From a062d3d5fecb000db207a2ad8a446db97ad96b89 Mon Sep 17 00:00:00 2001
From: Mariusz Krzaczkowski <m.krzaczkowski@yetiforce.com>
Date: Mon, 13 Dec 2021 15:18:13 +0100
Subject: [PATCH] Added additional data validation in the wysiwyg editor when
 inputting data in the source.

---
 config/version.php                      |  2 +-
 modules/Vtiger/actions/Fields.php       | 26 +++++++++++++-
 public_html/layouts/resources/Fields.js | 46 ++++++++++++++++++++++---
 3 files changed, 67 insertions(+), 7 deletions(-)

diff --git a/config/version.php b/config/version.php
index 4b88d4844998..fc47a125634b 100644
--- a/config/version.php
+++ b/config/version.php
@@ -1,7 +1,7 @@
 <?php
 
 return [
-	'appVersion' => '6.3.3',
+	'appVersion' => '6.3.4',
 	'patchVersion' => '2021.12.13',
 	'lib_roundcube' => '0.2.3',
 ];
diff --git a/modules/Vtiger/actions/Fields.php b/modules/Vtiger/actions/Fields.php
index 76ecf4227d4b..1a2b650728d5 100644
--- a/modules/Vtiger/actions/Fields.php
+++ b/modules/Vtiger/actions/Fields.php
@@ -53,8 +53,9 @@ public function __construct()
 		$this->exposeMethod('getOwners');
 		$this->exposeMethod('getReference');
 		$this->exposeMethod('getUserRole');
-		$this->exposeMethod('verifyPhoneNumber');
 		$this->exposeMethod('findAddress');
+		$this->exposeMethod('validate');
+		$this->exposeMethod('verifyPhoneNumber');
 		$this->exposeMethod('verifyIsHolidayDate');
 		$this->exposeMethod('changeFavoriteOwner');
 	}
@@ -267,4 +268,27 @@ public function changeFavoriteOwner(App\Request $request)
 		$response->setResult(['result' => $result, 'message' => $message]);
 		$response->emit();
 	}
+
+	/**
+	 * Validate the field value.
+	 *
+	 * @param \App\Request $request
+	 *
+	 * @throws \App\Exceptions\NoPermitted
+	 */
+	public function validate(App\Request $request)
+	{
+		$fieldModel = Vtiger_Module_Model::getInstance($request->getModule())->getFieldByName($request->getByType('fieldName', 2));
+		if (!$fieldModel || !$fieldModel->isActiveField() || !$fieldModel->isViewEnabled()) {
+			throw new \App\Exceptions\NoPermitted('ERR_NO_PERMISSIONS_TO_FIELD', 406);
+		}
+		$recordModel = \Vtiger_Record_Model::getCleanInstance($fieldModel->getModuleName());
+		$fieldModel->getUITypeModel()->setValueFromRequest($request, $recordModel, 'fieldValue');
+		$response = new Vtiger_Response();
+		$response->setResult([
+			'raw' => $recordModel->get($fieldModel->getName()),
+			'display' => $recordModel->getDisplayValue($fieldModel->getName()),
+		]);
+		$response->emit();
+	}
 }
diff --git a/public_html/layouts/resources/Fields.js b/public_html/layouts/resources/Fields.js
index 4ae6daa9c165..655fc4957ab8 100644
--- a/public_html/layouts/resources/Fields.js
+++ b/public_html/layouts/resources/Fields.js
@@ -532,8 +532,7 @@ window.App.Fields = {
 			 */
 			loadEditor(element, customConfig) {
 				this.setElement(element);
-				const instance = this.getEditorInstanceFromName(),
-					self = this;
+				const instance = this.getEditorInstanceFromName();
 				let config = {
 					language: CONFIG.langKey,
 					allowedContent: true,
@@ -546,12 +545,17 @@ window.App.Fields = {
 					emojiEnabled: false,
 					mentionsEnabled: false,
 					on: {
-						instanceReady: function (evt) {
+						instanceReady: (evt) => {
 							evt.editor.on('blur', function () {
 								evt.editor.updateElement();
 							});
-							if (self.isModal && self.progressInstance) {
-								self.progressInstance.progressIndicator({ mode: 'hide' });
+							if (this.isModal && this.progressInstance) {
+								this.progressInstance.progressIndicator({ mode: 'hide' });
+							}
+						},
+						beforeCommandExec: (e) => {
+							if (e.editor.mode === 'source') {
+								return this.validate(element, e);
 							}
 						}
 					},
@@ -741,6 +745,38 @@ window.App.Fields = {
 			getMentionUsersData(opts, callback) {
 				App.Fields.Text.getMentionData(opts, callback, 'owners');
 			}
+
+			/**
+			 * Function to validate the field value
+			 * @param {jQuery} element
+			 * @param {object} e
+			 */
+			validate(element, e) {
+				let status = true;
+				AppConnector.request({
+					async: false,
+					data: {
+						module: element.closest('form').find('[name="module"]').val(),
+						action: 'Fields',
+						mode: 'validate',
+						fieldName: element.attr('name'),
+						fieldValue: element.val()
+					}
+				})
+					.done(function (data) {
+						element.val(data.result.raw);
+					})
+					.fail(function (error) {
+						app.showNotify({
+							type: 'error',
+							title: app.vtranslate('JS_ERROR'),
+							text: error
+						});
+						status = false;
+					});
+
+				return status;
+			}
 		},
 		/**
 		 * Completions class for contenteditable html element for records, users and emojis. Params can be passed in data-completions- of contenteditable element or as argument. Default params: