ts('SQL Query')); } public function preProcess(&$form) {} public function buildQuickForm(&$form) { $form->add('hidden', 'hidden_dataSource', 'CRM_Import_DataSource_SQL'); $form->add('textarea', 'sqlQuery', ts('Specify SQL Query'), 'rows=10 cols=45', TRUE); $form->addFormRule(array('CRM_Import_DataSource_SQL', 'formRule'), $form); } static function formRule($fields, $files, $form) { $errors = array(); // poor man's query validation (case-insensitive regex matching on word boundaries) $forbidden = array('ALTER', 'CREATE', 'DELETE', 'DESCRIBE', 'DROP', 'SHOW', 'UPDATE', 'information_schema'); foreach ($forbidden as $pattern) { if (preg_match("/\\b$pattern\\b/i", $fields['sqlQuery'])) { $errors['sqlQuery'] = ts('The query contains the forbidden %1 command.', array(1 => $pattern)); } } return $errors ? $errors : TRUE; } public function postProcess(&$params, &$db, &$form) { require_once 'CRM/Import/ImportJob.php'; $importJob = new CRM_Import_ImportJob( CRM_Utils_Array::value( 'import_table_name', $params ), $params['sqlQuery'], true ); $form->set('importTableName', $importJob->getTableName()); } }