* This class contains all contact related functions that are called using AJAX (jQuery)
*/
class CRM_Contact_Page_AJAX {
+ /**
+ * When a user chooses a username, CHECK_USERNAME_TTL
+ * is the time window in which they can check usernames
+ * (without reloading the overall form).
+ */
+ const CHECK_USERNAME_TTL = 10800; // 3hr; 3*60*60
+
+ const AUTOCOMPLETE_TTL = 21600; // 6hr; 6*60*60
+
/**
* @deprecated
*/
* Function to fetch PCP ID by PCP Supporter sort_name, also displays PCP title and associated Contribution Page title
*/
static function getPCPList() {
- $name = CRM_Utils_Array::value('s', $_GET);
+ $name = CRM_Utils_Array::value('term', $_GET);
$name = CRM_Utils_Type::escape($name, 'String');
$limit = '10';
*
*/
static public function checkUserName() {
+ $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('for', 'ts'));
+ if (
+ CRM_Utils_Time::getTimeRaw() > $_REQUEST['ts'] + self::CHECK_USERNAME_TTL
+ || $_REQUEST['for'] != 'civicrm/ajax/cmsuser'
+ || !$signer->validate($_REQUEST['sig'], $_REQUEST)
+ ) {
+ $user = array('name' => 'error');
+ echo json_encode($user);
+ CRM_Utils_System::civiExit();
+ }
+
$config = CRM_Core_Config::singleton();
$username = trim($_REQUEST['cms_name']);
static function getContactEmail() {
if (!empty($_REQUEST['contact_id'])) {
$contactID = CRM_Utils_Type::escape($_REQUEST['contact_id'], 'Positive');
+ if (!CRM_Contact_BAO_Contact_Permission::allow($contactID, CRM_Core_Permission::EDIT)) {
+ return;
+ }
list($displayName,
$userEmail
) = CRM_Contact_BAO_Contact_Location::getEmailDetails($contactID);
$contactID = CRM_Utils_Type::escape($_GET['cid'], 'Integer');
$context = CRM_Utils_Type::escape($_GET['context'], 'String');
+ if (!CRM_Contact_BAO_Contact_Permission::allow($contactID)) {
+ return CRM_Utils_System::permissionDenied();
+ }
+
$sortMapper = array(
0 => 'relation',
1 => 'sort_name',
projects / civicrm-core.git / blobdiff