projects / civicrm-core.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update Copywrite year to be 2019
[civicrm-core.git] / CRM / Contact / BAO / Contact / Permission.php
CommitLineData
6a488035
TO		 1<?php
2/*
3 +--------------------------------------------------------------------+
fee14197 4 | CiviCRM version 5 |
6a488035 5 +--------------------------------------------------------------------+
6b83d5bd 6 | Copyright CiviCRM LLC (c) 2004-2019 |
6a488035
TO		 7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
d25dd0ee 26 */
6a488035
TO		 27
28/**
29 *
30 * @package CRM
6b83d5bd 31 * @copyright CiviCRM LLC (c) 2004-2019
6a488035
TO		 32 */
33class CRM_Contact_BAO_Contact_Permission {
34
dddf4bf6 35 /**
e4541c56 36 * Check which of the given contact IDs the logged in user
340be2e7 37 * has permissions for the operation type according to:
38 * - general permissions (e.g. 'edit all contacts')
39 * - deletion status (unless you have 'access deleted contacts')
40 * - ACL
41 * - permissions inherited through relationships (also second degree if enabled)
dddf4bf6 42 *
43 * @param array $contact_ids
44 * Contact IDs.
340be2e7 45 * @param int $type the type of operation (view|edit)
dddf4bf6 46 *
47 * @see CRM_Contact_BAO_Contact_Permission::allow
48 *
49 * @return array
50 * list of contact IDs the logged in user has the given permission for
51 */
52 public static function allowList($contact_ids, $type = CRM_Core_Permission::VIEW) {
53 $result_set = array();
54 if (empty($contact_ids)) {
55 // empty contact lists would cause trouble in the SQL. And be pointless.
56 return $result_set;
57 }
58
59 // make sure the the general permissions are given
e4541c56 60 if (CRM_Core_Permission::check('edit all contacts')
19f13a7c 61 || $type == CRM_Core_Permission::VIEW && CRM_Core_Permission::check('view all contacts')
dddf4bf6 62 ) {
67df1408 63
dddf4bf6 64 // if the general permission is there, all good
67df1408 65 if (CRM_Core_Permission::check('access deleted contacts')) {
e8a0f9e0 66 // if user can access deleted contacts -> fine
67df1408 67 return $contact_ids;
e4541c56 68 }
69 else {
67df1408 70 // if the user CANNOT access deleted contacts, these need to be filtered
340be2e7 71 $contact_id_list = implode(',', $contact_ids);
67df1408 72 $filter_query = "SELECT DISTINCT(id) FROM civicrm_contact WHERE id IN ($contact_id_list) AND is_deleted = 0";
73 $query = CRM_Core_DAO::executeQuery($filter_query);
74 while ($query->fetch()) {
75 $result_set[(int) $query->id] = TRUE;
76 }
77 return array_keys($result_set);
78 }
dddf4bf6 79 }
80
81 // get logged in user
340be2e7 82 $contactID = CRM_Core_Session::getLoggedInContactID();
dddf4bf6 83 if (empty($contactID)) {
67df1408 84 return array();
dddf4bf6 85 }
86
87 // make sure the cache is filled
88 self::cache($contactID, $type);
89
90 // compile query
dddf4bf6 91 $operation = ($type == CRM_Core_Permission::VIEW) ? 'View' : 'Edit';
92
93 // add clause for deleted contacts, if the user doesn't have the permission to access them
163bfad3 94 $LEFT_JOIN_DELETED = $AND_CAN_ACCESS_DELETED = '';
dddf4bf6 95 if (!CRM_Core_Permission::check('access deleted contacts')) {
67df1408 96 $LEFT_JOIN_DELETED = "LEFT JOIN civicrm_contact ON civicrm_contact.id = contact_id";
e4541c56 97 $AND_CAN_ACCESS_DELETED = "AND civicrm_contact.is_deleted = 0";
dddf4bf6 98 }
99
100 // RUN the query
340be2e7 101 $contact_id_list = implode(',', $contact_ids);
dddf4bf6 102 $query = "
103SELECT contact_id
104 FROM civicrm_acl_contact_cache
105 {$LEFT_JOIN_DELETED}
9aea8e14 106WHERE contact_id IN ({$contact_id_list})
dddf4bf6 107 AND user_id = {$contactID}
108 AND operation = '{$operation}'
109 {$AND_CAN_ACCESS_DELETED}";
110 $result = CRM_Core_DAO::executeQuery($query);
111 while ($result->fetch()) {
67df1408 112 $result_set[(int) $result->contact_id] = TRUE;
dddf4bf6 113 }
114
e4541c56 115 // if some have been rejected, double check for permissions inherited by relationship
dddf4bf6 116 if (count($result_set) < count($contact_ids)) {
67df1408 117 $rejected_contacts = array_diff_key($contact_ids, $result_set);
98445ac5 118 // @todo consider storing these to the acl cache for next time, since we have fetched.
f871c3a9 119 $allowed_by_relationship = self::relationshipList($rejected_contacts, $type);
67df1408 120 foreach ($allowed_by_relationship as $contact_id) {
121 $result_set[(int) $contact_id] = TRUE;
122 }
dddf4bf6 123 }
124
67df1408 125 return array_keys($result_set);
dddf4bf6 126 }
127
6a488035 128 /**
fe482240 129 * Check if the logged in user has permissions for the operation type.
6a488035 130 *
77c5b619
TO		 131 * @param int $id
132 * Contact id.
77b97be7 133 * @param int|string $type the type of operation (view|edit)
6a488035 134 *
acb1052e 135 * @return bool
a6c01b45 136 * true if the user has permission, false otherwise
6a488035 137 */
00be9182 138 public static function allow($id, $type = CRM_Core_Permission::VIEW) {
9a41e168 139 // get logged in user
340be2e7 140 $contactID = CRM_Core_Session::getLoggedInContactID();
9a41e168 141
2b8d25f0 142 // first: check if contact is trying to view own contact
135367a6 143 if ($contactID == $id && ($type == CRM_Core_Permission::VIEW && CRM_Core_Permission::check('view my contact')
144 || $type == CRM_Core_Permission::EDIT && CRM_Core_Permission::check('edit my contact'))
2b8d25f0 145 ) {
146 return TRUE;
147 }
6a488035
TO		 148
149 # FIXME: push this somewhere below, to not give this permission so many rights
150 $isDeleted = (bool) CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $id, 'is_deleted');
151 if (CRM_Core_Permission::check('access deleted contacts') && $isDeleted) {
152 return TRUE;
153 }
154
155 // short circuit for admin rights here so we avoid unneeeded queries
156 // some duplication of code, but we skip 3-5 queries
157 if (CRM_Core_Permission::check('edit all contacts') ||
158 ($type == CRM_ACL_API::VIEW && CRM_Core_Permission::check('view all contacts'))
159 ) {
160 return TRUE;
161 }
162
9a41e168 163 // check permission based on relationship, CRM-2963
f871c3a9 164 if (self::relationshipList(array($id), $type)) {
6a488035
TO		 165 return TRUE;
166 }
167
8210399a 168 // We should probably do a cheap check whether it's in the cache first.
9a41e168 169 // check permission based on ACL
170 $tables = array();
171 $whereTables = array();
6a488035 172
8d0a0fd0 173 $permission = CRM_ACL_API::whereClause($type, $tables, $whereTables, NULL, FALSE, FALSE, TRUE);
6a488035
TO		 174 $from = CRM_Contact_BAO_Query::fromClause($whereTables);
175
176 $query = "
680a52de 177SELECT contact_a.id
6a488035 178 $from
680a52de 179WHERE contact_a.id = %1 AND $permission
180 LIMIT 1
181";
6a488035 182
680a52de 183 if (CRM_Core_DAO::singleValueQuery($query, array(1 => array($id, 'Integer')))) {
184 return TRUE;
185 }
5f652ac7 186 return FALSE;
6a488035
TO		 187 }
188
189 /**
fe482240 190 * Fill the acl contact cache for this contact id if empty.
6a488035 191 *
c490a46a 192 * @param int $userID
dd244018 193 * @param int|string $type the type of operation (view|edit)
77c5b619
TO		 194 * @param bool $force
195 * Should we force a recompute.
6a488035 196 */
00be9182 197 public static function cache($userID, $type = CRM_Core_Permission::VIEW, $force = FALSE) {
340be2e7 198 // FIXME: maybe find a better way of keeping track of this. @eileen pointed out
199 // that somebody might flush the cache away from under our feet,
5af77f03 200 // but the alternative would be a SQL call every time this is called,
340be2e7 201 // and a complete rebuild if the result was an empty set...
04adc5f0 202 if (!isset(Civi::$statics[__CLASS__]['processed'])) {
203 Civi::$statics[__CLASS__]['processed'] = [
204 CRM_Core_Permission::VIEW => [],
205 CRM_Core_Permission::EDIT => [],
206 ];
207 }
6a488035 208
c0e87307 209 if ($type == CRM_Core_Permission::VIEW) {
6a488035
TO		 210 $operationClause = " operation IN ( 'Edit', 'View' ) ";
211 $operation = 'View';
212 }
213 else {
214 $operationClause = " operation = 'Edit' ";
215 $operation = 'Edit';
216 }
9aea8e14 217 $queryParams = array(1 => array($userID, 'Integer'));
6a488035
TO		 218
219 if (!$force) {
c0e87307 220 // skip if already calculated
04adc5f0 221 if (!empty(Civi::$statics[__CLASS__]['processed'][$type][$userID])) {
6a488035
TO		 222 return;
223 }
224
225 // run a query to see if the cache is filled
226 $sql = "
21ca2cb6 227SELECT count(*)
6a488035
TO		 228FROM civicrm_acl_contact_cache
229WHERE user_id = %1
230AND $operationClause
231";
9aea8e14 232 $count = CRM_Core_DAO::singleValueQuery($sql, $queryParams);
6a488035 233 if ($count > 0) {
04adc5f0 234 Civi::$statics[__CLASS__]['processed'][$type][$userID] = 1;
6a488035
TO		 235 return;
236 }
237 }
238
239 $tables = array();
240 $whereTables = array();
241
9aea8e14 242 $permission = CRM_ACL_API::whereClause($type, $tables, $whereTables, $userID, FALSE, FALSE, TRUE);
6a488035
TO		 243
244 $from = CRM_Contact_BAO_Query::fromClause($whereTables);
6a488035
TO		 245 CRM_Core_DAO::executeQuery("
246INSERT INTO civicrm_acl_contact_cache ( user_id, contact_id, operation )
0f765440 247SELECT DISTINCT $userID as user_id, contact_a.id as contact_id, '{$operation}' as operation
6a488035 248 $from
0f765440 249 LEFT JOIN civicrm_acl_contact_cache ac ON ac.user_id = $userID AND ac.contact_id = contact_a.id AND ac.operation = '{$operation}'
6a488035 250WHERE $permission
0f765440 251AND ac.user_id IS NULL
252");
9aea8e14 253
254 // Add in a row for the logged in contact. Do not try to combine with the above query or an ugly OR will appear in
255 // the permission clause.
256 if (CRM_Core_Permission::check('edit my contact') ||
257 ($type == CRM_Core_Permission::VIEW && CRM_Core_Permission::check('view my contact'))) {
d0f057f4
EM		 258 if (!CRM_Core_DAO::singleValueQuery("
259 SELECT count(*) FROM civicrm_acl_contact_cache WHERE user_id = %1 AND contact_id = %1 AND operation = '{$operation}' LIMIT 1", $queryParams)) {
251cca6a 260 CRM_Core_DAO::executeQuery("INSERT INTO civicrm_acl_contact_cache ( user_id, contact_id, operation ) VALUES(%1, %1, '{$operation}')", $queryParams);
9aea8e14 261 }
262 }
04adc5f0 263 Civi::$statics[__CLASS__]['processed'][$type][$userID] = 1;
6a488035
TO		 264 }
265
86538308
EM		 266 /**
267 * @param string $contactAlias
86538308
EM		 268 *
269 * @return array
270 */
188fd46b 271 public static function cacheClause($contactAlias = 'contact_a') {
6a488035
TO		 272 if (CRM_Core_Permission::check('view all contacts') ||
273 CRM_Core_Permission::check('edit all contacts')
274 ) {
275 if (is_array($contactAlias)) {
276 $wheres = array();
277 foreach ($contactAlias as $alias) {
278 // CRM-6181
279 $wheres[] = "$alias.is_deleted = 0";
280 }
281 return array(NULL, '(' . implode(' AND ', $wheres) . ')');
282 }
283 else {
284 // CRM-6181
285 return array(NULL, "$contactAlias.is_deleted = 0");
286 }
287 }
288
188fd46b 289 $contactID = (int) CRM_Core_Session::getLoggedInContactID();
6a488035
TO		 290 self::cache($contactID);
291
292 if (is_array($contactAlias) && !empty($contactAlias)) {
293 //More than one contact alias
294 $clauses = array();
295 foreach ($contactAlias as $k => $alias) {
296 $clauses[] = " INNER JOIN civicrm_acl_contact_cache aclContactCache_{$k} ON {$alias}.id = aclContactCache_{$k}.contact_id AND aclContactCache_{$k}.user_id = $contactID ";
297 }
298
299 $fromClause = implode(" ", $clauses);
300 $whereClase = NULL;
301 }
302 else {
303 $fromClause = " INNER JOIN civicrm_acl_contact_cache aclContactCache ON {$contactAlias}.id = aclContactCache.contact_id ";
b49db103 304 $whereClase = " aclContactCache.user_id = $contactID AND $contactAlias.is_deleted = 0";
6a488035
TO		 305 }
306
307 return array($fromClause, $whereClase);
308 }
309
188fd46b 310 /**
5af77f03 311 * Generate acl subquery that can be placed in the WHERE clause of a query or the ON clause of a JOIN.
312 *
313 * This is specifically for VIEW operations.
188fd46b 314 *
0b80f0b4 315 * @return string|null
188fd46b 316 */
b53bcc5d 317 public static function cacheSubquery() {
188fd46b
CW		 318 if (!CRM_Core_Permission::check(array(array('view all contacts', 'edit all contacts')))) {
319 $contactID = (int) CRM_Core_Session::getLoggedInContactID();
320 self::cache($contactID);
0b80f0b4 321 return "IN (SELECT contact_id FROM civicrm_acl_contact_cache WHERE user_id = $contactID)";
188fd46b 322 }
0b80f0b4 323 return NULL;
188fd46b
CW		 324 }
325
dddf4bf6 326 /**
327 * Filter a list of contact_ids by the ones that the
328 * currently active user as a permissioned relationship with
329 *
330 * @param array $contact_ids
331 * List of contact IDs to be filtered
332 *
f871c3a9
AS		 333 * @param int $type
334 * access type CRM_Core_Permission::VIEW or CRM_Core_Permission::EDIT
335 *
dddf4bf6 336 * @return array
337 * List of contact IDs that the user has permissions for
338 */
f871c3a9 339 public static function relationshipList($contact_ids, $type) {
dddf4bf6 340 $result_set = array();
e4541c56 341
dddf4bf6 342 // no processing empty lists (avoid SQL errors as well)
343 if (empty($contact_ids)) {
67df1408 344 return array();
dddf4bf6 345 }
346
347 // get the currently logged in user
340be2e7 348 $contactID = CRM_Core_Session::getLoggedInContactID();
dddf4bf6 349 if (empty($contactID)) {
67df1408 350 return array();
dddf4bf6 351 }
352
353 // compile a list of queries (later to UNION)
354 $queries = array();
355 $contact_id_list = implode(',', $contact_ids);
356
2f5aa3cd 357 // add a select statement for each direction
dddf4bf6 358 $directions = array(array('from' => 'a', 'to' => 'b'), array('from' => 'b', 'to' => 'a'));
67df1408 359
f871c3a9 360 // CRM_Core_Permission::VIEW is satisfied by either CRM_Contact_BAO_Relationship::VIEW or CRM_Contact_BAO_Relationship::EDIT
da2c7679
AS		 361 if ($type == CRM_Core_Permission::VIEW) {
362 $is_perm_condition = ' IN ( ' . CRM_Contact_BAO_Relationship::EDIT . ' , ' . CRM_Contact_BAO_Relationship::VIEW . ' ) ';
363 }
364 else {
365 $is_perm_condition = ' = ' . CRM_Contact_BAO_Relationship::EDIT;
366 }
f871c3a9 367
67df1408 368 // NORMAL/SINGLE DEGREE RELATIONSHIPS
dddf4bf6 369 foreach ($directions as $direction) {
370 $user_id_column = "contact_id_{$direction['from']}";
371 $contact_id_column = "contact_id_{$direction['to']}";
372
373 // add clause for deleted contacts, if the user doesn't have the permission to access them
67df1408 374 $LEFT_JOIN_DELETED = $AND_CAN_ACCESS_DELETED = '';
dddf4bf6 375 if (!CRM_Core_Permission::check('access deleted contacts')) {
67df1408 376 $LEFT_JOIN_DELETED = "LEFT JOIN civicrm_contact ON civicrm_contact.id = {$contact_id_column} ";
e4541c56 377 $AND_CAN_ACCESS_DELETED = "AND civicrm_contact.is_deleted = 0";
dddf4bf6 378 }
379
380 $queries[] = "
340be2e7 381SELECT civicrm_relationship.{$contact_id_column} AS contact_id
9aea8e14 382 FROM civicrm_relationship
dddf4bf6 383 {$LEFT_JOIN_DELETED}
384 WHERE civicrm_relationship.{$user_id_column} = {$contactID}
385 AND civicrm_relationship.{$contact_id_column} IN ({$contact_id_list})
386 AND civicrm_relationship.is_active = 1
f871c3a9 387 AND civicrm_relationship.is_permission_{$direction['from']}_{$direction['to']} {$is_perm_condition}
dddf4bf6 388 $AND_CAN_ACCESS_DELETED";
e4541c56 389 }
dddf4bf6 390
340be2e7 391 // FIXME: secondDegRelPermissions should be a setting
392 $config = CRM_Core_Config::singleton();
dddf4bf6 393 if ($config->secondDegRelPermissions) {
340be2e7 394 foreach ($directions as $first_direction) {
395 foreach ($directions as $second_direction) {
396 // add clause for deleted contacts, if the user doesn't have the permission to access them
397 $LEFT_JOIN_DELETED = $AND_CAN_ACCESS_DELETED = '';
398 if (!CRM_Core_Permission::check('access deleted contacts')) {
399 $LEFT_JOIN_DELETED = "LEFT JOIN civicrm_contact first_degree_contact ON first_degree_contact.id = second_degree_relationship.contact_id_{$second_direction['from']}\n";
400 $LEFT_JOIN_DELETED .= "LEFT JOIN civicrm_contact second_degree_contact ON second_degree_contact.id = second_degree_relationship.contact_id_{$second_direction['to']} ";
401 $AND_CAN_ACCESS_DELETED = "AND first_degree_contact.is_deleted = 0\n";
402 $AND_CAN_ACCESS_DELETED .= "AND second_degree_contact.is_deleted = 0 ";
dddf4bf6 403 }
340be2e7 404
405 $queries[] = "
406SELECT second_degree_relationship.contact_id_{$second_direction['to']} AS contact_id
407 FROM civicrm_relationship first_degree_relationship
2f5aa3cd 408 LEFT JOIN civicrm_relationship second_degree_relationship ON first_degree_relationship.contact_id_{$first_direction['to']} = second_degree_relationship.contact_id_{$second_direction['from']}
340be2e7 409 {$LEFT_JOIN_DELETED}
410 WHERE first_degree_relationship.contact_id_{$first_direction['from']} = {$contactID}
411 AND second_degree_relationship.contact_id_{$second_direction['to']} IN ({$contact_id_list})
412 AND first_degree_relationship.is_active = 1
f871c3a9 413 AND first_degree_relationship.is_permission_{$first_direction['from']}_{$first_direction['to']} {$is_perm_condition}
340be2e7 414 AND second_degree_relationship.is_active = 1
f871c3a9 415 AND second_degree_relationship.is_permission_{$second_direction['from']}_{$second_direction['to']} {$is_perm_condition}
340be2e7 416 $AND_CAN_ACCESS_DELETED";
dddf4bf6 417 }
418 }
419 }
420
421 // finally UNION the queries and call
340be2e7 422 $query = "(" . implode(")\nUNION DISTINCT (", $queries) . ")";
dddf4bf6 423 $result = CRM_Core_DAO::executeQuery($query);
424 while ($result->fetch()) {
67df1408 425 $result_set[(int) $result->contact_id] = TRUE;
dddf4bf6 426 }
67df1408 427 return array_keys($result_set);
dddf4bf6 428 }
429
430
86538308 431 /**
100fef9d 432 * @param int $contactID
c490a46a 433 * @param CRM_Core_Form $form
86538308
EM		 434 * @param bool $redirect
435 *
436 * @return bool
437 */
00be9182 438 public static function validateOnlyChecksum($contactID, &$form, $redirect = TRUE) {
6a488035
TO		 439 // check if this is of the format cs=XXX
440 if (!CRM_Contact_BAO_Contact_Utils::validChecksum($contactID,
353ffa53
TO		 441 CRM_Utils_Request::retrieve('cs', 'String', $form, FALSE)
442 )
443 ) {
6a488035
TO		 444 if ($redirect) {
445 // also set a message in the UF framework
446 $message = ts('You do not have permission to edit this contact record. Contact the site administrator if you need assistance.');
447 CRM_Utils_System::setUFMessage($message);
448
449 $config = CRM_Core_Config::singleton();
450 CRM_Core_Error::statusBounce($message,
451 $config->userFrameworkBaseURL
452 );
453 // does not come here, we redirect in the above statement
454 }
455 return FALSE;
456 }
457
a9a1ea2c 458 // set appropriate AUTH source
e8f14831 459 self::initChecksumAuthSrc(TRUE, $form);
a9a1ea2c 460
6a488035
TO		 461 // so here the contact is posing as $contactID, lets set the logging contact ID variable
462 // CRM-8965
463 CRM_Core_DAO::executeQuery('SET @civicrm_user_id = %1',
464 array(1 => array($contactID, 'Integer'))
465 );
77b97be7 466
6a488035
TO		 467 return TRUE;
468 }
469
86538308
EM		 470 /**
471 * @param bool $checkSumValidationResult
472 * @param null $form
473 */
00be9182 474 public static function initChecksumAuthSrc($checkSumValidationResult = FALSE, $form = NULL) {
a9a1ea2c 475 $session = CRM_Core_Session::singleton();
e8f14831 476 if ($checkSumValidationResult && $form && CRM_Utils_Request::retrieve('cs', 'String', $form, FALSE)) {
a9a1ea2c
DS		 477 // if result is already validated, and url has cs, set the flag.
478 $session->set('authSrc', CRM_Core_Permission::AUTH_SRC_CHECKSUM);
0db6c3e1 479 }
4c9b6178 480 elseif (($session->get('authSrc') & CRM_Core_Permission::AUTH_SRC_CHECKSUM) == CRM_Core_Permission::AUTH_SRC_CHECKSUM) {
77b97be7 481 // if checksum wasn't present in REQUEST OR checksum result validated as FALSE,
a9a1ea2c
DS		 482 // and flag was already set exactly as AUTH_SRC_CHECKSUM, unset it.
483 $session->set('authSrc', CRM_Core_Permission::AUTH_SRC_UNKNOWN);
484 }
485 }
486
86538308 487 /**
100fef9d 488 * @param int $contactID
c490a46a 489 * @param CRM_Core_Form $form
86538308
EM		 490 * @param bool $redirect
491 *
492 * @return bool
493 */
00be9182 494 public static function validateChecksumContact($contactID, &$form, $redirect = TRUE) {
6a488035
TO		 495 if (!self::allow($contactID, CRM_Core_Permission::EDIT)) {
496 // check if this is of the format cs=XXX
497 return self::validateOnlyChecksum($contactID, $form, $redirect);
498 }
499 return TRUE;
500 }
96025800 501
6a488035 502}