Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
6a488035 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
6a488035 | 9 | +--------------------------------------------------------------------+ |
d25dd0ee | 10 | */ |
6a488035 TO |
11 | |
12 | /** | |
13 | * | |
14 | * Given an argument list, invoke the appropriate CRM function | |
15 | * Serves as a wrapper between the UserFrameWork and Core CRM | |
16 | * | |
17 | * @package CRM | |
ca5cec67 | 18 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
6a488035 TO |
19 | */ |
20 | class CRM_Core_Invoke { | |
21 | ||
22 | /** | |
be7dea3f TO |
23 | * This is the main front-controller that integrates with the CMS. Any |
24 | * page-request that is sent to the CMS and intended for CiviCRM should | |
25 | * be processed by invoke(). | |
6a488035 | 26 | * |
be7dea3f TO |
27 | * @param array $args |
28 | * The parts of the URL which identify the intended CiviCRM page | |
29 | * (e.g. array('civicrm', 'event', 'register')). | |
30 | * @return string | |
31 | * HTML. For non-HTML content, invoke() may call print() and exit(). | |
6a488035 | 32 | * |
6a488035 | 33 | */ |
00be9182 | 34 | public static function invoke($args) { |
6a488035 TO |
35 | try { |
36 | return self::_invoke($args); | |
dcc4f6a7 | 37 | } |
dcc4f6a7 | 38 | catch (Exception $e) { |
be7dea3f | 39 | CRM_Core_Error::handleUnhandledException($e); |
6a488035 TO |
40 | } |
41 | } | |
42 | ||
a0ee3941 | 43 | /** |
be7dea3f TO |
44 | * This is the same as invoke(), but it does *not* include exception |
45 | * handling. | |
46 | * | |
47 | * @param array $args | |
48 | * The parts of the URL which identify the intended CiviCRM page | |
49 | * (e.g. array('civicrm', 'event', 'register')). | |
50 | * @return string | |
51 | * HTML. For non-HTML content, invoke() may call print() and exit(). | |
a0ee3941 | 52 | */ |
be7dea3f | 53 | public static function _invoke($args) { |
6a488035 | 54 | if ($args[0] !== 'civicrm') { |
408b79bf | 55 | return NULL; |
6a488035 | 56 | } |
1ebbf8bf NG |
57 | // CRM-15901: Turn off PHP errors display for all ajax calls |
58 | if (CRM_Utils_Array::value(1, $args) == 'ajax' || CRM_Utils_Array::value('snippet', $_REQUEST)) { | |
59 | ini_set('display_errors', 0); | |
60 | } | |
6a488035 TO |
61 | |
62 | if (!defined('CIVICRM_SYMFONY_PATH')) { | |
be7dea3f | 63 | // Traditional Civi invocation path |
518fa0ee SL |
64 | // may exit |
65 | self::hackMenuRebuild($args); | |
be7dea3f | 66 | self::init($args); |
be7dea3f TO |
67 | $item = self::getItem($args); |
68 | return self::runItem($item); | |
0db6c3e1 TO |
69 | } |
70 | else { | |
6a488035 TO |
71 | // Symfony-based invocation path |
72 | require_once CIVICRM_SYMFONY_PATH . '/app/bootstrap.php.cache'; | |
73 | require_once CIVICRM_SYMFONY_PATH . '/app/AppKernel.php'; | |
4eeb9a5b | 74 | $kernel = new AppKernel('dev', TRUE); |
6a488035 TO |
75 | $kernel->loadClassCache(); |
76 | $response = $kernel->handle(Symfony\Component\HttpFoundation\Request::createFromGlobals()); | |
c24c4679 TO |
77 | if (preg_match(':^text/html:', $response->headers->get('Content-Type'))) { |
78 | // let the CMS handle the trappings | |
79 | return $response->getContent(); | |
0db6c3e1 TO |
80 | } |
81 | else { | |
c24c4679 TO |
82 | $response->send(); |
83 | exit(); | |
84 | } | |
6a488035 TO |
85 | } |
86 | } | |
353ffa53 | 87 | |
6a488035 TO |
88 | /** |
89 | * Hackish support /civicrm/menu/rebuild | |
90 | * | |
6a0b768e TO |
91 | * @param array $args |
92 | * List of path parts. | |
6a488035 TO |
93 | * @void |
94 | */ | |
518fa0ee | 95 | public static function hackMenuRebuild($args) { |
be2fb01f | 96 | if (['civicrm', 'menu', 'rebuild'] == $args || ['civicrm', 'clearcache'] == $args) { |
6a488035 TO |
97 | // ensure that the user has a good privilege level |
98 | if (CRM_Core_Permission::check('administer CiviCRM')) { | |
99 | self::rebuildMenuAndCaches(); | |
100 | CRM_Core_Session::setStatus(ts('Cleared all CiviCRM caches (database, menu, templates)'), ts('Complete'), 'success'); | |
518fa0ee SL |
101 | // exits |
102 | return CRM_Utils_System::redirect(); | |
6a488035 TO |
103 | } |
104 | else { | |
105 | CRM_Core_Error::fatal('You do not have permission to execute this url'); | |
106 | } | |
107 | } | |
108 | } | |
109 | ||
110 | /** | |
d09edf64 | 111 | * Perform general setup. |
6a488035 | 112 | * |
6a0b768e TO |
113 | * @param array $args |
114 | * List of path parts. | |
6a488035 TO |
115 | * @void |
116 | */ | |
518fa0ee | 117 | public static function init($args) { |
6a488035 TO |
118 | // first fire up IDS and check for bad stuff |
119 | $config = CRM_Core_Config::singleton(); | |
6a488035 TO |
120 | |
121 | // also initialize the i18n framework | |
122 | require_once 'CRM/Core/I18n.php'; | |
123 | $i18n = CRM_Core_I18n::singleton(); | |
124 | } | |
125 | ||
6a488035 TO |
126 | /** |
127 | * Determine which menu $item corresponds to $args | |
128 | * | |
6a0b768e TO |
129 | * @param array $args |
130 | * List of path parts. | |
6a488035 TO |
131 | * @return array; see CRM_Core_Menu |
132 | */ | |
518fa0ee | 133 | public static function getItem($args) { |
6a488035 TO |
134 | if (is_array($args)) { |
135 | // get the menu items | |
136 | $path = implode('/', $args); | |
0db6c3e1 TO |
137 | } |
138 | else { | |
6a488035 TO |
139 | $path = $args; |
140 | } | |
141 | $item = CRM_Core_Menu::get($path); | |
142 | ||
143 | // we should try to compute menus, if item is empty and stay on the same page, | |
144 | // rather than compute and redirect to dashboard. | |
145 | if (!$item) { | |
146 | CRM_Core_Menu::store(FALSE); | |
147 | $item = CRM_Core_Menu::get($path); | |
148 | } | |
149 | ||
150 | return $item; | |
151 | } | |
152 | ||
2d38c687 PF |
153 | /** |
154 | * Register an alternative phar:// stream wrapper to filter out insecure Phars | |
155 | * | |
156 | * PHP makes it possible to trigger Object Injection vulnerabilities by using | |
157 | * a side-effect of the phar:// stream wrapper that unserializes Phar | |
158 | * metadata. To mitigate this vulnerability, projects such as TYPO3 and Drupal | |
159 | * have implemented an alternative Phar stream wrapper that disallows | |
160 | * inclusion of phar files based on certain parameters. | |
161 | * | |
162 | * This code attempts to register the TYPO3 Phar stream wrapper using the | |
163 | * interceptor defined in \Civi\Core\Security\PharExtensionInterceptor. In an | |
164 | * environment where the stream wrapper was already registered via | |
165 | * \TYPO3\PharStreamWrapper\Manager (i.e. Drupal), this code does not do | |
166 | * anything. In other environments (e.g. WordPress, at the time of this | |
167 | * writing), the TYPO3 library is used to register the interceptor to mitigate | |
168 | * the vulnerability. | |
169 | */ | |
170 | private static function registerPharHandler() { | |
171 | try { | |
172 | // try to get the existing stream wrapper, registered e.g. by Drupal | |
173 | \TYPO3\PharStreamWrapper\Manager::instance(); | |
174 | } | |
175 | catch (\LogicException $e) { | |
176 | if ($e->getCode() === 1535189872) { | |
177 | // no phar stream wrapper was registered by \TYPO3\PharStreamWrapper\Manager. | |
178 | // This means we're probably not on Drupal and need to register our own. | |
179 | \TYPO3\PharStreamWrapper\Manager::initialize( | |
180 | (new \TYPO3\PharStreamWrapper\Behavior()) | |
181 | ->withAssertion(new \Civi\Core\Security\PharExtensionInterceptor()) | |
182 | ); | |
183 | if (in_array('phar', stream_get_wrappers())) { | |
184 | stream_wrapper_unregister('phar'); | |
185 | stream_wrapper_register('phar', \TYPO3\PharStreamWrapper\PharStreamWrapper::class); | |
186 | } | |
187 | } else { | |
188 | // this is not an exception we can handle | |
189 | throw $e; | |
190 | } | |
191 | } | |
192 | } | |
193 | ||
6a488035 TO |
194 | /** |
195 | * Given a menu item, call the appropriate controller and return the response | |
196 | * | |
6a0b768e TO |
197 | * @param array $item |
198 | * See CRM_Core_Menu. | |
6a488035 TO |
199 | * @return string, HTML |
200 | */ | |
518fa0ee | 201 | public static function runItem($item) { |
76adcecc TO |
202 | $ids = new CRM_Core_IDS(); |
203 | $ids->check($item); | |
204 | ||
2d38c687 PF |
205 | self::registerPharHandler(); |
206 | ||
6a488035 TO |
207 | $config = CRM_Core_Config::singleton(); |
208 | if ($config->userFramework == 'Joomla' && $item) { | |
209 | $config->userFrameworkURLVar = 'task'; | |
210 | ||
211 | // joomla 1.5RC1 seems to push this in the POST variable, which messes | |
212 | // QF and checkboxes | |
213 | unset($_POST['option']); | |
214 | CRM_Core_Joomla::sidebarLeft(); | |
215 | } | |
216 | ||
217 | // set active Component | |
218 | $template = CRM_Core_Smarty::singleton(); | |
219 | $template->assign('activeComponent', 'CiviCRM'); | |
220 | $template->assign('formTpl', 'default'); | |
221 | ||
222 | if ($item) { | |
6a488035 TO |
223 | |
224 | if (!array_key_exists('page_callback', $item)) { | |
225 | CRM_Core_Error::debug('Bad item', $item); | |
226 | CRM_Core_Error::fatal(ts('Bad menu record in database')); | |
227 | } | |
228 | ||
229 | // check that we are permissioned to access this page | |
230 | if (!CRM_Core_Permission::checkMenuItem($item)) { | |
231 | CRM_Utils_System::permissionDenied(); | |
408b79bf | 232 | return NULL; |
6a488035 TO |
233 | } |
234 | ||
235 | // check if ssl is set | |
a7488080 | 236 | if (!empty($item['is_ssl'])) { |
6a488035 TO |
237 | CRM_Utils_System::redirectToSSL(); |
238 | } | |
239 | ||
240 | if (isset($item['title'])) { | |
241 | CRM_Utils_System::setTitle($item['title']); | |
242 | } | |
243 | ||
244 | if (isset($item['breadcrumb']) && !isset($item['is_public'])) { | |
245 | CRM_Utils_System::appendBreadCrumb($item['breadcrumb']); | |
246 | } | |
247 | ||
248 | $pageArgs = NULL; | |
a7488080 | 249 | if (!empty($item['page_arguments'])) { |
6a488035 TO |
250 | $pageArgs = CRM_Core_Menu::getArrayForPathArgs($item['page_arguments']); |
251 | } | |
252 | ||
253 | $template = CRM_Core_Smarty::singleton(); | |
254 | if (!empty($item['is_public'])) { | |
255 | $template->assign('urlIsPublic', TRUE); | |
256 | } | |
257 | else { | |
258 | $template->assign('urlIsPublic', FALSE); | |
06576a03 | 259 | self::statusCheck($template); |
6a488035 TO |
260 | } |
261 | ||
262 | if (isset($item['return_url'])) { | |
263 | $session = CRM_Core_Session::singleton(); | |
264 | $args = CRM_Utils_Array::value( | |
265 | 'return_url_args', | |
266 | $item, | |
267 | 'reset=1' | |
268 | ); | |
269 | $session->pushUserContext(CRM_Utils_System::url($item['return_url'], $args)); | |
270 | } | |
271 | ||
272 | $result = NULL; | |
c8074a93 TO |
273 | // WISHLIST: Refactor this. Instead of pattern-matching on page_callback, lookup |
274 | // page_callback via Civi\Core\Resolver and check the implemented interfaces. This | |
275 | // would require rethinking the default constructor. | |
276 | if (is_array($item['page_callback']) || strpos($item['page_callback'], ':')) { | |
277 | $result = call_user_func(Civi\Core\Resolver::singleton()->get($item['page_callback'])); | |
6a488035 TO |
278 | } |
279 | elseif (strstr($item['page_callback'], '_Form')) { | |
280 | $wrapper = new CRM_Utils_Wrapper(); | |
281 | $result = $wrapper->run( | |
282 | CRM_Utils_Array::value('page_callback', $item), | |
283 | CRM_Utils_Array::value('title', $item), | |
2e1f50d6 | 284 | $pageArgs ?? NULL |
6a488035 TO |
285 | ); |
286 | } | |
287 | else { | |
288 | $newArgs = explode('/', $_GET[$config->userFrameworkURLVar]); | |
6a488035 TO |
289 | $mode = 'null'; |
290 | if (isset($pageArgs['mode'])) { | |
291 | $mode = $pageArgs['mode']; | |
292 | unset($pageArgs['mode']); | |
293 | } | |
9c1bc317 | 294 | $title = $item['title'] ?? NULL; |
99218b4b | 295 | if (strstr($item['page_callback'], '_Page') || strstr($item['page_callback'], '\\Page\\')) { |
408b79bf | 296 | $object = new $item['page_callback']($title, $mode); |
6c2473d5 | 297 | $object->urlPath = explode('/', $_GET[$config->userFrameworkURLVar]); |
6a488035 | 298 | } |
99218b4b | 299 | elseif (strstr($item['page_callback'], '_Controller') || strstr($item['page_callback'], '\\Controller\\')) { |
6a488035 TO |
300 | $addSequence = 'false'; |
301 | if (isset($pageArgs['addSequence'])) { | |
302 | $addSequence = $pageArgs['addSequence']; | |
303 | $addSequence = $addSequence ? 'true' : 'false'; | |
304 | unset($pageArgs['addSequence']); | |
305 | } | |
408b79bf | 306 | $object = new $item['page_callback']($title, TRUE, $mode, NULL, $addSequence); |
6a488035 TO |
307 | } |
308 | else { | |
309 | CRM_Core_Error::fatal(); | |
310 | } | |
311 | $result = $object->run($newArgs, $pageArgs); | |
312 | } | |
313 | ||
314 | CRM_Core_Session::storeSessionObjects(); | |
315 | return $result; | |
316 | } | |
317 | ||
318 | CRM_Core_Menu::store(); | |
319 | CRM_Core_Session::setStatus(ts('Menu has been rebuilt'), ts('Complete'), 'success'); | |
320 | return CRM_Utils_System::redirect(); | |
321 | } | |
322 | ||
323 | /** | |
d09edf64 | 324 | * This function contains the default action. |
6a488035 TO |
325 | * |
326 | * @param $action | |
327 | * | |
77b97be7 EM |
328 | * @param $contact_type |
329 | * @param $contact_sub_type | |
330 | * | |
6a488035 | 331 | */ |
00be9182 | 332 | public static function form($action, $contact_type, $contact_sub_type) { |
be2fb01f | 333 | CRM_Utils_System::setUserContext(['civicrm/contact/search/basic', 'civicrm/contact/view']); |
6a488035 TO |
334 | $wrapper = new CRM_Utils_Wrapper(); |
335 | ||
336 | $properties = CRM_Core_Component::contactSubTypeProperties($contact_sub_type, 'Edit'); | |
337 | if ($properties) { | |
be2fb01f | 338 | $wrapper->run($properties['class'], ts('New %1', [1 => $contact_sub_type]), $action, TRUE); |
6a488035 TO |
339 | } |
340 | else { | |
341 | $wrapper->run('CRM_Contact_Form_Contact', ts('New Contact'), $action, TRUE); | |
342 | } | |
343 | } | |
344 | ||
6a488035 | 345 | /** |
f55dd135 | 346 | * Show status in the footer (admin only) |
6a488035 | 347 | * |
fa8dc18c | 348 | * @param CRM_Core_Smarty $template |
6a488035 | 349 | */ |
097c681e | 350 | public static function statusCheck($template) { |
f55dd135 | 351 | if (CRM_Core_Config::isUpgradeMode() || !CRM_Core_Permission::check('administer CiviCRM')) { |
097c681e AH |
352 | return; |
353 | } | |
f55dd135 | 354 | // always use cached results - they will be refreshed by the session timer |
b1fc1ab0 | 355 | $status = Civi::cache('checks')->get('systemStatusCheckResult'); |
f55dd135 | 356 | $template->assign('footer_status_severity', $status); |
f608a24a | 357 | $template->assign('footer_status_message', CRM_Utils_Check::toStatusLabel($status)); |
097c681e | 358 | } |
6a488035 | 359 | |
a0ee3941 EM |
360 | /** |
361 | * @param bool $triggerRebuild | |
362 | * @param bool $sessionReset | |
363 | * | |
364 | * @throws Exception | |
365 | */ | |
00be9182 | 366 | public static function rebuildMenuAndCaches($triggerRebuild = FALSE, $sessionReset = FALSE) { |
6a488035 TO |
367 | $config = CRM_Core_Config::singleton(); |
368 | $config->clearModuleList(); | |
369 | ||
ae2cab23 TO |
370 | // also cleanup all caches |
371 | $config->cleanupCaches($sessionReset || CRM_Utils_Request::retrieve('sessionReset', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET')); | |
372 | ||
6a488035 TO |
373 | CRM_Core_Menu::store(); |
374 | ||
375 | // also reset navigation | |
376 | CRM_Core_BAO_Navigation::resetNavigation(); | |
377 | ||
6a488035 TO |
378 | // also cleanup module permissions |
379 | $config->cleanupPermissions(); | |
380 | ||
9762f6ff CW |
381 | // rebuild word replacement cache - pass false to prevent operations redundant with this fn |
382 | CRM_Core_BAO_WordReplacement::rebuild(FALSE); | |
76dca235 | 383 | |
76bd16ab | 384 | Civi::service('settings_manager')->flush(); |
9762f6ff | 385 | // Clear js caches |
4cc9b813 | 386 | CRM_Core_Resources::singleton()->flushStrings()->resetCacheCode(); |
ab89fdde | 387 | CRM_Case_XMLRepository::singleton(TRUE); |
1fcf16cc | 388 | |
6a488035 TO |
389 | // also rebuild triggers if requested explicitly |
390 | if ( | |
391 | $triggerRebuild || | |
392 | CRM_Utils_Request::retrieve('triggerRebuild', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET') | |
393 | ) { | |
394 | CRM_Core_DAO::triggerRebuild(); | |
395 | } | |
95a90cba | 396 | CRM_Core_DAO_AllCoreTables::reinitializeCache(TRUE); |
6a488035 TO |
397 | CRM_Core_ManagedEntities::singleton(TRUE)->reconcile(); |
398 | } | |
96025800 | 399 | |
6a488035 | 400 | } |