projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
dev/core#2850 add comment
[civicrm-core.git] / CRM / Core / Invoke.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
5 | |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
10 */
11
12 /**
13 *
14 * Given an argument list, invoke the appropriate CRM function
15 * Serves as a wrapper between the UserFrameWork and Core CRM
16 *
17 * @package CRM
18 * @copyright CiviCRM LLC https://civicrm.org/licensing
19 */
20 class CRM_Core_Invoke {
21
22 /**
23 * This is the main front-controller that integrates with the CMS. Any
24 * page-request that is sent to the CMS and intended for CiviCRM should
25 * be processed by invoke().
26 *
27 * @param array $args
28 * The parts of the URL which identify the intended CiviCRM page
29 * (e.g. array('civicrm', 'event', 'register')).
30 * @return string
31 * HTML. For non-HTML content, invoke() may call print() and exit().
32 *
33 */
34 public static function invoke($args) {
35 try {
36 return self::_invoke($args);
37 }
38 catch (Exception $e) {
39 CRM_Core_Error::handleUnhandledException($e);
40 }
41 }
42
43 /**
44 * This is the same as invoke(), but it does *not* include exception
45 * handling.
46 *
47 * @param array $args
48 * The parts of the URL which identify the intended CiviCRM page
49 * (e.g. array('civicrm', 'event', 'register')).
50 * @return string
51 * HTML. For non-HTML content, invoke() may call print() and exit().
52 */
53 public static function _invoke($args) {
54 if ($args[0] !== 'civicrm') {
55 return NULL;
56 }
57 // CRM-15901: Turn off PHP errors display for all ajax calls
58 if (CRM_Utils_Array::value(1, $args) == 'ajax' || !empty($_REQUEST['snippet'])) {
59 ini_set('display_errors', 0);
60 }
61
62 if (!defined('CIVICRM_SYMFONY_PATH')) {
63 // Traditional Civi invocation path
64 // may exit
65 self::hackMenuRebuild($args);
66 self::init($args);
67 Civi::dispatcher()->dispatch('civi.invoke.auth', \Civi\Core\Event\GenericHookEvent::create(['args' => $args]));
68 $item = self::getItem($args);
69 return self::runItem($item);
70 }
71 else {
72 // Symfony-based invocation path
73 require_once CIVICRM_SYMFONY_PATH . '/app/bootstrap.php.cache';
74 require_once CIVICRM_SYMFONY_PATH . '/app/AppKernel.php';
75 $kernel = new AppKernel('dev', TRUE);
76 $kernel->loadClassCache();
77 $response = $kernel->handle(Symfony\Component\HttpFoundation\Request::createFromGlobals());
78 if (preg_match(':^text/html:', $response->headers->get('Content-Type'))) {
79 // let the CMS handle the trappings
80 return $response->getContent();
81 }
82 else {
83 $response->send();
84 exit();
85 }
86 }
87 }
88
89 /**
90 * Hackish support /civicrm/menu/rebuild
91 *
92 * @param array $args
93 * List of path parts.
94 * @void
95 */
96 public static function hackMenuRebuild($args) {
97 if (['civicrm', 'menu', 'rebuild'] == $args || ['civicrm', 'clearcache'] == $args) {
98 // ensure that the user has a good privilege level
99 if (CRM_Core_Permission::check('administer CiviCRM')) {
100 self::rebuildMenuAndCaches();
101 CRM_Core_Session::setStatus(ts('Cleared all CiviCRM caches (database, menu, templates)'), ts('Complete'), 'success');
102 // exits
103 return CRM_Utils_System::redirect();
104 }
105 else {
106 CRM_Core_Error::statusBounce(ts('You do not have permission to execute this url'));
107 }
108 }
109 }
110
111 /**
112 * Perform general setup.
113 *
114 * @param array $args
115 * List of path parts.
116 * @void
117 */
118 public static function init($args) {
119 // first fire up IDS and check for bad stuff
120 $config = CRM_Core_Config::singleton();
121
122 // also initialize the i18n framework
123 require_once 'CRM/Core/I18n.php';
124 $i18n = CRM_Core_I18n::singleton();
125 }
126
127 /**
128 * Determine which menu $item corresponds to $args
129 *
130 * @param array $args
131 * List of path parts.
132 * @return array; see CRM_Core_Menu
133 */
134 public static function getItem($args) {
135 if (is_array($args)) {
136 // get the menu items
137 $path = implode('/', $args);
138 }
139 else {
140 $path = $args;
141 }
142 $item = CRM_Core_Menu::get($path);
143
144 // we should try to compute menus, if item is empty and stay on the same page,
145 // rather than compute and redirect to dashboard.
146 if (!$item) {
147 CRM_Core_Menu::store(FALSE);
148 $item = CRM_Core_Menu::get($path);
149 }
150
151 return $item;
152 }
153
154 /**
155 * Register an alternative phar:// stream wrapper to filter out insecure Phars
156 *
157 * PHP makes it possible to trigger Object Injection vulnerabilities by using
158 * a side-effect of the phar:// stream wrapper that unserializes Phar
159 * metadata. To mitigate this vulnerability, projects such as TYPO3 and Drupal
160 * have implemented an alternative Phar stream wrapper that disallows
161 * inclusion of phar files based on certain parameters.
162 *
163 * This code attempts to register the TYPO3 Phar stream wrapper using the
164 * interceptor defined in \Civi\Core\Security\PharExtensionInterceptor. In an
165 * environment where the stream wrapper was already registered via
166 * \TYPO3\PharStreamWrapper\Manager (i.e. Drupal), this code does not do
167 * anything. In other environments (e.g. WordPress, at the time of this
168 * writing), the TYPO3 library is used to register the interceptor to mitigate
169 * the vulnerability.
170 */
171 private static function registerPharHandler() {
172 try {
173 // try to get the existing stream wrapper, registered e.g. by Drupal
174 \TYPO3\PharStreamWrapper\Manager::instance();
175 }
176 catch (\LogicException $e) {
177 if ($e->getCode() === 1535189872) {
178 // no phar stream wrapper was registered by \TYPO3\PharStreamWrapper\Manager.
179 // This means we're probably not on Drupal and need to register our own.
180 \TYPO3\PharStreamWrapper\Manager::initialize(
181 (new \TYPO3\PharStreamWrapper\Behavior())
182 ->withAssertion(new \Civi\Core\Security\PharExtensionInterceptor())
183 );
184 if (in_array('phar', stream_get_wrappers())) {
185 stream_wrapper_unregister('phar');
186 stream_wrapper_register('phar', \TYPO3\PharStreamWrapper\PharStreamWrapper::class);
187 }
188 }
189 else {
190 // this is not an exception we can handle
191 throw $e;
192 }
193 }
194 }
195
196 /**
197 * Given a menu item, call the appropriate controller and return the response
198 *
199 * @param array $item
200 * See CRM_Core_Menu.
201 * @return string, HTML
202 */
203 public static function runItem($item) {
204 $ids = new CRM_Core_IDS();
205 $ids->check($item);
206
207 self::registerPharHandler();
208
209 $config = CRM_Core_Config::singleton();
210 if ($config->userFramework == 'Joomla' && $item) {
211 $config->userFrameworkURLVar = 'task';
212
213 // joomla 1.5RC1 seems to push this in the POST variable, which messes
214 // QF and checkboxes
215 unset($_POST['option']);
216 CRM_Core_Joomla::sidebarLeft();
217 }
218
219 // set active Component
220 $template = CRM_Core_Smarty::singleton();
221 $template->assign('activeComponent', 'CiviCRM');
222 $template->assign('formTpl', 'default');
223
224 if ($item) {
225
226 if (!array_key_exists('page_callback', $item)) {
227 CRM_Core_Error::debug('Bad item', $item);
228 CRM_Core_Error::statusBounce(ts('Bad menu record in database'));
229 }
230
231 // check that we are permissioned to access this page
232 if (!CRM_Core_Permission::checkMenuItem($item)) {
233 CRM_Utils_System::permissionDenied();
234 return NULL;
235 }
236
237 // check if ssl is set
238 if (!empty($item['is_ssl'])) {
239 CRM_Utils_System::redirectToSSL();
240 }
241
242 if (isset($item['title'])) {
243 CRM_Utils_System::setTitle($item['title']);
244 }
245
246 if (isset($item['breadcrumb']) && !isset($item['is_public'])) {
247 CRM_Utils_System::appendBreadCrumb($item['breadcrumb']);
248 }
249
250 $pageArgs = NULL;
251 if (!empty($item['page_arguments'])) {
252 $pageArgs = CRM_Core_Menu::getArrayForPathArgs($item['page_arguments']);
253 }
254
255 $template = CRM_Core_Smarty::singleton();
256 if (!empty($item['is_public'])) {
257 $template->assign('urlIsPublic', TRUE);
258 }
259 else {
260 $template->assign('urlIsPublic', FALSE);
261 self::statusCheck($template);
262 }
263
264 if (isset($item['return_url'])) {
265 $session = CRM_Core_Session::singleton();
266 $args = CRM_Utils_Array::value(
267 'return_url_args',
268 $item,
269 'reset=1'
270 );
271 $session->pushUserContext(CRM_Utils_System::url($item['return_url'], $args));
272 }
273
274 $result = NULL;
275 // WISHLIST: Refactor this. Instead of pattern-matching on page_callback, lookup
276 // page_callback via Civi\Core\Resolver and check the implemented interfaces. This
277 // would require rethinking the default constructor.
278 if (is_array($item['page_callback']) || strpos($item['page_callback'], ':')) {
279 $result = call_user_func(Civi\Core\Resolver::singleton()->get($item['page_callback']));
280 }
281 elseif (strpos($item['page_callback'], '_Form') !== FALSE) {
282 $wrapper = new CRM_Utils_Wrapper();
283 $result = $wrapper->run(
284 $item['page_callback'] ?? NULL,
285 $item['title'] ?? NULL,
286 $pageArgs ?? NULL
287 );
288 }
289 else {
290 $newArgs = explode('/', $_GET[$config->userFrameworkURLVar]);
291 $mode = 'null';
292 if (isset($pageArgs['mode'])) {
293 $mode = $pageArgs['mode'];
294 unset($pageArgs['mode']);
295 }
296 $title = $item['title'] ?? NULL;
297 if (strstr($item['page_callback'], '_Page') || strstr($item['page_callback'], '\\Page\\')) {
298 $object = new $item['page_callback']($title, $mode);
299 $object->urlPath = explode('/', $_GET[$config->userFrameworkURLVar]);
300 }
301 elseif (strstr($item['page_callback'], '_Controller') || strstr($item['page_callback'], '\\Controller\\')) {
302 $addSequence = 'false';
303 if (isset($pageArgs['addSequence'])) {
304 $addSequence = $pageArgs['addSequence'];
305 $addSequence = $addSequence ? 'true' : 'false';
306 unset($pageArgs['addSequence']);
307 }
308 $object = new $item['page_callback']($title, TRUE, $mode, NULL, $addSequence);
309 }
310 else {
311 throw new CRM_Core_Exception('Execute supplied menu action');
312 }
313 $result = $object->run($newArgs, $pageArgs);
314 }
315
316 CRM_Core_Session::storeSessionObjects();
317 return $result;
318 }
319
320 CRM_Core_Menu::store();
321 CRM_Core_Session::setStatus(ts('Menu has been rebuilt'), ts('Complete'), 'success');
322 return CRM_Utils_System::redirect();
323 }
324
325 /**
326 * This function contains the default action.
327 *
328 * @param $action
329 *
330 * @param $contact_type
331 * @param $contact_sub_type
332 *
333 */
334 public static function form($action, $contact_type, $contact_sub_type) {
335 CRM_Utils_System::setUserContext(['civicrm/contact/search/basic', 'civicrm/contact/view']);
336 $wrapper = new CRM_Utils_Wrapper();
337
338 $properties = CRM_Core_Component::contactSubTypeProperties($contact_sub_type, 'Edit');
339 if ($properties) {
340 $wrapper->run($properties['class'], ts('New %1', [1 => $contact_sub_type]), $action, TRUE);
341 }
342 else {
343 $wrapper->run('CRM_Contact_Form_Contact', ts('New Contact'), $action, TRUE);
344 }
345 }
346
347 /**
348 * Show status in the footer (admin only)
349 *
350 * @param CRM_Core_Smarty $template
351 */
352 public static function statusCheck($template) {
353 if (CRM_Core_Config::isUpgradeMode() || !CRM_Core_Permission::check('administer CiviCRM')) {
354 return;
355 }
356 // always use cached results - they will be refreshed by the session timer
357 $status = Civi::cache('checks')->get('systemStatusCheckResult');
358 $template->assign('footer_status_severity', $status);
359 $template->assign('footer_status_message', CRM_Utils_Check::toStatusLabel($status));
360 }
361
362 /**
363 * @param bool $triggerRebuild
364 * @param bool $sessionReset
365 *
366 * @throws Exception
367 */
368 public static function rebuildMenuAndCaches(bool $triggerRebuild = FALSE, bool $sessionReset = FALSE): void {
369 $config = CRM_Core_Config::singleton();
370 $config->clearModuleList();
371
372 // also cleanup all caches
373 $config->cleanupCaches($sessionReset || CRM_Utils_Request::retrieve('sessionReset', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET'));
374
375 CRM_Core_Menu::store();
376
377 // also reset navigation
378 CRM_Core_BAO_Navigation::resetNavigation();
379
380 // also cleanup module permissions
381 $config->cleanupPermissions();
382
383 // rebuild word replacement cache - pass false to prevent operations redundant with this fn
384 CRM_Core_BAO_WordReplacement::rebuild(FALSE);
385
386 Civi::service('settings_manager')->flush();
387 // Clear js caches
388 CRM_Core_Resources::singleton()->flushStrings()->resetCacheCode();
389 CRM_Case_XMLRepository::singleton(TRUE);
390
391 // also rebuild triggers if requested explicitly
392 if (
393 $triggerRebuild ||
394 CRM_Utils_Request::retrieve('triggerRebuild', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET')
395 ) {
396 Civi::service('sql_triggers')->rebuild();
397 // Rebuild Drupal 8/9/10 route cache only if "triggerRebuild" is set to TRUE as it's
398 // computationally very expensive and only needs to be done when routes change on the Civi-side.
399 // For example - when uninstalling an extension. We already set "triggerRebuild" to true for these operations.
400 $config->userSystem->invalidateRouteCache();
401 }
402
403 CRM_Core_ManagedEntities::singleton(TRUE)->reconcile();
404 }
405
406 }