SearchKit - Use POST to send contact ids to action forms
authorColeman Watts <coleman@civicrm.org>
Sat, 30 Apr 2022 20:59:19 +0000 (22:59 +0200)
committerColeman Watts <coleman@civicrm.org>
Wed, 18 May 2022 23:19:58 +0000 (19:19 -0400)
CRM/Core/Controller.php
ext/search_kit/Civi/Api4/Action/SearchDisplay/GetSearchTasks.php
ext/search_kit/ang/crmSearchTasks/crmSearchTasks.component.js
js/crm.ajax.js

index f31e5f963f72dca2c8d27fb3c47e9d4b57ed7b46..7b0a5a4773627b7a40e35fe0441ed082445c796a 100644 (file)
@@ -300,7 +300,10 @@ class CRM_Core_Controller extends HTML_QuickForm_Controller {
     // https://github.com/civicrm/civicrm-core/pull/17324
     // and/or related get merged, then we should remove the REQUEST reference here.
     $key = $_POST['qfKey'] ?? $_GET['qfKey'] ?? $_REQUEST['qfKey'] ?? NULL;
-    if (!$key && in_array($_SERVER['REQUEST_METHOD'], ['GET', 'HEAD'])) {
+    // Allow POST if `$_GET['reset'] == 1` because standalone search actions require a
+    // (potentially large) amount of data to the server and must make the page request using POST.
+    // See https://lab.civicrm.org/dev/core/-/issues/3222
+    if (!$key && (!empty($_GET['reset']) || in_array($_SERVER['REQUEST_METHOD'], ['GET', 'HEAD']))) {
       // Generate a key if this is an initial request without one.
       // We allow HEAD here because it is used by bots to validate URLs, so if
       // we issue a 500 server error to them they may think the site is broken.
index b0ded1f45eeecf966080b0e74463cb9e47202e22..97286984e3775b3e273255f44b7b262dff9590b7 100644 (file)
@@ -41,7 +41,8 @@ class GetSearchTasks extends \Civi\Api4\Generic\AbstractAction {
         'icon' => 'fa-file-excel-o',
         'crmPopup' => [
           'path' => "'civicrm/export/standalone'",
-          'query' => "{reset: 1, entity: '{$entity['name']}', id: ids.join(',')}",
+          'query' => "{reset: 1, entity: '{$entity['name']}'}",
+          'data' => "{id: ids.join(',')}",
         ],
       ];
     }
@@ -104,7 +105,8 @@ class GetSearchTasks extends \Civi\Api4\Generic\AbstractAction {
             'icon' => $task['icon'] ?? 'fa-gear',
             'crmPopup' => [
               'path' => "'{$task['url']}'",
-              'query' => "{reset: 1, cids: ids.join(',')}",
+              'query' => "{reset: 1}",
+              'data' => "{cids: ids.join(',')}",
             ],
           ];
         }
@@ -141,7 +143,7 @@ class GetSearchTasks extends \Civi\Api4\Generic\AbstractAction {
             'icon' => $task['icon'] ?? 'fa-gear',
             'crmPopup' => [
               'path' => "'{$task['url']}'",
-              'query' => "{id: ids.join(',')}",
+              'data' => "{id: ids.join(',')}",
             ],
           ];
         }
index 4910dcdd1944a4ed379b7b3e740c1b66f331fd51..639bc4cfddf76d6cfd69b9c65563b4ccf9a1cfe6 100644 (file)
@@ -67,7 +67,7 @@
         if (action.crmPopup) {
           var path = $scope.$eval(action.crmPopup.path, data),
             query = action.crmPopup.query && $scope.$eval(action.crmPopup.query, data);
-          CRM.loadForm(CRM.url(path, query))
+          CRM.loadForm(CRM.url(path, query), {post: action.crmPopup.data && $scope.$eval(action.crmPopup.data, data)})
             .on('crmFormSuccess', ctrl.refresh);
         }
         // If action uses dialogService
index 4cb20cd03ee7b65c3fea57749294e07d8577166a..57ed34f9932a7d2f83a7c1573c10d20052dd7db5 100644 (file)
     options: {
       url: null,
       block: true,
+      post: null,
       crmForm: null
     },
     _originalContent: null,
         return false;
       });
     },
+    _ajax: function(url) {
+      if (!this.options.post || !this.isOriginalUrl()) {
+        return $.getJSON(url);
+      }
+      return $.post({
+        url: url,
+        dataType: 'json',
+        data: this.options.post
+      });
+    },
     refresh: function() {
       var that = this;
       var url = this._formatUrl(this.options.url, 'json');
       if (this.options.crmForm) $('form', this.element).ajaxFormUnbind();
       if (this.options.block) this.element.block();
-      $.getJSON(url, function(data) {
+      this._ajax(url).then(function(data) {
         if (data.status === 'redirect') {
           that.options.url = data.userContext;
           return that.refresh();
             $('[name="'+formElement+'"]', that.element).crmError(msg);
           });
         }
-      }).fail(function(data, msg, status) {
+      }function(data, msg, status) {
         that._onFailure(data, status);
       });
     },