}
if ($button['type'] === 'reset') {
- $attrs['type'] = 'reset';
- $prevnext[] = $this->createElement('xbutton', 'reset', $button['name'], $attrs);
+ $prevnext[] = $this->createElement($button['type'], 'reset', $button['name'], $attrs);
}
else {
if (!empty($button['subName'])) {
$attrs['crm-icon'] = $icon;
}
$buttonName = $this->getButtonName($button['type'], CRM_Utils_Array::value('subName', $button));
- $attrs['type'] = 'submit';
- $prevnext[] = $this->createElement('xbutton', $buttonName, $button['name'], $attrs);
+ $prevnext[] = $this->createElement('submit', $buttonName, $button['name'], $attrs);
}
if (!empty($button['isDefault'])) {
$this->setDefaultAction($button['type']);
/**
* Get the contact id of the logged in user.
+ *
+ * @return int|false
*/
public function getLoggedInUserContactID() {
// check if the user is logged in and has a contact ID
$session = CRM_Core_Session::singleton();
- return $session->get('userID');
+ return $session->get('userID') ? (int) $session->get('userID') : FALSE;
}
/**
* - id_field
* - url (for ajax lookup)
*
+ * @throws \CRM_Core_Exception
* @todo add data attributes so we can deal with multiple instances on a form
*/
public function addAutoSelector($profiles = [], $autoCompleteField = []) {
$this->_actionButtonName = $this->getButtonName('next', 'action');
}
$this->assign('actionButtonName', $this->_actionButtonName);
- $this->add('xbutton', $this->_actionButtonName, ts('Go'), [
- 'type' => 'submit',
- 'class' => 'hiddenElement crm-search-go-button',
- ]);
+ $this->add('submit', $this->_actionButtonName, ts('Go'), ['class' => 'hiddenElement crm-search-go-button']);
// Radio to choose "All items" or "Selected items only"
$selectedRowsRadio = $this->addElement('radio', 'radio_ts', NULL, '', 'ts_sel', ['checked' => 'checked']);
}
}
+ /**
+ * Get the contact if from the url, using the checksum or the cid if it is the logged in user.
+ *
+ * This function returns the user being validated. It is not intended to get another user
+ * they have permission to (setContactID does do that) and can be used to check if the user is
+ * accessing their own record.
+ *
+ * @return int|false
+ * @throws \CRM_Core_Exception
+ */
+ protected function getContactIDIfAccessingOwnRecord() {
+ $contactID = (int) CRM_Utils_Request::retrieve('cid', 'Positive', $this);
+ if (!$contactID) {
+ return FALSE;
+ }
+ if ($contactID === $this->getLoggedInUserContactID()) {
+ return $contactID;
+ }
+ $userChecksum = CRM_Utils_Request::retrieve('cs', 'String', $this);
+ return CRM_Contact_BAO_Contact_Utils::validChecksum($contactID, $userChecksum) ? $contactID : FALSE;
+ }
+
}