| 1 | <?php |
| 2 | /** |
| 3 | * params must contain at least id=xx & {one of the fields from getfields}=value |
| 4 | */ |
| 5 | function civicrm_api3_generic_setValue($apiRequest) { |
| 6 | $entity = $apiRequest['entity']; |
| 7 | $params = $apiRequest['params']; |
| 8 | // we can't use _spec, doesn't work with generic |
| 9 | civicrm_api3_verify_mandatory($params, NULL, array('id', 'field', 'value')); |
| 10 | $id = $params['id']; |
| 11 | if (!is_numeric($id)) { |
| 12 | return civicrm_api3_create_error(ts('Please enter a number'), array('error_code' => 'NaN', 'field' => "id")); |
| 13 | } |
| 14 | |
| 15 | $field = CRM_Utils_String::munge($params['field']); |
| 16 | $value = $params['value']; |
| 17 | |
| 18 | $fields = civicrm_api($entity, 'getFields', array('version' => 3, 'action' => 'create', "sequential")); |
| 19 | // getfields error, shouldn't happen. |
| 20 | if ($fields['is_error']) |
| 21 | return $fields; |
| 22 | $fields = $fields['values']; |
| 23 | |
| 24 | if (!array_key_exists($field, $fields)) { |
| 25 | return civicrm_api3_create_error("Param 'field' ($field) is invalid. must be an existing field", array("error_code" => "invalid_field", "fields" => array_keys($fields))); |
| 26 | } |
| 27 | |
| 28 | $def = $fields[$field]; |
| 29 | // Disallow empty values except for the number zero. |
| 30 | // TODO: create a utility for this since it's needed in many places |
| 31 | // if (array_key_exists('required', $def) && CRM_Utils_System::isNull($value)) { |
| 32 | if (array_key_exists('required', $def) && empty($value) && $value !== '0' && $value !== 0) { |
| 33 | return civicrm_api3_create_error(ts("This can't be empty, please provide a value"), array("error_code" => "required", "field" => $field)); |
| 34 | } |
| 35 | |
| 36 | switch ($def['type']) { |
| 37 | case CRM_Utils_Type::T_INT: |
| 38 | if (!is_numeric($value)) { |
| 39 | return civicrm_api3_create_error("Param '$field' must be a number", array('error_code' => 'NaN')); |
| 40 | } |
| 41 | |
| 42 | case CRM_Utils_Type::T_STRING: |
| 43 | case CRM_Utils_Type::T_TEXT: |
| 44 | if (!CRM_Utils_Rule::xssString($value)) { |
| 45 | return civicrm_api3_create_error(ts('Illegal characters in input (potential scripting attack)'), array('error_code' => 'XSS')); |
| 46 | } |
| 47 | if (array_key_exists('maxlength', $def)) { |
| 48 | $value = substr($value, 0, $def['maxlength']); |
| 49 | } |
| 50 | break; |
| 51 | |
| 52 | case CRM_Utils_Type::T_DATE: |
| 53 | $value = CRM_Utils_Type::escape($value,"Date",false); |
| 54 | if (!$value) |
| 55 | return civicrm_api3_create_error("Param '$field' is not a date. format YYYYMMDD or YYYYMMDDHHMMSS"); |
| 56 | break; |
| 57 | |
| 58 | case CRM_Utils_Type::T_BOOLEAN: |
| 59 | $value = (boolean) $value; |
| 60 | break; |
| 61 | |
| 62 | default: |
| 63 | return civicrm_api3_create_error("Param '$field' is of a type not managed yet (".$def['type']."). Join the API team and help us implement it", array('error_code' => 'NOT_IMPLEMENTED')); |
| 64 | } |
| 65 | |
| 66 | $dao_name = _civicrm_api3_get_DAO($entity); |
| 67 | if (CRM_Core_DAO::setFieldValue($dao_name, $id, $field, $value)) { |
| 68 | $params = array('id' => $id, $field => $value); |
| 69 | $entityDAO = new $dao_name(); |
| 70 | $entityDAO->copyValues($params); |
| 71 | CRM_Utils_Hook::post('edit', $entity, $entityDAO->id, $entityDAO); |
| 72 | return civicrm_api3_create_success($entity); |
| 73 | } |
| 74 | else { |
| 75 | return civicrm_api3_create_error("error assigning $field=$value for $entity (id=$id)"); |
| 76 | } |
| 77 | } |