4 +--------------------------------------------------------------------+
5 | Copyright CiviCRM LLC. All rights reserved. |
7 | This work is published under the GNU AGPLv3 license with some |
8 | permitted exceptions and without any warranty. For full license |
9 | and copyright information, see https://civicrm.org/licensing |
10 +--------------------------------------------------------------------+
16 * @copyright CiviCRM LLC https://civicrm.org/licensing
18 class CRM_Api4_Page_AJAX
extends CRM_Core_Page
{
21 * Handler for api4 ajax requests
23 public function run() {
24 $config = CRM_Core_Config
::singleton();
25 if (!$config->debug
&& !CRM_Utils_REST
::isWebServiceRequest()) {
28 'error_message' => "SECURITY ALERT: Ajax requests can only be issued by javascript clients, eg. CRM.api4().",
30 Civi
::log()->debug("SECURITY ALERT: Ajax requests can only be issued by javascript clients, eg. CRM.api4().",
32 'IP' => $_SERVER['REMOTE_ADDR'],
33 'level' => 'security',
34 'referer' => $_SERVER['HTTP_REFERER'],
35 'reason' => 'CSRF suspected',
38 CRM_Utils_System
::setHttpHeader('Content-Type', 'application/json');
39 echo json_encode($response);
40 CRM_Utils_System
::civiExit();
42 if ($_SERVER['REQUEST_METHOD'] == 'GET' &&
43 strtolower(substr($this->urlPath
[4], 0, 3)) != 'get') {
46 'error_message' => "SECURITY: All requests that modify the database must be http POST, not GET.",
48 Civi
::log()->debug("SECURITY: All requests that modify the database must be http POST, not GET.",
50 'IP' => $_SERVER['REMOTE_ADDR'],
51 'level' => 'security',
52 'referer' => $_SERVER['HTTP_REFERER'],
53 'reason' => 'Destructive HTTP GET',
56 CRM_Utils_System
::setHttpHeader('Content-Type', 'application/json');
57 echo json_encode($response);
58 CRM_Utils_System
::civiExit();
62 if (empty($this->urlPath
[3])) {
63 $calls = CRM_Utils_Request
::retrieve('calls', 'String', CRM_Core_DAO
::$_nullObject, TRUE, NULL, 'POST');
64 $calls = json_decode($calls, TRUE);
66 foreach ($calls as $index => $call) {
67 $response[$index] = call_user_func_array([$this, 'execute'], $call);
72 $entity = $this->urlPath
[3];
73 $action = $this->urlPath
[4];
74 $params = CRM_Utils_Request
::retrieve('params', 'String');
75 $params = $params ?
json_decode($params, TRUE) : [];
76 $index = CRM_Utils_Request
::retrieve('index', 'String');
77 $response = $this->execute($entity, $action, $params, $index);
80 catch (Exception
$e) {
82 \Civi\API\Exception\UnauthorizedException
::class => 403,
84 http_response_code($statusMap[get_class($e)] ??
500);
86 if (CRM_Core_Permission
::check('view debug output')) {
87 $response['error_code'] = $e->getCode();
88 $response['error_message'] = $e->getMessage();
89 if (!empty($params['debug'])) {
90 if (method_exists($e, 'getUserInfo')) {
91 $response['debug']['info'] = $e->getUserInfo();
93 $cause = method_exists($e, 'getCause') ?
$e->getCause() : $e;
94 if ($cause instanceof \DB_Error
) {
95 $response['debug']['db_error'] = \DB
::errorMessage($cause->getCode());
96 $response['debug']['sql'][] = $cause->getDebugInfo();
98 if (\Civi
::settings()->get('backtrace')) {
99 // Would prefer getTrace() but that causes json_encode to bomb
100 $response['debug']['backtrace'] = $e->getTraceAsString();
105 $error_id = rtrim(chunk_split(CRM_Utils_String
::createRandom(12, CRM_Utils_String
::ALPHANUMERIC
), 4, '-'), '-');
106 $response['error_code'] = '1';
107 $response['error_message'] = ts('Sorry an error occurred and your request was not completed. (Error ID: %1)', [
110 \Civi
::log()->debug('AJAX Error ({error_id}): failed with exception', [
111 'error_id' => $error_id,
116 CRM_Utils_System
::setHttpHeader('Content-Type', 'application/json');
117 echo json_encode($response);
118 CRM_Utils_System
::civiExit();
122 * Run api call & prepare result for json encoding
124 * @param string $entity
125 * @param string $action
126 * @param array $params
127 * @param string $index
130 protected function execute($entity, $action, $params = [], $index = NULL) {
131 $params['checkPermissions'] = TRUE;
133 // Handle numeric indexes later so we can get the count
134 $itemAt = CRM_Utils_Type
::validate($index, 'Integer', FALSE);
136 $result = civicrm_api4($entity, $action, $params, isset($itemAt) ?
NULL : $index);
138 // Convert arrayObject into something more suitable for json
139 $vals = ['values' => isset($itemAt) ?
$result->itemAt($itemAt) : (array) $result];
140 foreach (get_class_vars(get_class($result)) as $key => $val) {
141 $vals[$key] = $result->$key;
143 unset($vals['rowCount']);
144 $vals['count'] = $result->count();
145 $vals['countFetched'] = $result->countFetched();
146 if (in_array('row_count', $params['select'] ??
[])) {
147 // We can only return countMatched (whose value is independent of LIMIT clauses) if row_count was in the select.
148 $vals['countMatched'] = $result->count();