7.11.13

SinergiaTIC · Mar 24, 2020 · 571cbfa · 571cbfa
1 parent 9a3588b
commit 571cbfa
Show file tree

Hide file tree

Showing 11 changed files with 102 additions and 85 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -187,6 +187,7 @@ Dockerfile text eol=lf
 /codacy.yml export-ignore
 /codeception.dist.yml export-ignore
 /.codecov.yml export-ignore
+/.php_cs.dist export-ignore
 /.travis.yml export-ignore
 travis.php.ini export-ignore
 /.phpcs.xml export-ignore

diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
   <img width="180px" height="41px" src="https://suitecrm.com/wp-content/uploads/2017/12/logo.png" align="right" />
 </a>
 
-# SuiteCRM 7.11.12
+# SuiteCRM 7.11.13
 
 [![Build Status](https://travis-ci.org/salesagility/SuiteCRM.svg?branch=hotfix)](https://travis-ci.org/salesagility/SuiteCRM)
 [![codecov](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix/graph/badge.svg)](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix)
@@ -47,8 +47,6 @@ This project exists thanks to all the people who [contribute](https://github.com
 You wanna buy the **core team** a coffee :coffee: or beer :beer:?
 Then consider a small [donation](https://opencollective.com/SuiteCRM/contribute) to help fuel our activities :heart:
 
-<img src="https://github.com/samus-aran.png" width="50"> <img src="https://github.com/dillon-brown.png" width="50"> <img src="https://github.com/cameronblaikie.png" width="50"> <img src="https://github.com/code-ph0y.png" width="50"> <img src="https://github.com/gymad.png" width="50"> <img src="https://github.com/willrennie.png" width="50"> <img src="https://github.com/Mac-Rae.png" width="50">
-
 ### Security ###
 
 We take security seriously here at SuiteCRM so if you have discovered a security risk report it by

diff --git a/files.md5 b/files.md5
diff --git a/include/SugarFolders/SugarFolders.php b/include/SugarFolders/SugarFolders.php
@@ -373,6 +373,8 @@ public function setSubscriptions($subs, $user = null)
             }
         }
 
+        $this->clearSubscriptions($user);
+
         foreach ($cleanSubscriptions as $id) {
             $this->insertFolderSubscription($id, $user->id);
         }
@@ -546,7 +548,7 @@ public function getListItemsForEmailXML($folderId, $page = 1, $pageSize = 10, $s
 
         $return = array();
 
-        $email = new Email(); //Needed for email specific functions.
+        $email = BeanFactory::newBean('Emails'); //Needed for email specific functions.
 
         while ($a = $this->db->fetchByAssoc($r)) {
             $temp = array();
@@ -729,16 +731,22 @@ public function retrieveFoldersForProcessing($user, $subscribed = true)
             }
         }
 
-
-
         if (empty($found)) {
             LoggerManager::getLogger()->error(
                 ' SugarFolder::retrieveFoldersForProcessing() Cannot Retrieve Folders - '.
                 'Please check the users inbound email settings.'
             );
         }
 
-        return $return;
+        $secureReturn = [];
+
+        foreach ($return as $item) {
+            if ($item->isgroup === 1 || $item['created_by'] === $user->id || is_admin($user)) {
+                $secureReturn[] = $item;
+            }
+        }
+
+        return $secureReturn;
     }
 
     /**

diff --git a/modules/Administration/UpgradeWizard.php b/modules/Administration/UpgradeWizard.php
@@ -107,7 +107,7 @@ function unlinkTempFiles()
             $base_filename = urldecode($tempFile);
         } elseif (!empty($_REQUEST['load_module_from_dir'])) {
             $moduleDir = $_REQUEST['load_module_from_dir'];
-            if (strpos($moduleDir, 'phar://') === 0) {
+            if (strpos($moduleDir, 'phar://') !== false) {
                 die();
             }
             //copy file to proper location then call performSetup

diff --git a/modules/Import/views/view.step3.php b/modules/Import/views/view.step3.php
@@ -122,7 +122,7 @@ public function display()
 
         $uploadFileName = $_REQUEST['file_name'];
 
-        if (strpos($uploadFileName, 'phar://') === 0) {
+        if (strpos($uploadFileName, 'phar://') !== false) {
             return;
         }
 

diff --git a/modules/UpgradeWizard/UploadFileCheck.php b/modules/UpgradeWizard/UploadFileCheck.php
@@ -53,11 +53,11 @@
 
 $json = getJSONobj();
 $file_name = $json->decode(html_entity_decode($_REQUEST['file_name']));
- if (isset($file_name['jsonObject']) && $file_name['jsonObject'] != null) {
-     $file_name = $file_name['jsonObject'];
- }
+if (isset($file_name['jsonObject']) && $file_name['jsonObject'] != null) {
+    $file_name = $file_name['jsonObject'];
+}
 
-if (strpos($file_name, 'phar://') === 0) {
+if (strpos($file_name, 'phar://') !== false) {
     return;
 }
 

diff --git a/modules/UpgradeWizard/uw_utils.php b/modules/UpgradeWizard/uw_utils.php
@@ -78,7 +78,7 @@ function implodeVersion($version, $size = 0, $lastSymbol = '', $delimiter = '')
     $parsedVersion = array_slice($parsedVersion, 0, $size);
     if ($lastSymbol !== '') {
         array_pop($parsedVersion);
-        array_push($parsedVersion, $lastSymbol);
+        $parsedVersion[] = $lastSymbol;
     }
 
     return implode($delimiter, $parsedVersion);
@@ -176,8 +176,6 @@ function commitMakeBackupFiles($rest_dir, $install_file, $unzip_dir, $zip_from_d
 function commitCopyNewFiles($unzip_dir, $zip_from_dir, $path='')
 {
     logThis('Starting file copy process...', $path);
-    global $sugar_version;
-    $backwardModules='';
 
     $modules = getAllModules();
     $backwardModules = array();
@@ -192,13 +190,13 @@ function commitCopyNewFiles($unzip_dir, $zip_from_dir, $path='')
         }
     }
 
+    $zipPath = clean_path($unzip_dir . '/' . $zip_from_dir);
     $newFiles = new RecursiveIteratorIterator(
         new RecursiveDirectoryIterator(
-            clean_path($unzip_dir . '/' . $zip_from_dir),
+            $zipPath,
             RecursiveDirectoryIterator::SKIP_DOTS | RecursiveIteratorIterator::SELF_FIRST
         )
     );
-    $zipPath = clean_path($unzip_dir . '/' . $zip_from_dir);
 
     // handle special do-not-overwrite conditions
     $doNotOverwrite = array();
@@ -237,8 +235,6 @@ function commitCopyNewFiles($unzip_dir, $zip_from_dir, $path='')
                 continue;
             }
 
-            //logThis('Copying file to destination: ' . $targetFile, $path);
-
             if (!copy($srcFile, $targetFile)) {
                 logThis('*** ERROR: could not copy file: ' . $targetFile, $path);
             } else {
@@ -726,10 +722,7 @@ function deleteChance()
  */
 function upgradeUWFiles($file)
 {
-    global $base_tmp_upgrade_dir;
-
     $cacheUploadUpgradesTemp = mk_temp_dir(sugar_cached("upgrades/temp"));
-    $_SESSION['unzip_dir'] = strstr($cacheUploadUpgradesTemp, $base_tmp_upgrade_dir);
 
     unzip($file, $cacheUploadUpgradesTemp);
 
@@ -1144,7 +1137,7 @@ function checkSystemCompliance()
 
     if (check_php_version() === 1) {
         $ret['phpVersion'] = "<b><span class=go>{$installer_mod_strings['LBL_CHECKSYS_PHP_OK']} ".constant('PHP_VERSION')." )</span></b>";
-    };
+    }
 
     // database and connect
     $canInstall = $db->canInstall();
@@ -1350,7 +1343,7 @@ function updateQuickCreateDefs()
             continue;
         }
         if (file_exists('modules/' . $e . '/metadata/studio.php')) {
-            array_push($studio_modules, $e);
+            $studio_modules[] = $e;
         }
     }
 
@@ -2302,7 +2295,6 @@ function upgradeSugarCache($file)
  */
 function unlinkUploadFiles()
 {
-    return;
     //	logThis('at unlinkUploadFiles()');
 //
 //	if(isset($_SESSION['install_file']) && !empty($_SESSION['install_file'])) {
@@ -2836,7 +2828,7 @@ function parseAndExecuteSqlFile($sqlScript, $forStepQuery='', $resumeFromQuery='
                             if (!$resumeAfterFound) {
                                 if (strpos($query, ",") != false) {
                                     $queArray = explode(",", $query);
-                                    for ($i=0; $i<count($resumeFromQuery); $i++) {
+                                    for ($i=0, $iMax = count($resumeFromQuery); $i< $iMax; $i++) {
                                         if (strcasecmp(trim($resumeFromQuery[$i]), trim($queArray[$i]))==0) {
                                             $resumeAfterFound = true;
                                         } else {
@@ -3125,7 +3117,7 @@ function didThisStepRunBefore($step, $SubStep='')
     if (file_exists($upgrade_progress_file)) {
         include($upgrade_progress_file);
         if (isset($upgrade_config) && $upgrade_config != null && is_array($upgrade_config) && count($upgrade_config) >0) {
-            for ($i=1; $i<=count($upgrade_config); $i++) {
+            for ($i=1, $iMax = count($upgrade_config); $i<= $iMax; $i++) {
                 if (is_array($upgrade_config[$i])) {
                     foreach ($upgrade_config[$i] as $key=>$val) {
                         if ($key==$step) {

diff --git a/modules/Users/authentication/SAML2Authenticate/SAML2Authenticate.php b/modules/Users/authentication/SAML2Authenticate/SAML2Authenticate.php
@@ -42,7 +42,7 @@
     die('Not A Valid Entry Point');
 }
 
-require_once('modules/Users/authentication/SugarAuthenticate/SugarAuthenticate.php');
+require_once __DIR__ . '/../../../../modules/Users/authentication/SugarAuthenticate/SugarAuthenticate.php';
 
 /**
  * Returns the XML metadata which can be used to register the SP with the IDP
@@ -76,26 +76,24 @@ class SAML2Authenticate extends SugarAuthenticate
     /**
      * @var OneLogin_Saml2_Auth
      */
-    private $samlLogoutAuth = null;
+    private $samlLogoutAuth;
 
     /**
      * @var array
      */
-    private $samlLogoutArgs = array();
+    private $samlLogoutArgs = [];
 
     /**
      * pre login initialization - use SAML2 to authenticate a user login process
      * @throws OneLogin_Saml2_Error
      */
     public function pre_login()
     {
-        parent::pre_login();
-
-        require_once dirname(dirname(__FILE__)) . '/SAML2Authenticate/lib/onelogin/settings.php';
+        require_once __DIR__ . '/../SAML2Authenticate/lib/onelogin/settings.php';
         $auth = new OneLogin_Saml2_Auth($settingsInfo);
 
-        if (isset($_REQUEST['SAMLResponse']) && $_REQUEST['SAMLResponse']) {
-            if (isset($_SESSION) && isset($_SESSION['AuthNRequestID'])) {
+        if (!empty($_POST['SAMLResponse'])) {
+            if (isset($_SESSION['AuthNRequestID'])) {
                 $requestID = $_SESSION['AuthNRequestID'];
             } else {
                 $requestID = null;
@@ -126,6 +124,17 @@ public function pre_login()
                     // Authenticate with suitecrm
                     $this->redirectToLogin($GLOBALS['app']);
                 }
+            } elseif (!empty($_GET['SAMLResponse']) || (!empty($_GET['SAMLRequest']))) {
+
+                $auth->processSLO();
+
+                $errors = $auth->getErrors();
+                if (!empty($errors)) {
+                    $GLOBALS['log']->warn('SLO errors: ' . implode(', ', $errors));
+                }
+
+                $auth->login();
+                exit;
             }
         } else {
             $auth->login();
@@ -145,7 +154,7 @@ public function redirectToLogin(SugarApplication $app)
                 global $authController;
                 $authController->login($_SESSION['samlNameId'], null);
             }
-            SugarApplication::redirect('index.php');
+            SugarApplication::redirect('index.php?module=Users&action=LoggedOut');
         } else {
             return false;
         }
@@ -157,7 +166,7 @@ public function redirectToLogin(SugarApplication $app)
      */
     public function logout()
     {
-        if ($this->samlLogoutAuth && !empty($this->samlLogoutAuth->getSLOurl())) {
+        if ($this->samlLogoutAuth && $this->samlLogoutAuth->getSLOurl()) {
             $this->samlLogoutAuth->logout(
                 $this->samlLogoutArgs['returnTo'],
                 $this->samlLogoutArgs['parameters'],

diff --git a/modules/Users/authentication/SAML2Authenticate/SAML2AuthenticateUser.php b/modules/Users/authentication/SAML2Authenticate/SAML2AuthenticateUser.php
@@ -42,7 +42,7 @@
     die('Not A Valid Entry Point');
 }
 
-require_once('modules/Users/authentication/SugarAuthenticate/SugarAuthenticateUser.php');
+require_once __DIR__ . '/../../../../modules/Users/authentication/SugarAuthenticate/SugarAuthenticateUser.php';
 
 /**
  * Class SAML2AuthenticateUser
@@ -54,42 +54,51 @@ class SAML2AuthenticateUser extends SugarAuthenticateUser
      * Does the actual authentication of the user and returns an id that will be used
      * to load the current user (loadUserOnSession)
      *
-     * @param STRING $name
-     * @param STRING $password
-     * @param STRING $fallback - is this authentication a fallback from a failed authentication
+     * @param string $name
+     * @param string $password
+     * @param bool $fallback - is this authentication a fallback from a failed authentication
      * @param bool $checkPasswordMD5 use md5 check for user_hash before return the user data (SAML2 default is false)
-     * @return STRING id - used for loading the user
+     * @return string id - used for loading the user
      */
-    public function authenticateUser($name, $password, $fallback=false, $checkPasswordMD5 = false)
+    public function authenticateUser($name, $password, $fallback = false, $checkPasswordMD5 = false)
     {
-        $row = User::findUserPassword($name, null, "(portal_only IS NULL OR portal_only !='1') AND (is_group IS NULL OR is_group !='1') AND status !='Inactive'", $checkPasswordMD5);
+        if (!isset($_SESSION['samlNameId']) || $_SESSION['samlNameId'] !== $name) {
+            return '';
+        }
+
+        $row = User::findUserPassword($name, null,
+            "(portal_only IS NULL OR portal_only !='1') AND (is_group IS NULL OR is_group !='1') AND status !='Inactive'",
+            $checkPasswordMD5);
 
         // set the ID in the seed user.  This can be used for retrieving the full user record later
         //if it's falling back on Sugar Authentication after the login failed on an external authentication return empty if the user has external_auth_disabled for them
         if (empty($row) || empty($row['external_auth_only'])) {
             return '';
-        } else {
-            return $row['id'];
         }
+
+        return $row['id'];
     }
 
     /**
      * this is called when a user logs in
      *
-     * @param STRING $name
-     * @param STRING $password
-     * @param STRING $fallback - is this authentication a fallback from a failed authentication
+     * @param string $name
+     * @param string $password
+     * @param bool $fallback - is this authentication a fallback from a failed authentication
+     * @param array $PARAMS
      * @return boolean
      */
     public function loadUserOnLogin($name, $password, $fallback = false, $PARAMS = array())
     {
-        $GLOBALS['log']->debug("Starting user load for ". $name);
+        $GLOBALS['log']->debug('Starting user load for ' . $name);
         $user_id = $this->authenticateUser($name, null, $fallback);
         if (empty($user_id)) {
-            $GLOBALS['log']->fatal('SECURITY: User authentication for '.$name.' failed');
+            $GLOBALS['log']->fatal('SECURITY: User authentication for ' . $name . ' failed');
+
             return false;
         }
         $this->loadUserOnSession($user_id);
+
         return true;
     }
 }
diff --git a/suitecrm_version.php b/suitecrm_version.php
@@ -3,5 +3,5 @@
     die('Not A Valid Entry Point');
 }
 
-$suitecrm_version = '7.11.12';
-$suitecrm_timestamp = '2020-02-14 17:00:00';
+$suitecrm_version = '7.11.13';
+$suitecrm_timestamp = '2020-03-24 17:00:00';
-Original file line number
+Diff line change
@@ Expand Up / @@ -122,7 +122,7 @@ public function display() @@
             $uploadFileName = $_REQUEST['file_name'];
-            if (strpos($uploadFileName, 'phar://') === 0) {
+            if (strpos($uploadFileName, 'phar://') !== false) {
                 return;
             }
@@ Expand Down @@