projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #16514 from mattwire/phpnotice_ccparams
[civicrm-core.git] / CRM / UF / Form / Inline / Preview.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
5 | |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
10 */
11
12 /**
13 * This class generates form components
14 * for previewing Civicrm Profile Group
15 */
16 class CRM_UF_Form_Inline_Preview extends CRM_UF_Form_AbstractPreview {
17
18 /**
19 * Pre processing work done here.
20 *
21 * gets session variables for group or field id
22 */
23 public function preProcess() {
24 if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
25 // CRM_Core_Controller validates qfKey for POST requests, but not necessarily
26 // for GET requests. Allowing GET would therefore be CSRF vulnerability.
27 CRM_Core_Error::statusBounce(ts('Preview only supports HTTP POST'));
28 }
29 // Inline forms don't get menu-level permission checks
30 $checkPermission = [
31 [
32 'administer CiviCRM',
33 'manage event profiles',
34 ],
35 ];
36 if (!CRM_Core_Permission::check($checkPermission)) {
37 CRM_Core_Error::statusBounce(ts('Permission Denied'));
38 }
39 $content = json_decode($_REQUEST['ufData'], TRUE);
40 foreach (['ufGroup', 'ufFieldCollection'] as $key) {
41 if (!is_array($content[$key])) {
42 CRM_Core_Error::statusBounce("Missing JSON parameter, $key");
43 }
44 }
45
46 $fields = CRM_Core_BAO_UFGroup::formatUFFields($content['ufGroup'], $content['ufFieldCollection']);
47 $this->setProfile($fields);
48 }
49
50 }