diff --git a/application/Espo/Controllers/EmailAddress.php b/application/Espo/Controllers/EmailAddress.php index e39a2aff2b..c8e365fe4a 100644 --- a/application/Espo/Controllers/EmailAddress.php +++ b/application/Espo/Controllers/EmailAddress.php @@ -30,6 +30,7 @@ namespace Espo\Controllers; use Espo\Core\Exceptions\Forbidden; +use Espo\Core\Exceptions\BadRequest; use Espo\Services\EmailAddress as Service; @@ -55,6 +56,10 @@ class EmailAddress extends RecordBase $q = $request->getQueryParam('q'); + if ($q === null) { + throw new BadRequest("No `q` parameter."); + } + $maxSize = intval($request->getQueryParam('maxSize')); if (empty($maxSize) || $maxSize > 50) { diff --git a/application/Espo/Controllers/EmailTemplate.php b/application/Espo/Controllers/EmailTemplate.php index 59060881cb..3fe45ca359 100644 --- a/application/Espo/Controllers/EmailTemplate.php +++ b/application/Espo/Controllers/EmailTemplate.php @@ -29,6 +29,8 @@ namespace Espo\Controllers; +use Espo\Core\Exceptions\BadRequest; + use Espo\Services\EmailTemplate as Service; use Espo\Core\{ @@ -44,6 +46,10 @@ class EmailTemplate extends Record { $id = $request->getQueryParam('id'); + if ($id === null) { + throw new BadRequest("No `id`."); + } + return (object) $this->getEmailTempalteService()->parse( $id, [ diff --git a/application/Espo/Controllers/Export.php b/application/Espo/Controllers/Export.php index b1702dfa0e..4e93cebca4 100644 --- a/application/Espo/Controllers/Export.php +++ b/application/Espo/Controllers/Export.php @@ -62,8 +62,12 @@ class Export $result = $this->service->process($params, $serviceParams); if ($result->hasResult()) { + $subResult = $result->getResult(); + + assert($subResult !== null); + return (object) [ - 'id' => $result->getResult()->getAttachmentId(), + 'id' => $subResult->getAttachmentId(), ]; } diff --git a/application/Espo/Controllers/Extension.php b/application/Espo/Controllers/Extension.php index 15fd37e7bd..3785630f71 100644 --- a/application/Espo/Controllers/Extension.php +++ b/application/Espo/Controllers/Extension.php @@ -30,6 +30,7 @@ namespace Espo\Controllers; use Espo\Core\Exceptions\Forbidden; +use Espo\Core\Exceptions\BadRequest; use Espo\Core\{ Upgrades\ExtensionManager, @@ -51,6 +52,10 @@ class Extension extends RecordBase { $body = $request->getBodyContents(); + if ($body === null) { + throw new BadRequest(); + } + $manager = new ExtensionManager($this->getContainer()); $id = $manager->upload($body); diff --git a/application/Espo/Controllers/ExternalAccount.php b/application/Espo/Controllers/ExternalAccount.php index 928a383701..3fddd2c2ae 100644 --- a/application/Espo/Controllers/ExternalAccount.php +++ b/application/Espo/Controllers/ExternalAccount.php @@ -30,6 +30,8 @@ namespace Espo\Controllers; use Espo\Core\Exceptions\Forbidden; +use Espo\Core\Exceptions\BadRequest; +use Espo\Core\Exceptions\NotFound; use Espo\Services\ExternalAccount as Service; @@ -91,6 +93,10 @@ class ExternalAccount extends RecordBase { $id = $request->getQueryParam('id'); + if ($id === null) { + throw new BadRequest(); + } + list($integration, $userId) = explode('__', $id); if ($this->user->getId() != $userId && !$this->user->isAdmin()) { @@ -112,6 +118,7 @@ class ExternalAccount extends RecordBase public function getActionRead(Request $request, Response $response): stdClass { + /** @var string */ $id = $request->getRouteParam('id'); return $this->getRecordService() @@ -121,11 +128,12 @@ class ExternalAccount extends RecordBase public function putActionUpdate(Request $request, Response $response): stdClass { + /** @var string */ $id = $request->getRouteParam('id'); $data = $request->getParsedBody(); - list ($integration, $userId) = explode('__', $id); + list($integration, $userId) = explode('__', $id); if ($this->user->getId() !== $userId && !$this->user->isAdmin()) { throw new Forbidden(); @@ -137,6 +145,10 @@ class ExternalAccount extends RecordBase $entity = $this->entityManager->getEntity('ExternalAccount', $id); + if (!$entity) { + throw new NotFound(); + } + $entity->set($data); $this->entityManager->saveEntity($entity); diff --git a/application/Espo/Controllers/GlobalSearch.php b/application/Espo/Controllers/GlobalSearch.php index 0ff89fb871..19110ee682 100644 --- a/application/Espo/Controllers/GlobalSearch.php +++ b/application/Espo/Controllers/GlobalSearch.php @@ -29,8 +29,8 @@ namespace Espo\Controllers; +use Espo\Core\Exceptions\BadRequest; use Espo\Services\GlobalSearch as Service; - use Espo\Core\Api\Request; use stdClass; @@ -48,6 +48,10 @@ class GlobalSearch { $query = $request->getQueryParam('q'); + if ($query === null) { + throw new BadRequest("No `q` parameter."); + } + $offset = intval($request->getQueryParam('offset')); $maxSize = intval($request->getQueryParam('maxSize')); diff --git a/application/Espo/Controllers/Import.php b/application/Espo/Controllers/Import.php index 623fbea63e..2192c6bcb2 100644 --- a/application/Espo/Controllers/Import.php +++ b/application/Espo/Controllers/Import.php @@ -64,7 +64,7 @@ class Import extends Record public function postActionUploadFile(Request $request): stdClass { - $contents = $request->getBodyContents(); + $contents = $request->getBodyContents() ?? ''; $attachmentId = $this->getImportService()->uploadFile($contents); diff --git a/application/Espo/Controllers/Integration.php b/application/Espo/Controllers/Integration.php index f16ae4517c..0131c5b932 100644 --- a/application/Espo/Controllers/Integration.php +++ b/application/Espo/Controllers/Integration.php @@ -56,14 +56,21 @@ class Integration public function getActionRead(Request $request): stdClass { - $entity = $this->service->read($request->getRouteParam('id')); + /** @var string */ + $id = $request->getRouteParam('id'); + + $entity = $this->service->read($id); return $entity->getValueMap(); } public function putActionUpdate(Request $request): stdClass { - $entity = $this->service->update($request->getRouteParam('id'), $request->getParsedBody()); + /** @var string */ + $id = $request->getRouteParam('id'); + $data = $request->getParsedBody(); + + $entity = $this->service->update($id, $data); return $entity->getValueMap(); } diff --git a/application/Espo/Controllers/Kanban.php b/application/Espo/Controllers/Kanban.php index 3332c4e215..bed7da86d5 100644 --- a/application/Espo/Controllers/Kanban.php +++ b/application/Espo/Controllers/Kanban.php @@ -37,7 +37,7 @@ use Espo\Core\{ use Espo\Tools\Kanban\KanbanService; -use StdClass; +use stdClass; class Kanban { @@ -51,8 +51,9 @@ class Kanban $this->searchParamsFetcher = $searchParamsFetcher; } - public function getActionGetData(Request $request): StdClass + public function getActionGetData(Request $request): stdClass { + /** @var string */ $entityType = $request->getRouteParam('entityType'); $searchParams = $this->searchParamsFetcher->fetch($request); diff --git a/application/Espo/Controllers/Layout.php b/application/Espo/Controllers/Layout.php index 6fd8f9505a..4b42c35e51 100644 --- a/application/Espo/Controllers/Layout.php +++ b/application/Espo/Controllers/Layout.php @@ -31,10 +31,9 @@ namespace Espo\Controllers; use Espo\Core\Exceptions\Forbidden; use Espo\Core\Exceptions\BadRequest; + use Espo\Core\Api\Request; - use Espo\Services\Layout as Service; - use Espo\Entities\User; class Layout @@ -59,6 +58,10 @@ class Layout $scope = $params['scope'] ?? null; $name = $params['name'] ?? null; + if (!$scope || !$name) { + throw new BadRequest(); + } + return $this->service->getForFrontend($scope, $name); } @@ -69,7 +72,7 @@ class Layout { $params = $request->getRouteParams(); - $data = json_decode($request->getBodyContents()); + $data = json_decode($request->getBodyContents() ?? 'null'); if (is_object($data)) { $data = get_object_vars($data); @@ -83,6 +86,10 @@ class Layout $name = $params['name'] ?? null; $setId = $params['setId'] ?? null; + if (!$scope || !$name) { + throw new BadRequest(); + } + return $this->service->update($scope, $name, $setId, $data); } @@ -113,10 +120,14 @@ class Layout throw new Forbidden(); } - return $this->service->getOriginal( - $request->getQueryParam('scope'), - $request->getQueryParam('name'), - $request->getQueryParam('setId') - ); + $scope = $request->getQueryParam('scope'); + $name = $request->getQueryParam('name'); + $setId = $request->getQueryParam('setId'); + + if (!$scope || !$name) { + throw new BadRequest("No `scope` or `name` parameter."); + } + + return $this->service->getOriginal($scope, $name, $setId); } } diff --git a/application/Espo/Entities/Email.php b/application/Espo/Entities/Email.php index 14da8265b0..0b5673eb86 100644 --- a/application/Espo/Entities/Email.php +++ b/application/Espo/Entities/Email.php @@ -40,6 +40,8 @@ use Espo\Repositories\Email as EmailRepository; use Espo\Core\Field\LinkParent; use Espo\Core\Field\Link; +use RuntimeException; + class Email extends Entity { public const ENTITY_TYPE = 'Email'; @@ -178,6 +180,10 @@ class Email extends Entity $attachment->set('parentId', $this->id); $attachment->set('parentType', 'Email'); + if (!$this->entityManager) { + throw new RuntimeException(); + } + $this->entityManager->saveEntity($attachment); } @@ -301,6 +307,10 @@ class Email extends Entity $idList[] = $id; + if (!$this->entityManager) { + throw new RuntimeException(); + } + /** @var Attachment|null */ $attachment = $this->entityManager->getEntity('Attachment', $id); @@ -531,6 +541,10 @@ class Email extends Entity private function getEmailRepository(): EmailRepository { + if (!$this->entityManager) { + throw new RuntimeException(); + } + /** @var EmailRepository */ return $this->entityManager->getRepository(self::ENTITY_TYPE); } diff --git a/application/Espo/Entities/Note.php b/application/Espo/Entities/Note.php index d1d9e321a4..35180d8880 100644 --- a/application/Espo/Entities/Note.php +++ b/application/Espo/Entities/Note.php @@ -33,6 +33,7 @@ use Espo\Core\ORM\Entity; use Espo\Core\Field\DateTime; +use RuntimeException; use stdClass; class Note extends Entity @@ -145,6 +146,10 @@ class Note extends Entity return; } + if (!$this->entityManager) { + throw new RuntimeException(); + } + $attachmentsIds = $data->attachmentsIds; $collection = $this->entityManager diff --git a/application/Espo/Entities/Sms.php b/application/Espo/Entities/Sms.php index 2228fe6fa4..b17c6a74d5 100644 --- a/application/Espo/Entities/Sms.php +++ b/application/Espo/Entities/Sms.php @@ -35,6 +35,8 @@ use Espo\Core\Field\DateTime; use Espo\Repositories\Sms as SmsRepository; +use RuntimeException; + class Sms extends Entity implements SmsInterface { public const ENTITY_TYPE = 'Sms'; @@ -148,6 +150,10 @@ class Sms extends Entity implements SmsInterface private function getSmsRepository(): SmsRepository { + if (!$this->entityManager) { + throw new RuntimeException(); + } + /** @var SmsRepository */ return $this->entityManager->getRepository(self::ENTITY_TYPE); } diff --git a/application/Espo/Entities/User.php b/application/Espo/Entities/User.php index 0a11c9ac89..9799309de7 100644 --- a/application/Espo/Entities/User.php +++ b/application/Espo/Entities/User.php @@ -122,6 +122,7 @@ class User extends Person */ public function getTeamIdList(): array { + /** @var string[] */ return $this->getLinkMultipleIdList('teams'); } diff --git a/application/Espo/Modules/Crm/Business/Event/Ics.php b/application/Espo/Modules/Crm/Business/Event/Ics.php index 053e772f8f..b4188d1a7c 100644 --- a/application/Espo/Modules/Crm/Business/Event/Ics.php +++ b/application/Espo/Modules/Crm/Business/Event/Ics.php @@ -80,6 +80,7 @@ class Ics $this->generate(); } + /** @var string */ return $this->output; } @@ -119,6 +120,7 @@ class Ics return ''; } + /** @var string */ return preg_replace('/([\,;])/', '\\\$1', $string); } diff --git a/application/Espo/Modules/Crm/Business/Event/Invitations.php b/application/Espo/Modules/Crm/Business/Event/Invitations.php index 3b2c681968..e77ea9e6bb 100644 --- a/application/Espo/Modules/Crm/Business/Event/Invitations.php +++ b/application/Espo/Modules/Crm/Business/Event/Invitations.php @@ -103,7 +103,7 @@ class Invitations public function sendInvitation(Entity $entity, Entity $invitee, string $link): void { - $uid = $this->entityManager->getEntity('UniqueId'); + $uid = $this->entityManager->getNewEntity('UniqueId'); $uid->set('data', [ 'eventType' => $entity->getEntityType(), @@ -137,7 +137,8 @@ class Invitations return; } - $email = $this->entityManager->getEntity('Email'); + $email = $this->entityManager->getNewEntity('Email'); + $email->set('to', $emailAddress); $subjectTpl = $this->templateFileManager->getTemplate('invitation', 'subject', $entity->getEntityType(), 'Crm'); diff --git a/application/Espo/Modules/Crm/Business/Reminder/EmailReminder.php b/application/Espo/Modules/Crm/Business/Reminder/EmailReminder.php index 7a45dc593f..fae1e72ea9 100644 --- a/application/Espo/Modules/Crm/Business/Reminder/EmailReminder.php +++ b/application/Espo/Modules/Crm/Business/Reminder/EmailReminder.php @@ -119,7 +119,7 @@ class EmailReminder } } - $email = $this->entityManager->getEntity('Email'); + $email = $this->entityManager->getNewEntity('Email'); $email->set('to', $emailAddress);