<?php
-// $Id$
-
/*
+--------------------------------------------------------------------+
| CiviCRM version 4.3 |
}
$data['is_error'] = 1;
$data['error_message'] = $msg;
+ // we will show sql to privelledged user only (not sure of a specific
+ // security hole here but seems sensible - perhaps should apply to the trace as well?
+ if(isset($data['sql']) && CRM_Core_Permission::check('Administer CiviCRM')) {
+ $data['debug_information'] = $data['sql'];
+ }
if (is_array($dao) && isset($dao['params']) && is_array($dao['params']) && CRM_Utils_Array::value('api.has_parent', $dao['params'])) {
$errorCode = empty($data['error_code']) ? 'chained_api_failed' : $data['error_code'];
throw new API_Exception('Error in call to ' . $dao['entity'] . '_' . $dao['action'] . ' : ' . $msg, $errorCode, $data);
$values[$key]['id'] = $item[$entity . "_id"];
}
if(!empty($item['financial_type_id'])){
+ //4.3 legacy handling
$values[$key]['contribution_type_id'] = $item['financial_type_id'];
}
+ if(!empty($item['next_sched_contribution_date'])){
+ // 4.4 legacy handling
+ $values[$key]['next_sched_contribution'] = $item['next_sched_contribution_date'];
+ }
}
}
- //if ( array_key_exists ('debug',$params) && is_object ($dao)) {
- if (is_array($params) && array_key_exists('debug', $params)) {
+
+ if (is_array($params) && !empty($params['debug'])) {
if (is_string($action) && $action != 'getfields') {
$apiFields = civicrm_api($entity, 'getfields', array('version' => 3, 'action' => $action) + $params);
}
$allFields = array_keys($apiFields['values']);
}
$paramFields = array_keys($params);
- $undefined = array_diff($paramFields, $allFields, array_keys($_COOKIE), array('action', 'entity', 'debug', 'version', 'check_permissions', 'IDS_request_uri', 'IDS_user_agent', 'return', 'sequential', 'rowCount', 'option_offset', 'option_limit', 'custom', 'option_sort'));
+ $undefined = array_diff($paramFields, $allFields, array_keys($_COOKIE), array('action', 'entity', 'debug', 'version', 'check_permissions', 'IDS_request_uri', 'IDS_user_agent', 'return', 'sequential', 'rowCount', 'option_offset', 'option_limit', 'custom', 'option_sort', 'options'));
if ($undefined) {
$result['undefined_fields'] = array_merge($undefined);
}
$result['version'] = 3;
if (is_array($values)) {
- $result['count'] = count($values);
+ $result['count'] = (int) count($values);
// Convert value-separated strings to array
_civicrm_api3_separate_values($values);
$name = 'Contact';
}
- //hack to deal with incorrectly named BAO/DAO - see CRM-10859 - remove after rename
- if($name == 'price_set' || $name == 'PriceSet'){
- return 'CRM_Price_DAO_Set';
- }
- if($name == 'price_field' || $name == 'PriceField'){
- return 'CRM_Price_DAO_Field';
- }
- if($name == 'price_field_value' || $name == 'PriceFieldValue'){
- return 'CRM_Price_DAO_FieldValue';
- }
- // these aren't listed on ticket CRM-10859 - but same problem - lack of standardisation
- if($name == 'mailing_job' || $name == 'MailingJob'){
- return 'CRM_Mailing_BAO_Job';
- }
+ //hack to deal with incorrectly named BAO/DAO - see CRM-10859 -
+ // several of these have been removed but am not confident mailing_recipients is
+ // tests so have not tackled.
+ // correct approach for im is unclear
if($name == 'mailing_recipients' || $name == 'MailingRecipients'){
return 'CRM_Mailing_BAO_Recipients';
}
}
/**
- * This is a wrapper for api_store_values which will check the suitable fields using getfields
+ * This is a legacy wrapper for api_store_values which will check the suitable fields using getfields
* rather than DAO->fields
*
* Getfields has handling for how to deal with uniquenames which dao->fields doesn't
if (is_array($params[$field])) {
//get the actual fieldname from db
$fieldName = $allfields[$field]['name'];
- //array is the syntax for SQL clause
- foreach ($params[$field] as $operator => $criteria) {
- if (in_array($operator, $acceptedSQLOperators)) {
- switch ($operator) {
- // unary operators
-
- case 'IS NULL':
- case 'IS NOT NULL':
- $dao->whereAdd(sprintf('%s %s', $fieldName, $operator));
- break;
-
- // ternary operators
-
- case 'BETWEEN':
- case 'NOT BETWEEN':
- if (empty($criteria[0]) || empty($criteria[1])) {
- throw new exception("invalid criteria for $operator");
- }
- $dao->whereAdd(sprintf('%s ' . $operator . ' "%s" AND "%s"', $fieldName, CRM_Core_DAO::escapeString($criteria[0]), CRM_Core_DAO::escapeString($criteria[1])));
- break;
-
- // n-ary operators
-
- case 'IN':
- case 'NOT IN':
- if (empty($criteria)) {
- throw new exception("invalid criteria for $operator");
- }
- $escapedCriteria = array_map(array('CRM_Core_DAO', 'escapeString'), $criteria);
- $dao->whereAdd(sprintf('%s %s ("%s")', $fieldName, $operator, implode('", "', $escapedCriteria)));
- break;
-
- // binary operators
-
- default:
-
- $dao->whereAdd(sprintf('%s %s "%s"', $fieldName, $operator, CRM_Core_DAO::escapeString($criteria)));
- }
- }
+ $where = CRM_Core_DAO::createSqlFilter($fieldName, $params[$field], 'String');
+ if(!empty($where)) {
+ $dao->whereAdd($where);
}
}
else {
}
}
}
- if (!empty($options['return']) && is_array($options['return'])) {
+ if (!empty($options['return']) && is_array($options['return']) && empty($options['is_count'])) {
$dao->selectAdd();
$options['return']['id'] = TRUE;// ensure 'id' is included
$allfields = _civicrm_api3_get_unique_name_array($dao);
* @return array $options options extracted from params
*/
function _civicrm_api3_get_options_from_params(&$params, $queryObject = FALSE, $entity = '', $action = '') {
+ $is_count = FALSE;
$sort = CRM_Utils_Array::value('sort', $params, 0);
$sort = CRM_Utils_Array::value('option.sort', $params, $sort);
$sort = CRM_Utils_Array::value('option_sort', $params, $sort);
$limit = CRM_Utils_Array::value('option_limit', $params, $limit);
if (is_array(CRM_Utils_Array::value('options', $params))) {
+ // is count is set by generic getcount not user
+ $is_count = CRM_Utils_Array::value('is_count', $params['options']);
$offset = CRM_Utils_Array::value('offset', $params['options'], $offset);
$limit = CRM_Utils_Array::value('limit', $params['options'], $limit);
$sort = CRM_Utils_Array::value('sort', $params['options'], $sort);
'offset' => $offset,
'sort' => $sort,
'limit' => $limit,
+ 'is_count' => $is_count,
'return' => !empty($returnProperties) ? $returnProperties : NULL,
);
+
if (!$queryObject) {
return $options;
}
function _civicrm_api3_apply_options_to_dao(&$params, &$dao, $entity) {
$options = _civicrm_api3_get_options_from_params($params,FALSE,$entity);
- $dao->limit((int)$options['offset'], (int)$options['limit']);
- if (!empty($options['sort'])) {
- $dao->orderBy($options['sort']);
+ if(!$options['is_count']) {
+ $dao->limit((int)$options['offset'], (int)$options['limit']);
+ if (!empty($options['sort'])) {
+ $dao->orderBy($options['sort']);
+ }
}
}
*/
function _civicrm_api3_dao_to_array($dao, $params = NULL, $uniqueFields = TRUE, $entity = "") {
$result = array();
+ if(isset($params['options']) && CRM_Utils_Array::value('is_count', $params['options'])) {
+ return $dao->count();
+ }
if (empty($dao) || !$dao->find()) {
return array();
}
+ if(isset($dao->count)) {
+ return $dao->count;
+ }
//if custom fields are required we will endeavour to set them . NB passing $entity in might be a bit clunky / unrequired
if (!empty($entity) && CRM_Utils_Array::value('return', $params) && is_array($params['return'])) {
foreach ($params['return'] as $return) {
$bao = new $bao_name();
_civicrm_api3_dao_set_filter($bao, $params, TRUE,$entity);
if ($returnAsSuccess) {
- return civicrm_api3_create_success(_civicrm_api3_dao_to_array($bao, $params, FALSE, $entity), $params, $entity);
+ return civicrm_api3_create_success(_civicrm_api3_dao_to_array($bao, $params, FALSE, $entity), $params, $entity);
}
else {
return _civicrm_api3_dao_to_array($bao, $params, FALSE, $entity);
function _civicrm_api3_basic_create($bao_name, &$params, $entity = NULL) {
$args = array(&$params);
- if(!empty($entity)){
+ if (!empty($entity)) {
$ids = array($entity => CRM_Utils_Array::value('id', $params));
$args[] = &$ids;
}
+
if (method_exists($bao_name, 'create')) {
$fct = 'create';
+ $fct_name = $bao_name . '::' . $fct;
+ $bao = call_user_func_array(array($bao_name, $fct), $args);
}
elseif (method_exists($bao_name, 'add')) {
$fct = 'add';
+ $fct_name = $bao_name . '::' . $fct;
+ $bao = call_user_func_array(array($bao_name, $fct), $args);
}
- if (!isset($fct)) {
- return civicrm_api3_create_error('Entity not created, missing create or add method for ' . $bao_name);
+ else {
+ $fct_name = '_civicrm_api3_basic_create_fallback';
+ $bao = _civicrm_api3_basic_create_fallback($bao_name, $params);
}
- $bao = call_user_func_array(array($bao_name, $fct), $args);
+
if (is_null($bao)) {
- return civicrm_api3_create_error('Entity not created ' . $bao_name . '::' . $fct);
+ return civicrm_api3_create_error('Entity not created (' . $fct_name . ')');
}
else {
$values = array();
_civicrm_api3_object_to_array($bao, $values[$bao->id]);
- return civicrm_api3_create_success($values, $params, NULL, 'create', $bao);
+ return civicrm_api3_create_success($values, $params, $entity, 'create', $bao);
}
}
+/**
+ * For BAO's which don't have a create() or add() functions, use this fallback implementation.
+ *
+ * FIXME There's an intuitive sense that this behavior should be defined somehow in the BAO/DAO class
+ * structure. In practice, that requires a fair amount of refactoring and/or kludgery.
+ *
+ * @param string $bao_name
+ * @param array $params
+ * @return CRM_Core_DAO|NULL an instance of the BAO
+ */
+function _civicrm_api3_basic_create_fallback($bao_name, &$params) {
+ $entityName = CRM_Core_DAO_AllCoreTables::getBriefName(get_parent_class($bao_name));
+ if (empty($entityName)) {
+ throw new API_Exception("Class \"$bao_name\" does not map to an entity name", "unmapped_class_to_entity", array(
+ 'class_name' => $bao_name,
+ ));
+ }
+ $hook = empty($params['id']) ? 'create' : 'edit';
+
+ CRM_Utils_Hook::pre($hook, $entityName, CRM_Utils_Array::value('id', $params), $params);
+ $instance = new $bao_name();
+ $instance->copyValues($params);
+ $instance->save();
+ CRM_Utils_Hook::post($hook, $entityName, $instance->id, $instance);
+
+ return $instance;
+}
+
/**
* Function to do a 'standard' api del - when the api is only doing a $bao::del then use this
* if api::del doesn't exist it will try DAO delete method
if ($bao !== FALSE) {
return civicrm_api3_create_success(TRUE);
}
- return civicrm_api3_create_error('Could not delete entity id ' . $params['id']);
+ throw new API_Exception('Could not delete entity id ' . $params['id']);
}
elseif (method_exists($bao_name, 'delete')) {
$dao = new $bao_name();
}
}
else {
- return civicrm_api3_create_error('Could not delete entity id ' . $params['id']);
+ throw new API_Exception('Could not delete entity id ' . $params['id']);
}
}
- return civicrm_api3_create_error('no delete method found');
+ throw new API_Exception('no delete method found');
}
/**
break;
case CRM_Utils_Type::T_MONEY:
- if (!CRM_Utils_Rule::money($params[$fieldName])) {
+ if (!CRM_Utils_Rule::money($params[$fieldName]) && !empty($params[$fieldName])) {
throw new Exception($fieldName . " is not a valid amount: " . $params[$fieldName]);
}
}
function _civicrm_api3_validate_integer(&$params, &$fieldName, &$fieldInfo, $entity) {
//if fieldname exists in params
if (CRM_Utils_Array::value($fieldName, $params)) {
- //if value = 'user_contact_id' replace value with logged in user id
- if ($params[$fieldName] == "user_contact_id") {
- $session = &CRM_Core_Session::singleton();
- $params[$fieldName] = $session->get('userID');
+ // if value = 'user_contact_id' (or similar), replace value with contact id
+ if (!is_numeric($params[$fieldName]) && is_scalar($params[$fieldName])) {
+ $realContactId = _civicrm_api3_resolve_contactID($params[$fieldName]);
+ if ('unknown-user' === $realContactId) {
+ throw new API_Exception("\"$fieldName\" \"{$params[$fieldName]}\" cannot be resolved to a contact ID", 2002, array('error_field' => $fieldName,"type"=>"integer"));
+ } elseif (is_numeric($realContactId)) {
+ $params[$fieldName] = $realContactId;
+ }
}
if (!empty($fieldInfo['pseudoconstant']) || !empty($fieldInfo['options'])) {
_civicrm_api3_api_match_pseudoconstant($params, $entity, $fieldName, $fieldInfo);
}
}
+/**
+ * Determine a contact ID using a string expression
+ *
+ * @param string $contactIdExpr e.g. "user_contact_id" or "@user:username"
+ * @return int|NULL|'unknown-user'
+ */
+function _civicrm_api3_resolve_contactID($contactIdExpr) {
+ //if value = 'user_contact_id' replace value with logged in user id
+ if ($contactIdExpr == "user_contact_id") {
+ $session = &CRM_Core_Session::singleton();
+ if (!is_numeric($session->get('userID'))) {
+ return NULL;
+ }
+ return $session->get('userID');
+ } elseif (preg_match('/^@user:(.*)$/', $contactIdExpr, $matches)) {
+ $config = CRM_Core_Config::singleton();
+
+ $ufID = $config->userSystem->getUfId($matches[1]);
+ if (!$ufID) {
+ return 'unknown-user';
+ }
+
+ $contactID = CRM_Core_BAO_UFMatch::getContactId($ufID);
+ if (!$contactID) {
+ return 'unknown-user';
+ }
+
+ return $contactID;
+ }
+ return NULL;
+}
+
function _civicrm_api3_validate_html(&$params, &$fieldName, &$fieldInfo) {
if ($value = CRM_Utils_Array::value($fieldName, $params)) {
if (!CRM_Utils_Rule::xssString($value)) {
- throw new API_Exception('Illegal characters in input (potential scripting attack)',array("field"=>$fieldName,"error_code"=>"xss"));
+ throw new API_Exception('Illegal characters in input (potential scripting attack)', array("field"=>$fieldName,"error_code"=>"xss"));
}
}
}
throw new Exception("Currency not a valid code: $value");
}
}
- if (!empty($fieldInfo['pseudoconstant']) || !empty($fieldInfo['options'])) {
+ if (!empty($fieldInfo['pseudoconstant']) || !empty($fieldInfo['options']) || !empty($fieldInfo['enumValues'])) {
_civicrm_api3_api_match_pseudoconstant($params, $entity, $fieldName, $fieldInfo);
}
// Check our field length
'action' => 'create',
));
$meta = $result['values'];
+ if (!isset($meta[$fieldName]['name']) && isset($meta[$fieldName . '_id'])) {
+ $fieldName = $fieldName . '_id';
+ }
if (isset($meta[$fieldName])) {
return $meta[$fieldName]['name'];
}