3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
14 * Given an argument list, invoke the appropriate CRM function
15 * Serves as a wrapper between the UserFrameWork and Core CRM
18 * @copyright CiviCRM LLC https://civicrm.org/licensing
20 class CRM_Core_Invoke
{
23 * This is the main front-controller that integrates with the CMS. Any
24 * page-request that is sent to the CMS and intended for CiviCRM should
25 * be processed by invoke().
28 * The parts of the URL which identify the intended CiviCRM page
29 * (e.g. array('civicrm', 'event', 'register')).
31 * HTML. For non-HTML content, invoke() may call print() and exit().
34 public static function invoke($args) {
36 return self
::_invoke($args);
38 catch (Exception
$e) {
39 CRM_Core_Error
::handleUnhandledException($e);
44 * This is the same as invoke(), but it does *not* include exception
48 * The parts of the URL which identify the intended CiviCRM page
49 * (e.g. array('civicrm', 'event', 'register')).
51 * HTML. For non-HTML content, invoke() may call print() and exit().
53 public static function _invoke($args) {
54 if ($args[0] !== 'civicrm') {
57 // CRM-15901: Turn off PHP errors display for all ajax calls
58 if (CRM_Utils_Array
::value(1, $args) == 'ajax' ||
!empty($_REQUEST['snippet'])) {
59 ini_set('display_errors', 0);
62 if (!defined('CIVICRM_SYMFONY_PATH')) {
63 // Traditional Civi invocation path
65 self
::hackMenuRebuild($args);
67 Civi
::dispatcher()->dispatch('civi.invoke.auth', \Civi\Core\Event\GenericHookEvent
::create(['args' => $args]));
68 $item = self
::getItem($args);
69 return self
::runItem($item);
72 // Symfony-based invocation path
73 require_once CIVICRM_SYMFONY_PATH
. '/app/bootstrap.php.cache';
74 require_once CIVICRM_SYMFONY_PATH
. '/app/AppKernel.php';
75 $kernel = new AppKernel('dev', TRUE);
76 $kernel->loadClassCache();
77 $response = $kernel->handle(Symfony\Component\HttpFoundation\Request
::createFromGlobals());
78 if (preg_match(':^text/html:', $response->headers
->get('Content-Type'))) {
79 // let the CMS handle the trappings
80 return $response->getContent();
90 * Hackish support /civicrm/menu/rebuild
96 public static function hackMenuRebuild($args) {
97 if (['civicrm', 'menu', 'rebuild'] == $args ||
['civicrm', 'clearcache'] == $args) {
98 // ensure that the user has a good privilege level
99 if (CRM_Core_Permission
::check('administer CiviCRM')) {
100 self
::rebuildMenuAndCaches();
101 CRM_Core_Session
::setStatus(ts('Cleared all CiviCRM caches (database, menu, templates)'), ts('Complete'), 'success');
103 return CRM_Utils_System
::redirect();
106 CRM_Core_Error
::statusBounce(ts('You do not have permission to execute this url'));
112 * Perform general setup.
115 * List of path parts.
118 public static function init($args) {
119 // first fire up IDS and check for bad stuff
120 $config = CRM_Core_Config
::singleton();
122 // also initialize the i18n framework
123 require_once 'CRM/Core/I18n.php';
124 $i18n = CRM_Core_I18n
::singleton();
128 * Determine which menu $item corresponds to $args
131 * List of path parts.
132 * @return array; see CRM_Core_Menu
134 public static function getItem($args) {
135 if (is_array($args)) {
136 // get the menu items
137 $path = implode('/', $args);
142 $item = CRM_Core_Menu
::get($path);
144 // we should try to compute menus, if item is empty and stay on the same page,
145 // rather than compute and redirect to dashboard.
147 CRM_Core_Menu
::store(FALSE);
148 $item = CRM_Core_Menu
::get($path);
155 * Register an alternative phar:// stream wrapper to filter out insecure Phars
157 * PHP makes it possible to trigger Object Injection vulnerabilities by using
158 * a side-effect of the phar:// stream wrapper that unserializes Phar
159 * metadata. To mitigate this vulnerability, projects such as TYPO3 and Drupal
160 * have implemented an alternative Phar stream wrapper that disallows
161 * inclusion of phar files based on certain parameters.
163 * This code attempts to register the TYPO3 Phar stream wrapper using the
164 * interceptor defined in \Civi\Core\Security\PharExtensionInterceptor. In an
165 * environment where the stream wrapper was already registered via
166 * \TYPO3\PharStreamWrapper\Manager (i.e. Drupal), this code does not do
167 * anything. In other environments (e.g. WordPress, at the time of this
168 * writing), the TYPO3 library is used to register the interceptor to mitigate
171 private static function registerPharHandler() {
173 // try to get the existing stream wrapper, registered e.g. by Drupal
174 \TYPO3\PharStreamWrapper\Manager
::instance();
176 catch (\LogicException
$e) {
177 if ($e->getCode() === 1535189872) {
178 // no phar stream wrapper was registered by \TYPO3\PharStreamWrapper\Manager.
179 // This means we're probably not on Drupal and need to register our own.
180 \TYPO3\PharStreamWrapper\Manager
::initialize(
181 (new \TYPO3\PharStreamWrapper\
Behavior())
182 ->withAssertion(new \Civi\Core\Security\
PharExtensionInterceptor())
184 if (in_array('phar', stream_get_wrappers())) {
185 stream_wrapper_unregister('phar');
186 stream_wrapper_register('phar', \TYPO3\PharStreamWrapper\PharStreamWrapper
::class);
190 // this is not an exception we can handle
197 * Given a menu item, call the appropriate controller and return the response
201 * @return string, HTML
203 public static function runItem($item) {
204 $ids = new CRM_Core_IDS();
207 self
::registerPharHandler();
209 $config = CRM_Core_Config
::singleton();
210 if ($config->userFramework
== 'Joomla' && $item) {
211 $config->userFrameworkURLVar
= 'task';
213 // joomla 1.5RC1 seems to push this in the POST variable, which messes
215 unset($_POST['option']);
216 CRM_Core_Joomla
::sidebarLeft();
219 // set active Component
220 $template = CRM_Core_Smarty
::singleton();
221 $template->assign('activeComponent', 'CiviCRM');
222 $template->assign('formTpl', 'default');
223 // Ensure template variables have 'something' assigned for e-notice
224 // prevention. These are ones that are included very often
225 // and not tied to a specific form.
226 // jsortable.tpl (datatables)
227 $template->assign('sourceUrl');
228 $template->assign('useAjax', 0);
232 if (!array_key_exists('page_callback', $item)) {
233 CRM_Core_Error
::debug('Bad item', $item);
234 CRM_Core_Error
::statusBounce(ts('Bad menu record in database'));
237 // check that we are permissioned to access this page
238 if (!CRM_Core_Permission
::checkMenuItem($item)) {
239 CRM_Utils_System
::permissionDenied();
243 // check if ssl is set
244 if (!empty($item['is_ssl'])) {
245 CRM_Utils_System
::redirectToSSL();
248 if (isset($item['title'])) {
249 CRM_Utils_System
::setTitle($item['title']);
252 if (isset($item['breadcrumb']) && !isset($item['is_public'])) {
253 CRM_Utils_System
::appendBreadCrumb($item['breadcrumb']);
257 if (!empty($item['page_arguments'])) {
258 $pageArgs = CRM_Core_Menu
::getArrayForPathArgs($item['page_arguments']);
261 $template = CRM_Core_Smarty
::singleton();
262 if (!empty($item['is_public'])) {
263 $template->assign('urlIsPublic', TRUE);
266 $template->assign('urlIsPublic', FALSE);
267 self
::statusCheck($template);
270 if (isset($item['return_url'])) {
271 $session = CRM_Core_Session
::singleton();
272 $args = CRM_Utils_Array
::value(
277 $session->pushUserContext(CRM_Utils_System
::url($item['return_url'], $args));
281 // WISHLIST: Refactor this. Instead of pattern-matching on page_callback, lookup
282 // page_callback via Civi\Core\Resolver and check the implemented interfaces. This
283 // would require rethinking the default constructor.
284 if (is_array($item['page_callback']) ||
strpos($item['page_callback'], ':')) {
285 $result = call_user_func(Civi\Core\Resolver
::singleton()->get($item['page_callback']));
287 elseif (strpos($item['page_callback'], '_Form') !== FALSE) {
288 $wrapper = new CRM_Utils_Wrapper();
289 $result = $wrapper->run(
290 $item['page_callback'] ??
NULL,
291 $item['title'] ??
NULL,
296 $newArgs = explode('/', $_GET[$config->userFrameworkURLVar
]);
298 if (isset($pageArgs['mode'])) {
299 $mode = $pageArgs['mode'];
300 unset($pageArgs['mode']);
302 $title = $item['title'] ??
NULL;
303 if (strstr($item['page_callback'], '_Page') ||
strstr($item['page_callback'], '\\Page\\')) {
304 $object = new $item['page_callback']($title, $mode);
305 $object->urlPath
= explode('/', $_GET[$config->userFrameworkURLVar
]);
307 elseif (strstr($item['page_callback'], '_Controller') ||
strstr($item['page_callback'], '\\Controller\\')) {
308 $addSequence = 'false';
309 if (isset($pageArgs['addSequence'])) {
310 $addSequence = $pageArgs['addSequence'];
311 $addSequence = $addSequence ?
'true' : 'false';
312 unset($pageArgs['addSequence']);
314 $object = new $item['page_callback']($title, TRUE, $mode, NULL, $addSequence);
317 throw new CRM_Core_Exception('Execute supplied menu action');
319 $result = $object->run($newArgs, $pageArgs);
322 CRM_Core_Session
::storeSessionObjects();
326 CRM_Core_Menu
::store();
327 CRM_Core_Session
::setStatus(ts('Menu has been rebuilt'), ts('Complete'), 'success');
328 return CRM_Utils_System
::redirect();
332 * This function contains the default action.
336 * @param $contact_type
337 * @param $contact_sub_type
340 public static function form($action, $contact_type, $contact_sub_type) {
341 CRM_Utils_System
::setUserContext(['civicrm/contact/search/basic', 'civicrm/contact/view']);
342 $wrapper = new CRM_Utils_Wrapper();
344 $properties = CRM_Core_Component
::contactSubTypeProperties($contact_sub_type, 'Edit');
346 $wrapper->run($properties['class'], ts('New %1', [1 => $contact_sub_type]), $action, TRUE);
349 $wrapper->run('CRM_Contact_Form_Contact', ts('New Contact'), $action, TRUE);
354 * Show status in the footer (admin only)
356 * @param CRM_Core_Smarty $template
358 public static function statusCheck($template) {
359 if (CRM_Core_Config
::isUpgradeMode() ||
!CRM_Core_Permission
::check('administer CiviCRM')) {
362 // always use cached results - they will be refreshed by the session timer
363 $status = Civi
::cache('checks')->get('systemStatusCheckResult');
364 $template->assign('footer_status_severity', $status);
365 $template->assign('footer_status_message', CRM_Utils_Check
::toStatusLabel($status));
369 * @param bool $triggerRebuild
370 * @param bool $sessionReset
374 public static function rebuildMenuAndCaches(bool $triggerRebuild = FALSE, bool $sessionReset = FALSE): void
{
375 $config = CRM_Core_Config
::singleton();
376 $config->clearModuleList();
378 // also cleanup all caches
379 $config->cleanupCaches($sessionReset || CRM_Utils_Request
::retrieve('sessionReset', 'Boolean', CRM_Core_DAO
::$_nullObject, FALSE, 0, 'GET'));
381 CRM_Core_Menu
::store();
383 // also reset navigation
384 CRM_Core_BAO_Navigation
::resetNavigation();
386 // also cleanup module permissions
387 $config->cleanupPermissions();
389 // rebuild word replacement cache - pass false to prevent operations redundant with this fn
390 CRM_Core_BAO_WordReplacement
::rebuild(FALSE);
392 Civi
::service('settings_manager')->flush();
394 CRM_Core_Resources
::singleton()->flushStrings()->resetCacheCode();
395 CRM_Case_XMLRepository
::singleton(TRUE);
397 // also rebuild triggers if requested explicitly
400 CRM_Utils_Request
::retrieve('triggerRebuild', 'Boolean', CRM_Core_DAO
::$_nullObject, FALSE, 0, 'GET')
402 Civi
::service('sql_triggers')->rebuild();
403 // Rebuild Drupal 8/9/10 route cache only if "triggerRebuild" is set to TRUE as it's
404 // computationally very expensive and only needs to be done when routes change on the Civi-side.
405 // For example - when uninstalling an extension. We already set "triggerRebuild" to true for these operations.
406 $config->userSystem
->invalidateRouteCache();
409 CRM_Core_ManagedEntities
::singleton(TRUE)->reconcile();