3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
14 * Given an argument list, invoke the appropriate CRM function
15 * Serves as a wrapper between the UserFrameWork and Core CRM
18 * @copyright CiviCRM LLC https://civicrm.org/licensing
20 class CRM_Core_Invoke
{
23 * This is the main front-controller that integrates with the CMS. Any
24 * page-request that is sent to the CMS and intended for CiviCRM should
25 * be processed by invoke().
28 * The parts of the URL which identify the intended CiviCRM page
29 * (e.g. array('civicrm', 'event', 'register')).
31 * HTML. For non-HTML content, invoke() may call print() and exit().
34 public static function invoke($args) {
36 return self
::_invoke($args);
38 catch (Exception
$e) {
39 CRM_Core_Error
::handleUnhandledException($e);
44 * This is the same as invoke(), but it does *not* include exception
48 * The parts of the URL which identify the intended CiviCRM page
49 * (e.g. array('civicrm', 'event', 'register')).
51 * HTML. For non-HTML content, invoke() may call print() and exit().
53 public static function _invoke($args) {
54 if ($args[0] !== 'civicrm') {
57 // CRM-15901: Turn off PHP errors display for all ajax calls
58 if (CRM_Utils_Array
::value(1, $args) == 'ajax' ||
!empty($_REQUEST['snippet'])) {
59 ini_set('display_errors', 0);
62 if (!defined('CIVICRM_SYMFONY_PATH')) {
63 // Traditional Civi invocation path
65 self
::hackMenuRebuild($args);
67 Civi
::dispatcher()->dispatch('civi.invoke.auth', \Civi\Core\Event\GenericHookEvent
::create(['args' => $args]));
68 $item = self
::getItem($args);
69 return self
::runItem($item);
72 // Symfony-based invocation path
73 require_once CIVICRM_SYMFONY_PATH
. '/app/bootstrap.php.cache';
74 require_once CIVICRM_SYMFONY_PATH
. '/app/AppKernel.php';
75 $kernel = new AppKernel('dev', TRUE);
76 $kernel->loadClassCache();
77 $response = $kernel->handle(Symfony\Component\HttpFoundation\Request
::createFromGlobals());
78 if (preg_match(':^text/html:', $response->headers
->get('Content-Type'))) {
79 // let the CMS handle the trappings
80 return $response->getContent();
90 * Hackish support /civicrm/menu/rebuild
96 public static function hackMenuRebuild($args) {
97 if (['civicrm', 'menu', 'rebuild'] == $args ||
['civicrm', 'clearcache'] == $args) {
98 // ensure that the user has a good privilege level
99 if (CRM_Core_Permission
::check('administer CiviCRM')) {
100 self
::rebuildMenuAndCaches();
101 CRM_Core_Session
::setStatus(ts('Cleared all CiviCRM caches (database, menu, templates)'), ts('Complete'), 'success');
103 return CRM_Utils_System
::redirect();
106 CRM_Core_Error
::statusBounce('You do not have permission to execute this url');
112 * Perform general setup.
115 * List of path parts.
118 public static function init($args) {
119 // first fire up IDS and check for bad stuff
120 $config = CRM_Core_Config
::singleton();
122 // also initialize the i18n framework
123 require_once 'CRM/Core/I18n.php';
124 $i18n = CRM_Core_I18n
::singleton();
128 * Determine which menu $item corresponds to $args
131 * List of path parts.
132 * @return array; see CRM_Core_Menu
134 public static function getItem($args) {
135 if (is_array($args)) {
136 // get the menu items
137 $path = implode('/', $args);
142 $item = CRM_Core_Menu
::get($path);
144 // we should try to compute menus, if item is empty and stay on the same page,
145 // rather than compute and redirect to dashboard.
147 CRM_Core_Menu
::store(FALSE);
148 $item = CRM_Core_Menu
::get($path);
155 * Register an alternative phar:// stream wrapper to filter out insecure Phars
157 * PHP makes it possible to trigger Object Injection vulnerabilities by using
158 * a side-effect of the phar:// stream wrapper that unserializes Phar
159 * metadata. To mitigate this vulnerability, projects such as TYPO3 and Drupal
160 * have implemented an alternative Phar stream wrapper that disallows
161 * inclusion of phar files based on certain parameters.
163 * This code attempts to register the TYPO3 Phar stream wrapper using the
164 * interceptor defined in \Civi\Core\Security\PharExtensionInterceptor. In an
165 * environment where the stream wrapper was already registered via
166 * \TYPO3\PharStreamWrapper\Manager (i.e. Drupal), this code does not do
167 * anything. In other environments (e.g. WordPress, at the time of this
168 * writing), the TYPO3 library is used to register the interceptor to mitigate
171 private static function registerPharHandler() {
173 // try to get the existing stream wrapper, registered e.g. by Drupal
174 \TYPO3\PharStreamWrapper\Manager
::instance();
176 catch (\LogicException
$e) {
177 if ($e->getCode() === 1535189872) {
178 // no phar stream wrapper was registered by \TYPO3\PharStreamWrapper\Manager.
179 // This means we're probably not on Drupal and need to register our own.
180 \TYPO3\PharStreamWrapper\Manager
::initialize(
181 (new \TYPO3\PharStreamWrapper\
Behavior())
182 ->withAssertion(new \Civi\Core\Security\
PharExtensionInterceptor())
184 if (in_array('phar', stream_get_wrappers())) {
185 stream_wrapper_unregister('phar');
186 stream_wrapper_register('phar', \TYPO3\PharStreamWrapper\PharStreamWrapper
::class);
190 // this is not an exception we can handle
197 * Given a menu item, call the appropriate controller and return the response
201 * @return string, HTML
203 public static function runItem($item) {
204 $ids = new CRM_Core_IDS();
207 self
::registerPharHandler();
209 $config = CRM_Core_Config
::singleton();
210 if ($config->userFramework
== 'Joomla' && $item) {
211 $config->userFrameworkURLVar
= 'task';
213 // joomla 1.5RC1 seems to push this in the POST variable, which messes
215 unset($_POST['option']);
216 CRM_Core_Joomla
::sidebarLeft();
219 // set active Component
220 $template = CRM_Core_Smarty
::singleton();
221 $template->assign('activeComponent', 'CiviCRM');
222 $template->assign('formTpl', 'default');
226 if (!array_key_exists('page_callback', $item)) {
227 CRM_Core_Error
::debug('Bad item', $item);
228 CRM_Core_Error
::statusBounce(ts('Bad menu record in database'));
231 // check that we are permissioned to access this page
232 if (!CRM_Core_Permission
::checkMenuItem($item)) {
233 CRM_Utils_System
::permissionDenied();
237 // check if ssl is set
238 if (!empty($item['is_ssl'])) {
239 CRM_Utils_System
::redirectToSSL();
242 if (isset($item['title'])) {
243 CRM_Utils_System
::setTitle($item['title']);
246 if (isset($item['breadcrumb']) && !isset($item['is_public'])) {
247 CRM_Utils_System
::appendBreadCrumb($item['breadcrumb']);
251 if (!empty($item['page_arguments'])) {
252 $pageArgs = CRM_Core_Menu
::getArrayForPathArgs($item['page_arguments']);
255 $template = CRM_Core_Smarty
::singleton();
256 if (!empty($item['is_public'])) {
257 $template->assign('urlIsPublic', TRUE);
260 $template->assign('urlIsPublic', FALSE);
261 self
::statusCheck($template);
264 if (isset($item['return_url'])) {
265 $session = CRM_Core_Session
::singleton();
266 $args = CRM_Utils_Array
::value(
271 $session->pushUserContext(CRM_Utils_System
::url($item['return_url'], $args));
275 // WISHLIST: Refactor this. Instead of pattern-matching on page_callback, lookup
276 // page_callback via Civi\Core\Resolver and check the implemented interfaces. This
277 // would require rethinking the default constructor.
278 if (is_array($item['page_callback']) ||
strpos($item['page_callback'], ':')) {
279 $result = call_user_func(Civi\Core\Resolver
::singleton()->get($item['page_callback']));
281 elseif (strpos($item['page_callback'], '_Form') !== FALSE) {
282 $wrapper = new CRM_Utils_Wrapper();
283 $result = $wrapper->run(
284 $item['page_callback'] ??
NULL,
285 $item['title'] ??
NULL,
290 $newArgs = explode('/', $_GET[$config->userFrameworkURLVar
]);
292 if (isset($pageArgs['mode'])) {
293 $mode = $pageArgs['mode'];
294 unset($pageArgs['mode']);
296 $title = $item['title'] ??
NULL;
297 if (strstr($item['page_callback'], '_Page') ||
strstr($item['page_callback'], '\\Page\\')) {
298 $object = new $item['page_callback']($title, $mode);
299 $object->urlPath
= explode('/', $_GET[$config->userFrameworkURLVar
]);
301 elseif (strstr($item['page_callback'], '_Controller') ||
strstr($item['page_callback'], '\\Controller\\')) {
302 $addSequence = 'false';
303 if (isset($pageArgs['addSequence'])) {
304 $addSequence = $pageArgs['addSequence'];
305 $addSequence = $addSequence ?
'true' : 'false';
306 unset($pageArgs['addSequence']);
308 $object = new $item['page_callback']($title, TRUE, $mode, NULL, $addSequence);
311 throw new CRM_Core_Exception('Execute supplied menu action');
313 $result = $object->run($newArgs, $pageArgs);
316 CRM_Core_Session
::storeSessionObjects();
320 CRM_Core_Menu
::store();
321 CRM_Core_Session
::setStatus(ts('Menu has been rebuilt'), ts('Complete'), 'success');
322 return CRM_Utils_System
::redirect();
326 * This function contains the default action.
330 * @param $contact_type
331 * @param $contact_sub_type
334 public static function form($action, $contact_type, $contact_sub_type) {
335 CRM_Utils_System
::setUserContext(['civicrm/contact/search/basic', 'civicrm/contact/view']);
336 $wrapper = new CRM_Utils_Wrapper();
338 $properties = CRM_Core_Component
::contactSubTypeProperties($contact_sub_type, 'Edit');
340 $wrapper->run($properties['class'], ts('New %1', [1 => $contact_sub_type]), $action, TRUE);
343 $wrapper->run('CRM_Contact_Form_Contact', ts('New Contact'), $action, TRUE);
348 * Show status in the footer (admin only)
350 * @param CRM_Core_Smarty $template
352 public static function statusCheck($template) {
353 if (CRM_Core_Config
::isUpgradeMode() ||
!CRM_Core_Permission
::check('administer CiviCRM')) {
356 // always use cached results - they will be refreshed by the session timer
357 $status = Civi
::cache('checks')->get('systemStatusCheckResult');
358 $template->assign('footer_status_severity', $status);
359 $template->assign('footer_status_message', CRM_Utils_Check
::toStatusLabel($status));
363 * @param bool $triggerRebuild
364 * @param bool $sessionReset
368 public static function rebuildMenuAndCaches($triggerRebuild = FALSE, $sessionReset = FALSE) {
369 $config = CRM_Core_Config
::singleton();
370 $config->clearModuleList();
372 // also cleanup all caches
373 $config->cleanupCaches($sessionReset || CRM_Utils_Request
::retrieve('sessionReset', 'Boolean', CRM_Core_DAO
::$_nullObject, FALSE, 0, 'GET'));
375 CRM_Core_Menu
::store();
377 // also reset navigation
378 CRM_Core_BAO_Navigation
::resetNavigation();
380 // also cleanup module permissions
381 $config->cleanupPermissions();
383 // rebuild word replacement cache - pass false to prevent operations redundant with this fn
384 CRM_Core_BAO_WordReplacement
::rebuild(FALSE);
386 Civi
::service('settings_manager')->flush();
388 CRM_Core_Resources
::singleton()->flushStrings()->resetCacheCode();
389 CRM_Case_XMLRepository
::singleton(TRUE);
391 // also rebuild triggers if requested explicitly
394 CRM_Utils_Request
::retrieve('triggerRebuild', 'Boolean', CRM_Core_DAO
::$_nullObject, FALSE, 0, 'GET')
396 CRM_Core_DAO
::triggerRebuild();
397 $config->userSystem
->invalidateRouteCache();
399 CRM_Core_DAO_AllCoreTables
::reinitializeCache(TRUE);
400 CRM_Core_ManagedEntities
::singleton(TRUE)->reconcile();