projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #17133 from eileenmcnaughton/dep
[civicrm-core.git] / CRM / Core / Invoke.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
5 | |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
10 */
11
12 /**
13 *
14 * Given an argument list, invoke the appropriate CRM function
15 * Serves as a wrapper between the UserFrameWork and Core CRM
16 *
17 * @package CRM
18 * @copyright CiviCRM LLC https://civicrm.org/licensing
19 */
20 class CRM_Core_Invoke {
21
22 /**
23 * This is the main front-controller that integrates with the CMS. Any
24 * page-request that is sent to the CMS and intended for CiviCRM should
25 * be processed by invoke().
26 *
27 * @param array $args
28 * The parts of the URL which identify the intended CiviCRM page
29 * (e.g. array('civicrm', 'event', 'register')).
30 * @return string
31 * HTML. For non-HTML content, invoke() may call print() and exit().
32 *
33 */
34 public static function invoke($args) {
35 try {
36 return self::_invoke($args);
37 }
38 catch (Exception $e) {
39 CRM_Core_Error::handleUnhandledException($e);
40 }
41 }
42
43 /**
44 * This is the same as invoke(), but it does *not* include exception
45 * handling.
46 *
47 * @param array $args
48 * The parts of the URL which identify the intended CiviCRM page
49 * (e.g. array('civicrm', 'event', 'register')).
50 * @return string
51 * HTML. For non-HTML content, invoke() may call print() and exit().
52 */
53 public static function _invoke($args) {
54 if ($args[0] !== 'civicrm') {
55 return NULL;
56 }
57 // CRM-15901: Turn off PHP errors display for all ajax calls
58 if (CRM_Utils_Array::value(1, $args) == 'ajax' || CRM_Utils_Array::value('snippet', $_REQUEST)) {
59 ini_set('display_errors', 0);
60 }
61
62 if (!defined('CIVICRM_SYMFONY_PATH')) {
63 // Traditional Civi invocation path
64 // may exit
65 self::hackMenuRebuild($args);
66 self::init($args);
67 $item = self::getItem($args);
68 return self::runItem($item);
69 }
70 else {
71 // Symfony-based invocation path
72 require_once CIVICRM_SYMFONY_PATH . '/app/bootstrap.php.cache';
73 require_once CIVICRM_SYMFONY_PATH . '/app/AppKernel.php';
74 $kernel = new AppKernel('dev', TRUE);
75 $kernel->loadClassCache();
76 $response = $kernel->handle(Symfony\Component\HttpFoundation\Request::createFromGlobals());
77 if (preg_match(':^text/html:', $response->headers->get('Content-Type'))) {
78 // let the CMS handle the trappings
79 return $response->getContent();
80 }
81 else {
82 $response->send();
83 exit();
84 }
85 }
86 }
87
88 /**
89 * Hackish support /civicrm/menu/rebuild
90 *
91 * @param array $args
92 * List of path parts.
93 * @void
94 */
95 public static function hackMenuRebuild($args) {
96 if (['civicrm', 'menu', 'rebuild'] == $args || ['civicrm', 'clearcache'] == $args) {
97 // ensure that the user has a good privilege level
98 if (CRM_Core_Permission::check('administer CiviCRM')) {
99 self::rebuildMenuAndCaches();
100 CRM_Core_Session::setStatus(ts('Cleared all CiviCRM caches (database, menu, templates)'), ts('Complete'), 'success');
101 // exits
102 return CRM_Utils_System::redirect();
103 }
104 else {
105 CRM_Core_Error::fatal('You do not have permission to execute this url');
106 }
107 }
108 }
109
110 /**
111 * Perform general setup.
112 *
113 * @param array $args
114 * List of path parts.
115 * @void
116 */
117 public static function init($args) {
118 // first fire up IDS and check for bad stuff
119 $config = CRM_Core_Config::singleton();
120
121 // also initialize the i18n framework
122 require_once 'CRM/Core/I18n.php';
123 $i18n = CRM_Core_I18n::singleton();
124 }
125
126 /**
127 * Determine which menu $item corresponds to $args
128 *
129 * @param array $args
130 * List of path parts.
131 * @return array; see CRM_Core_Menu
132 */
133 public static function getItem($args) {
134 if (is_array($args)) {
135 // get the menu items
136 $path = implode('/', $args);
137 }
138 else {
139 $path = $args;
140 }
141 $item = CRM_Core_Menu::get($path);
142
143 // we should try to compute menus, if item is empty and stay on the same page,
144 // rather than compute and redirect to dashboard.
145 if (!$item) {
146 CRM_Core_Menu::store(FALSE);
147 $item = CRM_Core_Menu::get($path);
148 }
149
150 return $item;
151 }
152
153 /**
154 * Register an alternative phar:// stream wrapper to filter out insecure Phars
155 *
156 * PHP makes it possible to trigger Object Injection vulnerabilities by using
157 * a side-effect of the phar:// stream wrapper that unserializes Phar
158 * metadata. To mitigate this vulnerability, projects such as TYPO3 and Drupal
159 * have implemented an alternative Phar stream wrapper that disallows
160 * inclusion of phar files based on certain parameters.
161 *
162 * This code attempts to register the TYPO3 Phar stream wrapper using the
163 * interceptor defined in \Civi\Core\Security\PharExtensionInterceptor. In an
164 * environment where the stream wrapper was already registered via
165 * \TYPO3\PharStreamWrapper\Manager (i.e. Drupal), this code does not do
166 * anything. In other environments (e.g. WordPress, at the time of this
167 * writing), the TYPO3 library is used to register the interceptor to mitigate
168 * the vulnerability.
169 */
170 private static function registerPharHandler() {
171 try {
172 // try to get the existing stream wrapper, registered e.g. by Drupal
173 \TYPO3\PharStreamWrapper\Manager::instance();
174 }
175 catch (\LogicException $e) {
176 if ($e->getCode() === 1535189872) {
177 // no phar stream wrapper was registered by \TYPO3\PharStreamWrapper\Manager.
178 // This means we're probably not on Drupal and need to register our own.
179 \TYPO3\PharStreamWrapper\Manager::initialize(
180 (new \TYPO3\PharStreamWrapper\Behavior())
181 ->withAssertion(new \Civi\Core\Security\PharExtensionInterceptor())
182 );
183 if (in_array('phar', stream_get_wrappers())) {
184 stream_wrapper_unregister('phar');
185 stream_wrapper_register('phar', \TYPO3\PharStreamWrapper\PharStreamWrapper::class);
186 }
187 } else {
188 // this is not an exception we can handle
189 throw $e;
190 }
191 }
192 }
193
194 /**
195 * Given a menu item, call the appropriate controller and return the response
196 *
197 * @param array $item
198 * See CRM_Core_Menu.
199 * @return string, HTML
200 */
201 public static function runItem($item) {
202 $ids = new CRM_Core_IDS();
203 $ids->check($item);
204
205 self::registerPharHandler();
206
207 $config = CRM_Core_Config::singleton();
208 if ($config->userFramework == 'Joomla' && $item) {
209 $config->userFrameworkURLVar = 'task';
210
211 // joomla 1.5RC1 seems to push this in the POST variable, which messes
212 // QF and checkboxes
213 unset($_POST['option']);
214 CRM_Core_Joomla::sidebarLeft();
215 }
216
217 // set active Component
218 $template = CRM_Core_Smarty::singleton();
219 $template->assign('activeComponent', 'CiviCRM');
220 $template->assign('formTpl', 'default');
221
222 if ($item) {
223
224 if (!array_key_exists('page_callback', $item)) {
225 CRM_Core_Error::debug('Bad item', $item);
226 CRM_Core_Error::fatal(ts('Bad menu record in database'));
227 }
228
229 // check that we are permissioned to access this page
230 if (!CRM_Core_Permission::checkMenuItem($item)) {
231 CRM_Utils_System::permissionDenied();
232 return NULL;
233 }
234
235 // check if ssl is set
236 if (!empty($item['is_ssl'])) {
237 CRM_Utils_System::redirectToSSL();
238 }
239
240 if (isset($item['title'])) {
241 CRM_Utils_System::setTitle($item['title']);
242 }
243
244 if (isset($item['breadcrumb']) && !isset($item['is_public'])) {
245 CRM_Utils_System::appendBreadCrumb($item['breadcrumb']);
246 }
247
248 $pageArgs = NULL;
249 if (!empty($item['page_arguments'])) {
250 $pageArgs = CRM_Core_Menu::getArrayForPathArgs($item['page_arguments']);
251 }
252
253 $template = CRM_Core_Smarty::singleton();
254 if (!empty($item['is_public'])) {
255 $template->assign('urlIsPublic', TRUE);
256 }
257 else {
258 $template->assign('urlIsPublic', FALSE);
259 self::statusCheck($template);
260 }
261
262 if (isset($item['return_url'])) {
263 $session = CRM_Core_Session::singleton();
264 $args = CRM_Utils_Array::value(
265 'return_url_args',
266 $item,
267 'reset=1'
268 );
269 $session->pushUserContext(CRM_Utils_System::url($item['return_url'], $args));
270 }
271
272 $result = NULL;
273 // WISHLIST: Refactor this. Instead of pattern-matching on page_callback, lookup
274 // page_callback via Civi\Core\Resolver and check the implemented interfaces. This
275 // would require rethinking the default constructor.
276 if (is_array($item['page_callback']) || strpos($item['page_callback'], ':')) {
277 $result = call_user_func(Civi\Core\Resolver::singleton()->get($item['page_callback']));
278 }
279 elseif (strstr($item['page_callback'], '_Form')) {
280 $wrapper = new CRM_Utils_Wrapper();
281 $result = $wrapper->run(
282 CRM_Utils_Array::value('page_callback', $item),
283 CRM_Utils_Array::value('title', $item),
284 $pageArgs ?? NULL
285 );
286 }
287 else {
288 $newArgs = explode('/', $_GET[$config->userFrameworkURLVar]);
289 $mode = 'null';
290 if (isset($pageArgs['mode'])) {
291 $mode = $pageArgs['mode'];
292 unset($pageArgs['mode']);
293 }
294 $title = $item['title'] ?? NULL;
295 if (strstr($item['page_callback'], '_Page') || strstr($item['page_callback'], '\\Page\\')) {
296 $object = new $item['page_callback']($title, $mode);
297 $object->urlPath = explode('/', $_GET[$config->userFrameworkURLVar]);
298 }
299 elseif (strstr($item['page_callback'], '_Controller') || strstr($item['page_callback'], '\\Controller\\')) {
300 $addSequence = 'false';
301 if (isset($pageArgs['addSequence'])) {
302 $addSequence = $pageArgs['addSequence'];
303 $addSequence = $addSequence ? 'true' : 'false';
304 unset($pageArgs['addSequence']);
305 }
306 $object = new $item['page_callback']($title, TRUE, $mode, NULL, $addSequence);
307 }
308 else {
309 CRM_Core_Error::fatal();
310 }
311 $result = $object->run($newArgs, $pageArgs);
312 }
313
314 CRM_Core_Session::storeSessionObjects();
315 return $result;
316 }
317
318 CRM_Core_Menu::store();
319 CRM_Core_Session::setStatus(ts('Menu has been rebuilt'), ts('Complete'), 'success');
320 return CRM_Utils_System::redirect();
321 }
322
323 /**
324 * This function contains the default action.
325 *
326 * @param $action
327 *
328 * @param $contact_type
329 * @param $contact_sub_type
330 *
331 */
332 public static function form($action, $contact_type, $contact_sub_type) {
333 CRM_Utils_System::setUserContext(['civicrm/contact/search/basic', 'civicrm/contact/view']);
334 $wrapper = new CRM_Utils_Wrapper();
335
336 $properties = CRM_Core_Component::contactSubTypeProperties($contact_sub_type, 'Edit');
337 if ($properties) {
338 $wrapper->run($properties['class'], ts('New %1', [1 => $contact_sub_type]), $action, TRUE);
339 }
340 else {
341 $wrapper->run('CRM_Contact_Form_Contact', ts('New Contact'), $action, TRUE);
342 }
343 }
344
345 /**
346 * Show status in the footer (admin only)
347 *
348 * @param CRM_Core_Smarty $template
349 */
350 public static function statusCheck($template) {
351 if (CRM_Core_Config::isUpgradeMode() || !CRM_Core_Permission::check('administer CiviCRM')) {
352 return;
353 }
354 // always use cached results - they will be refreshed by the session timer
355 $status = Civi::cache('checks')->get('systemStatusCheckResult');
356 $template->assign('footer_status_severity', $status);
357 $template->assign('footer_status_message', CRM_Utils_Check::toStatusLabel($status));
358 }
359
360 /**
361 * @param bool $triggerRebuild
362 * @param bool $sessionReset
363 *
364 * @throws Exception
365 */
366 public static function rebuildMenuAndCaches($triggerRebuild = FALSE, $sessionReset = FALSE) {
367 $config = CRM_Core_Config::singleton();
368 $config->clearModuleList();
369
370 // also cleanup all caches
371 $config->cleanupCaches($sessionReset || CRM_Utils_Request::retrieve('sessionReset', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET'));
372
373 CRM_Core_Menu::store();
374
375 // also reset navigation
376 CRM_Core_BAO_Navigation::resetNavigation();
377
378 // also cleanup module permissions
379 $config->cleanupPermissions();
380
381 // rebuild word replacement cache - pass false to prevent operations redundant with this fn
382 CRM_Core_BAO_WordReplacement::rebuild(FALSE);
383
384 Civi::service('settings_manager')->flush();
385 // Clear js caches
386 CRM_Core_Resources::singleton()->flushStrings()->resetCacheCode();
387 CRM_Case_XMLRepository::singleton(TRUE);
388
389 // also rebuild triggers if requested explicitly
390 if (
391 $triggerRebuild ||
392 CRM_Utils_Request::retrieve('triggerRebuild', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET')
393 ) {
394 CRM_Core_DAO::triggerRebuild();
395 }
396 CRM_Core_DAO_AllCoreTables::reinitializeCache(TRUE);
397 CRM_Core_ManagedEntities::singleton(TRUE)->reconcile();
398 }
399
400 }