3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.4 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2013 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
31 * @copyright CiviCRM LLC (c) 2004-2013
35 class CRM_Contact_Form_Search_Custom_Base
{
37 protected $_formValues;
43 function __construct(&$formValues) {
44 $this->_formValues
= &$formValues;
48 return CRM_Core_DAO
::singleValueQuery($this->sql('count(distinct contact_a.id) as total'));
55 function contactIDs($offset = 0, $rowcount = 0, $sort = NULL, $returnSQL = FALSE) {
57 'contact_a.id as contact_id',
62 $this->validateUserSQL($sql);
68 return CRM_Core_DAO
::composeQuery($sql, CRM_Core_DAO
::$_nullArray);
76 $includeContactIDs = FALSE,
80 $sql = "SELECT $selectClause " . $this->from();
81 $where = $this->where();
83 $sql .= " WHERE " . $where;
86 if ($includeContactIDs) {
87 $this->includeContactIDs($sql,
96 $this->addSortOffset($sql, $offset, $rowcount, $sort);
100 function templateFile() {
104 function &columns() {
105 return $this->_columns
;
108 static function includeContactIDs(&$sql, &$formValues) {
109 $contactIDs = array();
110 foreach ($formValues as $id => $value) {
112 substr($id, 0, CRM_Core_Form
::CB_PREFIX_LEN
) == CRM_Core_Form
::CB_PREFIX
114 $contactIDs[] = substr($id, CRM_Core_Form
::CB_PREFIX_LEN
);
118 if (!empty($contactIDs)) {
119 $contactIDs = implode(', ', $contactIDs);
120 $sql .= " AND contact_a.id IN ( $contactIDs )";
124 function addSortOffset(&$sql, $offset, $rowcount, $sort) {
126 if (is_string($sort)) {
127 $sort = CRM_Utils_Type
::escape($sort, 'String');
128 $sql .= " ORDER BY $sort ";
131 $sql .= " ORDER BY " . trim($sort->orderBy());
135 if ($rowcount > 0 && $offset >= 0) {
136 $offset = CRM_Utils_Type
::escape($offset, 'Int');
137 $rowcount = CRM_Utils_Type
::escape($rowcount, 'Int');
139 $sql .= " LIMIT $offset, $rowcount ";
143 function validateUserSQL(&$sql, $onlyWhere = FALSE) {
144 $includeStrings = array('contact_a');
145 $excludeStrings = array('insert', 'delete', 'update');
148 $includeStrings +
= array('select', 'from', 'where', 'civicrm_contact');
151 foreach ($includeStrings as $string) {
152 if (stripos($sql, $string) === FALSE) {
153 CRM_Core_Error
::fatal(ts('Could not find \'%1\' string in SQL clause.',
159 foreach ($excludeStrings as $string) {
160 if (preg_match('/(\s' . $string . ')|(' . $string . '\s)/i', $sql)) {
161 CRM_Core_Error
::fatal(ts('Found illegal \'%1\' string in SQL clause.',
168 function whereClause(&$where, &$params) {
169 return CRM_Core_DAO
::composeQuery($where, $params, TRUE);
172 // override this method to define the contact query object
173 // used for creating $sql
174 function getQueryObj() {