Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
6a488035 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
6a488035 | 9 | +--------------------------------------------------------------------+ |
d25dd0ee | 10 | */ |
6a488035 TO |
11 | |
12 | /** | |
13 | * | |
14 | * @package CRM | |
ca5cec67 | 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
6a488035 TO |
16 | */ |
17 | class CRM_Import_DataSource_SQL extends CRM_Import_DataSource { | |
18 | ||
7b057b66 EM |
19 | /** |
20 | * Form fields declared for this datasource. | |
21 | * | |
22 | * @var string[] | |
23 | */ | |
24 | protected $submittableFields = ['sqlQuery']; | |
25 | ||
e0ef6999 | 26 | /** |
fe482240 | 27 | * Provides information about the data source. |
e0ef6999 | 28 | * |
a6c01b45 CW |
29 | * @return array |
30 | * collection of info about this data source | |
e0ef6999 | 31 | */ |
39dc35d4 | 32 | public function getInfo(): array { |
be2fb01f | 33 | return [ |
11749569 | 34 | 'title' => ts('SQL Query'), |
be2fb01f CW |
35 | 'permissions' => ['import SQL datasource'], |
36 | ]; | |
6a488035 TO |
37 | } |
38 | ||
e0ef6999 EM |
39 | /** |
40 | * This is function is called by the form object to get the DataSource's | |
41 | * form snippet. It should add all fields necesarry to get the data | |
42 | * uploaded to the temporary table in the DB. | |
43 | * | |
c490a46a | 44 | * @param CRM_Core_Form $form |
e0ef6999 | 45 | * |
a6c01b45 CW |
46 | * @return void |
47 | * (operates directly on form argument) | |
e0ef6999 | 48 | */ |
6a488035 TO |
49 | public function buildQuickForm(&$form) { |
50 | $form->add('hidden', 'hidden_dataSource', 'CRM_Import_DataSource_SQL'); | |
4367e964 | 51 | $form->add('textarea', 'sqlQuery', ts('Specify SQL Query'), ['rows' => 10, 'cols' => 45], TRUE); |
be2fb01f | 52 | $form->addFormRule(['CRM_Import_DataSource_SQL', 'formRule'], $form); |
6a488035 TO |
53 | } |
54 | ||
e0ef6999 EM |
55 | /** |
56 | * @param $fields | |
57 | * @param $files | |
c490a46a | 58 | * @param CRM_Core_Form $form |
e0ef6999 EM |
59 | * |
60 | * @return array|bool | |
61 | */ | |
00be9182 | 62 | public static function formRule($fields, $files, $form) { |
be2fb01f | 63 | $errors = []; |
6a488035 | 64 | |
e047612e | 65 | // Makeshift query validation (case-insensitive regex matching on word boundaries) |
be2fb01f | 66 | $forbidden = ['ALTER', 'CREATE', 'DELETE', 'DESCRIBE', 'DROP', 'SHOW', 'UPDATE', 'information_schema']; |
6a488035 TO |
67 | foreach ($forbidden as $pattern) { |
68 | if (preg_match("/\\b$pattern\\b/i", $fields['sqlQuery'])) { | |
be2fb01f | 69 | $errors['sqlQuery'] = ts('The query contains the forbidden %1 command.', [1 => $pattern]); |
6a488035 TO |
70 | } |
71 | } | |
72 | ||
73 | return $errors ? $errors : TRUE; | |
74 | } | |
75 | ||
e0ef6999 | 76 | /** |
fe482240 | 77 | * Process the form submission. |
54957108 | 78 | * |
79 | * @param array $params | |
80 | * @param string $db | |
81 | * @param \CRM_Core_Form $form | |
0a66a182 | 82 | * |
83 | * @throws \CRM_Core_Exception | |
e0ef6999 | 84 | */ |
6a488035 | 85 | public function postProcess(&$params, &$db, &$form) { |
719a6fec | 86 | $importJob = new CRM_Contact_Import_ImportJob( |
481a74f4 | 87 | CRM_Utils_Array::value('import_table_name', $params), |
3a05d67e | 88 | $params['sqlQuery'], TRUE |
6a488035 TO |
89 | ); |
90 | ||
91 | $form->set('importTableName', $importJob->getTableName()); | |
7b057b66 EM |
92 | $this->dataSourceMetadata = [ |
93 | 'table_name' => $importJob->getTableName(), | |
94 | ]; | |
6a488035 | 95 | } |
96025800 | 96 | |
6a488035 | 97 | } |