CRM/Import/DataSource/SQL.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | Copyright CiviCRM LLC. All rights reserved.                        |
   5  |                                                                    |
   6  | This work is published under the GNU AGPLv3 license with some      |
   7  | permitted exceptions and without any warranty. For full license    |
   8  | and copyright information, see https://civicrm.org/licensing       |
   9  +--------------------------------------------------------------------+
  10  */
  11
  12 /**
  13  *
  14  * @package CRM
  15  * @copyright CiviCRM LLC https://civicrm.org/licensing
  16  */
  17 class CRM_Import_DataSource_SQL extends CRM_Import_DataSource {
  18
  19   /**
  20    * Form fields declared for this datasource.
  21    *
  22    * @var string[]
  23    */
  24   protected $submittableFields = ['sqlQuery'];
  25
  26   /**
  27    * Provides information about the data source.
  28    *
  29    * @return array
  30    *   collection of info about this data source
  31    */
  32   public function getInfo(): array {
  33     return [
  34       'title' => ts('SQL Query'),
  35       'permissions' => ['import SQL datasource'],
  36     ];
  37   }
  38
  39   /**
  40    * This is function is called by the form object to get the DataSource's
  41    * form snippet. It should add all fields necesarry to get the data
  42    * uploaded to the temporary table in the DB.
  43    *
  44    * @param CRM_Core_Form $form
  45    *
  46    * @return void
  47    *   (operates directly on form argument)
  48    */
  49   public function buildQuickForm(&$form) {
  50     $form->add('hidden', 'hidden_dataSource', 'CRM_Import_DataSource_SQL');
  51     $form->add('textarea', 'sqlQuery', ts('Specify SQL Query'), ['rows' => 10, 'cols' => 45], TRUE);
  52     $form->addFormRule(['CRM_Import_DataSource_SQL', 'formRule'], $form);
  53   }
  54
  55   /**
  56    * @param $fields
  57    * @param $files
  58    * @param CRM_Core_Form $form
  59    *
  60    * @return array|bool
  61    */
  62   public static function formRule($fields, $files, $form) {
  63     $errors = [];
  64
  65     // Makeshift query validation (case-insensitive regex matching on word boundaries)
  66     $forbidden = ['ALTER', 'CREATE', 'DELETE', 'DESCRIBE', 'DROP', 'SHOW', 'UPDATE', 'REPLACE', 'information_schema'];
  67     foreach ($forbidden as $pattern) {
  68       if (preg_match("/\\b$pattern\\b/i", $fields['sqlQuery'])) {
  69         $errors['sqlQuery'] = ts('The query contains the forbidden %1 command.', [1 => $pattern]);
  70       }
  71     }
  72
  73     return $errors ?: TRUE;
  74   }
  75
  76   /**
  77    * Process the form submission.
  78    *
  79    * @param array $params
  80    * @param string $db
  81    * @param \CRM_Core_Form $form
  82    *
  83    * @throws \API_Exception
  84    * @throws \CRM_Core_Exception
  85    * @throws \Civi\API\Exception\UnauthorizedException
  86    */
  87   public function postProcess(&$params, &$db, &$form) {
  88     $importJob = new CRM_Contact_Import_ImportJob(
  89       NULL,
  90       $params['sqlQuery'], TRUE
  91     );
  92
  93     $form->set('importTableName', $importJob->getTableName());
  94     // Get the names of the fields to be imported. Any fields starting with an
  95     // underscore are considered to be internal to the import process)
  96     $columnsResult = CRM_Core_DAO::executeQuery(
  97       'SHOW FIELDS FROM ' . $importJob->getTableName() . "
  98       WHERE Field NOT LIKE '\_%'");
  99
 100     $columnNames = [];
 101     while ($columnsResult->fetch()) {
 102       $columnNames[] = $columnsResult->Field;
 103     }
 104     $this->updateUserJobMetadata('DataSource', [
 105       'table_name' => $importJob->getTableName(),
 106       'column_headers' => $columnNames,
 107       'number_of_columns' => count($columnNames),
 108     ]);
 109   }
 110
 111 }