CRM/Import/DataSource/SQL.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 4.3                                                |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2013                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License and the CiviCRM Licensing Exception along                  |
  21  | with this program; if not, contact CiviCRM LLC                     |
  22  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23  | GNU Affero General Public License or the licensing of CiviCRM,     |
  24  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25  +--------------------------------------------------------------------+
  26 */
  27
  28 /**
  29  *
  30  * @package CRM
  31  * @copyright CiviCRM LLC (c) 2004-2013
  32  * $Id$
  33  *
  34  */
  35 class CRM_Import_DataSource_SQL extends CRM_Import_DataSource {
  36
  37   public function getInfo() {
  38     return array('title' => ts('SQL Query'));
  39   }
  40
  41   public function preProcess(&$form) {}
  42
  43   public function buildQuickForm(&$form) {
  44     $form->add('hidden', 'hidden_dataSource', 'CRM_Import_DataSource_SQL');
  45     $form->add('textarea', 'sqlQuery', ts('Specify SQL Query'), 'rows=10 cols=45', TRUE);
  46     $form->addFormRule(array('CRM_Import_DataSource_SQL', 'formRule'), $form);
  47   }
  48
  49   static function formRule($fields, $files, $form) {
  50     $errors = array();
  51
  52     // poor man's query validation (case-insensitive regex matching on word boundaries)
  53     $forbidden = array('ALTER', 'CREATE', 'DELETE', 'DESCRIBE', 'DROP', 'SHOW', 'UPDATE', 'information_schema');
  54     foreach ($forbidden as $pattern) {
  55       if (preg_match("/\\b$pattern\\b/i", $fields['sqlQuery'])) {
  56         $errors['sqlQuery'] = ts('The query contains the forbidden %1 command.', array(1 => $pattern));
  57       }
  58     }
  59
  60     return $errors ? $errors : TRUE;
  61   }
  62
  63   public function postProcess(&$params, &$db, &$form) {
  64     require_once 'CRM/Import/ImportJob.php';
  65     $importJob = new CRM_Import_ImportJob(
  66       CRM_Utils_Array::value( 'import_table_name', $params ),
  67       $params['sqlQuery'], true
  68     );
  69
  70     $form->set('importTableName', $importJob->getTableName());
  71   }
  72 }
  73