projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #16629 from WeMoveEU/core-1620
[civicrm-core.git] / CRM / Core / Invoke.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
5 | |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
10 */
11
12 /**
13 *
14 * Given an argument list, invoke the appropriate CRM function
15 * Serves as a wrapper between the UserFrameWork and Core CRM
16 *
17 * @package CRM
18 * @copyright CiviCRM LLC https://civicrm.org/licensing
19 */
20 class CRM_Core_Invoke {
21
22 /**
23 * This is the main front-controller that integrates with the CMS. Any
24 * page-request that is sent to the CMS and intended for CiviCRM should
25 * be processed by invoke().
26 *
27 * @param array $args
28 * The parts of the URL which identify the intended CiviCRM page
29 * (e.g. array('civicrm', 'event', 'register')).
30 * @return string
31 * HTML. For non-HTML content, invoke() may call print() and exit().
32 *
33 */
34 public static function invoke($args) {
35 try {
36 return self::_invoke($args);
37 }
38 catch (Exception $e) {
39 CRM_Core_Error::handleUnhandledException($e);
40 }
41 }
42
43 /**
44 * This is the same as invoke(), but it does *not* include exception
45 * handling.
46 *
47 * @param array $args
48 * The parts of the URL which identify the intended CiviCRM page
49 * (e.g. array('civicrm', 'event', 'register')).
50 * @return string
51 * HTML. For non-HTML content, invoke() may call print() and exit().
52 */
53 public static function _invoke($args) {
54 if ($args[0] !== 'civicrm') {
55 return NULL;
56 }
57 // CRM-15901: Turn off PHP errors display for all ajax calls
58 if (CRM_Utils_Array::value(1, $args) == 'ajax' || !empty($_REQUEST['snippet'])) {
59 ini_set('display_errors', 0);
60 }
61
62 if (!defined('CIVICRM_SYMFONY_PATH')) {
63 // Traditional Civi invocation path
64 // may exit
65 self::hackMenuRebuild($args);
66 self::init($args);
67 $item = self::getItem($args);
68 return self::runItem($item);
69 }
70 else {
71 // Symfony-based invocation path
72 require_once CIVICRM_SYMFONY_PATH . '/app/bootstrap.php.cache';
73 require_once CIVICRM_SYMFONY_PATH . '/app/AppKernel.php';
74 $kernel = new AppKernel('dev', TRUE);
75 $kernel->loadClassCache();
76 $response = $kernel->handle(Symfony\Component\HttpFoundation\Request::createFromGlobals());
77 if (preg_match(':^text/html:', $response->headers->get('Content-Type'))) {
78 // let the CMS handle the trappings
79 return $response->getContent();
80 }
81 else {
82 $response->send();
83 exit();
84 }
85 }
86 }
87
88 /**
89 * Hackish support /civicrm/menu/rebuild
90 *
91 * @param array $args
92 * List of path parts.
93 * @void
94 */
95 public static function hackMenuRebuild($args) {
96 if (['civicrm', 'menu', 'rebuild'] == $args || ['civicrm', 'clearcache'] == $args) {
97 // ensure that the user has a good privilege level
98 if (CRM_Core_Permission::check('administer CiviCRM')) {
99 self::rebuildMenuAndCaches();
100 CRM_Core_Session::setStatus(ts('Cleared all CiviCRM caches (database, menu, templates)'), ts('Complete'), 'success');
101 // exits
102 return CRM_Utils_System::redirect();
103 }
104 else {
105 CRM_Core_Error::statusBounce('You do not have permission to execute this url');
106 }
107 }
108 }
109
110 /**
111 * Perform general setup.
112 *
113 * @param array $args
114 * List of path parts.
115 * @void
116 */
117 public static function init($args) {
118 // first fire up IDS and check for bad stuff
119 $config = CRM_Core_Config::singleton();
120
121 // also initialize the i18n framework
122 require_once 'CRM/Core/I18n.php';
123 $i18n = CRM_Core_I18n::singleton();
124 }
125
126 /**
127 * Determine which menu $item corresponds to $args
128 *
129 * @param array $args
130 * List of path parts.
131 * @return array; see CRM_Core_Menu
132 */
133 public static function getItem($args) {
134 if (is_array($args)) {
135 // get the menu items
136 $path = implode('/', $args);
137 }
138 else {
139 $path = $args;
140 }
141 $item = CRM_Core_Menu::get($path);
142
143 // we should try to compute menus, if item is empty and stay on the same page,
144 // rather than compute and redirect to dashboard.
145 if (!$item) {
146 CRM_Core_Menu::store(FALSE);
147 $item = CRM_Core_Menu::get($path);
148 }
149
150 return $item;
151 }
152
153 /**
154 * Register an alternative phar:// stream wrapper to filter out insecure Phars
155 *
156 * PHP makes it possible to trigger Object Injection vulnerabilities by using
157 * a side-effect of the phar:// stream wrapper that unserializes Phar
158 * metadata. To mitigate this vulnerability, projects such as TYPO3 and Drupal
159 * have implemented an alternative Phar stream wrapper that disallows
160 * inclusion of phar files based on certain parameters.
161 *
162 * This code attempts to register the TYPO3 Phar stream wrapper using the
163 * interceptor defined in \Civi\Core\Security\PharExtensionInterceptor. In an
164 * environment where the stream wrapper was already registered via
165 * \TYPO3\PharStreamWrapper\Manager (i.e. Drupal), this code does not do
166 * anything. In other environments (e.g. WordPress, at the time of this
167 * writing), the TYPO3 library is used to register the interceptor to mitigate
168 * the vulnerability.
169 */
170 private static function registerPharHandler() {
171 try {
172 // try to get the existing stream wrapper, registered e.g. by Drupal
173 \TYPO3\PharStreamWrapper\Manager::instance();
174 }
175 catch (\LogicException $e) {
176 if ($e->getCode() === 1535189872) {
177 // no phar stream wrapper was registered by \TYPO3\PharStreamWrapper\Manager.
178 // This means we're probably not on Drupal and need to register our own.
179 \TYPO3\PharStreamWrapper\Manager::initialize(
180 (new \TYPO3\PharStreamWrapper\Behavior())
181 ->withAssertion(new \Civi\Core\Security\PharExtensionInterceptor())
182 );
183 if (in_array('phar', stream_get_wrappers())) {
184 stream_wrapper_unregister('phar');
185 stream_wrapper_register('phar', \TYPO3\PharStreamWrapper\PharStreamWrapper::class);
186 }
187 }
188 else {
189 // this is not an exception we can handle
190 throw $e;
191 }
192 }
193 }
194
195 /**
196 * Given a menu item, call the appropriate controller and return the response
197 *
198 * @param array $item
199 * See CRM_Core_Menu.
200 * @return string, HTML
201 */
202 public static function runItem($item) {
203 $ids = new CRM_Core_IDS();
204 $ids->check($item);
205
206 self::registerPharHandler();
207
208 $config = CRM_Core_Config::singleton();
209 if ($config->userFramework == 'Joomla' && $item) {
210 $config->userFrameworkURLVar = 'task';
211
212 // joomla 1.5RC1 seems to push this in the POST variable, which messes
213 // QF and checkboxes
214 unset($_POST['option']);
215 CRM_Core_Joomla::sidebarLeft();
216 }
217
218 // set active Component
219 $template = CRM_Core_Smarty::singleton();
220 $template->assign('activeComponent', 'CiviCRM');
221 $template->assign('formTpl', 'default');
222
223 if ($item) {
224
225 if (!array_key_exists('page_callback', $item)) {
226 CRM_Core_Error::debug('Bad item', $item);
227 CRM_Core_Error::statusBounce(ts('Bad menu record in database'));
228 }
229
230 // check that we are permissioned to access this page
231 if (!CRM_Core_Permission::checkMenuItem($item)) {
232 CRM_Utils_System::permissionDenied();
233 return NULL;
234 }
235
236 // check if ssl is set
237 if (!empty($item['is_ssl'])) {
238 CRM_Utils_System::redirectToSSL();
239 }
240
241 if (isset($item['title'])) {
242 CRM_Utils_System::setTitle($item['title']);
243 }
244
245 if (isset($item['breadcrumb']) && !isset($item['is_public'])) {
246 CRM_Utils_System::appendBreadCrumb($item['breadcrumb']);
247 }
248
249 $pageArgs = NULL;
250 if (!empty($item['page_arguments'])) {
251 $pageArgs = CRM_Core_Menu::getArrayForPathArgs($item['page_arguments']);
252 }
253
254 $template = CRM_Core_Smarty::singleton();
255 if (!empty($item['is_public'])) {
256 $template->assign('urlIsPublic', TRUE);
257 }
258 else {
259 $template->assign('urlIsPublic', FALSE);
260 self::statusCheck($template);
261 }
262
263 if (isset($item['return_url'])) {
264 $session = CRM_Core_Session::singleton();
265 $args = CRM_Utils_Array::value(
266 'return_url_args',
267 $item,
268 'reset=1'
269 );
270 $session->pushUserContext(CRM_Utils_System::url($item['return_url'], $args));
271 }
272
273 $result = NULL;
274 // WISHLIST: Refactor this. Instead of pattern-matching on page_callback, lookup
275 // page_callback via Civi\Core\Resolver and check the implemented interfaces. This
276 // would require rethinking the default constructor.
277 if (is_array($item['page_callback']) || strpos($item['page_callback'], ':')) {
278 $result = call_user_func(Civi\Core\Resolver::singleton()->get($item['page_callback']));
279 }
280 elseif (strstr($item['page_callback'], '_Form')) {
281 $wrapper = new CRM_Utils_Wrapper();
282 $result = $wrapper->run(
283 CRM_Utils_Array::value('page_callback', $item),
284 CRM_Utils_Array::value('title', $item),
285 $pageArgs ?? NULL
286 );
287 }
288 else {
289 $newArgs = explode('/', $_GET[$config->userFrameworkURLVar]);
290 $mode = 'null';
291 if (isset($pageArgs['mode'])) {
292 $mode = $pageArgs['mode'];
293 unset($pageArgs['mode']);
294 }
295 $title = $item['title'] ?? NULL;
296 if (strstr($item['page_callback'], '_Page') || strstr($item['page_callback'], '\\Page\\')) {
297 $object = new $item['page_callback']($title, $mode);
298 $object->urlPath = explode('/', $_GET[$config->userFrameworkURLVar]);
299 }
300 elseif (strstr($item['page_callback'], '_Controller') || strstr($item['page_callback'], '\\Controller\\')) {
301 $addSequence = 'false';
302 if (isset($pageArgs['addSequence'])) {
303 $addSequence = $pageArgs['addSequence'];
304 $addSequence = $addSequence ? 'true' : 'false';
305 unset($pageArgs['addSequence']);
306 }
307 $object = new $item['page_callback']($title, TRUE, $mode, NULL, $addSequence);
308 }
309 else {
310 throw new CRM_Core_Exception('Execute supplied menu action');
311 }
312 $result = $object->run($newArgs, $pageArgs);
313 }
314
315 CRM_Core_Session::storeSessionObjects();
316 return $result;
317 }
318
319 CRM_Core_Menu::store();
320 CRM_Core_Session::setStatus(ts('Menu has been rebuilt'), ts('Complete'), 'success');
321 return CRM_Utils_System::redirect();
322 }
323
324 /**
325 * This function contains the default action.
326 *
327 * @param $action
328 *
329 * @param $contact_type
330 * @param $contact_sub_type
331 *
332 */
333 public static function form($action, $contact_type, $contact_sub_type) {
334 CRM_Utils_System::setUserContext(['civicrm/contact/search/basic', 'civicrm/contact/view']);
335 $wrapper = new CRM_Utils_Wrapper();
336
337 $properties = CRM_Core_Component::contactSubTypeProperties($contact_sub_type, 'Edit');
338 if ($properties) {
339 $wrapper->run($properties['class'], ts('New %1', [1 => $contact_sub_type]), $action, TRUE);
340 }
341 else {
342 $wrapper->run('CRM_Contact_Form_Contact', ts('New Contact'), $action, TRUE);
343 }
344 }
345
346 /**
347 * Show status in the footer (admin only)
348 *
349 * @param CRM_Core_Smarty $template
350 */
351 public static function statusCheck($template) {
352 if (CRM_Core_Config::isUpgradeMode() || !CRM_Core_Permission::check('administer CiviCRM')) {
353 return;
354 }
355 // always use cached results - they will be refreshed by the session timer
356 $status = Civi::cache('checks')->get('systemStatusCheckResult');
357 $template->assign('footer_status_severity', $status);
358 $template->assign('footer_status_message', CRM_Utils_Check::toStatusLabel($status));
359 }
360
361 /**
362 * @param bool $triggerRebuild
363 * @param bool $sessionReset
364 *
365 * @throws Exception
366 */
367 public static function rebuildMenuAndCaches($triggerRebuild = FALSE, $sessionReset = FALSE) {
368 $config = CRM_Core_Config::singleton();
369 $config->clearModuleList();
370
371 // also cleanup all caches
372 $config->cleanupCaches($sessionReset || CRM_Utils_Request::retrieve('sessionReset', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET'));
373
374 CRM_Core_Menu::store();
375
376 // also reset navigation
377 CRM_Core_BAO_Navigation::resetNavigation();
378
379 // also cleanup module permissions
380 $config->cleanupPermissions();
381
382 // rebuild word replacement cache - pass false to prevent operations redundant with this fn
383 CRM_Core_BAO_WordReplacement::rebuild(FALSE);
384
385 Civi::service('settings_manager')->flush();
386 // Clear js caches
387 CRM_Core_Resources::singleton()->flushStrings()->resetCacheCode();
388 CRM_Case_XMLRepository::singleton(TRUE);
389
390 // also rebuild triggers if requested explicitly
391 if (
392 $triggerRebuild ||
393 CRM_Utils_Request::retrieve('triggerRebuild', 'Boolean', CRM_Core_DAO::$_nullObject, FALSE, 0, 'GET')
394 ) {
395 CRM_Core_DAO::triggerRebuild();
396 }
397 CRM_Core_DAO_AllCoreTables::reinitializeCache(TRUE);
398 CRM_Core_ManagedEntities::singleton(TRUE)->reconcile();
399 }
400
401 }