*/
const CHECK_USERNAME_TTL = 10800; // 3hr; 3*60*60
+ const AUTOCOMPLETE_TTL = 21600; // 6hr; 6*60*60
+
static function getContactList() {
// if context is 'customfield'
if (CRM_Utils_Array::value('context', $_GET) == 'customfield') {
* Function to fetch the values
*/
static function autocomplete() {
+ $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('cfid', 'ogid', 'sigts'));
+ if (CRM_Utils_Time::getTimeRaw() > $_REQUEST['sigts'] + self::AUTOCOMPLETE_TTL
+ || !$signer->validate($_REQUEST['sig'], $_REQUEST)
+ ) {
+ CRM_Utils_System::civiExit();
+ }
+
$fieldID = CRM_Utils_Type::escape($_GET['cfid'], 'Integer');
$optionGroupID = CRM_Utils_Type::escape($_GET['ogid'], 'Integer');
$label = CRM_Utils_Type::escape($_GET['s'], 'String');
$qf->addRule($elementName, ts('Select a valid contact for %1.', array(1 => $label)), 'validContact', $actualElementValue);
}
else {
- $customUrls[$elementName] = CRM_Utils_System::url('civicrm/ajax/auto',
- "reset=1&ogid={$field->option_group_id}&cfid={$field->id}",
- FALSE, NULL, FALSE
+ $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('cfid','ogid','sigts'));
+ $signParams = array(
+ 'reset' => 1,
+ 'sigts' => CRM_Utils_Time::getTimeRaw(),
+ 'ogid' => $field->option_group_id,
+ 'cfid' => $field->id,
);
+ $signParams['sig'] = $signer->sign($signParams);
+ $customUrls[$elementName] = CRM_Utils_System::url('civicrm/ajax/auto', $signParams, FALSE, NULL, FALSE);
$qf->addRule($elementName, ts('Select a valid value for %1.', array(1 => $label)),
'autocomplete', array(
'fieldID' => $field->id,
projects / civicrm-core.git / commitdiff