. ***********************************************************************/ class fa2_2 extends fa_patch { var $previous = '2.1'; // applicable database version var $version = '2.2rc'; // version installed var $description; var $sql = 'alter2.2.sql'; var $preconf = true; var $beta = false; // upgrade from 2.1 or 2.2beta; set in prepare() function __construct() { global $security_groups; $this->beta = !isset($security_groups); $this->description = _('Upgrade from version 2.1/2.2beta to 2.2'); $this->preconf = fix_extensions(); } // // Install procedure. All additional changes // not included in sql file should go here. // function install($company, $force=false) { global $db, $systypes_array, $db_connections; if (!$this->preconf) return false; $pref = $db_connections[$company]['tbpref']; // Until 2.2 sanitizing text input with db_escape was not // consequent enough. To avoid comparision problems we have to // fix this now. sanitize_database($pref); if ($this->beta) // nothing more to be done on upgrade from 2.2beta return true; // set item category dflt accounts to values from company GL setup $prefs = get_company_prefs(); $sql = "UPDATE ".TB_PREF."stock_category SET " ."dflt_sales_act = '" . $prefs['default_inv_sales_act'] . "'," ."dflt_cogs_act = '". $prefs['default_cogs_act'] . "'," ."dflt_inventory_act = '" . $prefs['default_inventory_act'] . "'," ."dflt_adjustment_act = '" . $prefs['default_adj_act'] . "'," ."dflt_assembly_act = '" . $prefs['default_assembly_act']."'"; if (db_query($sql)==false) { display_error("Cannot update category default GL accounts" .':
'. db_error_msg($db)); return false; } // add all references to refs table for easy searching via journal interface foreach($systypes_array as $typeno => $typename) { $info = get_systype_db_info($typeno); if ($info == null || $info[3] == null) continue; $tbl = $info[0]; $sql = "SELECT DISTINCT {$info[2]} as id,{$info[3]} as ref FROM $tbl"; if ($info[1]) $sql .= " WHERE {$info[1]}=$typeno"; $result = db_query($sql); if (db_num_rows($result)) { while ($row = db_fetch($result)) { $res2 = db_query("INSERT INTO ".TB_PREF."refs VALUES(" . $row['id'].",".$typeno.",'".$row['ref']."')"); if (!$res2) { display_error(_("Cannot copy references from $tbl") .':
'. db_error_msg($db)); return false; } } } } if (!($ret = db_query("SELECT MAX(`order_no`) FROM `".TB_PREF."sales_orders`")) || !db_num_rows($ret)) { display_error(_('Cannot query max sales order number.')); return false; } $row = db_fetch($ret); $max_order = $row[0]; $next_ref = $max_order+1; $sql = "UPDATE `".TB_PREF."sys_types` SET `type_no`='$max_order',`next_reference`='$next_ref' WHERE `type_id`=30"; if(!db_query($sql)) { display_error(_('Cannot store next sales order reference.')); return false; } return convert_roles($pref); } // // Checking before install // function prepare() { global $security_groups; if ($this->beta) $this->sql = 'alter2.2rc.sql'; // return ok when security groups still defined (upgrade from 2.1) // or usersonline not defined (upgrade from 2.2 beta) $pref = $this->companies[$company]['tbpref']; return isset($security_groups) || (check_table($pref, 'usersonline')!=0); } }; /* Conversion of old security roles stored into $security_groups table */ function convert_roles($pref) { global $security_groups, $security_headings, $security_areas, $path_to_root; include_once($path_to_root."/includes/access_levels.inc"); $trans_sec = array( 1 => array('SA_CHGPASSWD', 'SA_SETUPDISPLAY', 'SA_BANKTRANSVIEW', 'SA_ITEMSTRANSVIEW','SA_SUPPTRANSVIEW', 'SA_SALESORDER', 'SA_SALESALLOC', 'SA_SALESTRANSVIEW'), 2 => array('SA_DIMTRANSVIEW', 'SA_STANDARDCOST', 'SA_ITEMSTRANSVIEW', 'SA_ITEMSSTATVIEW', 'SA_SALESPRICE', 'SA_MANUFTRANSVIEW', 'SA_WORKORDERANALYTIC', 'SA_WORKORDERCOST', 'SA_SUPPTRANSVIEW', 'SA_SUPPLIERALLOC', 'SA_STEMPLATE', 'SA_SALESTRANSVIEW', 'SA_SALESINVOICE', 'SA_SALESDELIVERY', 'SA_CUSTPAYMREP', 'SA_CUSTBULKREP', 'SA_PRICEREP', 'SA_SALESBULKREP', 'SA_SALESMANREP', 'SA_SALESBULKREP', 'SA_CUSTSTATREP', 'SA_SUPPLIERANALYTIC', 'SA_SUPPPAYMREP', 'SA_SUPPBULKREP', 'SA_ITEMSVALREP', 'SA_ITEMSANALYTIC', 'SA_BOMREP', 'SA_MANUFBULKREP', 'SA_DIMENSIONREP', 'SA_BANKREP', 'SA_GLREP', 'SA_GLANALYTIC', 'SA_TAXREP', 'SA_SALESANALYTIC', 'SA_SALESQUOTE'), 3 => array('SA_GLACCOUNTGROUP', 'SA_GLACCOUNTCLASS','SA_PAYMENT', 'SA_DEPOSIT', 'SA_JOURNALENTRY', 'SA_INVENTORYMOVETYPE', 'SA_LOCATIONTRANSFER', 'SA_INVENTORYADJUSTMENT', 'SA_WORKCENTRES', 'SA_MANUFISSUE', 'SA_SUPPLIERALLOC', 'SA_CUSTOMER', 'SA_CRSTATUS', 'SA_SALESMAN', 'SA_SALESAREA', 'SA_SALESALLOC', 'SA_SALESCREDITINV', 'SA_SALESPAYMNT', 'SA_SALESCREDIT', 'SA_SALESGROUP', 'SA_SRECURRENT', 'SA_TAXRATES', 'SA_ITEMTAXTYPE', 'SA_TAXGROUPS', 'SA_QUICKENTRY'), 4 => array('SA_REORDER', 'SA_PURCHASEPRICING', 'SA_PURCHASEORDER'), 5 => array('SA_VIEWPRINTTRANSACTION', 'SA_BANKTRANSFER', 'SA_SUPPLIER', 'SA_SUPPLIERINVOICE', 'SA_SUPPLIERPAYMNT', 'SA_SUPPLIERCREDIT'), 8 => array('SA_ATTACHDOCUMENT', 'SA_RECONCILE', 'SA_GLANALYTIC', 'SA_TAXREP', 'SA_BANKTRANSVIEW', 'SA_GLTRANSVIEW'), 9 => array('SA_FISCALYEARS', 'SA_CURRENCY', 'SA_EXCHANGERATE', 'SA_BOM'), 10 => array('SA_PAYTERMS', 'SA_GLSETUP', 'SA_SETUPCOMPANY', 'SA_FORMSETUP', 'SA_DIMTRANSVIEW', 'SA_DIMENSION', 'SA_BANKACCOUNT', 'SA_GLACCOUNT', 'SA_BUDGETENTRY', 'SA_MANUFRECEIVE', 'SA_MANUFRELEASE', 'SA_WORKORDERENTRY', 'SA_MANUFTRANSVIEW', 'SA_WORKORDERCOST'), 11 => array('SA_ITEMCATEGORY', 'SA_ITEM', 'SA_UOM', 'SA_INVENTORYLOCATION', 'SA_GRN', 'SA_FORITEMCODE', 'SA_SALESKIT'), 14 => array('SA_SHIPPING', 'SA_VOIDTRANSACTION', 'SA_SALESTYPES'), 15 => array('SA_PRINTERS', 'SA_PRINTPROFILE', 'SA_BACKUP', 'SA_USERS', 'SA_POSSETUP'), 20 => array('SA_CREATECOMPANY', 'SA_CREATELANGUAGE', 'SA_CREATEMODULES', 'SA_SOFTWAREUPGRADE', 'SA_SECROLES', 'SA_DIMTAGS', 'SA_GLACCOUNTTAGS') ); $new_ids = array(); foreach ($security_groups as $role_id => $areas) { $area_set = array(); $sections = array(); foreach ($areas as $a) { if (isset($trans_sec[$a])) foreach ($trans_sec[$a] as $id) { if ($security_areas[$id][0] != 0) // error_log('invalid area id: '.$a.':'.$id); $area_set[] = $security_areas[$id][0]; $sections[$security_areas[$id][0]&~0xff] = 1; } } $sections = array_keys($sections); sort($sections); sort($area_set); import_security_role($security_headings[$role_id], $sections, $area_set); $new_ids[$role_id] = db_insert_id(); } $result = get_users(true); $users = array(); while($row = db_fetch($result)) { // complete old user ids and roles $users[$row['role_id']][] = $row['id']; } foreach($users as $old_id => $uids) foreach( $uids as $id) { $sql = "UPDATE ".TB_PREF."users set role_id=".$new_ids[$old_id]. " WHERE id=$id"; $ret = db_query($sql, 'cannot update users roles'); if(!$ret) return false; } return true; } function import_security_role($name, $sections, $areas) { $sql = "INSERT INTO ".TB_PREF."security_roles (role, description, sections, areas) VALUES (".db_escape('FA 2.1 '.$name).",".db_escape($name)."," .db_escape(implode(';',$sections)).",".db_escape(implode(';',$areas)).")"; db_query($sql, "could not add new security role"); } /* Changes in extensions system. This function is executed once on first Upgrade System display. */ function fix_extensions() { global $path_to_root, $db_connections; if (!file_exists($path_to_root.'/modules/installed_modules.php')) return true; // already converted if (!is_writable($path_to_root.'/modules/installed_modules.php')) { display_error(_('Cannot upgrade extensions system: file /modules/installed_modules.php is not writeable')); return false; } $exts = array(); include($path_to_root.'/installed_extensions.php'); foreach($installed_extensions as $ext) { $ext['filename'] = $ext['app_file']; unset($ext['app_file']); $ext['tab'] = $ext['name']; $ext['name'] = access_string($ext['title'], true); $ext['path'] = $ext['folder']; unset($ext['folder']); $ext['type'] = 'extension'; $ext['active'] = '1'; $exts[] = $ext; } if (!write_extensions($exts)) return false; $cnt = count($db_connections); for ($i = 0; $i < $cnt; $i++) write_extensions($exts, $i); unlink($path_to_root.'/modules/installed_modules.php'); return true; } /* Find and update all database records with special chars in text fields to ensure all of them are changed to html entites. */ function sanitize_database($pref, $test = false) { if ($test) error_log('Sanitizing database ...'); $tsql = "SHOW TABLES LIKE '".($pref=='' ? '' : substr($pref,0,-1).'\\_')."%'"; $tresult = db_query($tsql, "Cannot select all tables with prefix '$pref'"); while($tbl = db_fetch($tresult)) { $table = $tbl[0]; $csql = "SHOW COLUMNS FROM $table"; $cresult = db_query($csql, "Cannot select column names for table '$table'"); $textcols = $keys = array(); while($col = db_fetch($cresult)) { if (strpos($col['Type'], 'char')!==false || strpos($col['Type'], 'text')!==false) $textcols[] = '`'.$col['Field'].'`'; if ($col['Key'] == 'PRI') { $keys[] = '`'.$col['Field'].'`'; } } if (empty($keys)) { // comments table have no primary key, so give up continue; } if ($test) error_log("Table $table (".implode(',',$keys)."):(".implode(',',$textcols)."):"); if (!count($textcols)) continue; // fetch all records containing special characters in text fields $sql = "SELECT ".implode(',', array_unique(array_merge($keys,$textcols))) ." FROM {$table} WHERE CONCAT(".implode(',', $textcols).") REGEXP '[\\'\"><&]'"; $result = db_query($sql, "Cannot select all suspicious fields in $table"); // and fix them while($rec= db_fetch($result)) { $sql = "UPDATE {$table} SET "; $val = $key = array(); foreach ($textcols as $f) { $val[] = $f.'='.db_escape($rec[substr($f,1,-1)]); } $sql .= implode(',', $val). ' WHERE '; foreach ($keys as $k) { $key[] = $k.'=\''.$rec[substr($k,1,-1)].'\''; } $sql .= implode( ' AND ', $key); if ($test) error_log("\t(".implode(',',$val).") updated"); else db_query($sql, 'cannot update record'); } } if ($test) error_log('Sanitizing done.'); } $install = new fa2_2;