CRM-15925 - CRM_Contact_Import_Form_DataSource - Enforce permissions

author Tim Otten <totten@civicrm.org>

Tue, 23 Aug 2016 22:56:10 +0000 (15:56 -0700)

committer Seamus Lee <seamuslee001@gmail.com>

Thu, 25 Aug 2016 10:57:18 +0000 (20:57 +1000)
author Tim Otten <totten@civicrm.org>
Tue, 23 Aug 2016 22:56:10 +0000 (15:56 -0700)
committer Seamus Lee <seamuslee001@gmail.com>
Thu, 25 Aug 2016 10:57:18 +0000 (20:57 +1000)
diff --git a/CRM/Contact/Import/Form/DataSource.php b/CRM/Contact/Import/Form/DataSource.php

index b18665b7768d4f11aa4dc7fa6da98978da8c3976..1c279842dec6e03507c4c2fc16689b0ab57b5892 100644 (file)
--- a/CRM/Contact/Import/Form/DataSource.php
+++ b/CRM/Contact/Import/Form/DataSource.php
@@ -117,13 +117,17 @@ class CRM_Contact_Import_Form_DataSource extends CRM_Core_Form {
        $this->assign('showOnlyDataSourceFormPane', TRUE);
      }
  
-    if (strpos($this->_dataSource, 'CRM_Import_DataSource_') === 0) {
+    $dataSources = $this->_getDataSources();
+    if ($this->_dataSource && isset($dataSources[$this->_dataSource])) {
        $this->_dataSourceIsValid = TRUE;
        $this->assign('showDataSourceFormPane', TRUE);
        $dataSourcePath = explode('_', $this->_dataSource);
        $templateFile = "CRM/Contact/Import/Form/" . $dataSourcePath[3] . ".tpl";
        $this->assign('dataSourceFormTemplateFile', $templateFile);
      }
+    elseif ($this->_dataSource) {
+      throw new \CRM_Core_Exception("Invalid data source");
+    }
    }
  
    /**
@@ -271,6 +275,11 @@ class CRM_Contact_Import_Form_DataSource extends CRM_Core_Form {
     * @throws Exception
     */
    private function _getDataSources() {
+    // Hmm... file-system scanners don't really belong in forms...
+    if (isset(Civi::$statics[__CLASS__]['datasources'])) {
+      return Civi::$statics[__CLASS__]['datasources'];
+    }
+
      // Open the data source dir and scan it for class files
      $config = CRM_Core_Config::singleton();
      $dataSourceDir = $config->importDataSourceDir;
@@ -292,10 +301,14 @@ class CRM_Contact_Import_Form_DataSource extends CRM_Core_Form {
          require_once $dataSourceDir . DIRECTORY_SEPARATOR . $dataSourceFile;
          $object = new $dataSourceClass();
          $info = $object->getInfo();
-        $dataSources[$dataSourceClass] = $info['title'];
+        if ($object->checkPermission()) {
+          $dataSources[$dataSourceClass] = $info['title'];
+        }
        }
      }
      closedir($dataSourceHandle);
+
+    Civi::$statics[__CLASS__]['datasources'] = $dataSources;
      return $dataSources;
    }
author	Tim Otten <totten@civicrm.org>
	Tue, 23 Aug 2016 22:56:10 +0000 (15:56 -0700)
committer	Seamus Lee <seamuslee001@gmail.com>
	Thu, 25 Aug 2016 10:57:18 +0000 (20:57 +1000)