3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.4 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2013 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
31 * @copyright CiviCRM LLC (c) 2004-2013
35 class CRM_Contact_Form_Search_Custom_Base
{
37 protected $_formValues;
43 function __construct(&$formValues) {
44 $this->_formValues
= &$formValues;
48 return CRM_Core_DAO
::singleValueQuery($this->sql('count(distinct contact_a.id) as total'));
55 function contactIDs($offset = 0, $rowcount = 0, $sort = NULL, $returnSQL = FALSE) {
57 'contact_a.id as contact_id',
62 $this->validateUserSQL($sql);
68 return CRM_Core_DAO
::composeQuery($sql, CRM_Core_DAO
::$_nullArray);
76 $includeContactIDs = FALSE,
80 $sql = "SELECT $selectClause " . $this->from();
81 $where = $this->where();
83 $sql .= " WHERE " . $where;
86 if ($includeContactIDs) {
87 $this->includeContactIDs($sql,
96 $this->addSortOffset($sql, $offset, $rowcount, $sort);
100 function templateFile() {
104 function &columns() {
105 return $this->_columns
;
108 static function includeContactIDs(&$sql, &$formValues) {
109 $contactIDs = array();
110 foreach ($formValues as $id => $value) {
112 substr($id, 0, CRM_Core_Form
::CB_PREFIX_LEN
) == CRM_Core_Form
::CB_PREFIX
114 $contactIDs[] = substr($id, CRM_Core_Form
::CB_PREFIX_LEN
);
118 if (!empty($contactIDs)) {
119 $contactIDs = implode(', ', $contactIDs);
120 $sql .= " AND contact_a.id IN ( $contactIDs )";
124 function addSortOffset(&$sql, $offset, $rowcount, $sort) {
126 if (is_string($sort)) {
127 $sql .= " ORDER BY $sort ";
130 $sql .= " ORDER BY " . trim($sort->orderBy());
134 if ($rowcount > 0 && $offset >= 0) {
135 $sql .= " LIMIT $offset, $rowcount ";
139 function validateUserSQL(&$sql, $onlyWhere = FALSE) {
140 $includeStrings = array('contact_a');
141 $excludeStrings = array('insert', 'delete', 'update');
144 $includeStrings +
= array('select', 'from', 'where', 'civicrm_contact');
147 foreach ($includeStrings as $string) {
148 if (stripos($sql, $string) === FALSE) {
149 CRM_Core_Error
::fatal(ts('Could not find \'%1\' string in SQL clause.',
155 foreach ($excludeStrings as $string) {
156 if (preg_match('/(\s' . $string . ')|(' . $string . '\s)/i', $sql)) {
157 CRM_Core_Error
::fatal(ts('Found illegal \'%1\' string in SQL clause.',
164 function whereClause(&$where, &$params) {
165 return CRM_Core_DAO
::composeQuery($where, $params, TRUE);
168 // override this method to define the contact query object
169 // used for creating $sql
170 function getQueryObj() {