Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
6a488035 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
6a488035 | 9 | +--------------------------------------------------------------------+ |
d25dd0ee | 10 | */ |
6a488035 TO |
11 | |
12 | /** | |
13 | * | |
14 | * Given an argument list, invoke the appropriate CRM function | |
15 | * Serves as a wrapper between the UserFrameWork and Core CRM | |
16 | * | |
17 | * @package CRM | |
ca5cec67 | 18 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
6a488035 TO |
19 | */ |
20 | class CRM_Core_Invoke { | |
21 | ||
22 | /** | |
be7dea3f TO |
23 | * This is the main front-controller that integrates with the CMS. Any |
24 | * page-request that is sent to the CMS and intended for CiviCRM should | |
25 | * be processed by invoke(). | |
6a488035 | 26 | * |
be7dea3f TO |
27 | * @param array $args |
28 | * The parts of the URL which identify the intended CiviCRM page | |
29 | * (e.g. array('civicrm', 'event', 'register')). | |
30 | * @return string | |
31 | * HTML. For non-HTML content, invoke() may call print() and exit(). | |
6a488035 | 32 | * |
6a488035 | 33 | */ |
00be9182 | 34 | public static function invoke($args) { |
6a488035 TO |
35 | try { |
36 | return self::_invoke($args); | |
dcc4f6a7 | 37 | } |
dcc4f6a7 | 38 | catch (Exception $e) { |
be7dea3f | 39 | CRM_Core_Error::handleUnhandledException($e); |
6a488035 TO |
40 | } |
41 | } | |
42 | ||
a0ee3941 | 43 | /** |
be7dea3f TO |
44 | * This is the same as invoke(), but it does *not* include exception |
45 | * handling. | |
46 | * | |
47 | * @param array $args | |
48 | * The parts of the URL which identify the intended CiviCRM page | |
49 | * (e.g. array('civicrm', 'event', 'register')). | |
50 | * @return string | |
51 | * HTML. For non-HTML content, invoke() may call print() and exit(). | |
a0ee3941 | 52 | */ |
be7dea3f | 53 | public static function _invoke($args) { |
6a488035 | 54 | if ($args[0] !== 'civicrm') { |
408b79bf | 55 | return NULL; |
6a488035 | 56 | } |
1ebbf8bf | 57 | // CRM-15901: Turn off PHP errors display for all ajax calls |
b99f3e96 | 58 | if (CRM_Utils_Array::value(1, $args) == 'ajax' || !empty($_REQUEST['snippet'])) { |
1ebbf8bf NG |
59 | ini_set('display_errors', 0); |
60 | } | |
6a488035 TO |
61 | |
62 | if (!defined('CIVICRM_SYMFONY_PATH')) { | |
be7dea3f | 63 | // Traditional Civi invocation path |
518fa0ee SL |
64 | // may exit |
65 | self::hackMenuRebuild($args); | |
be7dea3f | 66 | self::init($args); |
e09616fd | 67 | Civi::dispatcher()->dispatch('civi.invoke.auth', \Civi\Core\Event\GenericHookEvent::create(['args' => $args])); |
be7dea3f TO |
68 | $item = self::getItem($args); |
69 | return self::runItem($item); | |
0db6c3e1 TO |
70 | } |
71 | else { | |
6a488035 TO |
72 | // Symfony-based invocation path |
73 | require_once CIVICRM_SYMFONY_PATH . '/app/bootstrap.php.cache'; | |
74 | require_once CIVICRM_SYMFONY_PATH . '/app/AppKernel.php'; | |
4eeb9a5b | 75 | $kernel = new AppKernel('dev', TRUE); |
6a488035 TO |
76 | $kernel->loadClassCache(); |
77 | $response = $kernel->handle(Symfony\Component\HttpFoundation\Request::createFromGlobals()); | |
c24c4679 TO |
78 | if (preg_match(':^text/html:', $response->headers->get('Content-Type'))) { |
79 | // let the CMS handle the trappings | |
80 | return $response->getContent(); | |
0db6c3e1 TO |
81 | } |
82 | else { | |
c24c4679 TO |
83 | $response->send(); |
84 | exit(); | |
85 | } | |
6a488035 TO |
86 | } |
87 | } | |
353ffa53 | 88 | |
6a488035 TO |
89 | /** |
90 | * Hackish support /civicrm/menu/rebuild | |
91 | * | |
6a0b768e TO |
92 | * @param array $args |
93 | * List of path parts. | |
6a488035 TO |
94 | * @void |
95 | */ | |
518fa0ee | 96 | public static function hackMenuRebuild($args) { |
be2fb01f | 97 | if (['civicrm', 'menu', 'rebuild'] == $args || ['civicrm', 'clearcache'] == $args) { |
6a488035 TO |
98 | // ensure that the user has a good privilege level |
99 | if (CRM_Core_Permission::check('administer CiviCRM')) { | |
100 | self::rebuildMenuAndCaches(); | |
101 | CRM_Core_Session::setStatus(ts('Cleared all CiviCRM caches (database, menu, templates)'), ts('Complete'), 'success'); | |
518fa0ee SL |
102 | // exits |
103 | return CRM_Utils_System::redirect(); | |
6a488035 TO |
104 | } |
105 | else { | |
b5834543 | 106 | CRM_Core_Error::statusBounce('You do not have permission to execute this url'); |
6a488035 TO |
107 | } |
108 | } | |
109 | } | |
110 | ||
111 | /** | |
d09edf64 | 112 | * Perform general setup. |
6a488035 | 113 | * |
6a0b768e TO |
114 | * @param array $args |
115 | * List of path parts. | |
6a488035 TO |
116 | * @void |
117 | */ | |
518fa0ee | 118 | public static function init($args) { |
6a488035 TO |
119 | // first fire up IDS and check for bad stuff |
120 | $config = CRM_Core_Config::singleton(); | |
6a488035 TO |
121 | |
122 | // also initialize the i18n framework | |
123 | require_once 'CRM/Core/I18n.php'; | |
124 | $i18n = CRM_Core_I18n::singleton(); | |
125 | } | |
126 | ||
6a488035 TO |
127 | /** |
128 | * Determine which menu $item corresponds to $args | |
129 | * | |
6a0b768e TO |
130 | * @param array $args |
131 | * List of path parts. | |
6a488035 TO |
132 | * @return array; see CRM_Core_Menu |
133 | */ | |
518fa0ee | 134 | public static function getItem($args) { |
6a488035 TO |
135 | if (is_array($args)) { |
136 | // get the menu items | |
137 | $path = implode('/', $args); | |
0db6c3e1 TO |
138 | } |
139 | else { | |
6a488035 TO |
140 | $path = $args; |
141 | } | |
142 | $item = CRM_Core_Menu::get($path); | |
143 | ||
144 | // we should try to compute menus, if item is empty and stay on the same page, | |
145 | // rather than compute and redirect to dashboard. | |
146 | if (!$item) { | |
147 | CRM_Core_Menu::store(FALSE); | |
148 | $item = CRM_Core_Menu::get($path); | |
149 | } | |
150 | ||
151 | return $item; | |
152 | } | |
153 | ||
2d38c687 PF |
154 | /** |
155 | * Register an alternative phar:// stream wrapper to filter out insecure Phars | |
156 | * | |
157 | * PHP makes it possible to trigger Object Injection vulnerabilities by using | |
158 | * a side-effect of the phar:// stream wrapper that unserializes Phar | |
159 | * metadata. To mitigate this vulnerability, projects such as TYPO3 and Drupal | |
160 | * have implemented an alternative Phar stream wrapper that disallows | |
161 | * inclusion of phar files based on certain parameters. | |
162 | * | |
163 | * This code attempts to register the TYPO3 Phar stream wrapper using the | |
164 | * interceptor defined in \Civi\Core\Security\PharExtensionInterceptor. In an | |
165 | * environment where the stream wrapper was already registered via | |
166 | * \TYPO3\PharStreamWrapper\Manager (i.e. Drupal), this code does not do | |
167 | * anything. In other environments (e.g. WordPress, at the time of this | |
168 | * writing), the TYPO3 library is used to register the interceptor to mitigate | |
169 | * the vulnerability. | |
170 | */ | |
171 | private static function registerPharHandler() { | |
172 | try { | |
173 | // try to get the existing stream wrapper, registered e.g. by Drupal | |
174 | \TYPO3\PharStreamWrapper\Manager::instance(); | |
175 | } | |
176 | catch (\LogicException $e) { | |
177 | if ($e->getCode() === 1535189872) { | |
178 | // no phar stream wrapper was registered by \TYPO3\PharStreamWrapper\Manager. | |
179 | // This means we're probably not on Drupal and need to register our own. | |
180 | \TYPO3\PharStreamWrapper\Manager::initialize( | |
181 | (new \TYPO3\PharStreamWrapper\Behavior()) | |
182 | ->withAssertion(new \Civi\Core\Security\PharExtensionInterceptor()) | |
183 | ); | |
184 | if (in_array('phar', stream_get_wrappers())) { | |
185 | stream_wrapper_unregister('phar'); | |
186 | stream_wrapper_register('phar', \TYPO3\PharStreamWrapper\PharStreamWrapper::class); | |
187 | } | |
b99f3e96 CW |
188 | } |
189 | else { | |
2d38c687 PF |
190 | // this is not an exception we can handle |
191 | throw $e; | |
192 | } | |
193 | } | |
194 | } | |
195 | ||
6a488035 TO |
196 | /** |
197 | * Given a menu item, call the appropriate controller and return the response | |
198 | * | |
6a0b768e TO |
199 | * @param array $item |
200 | * See CRM_Core_Menu. | |
6a488035 TO |
201 | * @return string, HTML |
202 | */ | |
518fa0ee | 203 | public static function runItem($item) { |
76adcecc TO |
204 | $ids = new CRM_Core_IDS(); |
205 | $ids->check($item); | |
206 | ||
2d38c687 PF |
207 | self::registerPharHandler(); |
208 | ||
6a488035 TO |
209 | $config = CRM_Core_Config::singleton(); |
210 | if ($config->userFramework == 'Joomla' && $item) { | |
211 | $config->userFrameworkURLVar = 'task'; | |
212 | ||
213 | // joomla 1.5RC1 seems to push this in the POST variable, which messes | |
214 | // QF and checkboxes | |
215 | unset($_POST['option']); | |
216 | CRM_Core_Joomla::sidebarLeft(); | |
217 | } | |
218 | ||
219 | // set active Component | |
220 | $template = CRM_Core_Smarty::singleton(); | |
221 | $template->assign('activeComponent', 'CiviCRM'); | |
222 | $template->assign('formTpl', 'default'); | |
223 | ||
224 | if ($item) { | |
6a488035 TO |
225 | |
226 | if (!array_key_exists('page_callback', $item)) { | |
227 | CRM_Core_Error::debug('Bad item', $item); | |
b5834543 | 228 | CRM_Core_Error::statusBounce(ts('Bad menu record in database')); |
6a488035 TO |
229 | } |
230 | ||
231 | // check that we are permissioned to access this page | |
232 | if (!CRM_Core_Permission::checkMenuItem($item)) { | |
233 | CRM_Utils_System::permissionDenied(); | |
408b79bf | 234 | return NULL; |
6a488035 TO |
235 | } |
236 | ||
237 | // check if ssl is set | |
a7488080 | 238 | if (!empty($item['is_ssl'])) { |
6a488035 TO |
239 | CRM_Utils_System::redirectToSSL(); |
240 | } | |
241 | ||
242 | if (isset($item['title'])) { | |
243 | CRM_Utils_System::setTitle($item['title']); | |
244 | } | |
245 | ||
246 | if (isset($item['breadcrumb']) && !isset($item['is_public'])) { | |
247 | CRM_Utils_System::appendBreadCrumb($item['breadcrumb']); | |
248 | } | |
249 | ||
250 | $pageArgs = NULL; | |
a7488080 | 251 | if (!empty($item['page_arguments'])) { |
6a488035 TO |
252 | $pageArgs = CRM_Core_Menu::getArrayForPathArgs($item['page_arguments']); |
253 | } | |
254 | ||
255 | $template = CRM_Core_Smarty::singleton(); | |
256 | if (!empty($item['is_public'])) { | |
257 | $template->assign('urlIsPublic', TRUE); | |
258 | } | |
259 | else { | |
260 | $template->assign('urlIsPublic', FALSE); | |
06576a03 | 261 | self::statusCheck($template); |
6a488035 TO |
262 | } |
263 | ||
264 | if (isset($item['return_url'])) { | |
265 | $session = CRM_Core_Session::singleton(); | |
266 | $args = CRM_Utils_Array::value( | |
267 | 'return_url_args', | |
268 | $item, | |
269 | 'reset=1' | |
270 | ); | |
271 | $session->pushUserContext(CRM_Utils_System::url($item['return_url'], $args)); | |
272 | } | |
273 | ||
274 | $result = NULL; | |
c8074a93 TO |
275 | // WISHLIST: Refactor this. Instead of pattern-matching on page_callback, lookup |
276 | // page_callback via Civi\Core\Resolver and check the implemented interfaces. This | |
277 | // would require rethinking the default constructor. | |
278 | if (is_array($item['page_callback']) || strpos($item['page_callback'], ':')) { | |
279 | $result = call_user_func(Civi\Core\Resolver::singleton()->get($item['page_callback'])); | |
6a488035 | 280 | } |
8d179051 | 281 | elseif (strpos($item['page_callback'], '_Form') !== FALSE) { |
6a488035 TO |
282 | $wrapper = new CRM_Utils_Wrapper(); |
283 | $result = $wrapper->run( | |
8d179051 | 284 | $item['page_callback'] ?? NULL, |
285 | $item['title'] ?? NULL, | |
2e1f50d6 | 286 | $pageArgs ?? NULL |
6a488035 TO |
287 | ); |
288 | } | |
289 | else { | |
290 | $newArgs = explode('/', $_GET[$config->userFrameworkURLVar]); | |
6a488035 TO |
291 | $mode = 'null'; |
292 | if (isset($pageArgs['mode'])) { | |
293 | $mode = $pageArgs['mode']; | |
294 | unset($pageArgs['mode']); | |
295 | } | |
9c1bc317 | 296 | $title = $item['title'] ?? NULL; |
99218b4b | 297 | if (strstr($item['page_callback'], '_Page') || strstr($item['page_callback'], '\\Page\\')) { |
408b79bf | 298 | $object = new $item['page_callback']($title, $mode); |
6c2473d5 | 299 | $object->urlPath = explode('/', $_GET[$config->userFrameworkURLVar]); |
6a488035 | 300 | } |
99218b4b | 301 | elseif (strstr($item['page_callback'], '_Controller') || strstr($item['page_callback'], '\\Controller\\')) { |
6a488035 TO |
302 | $addSequence = 'false'; |
303 | if (isset($pageArgs['addSequence'])) { | |
304 | $addSequence = $pageArgs['addSequence']; | |
305 | $addSequence = $addSequence ? 'true' : 'false'; | |
306 | unset($pageArgs['addSequence']); | |
307 | } | |
408b79bf | 308 | $object = new $item['page_callback']($title, TRUE, $mode, NULL, $addSequence); |
6a488035 TO |
309 | } |
310 | else { | |
b5834543 | 311 | throw new CRM_Core_Exception('Execute supplied menu action'); |
6a488035 TO |
312 | } |
313 | $result = $object->run($newArgs, $pageArgs); | |
314 | } | |
315 | ||
316 | CRM_Core_Session::storeSessionObjects(); | |
317 | return $result; | |
318 | } | |
319 | ||
320 | CRM_Core_Menu::store(); | |
321 | CRM_Core_Session::setStatus(ts('Menu has been rebuilt'), ts('Complete'), 'success'); | |
322 | return CRM_Utils_System::redirect(); | |
323 | } | |
324 | ||
325 | /** | |
d09edf64 | 326 | * This function contains the default action. |
6a488035 TO |
327 | * |
328 | * @param $action | |
329 | * | |
77b97be7 EM |
330 | * @param $contact_type |
331 | * @param $contact_sub_type | |
332 | * | |
6a488035 | 333 | */ |
00be9182 | 334 | public static function form($action, $contact_type, $contact_sub_type) { |
be2fb01f | 335 | CRM_Utils_System::setUserContext(['civicrm/contact/search/basic', 'civicrm/contact/view']); |
6a488035 TO |
336 | $wrapper = new CRM_Utils_Wrapper(); |
337 | ||
338 | $properties = CRM_Core_Component::contactSubTypeProperties($contact_sub_type, 'Edit'); | |
339 | if ($properties) { | |
be2fb01f | 340 | $wrapper->run($properties['class'], ts('New %1', [1 => $contact_sub_type]), $action, TRUE); |
6a488035 TO |
341 | } |
342 | else { | |
343 | $wrapper->run('CRM_Contact_Form_Contact', ts('New Contact'), $action, TRUE); | |
344 | } | |
345 | } | |
346 | ||
6a488035 | 347 | /** |
f55dd135 | 348 | * Show status in the footer (admin only) |
6a488035 | 349 | * |
fa8dc18c | 350 | * @param CRM_Core_Smarty $template |
6a488035 | 351 | */ |
097c681e | 352 | public static function statusCheck($template) { |
f55dd135 | 353 | if (CRM_Core_Config::isUpgradeMode() || !CRM_Core_Permission::check('administer CiviCRM')) { |
097c681e AH |
354 | return; |
355 | } | |
f55dd135 | 356 | // always use cached results - they will be refreshed by the session timer |
b1fc1ab0 | 357 | $status = Civi::cache('checks')->get('systemStatusCheckResult'); |
f55dd135 | 358 | $template->assign('footer_status_severity', $status); |
f608a24a | 359 | $template->assign('footer_status_message', CRM_Utils_Check::toStatusLabel($status)); |
097c681e | 360 | } |
6a488035 | 361 | |
a0ee3941 EM |
362 | /** |
363 | * @param bool $triggerRebuild | |
364 | * @param bool $sessionReset | |
365 | * | |
366 | * @throws Exception | |
367 | */ | |
00be9182 | 368 | public static function rebuildMenuAndCaches($triggerRebuild = FALSE, $sessionReset = FALSE) { |
6a488035 TO |
369 | $config = CRM_Core_Config::singleton(); |
370 | $config->clearModuleList(); | |
371 | ||
ae2cab23 TO |
372 | // also cleanup all caches |
373 | $config->cleanupCaches($sessionReset || CRM_Utils_Request::retrieve('sessionReset', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET')); | |
374 | ||
6a488035 TO |
375 | CRM_Core_Menu::store(); |
376 | ||
377 | // also reset navigation | |
378 | CRM_Core_BAO_Navigation::resetNavigation(); | |
379 | ||
6a488035 TO |
380 | // also cleanup module permissions |
381 | $config->cleanupPermissions(); | |
382 | ||
9762f6ff CW |
383 | // rebuild word replacement cache - pass false to prevent operations redundant with this fn |
384 | CRM_Core_BAO_WordReplacement::rebuild(FALSE); | |
76dca235 | 385 | |
76bd16ab | 386 | Civi::service('settings_manager')->flush(); |
9762f6ff | 387 | // Clear js caches |
4cc9b813 | 388 | CRM_Core_Resources::singleton()->flushStrings()->resetCacheCode(); |
ab89fdde | 389 | CRM_Case_XMLRepository::singleton(TRUE); |
1fcf16cc | 390 | |
6a488035 TO |
391 | // also rebuild triggers if requested explicitly |
392 | if ( | |
393 | $triggerRebuild || | |
394 | CRM_Utils_Request::retrieve('triggerRebuild', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET') | |
395 | ) { | |
396 | CRM_Core_DAO::triggerRebuild(); | |
a11c1084 | 397 | $config->userSystem->invalidateRouteCache(); |
6a488035 | 398 | } |
95a90cba | 399 | CRM_Core_DAO_AllCoreTables::reinitializeCache(TRUE); |
6a488035 TO |
400 | CRM_Core_ManagedEntities::singleton(TRUE)->reconcile(); |
401 | } | |
96025800 | 402 | |
6a488035 | 403 | } |