Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
6a488035 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
6a488035 | 9 | +--------------------------------------------------------------------+ |
d25dd0ee | 10 | */ |
6a488035 TO |
11 | |
12 | /** | |
13 | * | |
14 | * Given an argument list, invoke the appropriate CRM function | |
15 | * Serves as a wrapper between the UserFrameWork and Core CRM | |
16 | * | |
17 | * @package CRM | |
ca5cec67 | 18 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
6a488035 TO |
19 | */ |
20 | class CRM_Core_Invoke { | |
21 | ||
22 | /** | |
be7dea3f TO |
23 | * This is the main front-controller that integrates with the CMS. Any |
24 | * page-request that is sent to the CMS and intended for CiviCRM should | |
25 | * be processed by invoke(). | |
6a488035 | 26 | * |
be7dea3f TO |
27 | * @param array $args |
28 | * The parts of the URL which identify the intended CiviCRM page | |
29 | * (e.g. array('civicrm', 'event', 'register')). | |
30 | * @return string | |
31 | * HTML. For non-HTML content, invoke() may call print() and exit(). | |
6a488035 | 32 | * |
6a488035 | 33 | */ |
00be9182 | 34 | public static function invoke($args) { |
6a488035 TO |
35 | try { |
36 | return self::_invoke($args); | |
dcc4f6a7 | 37 | } |
dcc4f6a7 | 38 | catch (Exception $e) { |
be7dea3f | 39 | CRM_Core_Error::handleUnhandledException($e); |
6a488035 TO |
40 | } |
41 | } | |
42 | ||
a0ee3941 | 43 | /** |
be7dea3f TO |
44 | * This is the same as invoke(), but it does *not* include exception |
45 | * handling. | |
46 | * | |
47 | * @param array $args | |
48 | * The parts of the URL which identify the intended CiviCRM page | |
49 | * (e.g. array('civicrm', 'event', 'register')). | |
50 | * @return string | |
51 | * HTML. For non-HTML content, invoke() may call print() and exit(). | |
a0ee3941 | 52 | */ |
be7dea3f | 53 | public static function _invoke($args) { |
6a488035 | 54 | if ($args[0] !== 'civicrm') { |
408b79bf | 55 | return NULL; |
6a488035 | 56 | } |
1ebbf8bf | 57 | // CRM-15901: Turn off PHP errors display for all ajax calls |
b99f3e96 | 58 | if (CRM_Utils_Array::value(1, $args) == 'ajax' || !empty($_REQUEST['snippet'])) { |
1ebbf8bf NG |
59 | ini_set('display_errors', 0); |
60 | } | |
6a488035 TO |
61 | |
62 | if (!defined('CIVICRM_SYMFONY_PATH')) { | |
be7dea3f | 63 | // Traditional Civi invocation path |
518fa0ee SL |
64 | // may exit |
65 | self::hackMenuRebuild($args); | |
be7dea3f | 66 | self::init($args); |
e09616fd | 67 | Civi::dispatcher()->dispatch('civi.invoke.auth', \Civi\Core\Event\GenericHookEvent::create(['args' => $args])); |
be7dea3f TO |
68 | $item = self::getItem($args); |
69 | return self::runItem($item); | |
0db6c3e1 TO |
70 | } |
71 | else { | |
6a488035 TO |
72 | // Symfony-based invocation path |
73 | require_once CIVICRM_SYMFONY_PATH . '/app/bootstrap.php.cache'; | |
74 | require_once CIVICRM_SYMFONY_PATH . '/app/AppKernel.php'; | |
4eeb9a5b | 75 | $kernel = new AppKernel('dev', TRUE); |
6a488035 TO |
76 | $kernel->loadClassCache(); |
77 | $response = $kernel->handle(Symfony\Component\HttpFoundation\Request::createFromGlobals()); | |
c24c4679 TO |
78 | if (preg_match(':^text/html:', $response->headers->get('Content-Type'))) { |
79 | // let the CMS handle the trappings | |
80 | return $response->getContent(); | |
0db6c3e1 TO |
81 | } |
82 | else { | |
c24c4679 TO |
83 | $response->send(); |
84 | exit(); | |
85 | } | |
6a488035 TO |
86 | } |
87 | } | |
353ffa53 | 88 | |
6a488035 TO |
89 | /** |
90 | * Hackish support /civicrm/menu/rebuild | |
91 | * | |
6a0b768e TO |
92 | * @param array $args |
93 | * List of path parts. | |
6a488035 TO |
94 | * @void |
95 | */ | |
518fa0ee | 96 | public static function hackMenuRebuild($args) { |
be2fb01f | 97 | if (['civicrm', 'menu', 'rebuild'] == $args || ['civicrm', 'clearcache'] == $args) { |
6a488035 TO |
98 | // ensure that the user has a good privilege level |
99 | if (CRM_Core_Permission::check('administer CiviCRM')) { | |
100 | self::rebuildMenuAndCaches(); | |
101 | CRM_Core_Session::setStatus(ts('Cleared all CiviCRM caches (database, menu, templates)'), ts('Complete'), 'success'); | |
518fa0ee SL |
102 | // exits |
103 | return CRM_Utils_System::redirect(); | |
6a488035 TO |
104 | } |
105 | else { | |
507bc932 | 106 | CRM_Core_Error::statusBounce(ts('You do not have permission to execute this url')); |
6a488035 TO |
107 | } |
108 | } | |
109 | } | |
110 | ||
111 | /** | |
d09edf64 | 112 | * Perform general setup. |
6a488035 | 113 | * |
6a0b768e TO |
114 | * @param array $args |
115 | * List of path parts. | |
6a488035 TO |
116 | * @void |
117 | */ | |
518fa0ee | 118 | public static function init($args) { |
6a488035 TO |
119 | // first fire up IDS and check for bad stuff |
120 | $config = CRM_Core_Config::singleton(); | |
6a488035 TO |
121 | |
122 | // also initialize the i18n framework | |
123 | require_once 'CRM/Core/I18n.php'; | |
124 | $i18n = CRM_Core_I18n::singleton(); | |
125 | } | |
126 | ||
6a488035 TO |
127 | /** |
128 | * Determine which menu $item corresponds to $args | |
129 | * | |
6a0b768e TO |
130 | * @param array $args |
131 | * List of path parts. | |
6a488035 TO |
132 | * @return array; see CRM_Core_Menu |
133 | */ | |
518fa0ee | 134 | public static function getItem($args) { |
6a488035 TO |
135 | if (is_array($args)) { |
136 | // get the menu items | |
137 | $path = implode('/', $args); | |
0db6c3e1 TO |
138 | } |
139 | else { | |
6a488035 TO |
140 | $path = $args; |
141 | } | |
142 | $item = CRM_Core_Menu::get($path); | |
143 | ||
144 | // we should try to compute menus, if item is empty and stay on the same page, | |
145 | // rather than compute and redirect to dashboard. | |
146 | if (!$item) { | |
147 | CRM_Core_Menu::store(FALSE); | |
148 | $item = CRM_Core_Menu::get($path); | |
149 | } | |
150 | ||
151 | return $item; | |
152 | } | |
153 | ||
2d38c687 PF |
154 | /** |
155 | * Register an alternative phar:// stream wrapper to filter out insecure Phars | |
156 | * | |
157 | * PHP makes it possible to trigger Object Injection vulnerabilities by using | |
158 | * a side-effect of the phar:// stream wrapper that unserializes Phar | |
159 | * metadata. To mitigate this vulnerability, projects such as TYPO3 and Drupal | |
160 | * have implemented an alternative Phar stream wrapper that disallows | |
161 | * inclusion of phar files based on certain parameters. | |
162 | * | |
163 | * This code attempts to register the TYPO3 Phar stream wrapper using the | |
164 | * interceptor defined in \Civi\Core\Security\PharExtensionInterceptor. In an | |
165 | * environment where the stream wrapper was already registered via | |
166 | * \TYPO3\PharStreamWrapper\Manager (i.e. Drupal), this code does not do | |
167 | * anything. In other environments (e.g. WordPress, at the time of this | |
168 | * writing), the TYPO3 library is used to register the interceptor to mitigate | |
169 | * the vulnerability. | |
170 | */ | |
171 | private static function registerPharHandler() { | |
172 | try { | |
173 | // try to get the existing stream wrapper, registered e.g. by Drupal | |
174 | \TYPO3\PharStreamWrapper\Manager::instance(); | |
175 | } | |
176 | catch (\LogicException $e) { | |
177 | if ($e->getCode() === 1535189872) { | |
178 | // no phar stream wrapper was registered by \TYPO3\PharStreamWrapper\Manager. | |
179 | // This means we're probably not on Drupal and need to register our own. | |
180 | \TYPO3\PharStreamWrapper\Manager::initialize( | |
181 | (new \TYPO3\PharStreamWrapper\Behavior()) | |
182 | ->withAssertion(new \Civi\Core\Security\PharExtensionInterceptor()) | |
183 | ); | |
184 | if (in_array('phar', stream_get_wrappers())) { | |
185 | stream_wrapper_unregister('phar'); | |
186 | stream_wrapper_register('phar', \TYPO3\PharStreamWrapper\PharStreamWrapper::class); | |
187 | } | |
b99f3e96 CW |
188 | } |
189 | else { | |
2d38c687 PF |
190 | // this is not an exception we can handle |
191 | throw $e; | |
192 | } | |
193 | } | |
194 | } | |
195 | ||
6a488035 TO |
196 | /** |
197 | * Given a menu item, call the appropriate controller and return the response | |
198 | * | |
6a0b768e TO |
199 | * @param array $item |
200 | * See CRM_Core_Menu. | |
6a488035 TO |
201 | * @return string, HTML |
202 | */ | |
518fa0ee | 203 | public static function runItem($item) { |
76adcecc TO |
204 | $ids = new CRM_Core_IDS(); |
205 | $ids->check($item); | |
206 | ||
2d38c687 PF |
207 | self::registerPharHandler(); |
208 | ||
6a488035 TO |
209 | $config = CRM_Core_Config::singleton(); |
210 | if ($config->userFramework == 'Joomla' && $item) { | |
211 | $config->userFrameworkURLVar = 'task'; | |
212 | ||
213 | // joomla 1.5RC1 seems to push this in the POST variable, which messes | |
214 | // QF and checkboxes | |
215 | unset($_POST['option']); | |
216 | CRM_Core_Joomla::sidebarLeft(); | |
217 | } | |
218 | ||
219 | // set active Component | |
220 | $template = CRM_Core_Smarty::singleton(); | |
221 | $template->assign('activeComponent', 'CiviCRM'); | |
222 | $template->assign('formTpl', 'default'); | |
c5516062 EM |
223 | // Ensure template variables have 'something' assigned for e-notice |
224 | // prevention. These are ones that are included very often | |
225 | // and not tied to a specific form. | |
226 | // jsortable.tpl (datatables) | |
227 | $template->assign('sourceUrl'); | |
228 | $template->assign('useAjax', 0); | |
6a488035 TO |
229 | |
230 | if ($item) { | |
6a488035 TO |
231 | |
232 | if (!array_key_exists('page_callback', $item)) { | |
233 | CRM_Core_Error::debug('Bad item', $item); | |
b5834543 | 234 | CRM_Core_Error::statusBounce(ts('Bad menu record in database')); |
6a488035 TO |
235 | } |
236 | ||
237 | // check that we are permissioned to access this page | |
238 | if (!CRM_Core_Permission::checkMenuItem($item)) { | |
239 | CRM_Utils_System::permissionDenied(); | |
408b79bf | 240 | return NULL; |
6a488035 TO |
241 | } |
242 | ||
243 | // check if ssl is set | |
a7488080 | 244 | if (!empty($item['is_ssl'])) { |
6a488035 TO |
245 | CRM_Utils_System::redirectToSSL(); |
246 | } | |
247 | ||
248 | if (isset($item['title'])) { | |
249 | CRM_Utils_System::setTitle($item['title']); | |
250 | } | |
251 | ||
252 | if (isset($item['breadcrumb']) && !isset($item['is_public'])) { | |
253 | CRM_Utils_System::appendBreadCrumb($item['breadcrumb']); | |
254 | } | |
255 | ||
256 | $pageArgs = NULL; | |
a7488080 | 257 | if (!empty($item['page_arguments'])) { |
6a488035 TO |
258 | $pageArgs = CRM_Core_Menu::getArrayForPathArgs($item['page_arguments']); |
259 | } | |
260 | ||
261 | $template = CRM_Core_Smarty::singleton(); | |
262 | if (!empty($item['is_public'])) { | |
263 | $template->assign('urlIsPublic', TRUE); | |
264 | } | |
265 | else { | |
266 | $template->assign('urlIsPublic', FALSE); | |
06576a03 | 267 | self::statusCheck($template); |
6a488035 TO |
268 | } |
269 | ||
270 | if (isset($item['return_url'])) { | |
271 | $session = CRM_Core_Session::singleton(); | |
272 | $args = CRM_Utils_Array::value( | |
273 | 'return_url_args', | |
274 | $item, | |
275 | 'reset=1' | |
276 | ); | |
277 | $session->pushUserContext(CRM_Utils_System::url($item['return_url'], $args)); | |
278 | } | |
279 | ||
280 | $result = NULL; | |
c8074a93 TO |
281 | // WISHLIST: Refactor this. Instead of pattern-matching on page_callback, lookup |
282 | // page_callback via Civi\Core\Resolver and check the implemented interfaces. This | |
283 | // would require rethinking the default constructor. | |
284 | if (is_array($item['page_callback']) || strpos($item['page_callback'], ':')) { | |
285 | $result = call_user_func(Civi\Core\Resolver::singleton()->get($item['page_callback'])); | |
6a488035 | 286 | } |
8d179051 | 287 | elseif (strpos($item['page_callback'], '_Form') !== FALSE) { |
6a488035 TO |
288 | $wrapper = new CRM_Utils_Wrapper(); |
289 | $result = $wrapper->run( | |
8d179051 | 290 | $item['page_callback'] ?? NULL, |
291 | $item['title'] ?? NULL, | |
2e1f50d6 | 292 | $pageArgs ?? NULL |
6a488035 TO |
293 | ); |
294 | } | |
295 | else { | |
296 | $newArgs = explode('/', $_GET[$config->userFrameworkURLVar]); | |
6a488035 TO |
297 | $mode = 'null'; |
298 | if (isset($pageArgs['mode'])) { | |
299 | $mode = $pageArgs['mode']; | |
300 | unset($pageArgs['mode']); | |
301 | } | |
9c1bc317 | 302 | $title = $item['title'] ?? NULL; |
99218b4b | 303 | if (strstr($item['page_callback'], '_Page') || strstr($item['page_callback'], '\\Page\\')) { |
408b79bf | 304 | $object = new $item['page_callback']($title, $mode); |
6c2473d5 | 305 | $object->urlPath = explode('/', $_GET[$config->userFrameworkURLVar]); |
6a488035 | 306 | } |
99218b4b | 307 | elseif (strstr($item['page_callback'], '_Controller') || strstr($item['page_callback'], '\\Controller\\')) { |
6a488035 TO |
308 | $addSequence = 'false'; |
309 | if (isset($pageArgs['addSequence'])) { | |
310 | $addSequence = $pageArgs['addSequence']; | |
311 | $addSequence = $addSequence ? 'true' : 'false'; | |
312 | unset($pageArgs['addSequence']); | |
313 | } | |
408b79bf | 314 | $object = new $item['page_callback']($title, TRUE, $mode, NULL, $addSequence); |
6a488035 TO |
315 | } |
316 | else { | |
b5834543 | 317 | throw new CRM_Core_Exception('Execute supplied menu action'); |
6a488035 TO |
318 | } |
319 | $result = $object->run($newArgs, $pageArgs); | |
320 | } | |
321 | ||
322 | CRM_Core_Session::storeSessionObjects(); | |
323 | return $result; | |
324 | } | |
325 | ||
326 | CRM_Core_Menu::store(); | |
327 | CRM_Core_Session::setStatus(ts('Menu has been rebuilt'), ts('Complete'), 'success'); | |
328 | return CRM_Utils_System::redirect(); | |
329 | } | |
330 | ||
331 | /** | |
d09edf64 | 332 | * This function contains the default action. |
6a488035 | 333 | * |
b5f8992a EM |
334 | * Unused function. |
335 | * | |
6a488035 TO |
336 | * @param $action |
337 | * | |
77b97be7 EM |
338 | * @param $contact_type |
339 | * @param $contact_sub_type | |
340 | * | |
b5f8992a | 341 | * @Deprecated |
6a488035 | 342 | */ |
00be9182 | 343 | public static function form($action, $contact_type, $contact_sub_type) { |
b5f8992a | 344 | CRM_Core_Error::deprecatedWarning('unused'); |
be2fb01f | 345 | CRM_Utils_System::setUserContext(['civicrm/contact/search/basic', 'civicrm/contact/view']); |
6a488035 TO |
346 | $wrapper = new CRM_Utils_Wrapper(); |
347 | ||
348 | $properties = CRM_Core_Component::contactSubTypeProperties($contact_sub_type, 'Edit'); | |
349 | if ($properties) { | |
be2fb01f | 350 | $wrapper->run($properties['class'], ts('New %1', [1 => $contact_sub_type]), $action, TRUE); |
6a488035 TO |
351 | } |
352 | else { | |
353 | $wrapper->run('CRM_Contact_Form_Contact', ts('New Contact'), $action, TRUE); | |
354 | } | |
355 | } | |
356 | ||
6a488035 | 357 | /** |
f55dd135 | 358 | * Show status in the footer (admin only) |
6a488035 | 359 | * |
fa8dc18c | 360 | * @param CRM_Core_Smarty $template |
6a488035 | 361 | */ |
097c681e | 362 | public static function statusCheck($template) { |
f55dd135 | 363 | if (CRM_Core_Config::isUpgradeMode() || !CRM_Core_Permission::check('administer CiviCRM')) { |
097c681e AH |
364 | return; |
365 | } | |
f55dd135 | 366 | // always use cached results - they will be refreshed by the session timer |
b1fc1ab0 | 367 | $status = Civi::cache('checks')->get('systemStatusCheckResult'); |
f55dd135 | 368 | $template->assign('footer_status_severity', $status); |
f608a24a | 369 | $template->assign('footer_status_message', CRM_Utils_Check::toStatusLabel($status)); |
097c681e | 370 | } |
6a488035 | 371 | |
a0ee3941 EM |
372 | /** |
373 | * @param bool $triggerRebuild | |
374 | * @param bool $sessionReset | |
375 | * | |
376 | * @throws Exception | |
377 | */ | |
968900f2 | 378 | public static function rebuildMenuAndCaches(bool $triggerRebuild = FALSE, bool $sessionReset = FALSE): void { |
6a488035 TO |
379 | $config = CRM_Core_Config::singleton(); |
380 | $config->clearModuleList(); | |
381 | ||
ae2cab23 TO |
382 | // also cleanup all caches |
383 | $config->cleanupCaches($sessionReset || CRM_Utils_Request::retrieve('sessionReset', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET')); | |
384 | ||
6a488035 TO |
385 | CRM_Core_Menu::store(); |
386 | ||
387 | // also reset navigation | |
388 | CRM_Core_BAO_Navigation::resetNavigation(); | |
389 | ||
6a488035 TO |
390 | // also cleanup module permissions |
391 | $config->cleanupPermissions(); | |
392 | ||
9762f6ff CW |
393 | // rebuild word replacement cache - pass false to prevent operations redundant with this fn |
394 | CRM_Core_BAO_WordReplacement::rebuild(FALSE); | |
76dca235 | 395 | |
76bd16ab | 396 | Civi::service('settings_manager')->flush(); |
9762f6ff | 397 | // Clear js caches |
4cc9b813 | 398 | CRM_Core_Resources::singleton()->flushStrings()->resetCacheCode(); |
ab89fdde | 399 | CRM_Case_XMLRepository::singleton(TRUE); |
1fcf16cc | 400 | |
6a488035 TO |
401 | // also rebuild triggers if requested explicitly |
402 | if ( | |
403 | $triggerRebuild || | |
404 | CRM_Utils_Request::retrieve('triggerRebuild', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET') | |
405 | ) { | |
968900f2 | 406 | Civi::service('sql_triggers')->rebuild(); |
d0bb04e7 MT |
407 | // Rebuild Drupal 8/9/10 route cache only if "triggerRebuild" is set to TRUE as it's |
408 | // computationally very expensive and only needs to be done when routes change on the Civi-side. | |
409 | // For example - when uninstalling an extension. We already set "triggerRebuild" to true for these operations. | |
a11c1084 | 410 | $config->userSystem->invalidateRouteCache(); |
6a488035 | 411 | } |
2a5640be | 412 | |
6a488035 TO |
413 | CRM_Core_ManagedEntities::singleton(TRUE)->reconcile(); |
414 | } | |
96025800 | 415 | |
6a488035 | 416 | } |