = $this->moduleFieldValidators[$module] ?? [];
+            $moduleFieldValidators = $moduleValidators[$field] ?? [];
+            $moduleFieldValidators[$key] = $validator;
+            $moduleValidators[$field] = $moduleFieldValidators;
+            $this->moduleFieldValidators[$module] = $moduleValidators;
+            return;
+        }
+
+        $moduleValidators = $this->typeValidators[$module] ?? [];
+        $fieldTypeValidators = $moduleValidators[$type] ?? [];
+        $fieldTypeValidators[$key] = $validator;
+        $moduleValidators[$type] = $fieldTypeValidators;
+        $this->typeValidators[$module] = $moduleValidators;
+    }
+}