Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
4 | | CiviCRM version 4.3 | | |
5 | +--------------------------------------------------------------------+ | |
6 | | Copyright CiviCRM LLC (c) 2004-2013 | | |
7 | +--------------------------------------------------------------------+ | |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
26 | */ | |
27 | ||
28 | /** | |
29 | * | |
30 | * @package CRM | |
31 | * @copyright CiviCRM LLC (c) 2004-2013 | |
32 | * $Id$ | |
33 | * | |
34 | */ | |
35 | class CRM_Import_DataSource_SQL extends CRM_Import_DataSource { | |
36 | ||
37 | public function getInfo() { | |
38 | return array('title' => ts('SQL Query')); | |
39 | } | |
40 | ||
41 | public function preProcess(&$form) {} | |
42 | ||
43 | public function buildQuickForm(&$form) { | |
44 | $form->add('hidden', 'hidden_dataSource', 'CRM_Import_DataSource_SQL'); | |
45 | $form->add('textarea', 'sqlQuery', ts('Specify SQL Query'), 'rows=10 cols=45', TRUE); | |
46 | $form->addFormRule(array('CRM_Import_DataSource_SQL', 'formRule'), $form); | |
47 | } | |
48 | ||
49 | static function formRule($fields, $files, $form) { | |
50 | $errors = array(); | |
51 | ||
52 | // poor man's query validation (case-insensitive regex matching on word boundaries) | |
53 | $forbidden = array('ALTER', 'CREATE', 'DELETE', 'DESCRIBE', 'DROP', 'SHOW', 'UPDATE', 'information_schema'); | |
54 | foreach ($forbidden as $pattern) { | |
55 | if (preg_match("/\\b$pattern\\b/i", $fields['sqlQuery'])) { | |
56 | $errors['sqlQuery'] = ts('The query contains the forbidden %1 command.', array(1 => $pattern)); | |
57 | } | |
58 | } | |
59 | ||
60 | return $errors ? $errors : TRUE; | |
61 | } | |
62 | ||
63 | public function postProcess(&$params, &$db, &$form) { | |
64 | require_once 'CRM/Import/ImportJob.php'; | |
65 | $importJob = new CRM_Import_ImportJob( | |
66 | CRM_Utils_Array::value( 'import_table_name', $params ), | |
67 | $params['sqlQuery'], true | |
68 | ); | |
69 | ||
70 | $form->set('importTableName', $importJob->getTableName()); | |
71 | } | |
72 | } | |
73 |