Yii Framework Forum: Zurmo - Open Source CRM - Yii Framework Forum

Jump to content

  • (7 Pages)
  • +
  • 1
  • 2
  • 3
  • 4
  • Last »
  • You cannot start a new topic
  • You cannot reply to this topic

Zurmo - Open Source CRM zurmo.org Rate Topic: ***** 8 Votes

#21 User is offline   raysto 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 47
  • Joined: 27-April 11

Posted 23 November 2011 - 11:21 PM

View Postnix, on 23 November 2011 - 08:19 PM, said:

What I found out is that most people use SugarCRM and Salesforce because of their MS Outlook Plug-ins and contact/task auto sync features so I guess you guys probably have a plan for developing MS Outlook plugins too

You might also want to be looking at developing a sync tool for Google App powered emails

SugarCRM and Salesforce are solid CRM apps. Yes, we plan on a few email integration options including an Outlook plugin and potential Exchange integration. Those items are in our development roadmap, but not planned for our next release. You can see the feature set for our current release and plans for our upcoming release here: http://zurmo.org/roadmap

I like the recommendation for Google Apps. We are seeing that more in the SMB space. With the open source nature of Zurmo, we would welcome anyone that could contribute and get things started.
Zurmo: Yii Powered Open Source CRM
zurmo.org
0

#22 User is offline   raysto 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 47
  • Joined: 27-April 11

Posted 07 December 2011 - 10:42 PM

View PostJunta, on 23 November 2011 - 10:10 AM, said:

Very nice

Appreciate the positive feedback. We have been getting great responses from developers, especially because of the Test Driven Development methodology that we have embedded into Zurmo.
Zurmo: Yii Powered Open Source CRM
zurmo.org
0

#23 User is offline   raysto 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 47
  • Joined: 27-April 11

Posted 08 December 2011 - 06:46 PM

Zurmo 0.5.3 was released last week. German language support plus additional bug fixes and more tests
Zurmo: Yii Powered Open Source CRM
zurmo.org
0

#24 User is offline   raysto 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 47
  • Joined: 27-April 11

Posted 12 January 2012 - 03:16 PM

The new Zurmo User Interface is coming along nicely. What do you think?

Homepage:
Attached File  NewUI_Homepage.JPG (334.84K)
Number of downloads: 128

Account Detail View:
Attached File  NewUI_AcctDetailView.JPG (354.62K)
Number of downloads: 121

Account Edit View:
Attached File  NewUI_AcctEditView.JPG (220.09K)
Number of downloads: 92
Zurmo: Yii Powered Open Source CRM
zurmo.org
0

#25 User is offline   yJeroen 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 94
  • Joined: 06-September 11
  • Location:The Netherlands

Posted 13 January 2012 - 03:31 PM

Your UI keeps looking better over time Raysto!

Just curious, what do you use for your UI? Custom CSS, or something like Bootstrap?
0

#26 User is offline   raysto 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 47
  • Joined: 27-April 11

Posted 14 January 2012 - 12:17 AM

View PostJeroendh, on 13 January 2012 - 03:31 PM, said:

Your UI keeps looking better over time Raysto!

Just curious, what do you use for your UI? Custom CSS, or something like Bootstrap?

Thank you for the encouraging words. We are really trying to enhance the end user experience and building a fresh, new UI will help do so. We used a custom CSS.
Zurmo: Yii Powered Open Source CRM
zurmo.org
0

#27 User is offline   jellysandwich 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 86
  • Joined: 03-May 11

Posted 14 January 2012 - 12:29 PM

I was wondering, how do you handle model validations with redbean php? From what I've seen, it's much more limited than Yii's active record.
0

#28 User is offline   raysto 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 47
  • Joined: 27-April 11

Posted 16 January 2012 - 11:41 AM

View Postjellysandwich, on 14 January 2012 - 12:29 PM, said:

I was wondering, how do you handle model validations with redbean php? From what I've seen, it's much more limited than Yii's active record.

If you are talking about attribute validation like if a field is too large or the correct type, we still utilize the Yii rules() method to validate attributes. If you are asking about something different, can you please elaborate?
Zurmo: Yii Powered Open Source CRM
zurmo.org
0

#29 User is offline   bodik 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 18-January 12

Posted 18 January 2012 - 11:27 AM

Hello, I'm interested in CRM systems for a while and accidentaly I found your here. I can help you with Czech and Slovak translation if it's interesting for you.
0

#30 User is offline   raysto 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 47
  • Joined: 27-April 11

Posted 18 January 2012 - 02:43 PM

View Postbodik, on 18 January 2012 - 11:27 AM, said:

Hello, I'm interested in CRM systems for a while and accidentaly I found your here. I can help you with Czech and Slovak translation if it's interesting for you.

Hello Bodik. I'm glad to hear you have interest in CRM systems. It would be wonderful to have you join our Language Team. We already have English, Spanish, French, German, and Italian. You can see our different Teams here: http://zurmo.org/get-involved

If you can sign up on our Forums and send me a message, I can get you in touch with the Language Team Leader.
Thanks,
Ray
Zurmo: Yii Powered Open Source CRM
zurmo.org
0

#31 User is offline   fantgeass 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 22
  • Joined: 25-February 11

Posted 24 January 2012 - 02:38 PM

I'm a novice TDD-user and using your tests as example. Thanks for Yii CRM and especially for using TDD.
42
0

#32 User is offline   edmondscommerce 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 2
  • Joined: 02-February 12

Posted 02 February 2012 - 07:04 AM

looks great

always inspiring to see a real world application that looks professional
0

#33 User is offline   holyxing 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 30-August 11

Posted 03 February 2012 - 08:17 AM

hi,Zurmo
Nice app of crm. there are two questions about the system. eg. 1.the system will be supported with db mongodb?
2. I would like to translate the language to Chinese if u interesting it.
0

#34 User is offline   raysto 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 47
  • Joined: 27-April 11

Posted 03 February 2012 - 03:59 PM

View Postholyxing, on 03 February 2012 - 08:17 AM, said:

hi,Zurmo
Nice app of crm. there are two questions about the system. eg. 1.the system will be supported with db mongodb?
2. I would like to translate the language to Chinese if u interesting it.

Sure, I'm happy to answer your questions. Right now, we only support mysql, but we would like to support other databases such as MongoDB. We have our hands full with our current roadmap: http://zurmo.org/roadmap

Yes, we would be very interested in having a Chinese language translation. Thank you so much for offering assistance. I will send you a PM in the Zurmo forums to put you in touch with our Language Team.
Zurmo: Yii Powered Open Source CRM
zurmo.org
0

#35 User is offline   ekerazha 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 525
  • Joined: 10-October 08
  • Location:European Union

Posted 05 February 2012 - 02:36 PM

RedBeansPHP looks really nice
Yii user #37
0

#36 User is offline   twisted1919 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 634
  • Joined: 23-October 10
  • Location:Romania

Posted 10 February 2012 - 10:40 AM

http://dev2.zurmo.co...=../../../index
or
http://dev2.zurmo.co...ame=UsersModule

and possibly others.

please fix it ;)
0

#37 User is offline   Ivica 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 315
  • Joined: 25-May 11

Posted 10 February 2012 - 10:54 AM

@twisted1919
Thanks for informing us about bug, but can you tell me where you found those invalid links?

Thanks,
Ivica
Zurmo: Yii Powered Open Source CRM
zurmo.org
0

#38 User is offline   twisted1919 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 634
  • Joined: 23-October 10
  • Location:Romania

Posted 10 February 2012 - 11:52 AM

I didn't "found" them, rather i generated them.
I was curious if i can do a directory traversal and i start playing with your urls :)
0

#39 User is offline   Ivica 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 315
  • Joined: 25-May 11

Posted 11 February 2012 - 01:51 PM

@twisted1919
But can you tell us how did you generated those invalid urls?
Did you changed base script url or something else? This can be security issue,
so we want to be sure this will not involve any security risks.

Thanks!!!
Zurmo: Yii Powered Open Source CRM
zurmo.org
0

#40 User is offline   twisted1919 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 634
  • Joined: 23-October 10
  • Location:Romania

Posted 12 February 2012 - 12:54 PM

Well, it is a security risk after all.
Here is the thing, the url was like:
http://dev2.zurmo.co...=ContactsModule

So i thought, why do they use ?moduleClassName=ContactsModule, do they instantiate this class based on the $_GET variable (which is wrong as you can see)?
Then to verify my idea, i accessed http://dev2.zurmo.co...ContactsModulex just added an x to the class name to trigger an error, and i got this error:
include(ContactsModulex.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory

So of course the next thought was, can i include other files from the server if i change the ?moduleClassName=ContactsModule part of the url ? And yes this is possible as you can see, in this link:
http://dev2.zurmo.co...=../../../index

The idea here is that directory traversal is possible, so a bad intended user could use this to instantiate what class he wants or to include any file from the server.

Anyway, i don't know your app at all, i just spent about 5 minutes in the backed of your app and found this, you should find a fix for it as soon as possible.

My suggestion would be to allow only a-zA-z chars for $_GET['moduleClassName'] and also to allow the reading from a single directory and check with is_file('path/to/my-dir/'.$_GET['moduleClassName']) before instantiate that class, but again, i have no idea what you do in your backend so these suggestions might not help at all.
0

Share this topic:


  • (7 Pages)
  • +
  • 1
  • 2
  • 3
  • 4
  • Last »
  • You cannot start a new topic
  • You cannot reply to this topic

2 User(s) are reading this topic
0 members, 2 guests, 0 anonymous users