From: Coleman Watts Date: Thu, 1 May 2014 19:39:28 +0000 (-0700) Subject: Contribution Pages - Improve related employer autofill X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=3719c6dd64a20fd429a7a6808a18f4e3f5eef9a0;p=civicrm-core.git Contribution Pages - Improve related employer autofill --- diff --git a/CRM/Contribute/Form/Contribution/OnBehalfOf.php b/CRM/Contribute/Form/Contribution/OnBehalfOf.php index 7da9e8cae4..7140aada4b 100644 --- a/CRM/Contribute/Form/Contribution/OnBehalfOf.php +++ b/CRM/Contribute/Form/Contribution/OnBehalfOf.php @@ -82,7 +82,16 @@ class CRM_Contribute_Form_Contribution_OnBehalfOf { } if ($form->_relatedOrganizationFound) { - $locDataURL = CRM_Utils_System::url('civicrm/ajax/permlocation', 'cid=', FALSE, NULL, FALSE); + // Related org url - pass checksum if needed + $args = array('cid' => ''); + if (!empty($_GET['cs'])) { + $args = array( + 'uid' => $form->_contactID, + 'cs' => $_GET['cs'], + 'cid' => '', + ); + } + $locDataURL = CRM_Utils_System::url('civicrm/ajax/permlocation', $args, FALSE, NULL, FALSE); $form->assign('locDataURL', $locDataURL); } diff --git a/CRM/Core/Page/AJAX/Location.php b/CRM/Core/Page/AJAX/Location.php index 0d21c1b778..0d0f944712 100644 --- a/CRM/Core/Page/AJAX/Location.php +++ b/CRM/Core/Page/AJAX/Location.php @@ -46,12 +46,22 @@ class CRM_Core_Page_AJAX_Location { * location field values for selected permissioned contact. */ static function getPermissionedLocation() { - $cid = CRM_Utils_Type::escape($_GET['cid'], 'Integer'); - if ($_GET['ufId']) { - $ufId = CRM_Utils_Type::escape($_GET['ufId'], 'Integer'); + $cid = CRM_Utils_Request::retrieve('cid', 'Integer', CRM_Core_DAO::$_nullObject, TRUE); + $ufId = CRM_Utils_Request::retrieve('ufId', 'Integer', CRM_Core_DAO::$_nullObject, TRUE); + + // Verify user id + $user = CRM_Core_Session::singleton()->get('userID'); + if (!$user) { + $user = CRM_Utils_Request::retrieve('uid', 'Integer', CRM_Core_DAO::$_nullObject, TRUE); + if (!CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($user, CRM_Core_DAO::$_nullObject)) { + CRM_Utils_System::civiExit(); + } } - elseif ($_GET['relContact']) { - $relContact = CRM_Utils_Type::escape($_GET['relContact'], 'Integer'); + + // Verify user permission on related contact + $employers = CRM_Contact_BAO_Relationship::getPermissionedEmployer($user); + if (!isset($employers[$cid])) { + CRM_Utils_System::civiExit(); } $values = array(); @@ -62,38 +72,6 @@ class CRM_Core_Page_AJAX_Location { $addressSequence = array_flip($config->addressSequence()); - if (!empty($relContact)) { - $elements = array( - "phone_1_phone" => - $location['phone'][1]['phone'], - "email_1_email" => - $location['email'][1]['email'], - ); - - if (array_key_exists('street_address', $addressSequence)) { - $elements["address_1_street_address"] = $location['address'][1]['street_address']; - } - if (array_key_exists('supplemental_address_1', $addressSequence)) { - $elements['address_1_supplemental_address_1'] = $location['address'][1]['supplemental_address_1']; - } - if (array_key_exists('supplemental_address_2', $addressSequence)) { - $elements['address_1_supplemental_address_2'] = $location['address'][1]['supplemental_address_2']; - } - if (array_key_exists('city', $addressSequence)) { - $elements['address_1_city'] = $location['address'][1]['city']; - } - if (array_key_exists('postal_code', $addressSequence)) { - $elements['address_1_postal_code'] = $location['address'][1]['postal_code']; - $elements['address_1_postal_code_suffix'] = $location['address'][1]['postal_code_suffix']; - } - if (array_key_exists('country', $addressSequence)) { - $elements['address_1_country_id'] = $location['address'][1]['country_id']; - } - if (array_key_exists('state_province', $addressSequence)) { - $elements['address_1_state_province_id'] = $location['address'][1]['state_province_id']; - } - } - else { $profileFields = CRM_Core_BAO_UFGroup::getFields($ufId, FALSE, CRM_Core_Action::VIEW, NULL, NULL, FALSE, NULL, FALSE, NULL, CRM_Core_Permission::CREATE, NULL ); @@ -213,7 +191,6 @@ class CRM_Core_Page_AJAX_Location { } } } - } echo json_encode($elements); CRM_Utils_System::civiExit();