| 1 | <?php |
| 2 | /* |
| 3 | +--------------------------------------------------------------------+ |
| 4 | | Copyright CiviCRM LLC. All rights reserved. | |
| 5 | | | |
| 6 | | This work is published under the GNU AGPLv3 license with some | |
| 7 | | permitted exceptions and without any warranty. For full license | |
| 8 | | and copyright information, see https://civicrm.org/licensing | |
| 9 | +--------------------------------------------------------------------+ |
| 10 | */ |
| 11 | |
| 12 | /** |
| 13 | * |
| 14 | * Given an argument list, invoke the appropriate CRM function |
| 15 | * Serves as a wrapper between the UserFrameWork and Core CRM |
| 16 | * |
| 17 | * @package CRM |
| 18 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
| 19 | */ |
| 20 | class CRM_Core_Invoke { |
| 21 | |
| 22 | /** |
| 23 | * This is the main front-controller that integrates with the CMS. Any |
| 24 | * page-request that is sent to the CMS and intended for CiviCRM should |
| 25 | * be processed by invoke(). |
| 26 | * |
| 27 | * @param array $args |
| 28 | * The parts of the URL which identify the intended CiviCRM page |
| 29 | * (e.g. array('civicrm', 'event', 'register')). |
| 30 | * @return string |
| 31 | * HTML. For non-HTML content, invoke() may call print() and exit(). |
| 32 | * |
| 33 | */ |
| 34 | public static function invoke($args) { |
| 35 | try { |
| 36 | return self::_invoke($args); |
| 37 | } |
| 38 | catch (Exception $e) { |
| 39 | CRM_Core_Error::handleUnhandledException($e); |
| 40 | } |
| 41 | } |
| 42 | |
| 43 | /** |
| 44 | * This is the same as invoke(), but it does *not* include exception |
| 45 | * handling. |
| 46 | * |
| 47 | * @param array $args |
| 48 | * The parts of the URL which identify the intended CiviCRM page |
| 49 | * (e.g. array('civicrm', 'event', 'register')). |
| 50 | * @return string |
| 51 | * HTML. For non-HTML content, invoke() may call print() and exit(). |
| 52 | */ |
| 53 | public static function _invoke($args) { |
| 54 | if ($args[0] !== 'civicrm') { |
| 55 | return NULL; |
| 56 | } |
| 57 | // CRM-15901: Turn off PHP errors display for all ajax calls |
| 58 | if (CRM_Utils_Array::value(1, $args) == 'ajax' || !empty($_REQUEST['snippet'])) { |
| 59 | ini_set('display_errors', 0); |
| 60 | } |
| 61 | |
| 62 | if (!defined('CIVICRM_SYMFONY_PATH')) { |
| 63 | // Traditional Civi invocation path |
| 64 | // may exit |
| 65 | self::hackMenuRebuild($args); |
| 66 | self::init($args); |
| 67 | $item = self::getItem($args); |
| 68 | return self::runItem($item); |
| 69 | } |
| 70 | else { |
| 71 | // Symfony-based invocation path |
| 72 | require_once CIVICRM_SYMFONY_PATH . '/app/bootstrap.php.cache'; |
| 73 | require_once CIVICRM_SYMFONY_PATH . '/app/AppKernel.php'; |
| 74 | $kernel = new AppKernel('dev', TRUE); |
| 75 | $kernel->loadClassCache(); |
| 76 | $response = $kernel->handle(Symfony\Component\HttpFoundation\Request::createFromGlobals()); |
| 77 | if (preg_match(':^text/html:', $response->headers->get('Content-Type'))) { |
| 78 | // let the CMS handle the trappings |
| 79 | return $response->getContent(); |
| 80 | } |
| 81 | else { |
| 82 | $response->send(); |
| 83 | exit(); |
| 84 | } |
| 85 | } |
| 86 | } |
| 87 | |
| 88 | /** |
| 89 | * Hackish support /civicrm/menu/rebuild |
| 90 | * |
| 91 | * @param array $args |
| 92 | * List of path parts. |
| 93 | * @void |
| 94 | */ |
| 95 | public static function hackMenuRebuild($args) { |
| 96 | if (['civicrm', 'menu', 'rebuild'] == $args || ['civicrm', 'clearcache'] == $args) { |
| 97 | // ensure that the user has a good privilege level |
| 98 | if (CRM_Core_Permission::check('administer CiviCRM')) { |
| 99 | self::rebuildMenuAndCaches(); |
| 100 | CRM_Core_Session::setStatus(ts('Cleared all CiviCRM caches (database, menu, templates)'), ts('Complete'), 'success'); |
| 101 | // exits |
| 102 | return CRM_Utils_System::redirect(); |
| 103 | } |
| 104 | else { |
| 105 | CRM_Core_Error::statusBounce('You do not have permission to execute this url'); |
| 106 | } |
| 107 | } |
| 108 | } |
| 109 | |
| 110 | /** |
| 111 | * Perform general setup. |
| 112 | * |
| 113 | * @param array $args |
| 114 | * List of path parts. |
| 115 | * @void |
| 116 | */ |
| 117 | public static function init($args) { |
| 118 | // first fire up IDS and check for bad stuff |
| 119 | $config = CRM_Core_Config::singleton(); |
| 120 | |
| 121 | // also initialize the i18n framework |
| 122 | require_once 'CRM/Core/I18n.php'; |
| 123 | $i18n = CRM_Core_I18n::singleton(); |
| 124 | } |
| 125 | |
| 126 | /** |
| 127 | * Determine which menu $item corresponds to $args |
| 128 | * |
| 129 | * @param array $args |
| 130 | * List of path parts. |
| 131 | * @return array; see CRM_Core_Menu |
| 132 | */ |
| 133 | public static function getItem($args) { |
| 134 | if (is_array($args)) { |
| 135 | // get the menu items |
| 136 | $path = implode('/', $args); |
| 137 | } |
| 138 | else { |
| 139 | $path = $args; |
| 140 | } |
| 141 | $item = CRM_Core_Menu::get($path); |
| 142 | |
| 143 | // we should try to compute menus, if item is empty and stay on the same page, |
| 144 | // rather than compute and redirect to dashboard. |
| 145 | if (!$item) { |
| 146 | CRM_Core_Menu::store(FALSE); |
| 147 | $item = CRM_Core_Menu::get($path); |
| 148 | } |
| 149 | |
| 150 | return $item; |
| 151 | } |
| 152 | |
| 153 | /** |
| 154 | * Register an alternative phar:// stream wrapper to filter out insecure Phars |
| 155 | * |
| 156 | * PHP makes it possible to trigger Object Injection vulnerabilities by using |
| 157 | * a side-effect of the phar:// stream wrapper that unserializes Phar |
| 158 | * metadata. To mitigate this vulnerability, projects such as TYPO3 and Drupal |
| 159 | * have implemented an alternative Phar stream wrapper that disallows |
| 160 | * inclusion of phar files based on certain parameters. |
| 161 | * |
| 162 | * This code attempts to register the TYPO3 Phar stream wrapper using the |
| 163 | * interceptor defined in \Civi\Core\Security\PharExtensionInterceptor. In an |
| 164 | * environment where the stream wrapper was already registered via |
| 165 | * \TYPO3\PharStreamWrapper\Manager (i.e. Drupal), this code does not do |
| 166 | * anything. In other environments (e.g. WordPress, at the time of this |
| 167 | * writing), the TYPO3 library is used to register the interceptor to mitigate |
| 168 | * the vulnerability. |
| 169 | */ |
| 170 | private static function registerPharHandler() { |
| 171 | try { |
| 172 | // try to get the existing stream wrapper, registered e.g. by Drupal |
| 173 | \TYPO3\PharStreamWrapper\Manager::instance(); |
| 174 | } |
| 175 | catch (\LogicException $e) { |
| 176 | if ($e->getCode() === 1535189872) { |
| 177 | // no phar stream wrapper was registered by \TYPO3\PharStreamWrapper\Manager. |
| 178 | // This means we're probably not on Drupal and need to register our own. |
| 179 | \TYPO3\PharStreamWrapper\Manager::initialize( |
| 180 | (new \TYPO3\PharStreamWrapper\Behavior()) |
| 181 | ->withAssertion(new \Civi\Core\Security\PharExtensionInterceptor()) |
| 182 | ); |
| 183 | if (in_array('phar', stream_get_wrappers())) { |
| 184 | stream_wrapper_unregister('phar'); |
| 185 | stream_wrapper_register('phar', \TYPO3\PharStreamWrapper\PharStreamWrapper::class); |
| 186 | } |
| 187 | } |
| 188 | else { |
| 189 | // this is not an exception we can handle |
| 190 | throw $e; |
| 191 | } |
| 192 | } |
| 193 | } |
| 194 | |
| 195 | /** |
| 196 | * Given a menu item, call the appropriate controller and return the response |
| 197 | * |
| 198 | * @param array $item |
| 199 | * See CRM_Core_Menu. |
| 200 | * @return string, HTML |
| 201 | */ |
| 202 | public static function runItem($item) { |
| 203 | $ids = new CRM_Core_IDS(); |
| 204 | $ids->check($item); |
| 205 | |
| 206 | self::registerPharHandler(); |
| 207 | |
| 208 | $config = CRM_Core_Config::singleton(); |
| 209 | if ($config->userFramework == 'Joomla' && $item) { |
| 210 | $config->userFrameworkURLVar = 'task'; |
| 211 | |
| 212 | // joomla 1.5RC1 seems to push this in the POST variable, which messes |
| 213 | // QF and checkboxes |
| 214 | unset($_POST['option']); |
| 215 | CRM_Core_Joomla::sidebarLeft(); |
| 216 | } |
| 217 | |
| 218 | // set active Component |
| 219 | $template = CRM_Core_Smarty::singleton(); |
| 220 | $template->assign('activeComponent', 'CiviCRM'); |
| 221 | $template->assign('formTpl', 'default'); |
| 222 | |
| 223 | if ($item) { |
| 224 | |
| 225 | if (!array_key_exists('page_callback', $item)) { |
| 226 | CRM_Core_Error::debug('Bad item', $item); |
| 227 | CRM_Core_Error::statusBounce(ts('Bad menu record in database')); |
| 228 | } |
| 229 | |
| 230 | // check that we are permissioned to access this page |
| 231 | if (!CRM_Core_Permission::checkMenuItem($item)) { |
| 232 | CRM_Utils_System::permissionDenied(); |
| 233 | return NULL; |
| 234 | } |
| 235 | |
| 236 | // check if ssl is set |
| 237 | if (!empty($item['is_ssl'])) { |
| 238 | CRM_Utils_System::redirectToSSL(); |
| 239 | } |
| 240 | |
| 241 | if (isset($item['title'])) { |
| 242 | CRM_Utils_System::setTitle($item['title']); |
| 243 | } |
| 244 | |
| 245 | if (isset($item['breadcrumb']) && !isset($item['is_public'])) { |
| 246 | CRM_Utils_System::appendBreadCrumb($item['breadcrumb']); |
| 247 | } |
| 248 | |
| 249 | $pageArgs = NULL; |
| 250 | if (!empty($item['page_arguments'])) { |
| 251 | $pageArgs = CRM_Core_Menu::getArrayForPathArgs($item['page_arguments']); |
| 252 | } |
| 253 | |
| 254 | $template = CRM_Core_Smarty::singleton(); |
| 255 | if (!empty($item['is_public'])) { |
| 256 | $template->assign('urlIsPublic', TRUE); |
| 257 | } |
| 258 | else { |
| 259 | $template->assign('urlIsPublic', FALSE); |
| 260 | self::statusCheck($template); |
| 261 | } |
| 262 | |
| 263 | if (isset($item['return_url'])) { |
| 264 | $session = CRM_Core_Session::singleton(); |
| 265 | $args = CRM_Utils_Array::value( |
| 266 | 'return_url_args', |
| 267 | $item, |
| 268 | 'reset=1' |
| 269 | ); |
| 270 | $session->pushUserContext(CRM_Utils_System::url($item['return_url'], $args)); |
| 271 | } |
| 272 | |
| 273 | $result = NULL; |
| 274 | // WISHLIST: Refactor this. Instead of pattern-matching on page_callback, lookup |
| 275 | // page_callback via Civi\Core\Resolver and check the implemented interfaces. This |
| 276 | // would require rethinking the default constructor. |
| 277 | if (is_array($item['page_callback']) || strpos($item['page_callback'], ':')) { |
| 278 | $result = call_user_func(Civi\Core\Resolver::singleton()->get($item['page_callback'])); |
| 279 | } |
| 280 | elseif (strstr($item['page_callback'], '_Form')) { |
| 281 | $wrapper = new CRM_Utils_Wrapper(); |
| 282 | $result = $wrapper->run( |
| 283 | CRM_Utils_Array::value('page_callback', $item), |
| 284 | CRM_Utils_Array::value('title', $item), |
| 285 | $pageArgs ?? NULL |
| 286 | ); |
| 287 | } |
| 288 | else { |
| 289 | $newArgs = explode('/', $_GET[$config->userFrameworkURLVar]); |
| 290 | $mode = 'null'; |
| 291 | if (isset($pageArgs['mode'])) { |
| 292 | $mode = $pageArgs['mode']; |
| 293 | unset($pageArgs['mode']); |
| 294 | } |
| 295 | $title = $item['title'] ?? NULL; |
| 296 | if (strstr($item['page_callback'], '_Page') || strstr($item['page_callback'], '\\Page\\')) { |
| 297 | $object = new $item['page_callback']($title, $mode); |
| 298 | $object->urlPath = explode('/', $_GET[$config->userFrameworkURLVar]); |
| 299 | } |
| 300 | elseif (strstr($item['page_callback'], '_Controller') || strstr($item['page_callback'], '\\Controller\\')) { |
| 301 | $addSequence = 'false'; |
| 302 | if (isset($pageArgs['addSequence'])) { |
| 303 | $addSequence = $pageArgs['addSequence']; |
| 304 | $addSequence = $addSequence ? 'true' : 'false'; |
| 305 | unset($pageArgs['addSequence']); |
| 306 | } |
| 307 | $object = new $item['page_callback']($title, TRUE, $mode, NULL, $addSequence); |
| 308 | } |
| 309 | else { |
| 310 | throw new CRM_Core_Exception('Execute supplied menu action'); |
| 311 | } |
| 312 | $result = $object->run($newArgs, $pageArgs); |
| 313 | } |
| 314 | |
| 315 | CRM_Core_Session::storeSessionObjects(); |
| 316 | return $result; |
| 317 | } |
| 318 | |
| 319 | CRM_Core_Menu::store(); |
| 320 | CRM_Core_Session::setStatus(ts('Menu has been rebuilt'), ts('Complete'), 'success'); |
| 321 | return CRM_Utils_System::redirect(); |
| 322 | } |
| 323 | |
| 324 | /** |
| 325 | * This function contains the default action. |
| 326 | * |
| 327 | * @param $action |
| 328 | * |
| 329 | * @param $contact_type |
| 330 | * @param $contact_sub_type |
| 331 | * |
| 332 | */ |
| 333 | public static function form($action, $contact_type, $contact_sub_type) { |
| 334 | CRM_Utils_System::setUserContext(['civicrm/contact/search/basic', 'civicrm/contact/view']); |
| 335 | $wrapper = new CRM_Utils_Wrapper(); |
| 336 | |
| 337 | $properties = CRM_Core_Component::contactSubTypeProperties($contact_sub_type, 'Edit'); |
| 338 | if ($properties) { |
| 339 | $wrapper->run($properties['class'], ts('New %1', [1 => $contact_sub_type]), $action, TRUE); |
| 340 | } |
| 341 | else { |
| 342 | $wrapper->run('CRM_Contact_Form_Contact', ts('New Contact'), $action, TRUE); |
| 343 | } |
| 344 | } |
| 345 | |
| 346 | /** |
| 347 | * Show status in the footer (admin only) |
| 348 | * |
| 349 | * @param CRM_Core_Smarty $template |
| 350 | */ |
| 351 | public static function statusCheck($template) { |
| 352 | if (CRM_Core_Config::isUpgradeMode() || !CRM_Core_Permission::check('administer CiviCRM')) { |
| 353 | return; |
| 354 | } |
| 355 | // always use cached results - they will be refreshed by the session timer |
| 356 | $status = Civi::cache('checks')->get('systemStatusCheckResult'); |
| 357 | $template->assign('footer_status_severity', $status); |
| 358 | $template->assign('footer_status_message', CRM_Utils_Check::toStatusLabel($status)); |
| 359 | } |
| 360 | |
| 361 | /** |
| 362 | * @param bool $triggerRebuild |
| 363 | * @param bool $sessionReset |
| 364 | * |
| 365 | * @throws Exception |
| 366 | */ |
| 367 | public static function rebuildMenuAndCaches($triggerRebuild = FALSE, $sessionReset = FALSE) { |
| 368 | $config = CRM_Core_Config::singleton(); |
| 369 | $config->clearModuleList(); |
| 370 | |
| 371 | // also cleanup all caches |
| 372 | $config->cleanupCaches($sessionReset || CRM_Utils_Request::retrieve('sessionReset', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET')); |
| 373 | |
| 374 | CRM_Core_Menu::store(); |
| 375 | |
| 376 | // also reset navigation |
| 377 | CRM_Core_BAO_Navigation::resetNavigation(); |
| 378 | |
| 379 | // also cleanup module permissions |
| 380 | $config->cleanupPermissions(); |
| 381 | |
| 382 | // rebuild word replacement cache - pass false to prevent operations redundant with this fn |
| 383 | CRM_Core_BAO_WordReplacement::rebuild(FALSE); |
| 384 | |
| 385 | Civi::service('settings_manager')->flush(); |
| 386 | // Clear js caches |
| 387 | CRM_Core_Resources::singleton()->flushStrings()->resetCacheCode(); |
| 388 | CRM_Case_XMLRepository::singleton(TRUE); |
| 389 | |
| 390 | // also rebuild triggers if requested explicitly |
| 391 | if ( |
| 392 | $triggerRebuild || |
| 393 | CRM_Utils_Request::retrieve('triggerRebuild', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET') |
| 394 | ) { |
| 395 | CRM_Core_DAO::triggerRebuild(); |
| 396 | } |
| 397 | CRM_Core_DAO_AllCoreTables::reinitializeCache(TRUE); |
| 398 | CRM_Core_ManagedEntities::singleton(TRUE)->reconcile(); |
| 399 | } |
| 400 | |
| 401 | } |