[civicrm-core.git] / CRM / Core / Page / AJAX.php

<?php
/*
 +--------------------------------------------------------------------+
 | CiviCRM version 4.7                                                |
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC (c) 2004-2018                                |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License and the CiviCRM Licensing Exception along                  |
 | with this program; if not, contact CiviCRM LLC                     |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
 */

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC (c) 2004-2018
 * $Id$
 *
 */

/**
 * This is base class for all ajax calls
 */
class CRM_Core_Page_AJAX {

  /**
   * Call generic ajax forms.
   *
   */
  public static function run() {
    $className = CRM_Utils_Type::escape($_REQUEST['class_name'], 'String');
    $type = '';
    if (!empty($_REQUEST['type'])) {
      $type = CRM_Utils_Type::escape($_REQUEST['type'], 'String');
    }

    if (!$className) {
      CRM_Core_Error::fatal(ts('Invalid className: %1', array(1 => $className)));
    }

    $fnName = NULL;
    if (isset($_REQUEST['fn_name'])) {
      $fnName = CRM_Utils_Type::escape($_REQUEST['fn_name'], 'String');
    }

    if (!self::checkAuthz($type, $className, $fnName)) {
      CRM_Utils_System::civiExit();
    }

    switch ($type) {
      case 'method':
        call_user_func(array($className, $fnName));
        break;

      case 'page':
      case 'class':
      case '':
        // FIXME: This is done to maintain current wire protocol, but it might be
        // simpler to just require different 'types' for pages and forms
        if (preg_match('/^CRM_[a-zA-Z0-9]+_Page_Inline_/', $className)) {
          $page = new $className();
          $page->run();
        }
        else {
          $wrapper = new CRM_Utils_Wrapper();
          $wrapper->run($className);
        }
        break;

      default:
        CRM_Core_Error::debug_log_message('Unsupported inline request type: ' . var_export($type, TRUE));
    }
    CRM_Utils_System::civiExit();
  }

  /**
   * Change is_quick_config priceSet to complex.
   *
   */
  public static function setIsQuickConfig() {
    $id = $context = NULL;
    if (!empty($_REQUEST['id'])) {
      $id = CRM_Utils_Type::escape($_REQUEST['id'], 'Integer');
    }

    if (!empty($_REQUEST['context'])) {
      $context = CRM_Utils_Type::escape($_REQUEST['context'], 'String');
    }
    // return false if $id is null and
    // $context is not civicrm_event or civicrm_contribution_page
    if (!$id || !in_array($context, array('civicrm_event', 'civicrm_contribution_page'))) {
      return FALSE;
    }
    $priceSetId = CRM_Price_BAO_PriceSet::getFor($context, $id, NULL);
    if ($priceSetId) {
      $sql = "UPDATE
       civicrm_price_set cps
       INNER JOIN civicrm_price_set_entity cpse ON cps.id = cpse.price_set_id
       INNER JOIN {$context} ce ON cpse.entity_id = ce.id AND ce.id = %1
       SET cps.is_quick_config = 0, cps.financial_type_id = IF(cps.financial_type_id IS NULL, ce.financial_type_id, cps.financial_type_id)
      ";
      CRM_Core_DAO::executeQuery($sql, array(1 => array($id, 'Integer')));

      if ($context == 'civicrm_event') {
        CRM_Core_BAO_Discount::del($id, $context);
      }
    }

    CRM_Utils_JSON::output($priceSetId);
  }

  /**
   * Determine whether the request is for a valid class/method name.
   *
   * @param string $type
   *   'method'|'class'|''.
   * @param string $className
   *   'Class_Name'.
   * @param string $fnName
   *   Method name.
   *
   * @return bool
   */
  public static function checkAuthz($type, $className, $fnName = NULL) {
    switch ($type) {
      case 'method':
        if (!preg_match('/^CRM_[a-zA-Z0-9]+_Page_AJAX$/', $className)) {
          return FALSE;
        }
        if (!preg_match('/^[a-zA-Z0-9]+$/', $fnName)) {
          return FALSE;
        }

        // ensure that function exists
        return method_exists($className, $fnName);

      case 'page':
      case 'class':
      case '':
        if (!preg_match('/^CRM_[a-zA-Z0-9]+_(Page|Form)_Inline_[a-zA-Z0-9]+$/', $className)) {
          return FALSE;
        }
        return class_exists($className);

      default:
        return FALSE;
    }
  }

  /**
   * Outputs the CiviCRM standard json-formatted page/form response
   * @param array|string $response
   */
  public static function returnJsonResponse($response) {
    // Allow lazy callers to not wrap content in an array
    if (is_string($response)) {
      $response = array('content' => $response);
    }
    // Add session variables to response
    $session = CRM_Core_Session::singleton();
    $response += array(
      'status' => 'success',
      'userContext' => htmlspecialchars_decode($session->readUserContext()),
      'title' => CRM_Utils_System::$title,
    );
    // crmMessages will be automatically handled by our ajax preprocessor
    // @see js/Common.js
    if ($session->getStatus(FALSE)) {
      $response['crmMessages'] = $session->getStatus(TRUE);
    }
    $output = json_encode($response);

    // CRM-11831 @see http://www.malsup.com/jquery/form/#file-upload
    if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
      CRM_Utils_System::setHttpHeader('Content-Type', 'application/json');
    }
    else {
      $output = "<textarea>$output</textarea>";
    }
    echo $output;
    CRM_Utils_System::civiExit();
  }

  /**
   * Set headers appropriate for a js file.
   *
   * @param int|NULL $ttl
   *   Time-to-live (seconds).
   */
  public static function setJsHeaders($ttl = NULL) {
    if ($ttl === NULL) {
      // Encourage browsers to cache for a long time - 1 year
      $ttl = 60 * 60 * 24 * 364;
    }
    CRM_Utils_System::setHttpHeader('Expires', gmdate('D, d M Y H:i:s \G\M\T', time() + $ttl));
    CRM_Utils_System::setHttpHeader('Content-Type', 'application/javascript');
    CRM_Utils_System::setHttpHeader('Cache-Control', "max-age=$ttl, public");
  }

  /**
   * Set defaults for sort and pager.
   *
   * @param int $defaultOffset
   * @param int $defaultRowCount
   * @param string $defaultSort
   * @param string $defaultsortOrder
   *
   * @return array
   */
  public static function defaultSortAndPagerParams($defaultOffset = 0, $defaultRowCount = 25, $defaultSort = NULL, $defaultsortOrder = 'asc') {
    $params = array(
      '_raw_values' => array(),
    );

    $sortMapper = array();
    if (isset($_GET['columns'])) {
      foreach ($_GET['columns'] as $key => $value) {
        $sortMapper[$key] = CRM_Utils_Type::validate($value['data'], 'MysqlColumnNameOrAlias');
      };
    }

    $offset = isset($_GET['start']) ? CRM_Utils_Type::validate($_GET['start'], 'Integer') : $defaultOffset;
    $rowCount = isset($_GET['length']) ? CRM_Utils_Type::validate($_GET['length'], 'Integer') : $defaultRowCount;
    // Why is the number of order by columns limited to 1?
    $sort = isset($_GET['order'][0]['column']) ? CRM_Utils_Array::value(CRM_Utils_Type::validate($_GET['order'][0]['column'], 'Integer'), $sortMapper) : $defaultSort;
    $sortOrder = isset($_GET['order'][0]['dir']) ? CRM_Utils_Type::validate($_GET['order'][0]['dir'], 'MysqlOrderByDirection') : $defaultsortOrder;

    if ($sort) {
      $params['sortBy'] = "{$sort} {$sortOrder}";

      $params['_raw_values']['sort'][0] = $sort;
      $params['_raw_values']['order'][0] = $sortOrder;
    }

    $params['offset'] = $offset;
    $params['rp'] = $rowCount;
    $params['page'] = ($offset / $rowCount) + 1;

    return $params;
  }

  /**
   * Validate ajax input parameters.
   *
   * @param array $requiredParams
   * @param array $optionalParams
   *
   * @return array
   */
  public static function validateParams($requiredParams = array(), $optionalParams = array()) {
    $params = array();

    foreach ($requiredParams as $param => $type) {
      $params[$param] = CRM_Utils_Type::validate(CRM_Utils_Array::value($param, $_GET), $type);
    }

    foreach ($optionalParams as $param => $type) {
      if (CRM_Utils_Array::value($param, $_GET)) {
        $params[$param] = CRM_Utils_Type::validate(CRM_Utils_Array::value($param, $_GET), $type);
      }
    }

    return $params;

  }

}
Commit	Line	Data
6a488035 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
7e9e8871	4	\| CiviCRM version 4.7 \|
6a488035	5	+--------------------------------------------------------------------+
8c9251b3	6	\| Copyright CiviCRM LLC (c) 2004-2018 \|
6a488035 TO	7	+--------------------------------------------------------------------+
	8	\| This file is a part of CiviCRM. \|
	9	\| \|
	10	\| CiviCRM is free software; you can copy, modify, and distribute it \|
	11	\| under the terms of the GNU Affero General Public License \|
	12	\| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. \|
	13	\| \|
	14	\| CiviCRM is distributed in the hope that it will be useful, but \|
	15	\| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	16	\| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \|
	17	\| See the GNU Affero General Public License for more details. \|
	18	\| \|
	19	\| You should have received a copy of the GNU Affero General Public \|
	20	\| License and the CiviCRM Licensing Exception along \|
	21	\| with this program; if not, contact CiviCRM LLC \|
	22	\| at info[AT]civicrm[DOT]org. If you have questions about the \|
	23	\| GNU Affero General Public License or the licensing of CiviCRM, \|
	24	\| see the CiviCRM license FAQ at http://civicrm.org/licensing \|
	25	+--------------------------------------------------------------------+
d25dd0ee	26	*/
6a488035 TO	27
	28	/**
	29	*
	30	* @package CRM
8c9251b3	31	* @copyright CiviCRM LLC (c) 2004-2018
6a488035 TO	32	* $Id$
	33	*
	34	*/
	35
	36	/**
	37	* This is base class for all ajax calls
	38	*/
	39	class CRM_Core_Page_AJAX {
	40
	41	/**
fe482240	42	* Call generic ajax forms.
6a488035	43	*
6a488035	44	*/
00be9182	45	public static function run() {
6a488035 TO	46	$className = CRM_Utils_Type::escape($_REQUEST['class_name'], 'String');
	47	$type = '';
	48	if (!empty($_REQUEST['type'])) {
	49	$type = CRM_Utils_Type::escape($_REQUEST['type'], 'String');
	50	}
	51
	52	if (!$className) {
	53	CRM_Core_Error::fatal(ts('Invalid className: %1', array(1 => $className)));
	54	}
	55
	56	$fnName = NULL;
	57	if (isset($_REQUEST['fn_name'])) {
	58	$fnName = CRM_Utils_Type::escape($_REQUEST['fn_name'], 'String');
	59	}
	60
	61	if (!self::checkAuthz($type, $className, $fnName)) {
	62	CRM_Utils_System::civiExit();
	63	}
	64
	65	switch ($type) {
	66	case 'method':
	67	call_user_func(array($className, $fnName));
	68	break;
	69
	70	case 'page':
	71	case 'class':
	72	case '':
	73	// FIXME: This is done to maintain current wire protocol, but it might be
	74	// simpler to just require different 'types' for pages and forms
	75	if (preg_match('/^CRM_[a-zA-Z0-9]+_Page_Inline_/', $className)) {
7c550ca0	76	$page = new $className();
6a488035 TO	77	$page->run();
	78	}
	79	else {
	80	$wrapper = new CRM_Utils_Wrapper();
	81	$wrapper->run($className);
	82	}
	83	break;
2aa397bc	84
6a488035 TO	85	default:
	86	CRM_Core_Error::debug_log_message('Unsupported inline request type: ' . var_export($type, TRUE));
	87	}
	88	CRM_Utils_System::civiExit();
	89	}
	90
	91	/**
fe482240	92	* Change is_quick_config priceSet to complex.
6a488035	93	*
6a488035	94	*/
00be9182	95	public static function setIsQuickConfig() {
6a488035	96	$id = $context = NULL;
a7488080	97	if (!empty($_REQUEST['id'])) {
6a488035 TO	98	$id = CRM_Utils_Type::escape($_REQUEST['id'], 'Integer');
6a488035 TO	99	}
cbb7c7e0	100
a7488080	101	if (!empty($_REQUEST['context'])) {
6a488035 TO	102	$context = CRM_Utils_Type::escape($_REQUEST['context'], 'String');
6a488035 TO	103	}
cbb7c7e0	104	// return false if $id is null and
6a488035 TO	105	// $context is not civicrm_event or civicrm_contribution_page
6a488035 TO	106	if (!$id \|\| !in_array($context, array('civicrm_event', 'civicrm_contribution_page'))) {
2aa397bc	107	return FALSE;
6a488035	108	}
9da8dc8c	109	$priceSetId = CRM_Price_BAO_PriceSet::getFor($context, $id, NULL);
6a488035	110	if ($priceSetId) {
50e2d48d	111	$sql = "UPDATE
	112	civicrm_price_set cps
	113	INNER JOIN civicrm_price_set_entity cpse ON cps.id = cpse.price_set_id
	114	INNER JOIN {$context} ce ON cpse.entity_id = ce.id AND ce.id = %1
	115	SET cps.is_quick_config = 0, cps.financial_type_id = IF(cps.financial_type_id IS NULL, ce.financial_type_id, cps.financial_type_id)
	116	";
	117	CRM_Core_DAO::executeQuery($sql, array(1 => array($id, 'Integer')));
	118
6a488035	119	if ($context == 'civicrm_event') {
6a488035 TO	120	CRM_Core_BAO_Discount::del($id, $context);
	121	}
	122	}
50e2d48d	123
ecdef330	124	CRM_Utils_JSON::output($priceSetId);
6a488035 TO	125	}
	126
	127	/**
	128	* Determine whether the request is for a valid class/method name.
	129	*
6a0b768e TO	130	* @param string $type
	131	* 'method'\|'class'\|''.
	132	* @param string $className
	133	* 'Class_Name'.
	134	* @param string $fnName
	135	* Method name.
77b97be7 EM	136	*
77b97be7 EM	137	* @return bool
6a488035	138	*/
2aa397bc	139	public static function checkAuthz($type, $className, $fnName = NULL) {
6a488035 TO	140	switch ($type) {
	141	case 'method':
	142	if (!preg_match('/^CRM_[a-zA-Z0-9]+_Page_AJAX$/', $className)) {
	143	return FALSE;
	144	}
	145	if (!preg_match('/^[a-zA-Z0-9]+$/', $fnName)) {
	146	return FALSE;
	147	}
	148
	149	// ensure that function exists
	150	return method_exists($className, $fnName);
	151
	152	case 'page':
	153	case 'class':
	154	case '':
	155	if (!preg_match('/^CRM_[a-zA-Z0-9]+_(Page\|Form)_Inline_[a-zA-Z0-9]+$/', $className)) {
	156	return FALSE;
	157	}
	158	return class_exists($className);
2aa397bc	159
6a488035 TO	160	default:
	161	return FALSE;
	162	}
	163	}
03a7ec8f CW	164
	165	/**
	166	* Outputs the CiviCRM standard json-formatted page/form response
	167	* @param array\|string $response
	168	*/
00be9182	169	public static function returnJsonResponse($response) {
03a7ec8f CW	170	// Allow lazy callers to not wrap content in an array
	171	if (is_string($response)) {
	172	$response = array('content' => $response);
	173	}
0e017a41	174	// Add session variables to response
03a7ec8f CW	175	$session = CRM_Core_Session::singleton();
	176	$response += array(
	177	'status' => 'success',
	178	'userContext' => htmlspecialchars_decode($session->readUserContext()),
0e017a41	179	'title' => CRM_Utils_System::$title,
03a7ec8f	180	);
0e017a41 CW	181	// crmMessages will be automatically handled by our ajax preprocessor
0e017a41 CW	182	// @see js/Common.js
03a7ec8f CW	183	if ($session->getStatus(FALSE)) {
	184	$response['crmMessages'] = $session->getStatus(TRUE);
	185	}
5d76705d	186	$output = json_encode($response);
03a7ec8f CW	187
03a7ec8f CW	188	// CRM-11831 @see http://www.malsup.com/jquery/form/#file-upload
5d76705d	189	if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
d42a224c	190	CRM_Utils_System::setHttpHeader('Content-Type', 'application/json');
03a7ec8f	191	}
5d76705d CW	192	else {
5d76705d CW	193	$output = "<textarea>$output</textarea>";
03a7ec8f	194	}
5d76705d	195	echo $output;
03a7ec8f CW	196	CRM_Utils_System::civiExit();
03a7ec8f CW	197	}
d6408252	198
4cc9b813	199	/**
fe482240	200	* Set headers appropriate for a js file.
e5afbdad TO	201	*
	202	* @param int\|NULL $ttl
	203	* Time-to-live (seconds).
4cc9b813	204	*/
e5afbdad TO	205	public static function setJsHeaders($ttl = NULL) {
	206	if ($ttl === NULL) {
	207	// Encourage browsers to cache for a long time - 1 year
	208	$ttl = 60 * 60 * 24 * 364;
	209	}
d42a224c CW	210	CRM_Utils_System::setHttpHeader('Expires', gmdate('D, d M Y H:i:s \G\M\T', time() + $ttl));
	211	CRM_Utils_System::setHttpHeader('Content-Type', 'application/javascript');
	212	CRM_Utils_System::setHttpHeader('Cache-Control', "max-age=$ttl, public");
4cc9b813 CW	213	}
4cc9b813 CW	214
8246bca4	215	/**
	216	* Set defaults for sort and pager.
	217	*
	218	* @param int $defaultOffset
	219	* @param int $defaultRowCount
	220	* @param string $defaultSort
	221	* @param string $defaultsortOrder
	222	*
	223	* @return array
	224	*/
00f11506	225	public static function defaultSortAndPagerParams($defaultOffset = 0, $defaultRowCount = 25, $defaultSort = NULL, $defaultsortOrder = 'asc') {
9c3f979f MM	226	$params = array(
	227	'_raw_values' => array(),
	228	);
00f11506 MM	229
00f11506 MM	230	$sortMapper = array();
62cfbded MM	231	if (isset($_GET['columns'])) {
62cfbded MM	232	foreach ($_GET['columns'] as $key => $value) {
a33b83c5	233	$sortMapper[$key] = CRM_Utils_Type::validate($value['data'], 'MysqlColumnNameOrAlias');
62cfbded MM	234	};
62cfbded MM	235	}
00f11506	236
5d817a13 MM	237	$offset = isset($_GET['start']) ? CRM_Utils_Type::validate($_GET['start'], 'Integer') : $defaultOffset;
5d817a13 MM	238	$rowCount = isset($_GET['length']) ? CRM_Utils_Type::validate($_GET['length'], 'Integer') : $defaultRowCount;
00f11506	239	// Why is the number of order by columns limited to 1?
5d817a13 MM	240	$sort = isset($_GET['order'][0]['column']) ? CRM_Utils_Array::value(CRM_Utils_Type::validate($_GET['order'][0]['column'], 'Integer'), $sortMapper) : $defaultSort;
5d817a13 MM	241	$sortOrder = isset($_GET['order'][0]['dir']) ? CRM_Utils_Type::validate($_GET['order'][0]['dir'], 'MysqlOrderByDirection') : $defaultsortOrder;
00f11506 MM	242
00f11506 MM	243	if ($sort) {
2e58abf9	244	$params['sortBy'] = "{$sort} {$sortOrder}";
9c3f979f	245
da93a1ab MM	246	$params['_raw_values']['sort'][0] = $sort;
da93a1ab MM	247	$params['_raw_values']['order'][0] = $sortOrder;
00f11506 MM	248	}
00f11506 MM	249
9c3f979f	250	$params['offset'] = $offset;
00f11506	251	$params['rp'] = $rowCount;
9c3f979f MM	252	$params['page'] = ($offset / $rowCount) + 1;
	253
	254	return $params;
	255	}
	256
f2ac86d1	257	/**
	258	* Validate ajax input parameters.
	259	*
	260	* @param array $requiredParams
	261	* @param array $optionalParams
	262	*
	263	* @return array
	264	*/
5d817a13	265	public static function validateParams($requiredParams = array(), $optionalParams = array()) {
9c3f979f MM	266	$params = array();
	267
	268	foreach ($requiredParams as $param => $type) {
5d817a13	269	$params[$param] = CRM_Utils_Type::validate(CRM_Utils_Array::value($param, $_GET), $type);
9c3f979f MM	270	}
	271
	272	foreach ($optionalParams as $param => $type) {
	273	if (CRM_Utils_Array::value($param, $_GET)) {
5d817a13	274	$params[$param] = CRM_Utils_Type::validate(CRM_Utils_Array::value($param, $_GET), $type);
9c3f979f MM	275	}
9c3f979f MM	276	}
00f11506 MM	277
00f11506 MM	278	return $params;
9c3f979f	279
00f11506 MM	280	}
00f11506 MM	281
6a488035	282	}