[civicrm-core.git] / CRM / Core / BAO / CustomQuery.php

<?php
/*
 +--------------------------------------------------------------------+
 | CiviCRM version 5                                                  |
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC (c) 2004-2019                                |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License and the CiviCRM Licensing Exception along                  |
 | with this program; if not, contact CiviCRM LLC                     |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
 */

/**
 *
 *
 * @package CRM
 * @copyright CiviCRM LLC (c) 2004-2019
 */
class CRM_Core_BAO_CustomQuery {
  const PREFIX = 'custom_value_';

  /**
   * The set of custom field ids.
   *
   * @var array
   */
  protected $_ids;

  /**
   * The select clause.
   *
   * @var array
   */
  public $_select;

  /**
   * The name of the elements that are in the select clause.
   * used to extract the values
   *
   * @var array
   */
  public $_element;

  /**
   * The tables involved in the query.
   *
   * @var array
   */
  public $_tables;
  public $_whereTables;

  /**
   * The where clause.
   *
   * @var array
   */
  public $_where;

  /**
   * The english language version of the query.
   *
   * @var array
   */
  public $_qill;

  /**
   * No longer needed due to CRM-17646 refactoring, but still used in some places
   *
   * @var array
   * @deprecated
   */
  public $_options;

  /**
   * The custom fields information.
   *
   * @var array
   */
  public $_fields;

  /**
   * @return array
   */
  public function getFields() {
    return $this->_fields;
  }

  /**
   * Searching for contacts?
   *
   * @var bool
   */
  protected $_contactSearch;

  protected $_locationSpecificCustomFields;

  /**
   * This stores custom data group types and tables that it extends.
   *
   * @var array
   */
  public static $extendsMap = [
    'Contact' => 'civicrm_contact',
    'Individual' => 'civicrm_contact',
    'Household' => 'civicrm_contact',
    'Organization' => 'civicrm_contact',
    'Contribution' => 'civicrm_contribution',
    'ContributionRecur' => 'civicrm_contribution_recur',
    'Membership' => 'civicrm_membership',
    'Participant' => 'civicrm_participant',
    'Group' => 'civicrm_group',
    'Relationship' => 'civicrm_relationship',
    'Event' => 'civicrm_event',
    'Case' => 'civicrm_case',
    'Activity' => 'civicrm_activity',
    'Pledge' => 'civicrm_pledge',
    'Grant' => 'civicrm_grant',
    'Address' => 'civicrm_address',
    'Campaign' => 'civicrm_campaign',
    'Survey' => 'civicrm_survey',
  ];

  /**
   * Class constructor.
   *
   * Takes in a set of custom field ids andsets up the data structures to
   * generate a query
   *
   * @param array $ids
   *   The set of custom field ids.
   *
   * @param bool $contactSearch
   * @param array $locationSpecificFields
   */
  public function __construct($ids, $contactSearch = FALSE, $locationSpecificFields = []) {
    $this->_ids = &$ids;
    $this->_locationSpecificCustomFields = $locationSpecificFields;

    $this->_select = [];
    $this->_element = [];
    $this->_tables = [];
    $this->_whereTables = [];
    $this->_where = [];
    $this->_qill = [];
    $this->_options = [];

    $this->_contactSearch = $contactSearch;
    $this->_fields = CRM_Core_BAO_CustomField::getFields('ANY', FALSE, FALSE, NULL, NULL, FALSE, FALSE, FALSE);

    if (empty($this->_ids)) {
      return;
    }

    // initialize the field array
    $tmpArray = array_keys($this->_ids);
    $idString = implode(',', $tmpArray);
    $query = "
SELECT f.id, f.label, f.data_type,
       f.html_type, f.is_search_range,
       f.option_group_id, f.custom_group_id,
       f.column_name, g.table_name,
       f.date_format,f.time_format
  FROM civicrm_custom_field f,
       civicrm_custom_group g
 WHERE f.custom_group_id = g.id
   AND g.is_active = 1
   AND f.is_active = 1
   AND f.id IN ( $idString )";

    $dao = CRM_Core_DAO::executeQuery($query);
    while ($dao->fetch()) {
      // Deprecated (and poorly named) cache of field attributes
      $this->_options[$dao->id] = [
        'attributes' => [
          'label' => $dao->label,
          'data_type' => $dao->data_type,
          'html_type' => $dao->html_type,
        ],
      ];

      $options = CRM_Core_PseudoConstant::get('CRM_Core_BAO_CustomField', 'custom_' . $dao->id, [], 'search');
      if ($options) {
        $this->_options[$dao->id] += $options;
      }

      if ($dao->html_type == 'Select Date') {
        $this->_options[$dao->id]['attributes']['date_format'] = $dao->date_format;
        $this->_options[$dao->id]['attributes']['time_format'] = $dao->time_format;
      }
    }
  }

  /**
   * Generate the select clause and the associated tables.
   */
  public function select() {
    if (empty($this->_fields)) {
      return;
    }

    foreach (array_keys($this->_ids) as $id) {
      $field = $this->_fields[$id];
      $name = $field['table_name'];
      $fieldName = 'custom_' . $field['id'];
      $this->_select["{$name}_id"] = "{$name}.id as {$name}_id";
      $this->_element["{$name}_id"] = 1;
      $this->_select[$fieldName] = "{$field['table_name']}.{$field['column_name']} as $fieldName";
      $this->_element[$fieldName] = 1;
      $joinTable = $field['search_table'];
      // CRM-14265
      if ($joinTable == 'civicrm_group' || empty($joinTable)) {
        return;
      }

      $this->joinCustomTableForField($field);

      if ($joinTable) {
        $joinClause = 1;
        $joinTableAlias = $joinTable;
        // Set location-specific query
        if (isset($this->_locationSpecificCustomFields[$id])) {
          list($locationType, $locationTypeId) = $this->_locationSpecificCustomFields[$id];
          $joinTableAlias = "$locationType-address";
          $joinClause = "\nLEFT JOIN $joinTable `$locationType-address` ON (`$locationType-address`.contact_id = contact_a.id AND `$locationType-address`.location_type_id = $locationTypeId)";
        }
        $this->_tables[$name] = "\nLEFT JOIN $name ON $name.entity_id = `$joinTableAlias`.id";
        if (!empty($this->_ids[$id])) {
          $this->_whereTables[$name] = $this->_tables[$name];
        }
        if ($joinTable != 'contact_a') {
          $this->_whereTables[$joinTableAlias] = $this->_tables[$joinTableAlias] = $joinClause;
        }
        elseif ($this->_contactSearch) {
          CRM_Contact_BAO_Query::$_openedPanes[ts('Custom Fields')] = TRUE;
        }
      }
    }
  }

  /**
   * Generate the where clause and also the english language equivalent.
   */
  public function where() {
    foreach ($this->_ids as $id => $values) {

      // Fixed for Issue CRM 607
      if (CRM_Utils_Array::value($id, $this->_fields) === NULL ||
        !$values
      ) {
        continue;
      }

      foreach ($values as $tuple) {
        list($name, $op, $value, $grouping, $wildcard) = $tuple;

        $field = $this->_fields[$id];

        $fieldName = "{$field['table_name']}.{$field['column_name']}";

        $isSerialized = CRM_Core_BAO_CustomField::isSerialized($field);

        // fix $value here to escape sql injection attacks
        $qillValue = NULL;
        if (!is_array($value)) {
          $value = CRM_Core_DAO::escapeString(trim($value));
          $qillValue = CRM_Core_BAO_CustomField::displayValue($value, $id);
        }
        elseif (count($value) && in_array(key($value), CRM_Core_DAO::acceptedSQLOperators(), TRUE)) {
          $op = key($value);
          $qillValue = strstr($op, 'NULL') ? NULL : CRM_Core_BAO_CustomField::displayValue($value[$op], $id);
        }
        else {
          $op = strstr($op, 'IN') ? $op : 'IN';
          $qillValue = CRM_Core_BAO_CustomField::displayValue($value, $id);
        }

        $qillOp = CRM_Utils_Array::value($op, CRM_Core_SelectValues::getSearchBuilderOperators(), $op);

        // Ensure the table is joined in (eg if in where but not select).
        $this->joinCustomTableForField($field);
        switch ($field['data_type']) {
          case 'String':
          case 'StateProvince':
          case 'Country':

            if ($field['is_search_range'] && is_array($value)) {
              //didn't found any field under any of these three data-types as searchable by range
            }
            else {
              // fix $value here to escape sql injection attacks
              if (!is_array($value)) {
                if ($field['data_type'] == 'String') {
                  $value = CRM_Utils_Type::escape($value, 'String');
                }
                elseif ($value) {
                  $value = CRM_Utils_Type::escape($value, 'Integer');
                }
                $value = str_replace(['[', ']', ','], ['\[', '\]', '[:comma:]'], $value);
                $value = str_replace('|', '[:separator:]', $value);
              }
              elseif ($isSerialized) {
                if (in_array(key($value), CRM_Core_DAO::acceptedSQLOperators(), TRUE)) {
                  $op = key($value);
                  $value = $value[$op];
                }
                // CRM-19006: escape characters like comma, | before building regex pattern
                $value = (array) $value;
                foreach ($value as $key => $val) {
                  $value[$key] = str_replace(['[', ']', ','], ['\[', '\]', '[:comma:]'], $val);
                  $value[$key] = str_replace('|', '[:separator:]', $value[$key]);
                  if ($field['data_type'] == 'String') {
                    $value[$key] = CRM_Utils_Type::escape($value[$key], 'String');
                  }
                  elseif ($value) {
                    $value[$key] = CRM_Utils_Type::escape($value[$key], 'Integer');
                  }
                }
                $value = implode(',', $value);
              }

              // CRM-14563,CRM-16575 : Special handling of multi-select custom fields
              if ($isSerialized && !CRM_Utils_System::isNull($value) && !strstr($op, 'NULL') && !strstr($op, 'LIKE')) {
                $sp = CRM_Core_DAO::VALUE_SEPARATOR;
                $value = str_replace(",", "$sp|$sp", $value);
                $value = str_replace(['[:comma:]', '(', ')'], [',', '[(]', '[)]'], $value);

                $op = (strstr($op, '!') || strstr($op, 'NOT')) ? 'NOT RLIKE' : 'RLIKE';
                $value = $sp . $value . $sp;
                if (!$wildcard) {
                  foreach (explode("|", $value) as $val) {
                    $val = str_replace('[:separator:]', '\|', $val);
                    $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $val, 'String');
                  }
                }
                else {
                  $value = str_replace('[:separator:]', '\|', $value);
                  $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'String');
                }
              }
              else {
                //FIX for custom data query fired against no value(NULL/NOT NULL)
                $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'String');
              }
              $this->_qill[$grouping][] = $field['label'] . " $qillOp $qillValue";
            }
            break;

          case 'ContactReference':
            $label = $value ? CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $value, 'sort_name') : '';
            $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'String');
            $this->_qill[$grouping][] = $field['label'] . " $qillOp $label";
            break;

          case 'Int':
            $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'Integer');
            $this->_qill[$grouping][] = ts("%1 %2 %3", [1 => $field['label'], 2 => $qillOp, 3 => $qillValue]);;
            break;

          case 'Boolean':
            if (!is_array($value)) {
              if (strtolower($value) == 'yes' || strtolower($value) == strtolower(ts('Yes'))) {
                $value = 1;
              }
              else {
                $value = (int) $value;
              }
              $value = ($value == 1) ? 1 : 0;
              $qillValue = $value ? 'Yes' : 'No';
            }
            $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'Integer');
            $this->_qill[$grouping][] = ts("%1 %2 %3", [1 => $field['label'], 2 => $qillOp, 3 => $qillValue]);
            break;

          case 'Link':
          case 'Memo':
            $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'String');
            $this->_qill[$grouping][] = ts("%1 %2 %3", [1 => $field['label'], 2 => $qillOp, 3 => $qillValue]);
            break;

          case 'Money':
            $value = CRM_Utils_Array::value($op, (array) $value, $value);
            if (is_array($value)) {
              foreach ($value as $key => $val) {
                // @todo - this clean money should be in the form layer - it's highly likely to be doing more harm than good here
                // Note the only place I can find that this code is reached by is searching a custom money field in advanced search.
                // with euro style comma separators this doesn't work - with or without this cleanMoney.
                // So this should be removed but is not increasing the brokeness IMHO
                $value[$op][$key] = CRM_Utils_Rule::cleanMoney($value[$key]);
              }
            }
            else {
              // @todo - this clean money should be in the form layer - it's highly likely to be doing more harm than good here
              // comments per above apply. cleanMoney
              $value = CRM_Utils_Rule::cleanMoney($value);
            }

          case 'Float':
            $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'Float');
            $this->_qill[$grouping][] = ts("%1 %2 %3", [1 => $field['label'], 2 => $qillOp, 3 => $qillValue]);
            break;

          case 'Date':
            if (substr($name, -9, 9) !== '_relative') {
              // Relative dates are handled in the buildRelativeDateQuery function.
              $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'Date');
              list($qillOp, $qillVal) = CRM_Contact_BAO_Query::buildQillForFieldValue(NULL, $field['label'], $value, $op, [], CRM_Utils_Type::T_DATE);
              $this->_qill[$grouping][] = "{$field['label']} $qillOp '$qillVal'";
            }
            break;

          case 'File':
            if ($op == 'IS NULL' || $op == 'IS NOT NULL' || $op == 'IS EMPTY' || $op == 'IS NOT EMPTY') {
              switch ($op) {
                case 'IS EMPTY':
                  $op = 'IS NULL';
                  break;

                case 'IS NOT EMPTY':
                  $op = 'IS NOT NULL';
                  break;
              }
              $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op);
              $this->_qill[$grouping][] = $field['label'] . " {$qillOp} ";
            }
            break;
        }
      }
    }
  }

  /**
   * Function that does the actual query generation.
   * basically ties all the above functions together
   *
   * @return array
   *   array of strings
   */
  public function query() {
    $this->select();

    $this->where();

    $whereStr = NULL;
    if (!empty($this->_where)) {
      $clauses = [];
      foreach ($this->_where as $grouping => $values) {
        if (!empty($values)) {
          $clauses[] = ' ( ' . implode(' AND ', $values) . ' ) ';
        }
      }
      if (!empty($clauses)) {
        $whereStr = ' ( ' . implode(' OR ', $clauses) . ' ) ';
      }
    }

    return [
      implode(' , ', $this->_select),
      implode(' ', $this->_tables),
      $whereStr,
    ];
  }

  /**
   * Join the custom table for the field in (if not already in the query).
   *
   * @param array $field
   */
  protected function joinCustomTableForField($field) {
    $name = $field['table_name'];
    $join = "\nLEFT JOIN $name ON $name.entity_id = {$field['search_table']}.id";
    $this->_tables[$name] = $this->_tables[$name] ?? $join;
    $this->_whereTables[$name] = $this->_whereTables[$name] ?? $join;
  }

}
Commit	Line	Data
6a488035	1	<?php
6a488035 TO	2	/*
6a488035 TO	3	+--------------------------------------------------------------------+
fee14197	4	\| CiviCRM version 5 \|
6a488035	5	+--------------------------------------------------------------------+
6b83d5bd	6	\| Copyright CiviCRM LLC (c) 2004-2019 \|
6a488035 TO	7	+--------------------------------------------------------------------+
	8	\| This file is a part of CiviCRM. \|
	9	\| \|
	10	\| CiviCRM is free software; you can copy, modify, and distribute it \|
	11	\| under the terms of the GNU Affero General Public License \|
	12	\| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. \|
	13	\| \|
	14	\| CiviCRM is distributed in the hope that it will be useful, but \|
	15	\| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	16	\| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \|
	17	\| See the GNU Affero General Public License for more details. \|
	18	\| \|
	19	\| You should have received a copy of the GNU Affero General Public \|
	20	\| License and the CiviCRM Licensing Exception along \|
	21	\| with this program; if not, contact CiviCRM LLC \|
	22	\| at info[AT]civicrm[DOT]org. If you have questions about the \|
	23	\| GNU Affero General Public License or the licensing of CiviCRM, \|
	24	\| see the CiviCRM license FAQ at http://civicrm.org/licensing \|
	25	+--------------------------------------------------------------------+
d25dd0ee	26	*/
6a488035 TO	27
	28	/**
	29	*
	30	*
	31	* @package CRM
6b83d5bd	32	* @copyright CiviCRM LLC (c) 2004-2019
6a488035 TO	33	*/
6a488035 TO	34	class CRM_Core_BAO_CustomQuery {
7da04cde	35	const PREFIX = 'custom_value_';
6a488035 TO	36
6a488035 TO	37	/**
d2e5d2ce	38	* The set of custom field ids.
6a488035 TO	39	*
	40	* @var array
	41	*/
	42	protected $_ids;
	43
	44	/**
d2e5d2ce	45	* The select clause.
6a488035 TO	46	*
	47	* @var array
	48	*/
	49	public $_select;
	50
	51	/**
d2e5d2ce	52	* The name of the elements that are in the select clause.
6a488035 TO	53	* used to extract the values
	54	*
	55	* @var array
	56	*/
	57	public $_element;
	58
	59	/**
d2e5d2ce	60	* The tables involved in the query.
6a488035 TO	61	*
	62	* @var array
	63	*/
	64	public $_tables;
	65	public $_whereTables;
	66
	67	/**
d2e5d2ce	68	* The where clause.
6a488035 TO	69	*
	70	* @var array
	71	*/
	72	public $_where;
	73
	74	/**
d2e5d2ce	75	* The english language version of the query.
6a488035 TO	76	*
	77	* @var array
	78	*/
	79	public $_qill;
	80
	81	/**
b4fb2d23	82	* No longer needed due to CRM-17646 refactoring, but still used in some places
6a488035 TO	83	*
6a488035 TO	84	* @var array
518fa0ee	85	* @deprecated
6a488035 TO	86	*/
	87	public $_options;
	88
	89	/**
d2e5d2ce	90	* The custom fields information.
6a488035 TO	91	*
	92	* @var array
	93	*/
	94	public $_fields;
	95
acd6c6ab	96	/**
	97	* @return array
	98	*/
	99	public function getFields() {
	100	return $this->_fields;
	101	}
	102
6a488035 TO	103	/**
	104	* Searching for contacts?
	105	*
d51c6add	106	* @var bool
6a488035 TO	107	*/
	108	protected $_contactSearch;
	109
247ad911	110	protected $_locationSpecificCustomFields;
442df34b	111
6a488035	112	/**
d2e5d2ce	113	* This stores custom data group types and tables that it extends.
6a488035 TO	114	*
6a488035 TO	115	* @var array
6a488035	116	*/
518fa0ee	117	public static $extendsMap = [
6a488035 TO	118	'Contact' => 'civicrm_contact',
	119	'Individual' => 'civicrm_contact',
	120	'Household' => 'civicrm_contact',
	121	'Organization' => 'civicrm_contact',
	122	'Contribution' => 'civicrm_contribution',
95974e8e	123	'ContributionRecur' => 'civicrm_contribution_recur',
6a488035 TO	124	'Membership' => 'civicrm_membership',
	125	'Participant' => 'civicrm_participant',
	126	'Group' => 'civicrm_group',
	127	'Relationship' => 'civicrm_relationship',
	128	'Event' => 'civicrm_event',
	129	'Case' => 'civicrm_case',
	130	'Activity' => 'civicrm_activity',
	131	'Pledge' => 'civicrm_pledge',
	132	'Grant' => 'civicrm_grant',
	133	'Address' => 'civicrm_address',
5b37ca7b EM	134	'Campaign' => 'civicrm_campaign',
5b37ca7b EM	135	'Survey' => 'civicrm_survey',
be2fb01f	136	];
6a488035 TO	137
6a488035 TO	138	/**
d2e5d2ce	139	* Class constructor.
6a488035 TO	140	*
	141	* Takes in a set of custom field ids andsets up the data structures to
	142	* generate a query
	143	*
6a0b768e TO	144	* @param array $ids
6a0b768e TO	145	* The set of custom field ids.
fd31fa4c EM	146	*
	147	* @param bool $contactSearch
	148	* @param array $locationSpecificFields
442df34b	149	*/
be2fb01f	150	public function __construct($ids, $contactSearch = FALSE, $locationSpecificFields = []) {
6a488035	151	$this->_ids = &$ids;
247ad911	152	$this->_locationSpecificCustomFields = $locationSpecificFields;
6a488035	153
be2fb01f CW	154	$this->_select = [];
	155	$this->_element = [];
	156	$this->_tables = [];
	157	$this->_whereTables = [];
	158	$this->_where = [];
	159	$this->_qill = [];
	160	$this->_options = [];
6a488035	161
6a488035	162	$this->_contactSearch = $contactSearch;
1f61a7b1	163	$this->_fields = CRM_Core_BAO_CustomField::getFields('ANY', FALSE, FALSE, NULL, NULL, FALSE, FALSE, FALSE);
6a488035 TO	164
	165	if (empty($this->_ids)) {
	166	return;
	167	}
	168
	169	// initialize the field array
	170	$tmpArray = array_keys($this->_ids);
	171	$idString = implode(',', $tmpArray);
353ffa53	172	$query = "
6a488035 TO	173	SELECT f.id, f.label, f.data_type,
	174	f.html_type, f.is_search_range,
	175	f.option_group_id, f.custom_group_id,
	176	f.column_name, g.table_name,
	177	f.date_format,f.time_format
	178	FROM civicrm_custom_field f,
	179	civicrm_custom_group g
	180	WHERE f.custom_group_id = g.id
	181	AND g.is_active = 1
	182	AND f.is_active = 1
	183	AND f.id IN ( $idString )";
	184
	185	$dao = CRM_Core_DAO::executeQuery($query);
	186	while ($dao->fetch()) {
b4fb2d23	187	// Deprecated (and poorly named) cache of field attributes
be2fb01f CW	188	$this->_options[$dao->id] = [
be2fb01f CW	189	'attributes' => [
b4fb2d23 CW	190	'label' => $dao->label,
	191	'data_type' => $dao->data_type,
	192	'html_type' => $dao->html_type,
be2fb01f CW	193	],
be2fb01f CW	194	];
75cda526	195
be2fb01f	196	$options = CRM_Core_PseudoConstant::get('CRM_Core_BAO_CustomField', 'custom_' . $dao->id, [], 'search');
75cda526 CW	197	if ($options) {
	198	$this->_options[$dao->id] += $options;
	199	}
6a488035	200
b4fb2d23	201	if ($dao->html_type == 'Select Date') {
6a488035 TO	202	$this->_options[$dao->id]['attributes']['date_format'] = $dao->date_format;
	203	$this->_options[$dao->id]['attributes']['time_format'] = $dao->time_format;
	204	}
6a488035 TO	205	}
	206	}
	207
	208	/**
d2e5d2ce	209	* Generate the select clause and the associated tables.
6a488035	210	*/
00be9182	211	public function select() {
6a488035 TO	212	if (empty($this->_fields)) {
	213	return;
	214	}
	215
697aad03	216	foreach (array_keys($this->_ids) as $id) {
697aad03	217	$field = $this->_fields[$id];
6a488035 TO	218	$name = $field['table_name'];
	219	$fieldName = 'custom_' . $field['id'];
	220	$this->_select["{$name}_id"] = "{$name}.id as {$name}_id";
	221	$this->_element["{$name}_id"] = 1;
	222	$this->_select[$fieldName] = "{$field['table_name']}.{$field['column_name']} as $fieldName";
	223	$this->_element[$fieldName] = 1;
1f61a7b1	224	$joinTable = $field['search_table'];
dcf0d348	225	// CRM-14265
1f61a7b1	226	if ($joinTable == 'civicrm_group' \|\| empty($joinTable)) {
dcf0d348	227	return;
6a488035	228	}
dcf0d348	229
7f175707	230	$this->joinCustomTableForField($field);
6a488035 TO	231
6a488035 TO	232	if ($joinTable) {
442df34b CW	233	$joinClause = 1;
	234	$joinTableAlias = $joinTable;
	235	// Set location-specific query
247ad911	236	if (isset($this->_locationSpecificCustomFields[$id])) {
247ad911	237	list($locationType, $locationTypeId) = $this->_locationSpecificCustomFields[$id];
442df34b CW	238	$joinTableAlias = "$locationType-address";
	239	$joinClause = "\nLEFT JOIN $joinTable `$locationType-address` ON (`$locationType-address`.contact_id = contact_a.id AND `$locationType-address`.location_type_id = $locationTypeId)";
	240	}
	241	$this->_tables[$name] = "\nLEFT JOIN $name ON $name.entity_id = `$joinTableAlias`.id";
1f61a7b1	242	if (!empty($this->_ids[$id])) {
6a488035 TO	243	$this->_whereTables[$name] = $this->_tables[$name];
	244	}
	245	if ($joinTable != 'contact_a') {
442df34b	246	$this->_whereTables[$joinTableAlias] = $this->_tables[$joinTableAlias] = $joinClause;
6a488035 TO	247	}
	248	elseif ($this->_contactSearch) {
	249	CRM_Contact_BAO_Query::$_openedPanes[ts('Custom Fields')] = TRUE;
	250	}
	251	}
	252	}
	253	}
	254
	255	/**
192d36c5	256	* Generate the where clause and also the english language equivalent.
6a488035	257	*/
00be9182	258	public function where() {
6a488035 TO	259	foreach ($this->_ids as $id => $values) {
6a488035 TO	260
192d36c5	261	// Fixed for Issue CRM 607
6a488035 TO	262	if (CRM_Utils_Array::value($id, $this->_fields) === NULL \|\|
	263	!$values
	264	) {
	265	continue;
	266	}
	267
6a488035 TO	268	foreach ($values as $tuple) {
	269	list($name, $op, $value, $grouping, $wildcard) = $tuple;
	270
6a488035	271	$field = $this->_fields[$id];
6a488035	272
3130209f CW	273	$fieldName = "{$field['table_name']}.{$field['column_name']}";
3130209f CW	274
05c5cbc8	275	$isSerialized = CRM_Core_BAO_CustomField::isSerialized($field);
05c5cbc8	276
3130209f	277	// fix $value here to escape sql injection attacks
7ecb613a	278	$qillValue = NULL;
9f388466 CW	279	if (!is_array($value)) {
9f388466 CW	280	$value = CRM_Core_DAO::escapeString(trim($value));
8cee0c70	281	$qillValue = CRM_Core_BAO_CustomField::displayValue($value, $id);
7ecb613a	282	}
	283	elseif (count($value) && in_array(key($value), CRM_Core_DAO::acceptedSQLOperators(), TRUE)) {
	284	$op = key($value);
8cee0c70	285	$qillValue = strstr($op, 'NULL') ? NULL : CRM_Core_BAO_CustomField::displayValue($value[$op], $id);
9f388466	286	}
c94d39fd	287	else {
ec28b24d	288	$op = strstr($op, 'IN') ? $op : 'IN';
8cee0c70	289	$qillValue = CRM_Core_BAO_CustomField::displayValue($value, $id);
c94d39fd	290	}
3130209f	291
2c261619	292	$qillOp = CRM_Utils_Array::value($op, CRM_Core_SelectValues::getSearchBuilderOperators(), $op);
3130209f	293
7f175707	294	// Ensure the table is joined in (eg if in where but not select).
7f175707	295	$this->joinCustomTableForField($field);
6a488035 TO	296	switch ($field['data_type']) {
6a488035 TO	297	case 'String':
16b6d3d4	298	case 'StateProvince':
16b6d3d4	299	case 'Country':
3130209f CW	300
3130209f CW	301	if ($field['is_search_range'] && is_array($value)) {
4c2fe77b	302	//didn't found any field under any of these three data-types as searchable by range
6a488035 TO	303	}
6a488035 TO	304	else {
05c5cbc8	305	// fix $value here to escape sql injection attacks
05c5cbc8	306	if (!is_array($value)) {
16b6d3d4	307	if ($field['data_type'] == 'String') {
d215c0e1	308	$value = CRM_Utils_Type::escape($value, 'String');
16b6d3d4	309	}
bb0300b9	310	elseif ($value) {
16b6d3d4	311	$value = CRM_Utils_Type::escape($value, 'Integer');
16b6d3d4	312	}
be2fb01f	313	$value = str_replace(['[', ']', ','], ['\[', '\]', '[:comma:]'], $value);
2f32a341	314	$value = str_replace('\|', '[:separator:]', $value);
05c5cbc8	315	}
c94d39fd	316	elseif ($isSerialized) {
	317	if (in_array(key($value), CRM_Core_DAO::acceptedSQLOperators(), TRUE)) {
	318	$op = key($value);
	319	$value = $value[$op];
	320	}
7bcee799	321	// CRM-19006: escape characters like comma, \| before building regex pattern
	322	$value = (array) $value;
	323	foreach ($value as $key => $val) {
be2fb01f	324	$value[$key] = str_replace(['[', ']', ','], ['\[', '\]', '[:comma:]'], $val);
894223d8	325	$value[$key] = str_replace('\|', '[:separator:]', $value[$key]);
804f8b8e JM	326	if ($field['data_type'] == 'String') {
	327	$value[$key] = CRM_Utils_Type::escape($value[$key], 'String');
	328	}
	329	elseif ($value) {
	330	$value[$key] = CRM_Utils_Type::escape($value[$key], 'Integer');
	331	}
7bcee799	332	}
7bcee799	333	$value = implode(',', $value);
05c5cbc8	334	}
3130209f	335
2c261619	336	// CRM-14563,CRM-16575 : Special handling of multi-select custom fields
78fe145d	337	if ($isSerialized && !CRM_Utils_System::isNull($value) && !strstr($op, 'NULL') && !strstr($op, 'LIKE')) {
528f09a1	338	$sp = CRM_Core_DAO::VALUE_SEPARATOR;
2f32a341	339	$value = str_replace(",", "$sp\|$sp", $value);
be2fb01f	340	$value = str_replace(['[:comma:]', '(', ')'], [',', '[(]', '[)]'], $value);
2f32a341	341
c94d39fd	342	$op = (strstr($op, '!') \|\| strstr($op, 'NOT')) ? 'NOT RLIKE' : 'RLIKE';
528f09a1	343	$value = $sp . $value . $sp;
c94d39fd	344	if (!$wildcard) {
528f09a1	345	foreach (explode("\|", $value) as $val) {
e5ccf3d9	346	$val = str_replace('[:separator:]', '\\|', $val);
528f09a1	347	$this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $val, 'String');
	348	}
	349	}
	350	else {
e5ccf3d9	351	$value = str_replace('[:separator:]', '\\|', $value);
528f09a1	352	$this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'String');
2c261619	353	}
6a488035	354	}
528f09a1	355	else {
	356	//FIX for custom data query fired against no value(NULL/NOT NULL)
	357	$this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'String');
	358	}
b4fb2d23	359	$this->_qill[$grouping][] = $field['label'] . " $qillOp $qillValue";
6a488035	360	}
3130209f	361	break;
6a488035 TO	362
	363	case 'ContactReference':
	364	$label = $value ? CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $value, 'sort_name') : '';
	365	$this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'String');
2c261619	366	$this->_qill[$grouping][] = $field['label'] . " $qillOp $label";
3130209f	367	break;
6a488035 TO	368
6a488035 TO	369	case 'Int':
4c2fe77b	370	$this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'Integer');
be2fb01f	371	$this->_qill[$grouping][] = ts("%1 %2 %3", [1 => $field['label'], 2 => $qillOp, 3 => $qillValue]);;
3130209f	372	break;
6a488035 TO	373
6a488035 TO	374	case 'Boolean':
16b6d3d4	375	if (!is_array($value)) {
	376	if (strtolower($value) == 'yes' \|\| strtolower($value) == strtolower(ts('Yes'))) {
	377	$value = 1;
	378	}
	379	else {
	380	$value = (int) $value;
	381	}
	382	$value = ($value == 1) ? 1 : 0;
	383	$qillValue = $value ? 'Yes' : 'No';
6a488035	384	}
6a488035	385	$this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'Integer');
be2fb01f	386	$this->_qill[$grouping][] = ts("%1 %2 %3", [1 => $field['label'], 2 => $qillOp, 3 => $qillValue]);
3130209f	387	break;
6a488035 TO	388
6a488035 TO	389	case 'Link':
16b6d3d4	390	case 'Memo':
6a488035	391	$this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'String');
be2fb01f	392	$this->_qill[$grouping][] = ts("%1 %2 %3", [1 => $field['label'], 2 => $qillOp, 3 => $qillValue]);
3130209f	393	break;
6a488035 TO	394
6a488035 TO	395	case 'Money':
ec28b24d	396	$value = CRM_Utils_Array::value($op, (array) $value, $value);
16b6d3d4	397	if (is_array($value)) {
6a488035	398	foreach ($value as $key => $val) {
e45c5e68	399	// @todo - this clean money should be in the form layer - it's highly likely to be doing more harm than good here
	400	// Note the only place I can find that this code is reached by is searching a custom money field in advanced search.
	401	// with euro style comma separators this doesn't work - with or without this cleanMoney.
	402	// So this should be removed but is not increasing the brokeness IMHO
	403	$value[$op][$key] = CRM_Utils_Rule::cleanMoney($value[$key]);
6a488035	404	}
16b6d3d4	405	}
16b6d3d4	406	else {
e45c5e68	407	// @todo - this clean money should be in the form layer - it's highly likely to be doing more harm than good here
e45c5e68	408	// comments per above apply. cleanMoney
16b6d3d4	409	$value = CRM_Utils_Rule::cleanMoney($value);
	410	}
	411
	412	case 'Float':
4c2fe77b	413	$this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'Float');
be2fb01f	414	$this->_qill[$grouping][] = ts("%1 %2 %3", [1 => $field['label'], 2 => $qillOp, 3 => $qillValue]);
3130209f	415	break;
6a488035	416
6a488035	417	case 'Date':
7f175707	418	if (substr($name, -9, 9) !== '_relative') {
	419	// Relative dates are handled in the buildRelativeDateQuery function.
	420	$this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'Date');
	421	list($qillOp, $qillVal) = CRM_Contact_BAO_Query::buildQillForFieldValue(NULL, $field['label'], $value, $op, [], CRM_Utils_Type::T_DATE);
	422	$this->_qill[$grouping][] = "{$field['label']} $qillOp '$qillVal'";
	423	}
3130209f	424	break;
6a488035	425
6a488035	426	case 'File':
481a74f4	427	if ($op == 'IS NULL' \|\| $op == 'IS NOT NULL' \|\| $op == 'IS EMPTY' \|\| $op == 'IS NOT EMPTY') {
6a488035 TO	428	switch ($op) {
	429	case 'IS EMPTY':
	430	$op = 'IS NULL';
	431	break;
2aa397bc	432
6a488035 TO	433	case 'IS NOT EMPTY':
	434	$op = 'IS NOT NULL';
	435	break;
	436	}
	437	$this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op);
2c261619	438	$this->_qill[$grouping][] = $field['label'] . " {$qillOp} ";
6a488035	439	}
3130209f	440	break;
6a488035 TO	441	}
	442	}
	443	}
	444	}
	445
	446	/**
d2e5d2ce	447	* Function that does the actual query generation.
6a488035 TO	448	* basically ties all the above functions together
6a488035 TO	449	*
a6c01b45 CW	450	* @return array
a6c01b45 CW	451	* array of strings
6a488035	452	*/
00be9182	453	public function query() {
6a488035 TO	454	$this->select();
	455
	456	$this->where();
	457
	458	$whereStr = NULL;
	459	if (!empty($this->_where)) {
be2fb01f	460	$clauses = [];
6a488035 TO	461	foreach ($this->_where as $grouping => $values) {
	462	if (!empty($values)) {
	463	$clauses[] = ' ( ' . implode(' AND ', $values) . ' ) ';
	464	}
	465	}
	466	if (!empty($clauses)) {
	467	$whereStr = ' ( ' . implode(' OR ', $clauses) . ' ) ';
	468	}
	469	}
	470
be2fb01f	471	return [
353ffa53	472	implode(' , ', $this->_select),
6a488035 TO	473	implode(' ', $this->_tables),
6a488035 TO	474	$whereStr,
be2fb01f	475	];
6a488035 TO	476	}
6a488035 TO	477
7f175707	478	/**
	479	* Join the custom table for the field in (if not already in the query).
	480	*
	481	* @param array $field
	482	*/
	483	protected function joinCustomTableForField($field) {
	484	$name = $field['table_name'];
	485	$join = "\nLEFT JOIN $name ON $name.entity_id = {$field['search_table']}.id";
	486	$this->_tables[$name] = $this->_tables[$name] ?? $join;
	487	$this->_whereTables[$name] = $this->_whereTables[$name] ?? $join;
	488	}
	489
6a488035	490	}