bsiggel/espocrm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Some big update

Browse Source
This commit is contained in:
bsiggel
2026-03-25 14:35:44 +01:00
parent 0abd37d7a5
commit 867da15823
111 changed files with 173994 additions and 2061 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
application/Espo/Tools/Attachment/UploadUrlService.php
View File

@@ -72,7 +72,7 @@ class UploadUrlService
*/
public function uploadImage(string $url, FieldData $data): Attachment
{
if (!$this->urlCheck->isNotInternalUrl($url)) {
if (!$this->urlCheck->isUrlAndNotIternal($url)) {
throw new ForbiddenSilent("Not allowed URL.");
}
@@ -114,9 +114,20 @@ class UploadUrlService
/**
* @param non-empty-string $url
* @return ?array{string, string} A type and contents.
* @throws ForbiddenSilent
*/
private function getImageDataByUrl(string $url): ?array
{
$resolve = $this->urlCheck->getCurlResolve($url);
if ($resolve === []) {
throw new ForbiddenSilent("Could not resolve the host.");
}
if ($resolve !== null && !$this->urlCheck->validateCurlResolveNotInternal($resolve)) {
throw new ForbiddenSilent("Forbidden host.");
}
$type = null;
if (!function_exists('curl_init')) {
@@ -144,6 +155,10 @@ class UploadUrlService
$opts[\CURLOPT_PROTOCOLS] = \CURLPROTO_HTTPS | \CURLPROTO_HTTP;
$opts[\CURLOPT_REDIR_PROTOCOLS] = \CURLPROTO_HTTPS;
if ($resolve) {
$opts[CURLOPT_RESOLVE] = $resolve;
}
$ch = curl_init();
curl_setopt_array($ch, $opts);

27
application/Espo/Tools/Email/Api/PostImportEml.php
View File

@@ -36,8 +36,11 @@ use Espo\Core\Api\Response;
use Espo\Core\Api\ResponseComposer;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\NotFound;
use Espo\Entities\Attachment;
use Espo\Entities\Email;
use Espo\Entities\User;
use Espo\ORM\EntityManager;
use Espo\Tools\Email\ImportEmlService;
/**
@@ -49,6 +52,7 @@ class PostImportEml implements Action
private Acl $acl,
private User $user,
private ImportEmlService $service,
private EntityManager $entityManager,
) {}
public function process(Request $request): Response
@@ -61,11 +65,32 @@ class PostImportEml implements Action
throw new BadRequest("No 'fileId'.");
}
$email = $this->service->import($fileId, $this->user->getId());
$attachment = $this->getAttachment($fileId);
$email = $this->service->import($attachment, $this->user->getId());
return ResponseComposer::json(['id' => $email->getId()]);
}
/**
* @throws NotFound
* @throws Forbidden
*/
private function getAttachment(string $fileId): Attachment
{
$attachment = $this->entityManager->getRDBRepositoryByClass(Attachment::class)->getById($fileId);
if (!$attachment) {
throw new NotFound("Attachment not found.");
}
if (!$this->acl->checkEntityRead($attachment)) {
throw new Forbidden("No access to attachment.");
}
return $attachment;
}
/**
* @throws Forbidden
*/

2
application/Espo/Tools/Email/Api/PostSendTest.php
View File

@@ -115,7 +115,7 @@ class PostSendTest implements Action
if (
!$this->addressUtil->isAllowedAddress($smtpParams) &&
!$this->hostCheck->isNotInternalHost($server)
!$this->hostCheck->isHostAndNotInternal($server)
) {
throw new Forbidden("Not allowed internal host.");
}

20
application/Espo/Tools/Email/ImportEmlService.php
View File

@@ -31,7 +31,6 @@ namespace Espo\Tools\Email;
use Espo\Core\Exceptions\Conflict;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\NotFound;
use Espo\Core\FileStorage\Manager;
use Espo\Core\Mail\Exceptions\ImapError;
use Espo\Core\Mail\Importer;
@@ -56,16 +55,13 @@ class ImportEmlService
/**
* Import an EML.
*
* @param string $fileId An attachment ID.
* @param ?string $userId A user ID to relate an email with.
* @return Email An Email.
* @throws NotFound
* @throws Error
* @throws Conflict
*/
public function import(string $fileId, ?string $userId = null): Email
public function import(Attachment $attachment, ?string $userId = null): Email
{
$attachment = $this->getAttachment($fileId);
$contents = $this->fileStorageManager->getContents($attachment);
try {
@@ -93,20 +89,6 @@ class ImportEmlService
return $email;
}
/**
* @throws NotFound
*/
private function getAttachment(string $fileId): Attachment
{
$attachment = $this->entityManager->getRDBRepositoryByClass(Attachment::class)->getById($fileId);
if (!$attachment) {
throw new NotFound("Attachment not found.");
}
return $attachment;
}
/**
* @throws Conflict
*/

14
application/Espo/Tools/EmailNotification/Processor.php
View File

@@ -36,6 +36,7 @@ use Espo\Core\Notification\EmailNotificationHandler;
use Espo\Core\Mail\SenderParams;
use Espo\Core\Utils\Config\ApplicationConfig;
use Espo\Core\Utils\DateTime as DateTimeUtil;
use Espo\Core\Utils\Markdown\Markdown;
use Espo\Entities\Note;
use Espo\ORM\Collection;
use Espo\Repositories\Portal as PortalRepository;
@@ -58,8 +59,6 @@ use Espo\Core\Utils\TemplateFileManager;
use Espo\Core\Utils\Util;
use Espo\Tools\Stream\NoteAccessControl;
use Michelf\Markdown;
use Exception;
use DateTime;
use Throwable;
@@ -325,11 +324,10 @@ class Processor
$data['userName'] = $note->get('createdByName');
$post = Markdown::defaultTransform(
$note->get('post') ?? ''
);
$post = $note->getPost() ?? '';
$data['post'] = $post;
$data['post'] = Markdown::transform($post);
$subjectTpl = $this->templateFileManager->getTemplate('mention', 'subject');
$bodyTpl = $this->templateFileManager->getTemplate('mention', 'body');
@@ -486,9 +484,7 @@ class Processor
$data['userName'] = $note->get('createdByName');
$post = Markdown::defaultTransform($note->getPost() ?? '');
$data['post'] = $post;
$data['post'] = Markdown::transform($note->getPost() ?? '');
$parent = null;