projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
security/core#14 Validate "context" inputs
[civicrm-core.git] / CRM / Contribute / Page / Tab.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 5 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2018 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 *
30 * @package CRM
31 * @copyright CiviCRM LLC (c) 2004-2018
32 */
33 class CRM_Contribute_Page_Tab extends CRM_Core_Page {
34
35 /**
36 * The action links that we need to display for the browse screen.
37 *
38 * @var array
39 */
40 static $_links = NULL;
41 static $_recurLinks = NULL;
42 public $_permission = NULL;
43 public $_contactId = NULL;
44 public $_crid = NULL;
45
46 /**
47 * This method returns the links that are given for recur search row.
48 * currently the links added for each row are:
49 * - View
50 * - Edit
51 * - Cancel
52 *
53 * @param bool $recurID
54 * @param string $context
55 *
56 * @return array
57 */
58 public static function &recurLinks($recurID = FALSE, $context = 'contribution') {
59 if (!(self::$_links)) {
60 self::$_links = array(
61 CRM_Core_Action::VIEW => array(
62 'name' => ts('View'),
63 'title' => ts('View Recurring Payment'),
64 'url' => 'civicrm/contact/view/contributionrecur',
65 'qs' => "reset=1&id=%%crid%%&cid=%%cid%%&context={$context}",
66 ),
67 CRM_Core_Action::UPDATE => array(
68 'name' => ts('Edit'),
69 'title' => ts('Edit Recurring Payment'),
70 'url' => 'civicrm/contribute/updaterecur',
71 'qs' => "reset=1&action=update&crid=%%crid%%&cid=%%cid%%&context={$context}",
72 ),
73 CRM_Core_Action::DISABLE => array(
74 'name' => ts('Cancel'),
75 'title' => ts('Cancel'),
76 'ref' => 'crm-enable-disable',
77 ),
78 );
79 }
80
81 if ($recurID) {
82 $links = self::$_links;
83 $paymentProcessorObj = CRM_Financial_BAO_PaymentProcessor::getProcessorForEntity($recurID, 'recur', 'obj');
84 if (is_object($paymentProcessorObj) && $paymentProcessorObj->supports('cancelRecurring')) {
85 unset($links[CRM_Core_Action::DISABLE]['extra'], $links[CRM_Core_Action::DISABLE]['ref']);
86 $links[CRM_Core_Action::DISABLE]['url'] = "civicrm/contribute/unsubscribe";
87 $links[CRM_Core_Action::DISABLE]['qs'] = "reset=1&crid=%%crid%%&cid=%%cid%%&context={$context}";
88 }
89
90 if (is_object($paymentProcessorObj) && $paymentProcessorObj->isSupported('updateSubscriptionBillingInfo')) {
91 $links[CRM_Core_Action::RENEW] = array(
92 'name' => ts('Change Billing Details'),
93 'title' => ts('Change Billing Details'),
94 'url' => 'civicrm/contribute/updatebilling',
95 'qs' => "reset=1&crid=%%crid%%&cid=%%cid%%&context={$context}",
96 );
97 }
98 return $links;
99 }
100
101 return self::$_links;
102 }
103
104 /**
105 * called when action is browse.
106 *
107 */
108 public function browse() {
109 // add annual contribution
110 $annual = array();
111 list($annual['count'],
112 $annual['amount'],
113 $annual['avg']
114 ) = CRM_Contribute_BAO_Contribution::annual($this->_contactId);
115 $this->assign('annual', $annual);
116
117 $controller = new CRM_Core_Controller_Simple(
118 'CRM_Contribute_Form_Search',
119 ts('Contributions'),
120 $this->_action,
121 FALSE, FALSE, TRUE
122 );
123 $controller->setEmbedded(TRUE);
124 $controller->reset();
125 $controller->set('cid', $this->_contactId);
126 $controller->set('crid', $this->_crid);
127 $controller->set('context', 'contribution');
128 $controller->set('limit', 50);
129 $controller->process();
130 $controller->run();
131
132 // add recurring block
133 $this->addRecurringContributionsBlock();
134
135 // enable/disable soft credit records for test contribution
136 $isTest = 0;
137 if (CRM_Utils_Request::retrieve('isTest', 'Positive', $this)) {
138 $isTest = 1;
139 }
140 $this->assign('isTest', $isTest);
141
142 $softCreditList = CRM_Contribute_BAO_ContributionSoft::getSoftContributionList($this->_contactId, NULL, $isTest);
143
144 if (!empty($softCreditList)) {
145 $softCreditTotals = array();
146
147 list($softCreditTotals['amount'],
148 $softCreditTotals['avg'],
149 $softCreditTotals['currency'],
150 $softCreditTotals['cancelAmount'] // to get cancel amount
151 ) = CRM_Contribute_BAO_ContributionSoft::getSoftContributionTotals($this->_contactId, $isTest);
152
153 $this->assign('softCredit', TRUE);
154 $this->assign('softCreditRows', $softCreditList);
155 $this->assign('softCreditTotals', $softCreditTotals);
156 }
157
158 if ($this->_contactId) {
159 $displayName = CRM_Contact_BAO_Contact::displayName($this->_contactId);
160 $this->assign('displayName', $displayName);
161 $this->ajaxResponse['tabCount'] = CRM_Contact_BAO_Contact::getCountComponent('contribution', $this->_contactId);
162 }
163 }
164
165 /**
166 * Get all the recurring contribution information and assign to the template
167 */
168 private function addRecurringContributionsBlock() {
169 $activeContributions = $this->getActiveRecurringContributions();
170 $inactiveRecurringContributions = $this->getInactiveRecurringContributions();
171
172 if (!empty($activeContributions) || !empty($inactiveRecurringContributions)) {
173 // assign vars to templates
174 $this->assign('action', $this->_action);
175 $this->assign('activeRecurRows', $activeContributions);
176 $this->assign('inactiveRecurRows', $inactiveRecurringContributions);
177 $this->assign('recur', TRUE);
178 }
179 }
180
181 /**
182 * Loads active recurring contributions for the current contact and formats
183 * them to be used on the form.
184 *
185 * @return array;
186 */
187 private function getActiveRecurringContributions() {
188 try {
189 $contributionRecurResult = civicrm_api3('ContributionRecur', 'get', array(
190 'contact_id' => $this->_contactId,
191 'contribution_status_id' => array('NOT IN' => CRM_Contribute_BAO_ContributionRecur::getInactiveStatuses()),
192 'options' => array('limit' => 0, 'sort' => 'start_date ASC'),
193 ));
194 $recurContributions = CRM_Utils_Array::value('values', $contributionRecurResult);
195 }
196 catch (Exception $e) {
197 $recurContributions = array();
198 }
199
200 return $this->buildRecurringContributionsArray($recurContributions);
201 }
202
203 /**
204 * Loads inactive recurring contributions for the current contact and formats
205 * them to be used on the form.
206 *
207 * @return array;
208 */
209 private function getInactiveRecurringContributions() {
210 try {
211 $contributionRecurResult = civicrm_api3('ContributionRecur', 'get', array(
212 'contact_id' => $this->_contactId,
213 'contribution_status_id' => array('IN' => CRM_Contribute_BAO_ContributionRecur::getInactiveStatuses()),
214 'options' => array('limit' => 0, 'sort' => 'start_date ASC'),
215 ));
216 $recurContributions = CRM_Utils_Array::value('values', $contributionRecurResult);
217 }
218 catch (Exception $e) {
219 $recurContributions = NULL;
220 }
221
222 return $this->buildRecurringContributionsArray($recurContributions);
223 }
224
225 /**
226 * @param $recurContributions
227 *
228 * @return mixed
229 */
230 private function buildRecurringContributionsArray($recurContributions) {
231 foreach ($recurContributions as $recurId => $recurDetail) {
232 $action = array_sum(array_keys($this->recurLinks($recurId)));
233 // no action allowed if it's not active
234 $recurContributions[$recurId]['is_active'] = (!CRM_Contribute_BAO_Contribution::isContributionStatusNegative($recurDetail['contribution_status_id']));
235
236 // Get the name of the payment processor
237 if (!empty($recurDetail['payment_processor_id'])) {
238 $recurContributions[$recurId]['payment_processor'] = CRM_Financial_BAO_PaymentProcessor::getPaymentProcessorName($recurDetail['payment_processor_id']);
239 }
240 // Get the label for the contribution status
241 if (!empty($recurDetail['contribution_status_id'])) {
242 $recurContributions[$recurId]['contribution_status'] = CRM_Core_PseudoConstant::getLabel('CRM_Contribute_BAO_ContributionRecur', 'contribution_status_id', $recurDetail['contribution_status_id']);
243 }
244
245 if ($recurContributions[$recurId]['is_active']) {
246 $details = CRM_Contribute_BAO_ContributionRecur::getSubscriptionDetails($recurContributions[$recurId]['id'], 'recur');
247 $hideUpdate = $details->membership_id & $details->auto_renew;
248
249 if ($hideUpdate) {
250 $action -= CRM_Core_Action::UPDATE;
251 }
252
253 $recurContributions[$recurId]['action'] = CRM_Core_Action::formLink(self::recurLinks($recurId), $action,
254 array(
255 'cid' => $this->_contactId,
256 'crid' => $recurId,
257 'cxt' => 'contribution',
258 ),
259 ts('more'),
260 FALSE,
261 'contribution.selector.recurring',
262 'Contribution',
263 $recurId
264 );
265 }
266 }
267
268 return $recurContributions;
269 }
270
271 /**
272 * called when action is view.
273 *
274 * @return mixed
275 */
276 public function view() {
277 $controller = new CRM_Core_Controller_Simple(
278 'CRM_Contribute_Form_ContributionView',
279 ts('View Contribution'),
280 $this->_action
281 );
282 $controller->setEmbedded(TRUE);
283 $controller->set('id', $this->_id);
284 $controller->set('cid', $this->_contactId);
285
286 return $controller->run();
287 }
288
289 /**
290 * called when action is update or new.
291 *
292 * @return mixed
293 * @throws \CRM_Core_Exception
294 * @throws \Exception
295 */
296 public function edit() {
297 // set https for offline cc transaction
298 $mode = CRM_Utils_Request::retrieve('mode', 'String', $this);
299 if ($mode == 'test' || $mode == 'live') {
300 CRM_Utils_System::redirectToSSL();
301 }
302
303 $controller = new CRM_Core_Controller_Simple(
304 'CRM_Contribute_Form_Contribution',
305 'Create Contribution',
306 $this->_action
307 );
308 $controller->setEmbedded(TRUE);
309 $controller->set('id', $this->_id);
310 $controller->set('cid', $this->_contactId);
311
312 return $controller->run();
313 }
314
315 public function preProcess() {
316 $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
317 $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse');
318 $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this);
319
320 if ($context == 'standalone') {
321 $this->_action = CRM_Core_Action::ADD;
322 }
323 else {
324 $this->_contactId = CRM_Utils_Request::retrieve('cid', 'Positive', $this, empty($this->_id));
325 if (empty($this->_contactId)) {
326 $this->_contactId = civicrm_api3('contribution', 'getvalue', array(
327 'id' => $this->_id,
328 'return' => 'contact_id',
329 ));
330 }
331 $this->assign('contactId', $this->_contactId);
332
333 // check logged in url permission
334 CRM_Contact_Page_View::checkUserPermission($this);
335 }
336 $this->assign('action', $this->_action);
337
338 if ($this->_permission == CRM_Core_Permission::EDIT && !CRM_Core_Permission::check('edit contributions')) {
339 // demote to view since user does not have edit contrib rights
340 $this->_permission = CRM_Core_Permission::VIEW;
341 $this->assign('permission', 'view');
342 }
343 }
344
345 /**
346 * the main function that is called when the page
347 * loads, it decides the which action has to be taken for the page.
348 *
349 * @return null
350 */
351 public function run() {
352 $this->preProcess();
353
354 // check if we can process credit card contribs
355 $this->assign('newCredit', CRM_Core_Config::isEnabledBackOfficeCreditCardPayments());
356
357 $this->setContext();
358
359 if ($this->_action & CRM_Core_Action::VIEW) {
360 $this->view();
361 }
362 elseif ($this->_action & (CRM_Core_Action::UPDATE | CRM_Core_Action::ADD | CRM_Core_Action::DELETE)) {
363 $this->edit();
364 }
365 else {
366 $this->browse();
367 }
368
369 return parent::run();
370 }
371
372 public function setContext() {
373 $qfKey = CRM_Utils_Request::retrieve('key', 'String', $this);
374 $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric',
375 $this, FALSE, 'search'
376 );
377 $compContext = CRM_Utils_Request::retrieve('compContext', 'String', $this);
378
379 $searchContext = CRM_Utils_Request::retrieve('searchContext', 'String', $this);
380
381 //swap the context.
382 if ($context == 'search' && $compContext) {
383 $context = $compContext;
384 }
385 else {
386 $compContext = NULL;
387 }
388
389 // make sure we dont get tricked with a bad key
390 // so check format
391 if (!CRM_Core_Key::valid($qfKey)) {
392 $qfKey = NULL;
393 }
394
395 $session = CRM_Core_Session::singleton();
396
397 switch ($context) {
398 case 'user':
399 $url = CRM_Utils_System::url('civicrm/user', 'reset=1');
400 break;
401
402 case 'dashboard':
403 $url = CRM_Utils_System::url('civicrm/contribute',
404 'reset=1'
405 );
406 break;
407
408 case 'pledgeDashboard':
409 $url = CRM_Utils_System::url('civicrm/pledge',
410 'reset=1'
411 );
412 break;
413
414 case 'contribution':
415 $url = CRM_Utils_System::url('civicrm/contact/view',
416 "reset=1&force=1&cid={$this->_contactId}&selectedChild=contribute"
417 );
418 break;
419
420 case 'search':
421 case 'advanced':
422 $extraParams = "force=1";
423 if ($qfKey) {
424 $extraParams .= "&qfKey=$qfKey";
425 }
426
427 $this->assign('searchKey', $qfKey);
428 if ($context == 'advanced') {
429 $url = CRM_Utils_System::url('civicrm/contact/search/advanced', $extraParams);
430 }
431 elseif ($searchContext) {
432 $url = CRM_Utils_System::url("civicrm/$searchContext/search", $extraParams);
433 }
434 else {
435 $url = CRM_Utils_System::url('civicrm/contribute/search', $extraParams);
436 }
437 break;
438
439 case 'home':
440 $url = CRM_Utils_System::url('civicrm/dashboard', 'reset=1');
441 break;
442
443 case 'activity':
444 $url = CRM_Utils_System::url('civicrm/contact/view',
445 "reset=1&force=1&cid={$this->_contactId}&selectedChild=activity"
446 );
447 break;
448
449 case 'member':
450 case 'membership':
451 $componentId = CRM_Utils_Request::retrieve('compId', 'Positive', $this);
452 $componentAction = CRM_Utils_Request::retrieve('compAction', 'Integer', $this);
453
454 $context = 'membership';
455 $searchKey = NULL;
456 if ($compContext) {
457 $context = 'search';
458 if ($qfKey) {
459 $searchKey = "&key=$qfKey";
460 }
461 $compContext = "&compContext={$compContext}";
462 }
463 if ($componentAction & CRM_Core_Action::VIEW) {
464 $action = 'view';
465 }
466 else {
467 $action = 'update';
468 }
469 $url = CRM_Utils_System::url('civicrm/contact/view/membership',
470 "reset=1&action={$action}&id={$componentId}&cid={$this->_contactId}&context={$context}&selectedChild=member{$searchKey}{$compContext}"
471 );
472 break;
473
474 case 'participant':
475 $componentId = CRM_Utils_Request::retrieve('compId', 'Positive', $this);
476 $componentAction = CRM_Utils_Request::retrieve('compAction', 'Integer', $this);
477
478 $context = 'participant';
479 $searchKey = NULL;
480 if ($compContext) {
481 $context = 'search';
482 if ($qfKey) {
483 $searchKey = "&key=$qfKey";
484 }
485 $compContext = "&compContext={$compContext}";
486 }
487 if ($componentAction == CRM_Core_Action::VIEW) {
488 $action = 'view';
489 }
490 else {
491 $action = 'update';
492 }
493 $url = CRM_Utils_System::url('civicrm/contact/view/participant',
494 "reset=1&action={$action}&id={$componentId}&cid={$this->_contactId}&context={$context}&selectedChild=event{$searchKey}{$compContext}"
495 );
496 break;
497
498 case 'pledge':
499 $url = CRM_Utils_System::url('civicrm/contact/view',
500 "reset=1&force=1&cid={$this->_contactId}&selectedChild=pledge"
501 );
502 break;
503
504 case 'standalone':
505 $url = CRM_Utils_System::url('civicrm/dashboard', 'reset=1');
506 break;
507
508 case 'fulltext':
509 $keyName = '&qfKey';
510 $urlParams = 'force=1';
511 $urlString = 'civicrm/contact/search/custom';
512 if ($this->_action == CRM_Core_Action::UPDATE) {
513 if ($this->_contactId) {
514 $urlParams .= '&cid=' . $this->_contactId;
515 }
516 $keyName = '&key';
517 $urlParams .= '&context=fulltext&action=view';
518 $urlString = 'civicrm/contact/view/contribution';
519 }
520 if ($qfKey) {
521 $urlParams .= "$keyName=$qfKey";
522 }
523 $this->assign('searchKey', $qfKey);
524 $url = CRM_Utils_System::url($urlString, $urlParams);
525 break;
526
527 default:
528 $cid = NULL;
529 if ($this->_contactId) {
530 $cid = '&cid=' . $this->_contactId;
531 }
532 $url = CRM_Utils_System::url('civicrm/contribute/search',
533 'reset=1&force=1' . $cid
534 );
535 break;
536 }
537
538 $session = CRM_Core_Session::singleton();
539 $session->pushUserContext($url);
540 }
541
542 }