[civicrm-core.git] / CRM / Import / DataSource / SQL.php

<?php
/*
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC. All rights reserved.                        |
 |                                                                    |
 | This work is published under the GNU AGPLv3 license with some      |
 | permitted exceptions and without any warranty. For full license    |
 | and copyright information, see https://civicrm.org/licensing       |
 +--------------------------------------------------------------------+
 */

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC https://civicrm.org/licensing
 * $Id$
 *
 */
class CRM_Import_DataSource_SQL extends CRM_Import_DataSource {

  /**
   * Provides information about the data source.
   *
   * @return array
   *   collection of info about this data source
   */
  public function getInfo() {
    return [
      'title' => ts('SQL Query'),
      'permissions' => ['import SQL datasource'],
    ];
  }

  /**
   * Set variables up before form is built.
   *
   * @param CRM_Core_Form $form
   */
  public function preProcess(&$form) {
  }

  /**
   * This is function is called by the form object to get the DataSource's
   * form snippet. It should add all fields necesarry to get the data
   * uploaded to the temporary table in the DB.
   *
   * @param CRM_Core_Form $form
   *
   * @return void
   *   (operates directly on form argument)
   */
  public function buildQuickForm(&$form) {
    $form->add('hidden', 'hidden_dataSource', 'CRM_Import_DataSource_SQL');
    $form->add('textarea', 'sqlQuery', ts('Specify SQL Query'), 'rows=10 cols=45', TRUE);
    $form->addFormRule(['CRM_Import_DataSource_SQL', 'formRule'], $form);
  }

  /**
   * @param $fields
   * @param $files
   * @param CRM_Core_Form $form
   *
   * @return array|bool
   */
  public static function formRule($fields, $files, $form) {
    $errors = [];

    // Makeshift query validation (case-insensitive regex matching on word boundaries)
    $forbidden = ['ALTER', 'CREATE', 'DELETE', 'DESCRIBE', 'DROP', 'SHOW', 'UPDATE', 'information_schema'];
    foreach ($forbidden as $pattern) {
      if (preg_match("/\\b$pattern\\b/i", $fields['sqlQuery'])) {
        $errors['sqlQuery'] = ts('The query contains the forbidden %1 command.', [1 => $pattern]);
      }
    }

    return $errors ? $errors : TRUE;
  }

  /**
   * Process the form submission.
   *
   * @param array $params
   * @param string $db
   * @param \CRM_Core_Form $form
   */
  public function postProcess(&$params, &$db, &$form) {
    $importJob = new CRM_Contact_Import_ImportJob(
      CRM_Utils_Array::value('import_table_name', $params),
      $params['sqlQuery'], TRUE
    );

    $form->set('importTableName', $importJob->getTableName());
  }

}
Commit	Line	Data
6a488035 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
bc77d7c0	4	\| Copyright CiviCRM LLC. All rights reserved. \|
6a488035	5	\| \|
bc77d7c0 TO	6	\| This work is published under the GNU AGPLv3 license with some \|
	7	\| permitted exceptions and without any warranty. For full license \|
	8	\| and copyright information, see https://civicrm.org/licensing \|
6a488035	9	+--------------------------------------------------------------------+
d25dd0ee	10	*/
6a488035 TO	11
	12	/**
	13	*
	14	* @package CRM
ca5cec67	15	* @copyright CiviCRM LLC https://civicrm.org/licensing
6a488035 TO	16	* $Id$
	17	*
	18	*/
	19	class CRM_Import_DataSource_SQL extends CRM_Import_DataSource {
	20
e0ef6999	21	/**
fe482240	22	* Provides information about the data source.
e0ef6999	23	*
a6c01b45 CW	24	* @return array
a6c01b45 CW	25	* collection of info about this data source
e0ef6999	26	*/
6a488035	27	public function getInfo() {
be2fb01f	28	return [
11749569	29	'title' => ts('SQL Query'),
be2fb01f CW	30	'permissions' => ['import SQL datasource'],
be2fb01f CW	31	];
6a488035 TO	32	}
6a488035 TO	33
e0ef6999	34	/**
fe482240	35	* Set variables up before form is built.
67f947ac EM	36	*
67f947ac EM	37	* @param CRM_Core_Form $form
e0ef6999	38	*/
3a05d67e TO	39	public function preProcess(&$form) {
3a05d67e TO	40	}
6a488035	41
e0ef6999 EM	42	/**
	43	* This is function is called by the form object to get the DataSource's
	44	* form snippet. It should add all fields necesarry to get the data
	45	* uploaded to the temporary table in the DB.
	46	*
c490a46a	47	* @param CRM_Core_Form $form
e0ef6999	48	*
a6c01b45 CW	49	* @return void
a6c01b45 CW	50	* (operates directly on form argument)
e0ef6999	51	*/
6a488035 TO	52	public function buildQuickForm(&$form) {
	53	$form->add('hidden', 'hidden_dataSource', 'CRM_Import_DataSource_SQL');
	54	$form->add('textarea', 'sqlQuery', ts('Specify SQL Query'), 'rows=10 cols=45', TRUE);
be2fb01f	55	$form->addFormRule(['CRM_Import_DataSource_SQL', 'formRule'], $form);
6a488035 TO	56	}
6a488035 TO	57
e0ef6999 EM	58	/**
	59	* @param $fields
	60	* @param $files
c490a46a	61	* @param CRM_Core_Form $form
e0ef6999 EM	62	*
	63	* @return array\|bool
	64	*/
00be9182	65	public static function formRule($fields, $files, $form) {
be2fb01f	66	$errors = [];
6a488035	67
e047612e	68	// Makeshift query validation (case-insensitive regex matching on word boundaries)
be2fb01f	69	$forbidden = ['ALTER', 'CREATE', 'DELETE', 'DESCRIBE', 'DROP', 'SHOW', 'UPDATE', 'information_schema'];
6a488035 TO	70	foreach ($forbidden as $pattern) {
6a488035 TO	71	if (preg_match("/\\b$pattern\\b/i", $fields['sqlQuery'])) {
be2fb01f	72	$errors['sqlQuery'] = ts('The query contains the forbidden %1 command.', [1 => $pattern]);
6a488035 TO	73	}
	74	}
	75
	76	return $errors ? $errors : TRUE;
	77	}
	78
e0ef6999	79	/**
fe482240	80	* Process the form submission.
54957108	81	*
	82	* @param array $params
	83	* @param string $db
	84	* @param \CRM_Core_Form $form
e0ef6999	85	*/
6a488035	86	public function postProcess(&$params, &$db, &$form) {
719a6fec	87	$importJob = new CRM_Contact_Import_ImportJob(
481a74f4	88	CRM_Utils_Array::value('import_table_name', $params),
3a05d67e	89	$params['sqlQuery'], TRUE
6a488035 TO	90	);
	91
	92	$form->set('importTableName', $importJob->getTableName());
	93	}
96025800	94
6a488035	95	}