}
}
if (!empty($props['country_id'])) {
+ if (!CRM_Utils_Rule::commaSeparatedIntegers(implode(',', (array) $props['country_id']))) {
+ throw new CRM_Core_Exception(ts('Province limit or default country setting is incorrect'));
+ }
$params['condition'] = 'country_id IN (' . implode(',', (array) $props['country_id']) . ')';
}
break;
if ($context != 'get' && $context != 'validate') {
$config = CRM_Core_Config::singleton();
if (!empty($config->countryLimit) && is_array($config->countryLimit)) {
+ if (!CRM_Utils_Rule::commaSeparatedIntegers(implode(',', $config->countryLimit))) {
+ throw new CRM_Core_Exception(ts('Available Country setting is incorrect'));
+ }
$params['condition'] = 'id IN (' . implode(',', $config->countryLimit) . ')';
}
}
// Filter county list based on chosen state
case 'county_id':
if (!empty($props['state_province_id'])) {
+ if (!CRM_Utils_Rule::commaSeparatedIntegers(implode(',', (array) $props['state_province_id']))) {
+ throw new CRM_Core_Exception(ts('Can only accept Integers for state_province_id filtering'));
+ }
$params['condition'] = 'state_province_id IN (' . implode(',', (array) $props['state_province_id']) . ')';
}
break;
$this->assertEquals($expectState, $created['state_province_id']);
}
+ public function testBuildStateProvinceOptionsWithDodgyProvinceLimit() {
+ $provinceLimit = [1228, "abcd;ef"];
+ $this->callAPISuccess('setting', 'create', [
+ 'provinceLimit' => $provinceLimit,
+ ]);
+ $result = $this->callAPIFailure('address', 'getoptions', ['field' => 'state_province_id']);
+ // confirm that we hit our error not a SQLI.
+ $this->assertEquals('Province limit or default country setting is incorrect', $result['error_message']);
+ $this->callAPISuccess('setting', 'create', [
+ 'provinceLimit' => [1228],
+ ]);
+ // Now confirm with a correct province setting it works fine
+ $this->callAPISuccess('address', 'getoptions', ['field' => 'state_province_id']);
+ }
+
+ public function testBuildCountryWithDodgyCountryLimitSetting() {
+ $countryLimit = [1228, "abcd;ef"];
+ $this->callAPISuccess('setting', 'create', [
+ 'countryLimit' => $countryLimit,
+ ]);
+ $result = $this->callAPIFailure('address', 'getoptions', ['field' => 'country_id']);
+ // confirm that we hit our error not a SQLI.
+ $this->assertEquals('Available Country setting is incorrect', $result['error_message']);
+ $this->callAPISuccess('setting', 'create', [
+ 'countryLimit' => [1228],
+ ]);
+ // Now confirm with a correct province setting it works fine
+ $this->callAPISuccess('address', 'getoptions', ['field' => 'country_id']);
+ }
+
+ public function testBuildCountyWithDodgeStateProvinceFiltering() {
+ $result = $this->callAPIFailure('Address', 'getoptions', [
+ 'field' => 'county_id',
+ 'state_province_id' => "abcd;ef",
+ ]);
+ $this->assertEquals('Can only accept Integers for state_province_id filtering', $result['error_message']);
+ $goodResult = $this->callAPISuccess('Address', 'getoptions', [
+ 'field' => 'county_id',
+ 'state_province_id' => 1004,
+ ]);
+ $this->assertEquals('San Francisco', $goodResult['values'][4]);
+ }
+
}