diff --git a/src/Oro/Bundle/EmailBundle/Command/ConvertEmailBodyToTextBody.php b/src/Oro/Bundle/EmailBundle/Command/ConvertEmailBodyToTextBodyCommand.php
similarity index 86%
rename from src/Oro/Bundle/EmailBundle/Command/ConvertEmailBodyToTextBody.php
rename to src/Oro/Bundle/EmailBundle/Command/ConvertEmailBodyToTextBodyCommand.php
index 3c84deaf51d..f0928b65415 100644
--- a/src/Oro/Bundle/EmailBundle/Command/ConvertEmailBodyToTextBody.php
+++ b/src/Oro/Bundle/EmailBundle/Command/ConvertEmailBodyToTextBodyCommand.php
@@ -8,13 +8,14 @@
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
+use Oro\Bundle\EmailBundle\Entity\EmailBody;
use Oro\Bundle\EmailBundle\Tools\EmailBodyHelper;
/**
* Converts email body representations.
* Will be deleted in 2.0
*/
-class ConvertEmailBodyToTextBody extends ContainerAwareCommand
+class ConvertEmailBodyToTextBodyCommand extends ContainerAwareCommand
{
const COMMAND_NAME = 'oro:email:convert-body-to-text';
@@ -38,11 +39,11 @@ protected function configure()
protected function execute(InputInterface $input, OutputInterface $output)
{
$output->writeln('Conversion of emails body is started.');
+ $container = $this->getContainer();
/** @var Connection $connection */
- $connection = $this->getContainer()->get('doctrine')->getConnection();
-
- $tableName = $this->queryHelper->getTableName('Oro\Bundle\EmailBundle\Entity\EmailBody');
+ $connection = $container->get('doctrine')->getConnection();
+ $tableName = $container->get('oro_entity.orm.native_query_executor_helper')->getTableName(EmailBody::class);
$selectQuery = 'select id, body from ' . $tableName . ' where body is not null and text_body is null '
. 'order by created desc limit :limit offset :offset';
$pageNumber = 0;
diff --git a/src/Oro/Bundle/EmailBundle/EventListener/Datagrid/EmailGridListener.php b/src/Oro/Bundle/EmailBundle/EventListener/Datagrid/EmailGridListener.php
index c1c2d86aa8c..1bc00e2aa9d 100644
--- a/src/Oro/Bundle/EmailBundle/EventListener/Datagrid/EmailGridListener.php
+++ b/src/Oro/Bundle/EmailBundle/EventListener/Datagrid/EmailGridListener.php
@@ -8,10 +8,12 @@
use Oro\Bundle\DataGridBundle\Datagrid\ParameterBag;
use Oro\Bundle\DataGridBundle\Datasource\Orm\OrmDatasource;
+use Oro\Bundle\DataGridBundle\Entity\GridView;
+use Oro\Bundle\DataGridBundle\Entity\Manager\GridViewManager;
use Oro\Bundle\DataGridBundle\Event\BuildAfter;
use Oro\Bundle\DataGridBundle\Event\OrmResultBeforeQuery;
-
use Oro\Bundle\EmailBundle\Datagrid\EmailQueryFactory;
+use Oro\Bundle\SecurityBundle\SecurityFacade;
class EmailGridListener
{
@@ -20,6 +22,16 @@ class EmailGridListener
*/
protected $factory;
+ /**
+ * @var SecurityFacade
+ */
+ protected $securityFacade;
+
+ /**
+ * @var GridViewManager
+ */
+ protected $gridViewManager;
+
/**
* Stores join's root and alias if joins for filters are added - ['eu' => ['alias1']]
*
@@ -29,10 +41,17 @@ class EmailGridListener
/**
* @param EmailQueryFactory $factory
+ * @param SecurityFacade $securityFacade
+ * @param GridViewManager $gridViewManager
*/
- public function __construct(EmailQueryFactory $factory)
- {
+ public function __construct(
+ EmailQueryFactory $factory,
+ SecurityFacade $securityFacade,
+ GridViewManager $gridViewManager
+ ) {
$this->factory = $factory;
+ $this->securityFacade = $securityFacade;
+ $this->gridViewManager = $gridViewManager;
}
/**
@@ -87,6 +106,9 @@ protected function prepareQueryToFilter($parameters, QueryBuilder $queryBuilder,
{
$filters = $parameters->get('_filter');
if (!$filters || !is_array($filters)) {
+ $filters = $this->getGridViewFiltersData();
+ }
+ if (!$filters) {
return;
}
$this->filterJoins = [];
@@ -125,6 +147,24 @@ protected function prepareQueryToFilter($parameters, QueryBuilder $queryBuilder,
}
}
+ /**
+ * @return array
+ */
+ protected function getGridViewFiltersData()
+ {
+ $filters = [];
+ $user = $this->securityFacade->getLoggedUser();
+ if (!$user) {
+ return $filters;
+ }
+ /** @var GridView|null $gridView */
+ $gridView = $this->gridViewManager->getDefaultView($user, 'user-email-grid');
+ if (!$gridView) {
+ return $filters;
+ }
+
+ return $gridView->getFiltersData();
+ }
/**
*
diff --git a/src/Oro/Bundle/EmailBundle/Migrations/Data/ORM/CollectEmailBodyJobFixture.php b/src/Oro/Bundle/EmailBundle/Migrations/Data/ORM/CollectEmailBodyJobFixture.php
index 8c41f35d7b7..f65e4994df5 100644
--- a/src/Oro/Bundle/EmailBundle/Migrations/Data/ORM/CollectEmailBodyJobFixture.php
+++ b/src/Oro/Bundle/EmailBundle/Migrations/Data/ORM/CollectEmailBodyJobFixture.php
@@ -7,7 +7,7 @@
use JMS\JobQueueBundle\Entity\Job;
-use Oro\Bundle\EmailBundle\Command\ConvertEmailBodyToTextBody;
+use Oro\Bundle\EmailBundle\Command\ConvertEmailBodyToTextBodyCommand;
/**
* Adds job to collect email body representations.
@@ -20,7 +20,7 @@ class CollectEmailBodyJobFixture extends AbstractFixture
*/
public function load(ObjectManager $manager)
{
- $job = new Job(ConvertEmailBodyToTextBody::COMMAND_NAME, []);
+ $job = new Job(ConvertEmailBodyToTextBodyCommand::COMMAND_NAME, []);
$manager->persist($job);
$manager->flush($job);
}
diff --git a/src/Oro/Bundle/EmailBundle/Resources/config/datagrid.yml b/src/Oro/Bundle/EmailBundle/Resources/config/datagrid.yml
index 8a1b2237d6c..c6602336614 100644
--- a/src/Oro/Bundle/EmailBundle/Resources/config/datagrid.yml
+++ b/src/Oro/Bundle/EmailBundle/Resources/config/datagrid.yml
@@ -129,6 +129,11 @@ datagrid:
-
join: e.emailBody
alias: eb
+# The next join is performed in EmailGridListener, when any of grid filters are applied: folder, folders, mailbox.
+# -
+# join: eu.folders
+# alias: f
+# Attributes from f are used in ChoiceMessageTypeFilter also.
where:
and:
- >
@@ -313,7 +318,7 @@ datagrid:
select:
- partial e.{ id, subject, sentAt }
- partial eu.{ id, receivedAt, email }
- - eb.bodyContent AS body_content
+ - eb.textBody AS body_content
- a
- CASE WHEN eu.seen = true THEN 0 ELSE 1 END as is_new
from:
diff --git a/src/Oro/Bundle/EmailBundle/Resources/config/services.yml b/src/Oro/Bundle/EmailBundle/Resources/config/services.yml
index 4aabfe6b73f..1c70075f0c9 100644
--- a/src/Oro/Bundle/EmailBundle/Resources/config/services.yml
+++ b/src/Oro/Bundle/EmailBundle/Resources/config/services.yml
@@ -556,6 +556,8 @@ services:
class: %oro_email.listener.datagrid.email.class%
arguments:
- '@oro_email.datagrid_query_factory'
+ - '@oro_security.security_facade'
+ - '@oro_datagrid.grid_view.manager'
tags:
- { name: kernel.event_listener, event: oro_datagrid.datagrid.build.after.base-email-grid, method: onBuildAfter }
- { name: kernel.event_listener, event: oro_datagrid.orm_datasource.result.before_query.base-email-grid, method: onResultBeforeQuery, priority: -255 }
diff --git a/src/Oro/Bundle/SearchBundle/Engine/AbstractEngine.php b/src/Oro/Bundle/SearchBundle/Engine/AbstractEngine.php
index 0b5470aea2d..c96aa5e9d63 100644
--- a/src/Oro/Bundle/SearchBundle/Engine/AbstractEngine.php
+++ b/src/Oro/Bundle/SearchBundle/Engine/AbstractEngine.php
@@ -277,7 +277,7 @@ protected function createIterator($entityName, $offset = null, $limit = null, $c
*/
protected function createIteratorCacheKey($entityName, $offset = null, $limit = null)
{
- return sprintf('%d.%d.%d', $entityName, $offset, $limit);
+ return sprintf('%s.%d.%d', $entityName, $offset, $limit);
}
/**
diff --git a/src/Oro/Bundle/UIBundle/Resources/public/js/modal.js b/src/Oro/Bundle/UIBundle/Resources/public/js/modal.js
index 5733d76761c..2031df0aeb7 100644
--- a/src/Oro/Bundle/UIBundle/Resources/public/js/modal.js
+++ b/src/Oro/Bundle/UIBundle/Resources/public/js/modal.js
@@ -40,6 +40,21 @@ define([
if (options.handleClose) {
this.events = _.extend({}, this.events, {'click .close': _.bind(this.onClose, this)});
}
+
+ // Backbone.BootstrapModal is XSS vulnerable due to wrong template interpolation
+ // Escape all variables except "content"
+ if (options.hasOwnProperty('title')) {
+ options.title = _.escape(options.title);
+ }
+
+ if (options.hasOwnProperty('cancelText')) {
+ options.cancelText = _.escape(options.cancelText);
+ }
+
+ if (options.hasOwnProperty('okText')) {
+ options.okText = _.escape(options.okText);
+ }
+
Modal.__super__.initialize.call(this, options);
},
diff --git a/src/Oro/Bundle/WorkflowBundle/Resources/public/js/app/views/transition/transition-edit-view.js b/src/Oro/Bundle/WorkflowBundle/Resources/public/js/app/views/transition/transition-edit-view.js
index ee99b4c422a..08df146f0a5 100644
--- a/src/Oro/Bundle/WorkflowBundle/Resources/public/js/app/views/transition/transition-edit-view.js
+++ b/src/Oro/Bundle/WorkflowBundle/Resources/public/js/app/views/transition/transition-edit-view.js
@@ -28,9 +28,9 @@ define(function(require) {
workflow: null,
step_from: null,
entity_select_el: null,
- button_example_template: '',
+ button_example_template: '',
allowed_button_styles: [
{
'label': __('Gray button'),
diff --git a/src/Oro/Bundle/WorkflowBundle/Resources/public/templates/workflow-steps-view.html b/src/Oro/Bundle/WorkflowBundle/Resources/public/templates/workflow-steps-view.html
index f3fa471401a..00d843c6e78 100644
--- a/src/Oro/Bundle/WorkflowBundle/Resources/public/templates/workflow-steps-view.html
+++ b/src/Oro/Bundle/WorkflowBundle/Resources/public/templates/workflow-steps-view.html
@@ -1,8 +1,8 @@
<% if (typeof steps !== 'undefined' && steps.length > 0) { %>
-
+
<% for (var i = 0; i < steps.length; i++ ) { %>
- -
- <%= steps[i].label %>
+
-
+ <%- steps[i].label %>
<% } %>