2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM Community Edition is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2012 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
48 var $_hide_clear_button = false;
51 * Creates a new Popup_Picker object. Controls displaying of single select and multi select popups
54 function Popup_Picker()
56 global $currentModule, $popupMeta;
58 // cn: bug 12269 - directory navigation attack - detect and stop.
59 if(isset($_REQUEST['metadata']) && strpos($_REQUEST['metadata'], "..") !== false)
60 die("Directory navigation attack denied.");
61 if(empty($popupMeta)){
62 if(!empty($_REQUEST['metadata']) && $_REQUEST['metadata'] != 'undefined') // if custom metadata is requested
63 require_once('modules/' . $currentModule . '/metadata/' . $_REQUEST['metadata'] . '.php');
65 require_once('modules/' . $currentModule . '/metadata/popupdefs.php');
67 $this->_popupMeta = $popupMeta;
69 require_once('modules/' . $currentModule . '/' . $this->_popupMeta['moduleMain'] . '.php');
70 if(isset($this->_popupMeta['create']['formBase']) && isset($_REQUEST['create']) && $_REQUEST['create'] == 'true') { // include create form
71 require_once('modules/' . $currentModule . '/' . $this->_popupMeta['create']['formBase']);
72 $this->_create = true;
79 function _get_where_clause()
82 $whereClauses = array();
83 if(isset($_REQUEST['query']))
85 foreach(array_keys($this->_popupMeta['whereClauses']) as $key) {
86 append_where_clause($whereClauses, $key, $this->_popupMeta['whereClauses'][$key]);
89 $where = generate_where_statement($whereClauses);
91 if(!empty($this->_popupMeta['whereStatement'])){
92 if(!empty($where))$where .= ' AND ';
93 $where .= $this->_popupMeta['whereStatement'];
102 function process_page()
107 global $currentModule;
108 global $app_list_strings, $sugar_version, $sugar_config;
110 $output_html = "<script type=\"text/javascript\" src=\"" . getJSPath('include/javascript/sugar_3.js'). "\"></script>";
113 if(empty($_REQUEST[$currentModule . '_' . strtoupper($this->_popupMeta['moduleMain']) . '_offset'])) {
114 $_POST[$currentModule . '_' . strtoupper($this->_popupMeta['moduleMain']) . '_offset'] = '';
116 if(empty($_REQUEST['saved_associated_data'])) {
117 $_POST['saved_associated_data'] = '';
119 $where = $this->_get_where_clause();
123 $formBase = new $this->_popupMeta['create']['formBaseClass']();
124 if(isset($_REQUEST['doAction']) && $_REQUEST['doAction'] == 'save')
126 $formBase->handleSave('', false, true);
129 $lbl_save_button_title = $app_strings['LBL_SAVE_BUTTON_TITLE'];
130 $lbl_save_button_key = $app_strings['LBL_SAVE_BUTTON_KEY'];
131 $lbl_save_button_label = $app_strings['LBL_SAVE_BUTTON_LABEL'];
133 // TODO: cleanup the construction of $addform
134 $prefix = empty($this->_popupMeta['create']['getFormBodyParams'][0]) ? '' : $this->_popupMeta['create']['getFormBodyParams'][0];
135 $mod = empty($this->_popupMeta['create']['getFormBodyParams'][1]) ? '' : $this->_popupMeta['create']['getFormBodyParams'][1];
136 $formBody = empty($this->_popupMeta['create']['getFormBodyParams'][2]) ? '' : $this->_popupMeta['create']['getFormBodyParams'][2];
138 $getFormMethod = (empty($this->_popupMeta['create']['getFormMethod']) ? 'getFormBody' : $this->_popupMeta['create']['getFormMethod']);
139 $formbody = $formBase->$getFormMethod($prefix, $mod, $formBody);
141 $addform = '<table><tr><td nowrap="nowrap" valign="top">'
142 . str_replace('<br>', '</td><td nowrap="nowrap" valign="top"> ', $formbody)
143 . '</td></tr></table>'
144 . '<input type="hidden" name="action" value="Popup" />';
146 <input type="hidden" name="create" value="true">
147 <input type="hidden" name="popup" value="true">
148 <input type="hidden" name="to_pdf" value="true">
149 <input type="hidden" name="return_module" value="$currentModule">
150 <input type="hidden" name="return_action" value="Popup">
151 <input type="submit" name="button" class="button" title="$lbl_save_button_title" value=" $lbl_save_button_label " />
152 <input type="button" name="button" class="button" title="{$app_strings['LBL_CANCEL_BUTTON_TITLE']}" accesskey="{$app_strings['LBL_CANCEL_BUTTON_KEY']}" value="{$app_strings['LBL_CANCEL_BUTTON_LABEL']}" onclick="toggleDisplay('addform');" />
154 // if metadata contains custom inputs for the quickcreate
155 if(!empty($this->_popupMeta['customInput']) && is_array($this->_popupMeta['customInput'])) {
156 foreach($this->_popupMeta['customInput'] as $key => $value)
157 $formSave .= '<input type="hidden" name="' . $key . '" value="'. $value .'">\n';
159 $createButtonTranslation = translate($this->_popupMeta['create']['createButton']);
160 $createButton = <<<EOQ
161 <input type="button" id="showAdd" name="showAdd" class="button" value="{$createButtonTranslation}" onclick="toggleDisplay('addform');" />
163 $addformheader = get_form_header($createButtonTranslation, $formSave, false);
168 // search request inputs
169 $searchInputs = array();
170 foreach($this->_popupMeta['searchInputs'] as $input)
171 $searchInputs[$input] = empty($_REQUEST[$input]) ? '' : $_REQUEST[$input];
173 $request_data = empty($_REQUEST['request_data']) ? '' : $_REQUEST['request_data'];
174 $hide_clear_button = empty($_REQUEST['hide_clear_button']) && empty($this->_hide_clear_button) ? false : true;
175 $button = '<script>eval("var request_data = " + window.document.forms[\'popup_query_form\'].request_data.value);</script>';
177 if(isset($_REQUEST['mass'])) {
178 foreach(array_unique($_REQUEST['mass']) as $record) {
179 $button .= "<input style='display: none' checked type='checkbox' name='mass[]' value='$record'>\n";
183 //START:FOR MULTI-SELECT
184 $multi_select = false;
185 if (!empty($_REQUEST['mode']) && strtoupper($_REQUEST['mode']) == 'MULTISELECT') {
186 $multi_select = true;
187 $button .= "<input type='hidden' name='mode' value='MultiSelect'>";
188 $button .= "<input type='button' name='button' class='button' onclick=\"send_back_selected('$currentModule',document.MassUpdate,'mass[]','" .$app_strings['ERR_NOTHING_SELECTED']."', request_data.field_to_name_array);\" title='"
189 .$app_strings['LBL_SELECT_BUTTON_TITLE']."' value=' "
190 .$app_strings['LBL_SELECT_BUTTON_LABEL']." ' />\n";
193 //END:FOR MULTI-SELECT
194 if(!$hide_clear_button)
196 $button .= "<input type='button' name='button' class='button' onclick=\"send_back('','');\" title='"
197 .$app_strings['LBL_CLEAR_BUTTON_TITLE']."' value=' "
198 .$app_strings['LBL_CLEAR_BUTTON_LABEL']." ' />\n";
200 $button .= "<input type='submit' name='button' class='button' onclick=\"window.close();\" title='"
201 .$app_strings['LBL_CANCEL_BUTTON_TITLE']."' value=' "
202 .$app_strings['LBL_CANCEL_BUTTON_LABEL']." ' />\n";
204 if(isset($this->_popupMeta['templateForm'])) {
205 $form = new XTemplate($this->_popupMeta['templateForm']);
208 $form = new XTemplate('modules/' . $currentModule . '/Popup_picker.html');
211 $form->assign('MOD', $mod_strings);
212 $form->assign('APP', $app_strings);
213 $form->assign('THEME', $theme);
214 $form->assign('MODULE_NAME', $currentModule);
215 $form->assign('request_data', $request_data);
219 $form->assign('CREATEBUTTON', $createButton);
220 $form->assign('ADDFORMHEADER', $addformheader);
221 $form->assign('ADDFORM', $addform);
225 if(isset($this->_popupMeta['className'])) $seed_bean = new $this->_popupMeta['className']();
226 else $seed_bean = new $this->_popupMeta['moduleMain']();
228 // assign search inputs to xtemplates
229 foreach(array_keys($searchInputs) as $key) {
230 if(!empty($_REQUEST[$key]) && (isset($seed_bean->field_name_map[$key]['type']) && $seed_bean->field_name_map[$key]['type'] == 'bool')) {
231 $form->assign(strtoupper($key), ' checked ');
233 $form->assign(strtoupper($key), $searchInputs[$key]);
237 if($this->_create) $form->assign('CREATE', 'true');
238 else $form->assign('CREATE', 'false');
241 if(isset($this->_popupMeta['selectDoms']))
242 foreach($this->_popupMeta['selectDoms'] as $key => $value) {
243 $form->assign($key, get_select_options_with_id($app_list_strings[$value['dom']], $value['searchInput']));
246 $form->assign('MULTI_SELECT', !empty($_REQUEST['mode']) ? strtoupper($_REQUEST['mode']) : '');
249 insert_popup_header($theme);
250 $output_html .= ob_get_contents();
253 $output_html .= get_form_header($mod_strings['LBL_SEARCH_FORM_TITLE'], '', false);
255 $form->parse('main.SearchHeader');
256 $output_html .= $form->text('main.SearchHeader');
258 // Reset the sections that are already in the page so that they do not print again later.
259 $form->reset('main.SearchHeader');
261 $ListView = new ListView();
262 $ListView->show_select_menu = false;
263 $ListView->show_delete_button = false;
264 $ListView->show_export_button = false;
265 $ListView->process_for_popups = true;
266 $ListView->setXTemplate($form);
268 $ListView->multi_select_popup = $multi_select;
269 $ListView->xTemplate->assign('TAG_TYPE', 'A');
270 if(isset($this->_popupMeta['listTitle'])) {
271 $ListView->setHeaderTitle($this->_popupMeta['listTitle']);
274 $ListView->setHeaderTitle($mod_strings['LBL_LIST_FORM_TITLE']);
276 $ListView->setHeaderText($button);
277 $ListView->setQuery($where, '', $this->_popupMeta['orderBy'], $this->_popupMeta['varName']);
278 $ListView->setModStrings($mod_strings);
281 $ListView->processListView($seed_bean, 'main', $this->_popupMeta['varName']);
282 $output_html .= ob_get_contents();
284 $json = getJSONobj();
286 // decode then encode to escape "'s
287 $output_html .= "</form>
288 <script type=\"text/javascript\">
289 function save_checks(offset) {
290 checked_ids = Array();
291 for (i = 0; i < document.MassUpdate.elements.length; i++){
292 if(document.MassUpdate.elements[i].name == 'mass[]' && document.MassUpdate.elements[i].checked) {
294 temp_string += '\"' + document.MassUpdate.elements[i].value + '\": {';
295 for(the_key in associated_javascript_data[document.MassUpdate.elements[i].value]) {
296 temp_string += '\"' + the_key + '\":\"' + associated_javascript_data[document.MassUpdate.elements[i].value][the_key] + '\",';
298 temp_string = temp_string.substring(0,temp_string.length - 1);
300 checked_ids.push(temp_string);
303 document.MassUpdate.saved_associated_data.value = escape('{' + checked_ids.join(',') + '}');
305 document.MassUpdate.action.value = \"Popup\";
306 document.MassUpdate.$currentModule" . '_' . strtoupper($this->_popupMeta['moduleMain']) . '_offset.value = offset;
307 document.MassUpdate.submit();
309 // reassigned the saved data from the saved checks
310 if(typeof(document.MassUpdate) != \'undefined\' && document.MassUpdate.saved_associated_data.value != \'\') {
311 temp_array = ' . (!empty($_REQUEST['saved_associated_data']) ? $json->encode($json->decode(urldecode($_REQUEST['saved_associated_data']))) : '\'\'') . ';
312 for(the_key in temp_array) {
313 associated_javascript_data[the_key] = temp_array[the_key];
317 // save checks across pages for multiselects
318 if(typeof(document.MassUpdate) != "undefined") {
319 checked_items = Array();
320 inputs_array = document.MassUpdate.elements;
322 for(wp = 0 ; wp < inputs_array.length; wp++) {
323 if(inputs_array[wp].name == "mass[]" && inputs_array[wp].style.display == "none") {
324 checked_items.push(inputs_array[wp].value);
327 for(i in checked_items) {
328 for(wp = 0 ; wp < inputs_array.length; wp++) {
329 if(inputs_array[wp].name == "mass[]" && inputs_array[wp].value == checked_items[i]) {
330 inputs_array[wp].checked = true;
336 $output_html .= insert_popup_footer();
339 } // end of class Popup_Picker