<?php
-// $Id$
-
/*
+--------------------------------------------------------------------+
| CiviCRM version 4.3 |
}
$data['is_error'] = 1;
$data['error_message'] = $msg;
+ // we will show sql to privelledged user only (not sure of a specific
+ // security hole here but seems sensible - perhaps should apply to the trace as well?
+ if(isset($data['sql']) && CRM_Core_Permission::check('Administer CiviCRM')) {
+ $data['debug_information'] = $data['sql'];
+ }
if (is_array($dao) && isset($dao['params']) && is_array($dao['params']) && CRM_Utils_Array::value('api.has_parent', $dao['params'])) {
$errorCode = empty($data['error_code']) ? 'chained_api_failed' : $data['error_code'];
throw new API_Exception('Error in call to ' . $dao['entity'] . '_' . $dao['action'] . ' : ' . $msg, $errorCode, $data);
$result['version'] = 3;
if (is_array($values)) {
- $result['count'] = count($values);
+ $result['count'] = (int) count($values);
// Convert value-separated strings to array
_civicrm_api3_separate_values($values);
function _civicrm_api3_validate_html(&$params, &$fieldName, &$fieldInfo) {
if ($value = CRM_Utils_Array::value($fieldName, $params)) {
if (!CRM_Utils_Rule::xssString($value)) {
- throw new API_Exception('Illegal characters in input (potential scripting attack)',array("field"=>$fieldName,"error_code"=>"xss"));
+ throw new API_Exception('Illegal characters in input (potential scripting attack)', array("field"=>$fieldName,"error_code"=>"xss"));
}
}
}
throw new Exception("Currency not a valid code: $value");
}
}
- if (!empty($fieldInfo['pseudoconstant']) || !empty($fieldInfo['options'])) {
+ if (!empty($fieldInfo['pseudoconstant']) || !empty($fieldInfo['options']) || !empty($fieldInfo['enumValues'])) {
_civicrm_api3_api_match_pseudoconstant($params, $entity, $fieldName, $fieldInfo);
}
// Check our field length
projects / civicrm-core.git / blobdiff