See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
-class fa2_2 {
- var $version = '2.2'; // version installed
- var $description = 'Version 2.2';
+class fa2_2 extends fa_patch {
+ var $previous = '2.1'; // applicable database version
+ var $version = '2.2rc'; // version installed
+ var $description;
var $sql = 'alter2.2.sql';
var $preconf = true;
+ var $beta = false; // upgrade from 2.1 or 2.2beta; set in prepare()
- function fa2_2() {
+ function __construct() {
+ global $security_groups;
+ $this->beta = !isset($security_groups);
+ $this->description = _('Upgrade from version 2.1/2.2beta to 2.2');
$this->preconf = fix_extensions();
}
// Install procedure. All additional changes
// not included in sql file should go here.
//
- function install($pref, $force)
+ function install($company, $force=false)
{
- global $db, $systypes_array;
-
- if (!$preconf)
+ global $db, $systypes_array, $db_connections;
+
+ if (!$this->preconf)
return false;
-
+
+ $pref = $db_connections[$company]['tbpref'];
+ // Until 2.2 sanitizing text input with db_escape was not
+ // consequent enough. To avoid comparision problems we have to
+ // fix this now.
+ sanitize_database($pref);
+
+ if ($this->beta) // nothing more to be done on upgrade from 2.2beta
+ return true;
+
// set item category dflt accounts to values from company GL setup
$prefs = get_company_prefs();
- $sql = "UPDATE {$pref}stock_category SET "
+ $sql = "UPDATE ".TB_PREF."stock_category SET "
."dflt_sales_act = '" . $prefs['default_inv_sales_act'] . "',"
."dflt_cogs_act = '". $prefs['default_cogs_act'] . "',"
."dflt_inventory_act = '" . $prefs['default_inventory_act'] . "',"
foreach($systypes_array as $typeno => $typename) {
$info = get_systype_db_info($typeno);
if ($info == null || $info[3] == null) continue;
- $tbl = str_replace(TB_PREF, $pref, $info[0]);
- $sql = "SELECT {$info[2]} as id,{$info[3]} as ref FROM $tbl";
+ $tbl = $info[0];
+ $sql = "SELECT DISTINCT {$info[2]} as id,{$info[3]} as ref FROM $tbl";
if ($info[1])
$sql .= " WHERE {$info[1]}=$typeno";
$result = db_query($sql);
if (db_num_rows($result)) {
while ($row = db_fetch($result)) {
- $res2 = db_query("INSERT INTO {$pref}refs VALUES("
+ $res2 = db_query("INSERT INTO ".TB_PREF."refs VALUES("
. $row['id'].",".$typeno.",'".$row['ref']."')");
if (!$res2) {
display_error(_("Cannot copy references from $tbl")
}
}
}
-/* FIX // restore/init audit_trail data
- $datatbl = array (
- "gl_trans"=> array("type", "type_no","tran_date"),
- "purch_orders" => array("order_no", "'18'", "ord_date"),
- "sales_orders" => array("order_no", "'30'", "ord_date"),
- "workorders" => array("id", "'26'", "date_") );
- foreach ( $datatbl as $tblname => $tbl) {
- $sql = "SELECT {$tbl[0]} as type, {$tbl[1]} as trans, {$tbl[2]} as dat"
- . " FROM {$pref}{$tblname}";
- $result = db_query($sql);
- if (db_num_rows($result)) {
- $user = ;
- $year = ;
- while ($row = db_fetch($result)) {
- $sql2 = "INSERT INTO ".$pref."audit_trail"
- ." (type, trans_no, user, fiscal_year, gl_date, gl_seq) VALUES ("
- . "{$row['type']},{$row['trans']},$user,$year,{$row['dat']},0)";
- $res2 = db_query($sql2);
- if (!$res2) {
- display_error(_("Cannot init audit_trail data")
- .':<br>'. db_error_msg($db));
- return false;
- }
- }
- }
- }
-*/
-
- if (!($ret = db_query("SELECT MAX(`order_no`) FROM `{$pref}sales_orders`")) ||
- !db_num_rows($ret))
- {
- display_error(_('Cannot query max sales order number.'));
- return false;
- }
- $row = db_fetch($ret);
- $max_order = $row[0];
- $next_ref = $max_order+1;
- $sql = "UPDATE `{$pref}sys_types`
- SET `type_no`='$max_order',
- `next_reference`='$next_ref'
- WHERE `type_id`=30";
- if(!db_query($sql))
- {
- display_error(_('Cannot store next sales order reference.'));
- return false;
- }
- return convert_roles($pref);
+ if (!($ret = db_query("SELECT MAX(`order_no`) FROM `".TB_PREF."sales_orders`")) ||
+ !db_num_rows($ret))
+ {
+ display_error(_('Cannot query max sales order number.'));
+ return false;
+ }
+ $row = db_fetch($ret);
+ $max_order = $row[0];
+ $next_ref = $max_order+1;
+ $sql = "UPDATE `".TB_PREF."sys_types`
+ SET `type_no`='$max_order',`next_reference`='$next_ref'
+ WHERE `type_id`=30";
+ if(!db_query($sql))
+ {
+ display_error(_('Cannot store next sales order reference.'));
+ return false;
+ }
+ return convert_roles($pref);
}
//
// Checking before install
//
- function pre_check($pref)
+ function prepare()
{
global $security_groups;
- return isset($security_groups); // true when ok, fail otherwise
- }
- //
- // Test if patch was applied before.
- //
- function installed($pref) {
- $n = 15; // number of features to be installed
- if (check_table($pref, 'company', 'custom1_name')) $n--;
- if (!check_table($pref, 'company', 'profit_loss_year_act')) $n--;
- if (!check_table($pref, 'company', 'login_tout')) $n--;
- if (!check_table($pref, 'stock_category', 'dflt_no_sale')) $n--;
- if (!check_table($pref, 'users', 'sticky_doc_date')) $n--;
- if (!check_table($pref, 'users', 'startup_tab')) $n--;
- if (!check_table($pref, 'cust_branch', 'inactive')) $n--;
- if (!check_table($pref, 'chart_class', 'ctype')) $n--;
- if (!check_table($pref, 'audit_trail')) $n--;
- if (!check_table($pref, 'currencies', 'auto_update')) $n--;
- if (!check_table($pref, 'stock_master','no_sale')) $n--;
- if (!check_table($pref, 'suppliers', 'supp_ref')) $n--;
- if (!check_table($pref, 'users', 'role_id')) $n--;
- if (!check_table($pref, 'sales_orders', 'reference')) $n--;
- if (!check_table($pref, 'tags')) $n--;
- return $n == 0 ? true : 15 - $n;
+
+ if ($this->beta)
+ $this->sql = 'alter2.2rc.sql';
+ // return ok when security groups still defined (upgrade from 2.1)
+ // or usersonline not defined (upgrade from 2.2 beta)
+ $pref = $this->companies[$company]['tbpref'];
+
+ return isset($security_groups) || (check_table($pref, 'usersonline')!=0);
}
};
'SA_SALESBULKREP', 'SA_CUSTSTATREP', 'SA_SUPPLIERANALYTIC',
'SA_SUPPPAYMREP', 'SA_SUPPBULKREP', 'SA_ITEMSVALREP', 'SA_ITEMSANALYTIC',
'SA_BOMREP', 'SA_MANUFBULKREP', 'SA_DIMENSIONREP', 'SA_BANKREP', 'SA_GLREP',
- 'SA_GLANALYTIC', 'SA_TAXREP', 'SA_SALESANALYTIC'),
+ 'SA_GLANALYTIC', 'SA_TAXREP', 'SA_SALESANALYTIC', 'SA_SALESQUOTE'),
3 => array('SA_GLACCOUNTGROUP', 'SA_GLACCOUNTCLASS','SA_PAYMENT',
'SA_DEPOSIT', 'SA_JOURNALENTRY', 'SA_INVENTORYMOVETYPE',
'SA_LOCATIONTRANSFER', 'SA_INVENTORYADJUSTMENT', 'SA_WORKCENTRES',
15 => array('SA_PRINTERS', 'SA_PRINTPROFILE', 'SA_BACKUP', 'SA_USERS',
'SA_POSSETUP'),
20 => array('SA_CREATECOMPANY', 'SA_CREATELANGUAGE', 'SA_CREATEMODULES',
- 'SA_SOFTWAREUPGRADE', 'SA_SECROLES')
+ 'SA_SOFTWAREUPGRADE', 'SA_SECROLES', 'SA_DIMTAGS', 'SA_GLACCOUNTTAGS')
);
$new_ids = array();
foreach ($security_groups as $role_id => $areas) {
}
$sections = array_keys($sections);
sort($sections); sort($area_set);
- import_security_role($pref, $security_headings[$role_id], $sections, $area_set);
+ import_security_role($security_headings[$role_id], $sections, $area_set);
$new_ids[$role_id] = db_insert_id();
}
$result = get_users(true);
}
foreach($users as $old_id => $uids)
foreach( $uids as $id) {
- $sql = "UPDATE {$pref}users set role_id=".$new_ids[$old_id].
+ $sql = "UPDATE ".TB_PREF."users set role_id=".$new_ids[$old_id].
" WHERE id=$id";
$ret = db_query($sql, 'cannot update users roles');
if(!$ret) return false;
return true;
}
-function import_security_role($pref, $name, $sections, $areas)
+function import_security_role($name, $sections, $areas)
{
- $sql = "INSERT INTO {$pref}security_roles (role, description, sections, areas)
+ $sql = "INSERT INTO ".TB_PREF."security_roles (role, description, sections, areas)
VALUES (".db_escape('FA 2.1 '.$name).",".db_escape($name).","
.db_escape(implode(';',$sections)).",".db_escape(implode(';',$areas)).")";
return true; // already converted
if (!is_writable($path_to_root.'/modules/installed_modules.php')) {
- display_error(_('Cannot upgrade extensions system: file /modules/installed_modules.php is no writeable'));
+ display_error(_('Cannot upgrade extensions system: file /modules/installed_modules.php is not writeable'));
return false;
}
$ext['tab'] = $ext['name'];
$ext['name'] = access_string($ext['title'], true);
$ext['path'] = $ext['folder']; unset($ext['folder']);
- $ext['type'] = 'module';
+ $ext['type'] = 'extension';
$ext['active'] = '1';
$exts[] = $ext;
}
- include($path_to_root.'/modules/installed_modules.php');
- foreach($installed_modules as $mod) {
- $mod['title'] = $mod['name'];
- $mod['name'] = access_string($mod['name'], true);
- $mod['type'] = 'plugin';
- $ext['active'] = '1';
- $exts[] = $mod;
- }
if (!write_extensions($exts))
return false;
return true;
}
-$install = new fa2_2;
+/*
+ Find and update all database records with special chars in text fields
+ to ensure all of them are changed to html entites.
+*/
+function sanitize_database($pref, $test = false) {
+
+ if ($test)
+ error_log('Sanitizing database ...');
+
+ $tsql = "SHOW TABLES LIKE '".($pref=='' ? '' : substr($pref,0,-1).'\\_')."%'";
+ $tresult = db_query($tsql, "Cannot select all tables with prefix '$pref'");
+ while($tbl = db_fetch($tresult)) {
+ $table = $tbl[0];
+ $csql = "SHOW COLUMNS FROM $table";
+ $cresult = db_query($csql, "Cannot select column names for table '$table'");
+ $textcols = $keys = array();
+ while($col = db_fetch($cresult)) {
+ if (strpos($col['Type'], 'char')!==false
+ || strpos($col['Type'], 'text')!==false)
+ $textcols[] = '`'.$col['Field'].'`';
+ if ($col['Key'] == 'PRI') {
+ $keys[] = '`'.$col['Field'].'`';
+ }
+ }
-?>
\ No newline at end of file
+ if (empty($keys)) { // comments table have no primary key, so give up
+ continue;
+ }
+ if ($test)
+ error_log("Table $table (".implode(',',$keys)."):(".implode(',',$textcols)."):");
+
+ if (!count($textcols)) continue;
+
+ // fetch all records containing special characters in text fields
+ $sql = "SELECT ".implode(',', array_unique(array_merge($keys,$textcols)))
+ ." FROM {$table} WHERE
+ CONCAT(".implode(',', $textcols).") REGEXP '[\\'\"><&]'";
+ $result = db_query($sql, "Cannot select all suspicious fields in $table");
+
+ // and fix them
+ while($rec= db_fetch($result)) {
+ $sql = "UPDATE {$table} SET ";
+ $val = $key = array();
+ foreach ($textcols as $f) {
+ $val[] = $f.'='.db_escape($rec[substr($f,1,-1)]);
+ }
+ $sql .= implode(',', $val). ' WHERE ';
+ foreach ($keys as $k) {
+ $key[] = $k.'=\''.$rec[substr($k,1,-1)].'\'';
+ }
+ $sql .= implode( ' AND ', $key);
+ if ($test)
+ error_log("\t(".implode(',',$val).") updated");
+ else
+ db_query($sql, 'cannot update record');
+ }
+ }
+ if ($test)
+ error_log('Sanitizing done.');
+}
+
+$install = new fa2_2;