projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
security/core#14 Validate "context" inputs
[civicrm-core.git] / CRM / UF / Page / Group.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 5 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2018 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 *
30 * @package CRM
31 * @copyright CiviCRM LLC (c) 2004-2018
32 * $Id$
33 *
34 */
35
36 /**
37 * Create a page for displaying UF Groups.
38 *
39 * Heart of this class is the run method which checks
40 * for action type and then displays the appropriate
41 * page.
42 *
43 */
44 class CRM_UF_Page_Group extends CRM_Core_Page {
45
46 /**
47 * The action links that we need to display for the browse screen.
48 *
49 * @var array
50 */
51 private static $_actionLinks = NULL;
52
53 /**
54 * Get the action links for this page.
55 *
56 * @param
57 *
58 * @return array
59 */
60 public static function &actionLinks() {
61 // check if variable _actionsLinks is populated
62 if (!self::$_actionLinks) {
63 // helper variable for nicer formatting
64 $copyExtra = ts('Are you sure you want to make a copy of this Profile?');
65 self::$_actionLinks = array(
66 CRM_Core_Action::BROWSE => array(
67 'name' => ts('Fields'),
68 'url' => 'civicrm/admin/uf/group/field',
69 'qs' => 'reset=1&action=browse&gid=%%id%%',
70 'title' => ts('View and Edit Fields'),
71 ),
72 CRM_Core_Action::UPDATE => array(
73 'name' => ts('Settings'),
74 'url' => 'civicrm/admin/uf/group/update',
75 'qs' => 'action=update&id=%%id%%&context=group',
76 'title' => ts('Edit CiviCRM Profile Group'),
77 ),
78 CRM_Core_Action::PREVIEW => array(
79 'name' => ts('Preview'),
80 'url' => 'civicrm/admin/uf/group',
81 'qs' => 'action=preview&id=%%id%%&field=0&context=group',
82 'title' => ts('Edit CiviCRM Profile Group'),
83 ),
84 CRM_Core_Action::ADD => array(
85 'name' => ts('Use - Create Mode'),
86 'url' => 'civicrm/profile/create',
87 'qs' => 'gid=%%id%%&reset=1',
88 'title' => ts('Use - Create Mode'),
89 'fe' => TRUE,
90 ),
91 CRM_Core_Action::ADVANCED => array(
92 'name' => ts('Use - Edit Mode'),
93 'url' => 'civicrm/profile/edit',
94 'qs' => 'gid=%%id%%&reset=1',
95 'title' => ts('Use - Edit Mode'),
96 'fe' => TRUE,
97 ),
98 CRM_Core_Action::BASIC => array(
99 'name' => ts('Use - Listings Mode'),
100 'url' => 'civicrm/profile',
101 'qs' => 'gid=%%id%%&reset=1',
102 'title' => ts('Use - Listings Mode'),
103 'fe' => TRUE,
104 ),
105 CRM_Core_Action::DISABLE => array(
106 'name' => ts('Disable'),
107 'ref' => 'crm-enable-disable',
108 'title' => ts('Disable CiviCRM Profile Group'),
109 ),
110 CRM_Core_Action::ENABLE => array(
111 'name' => ts('Enable'),
112 'ref' => 'crm-enable-disable',
113 'title' => ts('Enable CiviCRM Profile Group'),
114 ),
115 CRM_Core_Action::DELETE => array(
116 'name' => ts('Delete'),
117 'url' => 'civicrm/admin/uf/group',
118 'qs' => 'action=delete&id=%%id%%',
119 'title' => ts('Delete CiviCRM Profile Group'),
120 ),
121 CRM_Core_Action::COPY => array(
122 'name' => ts('Copy'),
123 'url' => 'civicrm/admin/uf/group',
124 'qs' => 'action=copy&gid=%%id%%',
125 'title' => ts('Make a Copy of CiviCRM Profile Group'),
126 'extra' => 'onclick = "return confirm(\'' . $copyExtra . '\');"',
127 ),
128 );
129 $allowRemoteSubmit = Civi::settings()->get('remote_profile_submissions');
130 if ($allowRemoteSubmit) {
131 self::$_actionLinks[CRM_Core_Action::PROFILE] = array(
132 'name' => ts('HTML Form Snippet'),
133 'url' => 'civicrm/admin/uf/group',
134 'qs' => 'action=profile&gid=%%id%%',
135 'title' => ts('HTML Form Snippet for this Profile'),
136 );
137 }
138 }
139 return self::$_actionLinks;
140 }
141
142 /**
143 * Run the page.
144 *
145 * This method is called after the page is created. It checks for the
146 * type of action and executes that action.
147 * Finally it calls the parent's run method.
148 *
149 * @param
150 *
151 * @return void
152 */
153 public function run() {
154 // get the requested action
155 $action = CRM_Utils_Request::retrieve('action', 'String',
156 $this, FALSE,
157 // default to 'browse'
158 'browse'
159 );
160
161 // assign vars to templates
162 $this->assign('action', $action);
163 $this->assign('selectedChild', CRM_Utils_Request::retrieve('selectedChild', 'String', $this));
164 $id = CRM_Utils_Request::retrieve('id', 'Positive',
165 $this, FALSE, 0
166 );
167
168 //set the context and then start w/ action.
169 $this->setContext($id, $action);
170
171 // what action to take ?
172 if ($action & (CRM_Core_Action::UPDATE | CRM_Core_Action::ADD | CRM_Core_Action::DELETE | CRM_Core_Action::DISABLE)) {
173 $this->edit($id, $action);
174 }
175 else {
176 // if action is enable or disable do the needful.
177 if ($action & CRM_Core_Action::ENABLE) {
178 CRM_Core_BAO_UFGroup::setIsActive($id, 1);
179
180 // update cms integration with registration / my account
181 CRM_Utils_System::updateCategories();
182 }
183 elseif ($action & CRM_Core_Action::PROFILE) {
184 $this->profile();
185 CRM_Utils_System::setTitle(ts('%1 - HTML Form Snippet', array(1 => $this->_title)));
186 }
187 elseif ($action & CRM_Core_Action::PREVIEW) {
188 $this->preview($id, $action);
189 }
190 elseif ($action & CRM_Core_Action::COPY) {
191 $this->copy();
192 }
193 // finally browse the uf groups
194 $this->browse();
195 }
196 // parent run
197 return parent::run();
198 }
199
200 /**
201 * make a copy of a profile, including
202 * all the fields in the profile
203 *
204 * @return void
205 */
206 public function copy() {
207 $gid = CRM_Utils_Request::retrieve('gid', 'Positive',
208 $this, TRUE, 0, 'GET'
209 );
210
211 CRM_Core_BAO_UFGroup::copy($gid);
212 CRM_Utils_System::redirect(CRM_Utils_System::url('civicrm/admin/uf/group', 'reset=1'));
213 }
214
215 /**
216 * for profile mode (standalone html form ) for uf group
217 *
218 * @return void
219 */
220 public function profile() {
221 $config = CRM_Core_Config::singleton();
222
223 // reassign resource base to be the full url, CRM-4660
224 $config->resourceBase = $config->userFrameworkResourceURL;
225 $config->useFrameworkRelativeBase = $config->userFrameworkBaseURL;
226
227 $gid = CRM_Utils_Request::retrieve('gid', 'Positive',
228 $this, FALSE, 0, 'GET'
229 );
230 $controller = new CRM_Core_Controller_Simple('CRM_Profile_Form_Edit', ts('Create'), CRM_Core_Action::ADD,
231 FALSE, FALSE, TRUE
232 );
233 $controller->reset();
234 $controller->process();
235 $controller->set('gid', $gid);
236 $controller->setEmbedded(TRUE);
237 $controller->run();
238 $template = CRM_Core_Smarty::singleton();
239 $template->assign('gid', $gid);
240 $template->assign('tplFile', 'CRM/Profile/Form/Edit.tpl');
241 $profile = trim($template->fetch('CRM/Form/default.tpl'));
242
243 // not sure how to circumvent our own navigation system to generate the right form url
244 $urlReplaceWith = 'civicrm/profile/create&amp;gid=' . $gid . '&amp;reset=1';
245 if ($config->userSystem->is_drupal && $config->cleanURL) {
246 $urlReplaceWith = 'civicrm/profile/create?gid=' . $gid . '&amp;reset=1';
247 }
248 $profile = str_replace('civicrm/admin/uf/group', $urlReplaceWith, $profile);
249
250 // FIXME: (CRM-3587) hack to make standalone profile work
251 // in wordpress and joomla without administrator login
252 if ($config->userFramework == 'Joomla') {
253 $profile = str_replace('/administrator/', '/index.php', $profile);
254 }
255 elseif ($config->userFramework == 'WordPress') {
256 //@todo remove this part when it is OK to deprecate CIVICRM_UF_WP_BASEPAGE-CRM-15933
257 if (defined('CIVICRM_UF_WP_BASEPAGE')) {
258 $wpbase = CIVICRM_UF_WP_BASEPAGE;
259 }
260 elseif (!empty($config->wpBasePage)) {
261 $wpbase = $config->wpBasePage;
262 }
263 else {
264 $wpbase = 'index.php';
265 }
266 $profile = str_replace('/wp-admin/admin.php', '/' . $wpbase . '/', $profile);
267 }
268
269 // add header files
270 CRM_Core_Resources::singleton()->addCoreResources('html-header');
271 $profile = CRM_Core_Region::instance('html-header')->render('', FALSE) . $profile;
272
273 $this->assign('profile', htmlentities($profile, ENT_NOQUOTES, 'UTF-8'));
274 //get the title of uf group
275 if ($gid) {
276 $title = CRM_Core_BAO_UFGroup::getTitle($gid);
277 $this->_title = $title;
278 }
279 else {
280 $title = 'Profile Form';
281 }
282
283 $this->assign('title', $title);
284 $this->assign('action', CRM_Core_Action::PROFILE);
285 $this->assign('isForm', 0);
286 }
287
288 /**
289 * Edit uf group.
290 *
291 * @param int $id
292 * Uf group id.
293 * @param string $action
294 * The action to be invoked.
295 *
296 * @return void
297 */
298 public function edit($id, $action) {
299 // create a simple controller for editing uf data
300 $controller = new CRM_Core_Controller_Simple('CRM_UF_Form_Group', ts('CiviCRM Profile Group'), $action);
301 $this->setContext($id, $action);
302 $controller->set('id', $id);
303 $controller->setEmbedded(TRUE);
304 $controller->process();
305 $controller->run();
306 }
307
308 /**
309 * Browse all uf data groups.
310 *
311 * @param
312 *
313 * @return void
314 */
315 public function browse($action = NULL) {
316 $ufGroup = array();
317 $allUFGroups = CRM_Core_BAO_UFGroup::getModuleUFGroup();
318 if (empty($allUFGroups)) {
319 return;
320 }
321
322 $ufGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_UFField', 'uf_group_id');
323 CRM_Utils_Hook::aclGroup(CRM_Core_Permission::ADMIN, NULL, 'civicrm_uf_group', $ufGroups, $allUFGroups);
324
325 foreach ($allUFGroups as $id => $value) {
326 $ufGroup[$id] = array();
327 $ufGroup[$id]['id'] = $id;
328 $ufGroup[$id]['title'] = $value['title'];
329 $ufGroup[$id]['frontend_title'] = $value['frontend_title'];
330 $ufGroup[$id]['created_id'] = $value['created_id'];
331 $ufGroup[$id]['created_by'] = CRM_Contact_BAO_Contact::displayName($value['created_id']);
332 $ufGroup[$id]['description'] = $value['description'];
333 $ufGroup[$id]['is_active'] = $value['is_active'];
334 $ufGroup[$id]['group_type'] = $value['group_type'];
335 $ufGroup[$id]['is_reserved'] = $value['is_reserved'];
336
337 // form all action links
338 $action = array_sum(array_keys(self::actionLinks()));
339
340 // update enable/disable links depending on uf_group properties.
341 if ($value['is_active']) {
342 $action -= CRM_Core_Action::ENABLE;
343 }
344 else {
345 $action -= CRM_Core_Action::DISABLE;
346 }
347
348 // drop certain actions if the profile is reserved
349 if ($value['is_reserved']) {
350 $action -= CRM_Core_Action::UPDATE;
351 $action -= CRM_Core_Action::DISABLE;
352 $action -= CRM_Core_Action::DELETE;
353 }
354
355 $groupTypes = self::extractGroupTypes($value['group_type']);
356
357 // drop Create, Edit and View mode links if profile group_type is one of the following:
358 // Contribution, Membership, Activity, Participant, Case, Grant
359 $isMixedProfile = CRM_Core_BAO_UFField::checkProfileType($id);
360 if ($isMixedProfile) {
361 $action -= CRM_Core_Action::ADD;
362 $action -= CRM_Core_Action::ADVANCED;
363 $action -= CRM_Core_Action::BASIC;
364
365 //CRM-21004
366 if (array_key_exists(CRM_Core_Action::PROFILE, self::$_actionLinks)) {
367 $action -= CRM_Core_Action::PROFILE;
368 }
369 }
370
371 $ufGroup[$id]['group_type'] = self::formatGroupTypes($groupTypes);
372
373 $ufGroup[$id]['action'] = CRM_Core_Action::formLink(self::actionLinks(), $action,
374 array('id' => $id),
375 ts('more'),
376 FALSE,
377 'ufGroup.row.actions',
378 'UFGroup',
379 $id
380 );
381 //get the "Used For" from uf_join
382 $ufGroup[$id]['module'] = implode(', ', CRM_Core_BAO_UFGroup::getUFJoinRecord($id, TRUE));
383 }
384
385 $this->assign('rows', $ufGroup);
386 }
387
388 /**
389 * for preview mode for ufoup.
390 *
391 * @param int $id
392 * Uf group id.
393 *
394 * @param int $action
395 */
396 public function preview($id, $action) {
397 $controller = new CRM_Core_Controller_Simple('CRM_UF_Form_Preview', ts('CiviCRM Profile Group Preview'), NULL);
398 $controller->set('id', $id);
399 $controller->setEmbedded(TRUE);
400 $controller->process();
401 $controller->run();
402 }
403
404 /**
405 * @param int $id
406 * @param $action
407 */
408 public function setContext($id, $action) {
409 $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
410
411 //we need to differentiate context for update and preview profile.
412 if (!$context && !($action & (CRM_Core_Action::UPDATE | CRM_Core_Action::PREVIEW))) {
413 $context = 'group';
414 }
415
416 if ($context == 'field') {
417 $url = CRM_Utils_System::url('civicrm/admin/uf/group/field', "reset=1&action=browse&gid={$id}");
418 }
419 else {
420 $url = CRM_Utils_System::url('civicrm/admin/uf/group', 'reset=1&action=browse');
421 }
422
423 $session = CRM_Core_Session::singleton();
424 $session->pushUserContext($url);
425 }
426
427 /**
428 * @param $groupType
429 *
430 * @return array
431 */
432 public static function extractGroupTypes($groupType) {
433 $returnGroupTypes = array();
434 if (!$groupType) {
435 return $returnGroupTypes;
436 }
437
438 $groupTypeParts = explode(CRM_Core_DAO::VALUE_SEPARATOR, $groupType);
439 foreach (explode(',', $groupTypeParts[0]) as $type) {
440 $returnGroupTypes[$type] = $type;
441 }
442
443 if (!empty($groupTypeParts[1])) {
444 foreach (explode(',', $groupTypeParts[1]) as $typeValue) {
445 $groupTypeValues = $valueLabels = array();
446 $valueParts = explode(':', $typeValue);
447 $typeName = NULL;
448 switch ($valueParts[0]) {
449 case 'ContributionType':
450 $typeName = 'Contribution';
451 $valueLabels = CRM_Contribute_PseudoConstant::financialType();
452 break;
453
454 case 'ParticipantRole':
455 $typeName = 'Participant';
456 $valueLabels = CRM_Event_PseudoConstant::participantRole();
457 break;
458
459 case 'ParticipantEventName':
460 $typeName = 'Participant';
461 $valueLabels = CRM_Event_PseudoConstant::event();
462 break;
463
464 case 'ParticipantEventType':
465 $typeName = 'Participant';
466 $valueLabels = CRM_Event_PseudoConstant::eventType();
467 break;
468
469 case 'MembershipType':
470 $typeName = 'Membership';
471 $valueLabels = CRM_Member_PseudoConstant::membershipType();
472 break;
473
474 case 'ActivityType':
475 $typeName = 'Activity';
476 $valueLabels = CRM_Core_PseudoConstant::ActivityType(TRUE, TRUE, FALSE, 'label', TRUE);
477 break;
478
479 case 'CaseType':
480 $typeName = 'Case';
481 $valueLabels = CRM_Case_PseudoConstant::caseType();
482 break;
483 }
484
485 foreach ($valueParts as $val) {
486 if (CRM_Utils_Rule::integer($val)) {
487 $groupTypeValues[$val] = CRM_Utils_Array::value($val, $valueLabels);
488 }
489 }
490
491 if (!is_array($returnGroupTypes[$typeName])) {
492 $returnGroupTypes[$typeName] = array();
493 }
494 $returnGroupTypes[$typeName][$valueParts[0]] = $groupTypeValues;
495 }
496 }
497 return $returnGroupTypes;
498 }
499
500 /**
501 * Format 'group_type' field for display
502 *
503 * @param array $groupTypes
504 * output from self::extractGroupTypes
505 * @return string
506 */
507 public static function formatGroupTypes($groupTypes) {
508 $groupTypesString = '';
509 if (!empty($groupTypes)) {
510 $groupTypesStrings = array();
511 foreach ($groupTypes as $groupType => $typeValues) {
512 if (is_array($typeValues)) {
513 if ($groupType == 'Participant') {
514 foreach ($typeValues as $subType => $subTypeValues) {
515 $groupTypesStrings[] = $subType . '::' . implode(': ', $subTypeValues);
516 }
517 }
518 else {
519 $groupTypesStrings[] = $groupType . '::' . implode(': ', current($typeValues));
520 }
521 }
522 else {
523 $groupTypesStrings[] = $groupType;
524 }
525 }
526 $groupTypesString = implode(', ', $groupTypesStrings);
527 }
528 return $groupTypesString;
529 }
530
531 }