Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/10029 #10558

Open
wants to merge 53 commits into
base: hotfix-7.13.x
Choose a base branch
from
Open

Fix/10029 #10558

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
53 commits
Select commit Hold shift + click to select a range
e9501b3
Fix #9717 - Security Suite Record Group selector doesn't appear when …
SinergiaCRM Aug 1, 2022
5377c9c
Fix #9646 - Display TinyMCE in step 4 of the campaigns form wizard
SinergiaCRM Jul 11, 2022
79238ac
Fix #9574 - Update method to static for module renaming
th-adavidson Jul 7, 2022
dfc9f26
Fix #9499 - Add View Survey Responses Menu item
SinergiaCRM Feb 7, 2022
c900830
Fix #9638 - Elasticsearch issue with accented characters
MikeyJC Jun 2, 2022
9d0c5cb
Fix #9473 - Missing item "Survey" in campainglog_activity_type_dom
SinergiaCRM Jan 26, 2022
29efb03
ElasticSearch Indexing batch error handling
2xaronl Dec 9, 2022
f9bb48b
Fix #99568: Ignore int length when comparing vardefs in newer MySQL v…
JimMackin Sep 15, 2022
0387edc
Clear caches used by Inline Edition
QuickCRM Oct 10, 2022
7f610b1
Fix #9670 - Disabling the user profile option about notification of a…
SinergiaCRM Jul 19, 2022
ba20ee5
FIX #9344 Error in Browsers console after adding tabs to Quickcreate:…
lukio Nov 10, 2022
c19f221
SuiteCRM 7.12.9 Release
jack7anderson7 Jan 23, 2023
ce78d0f
Fix #9665 - Set unique id for "Reset module" button in studio
SinergiaCRM Jul 15, 2022
69f58e5
Closing count bracket before condition
rahulshinde19 Aug 25, 2022
6ea6881
Fix salesagility#9750 - Receive related parameters of type dynamicen…
SinergiaCRM Sep 5, 2022
aefbf45
Fix #4646 - Hard coded messages in Surveys module
jack7anderson7 Oct 19, 2022
327c589
Fix #9835 - Case Updates save bug
ojs87 Dec 2, 2022
3dfbbab
Fix #9873 - Plesk php.ini disable_functions = opcache_get_status
JanSiero Dec 26, 2022
10c3be5
Fix #9871 - Javascript message error when bulk updating all user rec…
SinergiaCRM Dec 23, 2022
34216c2
Fix #9882 - opcache install module copy action
JanSiero Jan 2, 2023
2b429d8
Fix #9883 - Security Groups do not work with modules whose name exce…
SinergiaCRM Jan 3, 2023
cf10f1d
Fix #9909 - Default empty item when creating a new Dropdown field
SinergiaCRM Jan 18, 2023
5f0ac46
Fix #9914 - Update dashboard.scss for dashlet options overflow
2xaronl Jan 27, 2023
e198789
Fix #9926 - Add missing check on product image upload
clemente-raposo Feb 21, 2023
acab37f
Fix #9900 - Conditions doesn't recognize some of the characters set
SinergiaCRM Jan 17, 2023
2d8add6
Update tinymce to 5.10.7
clemente-raposo Feb 23, 2023
58433f2
Update goggle/apiclient to 2.13.0
clemente-raposo Feb 23, 2023
a83a845
Add new modules to unit tests
jack7anderson7 Jan 18, 2023
0805178
Fix Surveys text labels
jack7anderson7 Feb 24, 2023
34d2745
SuiteCRM 7.12.10 Release
jack7anderson7 Feb 24, 2023
0a4c400
Fix #9602 - ProspectLists save function has a duplication issue
eojedapilchik Jul 7, 2022
183801b
Fix #9930 - Recurrent calendar items
QuickCRM Feb 16, 2023
d854507
Fix #9902 - Workflow - Some Date calculations fail with certain formats
SinergiaCRM Jan 18, 2023
f345fe1
Fix #9875 SugarFeed shows 0 seconds ago and negative interval for cer…
abuzarfaris Feb 10, 2023
616c5c6
Fix #9849 - allowed_preview is defined twice in the array
QuickCRM Dec 16, 2022
a2f6474
Fix #9828 - $mod_strings not in scope for line 395 of the same file
gunnicom Nov 21, 2022
460d871
Fix #9817 - Typo
gunnicom Nov 11, 2022
2598487
Fix #9812 - Decimal number calculations workflows
tiefwasserreede Nov 7, 2022
6e45953
Fix #9780 - Popup does not show after creating a user
urdhvatech Oct 10, 2022
1077ebb
Fix #9783 - Compose view quick search
ojs87 Oct 7, 2022
cfa576f
Fix salesagility#9768 - Do not convert link URLs in TinyMCE
SinergiaCRM Sep 14, 2022
d6e2d4c
Fix #9764 - Add extra To addresses to CC field
ojs87 Sep 13, 2022
e8aeed7
Fix #9621 -
SinergiaCRM Jun 17, 2022
d4f82c0
Fix #7759, #8273 - Double compose button in subpanels
pgorod Apr 6, 2022
0b3a522
Fix #9542 - added checks for count methods
JanSiero Feb 7, 2023
ef23047
Fix #9476 - Mass assign security groups only assigns selected on curr…
JackBuchanan Feb 28, 2022
81eff41
Fix #9326 - Adding decimal and float case option for export to use us…
SinergiaCRM Oct 22, 2021
3a3e5e4
Fix #9470 - Set fdow in Calendar popup date selector
SinergiaCRM Jan 26, 2022
66e2a6d
Fix #8897 - Adding missing relationship for SurveyResponses module
SinergiaCRM Oct 22, 2021
5485da8
Fix #9153 - Adding dynamicenum case option for export
SinergiaCRM Oct 22, 2021
c7f5ea6
Fix #10009 - Cannot configure Module Menu Filters on PHP8+
JackBuchanan Apr 3, 2023
4773d60
SuiteCRM 7.12.11 Release
jack7anderson7 Apr 21, 2023
8c61ca4
Fix #10029 - Dashlet not changing on save
jack7anderson7 Apr 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 2 additions & 14 deletions .github/SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,20 +2,8 @@

## Supported Versions

For a complete compatibility matrix, please see the documentation [here](https://docs.suitecrm.com/admin/compatibility-matrix/).

| Version | Supported |
| ------- | ------------------ |
| 7.11.x | :heavy_check_mark: |
| 7.10.x | :heavy_check_mark: |
| ≤7.8.x | :x: |
For a list of supported versions, please see the documentation [Supported Versions](https://docs.suitecrm.com/community/supported-versions/) page.

## Reporting a Vulnerability

We take Security seriously here at SuiteCRM so if you have discovered a security risk report it by
emailing [[email protected]](mailto:[email protected]). This will be delivered to the product team who handle security issues.
Please don't disclose security bugs publicly until they have been handled by the security team.

Your email will be acknowledged within 24 hours during the business week (Mon - Fri), and you’ll receive a more
detailed response to your email within 72 hours during the business week (Mon - Fri) indicating the next steps in
handling your report.
For details on how to report a vulnerability please check our [Security Policy](https://docs.suitecrm.com/community/security-policy/) page.
22 changes: 20 additions & 2 deletions Api/V8/JsonApi/Helper/AttributeObjectHelper.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,24 @@ public function getAttributes(\SugarBean $bean, $fields = null)
{
$bean->fixUpFormatting();

$allowedField = [];

$fieldsToParse = $fields;
if (empty($fields)) {
$fieldsToParse = array_keys($bean->field_defs);
}

foreach ($fieldsToParse ?? [] as $index => $field) {
$isSensitive = isTrue($bean->field_defs[$field]['sensitive'] ?? false);
$notApiVisible = isFalse($bean->field_defs[$field]['api-visible'] ?? true);

if ($isSensitive || $notApiVisible){
continue;
}

$allowedField[$index] = $field;
}

// using the ISO 8601 format for dates
$attributes = array_map(function ($value) {
return is_string($value)
Expand All @@ -38,8 +56,8 @@ public function getAttributes(\SugarBean $bean, $fields = null)
: $value;
}, $bean->toArray());

if ($fields !== null) {
$attributes = array_intersect_key($attributes, array_flip($fields));
if ($allowedField !== null) {
$attributes = array_intersect_key($attributes, array_flip($allowedField));
}

unset($attributes['id']);
Expand Down
14 changes: 13 additions & 1 deletion ModuleInstall/ModuleInstaller.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@
require_once('ModuleInstall/ModuleScanner.php');
define('DISABLED_PATH', 'Disabled');

require_once 'include/SugarCache/SugarCache.php';

class ModuleInstaller
{
public $modules = array();
Expand Down Expand Up @@ -2026,6 +2028,9 @@ public function copy_recursive_with_backup($source, $dest, $backup_path, $uninst
if (is_writable($dest)) {
sugar_touch($dest, filemtime($source));
}
if ((new SplFileInfo($dest))->getExtension() == 'php') {
SugarCache::cleanFile($dest);
}
return(unlink($source));
} else {
$GLOBALS['log']->debug("Can't restore file: " . $source);
Expand All @@ -2043,11 +2048,18 @@ public function copy_recursive_with_backup($source, $dest, $backup_path, $uninst
if (is_writable($rest)) {
sugar_touch($rest, filemtime($dest));
}
if ((new SplFileInfo($rest))->getExtension() == 'php') {
SugarCache::cleanFile($rest);
}
} else {
$GLOBALS['log']->debug("Can't backup file: " . $dest);
}
}
return(copy($source, $dest));
$result = copy($source, $dest);
if ((new SplFileInfo($dest))->getExtension() == 'php') {
SugarCache::cleanFile($dest);
}
return $result;
}
} elseif (!is_dir($source)) {
if ($uninstall) {
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<img width="180px" height="41px" src="https://suitecrm.com/wp-content/uploads/2017/12/logo.png" align="right" />
</a>

# SuiteCRM 7.12.8
# SuiteCRM 7.12.11

[![Build Status](https://travis-ci.org/salesagility/SuiteCRM.svg?branch=hotfix)](https://travis-ci.org/salesagility/SuiteCRM)
[![codecov](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix/graph/badge.svg)](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix)
Expand Down
Loading