+--------------------------------------------------------------------+
| CiviCRM version 4.7 |
+--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2017 |
+ | Copyright CiviCRM LLC (c) 2004-2018 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
/**
*
* @package CRM
- * @copyright CiviCRM LLC (c) 2004-2017
+ * @copyright CiviCRM LLC (c) 2004-2018
*/
/**
*/
private static function _addWhereAdd(&$customGroupDAO, $entityType, $entityID = NULL, $allSubtypes = FALSE) {
$addSubtypeClause = FALSE;
+ // This function isn't really accessible with user data but since the string
+ // is not passed as a param to the query CRM_Core_DAO::escapeString seems like a harmless
+ // precaution.
+ $entityType = CRM_Core_DAO::escapeString($entityType);
switch ($entityType) {
case 'Contact':
}
break;
- case 'Case':
- case 'Location':
- case 'Address':
- case 'Activity':
- case 'Contribution':
- case 'Membership':
- case 'Participant':
+ default:
$customGroupDAO->whereAdd("extends IN ('$entityType')");
break;
}
/**
* Build custom data view.
*
- * @param CRM_Core_Form $form
+ * @param CRM_Core_Form|CRM_Core_Page $form
* Page object.
* @param array $groupTree
* @param bool $returnCount
* @param int $entityId
*
* @return array|int
+ * @throws \Exception
*/
public static function buildCustomDataView(&$form, &$groupTree, $returnCount = FALSE, $gID = NULL, $prefix = NULL, $customValueId = NULL, $entityId = NULL) {
$details = array();