X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FContact%2FPage%2FAJAX.php;h=3bb980db4e584fb41c11c9b15c9cf93c29185a6c;hb=bee6039a9e7d03a9aa639db45d4098720f90c5fa;hp=f26e4acbf8cacd5cfd643c9499a91ddde736c907;hpb=8f6ae60501d5d64ddbc6269648e71247dee0ce1b;p=civicrm-core.git

diff --git a/CRM/Contact/Page/AJAX.php b/CRM/Contact/Page/AJAX.php
index f26e4acbf8..3bb980db4e 100644
--- a/CRM/Contact/Page/AJAX.php
+++ b/CRM/Contact/Page/AJAX.php
@@ -1,7 +1,7 @@
 <?php
 /*
  +--------------------------------------------------------------------+
- | CiviCRM version 4.5                                                |
+ | CiviCRM version 4.6                                                |
  +--------------------------------------------------------------------+
  | Copyright CiviCRM LLC (c) 2004-2014                                |
  +--------------------------------------------------------------------+
@@ -36,10 +36,19 @@
  * This class contains all contact related functions that are called using AJAX (jQuery)
  */
 class CRM_Contact_Page_AJAX {
+  /**
+   * When a user chooses a username, CHECK_USERNAME_TTL
+   * is the time window in which they can check usernames
+   * (without reloading the overall form).
+   */
+  const CHECK_USERNAME_TTL = 10800; // 3hr; 3*60*60
+
+  const AUTOCOMPLETE_TTL = 21600; // 6hr; 6*60*60
+
   /**
    * @deprecated
    */
-  static function getContactList() {
+  public static function getContactList() {
     // if context is 'customfield'
     if (CRM_Utils_Array::value('context', $_GET) == 'customfield') {
       return self::contactReference();
@@ -98,7 +107,7 @@ class CRM_Contact_Page_AJAX {
    *
    * Todo: Migrate contact reference fields to use EntityRef
    */
-  static function contactReference() {
+  public static function contactReference() {
     $name = CRM_Utils_Array::value('term', $_GET);
     $name = CRM_Utils_Type::escape($name, 'String');
     $cfID = CRM_Utils_Type::escape($_GET['id'], 'Positive');
@@ -187,9 +196,9 @@ class CRM_Contact_Page_AJAX {
   }
 
   /**
-   * Function to fetch PCP ID by PCP Supporter sort_name, also displays PCP title and associated Contribution Page title
+   * Fetch PCP ID by PCP Supporter sort_name, also displays PCP title and associated Contribution Page title
    */
-  static function getPCPList() {
+  public static function getPCPList() {
     $name  = CRM_Utils_Array::value('s', $_GET);
     $name  = CRM_Utils_Type::escape($name, 'String');
     $limit = '10';
@@ -242,11 +251,10 @@ class CRM_Contact_Page_AJAX {
     while ($dao->fetch()) {
       $results[] = array('id' => $dao->id, 'text' => $dao->data);
     }
-    print json_encode($results);
-    CRM_Utils_System::civiExit();
+    CRM_Utils_JSON::output($results);
   }
 
-  static function relationship() {
+  public static function relationship() {
     $relType = CRM_Utils_Request::retrieve('rel_type', 'Positive', CRM_Core_DAO::$_nullObject, TRUE);
     $relContactID = CRM_Utils_Request::retrieve('rel_contact', 'Positive', CRM_Core_DAO::$_nullObject, TRUE);
     $relationshipID = CRM_Utils_Array::value('rel_id', $_REQUEST); // this used only to determine add or update mode
@@ -305,25 +313,23 @@ class CRM_Contact_Page_AJAX {
       }
     }
 
-    echo json_encode($ret);
-    CRM_Utils_System::civiExit();
+    CRM_Utils_JSON::output($ret);
   }
 
   /**
-   * Function to fetch the custom field help
+   * Fetch the custom field help
    */
-  static function customField() {
+  public static function customField() {
     $fieldId          = CRM_Utils_Type::escape($_REQUEST['id'], 'Integer');
     $params           = array('id' => $fieldId);
     $returnProperties = array('help_pre', 'help_post');
     $values           = array();
 
     CRM_Core_DAO::commonRetrieve('CRM_Core_DAO_CustomField', $params, $values, $returnProperties);
-    echo json_encode($values);
-    CRM_Utils_System::civiExit();
+    CRM_Utils_JSON::output($values);
   }
 
-  static function groupTree() {
+  public static function groupTree() {
     $gids = CRM_Utils_Type::escape($_GET['gids'], 'String');
     echo CRM_Contact_BAO_GroupNestingCache::json($gids);
     CRM_Utils_System::civiExit();
@@ -334,7 +340,7 @@ class CRM_Contact_Page_AJAX {
    * Old quicksearch function. No longer used in core.
    * @todo: Remove this function and associated menu entry in CiviCRM 5
    */
-  static function search() {
+  public static function search() {
     $json = TRUE;
     $name = CRM_Utils_Array::value('name', $_GET, '');
     if (!array_key_exists('name', $_GET)) {
@@ -512,10 +518,10 @@ ORDER BY sort_name ";
   }
 
   /**
-   * Function to delete custom value
+   * Delete custom value
    *
    */
-  static function deleteCustomValue() {
+  public static function deleteCustomValue() {
     $customValueID = CRM_Utils_Type::escape($_REQUEST['valueID'], 'Positive');
     $customGroupID = CRM_Utils_Type::escape($_REQUEST['groupID'], 'Positive');
 
@@ -531,10 +537,10 @@ ORDER BY sort_name ";
   }
 
   /**
-   * Function to perform enable / disable actions on record.
+   * Perform enable / disable actions on record.
    *
    */
-  static function enableDisable() {
+  public static function enableDisable() {
     $op        = CRM_Utils_Type::escape($_REQUEST['op'], 'String');
     $recordID  = CRM_Utils_Type::escape($_REQUEST['recordID'], 'Positive');
     $recordBAO = CRM_Utils_Type::escape($_REQUEST['recordBAO'], 'String');
@@ -570,16 +576,26 @@ ORDER BY sort_name ";
           CRM_Utils_Hook::enableDisable($recordBAO, $recordID, $isActive);
         }
       }
-      echo json_encode($status);
-      CRM_Utils_System::civiExit();
+      CRM_Utils_JSON::output($status);
     }
   }
 
   /**
-     *Function to check the CMS username
+     *  check the CMS username
      *
     */
   static public function checkUserName() {
+    $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('for', 'ts'));
+    if (
+      CRM_Utils_Time::getTimeRaw() > $_REQUEST['ts'] + self::CHECK_USERNAME_TTL
+      || $_REQUEST['for'] != 'civicrm/ajax/cmsuser'
+      || !$signer->validate($_REQUEST['sig'], $_REQUEST)
+    ) {
+      $user = array('name' => 'error');
+      echo json_encode($user);
+      CRM_Utils_System::civiExit();
+    }
+
     $config = CRM_Core_Config::singleton();
     $username = trim($_REQUEST['cms_name']);
 
@@ -604,9 +620,12 @@ ORDER BY sort_name ";
   /**
    *  Function to get email address of a contact
    */
-  static function getContactEmail() {
+  public static function getContactEmail() {
     if (!empty($_REQUEST['contact_id'])) {
       $contactID = CRM_Utils_Type::escape($_REQUEST['contact_id'], 'Positive');
+      if (!CRM_Contact_BAO_Contact_Permission::allow($contactID, CRM_Core_Permission::EDIT)) {
+        return;
+      }
       list($displayName,
         $userEmail
       ) = CRM_Contact_BAO_Contact_Location::getEmailDetails($contactID);
@@ -628,15 +647,15 @@ ORDER BY sort_name ";
         }
       }
       else {
-      	$cid = CRM_Utils_Array::value('cid', $_GET);
-      	if ($cid) {
+        $cid = CRM_Utils_Array::value('cid', $_GET);
+        if ($cid) {
           //check cid for interger
           $contIDS = explode(',', $cid);
           foreach ($contIDS as $contID) {
             CRM_Utils_Type::escape($contID, 'Integer');
           }
           $queryString = " cc.id IN ( $cid )";
-      	}
+        }
       }
 
       if ($queryString) {
@@ -711,7 +730,7 @@ LIMIT {$offset}, {$rowCount}
     CRM_Utils_System::civiExit();
   }
 
-  static function getContactPhone() {
+  public static function getContactPhone() {
 
     $queryString = NULL;
     //check for mobile type
@@ -724,8 +743,8 @@ LIMIT {$offset}, {$rowCount}
       $queryString = " ( cc.sort_name LIKE '%$name%' OR cp.phone LIKE '%$name%' ) ";
     }
     else {
-    	$cid = CRM_Utils_Array::value('cid', $_GET);
-    	if ($cid) {
+      $cid = CRM_Utils_Array::value('cid', $_GET);
+      if ($cid) {
         //check cid for interger
         $contIDS = explode(',', $cid);
         foreach ($contIDS as $contID) {
@@ -781,7 +800,7 @@ LIMIT {$offset}, {$rowCount}
   }
 
 
-  static function buildSubTypes() {
+  public static function buildSubTypes() {
     $parent = CRM_Utils_Array::value('parentId', $_REQUEST);
 
     switch ($parent) {
@@ -800,11 +819,10 @@ LIMIT {$offset}, {$rowCount}
 
     $subTypes = CRM_Contact_BAO_ContactType::subTypePairs($contactType, FALSE, NULL);
     asort($subTypes);
-    echo json_encode($subTypes);
-    CRM_Utils_System::civiExit();
+    CRM_Utils_JSON::output($subTypes);
   }
 
-  static function buildDedupeRules() {
+  public static function buildDedupeRules() {
     $parent = CRM_Utils_Array::value('parentId', $_REQUEST);
 
     switch ($parent) {
@@ -823,14 +841,13 @@ LIMIT {$offset}, {$rowCount}
 
     $dedupeRules = CRM_Dedupe_BAO_RuleGroup::getByType($contactType);
 
-    echo json_encode($dedupeRules);
-    CRM_Utils_System::civiExit();
+    CRM_Utils_JSON::output($dedupeRules);
   }
 
   /**
    * Function used for CiviCRM dashboard operations
    */
-  static function dashboard() {
+  public static function dashboard() {
     $operation = CRM_Utils_Type::escape($_REQUEST['op'], 'String');
 
     switch ($operation) {
@@ -856,14 +873,13 @@ LIMIT {$offset}, {$rowCount}
         CRM_Utils_System::civiExit();
     }
 
-    echo json_encode($dashlets);
-    CRM_Utils_System::civiExit();
+    CRM_Utils_JSON::output($dashlets);
   }
 
   /**
-   * Function to retrieve signature based on email id
+   * Retrieve signature based on email id
    */
-  static function getSignature() {
+  public static function getSignature() {
     $emailID = CRM_Utils_Type::escape($_REQUEST['emailID'], 'Positive');
     $query   = "SELECT signature_text, signature_html FROM civicrm_email WHERE id = {$emailID}";
     $dao     = CRM_Core_DAO::executeQuery($query);
@@ -876,15 +892,14 @@ LIMIT {$offset}, {$rowCount}
       );
     }
 
-    echo json_encode($signatures);
-    CRM_Utils_System::civiExit();
+    CRM_Utils_JSON::output($signatures);
   }
 
   /**
-   * Function to process dupes.
+   * Process dupes.
    *
    */
-  static function processDupes() {
+  public static function processDupes() {
     $oper = CRM_Utils_Type::escape($_REQUEST['op'], 'String');
     $cid  = CRM_Utils_Type::escape($_REQUEST['cid'], 'Positive');
     $oid  = CRM_Utils_Type::escape($_REQUEST['oid'], 'Positive');
@@ -910,11 +925,10 @@ LIMIT {$offset}, {$rowCount}
       $status = $exception->delete();
     }
 
-    echo json_encode(array('status' => ($status) ? $oper : $status));
-    CRM_Utils_System::civiExit();
+    CRM_Utils_JSON::output(array('status' => ($status) ? $oper : $status));
   }
 
-  static function getDedupes() {
+  public static function getDedupes() {
 
     $sEcho     = CRM_Utils_Type::escape($_REQUEST['sEcho'], 'Integer');
     $offset    = isset($_REQUEST['iDisplayStart']) ? CRM_Utils_Type::escape($_REQUEST['iDisplayStart'], 'Integer') : 0;
@@ -966,30 +980,28 @@ LIMIT {$offset}, {$rowCount}
   }
 
   /**
-   * Function to retrieve a PDF Page Format for the PDF Letter form
+   * Retrieve a PDF Page Format for the PDF Letter form
    */
-  function pdfFormat() {
+  public function pdfFormat() {
     $formatId = CRM_Utils_Type::escape($_REQUEST['formatId'], 'Integer');
 
     $pdfFormat = CRM_Core_BAO_PdfFormat::getById($formatId);
 
-    echo json_encode($pdfFormat);
-    CRM_Utils_System::civiExit();
+    CRM_Utils_JSON::output($pdfFormat);
   }
 
   /**
-   * Function to retrieve Paper Size dimensions
+   * Retrieve Paper Size dimensions
    */
-  static function paperSize() {
+  public static function paperSize() {
     $paperSizeName = CRM_Utils_Type::escape($_REQUEST['paperSizeName'], 'String');
 
     $paperSize = CRM_Core_BAO_PaperSize::getByName($paperSizeName);
 
-    echo json_encode($paperSize);
-    CRM_Utils_System::civiExit();
+    CRM_Utils_JSON::output($paperSize);
   }
 
-  static function selectUnselectContacts() {
+  public static function selectUnselectContacts() {
     $name         = CRM_Utils_Array::value('name', $_REQUEST);
     $cacheKey     = CRM_Utils_Array::value('qfKey', $_REQUEST);
     $state        = CRM_Utils_Array::value('state', $_REQUEST, 'checked');
@@ -1020,23 +1032,22 @@ LIMIT {$offset}, {$rowCount}
     $countSelectionCids = count($contactIds[$cacheKey]);
 
     $arrRet = array('getCount' => $countSelectionCids);
-    echo json_encode($arrRet);
-    CRM_Utils_System::civiExit();
+    CRM_Utils_JSON::output($arrRet);
   }
 
   /**
-   * @param $name
+   * @param string $name
    *
    * @return string
    */
-  static function _convertToId($name) {
+  public static function _convertToId($name) {
     if (substr($name, 0, CRM_Core_Form::CB_PREFIX_LEN) == CRM_Core_Form::CB_PREFIX) {
       $cId = substr($name, CRM_Core_Form::CB_PREFIX_LEN);
     }
     return $cId;
   }
 
-  static function getAddressDisplay() {
+  public static function getAddressDisplay() {
     $contactId = CRM_Utils_Array::value('contact_id', $_REQUEST);
     if (!$contactId) {
       $addressVal["error_message"] = "no contact id found";
@@ -1050,12 +1061,11 @@ LIMIT {$offset}, {$rowCount}
       $addressVal = CRM_Core_BAO_Address::getValues($entityBlock);
     }
 
-    echo json_encode($addressVal);
-    CRM_Utils_System::civiExit();
+    CRM_Utils_JSON::output($addressVal);
   }
 
   /**
-   * Function to retrieve contact relationships
+   * Retrieve contact relationships
    */
   public static function getContactRelationships() {
     $contactID = CRM_Utils_Type::escape($_GET['cid'], 'Integer');