Personal/drupal-civicrm
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

First commit

Browse source
This commit is contained in:
Theodotos Andreou 2018-01-14 13:10:16 +00:00
commit c6e2478c40
13918 changed files with 2303184 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

153
sites/all/modules/civicrm/CRM/Utils/API/AbstractFieldCoder.php Normal file
View file

@ -0,0 +1,153 @@
<?php
/*
+--------------------------------------------------------------------+
| CiviCRM version 4.7 |
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC (c) 2004-2017 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
| CiviCRM is free software; you can copy, modify, and distribute it |
| under the terms of the GNU Affero General Public License |
| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
| |
| CiviCRM is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| See the GNU Affero General Public License for more details. |
| |
| You should have received a copy of the GNU Affero General Public |
| License and the CiviCRM Licensing Exception along |
| with this program; if not, contact CiviCRM LLC |
| at info[AT]civicrm[DOT]org. If you have questions about the |
| GNU Affero General Public License or the licensing of CiviCRM, |
| see the CiviCRM license FAQ at http://civicrm.org/licensing |
+--------------------------------------------------------------------+
*/
/**
* Base class for writing API_Wrappers which generically manipulate the content
* of all fields (except for some black-listed skip-fields).
*
* @package CRM
* @copyright CiviCRM LLC (c) 2004-2017
*/
require_once 'api/Wrapper.php';
/**
* Class CRM_Utils_API_AbstractFieldCoder.
*/
abstract class CRM_Utils_API_AbstractFieldCoder implements API_Wrapper {
/**
* Get skipped fields.
*
* @return array<string>
* List of field names
*/
public function getSkipFields() {
return NULL;
}
/**
* Is field skipped.
*
* @param string $fldName
*
* @return bool
* TRUE if encoding should be skipped for this field
*/
public function isSkippedField($fldName) {
$skipFields = $this->getSkipFields();
if ($skipFields === NULL) {
return FALSE;
}
// Field should be skipped
if (in_array($fldName, $skipFields)) {
return TRUE;
}
// Field is multilingual and after cutting off _xx_YY should be skipped (CRM-7230)…
if ((preg_match('/_[a-z][a-z]_[A-Z][A-Z]$/', $fldName) && in_array(substr($fldName, 0, -6), $skipFields))) {
return TRUE;
}
// Field can take multiple entries, eg. fieldName[1], fieldName[2], etc.
// We remove the index and check again if the fieldName in the list of skipped fields.
$matches = array();
if (preg_match('/^(.*)\[\d+\]/', $fldName, $matches) && in_array($matches[1], $skipFields)) {
return TRUE;
}
return FALSE;
}
/**
* Going to filter the submitted values.
*
* @param array|string $values the field value from the API
*/
public abstract function encodeInput(&$values);
/**
* Decode output.
*
* @param string $values
*
* @return mixed
*/
public abstract function decodeOutput(&$values);
/**
* @inheritDoc
*/
public function fromApiInput($apiRequest) {
$lowerAction = strtolower($apiRequest['action']);
if ($apiRequest['version'] == 3 && in_array($lowerAction, array('get', 'create'))) {
// note: 'getsingle', 'replace', 'update', and chaining all build on top of 'get'/'create'
foreach ($apiRequest['params'] as $key => $value) {
// Don't apply escaping to API control parameters (e.g. 'api.foo' or 'options.foo')
// and don't apply to other skippable fields
if (!$this->isApiControlField($key) && !$this->isSkippedField($key)) {
$this->encodeInput($apiRequest['params'][$key]);
}
}
}
elseif ($apiRequest['version'] == 3 && $lowerAction == 'setvalue') {
if (isset($apiRequest['params']['field']) && isset($apiRequest['params']['value'])) {
if (!$this->isSkippedField($apiRequest['params']['field'])) {
$this->encodeInput($apiRequest['params']['value']);
}
}
}
return $apiRequest;
}
/**
* @inheritDoc
*/
public function toApiOutput($apiRequest, $result) {
$lowerAction = strtolower($apiRequest['action']);
if ($apiRequest['version'] == 3 && in_array($lowerAction, array('get', 'create', 'setvalue', 'getquick'))) {
foreach ($result as $key => $value) {
// Don't apply escaping to API control parameters (e.g. 'api.foo' or 'options.foo')
// and don't apply to other skippable fields
if (!$this->isApiControlField($key) && !$this->isSkippedField($key)) {
$this->decodeOutput($result[$key]);
}
}
}
// setvalue?
return $result;
}
/**
* @param $key
*
* @return bool
*/
protected function isApiControlField($key) {
return (FALSE !== strpos($key, '.'));
}
}

153
sites/all/modules/civicrm/CRM/Utils/API/HTMLInputCoder.php Normal file
View file

@ -0,0 +1,153 @@
<?php
/*
+--------------------------------------------------------------------+
| CiviCRM version 4.7 |
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC (c) 2004-2017 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
| CiviCRM is free software; you can copy, modify, and distribute it |
| under the terms of the GNU Affero General Public License |
| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
| |
| CiviCRM is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| See the GNU Affero General Public License for more details. |
| |
| You should have received a copy of the GNU Affero General Public |
| License and the CiviCRM Licensing Exception along |
| with this program; if not, contact CiviCRM LLC |
| at info[AT]civicrm[DOT]org. If you have questions about the |
| GNU Affero General Public License or the licensing of CiviCRM, |
| see the CiviCRM license FAQ at http://civicrm.org/licensing |
+--------------------------------------------------------------------+
*/
/**
* This class captures the encoding practices of CRM-5667 in a reusable
* fashion. In this design, all submitted values are partially HTML-encoded
* before saving to the database. If a DB reader needs to output in
* non-HTML medium, then it should undo the partial HTML encoding.
*
* This class should be short-lived -- 4.3 should introduce an alternative
* escaping scheme and consequently remove HTMLInputCoder.
*
* @package CRM
* @copyright CiviCRM LLC (c) 2004-2017
*/
class CRM_Utils_API_HTMLInputCoder extends CRM_Utils_API_AbstractFieldCoder {
private $skipFields = NULL;
/**
* @var CRM_Utils_API_HTMLInputCoder
*/
private static $_singleton = NULL;
/**
* @return CRM_Utils_API_HTMLInputCoder
*/
public static function singleton() {
if (self::$_singleton === NULL) {
self::$_singleton = new CRM_Utils_API_HTMLInputCoder();
}
return self::$_singleton;
}
/**
* Get skipped fields.
*
* @return array<string>
* list of field names
*/
public function getSkipFields() {
if ($this->skipFields === NULL) {
$this->skipFields = array(
'widget_code',
'html_message',
'body_html',
'msg_html',
'description',
'intro',
'thankyou_text',
'tf_thankyou_text',
'intro_text',
'page_text',
'body_text',
'footer_text',
'thankyou_footer',
'thankyou_footer_text',
'new_text',
'renewal_text',
'help_pre',
'help_post',
'confirm_title',
'confirm_text',
'confirm_footer_text',
'confirm_email_text',
'event_full_text',
'waitlist_text',
'approval_req_text',
'report_header',
'report_footer',
'cc_id',
'bcc_id',
'premiums_intro_text',
'honor_block_text',
'pay_later_text',
'pay_later_receipt',
'label', // This is needed for FROM Email Address configuration. dgg
'url', // This is needed for navigation items urls
'details',
'msg_text', // message templates text versions
'text_message', // (send an) email to contacts and CiviMails text version
'data', // data i/p of persistent table
'sqlQuery', // CRM-6673
'pcp_title',
'pcp_intro_text',
'new', // The 'new' text in word replacements
'replyto_email', // e.g. '"Full Name" <user@example.org>'
'operator',
'content', // CRM-20468
);
}
return $this->skipFields;
}
/**
* going to filter the
* submitted values across XSS vulnerability.
*
* @param array|string $values
* @param bool $castToString
* If TRUE, all scalars will be filtered (and therefore cast to strings).
* If FALSE, then non-string values will be preserved
*/
public function encodeInput(&$values, $castToString = FALSE) {
if (is_array($values)) {
foreach ($values as &$value) {
$this->encodeInput($value, TRUE);
}
}
elseif ($castToString || is_string($values)) {
$values = str_replace(array('<', '>'), array('&lt;', '&gt;'), $values);
}
}
/**
* @param array $values
* @param bool $castToString
*/
public function decodeOutput(&$values, $castToString = FALSE) {
if (is_array($values)) {
foreach ($values as &$value) {
$this->decodeOutput($value, TRUE);
}
}
elseif ($castToString || is_string($values)) {
$values = str_replace(array('&lt;', '&gt;'), array('<', '>'), $values);
}
}
}

194
sites/all/modules/civicrm/CRM/Utils/API/MatchOption.php Normal file
View file

@ -0,0 +1,194 @@
<?php
/*
+--------------------------------------------------------------------+
| CiviCRM version 4.7 |
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC (c) 2004-2017 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
| CiviCRM is free software; you can copy, modify, and distribute it |
| under the terms of the GNU Affero General Public License |
| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
| |
| CiviCRM is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| See the GNU Affero General Public License for more details. |
| |
| You should have received a copy of the GNU Affero General Public |
| License and the CiviCRM Licensing Exception along |
| with this program; if not, contact CiviCRM LLC |
| at info[AT]civicrm[DOT]org. If you have questions about the |
| GNU Affero General Public License or the licensing of CiviCRM, |
| see the CiviCRM license FAQ at http://civicrm.org/licensing |
+--------------------------------------------------------------------+
*/
/**
* Implement the "match" and "match-mandatory" options. If the submitted record doesn't have an ID
* but a "match" key is specified, then we will automatically search for pre-existing record and
* fill-in the missing ID. The "match" or "match-mandatory" can specified as a string (the name of the key
* to match on) or array (the names of several keys to match on).
*
* Note that "match" and "match-mandatory" behave the same in the case where one matching record
* exists (ie they update the record). They also behave the same if there are multiple matching
* records (ie they throw an error). However, if there is no matching record, they differ:
* - "match-mandatory" will generate an error
* - "match" will allow action to proceed -- thus inserting a new record
*
* @code
* $result = civicrm_api('contact', 'create', array(
* 'options' => array(
* 'match' => array('last_name', 'first_name')
* ),
* 'first_name' => 'Jeffrey',
* 'last_name' => 'Lebowski',
* 'nick_name' => 'The Dude',
* ));
* @endcode
*
* @package CRM
* @copyright CiviCRM LLC (c) 2004-2017
*/
require_once 'api/Wrapper.php';
/**
* Class CRM_Utils_API_MatchOption
*/
class CRM_Utils_API_MatchOption implements API_Wrapper {
/**
* @var CRM_Utils_API_MatchOption
*/
private static $_singleton = NULL;
/**
* Singleton function.
*
* @return CRM_Utils_API_MatchOption
*/
public static function singleton() {
if (self::$_singleton === NULL) {
self::$_singleton = new CRM_Utils_API_MatchOption();
}
return self::$_singleton;
}
/**
* @inheritDoc
*/
public function fromApiInput($apiRequest) {
// Parse options.match or options.match-mandatory
$keys = NULL;
if (isset($apiRequest['params'], $apiRequest['params']['options']) && is_array($apiRequest['params']['options'])) {
if (isset($apiRequest['params']['options']['match-mandatory'])) {
$isMandatory = TRUE;
$keys = $apiRequest['params']['options']['match-mandatory'];
}
elseif (isset($apiRequest['params']['options']['match'])) {
$isMandatory = FALSE;
$keys = $apiRequest['params']['options']['match'];
}
if (is_string($keys)) {
$keys = array($keys);
}
}
// If one of the options was specified, then try to match records.
// Matching logic differs for 'create' and 'replace' actions.
if ($keys !== NULL) {
switch ($apiRequest['action']) {
case 'create':
if (empty($apiRequest['params']['id'])) {
$apiRequest['params'] = $this->match($apiRequest['entity'], $apiRequest['params'], $keys, $isMandatory);
}
break;
case 'replace':
// In addition to matching on the listed keys, also match on the set-definition keys.
// For example, if the $apiRequest is to "replace the set of civicrm_emails for contact_id=123 while
// matching emails on location_type_id", then we would need to search for pre-existing emails using
// both 'contact_id' and 'location_type_id'
$baseParams = _civicrm_api3_generic_replace_base_params($apiRequest['params']);
$keys = array_unique(array_merge(
array_keys($baseParams),
$keys
));
// attempt to match each replacement item
foreach ($apiRequest['params']['values'] as $offset => $createParams) {
$createParams = array_merge($baseParams, $createParams);
$createParams = $this->match($apiRequest['entity'], $createParams, $keys, $isMandatory);
$apiRequest['params']['values'][$offset] = $createParams;
}
break;
default:
// be forgiving of sloppy api calls
}
}
return $apiRequest;
}
/**
* Attempt to match a contact. This filters/updates the $createParams if there is a match.
*
* @param string $entity
* @param array $createParams
* @param array $keys
* @param bool $isMandatory
*
* @return array
* revised $createParams, including 'id' if known
* @throws API_Exception
*/
public function match($entity, $createParams, $keys, $isMandatory) {
$getParams = $this->createGetParams($createParams, $keys);
$getResult = civicrm_api3($entity, 'get', $getParams);
if ($getResult['count'] == 0) {
if ($isMandatory) {
throw new API_Exception("Failed to match existing record");
}
return $createParams; // OK, don't care
}
elseif ($getResult['count'] == 1) {
$item = array_shift($getResult['values']);
$createParams['id'] = $item['id'];
return $createParams;
}
else {
throw new API_Exception("Ambiguous match criteria");
}
}
/**
* @inheritDoc
*/
public function toApiOutput($apiRequest, $result) {
return $result;
}
/**
* Create APIv3 "get" parameters to lookup an existing record using $keys
*
* @param array $origParams
* Api request.
* @param array $keys
* List of keys to match against.
*
* @return array
* APIv3 $params
*/
public function createGetParams($origParams, $keys) {
$params = array('version' => 3);
foreach ($keys as $key) {
$params[$key] = CRM_Utils_Array::value($key, $origParams, '');
}
return $params;
}
}

103
sites/all/modules/civicrm/CRM/Utils/API/NullOutputCoder.php Normal file
View file

@ -0,0 +1,103 @@
<?php
/*
+--------------------------------------------------------------------+
| CiviCRM version 4.7 |
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC (c) 2004-2017 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
| CiviCRM is free software; you can copy, modify, and distribute it |
| under the terms of the GNU Affero General Public License |
| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
| |
| CiviCRM is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| See the GNU Affero General Public License for more details. |
| |
| You should have received a copy of the GNU Affero General Public |
| License and the CiviCRM Licensing Exception along |
| with this program; if not, contact CiviCRM LLC |
| at info[AT]civicrm[DOT]org. If you have questions about the |
| GNU Affero General Public License or the licensing of CiviCRM, |
| see the CiviCRM license FAQ at http://civicrm.org/licensing |
+--------------------------------------------------------------------+
*/
/**
* Work-around for CRM-13120 - The "create" action incorrectly returns string literal "null"
* when the actual value is NULL or "". Rewrite the output.
*
* @package CRM
* @copyright CiviCRM LLC (c) 2004-2017
*/
require_once 'api/Wrapper.php';
/**
* Class CRM_Utils_API_NullOutputCoder
*/
class CRM_Utils_API_NullOutputCoder extends CRM_Utils_API_AbstractFieldCoder {
/**
* @var CRM_Utils_API_NullOutputCoder
*/
private static $_singleton = NULL;
/**
* @return CRM_Utils_API_NullOutputCoder
*/
public static function singleton() {
if (self::$_singleton === NULL) {
self::$_singleton = new CRM_Utils_API_NullOutputCoder();
}
return self::$_singleton;
}
/**
* Going to filter the submitted values across XSS vulnerability.
*
* @param array|string $values
*/
public function encodeInput(&$values) {
}
/**
* Decode output.
*
* @param array $values
* @param bool $castToString
*/
public function decodeOutput(&$values, $castToString = FALSE) {
if (is_array($values)) {
foreach ($values as &$value) {
$this->decodeOutput($value, TRUE);
}
}
elseif ($castToString || is_string($values)) {
if ($values === 'null') {
$values = '';
}
}
}
/**
* To api output.
*
* @param array $apiRequest
* @param array $result
*
* @return array
*/
public function toApiOutput($apiRequest, $result) {
$lowerAction = strtolower($apiRequest['action']);
if ($lowerAction === 'create') {
return parent::toApiOutput($apiRequest, $result);
}
else {
return $result;
}
}
}

133
sites/all/modules/civicrm/CRM/Utils/API/ReloadOption.php Normal file
View file

@ -0,0 +1,133 @@
<?php
/*
+--------------------------------------------------------------------+
| CiviCRM version 4.7 |
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC (c) 2004-2017 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
| CiviCRM is free software; you can copy, modify, and distribute it |
| under the terms of the GNU Affero General Public License |
| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
| |
| CiviCRM is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| See the GNU Affero General Public License for more details. |
| |
| You should have received a copy of the GNU Affero General Public |
| License and the CiviCRM Licensing Exception along |
| with this program; if not, contact CiviCRM LLC |
| at info[AT]civicrm[DOT]org. If you have questions about the |
| GNU Affero General Public License or the licensing of CiviCRM, |
| see the CiviCRM license FAQ at http://civicrm.org/licensing |
+--------------------------------------------------------------------+
*/
/**
* Implement the "reload" option. This option can be used with "create" to force
* the API to reload a clean copy of the entity before returning the result.
*
* @code
* $clean = civicrm_api('myentity', 'create', array(
* 'options' => array(
* 'reload' => 1
* ),
* ));
* @endcode
*
* @package CRM
* @copyright CiviCRM LLC (c) 2004-2017
*/
require_once 'api/Wrapper.php';
/**
* Class CRM_Utils_API_ReloadOption
*/
class CRM_Utils_API_ReloadOption implements API_Wrapper {
/**
* @var CRM_Utils_API_ReloadOption
*/
private static $_singleton = NULL;
/**
* @return CRM_Utils_API_ReloadOption
*/
public static function singleton() {
if (self::$_singleton === NULL) {
self::$_singleton = new CRM_Utils_API_ReloadOption();
}
return self::$_singleton;
}
/**
* @inheritDoc
*/
public function fromApiInput($apiRequest) {
return $apiRequest;
}
/**
* @inheritDoc
*/
public function toApiOutput($apiRequest, $result) {
$reloadMode = NULL;
if ($apiRequest['action'] === 'create' && isset($apiRequest['params'], $apiRequest['params']['options']) && is_array($apiRequest['params']['options']) && isset($apiRequest['params']['options']['reload'])) {
if (!CRM_Utils_Array::value('is_error', $result, FALSE)) {
$reloadMode = $apiRequest['params']['options']['reload'];
}
$id = (!empty($apiRequest['params']['sequential'])) ? 0 : $result['id'];
}
switch ($reloadMode) {
case NULL:
case '0':
case 'null':
case '':
return $result;
case '1':
case 'default':
$params = array(
'id' => $result['id'],
);
$reloadResult = civicrm_api3($apiRequest['entity'], 'get', $params);
if ($reloadResult['is_error']) {
throw new API_Exception($reloadResult['error_message']);
}
$result['values'][$id] = array_merge($result['values'][$id], $reloadResult['values'][$result['id']]);
return $result;
case 'selected':
$params = array(
'id' => $id,
'return' => $this->pickReturnFields($apiRequest),
);
$reloadResult = civicrm_api3($apiRequest['entity'], 'get', $params);
$result['values'][$id] = array_merge($result['values'][$id], $reloadResult['values'][$id]);
return $result;
default:
throw new API_Exception("Unknown reload mode " . $reloadMode);
}
}
/**
* Identify the fields which should be returned.
*
* @param $apiRequest
* @return array
*/
public function pickReturnFields($apiRequest) {
$fields = civicrm_api3($apiRequest['entity'], 'getfields', array());
$returnKeys = array_intersect(
array_keys($apiRequest['params']),
array_keys($fields['values'])
);
return $returnKeys;
}
}