0byt3m1n1

Path: /data/applications/aps.bak/vtiger/5.0.4/custom/11000000/files/soap/ [ Home ]
File: webformsdirect.php
<?php
require_once("config.php");
require_once('include/logging.php');
//require_once('include/nusoap/nusoap.php');
require_once('include/database/PearDatabase.php');
require_once('modules/HelpDesk/HelpDesk.php');

$log = &LoggerManager::getLogger('webforms');

function create_from_webform_extended($params) {
	global $log;
	
	$moduleName = $params['module'];

	unset($params['module']);
	// Check for file inclusion
	//__webforms_checkFileAccess("modules/$moduleName/$moduleName.php");
	// END

	require_once("modules/$moduleName/$moduleName.php");
	$focus = new $moduleName();

	$fieldinfo = __webforms_getFieldInfoForModule($moduleName);

	foreach($params as $fieldlabel=>$value){
		$fieldlabel = str_replace("_"," ",$fieldlabel);
		
		if($fieldinfo[$fieldlabel]) $fieldname = $fieldinfo[$fieldlabel];
		else $fieldname = $fieldlabel;
		$focus->column_fields[$fieldname] = $value;
	}
	$focus->save($moduleName);
	if($focus->id != ''){
		$msg = 'success';
	} else {
		$msg = 'fail';
	}
	return $msg;
}

function __webforms_getFieldInfoForModule($moduleName){
	global $adb;

	$fieldinfo = Array();
	$tabid = getTabid($moduleName);
	$sql = "select * from vtiger_field where tabid=?";
	$result = $adb->pquery($sql, array($tabid));

	$rows = $adb->num_rows($result);
	for($index = 0; $index < $rows; ++$index) {
		$fieldlabel = $adb->query_result($result,$index,"fieldlabel");
		$fieldname  = $adb->query_result($result,$index,"fieldname");
		$fieldinfo[$fieldlabel] = $fieldname;
	}
	return $fieldinfo;
}

function __webforms_checkFileAccess($filepath) {
	global $root_directory;
	$realfilepath = realpath($filepath);

	$realfilepath = str_replace('\\', '/', $realfilepath);
	$rootdirpath  = str_replace('\\', '/', $root_directory);

	if(stripos($realfilepath, $rootdirpath) !== 0) {
		die("Sorry! Attempt to access restricted file.");
	}
}

?>