}
if (!empty($params['home_url'])) {
- $websiteTypes = CRM_Core_PseudoConstant::websiteType();
+ $websiteTypes = CRM_Core_PseudoConstant::get('CRM_Core_DAO_Website', 'website_type_id');
$params['website'] = array(1 => array('website_type_id' => key($websiteTypes),
'url' => $params['home_url'],
),
}
if (isset($params['suffix_id']) && !(is_numeric($params['suffix_id']))) {
- $params['suffix_id'] = array_search($params['suffix_id'], CRM_Core_PseudoConstant::individualSuffix());
+ $params['suffix_id'] = array_search($params['suffix_id'], CRM_Core_PseudoConstant::get('CRM_Contact_DAO_Contact', 'suffix_id'));
}
if (isset($params['prefix_id']) && !(is_numeric($params['prefix_id']))) {
- $params['prefix_id'] = array_search($params['prefix_id'], CRM_Core_PseudoConstant::individualPrefix());
+ $params['prefix_id'] = array_search($params['prefix_id'], CRM_Core_PseudoConstant::get('CRM_Contact_DAO_Contact', 'prefix_id'));
}
if (isset($params['gender_id']) && !(is_numeric($params['gender_id']))) {
- $params['gender_id'] = array_search($params['gender_id'], CRM_Core_PseudoConstant::gender());
+ $params['gender_id'] = array_search($params['gender_id'], CRM_Core_PseudoConstant::get('CRM_Contact_DAO_Contact', 'gender_id'));
}
$error = _civicrm_api3_greeting_format_params($params);
}
$restore = CRM_Utils_Array::value('restore', $params) ? $params['restore'] : FALSE;
$skipUndelete = CRM_Utils_Array::value('skip_undelete', $params) ? $params['skip_undelete'] : FALSE;
+
+ // CRM-12929
+ // restrict permanent delete if a contact has financial trxn associated with it
+ $error = NULL;
+ if ($skipUndelete && CRM_Financial_BAO_FinancialItem::checkContactPresent(array($contactID), $error)) {
+ return civicrm_api3_create_error($error['_qf_default']);
+ }
if (CRM_Contact_BAO_Contact::deleteContact($contactID, $restore, $skipUndelete)) {
return civicrm_api3_create_success();
}
function civicrm_api3_contact_getquick($params) {
civicrm_api3_verify_mandatory($params, NULL, array('name'));
- $name = CRM_Utils_Array::value('name', $params);
+ $name = CRM_Utils_Type::escape($params['name'], 'String');
// get the autocomplete options from settings
$acpref = explode(CRM_Core_DAO::VALUE_SEPARATOR,
}
// If we are doing quicksearch by a field other than name, make sure that field is added to results
if (!empty($params['field_name'])) {
+ $field_name = CRM_Utils_String::munge($params['field_name']);
+ // Unique name contact_id = id
+ if ($field_name == 'contact_id') {
+ $field_name = 'id';
+ }
// phone_numeric should be phone
- $searchField = str_replace('_numeric', '', $params['field_name']);
+ $searchField = str_replace('_numeric', '', $field_name);
if(!in_array($searchField, $list)) {
$list[] = $searchField;
}
if ($value != 'id') {
$suffix = 'cc';
if (!empty($params['field_name']) && $params['field_name'] == 'value') {
- $suffix = CRM_Utils_Array::value('table_name', $params, 'cc');
+ $suffix = CRM_Utils_String::munge(CRM_Utils_Array::value('table_name', $params, 'cc'));
}
$actualSelectElements[] = $select[] = $suffix . '.' . $value;
}
$selectAliases = ", $selectAliases";
}
$from = implode(' ', $from);
- $limit = CRM_Utils_Array::value('limit', $params, 10);
+ $limit = (int) CRM_Utils_Array::value('limit', $params);
+ $limit = $limit > 0 ? $limit : 10;
// add acl clause here
list($aclFrom, $aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause('cc');
$currEmpDetails = array();
if (CRM_Utils_Array::value('employee_id', $params)) {
if ($currentEmployer = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact',
- CRM_Utils_Array::value('employee_id', $params),
+ (int) $params['employee_id'],
'employer_id'
)) {
if ($config->includeWildCardInName) {
//set default for current_employer or return contact with particular id
if (CRM_Utils_Array::value('id', $params)) {
- $where .= " AND cc.id = " .$params['id'];
+ $where .= " AND cc.id = " . (int) $params['id'];
}
if (CRM_Utils_Array::value('cid', $params)) {
- $where .= " AND cc.id <> {$params['cid']}";
+ $where .= " AND cc.id <> " . (int) $params['cid'];
}
//contact's based of relationhip type
//CRM-10687
if (!empty($params['field_name']) && !empty($params['table_name'])) {
- $field_name = $params['field_name'];
- $table_name = $params['table_name'];
+ $table_name = CRM_Utils_String::munge($params['table_name']);
$whereClause = " WHERE ( $table_name.$field_name LIKE '$strSearch')";
$exactWhereClause = " WHERE ( $table_name.$field_name = '$name')";
// Search by id should be exact
// send query to hook to be modified if needed
CRM_Utils_Hook::contactListQuery($query,
$name,
- CRM_Utils_Array::value('context', $params),
- CRM_Utils_Array::value('id', $params)
+ empty($params['context']) ? NULL : CRM_Utils_Type::escape($params['context'], 'String'),
+ empty($params['id']) ? NULL : $params['id']
);
$dao = CRM_Core_DAO::executeQuery($query);