X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FContact%2FPage%2FAJAX.php;h=b2d2ed0c07d3fa9484a777209dcd973b66fc89d5;hb=015bf0da7674cd8f35f8252c1534e2472acf7c3f;hp=0da9dd3698176d151dc5572bf41880b3e15d1e9e;hpb=d03e58376da0c35fd4ab7ed67601f07c53afbfe7;p=civicrm-core.git diff --git a/CRM/Contact/Page/AJAX.php b/CRM/Contact/Page/AJAX.php index 0da9dd3698..b2d2ed0c07 100644 --- a/CRM/Contact/Page/AJAX.php +++ b/CRM/Contact/Page/AJAX.php @@ -3,7 +3,7 @@ +--------------------------------------------------------------------+ | CiviCRM version 4.6 | +--------------------------------------------------------------------+ - | Copyright CiviCRM LLC (c) 2004-2014 | + | Copyright CiviCRM LLC (c) 2004-2015 | +--------------------------------------------------------------------+ | This file is a part of CiviCRM. | | | @@ -28,7 +28,7 @@ /** * * @package CRM - * @copyright CiviCRM LLC (c) 2004-2014 + * @copyright CiviCRM LLC (c) 2004-2015 * */ @@ -158,7 +158,7 @@ class CRM_Contact_Page_AJAX { public static function getPCPList() { $name = CRM_Utils_Array::value('term', $_GET); $name = CRM_Utils_Type::escape($name, 'String'); - $limit = '10'; + $limit = $max = CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'search_autocomplete_count', NULL, 10); $where = ' AND pcp.page_id = cp.id AND pcp.contact_id = cc.id'; @@ -181,8 +181,11 @@ class CRM_Contact_Page_AJAX { $whereClause = " WHERE ( sort_name LIKE '$strSearch' $includeNickName ) {$where} "; } - if (!empty($_GET['limit'])) { - $limit = CRM_Utils_Type::escape($_GET['limit'], 'Positive'); + $offset = $count = 0; + if (!empty($_GET['page'])) { + $page = (int) $_GET['page']; + $offset = $limit * ($page - 1); + $limit++; } $select = 'cc.sort_name, pcp.title, cp.title'; @@ -198,23 +201,28 @@ class CRM_Contact_Page_AJAX { FROM civicrm_pcp pcp, civicrm_event cp, civicrm_contact cc {$includeEmailFrom} {$whereClause} AND pcp.page_type = 'event' - LIMIT 0, {$limit} ) t ORDER BY sort_name + LIMIT $offset, $limit "; $dao = CRM_Core_DAO::executeQuery($query); - $results = array(); + $output = array('results' => array(), 'more' => FALSE); while ($dao->fetch()) { - $results[] = array('id' => $dao->id, 'text' => $dao->data); + if (++$count > $max) { + $output['more'] = TRUE; + } + else { + $output['results'][] = array('id' => $dao->id, 'text' => $dao->data); + } } - CRM_Utils_JSON::output($results); + CRM_Utils_JSON::output($output); } public static function relationship() { $relType = CRM_Utils_Request::retrieve('rel_type', 'Positive', CRM_Core_DAO::$_nullObject, TRUE); $relContactID = CRM_Utils_Request::retrieve('rel_contact', 'Positive', CRM_Core_DAO::$_nullObject, TRUE); - $relationshipID = CRM_Utils_Array::value('rel_id', $_REQUEST); // this used only to determine add or update mode + $relationshipID = CRM_Utils_Request::retrieve('rel_id', 'Positive', CRM_Core_DAO::$_nullObject); // this used only to determine add or update mode $caseID = CRM_Utils_Request::retrieve('case_id', 'Positive', CRM_Core_DAO::$_nullObject, TRUE); // check if there are multiple clients for this case, if so then we need create @@ -253,7 +261,7 @@ class CRM_Contact_Page_AJAX { } // create new or update existing relationship - $return = CRM_Contact_BAO_Relationship::createMultiple($relationParams, $relationIds); + $return = CRM_Contact_BAO_Relationship::legacyCreateMultiple($relationParams, $relationIds); if (!empty($return[4][0])) { $relationshipID = $return[4][0]; @@ -300,11 +308,10 @@ class CRM_Contact_Page_AJAX { header('Content-Type: text/plain'); $customValueID = CRM_Utils_Type::escape($_REQUEST['valueID'], 'Positive'); $customGroupID = CRM_Utils_Type::escape($_REQUEST['groupID'], 'Positive'); - + $contactId = CRM_Utils_Request::retrieve('contactId', 'Positive', CRM_Core_DAO::$_nullObject); CRM_Core_BAO_CustomValue::deleteCustomValue($customValueID, $customGroupID); - $contactId = CRM_Utils_Array::value('contactId', $_REQUEST); if ($contactId) { - echo CRM_Contact_BAO_Contact::getCountComponent('custom_' . $_REQUEST['groupID'], $contactId); + echo CRM_Contact_BAO_Contact::getCountComponent('custom_' . $customGroupID, $contactId); } // reset the group contact cache for this group @@ -317,17 +324,19 @@ class CRM_Contact_Page_AJAX { */ static public function checkUserName() { $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('for', 'ts')); + $sig = CRM_Utils_Request::retrieve('sig', 'String', CRM_Core_DAO::$_nullObject); + $for = CRM_Utils_Request::retrieve('for', 'String', CRM_Core_DAO::$_nullObject); if ( CRM_Utils_Time::getTimeRaw() > $_REQUEST['ts'] + self::CHECK_USERNAME_TTL - || $_REQUEST['for'] != 'civicrm/ajax/cmsuser' - || !$signer->validate($_REQUEST['sig'], $_REQUEST) + || $for != 'civicrm/ajax/cmsuser' + || !$signer->validate($sig, $_REQUEST) ) { $user = array('name' => 'error'); CRM_Utils_JSON::output($user); } $config = CRM_Core_Config::singleton(); - $username = trim($_REQUEST['cms_name']); + $username = trim(CRM_Utils_Type::escape($_REQUEST['cms_name'], 'String')); $params = array('name' => $username); @@ -383,7 +392,7 @@ class CRM_Contact_Page_AJAX { else { $cid = CRM_Utils_Array::value('cid', $_GET); if ($cid) { - //check cid for interger + //check cid for integer $contIDS = explode(',', $cid); foreach ($contIDS as $contID) { CRM_Utils_Type::escape($contID, 'Integer'); @@ -416,8 +425,8 @@ LIMIT {$offset}, {$rowCount} // send query to hook to be modified if needed CRM_Utils_Hook::contactListQuery($query, $name, - CRM_Utils_Array::value('context', $_GET), - CRM_Utils_Array::value('cid', $_GET) + CRM_Utils_Request::retrieve('context', 'String', CRM_Core_DAO::$_nullObject), + CRM_Utils_Request::retrieve('cid', 'Positive', CRM_Core_DAO::$_nullObject) ); $dao = CRM_Core_DAO::executeQuery($query); @@ -441,8 +450,8 @@ LIMIT {$offset}, {$rowCount} // send query to hook to be modified if needed CRM_Utils_Hook::contactListQuery($query, $name, - CRM_Utils_Array::value('context', $_GET), - CRM_Utils_Array::value('cid', $_GET) + CRM_Utils_Request::retrieve('context', 'String', CRM_Core_DAO::$_nullObject), + CRM_Utils_Request::retrieve('cid', 'Positive', CRM_Core_DAO::$_nullObject) ); $dao = CRM_Core_DAO::executeQuery($query); @@ -512,8 +521,8 @@ LIMIT {$offset}, {$rowCount} // send query to hook to be modified if needed CRM_Utils_Hook::contactListQuery($query, $name, - CRM_Utils_Array::value('context', $_GET), - CRM_Utils_Array::value('cid', $_GET) + CRM_Utils_Request::retrieve('context', 'String', CRM_Core_DAO::$_nullObject), + CRM_Utils_Request::retrieve('cid', 'Positive', CRM_Core_DAO::$_nullObject) ); $dao = CRM_Core_DAO::executeQuery($query); @@ -534,7 +543,7 @@ LIMIT {$offset}, {$rowCount} public static function buildSubTypes() { - $parent = CRM_Utils_Array::value('parentId', $_REQUEST); + $parent = CRM_Utils_Request::retrieve('parentId', 'Positive', CRM_Core_DAO::$_nullObject); switch ($parent) { case 1: @@ -556,7 +565,7 @@ LIMIT {$offset}, {$rowCount} } public static function buildDedupeRules() { - $parent = CRM_Utils_Array::value('parentId', $_REQUEST); + $parent = CRM_Utils_Request::retrieve('parentId', 'Positive', CRM_Core_DAO::$_nullObject); switch ($parent) { case 1: @@ -783,7 +792,7 @@ LIMIT {$offset}, {$rowCount} } public static function getAddressDisplay() { - $contactId = CRM_Utils_Array::value('contact_id', $_REQUEST); + $contactId = CRM_Utils_Request::retrieve('contact_id', 'Positive', CRM_Core_DAO::$_nullObject); if (!$contactId) { $addressVal["error_message"] = "no contact id found"; } @@ -804,7 +813,8 @@ LIMIT {$offset}, {$rowCount} public static function getContactRelationships() { $contactID = CRM_Utils_Type::escape($_GET['cid'], 'Integer'); $context = CRM_Utils_Type::escape($_GET['context'], 'String'); - $relationship_type_id = CRM_Utils_Type::escape($_GET['relationship_type_id'], 'Integer', FALSE); + $relationship_type_id = CRM_Utils_Type::escape(CRM_Utils_Array::value('relationship_type_id', $_GET), 'Integer', + FALSE); if (!CRM_Contact_BAO_Contact_Permission::allow($contactID)) { return CRM_Utils_System::permissionDenied();