[Vtigercrm-commits] [vtiger-commits] r9602 - /vtigercrm/branches/5.0.1/modules/uploads/add2db.php
vtigercrm-commits at vtiger.fosslabs.com
vtigercrm-commits at vtiger.fosslabs.com
Mon Oct 9 07:28:42 EDT 2006
Author: richie
Date: Mon Oct 9 05:28:39 2006
New Revision: 9602
Log:
DG code contibution integrated --Minnie
Modified:
vtigercrm/branches/5.0.1/modules/uploads/add2db.php
Modified: vtigercrm/branches/5.0.1/modules/uploads/add2db.php
==============================================================================
--- vtigercrm/branches/5.0.1/modules/uploads/add2db.php (original)
+++ vtigercrm/branches/5.0.1/modules/uploads/add2db.php Mon Oct 9 05:28:39 2006
@@ -11,11 +11,14 @@
require_once('include/database/PearDatabase.php');
require_once('include/utils/utils.php');
+require_once('include/logging.php');
+global $log;
global $current_user;
$vtigerpath = $_SERVER['REQUEST_URI'];
$vtigerpath = str_replace("/index.php?module=uploads&action=add2db", "", $vtigerpath);
$crmid = $_REQUEST['return_id'];
+$log->debug("DGDEBUG In add2db.php");
// Arbitrary File Upload Vulnerability fix - Philip
$binFile = $_FILES['filename']['name'];
@@ -53,6 +56,48 @@
$query .= $current_id."','".$current_user->id."','".$current_user->id."','".$_REQUEST['return_module'].' Attachment'."','".$description."',".$date_var.")";
$result = $adb->query($query);
+ # Added by DG 26 Oct 2005
+ # Attachments added to contacts are also added to their accounts
+ $log->debug("DGDEBUG Here's the test:");
+ $log->debug("DGDEBUG return_module: ".$_REQUEST['return_module']);
+ if ($_REQUEST['return_module'] == 'Contacts')
+ {
+ $log->debug("DGDEBUG Passed the test.");
+ $crmid = $_REQUEST['return_id'];
+ $query = 'select accountid from vtiger_contactdetails where contactid='.$crmid;
+ $log->debug("DGDEBUG Running query: ".$query);
+ $result = $adb->query($query);
+ if($adb->num_rows($result) != 0)
+ {
+ $log->debug("DGDEBUG Returned a row");
+ $associated_account = $adb->query_result($result,0,"accountid");
+ # Now make sure that we haven't already got this attachment associated to this account
+ # Hmmm... if this works, should we NOT upload the attachment again, and just set the relation for the contact too?
+ $log->debug("DGDEBUG Associated Account: ".$associated_account);
+ $query = "select name,attachmentsize from vtiger_attachments where name= '".$filename."'";
+ $result = $adb->query($query);
+ if($adb->num_rows($result) != 0)
+ {
+ $log->debug("DGDEBUG Matched a row");
+ # Whoops! We matched the name. Is it the same size?
+ $dg_size = $adb->query_result($result,0,"attachmentsize");
+ $log->debug("DGDEBUG: These should be the same size: ".$dg_size." ".$filesize);
+ if ($dg_size == $filesize)
+ {
+ # Yup, it is probably the same file
+ $associated_account = '';
+ }
+ }
+ }
+ else
+ {
+ $associated_account = '';
+ }
+ }
+ # DG 19 June 2006
+ # Strip out single quotes from filenames
+ $filename = preg_replace('/\'/', '', $filename);
+
$sql = "insert into vtiger_attachments values(";
$sql .= $current_id.",'".$filename."','".$description."','".$filetype."','".$upload_filepath."')";
$result = $adb->query($sql);
@@ -61,6 +106,17 @@
$sql1 = "insert into vtiger_seattachmentsrel values('";
$sql1 .= $crmid."','".$current_id."')";
$result = $adb->query($sql1);
+
+ # Added by DG 26 Oct 2005
+ # Attachments added to contacts are also added to their accounts
+ if ($associated_account)
+ {
+ $log->debug("DGDEBUG: inserting into vtiger_seattachmentsrel from add2db 2");
+ $sql1 = "insert into vtiger_seattachmentsrel values('";
+ $sql1 .= $associated_account."','".$current_id."')";
+ $log->debug("DGDEBUG: Here's the query: ".$sql1);
+ $result = $adb->query($sql1);
+ }
echo '<script>window.opener.location.href = window.opener.location.href;self.close();</script>';
}
More information about the vtigercrm-commits
mailing list