3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.7 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2017 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
31 * @copyright CiviCRM LLC (c) 2004-2017
35 class CRM_Import_DataSource_SQL
extends CRM_Import_DataSource
{
38 * Provides information about the data source.
41 * collection of info about this data source
43 public function getInfo() {
45 'title' => ts('SQL Query'),
46 'permissions' => array('import SQL datasource'),
51 * Set variables up before form is built.
53 * @param CRM_Core_Form $form
55 public function preProcess(&$form) {
59 * This is function is called by the form object to get the DataSource's
60 * form snippet. It should add all fields necesarry to get the data
61 * uploaded to the temporary table in the DB.
63 * @param CRM_Core_Form $form
66 * (operates directly on form argument)
68 public function buildQuickForm(&$form) {
69 $form->add('hidden', 'hidden_dataSource', 'CRM_Import_DataSource_SQL');
70 $form->add('textarea', 'sqlQuery', ts('Specify SQL Query'), 'rows=10 cols=45', TRUE);
71 $form->addFormRule(array('CRM_Import_DataSource_SQL', 'formRule'), $form);
77 * @param CRM_Core_Form $form
81 public static function formRule($fields, $files, $form) {
84 // Makeshift query validation (case-insensitive regex matching on word boundaries)
85 $forbidden = array('ALTER', 'CREATE', 'DELETE', 'DESCRIBE', 'DROP', 'SHOW', 'UPDATE', 'information_schema');
86 foreach ($forbidden as $pattern) {
87 if (preg_match("/\\b$pattern\\b/i", $fields['sqlQuery'])) {
88 $errors['sqlQuery'] = ts('The query contains the forbidden %1 command.', array(1 => $pattern));
92 return $errors ?
$errors : TRUE;
96 * Process the form submission.
98 * @param array $params
100 * @param \CRM_Core_Form $form
102 public function postProcess(&$params, &$db, &$form) {
103 $importJob = new CRM_Contact_Import_ImportJob(
104 CRM_Utils_Array
::value('import_table_name', $params),
105 $params['sqlQuery'], TRUE
108 $form->set('importTableName', $importJob->getTableName());