<?php
/*
+--------------------------------------------------------------------+
- | CiviCRM version 4.3 |
+ | CiviCRM version 4.4 |
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC (c) 2004-2013 |
+--------------------------------------------------------------------+
}
$data['is_error'] = 1;
$data['error_message'] = $msg;
+ // we will show sql to privelledged user only (not sure of a specific
+ // security hole here but seems sensible - perhaps should apply to the trace as well?
+ if(isset($data['sql']) && CRM_Core_Permission::check('Administer CiviCRM')) {
+ $data['debug_information'] = $data['sql'];
+ }
if (is_array($dao) && isset($dao['params']) && is_array($dao['params']) && CRM_Utils_Array::value('api.has_parent', $dao['params'])) {
$errorCode = empty($data['error_code']) ? 'chained_api_failed' : $data['error_code'];
throw new API_Exception('Error in call to ' . $dao['entity'] . '_' . $dao['action'] . ' : ' . $msg, $errorCode, $data);
$values[$key]['id'] = $item[$entity . "_id"];
}
if(!empty($item['financial_type_id'])){
+ //4.3 legacy handling
$values[$key]['contribution_type_id'] = $item['financial_type_id'];
}
+ if(!empty($item['next_sched_contribution_date'])){
+ // 4.4 legacy handling
+ $values[$key]['next_sched_contribution'] = $item['next_sched_contribution_date'];
+ }
}
}
$result['version'] = 3;
if (is_array($values)) {
- $result['count'] = count($values);
+ $result['count'] = (int) count($values);
// Convert value-separated strings to array
_civicrm_api3_separate_values($values);
}
$newParams = CRM_Contact_BAO_Query::convertFormValues($inputParams);
+ foreach ($newParams as &$newParam) {
+ if($newParam[1] == '=' && is_array($newParam[2])) {
+ // we may be looking at an attempt to use the 'IN' style syntax
+ // @todo at time of writing only 'IN' & 'NOT IN' are supported for the array style syntax
+ $sqlFilter = CRM_Core_DAO::createSqlFilter($newParam[0], $params[$newParam[0]], 'String', NULL, TRUE);
+ if($sqlFilter) {
+ $newParam[1] = key($newParam[2]);
+ $newParam[2] = $sqlFilter;
+ }
+ }
+
+ }
$skipPermissions = CRM_Utils_Array::value('check_permissions', $params)? 0 :1;
+
list($entities, $options) = CRM_Contact_BAO_Query::apiQuery(
$newParams,
$returnProperties,
if (is_array($params[$field])) {
//get the actual fieldname from db
$fieldName = $allfields[$field]['name'];
- //array is the syntax for SQL clause
- foreach ($params[$field] as $operator => $criteria) {
- if (in_array($operator, $acceptedSQLOperators)) {
- switch ($operator) {
- // unary operators
-
- case 'IS NULL':
- case 'IS NOT NULL':
- $dao->whereAdd(sprintf('%s %s', $fieldName, $operator));
- break;
-
- // ternary operators
-
- case 'BETWEEN':
- case 'NOT BETWEEN':
- if (empty($criteria[0]) || empty($criteria[1])) {
- throw new exception("invalid criteria for $operator");
- }
- $dao->whereAdd(sprintf('%s ' . $operator . ' "%s" AND "%s"', $fieldName, CRM_Core_DAO::escapeString($criteria[0]), CRM_Core_DAO::escapeString($criteria[1])));
- break;
-
- // n-ary operators
-
- case 'IN':
- case 'NOT IN':
- if (empty($criteria)) {
- throw new exception("invalid criteria for $operator");
- }
- $escapedCriteria = array_map(array('CRM_Core_DAO', 'escapeString'), $criteria);
- $dao->whereAdd(sprintf('%s %s ("%s")', $fieldName, $operator, implode('", "', $escapedCriteria)));
- break;
-
- // binary operators
-
- default:
-
- $dao->whereAdd(sprintf('%s %s "%s"', $fieldName, $operator, CRM_Core_DAO::escapeString($criteria)));
- }
- }
+ $where = CRM_Core_DAO::createSqlFilter($fieldName, $params[$field], 'String');
+ if(!empty($where)) {
+ $dao->whereAdd($where);
}
}
else {
else {
$values = array();
_civicrm_api3_object_to_array($bao, $values[$bao->id]);
- return civicrm_api3_create_success($values, $params, NULL, 'create', $bao);
+ return civicrm_api3_create_success($values, $params, $entity, 'create', $bao);
}
}
if ($bao !== FALSE) {
return civicrm_api3_create_success(TRUE);
}
- return civicrm_api3_create_error('Could not delete entity id ' . $params['id']);
+ throw new API_Exception('Could not delete entity id ' . $params['id']);
}
elseif (method_exists($bao_name, 'delete')) {
$dao = new $bao_name();
}
}
else {
- return civicrm_api3_create_error('Could not delete entity id ' . $params['id']);
+ throw new API_Exception('Could not delete entity id ' . $params['id']);
}
}
- return civicrm_api3_create_error('no delete method found');
+ throw new API_Exception('no delete method found');
}
/**
break;
case CRM_Utils_Type::T_MONEY:
- if (!CRM_Utils_Rule::money($params[$fieldName])) {
+ if (!CRM_Utils_Rule::money($params[$fieldName]) && !empty($params[$fieldName])) {
throw new Exception($fieldName . " is not a valid amount: " . $params[$fieldName]);
}
}
foreach ($customfields as $key => $value) {
// Regular fields have a 'name' property
$value['name'] = 'custom_' . $key;
+ $value['type'] = _getStandardTypeFromCustomDataType($value['data_type']);
$customfields['custom_' . $key] = $value;
if (in_array('custom_' . $key, $getoptions)) {
$customfields['custom_' . $key]['options'] = CRM_Core_BAO_CustomOption::valuesByID($key);
}
return $customfields;
}
-
+/**
+ * Translate the custom field data_type attribute into a std 'type'
+ */
+function _getStandardTypeFromCustomDataType($dataType) {
+ $mapping = array(
+ 'String' => CRM_Utils_Type::T_STRING,
+ 'Int' => CRM_Utils_Type::T_INT,
+ 'Money' => CRM_Utils_Type::T_MONEY,
+ 'Memo' => CRM_Utils_Type::T_LONGTEXT,
+ 'Float' => CRM_Utils_Type::T_FLOAT,
+ 'Date' => CRM_Utils_Type::T_DATE,
+ 'Boolean' => CRM_Utils_Type::T_BOOLEAN,
+ 'StateProvince' => CRM_Utils_Type::T_INT,
+ 'File' => CRM_Utils_Type::T_STRING,
+ 'Link' => CRM_Utils_Type::T_STRING,
+ 'ContactReference' => CRM_Utils_Type::T_INT,
+ 'Country' => CRM_Utils_Type::T_INT,
+ );
+ return $mapping[$dataType];
+}
/**
* Return array of defaults for the given API (function is a wrapper on getfields)
*/
function _civicrm_api3_getdefaults($apiRequest) {
$defaults = array();
- $result = civicrm_api($apiRequest['entity'],
+ $result = civicrm_api3($apiRequest['entity'],
'getfields',
array(
- 'version' => 3,
'action' => $apiRequest['action'],
)
);
}
return;
}
- $result = civicrm_api($apiRequest['entity'],
+ $result = civicrm_api3($apiRequest['entity'],
'getfields',
array(
- 'version' => 3,
'action' => $apiRequest['action'],
)
);
function _civicrm_api3_validate_html(&$params, &$fieldName, &$fieldInfo) {
if ($value = CRM_Utils_Array::value($fieldName, $params)) {
if (!CRM_Utils_Rule::xssString($value)) {
- throw new API_Exception('Illegal characters in input (potential scripting attack)',array("field"=>$fieldName,"error_code"=>"xss"));
+ throw new API_Exception('Illegal characters in input (potential scripting attack)', array("field"=>$fieldName,"error_code"=>"xss"));
}
}
}