Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
6a488035 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
6a488035 | 9 | +--------------------------------------------------------------------+ |
d25dd0ee | 10 | */ |
6a488035 TO |
11 | |
12 | /** | |
13 | * | |
14 | * Given an argument list, invoke the appropriate CRM function | |
15 | * Serves as a wrapper between the UserFrameWork and Core CRM | |
16 | * | |
17 | * @package CRM | |
ca5cec67 | 18 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
6a488035 TO |
19 | */ |
20 | class CRM_Core_Invoke { | |
21 | ||
22 | /** | |
be7dea3f TO |
23 | * This is the main front-controller that integrates with the CMS. Any |
24 | * page-request that is sent to the CMS and intended for CiviCRM should | |
25 | * be processed by invoke(). | |
6a488035 | 26 | * |
be7dea3f TO |
27 | * @param array $args |
28 | * The parts of the URL which identify the intended CiviCRM page | |
29 | * (e.g. array('civicrm', 'event', 'register')). | |
30 | * @return string | |
31 | * HTML. For non-HTML content, invoke() may call print() and exit(). | |
6a488035 | 32 | * |
6a488035 | 33 | */ |
00be9182 | 34 | public static function invoke($args) { |
6a488035 TO |
35 | try { |
36 | return self::_invoke($args); | |
dcc4f6a7 | 37 | } |
dcc4f6a7 | 38 | catch (Exception $e) { |
be7dea3f | 39 | CRM_Core_Error::handleUnhandledException($e); |
6a488035 TO |
40 | } |
41 | } | |
42 | ||
a0ee3941 | 43 | /** |
be7dea3f TO |
44 | * This is the same as invoke(), but it does *not* include exception |
45 | * handling. | |
46 | * | |
47 | * @param array $args | |
48 | * The parts of the URL which identify the intended CiviCRM page | |
49 | * (e.g. array('civicrm', 'event', 'register')). | |
50 | * @return string | |
51 | * HTML. For non-HTML content, invoke() may call print() and exit(). | |
a0ee3941 | 52 | */ |
be7dea3f | 53 | public static function _invoke($args) { |
6a488035 | 54 | if ($args[0] !== 'civicrm') { |
408b79bf | 55 | return NULL; |
6a488035 | 56 | } |
1ebbf8bf | 57 | // CRM-15901: Turn off PHP errors display for all ajax calls |
b99f3e96 | 58 | if (CRM_Utils_Array::value(1, $args) == 'ajax' || !empty($_REQUEST['snippet'])) { |
1ebbf8bf NG |
59 | ini_set('display_errors', 0); |
60 | } | |
6a488035 TO |
61 | |
62 | if (!defined('CIVICRM_SYMFONY_PATH')) { | |
be7dea3f | 63 | // Traditional Civi invocation path |
518fa0ee SL |
64 | // may exit |
65 | self::hackMenuRebuild($args); | |
be7dea3f | 66 | self::init($args); |
be7dea3f TO |
67 | $item = self::getItem($args); |
68 | return self::runItem($item); | |
0db6c3e1 TO |
69 | } |
70 | else { | |
6a488035 TO |
71 | // Symfony-based invocation path |
72 | require_once CIVICRM_SYMFONY_PATH . '/app/bootstrap.php.cache'; | |
73 | require_once CIVICRM_SYMFONY_PATH . '/app/AppKernel.php'; | |
4eeb9a5b | 74 | $kernel = new AppKernel('dev', TRUE); |
6a488035 TO |
75 | $kernel->loadClassCache(); |
76 | $response = $kernel->handle(Symfony\Component\HttpFoundation\Request::createFromGlobals()); | |
c24c4679 TO |
77 | if (preg_match(':^text/html:', $response->headers->get('Content-Type'))) { |
78 | // let the CMS handle the trappings | |
79 | return $response->getContent(); | |
0db6c3e1 TO |
80 | } |
81 | else { | |
c24c4679 TO |
82 | $response->send(); |
83 | exit(); | |
84 | } | |
6a488035 TO |
85 | } |
86 | } | |
353ffa53 | 87 | |
6a488035 TO |
88 | /** |
89 | * Hackish support /civicrm/menu/rebuild | |
90 | * | |
6a0b768e TO |
91 | * @param array $args |
92 | * List of path parts. | |
6a488035 TO |
93 | * @void |
94 | */ | |
518fa0ee | 95 | public static function hackMenuRebuild($args) { |
be2fb01f | 96 | if (['civicrm', 'menu', 'rebuild'] == $args || ['civicrm', 'clearcache'] == $args) { |
6a488035 TO |
97 | // ensure that the user has a good privilege level |
98 | if (CRM_Core_Permission::check('administer CiviCRM')) { | |
99 | self::rebuildMenuAndCaches(); | |
100 | CRM_Core_Session::setStatus(ts('Cleared all CiviCRM caches (database, menu, templates)'), ts('Complete'), 'success'); | |
518fa0ee SL |
101 | // exits |
102 | return CRM_Utils_System::redirect(); | |
6a488035 TO |
103 | } |
104 | else { | |
b5834543 | 105 | CRM_Core_Error::statusBounce('You do not have permission to execute this url'); |
6a488035 TO |
106 | } |
107 | } | |
108 | } | |
109 | ||
110 | /** | |
d09edf64 | 111 | * Perform general setup. |
6a488035 | 112 | * |
6a0b768e TO |
113 | * @param array $args |
114 | * List of path parts. | |
6a488035 TO |
115 | * @void |
116 | */ | |
518fa0ee | 117 | public static function init($args) { |
6a488035 TO |
118 | // first fire up IDS and check for bad stuff |
119 | $config = CRM_Core_Config::singleton(); | |
6a488035 TO |
120 | |
121 | // also initialize the i18n framework | |
122 | require_once 'CRM/Core/I18n.php'; | |
123 | $i18n = CRM_Core_I18n::singleton(); | |
124 | } | |
125 | ||
6a488035 TO |
126 | /** |
127 | * Determine which menu $item corresponds to $args | |
128 | * | |
6a0b768e TO |
129 | * @param array $args |
130 | * List of path parts. | |
6a488035 TO |
131 | * @return array; see CRM_Core_Menu |
132 | */ | |
518fa0ee | 133 | public static function getItem($args) { |
6a488035 TO |
134 | if (is_array($args)) { |
135 | // get the menu items | |
136 | $path = implode('/', $args); | |
0db6c3e1 TO |
137 | } |
138 | else { | |
6a488035 TO |
139 | $path = $args; |
140 | } | |
141 | $item = CRM_Core_Menu::get($path); | |
142 | ||
143 | // we should try to compute menus, if item is empty and stay on the same page, | |
144 | // rather than compute and redirect to dashboard. | |
145 | if (!$item) { | |
146 | CRM_Core_Menu::store(FALSE); | |
147 | $item = CRM_Core_Menu::get($path); | |
148 | } | |
149 | ||
150 | return $item; | |
151 | } | |
152 | ||
2d38c687 PF |
153 | /** |
154 | * Register an alternative phar:// stream wrapper to filter out insecure Phars | |
155 | * | |
156 | * PHP makes it possible to trigger Object Injection vulnerabilities by using | |
157 | * a side-effect of the phar:// stream wrapper that unserializes Phar | |
158 | * metadata. To mitigate this vulnerability, projects such as TYPO3 and Drupal | |
159 | * have implemented an alternative Phar stream wrapper that disallows | |
160 | * inclusion of phar files based on certain parameters. | |
161 | * | |
162 | * This code attempts to register the TYPO3 Phar stream wrapper using the | |
163 | * interceptor defined in \Civi\Core\Security\PharExtensionInterceptor. In an | |
164 | * environment where the stream wrapper was already registered via | |
165 | * \TYPO3\PharStreamWrapper\Manager (i.e. Drupal), this code does not do | |
166 | * anything. In other environments (e.g. WordPress, at the time of this | |
167 | * writing), the TYPO3 library is used to register the interceptor to mitigate | |
168 | * the vulnerability. | |
169 | */ | |
170 | private static function registerPharHandler() { | |
171 | try { | |
172 | // try to get the existing stream wrapper, registered e.g. by Drupal | |
173 | \TYPO3\PharStreamWrapper\Manager::instance(); | |
174 | } | |
175 | catch (\LogicException $e) { | |
176 | if ($e->getCode() === 1535189872) { | |
177 | // no phar stream wrapper was registered by \TYPO3\PharStreamWrapper\Manager. | |
178 | // This means we're probably not on Drupal and need to register our own. | |
179 | \TYPO3\PharStreamWrapper\Manager::initialize( | |
180 | (new \TYPO3\PharStreamWrapper\Behavior()) | |
181 | ->withAssertion(new \Civi\Core\Security\PharExtensionInterceptor()) | |
182 | ); | |
183 | if (in_array('phar', stream_get_wrappers())) { | |
184 | stream_wrapper_unregister('phar'); | |
185 | stream_wrapper_register('phar', \TYPO3\PharStreamWrapper\PharStreamWrapper::class); | |
186 | } | |
b99f3e96 CW |
187 | } |
188 | else { | |
2d38c687 PF |
189 | // this is not an exception we can handle |
190 | throw $e; | |
191 | } | |
192 | } | |
193 | } | |
194 | ||
6a488035 TO |
195 | /** |
196 | * Given a menu item, call the appropriate controller and return the response | |
197 | * | |
6a0b768e TO |
198 | * @param array $item |
199 | * See CRM_Core_Menu. | |
6a488035 TO |
200 | * @return string, HTML |
201 | */ | |
518fa0ee | 202 | public static function runItem($item) { |
76adcecc TO |
203 | $ids = new CRM_Core_IDS(); |
204 | $ids->check($item); | |
205 | ||
2d38c687 PF |
206 | self::registerPharHandler(); |
207 | ||
6a488035 TO |
208 | $config = CRM_Core_Config::singleton(); |
209 | if ($config->userFramework == 'Joomla' && $item) { | |
210 | $config->userFrameworkURLVar = 'task'; | |
211 | ||
212 | // joomla 1.5RC1 seems to push this in the POST variable, which messes | |
213 | // QF and checkboxes | |
214 | unset($_POST['option']); | |
215 | CRM_Core_Joomla::sidebarLeft(); | |
216 | } | |
217 | ||
218 | // set active Component | |
219 | $template = CRM_Core_Smarty::singleton(); | |
220 | $template->assign('activeComponent', 'CiviCRM'); | |
221 | $template->assign('formTpl', 'default'); | |
222 | ||
223 | if ($item) { | |
6a488035 TO |
224 | |
225 | if (!array_key_exists('page_callback', $item)) { | |
226 | CRM_Core_Error::debug('Bad item', $item); | |
b5834543 | 227 | CRM_Core_Error::statusBounce(ts('Bad menu record in database')); |
6a488035 TO |
228 | } |
229 | ||
230 | // check that we are permissioned to access this page | |
231 | if (!CRM_Core_Permission::checkMenuItem($item)) { | |
232 | CRM_Utils_System::permissionDenied(); | |
408b79bf | 233 | return NULL; |
6a488035 TO |
234 | } |
235 | ||
236 | // check if ssl is set | |
a7488080 | 237 | if (!empty($item['is_ssl'])) { |
6a488035 TO |
238 | CRM_Utils_System::redirectToSSL(); |
239 | } | |
240 | ||
241 | if (isset($item['title'])) { | |
242 | CRM_Utils_System::setTitle($item['title']); | |
243 | } | |
244 | ||
245 | if (isset($item['breadcrumb']) && !isset($item['is_public'])) { | |
246 | CRM_Utils_System::appendBreadCrumb($item['breadcrumb']); | |
247 | } | |
248 | ||
249 | $pageArgs = NULL; | |
a7488080 | 250 | if (!empty($item['page_arguments'])) { |
6a488035 TO |
251 | $pageArgs = CRM_Core_Menu::getArrayForPathArgs($item['page_arguments']); |
252 | } | |
253 | ||
254 | $template = CRM_Core_Smarty::singleton(); | |
255 | if (!empty($item['is_public'])) { | |
256 | $template->assign('urlIsPublic', TRUE); | |
257 | } | |
258 | else { | |
259 | $template->assign('urlIsPublic', FALSE); | |
06576a03 | 260 | self::statusCheck($template); |
6a488035 TO |
261 | } |
262 | ||
263 | if (isset($item['return_url'])) { | |
264 | $session = CRM_Core_Session::singleton(); | |
265 | $args = CRM_Utils_Array::value( | |
266 | 'return_url_args', | |
267 | $item, | |
268 | 'reset=1' | |
269 | ); | |
270 | $session->pushUserContext(CRM_Utils_System::url($item['return_url'], $args)); | |
271 | } | |
272 | ||
273 | $result = NULL; | |
c8074a93 TO |
274 | // WISHLIST: Refactor this. Instead of pattern-matching on page_callback, lookup |
275 | // page_callback via Civi\Core\Resolver and check the implemented interfaces. This | |
276 | // would require rethinking the default constructor. | |
277 | if (is_array($item['page_callback']) || strpos($item['page_callback'], ':')) { | |
278 | $result = call_user_func(Civi\Core\Resolver::singleton()->get($item['page_callback'])); | |
6a488035 | 279 | } |
8d179051 | 280 | elseif (strpos($item['page_callback'], '_Form') !== FALSE) { |
6a488035 TO |
281 | $wrapper = new CRM_Utils_Wrapper(); |
282 | $result = $wrapper->run( | |
8d179051 | 283 | $item['page_callback'] ?? NULL, |
284 | $item['title'] ?? NULL, | |
2e1f50d6 | 285 | $pageArgs ?? NULL |
6a488035 TO |
286 | ); |
287 | } | |
288 | else { | |
289 | $newArgs = explode('/', $_GET[$config->userFrameworkURLVar]); | |
6a488035 TO |
290 | $mode = 'null'; |
291 | if (isset($pageArgs['mode'])) { | |
292 | $mode = $pageArgs['mode']; | |
293 | unset($pageArgs['mode']); | |
294 | } | |
9c1bc317 | 295 | $title = $item['title'] ?? NULL; |
99218b4b | 296 | if (strstr($item['page_callback'], '_Page') || strstr($item['page_callback'], '\\Page\\')) { |
408b79bf | 297 | $object = new $item['page_callback']($title, $mode); |
6c2473d5 | 298 | $object->urlPath = explode('/', $_GET[$config->userFrameworkURLVar]); |
6a488035 | 299 | } |
99218b4b | 300 | elseif (strstr($item['page_callback'], '_Controller') || strstr($item['page_callback'], '\\Controller\\')) { |
6a488035 TO |
301 | $addSequence = 'false'; |
302 | if (isset($pageArgs['addSequence'])) { | |
303 | $addSequence = $pageArgs['addSequence']; | |
304 | $addSequence = $addSequence ? 'true' : 'false'; | |
305 | unset($pageArgs['addSequence']); | |
306 | } | |
408b79bf | 307 | $object = new $item['page_callback']($title, TRUE, $mode, NULL, $addSequence); |
6a488035 TO |
308 | } |
309 | else { | |
b5834543 | 310 | throw new CRM_Core_Exception('Execute supplied menu action'); |
6a488035 TO |
311 | } |
312 | $result = $object->run($newArgs, $pageArgs); | |
313 | } | |
314 | ||
315 | CRM_Core_Session::storeSessionObjects(); | |
316 | return $result; | |
317 | } | |
318 | ||
319 | CRM_Core_Menu::store(); | |
320 | CRM_Core_Session::setStatus(ts('Menu has been rebuilt'), ts('Complete'), 'success'); | |
321 | return CRM_Utils_System::redirect(); | |
322 | } | |
323 | ||
324 | /** | |
d09edf64 | 325 | * This function contains the default action. |
6a488035 TO |
326 | * |
327 | * @param $action | |
328 | * | |
77b97be7 EM |
329 | * @param $contact_type |
330 | * @param $contact_sub_type | |
331 | * | |
6a488035 | 332 | */ |
00be9182 | 333 | public static function form($action, $contact_type, $contact_sub_type) { |
be2fb01f | 334 | CRM_Utils_System::setUserContext(['civicrm/contact/search/basic', 'civicrm/contact/view']); |
6a488035 TO |
335 | $wrapper = new CRM_Utils_Wrapper(); |
336 | ||
337 | $properties = CRM_Core_Component::contactSubTypeProperties($contact_sub_type, 'Edit'); | |
338 | if ($properties) { | |
be2fb01f | 339 | $wrapper->run($properties['class'], ts('New %1', [1 => $contact_sub_type]), $action, TRUE); |
6a488035 TO |
340 | } |
341 | else { | |
342 | $wrapper->run('CRM_Contact_Form_Contact', ts('New Contact'), $action, TRUE); | |
343 | } | |
344 | } | |
345 | ||
6a488035 | 346 | /** |
f55dd135 | 347 | * Show status in the footer (admin only) |
6a488035 | 348 | * |
fa8dc18c | 349 | * @param CRM_Core_Smarty $template |
6a488035 | 350 | */ |
097c681e | 351 | public static function statusCheck($template) { |
f55dd135 | 352 | if (CRM_Core_Config::isUpgradeMode() || !CRM_Core_Permission::check('administer CiviCRM')) { |
097c681e AH |
353 | return; |
354 | } | |
f55dd135 | 355 | // always use cached results - they will be refreshed by the session timer |
b1fc1ab0 | 356 | $status = Civi::cache('checks')->get('systemStatusCheckResult'); |
f55dd135 | 357 | $template->assign('footer_status_severity', $status); |
f608a24a | 358 | $template->assign('footer_status_message', CRM_Utils_Check::toStatusLabel($status)); |
097c681e | 359 | } |
6a488035 | 360 | |
a0ee3941 EM |
361 | /** |
362 | * @param bool $triggerRebuild | |
363 | * @param bool $sessionReset | |
364 | * | |
365 | * @throws Exception | |
366 | */ | |
00be9182 | 367 | public static function rebuildMenuAndCaches($triggerRebuild = FALSE, $sessionReset = FALSE) { |
6a488035 TO |
368 | $config = CRM_Core_Config::singleton(); |
369 | $config->clearModuleList(); | |
370 | ||
ae2cab23 TO |
371 | // also cleanup all caches |
372 | $config->cleanupCaches($sessionReset || CRM_Utils_Request::retrieve('sessionReset', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET')); | |
373 | ||
6a488035 TO |
374 | CRM_Core_Menu::store(); |
375 | ||
376 | // also reset navigation | |
377 | CRM_Core_BAO_Navigation::resetNavigation(); | |
378 | ||
6a488035 TO |
379 | // also cleanup module permissions |
380 | $config->cleanupPermissions(); | |
381 | ||
9762f6ff CW |
382 | // rebuild word replacement cache - pass false to prevent operations redundant with this fn |
383 | CRM_Core_BAO_WordReplacement::rebuild(FALSE); | |
76dca235 | 384 | |
76bd16ab | 385 | Civi::service('settings_manager')->flush(); |
9762f6ff | 386 | // Clear js caches |
4cc9b813 | 387 | CRM_Core_Resources::singleton()->flushStrings()->resetCacheCode(); |
ab89fdde | 388 | CRM_Case_XMLRepository::singleton(TRUE); |
1fcf16cc | 389 | |
6a488035 TO |
390 | // also rebuild triggers if requested explicitly |
391 | if ( | |
392 | $triggerRebuild || | |
393 | CRM_Utils_Request::retrieve('triggerRebuild', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET') | |
394 | ) { | |
395 | CRM_Core_DAO::triggerRebuild(); | |
396 | } | |
95a90cba | 397 | CRM_Core_DAO_AllCoreTables::reinitializeCache(TRUE); |
6a488035 TO |
398 | CRM_Core_ManagedEntities::singleton(TRUE)->reconcile(); |
399 | } | |
96025800 | 400 | |
6a488035 | 401 | } |