From: Sean Madsen Date: Sun, 22 Apr 2018 21:50:47 +0000 (-0400) Subject: security/core#14 Validate "context" inputs X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=edc80cda6bfef2572d515c4c139d83f7556e632a;p=civicrm-core.git security/core#14 Validate "context" inputs When "context" is passed as a GET parameter, ensure that its values is a valid "Alphanumeric" type. This helps prevent XSS when the "context" value finds its way into templates that lack HTML output encoding. Replace... CRM_Utils_Request::retrieve\((['"])context\1,(\s*)(['"])String\3 ...with... CRM_Utils_Request::retrieve\($1context$1,$3Alphanumeric$3 Also search for the following and manually fix: \$_GET\[(['"])context\1\] \$_POST\[(['"])context\1\] \$_REQUEST\[(['"])context\1\] --- diff --git a/CRM/Activity/Form/Activity.php b/CRM/Activity/Form/Activity.php index a82cbade69..5f78cbd9f1 100644 --- a/CRM/Activity/Form/Activity.php +++ b/CRM/Activity/Form/Activity.php @@ -255,7 +255,7 @@ class CRM_Activity_Form_Activity extends CRM_Contact_Form_Task { // Give the context. if (!isset($this->_context)) { - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); if (CRM_Contact_Form_Search::isSearchContext($this->_context)) { $this->_context = 'search'; } diff --git a/CRM/Activity/Form/ActivityView.php b/CRM/Activity/Form/ActivityView.php index 1adf70a582..2c11dd4ff3 100644 --- a/CRM/Activity/Form/ActivityView.php +++ b/CRM/Activity/Form/ActivityView.php @@ -42,7 +42,7 @@ class CRM_Activity_Form_ActivityView extends CRM_Core_Form { public function preProcess() { // Get the activity values. $activityId = CRM_Utils_Request::retrieve('id', 'Positive', $this); - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $cid = CRM_Utils_Request::retrieve('cid', 'Positive', $this); // Check for required permissions, CRM-6264. diff --git a/CRM/Activity/Form/Search.php b/CRM/Activity/Form/Search.php index 9e3ffd5960..7e682b50fe 100644 --- a/CRM/Activity/Form/Search.php +++ b/CRM/Activity/Form/Search.php @@ -87,7 +87,7 @@ class CRM_Activity_Form_Search extends CRM_Core_Form_Search { $this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean'); $this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE); $this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search'); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search'); $this->assign("context", $this->_context); diff --git a/CRM/Activity/Page/Tab.php b/CRM/Activity/Page/Tab.php index 658a350b19..8a4cd70d4e 100644 --- a/CRM/Activity/Page/Tab.php +++ b/CRM/Activity/Page/Tab.php @@ -63,7 +63,7 @@ class CRM_Activity_Page_Tab extends CRM_Core_Page { */ public function edit() { // used for ajax tabs - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->assign('context', $context); $this->_id = CRM_Utils_Request::retrieve('id', 'Integer', $this); @@ -159,7 +159,7 @@ class CRM_Activity_Page_Tab extends CRM_Core_Page { * Perform actions and display for activities. */ public function run() { - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $contactId = CRM_Utils_Request::retrieve('cid', 'Positive', $this); $action = CRM_Utils_Request::retrieve('action', 'String', $this); $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this); diff --git a/CRM/Batch/Page/AJAX.php b/CRM/Batch/Page/AJAX.php index b06cd75450..7849fc7e71 100644 --- a/CRM/Batch/Page/AJAX.php +++ b/CRM/Batch/Page/AJAX.php @@ -54,7 +54,7 @@ class CRM_Batch_Page_AJAX { * @deprecated */ public static function getBatchList() { - $context = isset($_REQUEST['context']) ? CRM_Utils_Type::escape($_REQUEST['context'], 'String') : NULL; + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric'); if ($context != 'financialBatch') { $sortMapper = array( 0 => 'title', diff --git a/CRM/Campaign/Form/Campaign.php b/CRM/Campaign/Form/Campaign.php index 916d2dcbbe..dabd71abed 100644 --- a/CRM/Campaign/Form/Campaign.php +++ b/CRM/Campaign/Form/Campaign.php @@ -76,7 +76,7 @@ class CRM_Campaign_Form_Campaign extends CRM_Core_Form { CRM_Utils_System::permissionDenied(); } - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->assign('context', $this->_context); diff --git a/CRM/Campaign/Form/Petition.php b/CRM/Campaign/Form/Petition.php index 9ebc4725a0..0022218e4c 100644 --- a/CRM/Campaign/Form/Petition.php +++ b/CRM/Campaign/Form/Petition.php @@ -47,7 +47,7 @@ class CRM_Campaign_Form_Petition extends CRM_Core_Form { CRM_Utils_System::permissionDenied(); } - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->assign('context', $this->_context); diff --git a/CRM/Campaign/Form/Search.php b/CRM/Campaign/Form/Search.php index 8c31f28e2e..70fd4e6e2e 100644 --- a/CRM/Campaign/Form/Search.php +++ b/CRM/Campaign/Form/Search.php @@ -81,7 +81,7 @@ class CRM_Campaign_Form_Search extends CRM_Core_Form_Search { //useful when we are being driven by the wizard framework $this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this); $this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search'); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search'); $this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean'); //operation for state machine. diff --git a/CRM/Campaign/Form/Survey/Main.php b/CRM/Campaign/Form/Survey/Main.php index 57974875e1..c8e4123051 100644 --- a/CRM/Campaign/Form/Survey/Main.php +++ b/CRM/Campaign/Form/Survey/Main.php @@ -60,7 +60,7 @@ class CRM_Campaign_Form_Survey_Main extends CRM_Campaign_Form_Survey { public function preProcess() { parent::preProcess(); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->assign('context', $this->_context); diff --git a/CRM/Case/Form/Activity.php b/CRM/Case/Form/Activity.php index d39768a0aa..d12b8716cc 100644 --- a/CRM/Case/Form/Activity.php +++ b/CRM/Case/Form/Activity.php @@ -63,7 +63,7 @@ class CRM_Case_Form_Activity extends CRM_Activity_Form_Activity { public function preProcess() { $caseIds = CRM_Utils_Request::retrieve('caseid', 'String', $this); $this->_caseId = explode(',', $caseIds); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); if (!$this->_context) { $this->_context = 'caseActivity'; } diff --git a/CRM/Case/Form/Activity/OpenCase.php b/CRM/Case/Form/Activity/OpenCase.php index fe1cecef3e..aa86804682 100644 --- a/CRM/Case/Form/Activity/OpenCase.php +++ b/CRM/Case/Form/Activity/OpenCase.php @@ -62,7 +62,7 @@ class CRM_Case_Form_Activity_OpenCase { return; } - $form->_context = CRM_Utils_Request::retrieve('context', 'String', $form); + $form->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $form); $form->_contactID = CRM_Utils_Request::retrieve('cid', 'Positive', $form); $form->assign('context', $form->_context); diff --git a/CRM/Case/Form/CaseView.php b/CRM/Case/Form/CaseView.php index 3b5ae3167d..ba7814ec0f 100644 --- a/CRM/Case/Form/CaseView.php +++ b/CRM/Case/Form/CaseView.php @@ -77,7 +77,7 @@ class CRM_Case_Form_CaseView extends CRM_Core_Form { CRM_Core_Error::fatal(ts('You are not authorized to access this page.')); } - $fulltext = CRM_Utils_Request::retrieve('context', 'String'); + $fulltext = CRM_Utils_Request::retrieve('context', 'Alphanumeric'); if ($fulltext == 'fulltext') { $this->assign('fulltext', $fulltext); } diff --git a/CRM/Case/Form/EditClient.php b/CRM/Case/Form/EditClient.php index d0173e04b0..5259cf48f6 100644 --- a/CRM/Case/Form/EditClient.php +++ b/CRM/Case/Form/EditClient.php @@ -42,7 +42,7 @@ class CRM_Case_Form_EditClient extends CRM_Core_Form { public function preProcess() { $cid = CRM_Utils_Request::retrieve('cid', 'Positive', $this, TRUE); CRM_Utils_Request::retrieve('id', 'Positive', $this, TRUE); - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); //get current client name. $this->assign('currentClientName', CRM_Contact_BAO_Contact::displayName($cid)); diff --git a/CRM/Case/Form/Search.php b/CRM/Case/Form/Search.php index 3ca0ed0169..86e3d4031d 100644 --- a/CRM/Case/Form/Search.php +++ b/CRM/Case/Form/Search.php @@ -97,7 +97,7 @@ class CRM_Case_Form_Search extends CRM_Core_Form_Search { $this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean'); $this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE); $this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search'); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search'); $this->assign('context', $this->_context); diff --git a/CRM/Case/Page/CaseDetails.php b/CRM/Case/Page/CaseDetails.php index bc8ef05969..fc5e4c5fc3 100644 --- a/CRM/Case/Page/CaseDetails.php +++ b/CRM/Case/Page/CaseDetails.php @@ -41,7 +41,7 @@ class CRM_Case_Page_CaseDetails extends CRM_Core_Page { */ public function run() { $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse'); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->assign('action', $this->_action); $this->assign('context', $this->_context); diff --git a/CRM/Case/Page/Tab.php b/CRM/Case/Page/Tab.php index 52d84e8c76..650122db05 100644 --- a/CRM/Case/Page/Tab.php +++ b/CRM/Case/Page/Tab.php @@ -59,7 +59,7 @@ class CRM_Case_Page_Tab extends CRM_Core_Page { } $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); if ($this->_contactId) { $this->assign('contactId', $this->_contactId); @@ -178,7 +178,7 @@ class CRM_Case_Page_Tab extends CRM_Core_Page { */ public function run() { $contactID = CRM_Utils_Request::retrieve('cid', 'Positive', CRM_Core_DAO::$_nullArray); - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); if ($context == 'standalone' && !$contactID) { $this->_action = CRM_Core_Action::ADD; diff --git a/CRM/Contact/Form/Contact.php b/CRM/Contact/Form/Contact.php index 4c23815e3c..1b985e131f 100644 --- a/CRM/Contact/Form/Contact.php +++ b/CRM/Contact/Form/Contact.php @@ -235,7 +235,7 @@ class CRM_Contact_Form_Contact extends CRM_Core_Form { // omitting contactImage from title for now since the summary overlay css doesn't work outside of our crm-container CRM_Utils_System::setTitle($displayName); - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $qfKey = CRM_Utils_Request::retrieve('key', 'String', $this); $urlParams = 'reset=1&cid=' . $this->_contactId; @@ -1055,7 +1055,7 @@ class CRM_Contact_Form_Contact extends CRM_Core_Form { $session->replaceUserContext(CRM_Utils_System::url('civicrm/contact/add', $resetStr)); } else { - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $qfKey = CRM_Utils_Request::retrieve('key', 'String', $this); //validate the qfKey $urlParams = 'reset=1&cid=' . $contact->id; diff --git a/CRM/Contact/Form/GroupContact.php b/CRM/Contact/Form/GroupContact.php index fcbc9fc681..c8114ec036 100644 --- a/CRM/Contact/Form/GroupContact.php +++ b/CRM/Contact/Form/GroupContact.php @@ -70,7 +70,7 @@ class CRM_Contact_Form_GroupContact extends CRM_Core_Form { public function preProcess() { $this->_contactId = $this->get('contactId'); $this->_groupContactId = $this->get('groupContactId'); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); } /** diff --git a/CRM/Contact/Form/Search.php b/CRM/Contact/Form/Search.php index e689bc8f2c..5b9a2079dd 100644 --- a/CRM/Contact/Form/Search.php +++ b/CRM/Contact/Form/Search.php @@ -555,7 +555,7 @@ class CRM_Contact_Form_Search extends CRM_Core_Form_Search { } // assign context to drive the template display, make sure context is valid - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search'); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search'); if (!CRM_Utils_Array::value($this->_context, self::validContext())) { $this->_context = 'search'; } diff --git a/CRM/Contact/Form/Task/Delete.php b/CRM/Contact/Form/Task/Delete.php index bc50f684da..a05322ab6b 100644 --- a/CRM/Contact/Form/Task/Delete.php +++ b/CRM/Contact/Form/Task/Delete.php @@ -150,7 +150,7 @@ class CRM_Contact_Form_Task_Delete extends CRM_Contact_Form_Task { if ($this->_single) { // also fix the user context stack in case the user hits cancel - $context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'basic'); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'basic'); if ($context == 'search' && CRM_Utils_Rule::qfKey($this->_searchKey)) { $urlParams = "&context=$context&key=$this->_searchKey"; } @@ -200,7 +200,7 @@ class CRM_Contact_Form_Task_Delete extends CRM_Contact_Form_Task { $session = CRM_Core_Session::singleton(); $currentUserId = $session->get('userID'); - $context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'basic'); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'basic'); $urlParams = 'force=1'; $urlString = "civicrm/contact/search/$context"; diff --git a/CRM/Contact/Form/Task/Email.php b/CRM/Contact/Form/Task/Email.php index a2b83de3a0..08556492b2 100644 --- a/CRM/Contact/Form/Task/Email.php +++ b/CRM/Contact/Form/Task/Email.php @@ -96,7 +96,7 @@ class CRM_Contact_Form_Task_Email extends CRM_Contact_Form_Task { public function preProcess() { // store case id if present $this->_caseId = CRM_Utils_Request::retrieve('caseid', 'String', $this, FALSE); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $cid = CRM_Utils_Request::retrieve('cid', 'String', $this, FALSE); diff --git a/CRM/Contact/Form/Task/Map.php b/CRM/Contact/Form/Task/Map.php index 5e21b5e95c..e02c83bef5 100644 --- a/CRM/Contact/Form/Task/Map.php +++ b/CRM/Contact/Form/Task/Map.php @@ -63,7 +63,7 @@ class CRM_Contact_Form_Task_Map extends CRM_Contact_Form_Task { $this, FALSE ); $this->assign('profileGID', $profileGID); - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $type = 'Contact'; if ($cid) { diff --git a/CRM/Contact/Form/Task/SMS.php b/CRM/Contact/Form/Task/SMS.php index 6e5a1734da..730ae09432 100644 --- a/CRM/Contact/Form/Task/SMS.php +++ b/CRM/Contact/Form/Task/SMS.php @@ -53,7 +53,7 @@ class CRM_Contact_Form_Task_SMS extends CRM_Contact_Form_Task { public function preProcess() { - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $cid = CRM_Utils_Request::retrieve('cid', 'Positive', $this, FALSE); diff --git a/CRM/Contact/Page/AJAX.php b/CRM/Contact/Page/AJAX.php index af6fdae498..79fa957b6c 100644 --- a/CRM/Contact/Page/AJAX.php +++ b/CRM/Contact/Page/AJAX.php @@ -415,7 +415,7 @@ LIMIT {$offset}, {$rowCount} // send query to hook to be modified if needed CRM_Utils_Hook::contactListQuery($query, $name, - CRM_Utils_Request::retrieve('context', 'String'), + CRM_Utils_Request::retrieve('context', 'Alphanumeric'), CRM_Utils_Request::retrieve('cid', 'Positive') ); @@ -440,7 +440,7 @@ LIMIT {$offset}, {$rowCount} // send query to hook to be modified if needed CRM_Utils_Hook::contactListQuery($query, $name, - CRM_Utils_Request::retrieve('context', 'String'), + CRM_Utils_Request::retrieve('context', 'Alphanumeric'), CRM_Utils_Request::retrieve('cid', 'Positive') ); @@ -510,7 +510,7 @@ LIMIT {$offset}, {$rowCount} // send query to hook to be modified if needed CRM_Utils_Hook::contactListQuery($query, $name, - CRM_Utils_Request::retrieve('context', 'String'), + CRM_Utils_Request::retrieve('context', 'Alphanumeric'), CRM_Utils_Request::retrieve('cid', 'Positive') ); @@ -1050,7 +1050,7 @@ LIMIT {$offset}, {$rowCount} */ public static function getContactRelationships() { $contactID = CRM_Utils_Type::escape($_GET['cid'], 'Integer'); - $context = CRM_Utils_Type::escape($_GET['context'], 'String'); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric'); $relationship_type_id = CRM_Utils_Type::escape(CRM_Utils_Array::value('relationship_type_id', $_GET), 'Integer', FALSE); if (!CRM_Contact_BAO_Contact_Permission::allow($contactID)) { diff --git a/CRM/Contact/Page/DedupeFind.php b/CRM/Contact/Page/DedupeFind.php index 9807cd3652..0bb43ace8e 100644 --- a/CRM/Contact/Page/DedupeFind.php +++ b/CRM/Contact/Page/DedupeFind.php @@ -84,7 +84,7 @@ class CRM_Contact_Page_DedupeFind extends CRM_Core_Page_Basic { $this->initialize(); $gid = CRM_Utils_Request::retrieve('gid', 'Positive', $this, FALSE, 0); $action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 0); - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $limit = CRM_Utils_Request::retrieve('limit', 'Integer', $this); $rgid = CRM_Utils_Request::retrieve('rgid', 'Positive', $this); $cid = CRM_Utils_Request::retrieve('cid', 'Positive', $this, FALSE, 0); diff --git a/CRM/Contact/Page/DedupeRules.php b/CRM/Contact/Page/DedupeRules.php index ac21c9ce79..a54cda57fc 100644 --- a/CRM/Contact/Page/DedupeRules.php +++ b/CRM/Contact/Page/DedupeRules.php @@ -101,7 +101,7 @@ class CRM_Contact_Page_DedupeRules extends CRM_Core_Page_Basic { public function run() { $id = $this->getIdAndAction(); - $context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE); if ($context == 'nonDupe') { CRM_Core_Session::setStatus(ts('Selected contacts have been marked as not duplicates'), ts('Changes Saved'), 'success'); } diff --git a/CRM/Contact/Page/View/Relationship.php b/CRM/Contact/Page/View/Relationship.php index 6d96633f37..ec323a3dd2 100644 --- a/CRM/Contact/Page/View/Relationship.php +++ b/CRM/Contact/Page/View/Relationship.php @@ -217,7 +217,7 @@ class CRM_Contact_Page_View_Relationship extends CRM_Core_Page { } public function setContext() { - $context = CRM_Utils_Request::retrieve('context', 'String', + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search' ); diff --git a/CRM/Contribute/BAO/ContributionRecur.php b/CRM/Contribute/BAO/ContributionRecur.php index fd9d7538df..a5c76722c4 100644 --- a/CRM/Contribute/BAO/ContributionRecur.php +++ b/CRM/Contribute/BAO/ContributionRecur.php @@ -471,7 +471,7 @@ INNER JOIN civicrm_contribution con ON ( con.id = mp.contribution_id ) $cid = CRM_Utils_Request::retrieve('cid', 'Integer'); $mid = CRM_Utils_Request::retrieve('mid', 'Integer'); $qfkey = CRM_Utils_Request::retrieve('key', 'String'); - $context = CRM_Utils_Request::retrieve('context', 'String'); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric'); if ($cid) { switch ($context) { case 'contribution': diff --git a/CRM/Contribute/Form/Contribution.php b/CRM/Contribute/Form/Contribution.php index b04867d691..61c40e4c1d 100644 --- a/CRM/Contribute/Form/Contribution.php +++ b/CRM/Contribute/Form/Contribution.php @@ -250,7 +250,7 @@ class CRM_Contribute_Form_Contribution extends CRM_Contribute_Form_AbstractEditP $this->assign('isUsePaymentBlock', TRUE); } - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->assign('context', $this->_context); $this->_compId = CRM_Utils_Request::retrieve('compId', 'Positive', $this); diff --git a/CRM/Contribute/Form/ContributionView.php b/CRM/Contribute/Form/ContributionView.php index b70a1eabef..8d3f74f596 100644 --- a/CRM/Contribute/Form/ContributionView.php +++ b/CRM/Contribute/Form/ContributionView.php @@ -42,7 +42,7 @@ class CRM_Contribute_Form_ContributionView extends CRM_Core_Form { public function preProcess() { $id = $this->get('id'); $params = array('id' => $id); - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->assign('context', $context); $values = CRM_Contribute_BAO_Contribution::getValuesWithMappings($params); diff --git a/CRM/Contribute/Form/Search.php b/CRM/Contribute/Form/Search.php index 7fa4f02bf0..035b9523e8 100644 --- a/CRM/Contribute/Form/Search.php +++ b/CRM/Contribute/Form/Search.php @@ -83,7 +83,7 @@ class CRM_Contribute_Form_Search extends CRM_Core_Form_Search { $this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean'); $this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE); $this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search'); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search'); $this->assign("context", $this->_context); diff --git a/CRM/Contribute/Page/PaymentInfo.php b/CRM/Contribute/Page/PaymentInfo.php index 7fb1b4d4e5..a808de23bd 100644 --- a/CRM/Contribute/Page/PaymentInfo.php +++ b/CRM/Contribute/Page/PaymentInfo.php @@ -35,7 +35,7 @@ class CRM_Contribute_Page_PaymentInfo extends CRM_Core_Page { $this->_component = CRM_Utils_Request::retrieve('component', 'String', $this, TRUE); $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse'); $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this, TRUE); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, TRUE); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, TRUE); $this->_cid = CRM_Utils_Request::retrieve('cid', 'String', $this, TRUE); $this->assign('cid', $this->_cid); diff --git a/CRM/Contribute/Page/Tab.php b/CRM/Contribute/Page/Tab.php index a2f1a578f8..5dabc4f2b8 100644 --- a/CRM/Contribute/Page/Tab.php +++ b/CRM/Contribute/Page/Tab.php @@ -313,7 +313,7 @@ class CRM_Contribute_Page_Tab extends CRM_Core_Page { } public function preProcess() { - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse'); $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this); @@ -371,7 +371,7 @@ class CRM_Contribute_Page_Tab extends CRM_Core_Page { public function setContext() { $qfKey = CRM_Utils_Request::retrieve('key', 'String', $this); - $context = CRM_Utils_Request::retrieve('context', 'String', + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search' ); $compContext = CRM_Utils_Request::retrieve('compContext', 'String', $this); diff --git a/CRM/Core/Page/AJAX.php b/CRM/Core/Page/AJAX.php index 941c53ff04..e0b2af2055 100644 --- a/CRM/Core/Page/AJAX.php +++ b/CRM/Core/Page/AJAX.php @@ -98,9 +98,8 @@ class CRM_Core_Page_AJAX { $id = CRM_Utils_Type::escape($_REQUEST['id'], 'Integer'); } - if (!empty($_REQUEST['context'])) { - $context = CRM_Utils_Type::escape($_REQUEST['context'], 'String'); - } + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric'); + // return false if $id is null and // $context is not civicrm_event or civicrm_contribution_page if (!$id || !in_array($context, array('civicrm_event', 'civicrm_contribution_page'))) { diff --git a/CRM/Dashlet/Page/Activity.php b/CRM/Dashlet/Page/Activity.php index aa0dcea312..b8a8d839eb 100644 --- a/CRM/Dashlet/Page/Activity.php +++ b/CRM/Dashlet/Page/Activity.php @@ -50,7 +50,7 @@ class CRM_Dashlet_Page_Activity extends CRM_Core_Page { $this->assign('contactID', $contactID); $this->assign('contactId', $contactID); - $context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'dashlet'); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'dashlet'); $this->assign('context', $context); // a user can always view their own activity diff --git a/CRM/Dashlet/Page/AllCases.php b/CRM/Dashlet/Page/AllCases.php index 80331e77b2..8ac619a4bc 100644 --- a/CRM/Dashlet/Page/AllCases.php +++ b/CRM/Dashlet/Page/AllCases.php @@ -45,7 +45,7 @@ class CRM_Dashlet_Page_AllCases extends CRM_Core_Page { * @return void */ public function run() { - $context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'dashlet'); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'dashlet'); $this->assign('context', $context); //check for civicase access. diff --git a/CRM/Dashlet/Page/GettingStarted.php b/CRM/Dashlet/Page/GettingStarted.php index 6e51881791..cb77b45cff 100644 --- a/CRM/Dashlet/Page/GettingStarted.php +++ b/CRM/Dashlet/Page/GettingStarted.php @@ -70,7 +70,7 @@ class CRM_Dashlet_Page_GettingStarted extends CRM_Core_Page { * List gettingStarted page as dashlet. */ public function run() { - $context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'dashlet'); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'dashlet'); // Assign smarty variables. $this->assign('context', $context); diff --git a/CRM/Dashlet/Page/MyCases.php b/CRM/Dashlet/Page/MyCases.php index 057c09ec9f..62f618b540 100644 --- a/CRM/Dashlet/Page/MyCases.php +++ b/CRM/Dashlet/Page/MyCases.php @@ -45,7 +45,7 @@ class CRM_Dashlet_Page_MyCases extends CRM_Core_Page { * @return void */ public function run() { - $context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'dashlet'); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'dashlet'); $this->assign('context', $context); //check for civicase access. diff --git a/CRM/Event/Form/Participant.php b/CRM/Event/Form/Participant.php index bb16370b55..5897aff52b 100644 --- a/CRM/Event/Form/Participant.php +++ b/CRM/Event/Form/Participant.php @@ -223,7 +223,7 @@ class CRM_Event_Form_Participant extends CRM_Contribute_Form_AbstractEditPayment // @todo eliminate this duplication. $this->_contactId = $this->_contactID; $this->_eID = CRM_Utils_Request::retrieve('eid', 'Positive', $this); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->assign('context', $this->_context); if ($this->_contactID) { diff --git a/CRM/Event/Form/Search.php b/CRM/Event/Form/Search.php index f2f4313b57..c5b73d8140 100644 --- a/CRM/Event/Form/Search.php +++ b/CRM/Event/Form/Search.php @@ -97,7 +97,7 @@ class CRM_Event_Form_Search extends CRM_Core_Form_Search { $this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean'); $this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE); $this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search'); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search'); $this->_ssID = CRM_Utils_Request::retrieve('ssID', 'Positive', $this); $this->assign("context", $this->_context); diff --git a/CRM/Event/Form/Task/Badge.php b/CRM/Event/Form/Task/Badge.php index b9ba3977c5..11ab8cd151 100644 --- a/CRM/Event/Form/Task/Badge.php +++ b/CRM/Event/Form/Task/Badge.php @@ -57,7 +57,7 @@ class CRM_Event_Form_Task_Badge extends CRM_Event_Form_Task { * @return void */ public function preProcess() { - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); if ($this->_context == 'view') { $this->_single = TRUE; diff --git a/CRM/Event/Page/EventInfo.php b/CRM/Event/Page/EventInfo.php index 905c978160..7b088ea3b8 100644 --- a/CRM/Event/Page/EventInfo.php +++ b/CRM/Event/Page/EventInfo.php @@ -59,7 +59,7 @@ class CRM_Event_Page_EventInfo extends CRM_Core_Page { } $action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE); - $context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'register'); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'register'); $this->assign('context', $context); // Sometimes we want to suppress the Event Full msg diff --git a/CRM/Event/Page/Tab.php b/CRM/Event/Page/Tab.php index 43c898fa9e..d2ffcb183b 100644 --- a/CRM/Event/Page/Tab.php +++ b/CRM/Event/Page/Tab.php @@ -119,7 +119,7 @@ class CRM_Event_Page_Tab extends CRM_Core_Page { } public function preProcess() { - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse'); $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this); diff --git a/CRM/Financial/Form/FinancialBatch.php b/CRM/Financial/Form/FinancialBatch.php index 9f3bd5e6d4..4a9264c88a 100644 --- a/CRM/Financial/Form/FinancialBatch.php +++ b/CRM/Financial/Form/FinancialBatch.php @@ -47,7 +47,7 @@ class CRM_Financial_Form_FinancialBatch extends CRM_Contribute_Form { * Set variables up before form is built. */ public function preProcess() { - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->set("context", $context); $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this); parent::preProcess(); diff --git a/CRM/Financial/Page/AJAX.php b/CRM/Financial/Page/AJAX.php index fe43978b03..c5a51b5f99 100644 --- a/CRM/Financial/Page/AJAX.php +++ b/CRM/Financial/Page/AJAX.php @@ -267,7 +267,7 @@ class CRM_Financial_Page_AJAX { $rowCount = isset($_REQUEST['iDisplayLength']) ? CRM_Utils_Type::escape($_REQUEST['iDisplayLength'], 'Integer') : 25; $sort = isset($_REQUEST['iSortCol_0']) ? CRM_Utils_Array::value(CRM_Utils_Type::escape($_REQUEST['iSortCol_0'], 'Integer'), $sortMapper) : NULL; $sortOrder = isset($_REQUEST['sSortDir_0']) ? CRM_Utils_Type::escape($_REQUEST['sSortDir_0'], 'String') : 'asc'; - $context = isset($_REQUEST['context']) ? CRM_Utils_Type::escape($_REQUEST['context'], 'String') : NULL; + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric'); $entityID = isset($_REQUEST['entityID']) ? CRM_Utils_Type::escape($_REQUEST['entityID'], 'String') : NULL; $notPresent = isset($_REQUEST['notPresent']) ? CRM_Utils_Type::escape($_REQUEST['notPresent'], 'String') : NULL; $statusID = isset($_REQUEST['statusID']) ? CRM_Utils_Type::escape($_REQUEST['statusID'], 'String') : NULL; diff --git a/CRM/Financial/Page/FinancialBatch.php b/CRM/Financial/Page/FinancialBatch.php index 27a7783aea..21a4db3075 100644 --- a/CRM/Financial/Page/FinancialBatch.php +++ b/CRM/Financial/Page/FinancialBatch.php @@ -74,7 +74,7 @@ class CRM_Financial_Page_FinancialBatch extends CRM_Core_Page_Basic { * Finally it calls the parent's run method. */ public function run() { - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->set("context", $context); $id = $this->getIdAndAction(); diff --git a/CRM/Grant/Form/Grant.php b/CRM/Grant/Form/Grant.php index 1c1fb8fd15..0a56a04933 100644 --- a/CRM/Grant/Form/Grant.php +++ b/CRM/Grant/Form/Grant.php @@ -75,7 +75,7 @@ class CRM_Grant_Form_Grant extends CRM_Core_Form { if ($this->_id) { $this->_grantType = CRM_Core_DAO::getFieldValue('CRM_Grant_DAO_Grant', $this->_id, 'grant_type_id'); } - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->assign('action', $this->_action); $this->assign('context', $this->_context); diff --git a/CRM/Grant/Form/GrantView.php b/CRM/Grant/Form/GrantView.php index d563406317..7c48ba57be 100644 --- a/CRM/Grant/Form/GrantView.php +++ b/CRM/Grant/Form/GrantView.php @@ -47,7 +47,7 @@ class CRM_Grant_Form_GrantView extends CRM_Core_Form { public function preProcess() { $this->_contactID = CRM_Utils_Request::retrieve('cid', 'Positive', $this); $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this); - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->assign('context', $context); $values = array(); diff --git a/CRM/Grant/Form/Search.php b/CRM/Grant/Form/Search.php index e75c63469b..12e6ea09a1 100644 --- a/CRM/Grant/Form/Search.php +++ b/CRM/Grant/Form/Search.php @@ -91,7 +91,7 @@ class CRM_Grant_Form_Search extends CRM_Core_Form_Search { $this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean'); $this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE); $this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search'); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search'); $this->assign("context", $this->_context); diff --git a/CRM/Grant/Page/Tab.php b/CRM/Grant/Page/Tab.php index 3f121d138c..39e14ee7ba 100644 --- a/CRM/Grant/Page/Tab.php +++ b/CRM/Grant/Page/Tab.php @@ -102,7 +102,7 @@ class CRM_Grant_Page_Tab extends CRM_Contact_Page_View { * @return void */ public function preProcess() { - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse'); $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this); @@ -151,7 +151,7 @@ class CRM_Grant_Page_Tab extends CRM_Contact_Page_View { } public function setContext() { - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->_id = CRM_Utils_Request::retrieve('id', 'Integer', $this); $session = CRM_Core_Session::singleton(); diff --git a/CRM/Mailing/Page/Event.php b/CRM/Mailing/Page/Event.php index 90aef4ec1e..c0db83a0ed 100644 --- a/CRM/Mailing/Page/Event.php +++ b/CRM/Mailing/Page/Event.php @@ -63,7 +63,7 @@ class CRM_Mailing_Page_Event extends CRM_Core_Page { // check that the user has permission to access mailing id CRM_Mailing_BAO_Mailing::checkPermission($mailing_id); - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); if ($context == 'activitySelector') { $cid = CRM_Utils_Request::retrieve('cid', 'Positive', $this); diff --git a/CRM/Mailing/Page/Report.php b/CRM/Mailing/Page/Report.php index 6d36ee08f4..3652f97781 100644 --- a/CRM/Mailing/Page/Report.php +++ b/CRM/Mailing/Page/Report.php @@ -110,7 +110,7 @@ class CRM_Mailing_Page_Report extends CRM_Core_Page_Basic { CRM_Mailing_BAO_Mailing::getMailingContent($report, $this); // assign backurl - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $cid = CRM_Utils_Request::retrieve('cid', 'Positive', $this); if ($context == 'activitySelector') { diff --git a/CRM/Member/Form.php b/CRM/Member/Form.php index 39997389e4..5485ed8873 100644 --- a/CRM/Member/Form.php +++ b/CRM/Member/Form.php @@ -110,7 +110,7 @@ class CRM_Member_Form extends CRM_Contribute_Form_AbstractEditPayment { parent::preProcess(); $params = array(); - $params['context'] = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'membership'); + $params['context'] = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'membership'); $params['id'] = CRM_Utils_Request::retrieve('id', 'Positive', $this); $params['mode'] = CRM_Utils_Request::retrieve('mode', 'String', $this); diff --git a/CRM/Member/Form/MembershipView.php b/CRM/Member/Form/MembershipView.php index 9d656c52dd..9e3d9784db 100644 --- a/CRM/Member/Form/MembershipView.php +++ b/CRM/Member/Form/MembershipView.php @@ -166,7 +166,7 @@ class CRM_Member_Form_MembershipView extends CRM_Core_Form { $this->contactID = CRM_Utils_Request::retrieve('cid', 'Positive', $this); // Make sure context is assigned to template for condition where we come here view civicrm/membership/view - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->assign('context', $context); if ($this->membershipID) { diff --git a/CRM/Member/Form/Search.php b/CRM/Member/Form/Search.php index 39f338d411..8d26304f3b 100644 --- a/CRM/Member/Form/Search.php +++ b/CRM/Member/Form/Search.php @@ -92,7 +92,7 @@ class CRM_Member_Form_Search extends CRM_Core_Form_Search { $this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean'); $this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE); $this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search'); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search'); $this->assign("context", $this->_context); diff --git a/CRM/Member/Page/Tab.php b/CRM/Member/Page/Tab.php index 17c778bb21..d54e4f5715 100644 --- a/CRM/Member/Page/Tab.php +++ b/CRM/Member/Page/Tab.php @@ -306,7 +306,7 @@ class CRM_Member_Page_Tab extends CRM_Core_Page { } public function preProcess() { - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse'); $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this); @@ -390,7 +390,7 @@ class CRM_Member_Page_Tab extends CRM_Core_Page { * @param int $contactId */ public static function setContext(&$form, $contactId = NULL) { - $context = CRM_Utils_Request::retrieve('context', 'String', $form, FALSE, 'search'); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $form, FALSE, 'search'); $qfKey = CRM_Utils_Request::retrieve('key', 'String', $form); diff --git a/CRM/PCP/Form/Campaign.php b/CRM/PCP/Form/Campaign.php index 2618f6193d..4bc49e9424 100644 --- a/CRM/PCP/Form/Campaign.php +++ b/CRM/PCP/Form/Campaign.php @@ -50,7 +50,7 @@ class CRM_PCP_Form_Campaign extends CRM_Core_Form { $this->_component = CRM_Utils_Request::retrieve('component', 'String', $this); $this->assign('component', $this->_component); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->assign('context', $this->_context); $this->_pageId = CRM_Utils_Request::retrieve('id', 'Positive', $this, FALSE); diff --git a/CRM/PCP/Form/PCP.php b/CRM/PCP/Form/PCP.php index 187949ee82..41272fa2fb 100644 --- a/CRM/PCP/Form/PCP.php +++ b/CRM/PCP/Form/PCP.php @@ -66,7 +66,7 @@ class CRM_PCP_Form_PCP extends CRM_Core_Form { //give the context. if (!isset($this->_context)) { - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); } $this->assign('context', $this->_context); diff --git a/CRM/Pledge/Form/Pledge.php b/CRM/Pledge/Form/Pledge.php index 0543883fe1..3452275ef6 100644 --- a/CRM/Pledge/Form/Pledge.php +++ b/CRM/Pledge/Form/Pledge.php @@ -75,7 +75,7 @@ class CRM_Pledge_Form_Pledge extends CRM_Core_Form { $this, FALSE, 'add' ); $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); // check for action permissions. if (!CRM_Core_Permission::checkActionPermission('CiviPledge', $this->_action)) { diff --git a/CRM/Pledge/Form/Search.php b/CRM/Pledge/Form/Search.php index 65a6027c4d..50558aca71 100644 --- a/CRM/Pledge/Form/Search.php +++ b/CRM/Pledge/Form/Search.php @@ -79,7 +79,7 @@ class CRM_Pledge_Form_Search extends CRM_Core_Form_Search { $this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean'); $this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE); $this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search'); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search'); $this->assign("context", $this->_context); diff --git a/CRM/Pledge/Page/Payment.php b/CRM/Pledge/Page/Payment.php index 36fcc526b9..2461c85c8f 100644 --- a/CRM/Pledge/Page/Payment.php +++ b/CRM/Pledge/Page/Payment.php @@ -39,7 +39,7 @@ class CRM_Pledge_Page_Payment extends CRM_Core_Page { */ public function run() { $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse'); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->assign('action', $this->_action); $this->assign('context', $this->_context); diff --git a/CRM/Pledge/Page/Tab.php b/CRM/Pledge/Page/Tab.php index 5f6a30592c..649963c8f7 100644 --- a/CRM/Pledge/Page/Tab.php +++ b/CRM/Pledge/Page/Tab.php @@ -94,7 +94,7 @@ class CRM_Pledge_Page_Tab extends CRM_Core_Page { } public function preProcess() { - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse'); $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this); @@ -156,7 +156,7 @@ class CRM_Pledge_Page_Tab extends CRM_Core_Page { * @param $form */ public static function setContext(&$form) { - $context = CRM_Utils_Request::retrieve('context', 'String', $form, FALSE, 'search'); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $form, FALSE, 'search'); $qfKey = CRM_Utils_Request::retrieve('key', 'String', $form); // validate the qfKey diff --git a/CRM/Price/Page/Set.php b/CRM/Price/Page/Set.php index d15f19305e..4511ac55c9 100644 --- a/CRM/Price/Page/Set.php +++ b/CRM/Price/Page/Set.php @@ -224,7 +224,7 @@ class CRM_Price_Page_Set extends CRM_Core_Page { public function preview($sid) { $controller = new CRM_Core_Controller_Simple('CRM_Price_Form_Preview', ts('Preview Price Set'), NULL); $session = CRM_Core_Session::singleton(); - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); if ($context == 'field') { $session->pushUserContext(CRM_Utils_System::url('civicrm/admin/price/field', "action=browse&sid={$sid}")); } diff --git a/CRM/Profile/Form.php b/CRM/Profile/Form.php index 0ea1e4e509..eb3d135056 100644 --- a/CRM/Profile/Form.php +++ b/CRM/Profile/Form.php @@ -195,7 +195,7 @@ class CRM_Profile_Form extends CRM_Core_Form { $this->_id = $this->get('id'); $this->_profileIds = $this->get('profileIds'); $this->_grid = CRM_Utils_Request::retrieve('grid', 'Integer', $this); - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); //unset from session when $_GET doesn't have it //except when the form is submitted diff --git a/CRM/Profile/Form/Edit.php b/CRM/Profile/Form/Edit.php index c01a868c06..ada0354e0a 100644 --- a/CRM/Profile/Form/Edit.php +++ b/CRM/Profile/Form/Edit.php @@ -62,7 +62,7 @@ class CRM_Profile_Form_Edit extends CRM_Profile_Form { $this->assign('onPopupClose', $this->_onPopupClose); //set the context for the profile - $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); + $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); //set the block no $this->_blockNo = CRM_Utils_Request::retrieve('blockNo', 'String', $this); diff --git a/CRM/Report/Form/Activity.php b/CRM/Report/Form/Activity.php index 9f2680e06f..b38b95d24d 100644 --- a/CRM/Report/Form/Activity.php +++ b/CRM/Report/Form/Activity.php @@ -930,7 +930,7 @@ GROUP BY civicrm_activity_id $having {$this->_orderBy}"; $activityStatus = CRM_Core_PseudoConstant::activityStatus(); $priority = CRM_Core_PseudoConstant::get('CRM_Activity_DAO_Activity', 'priority_id'); $viewLinks = FALSE; - $context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'report'); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'report'); $actUrl = ''; if (CRM_Core_Permission::check('access CiviCRM')) { diff --git a/CRM/UF/Page/Group.php b/CRM/UF/Page/Group.php index c737632a41..c87feb2e6d 100644 --- a/CRM/UF/Page/Group.php +++ b/CRM/UF/Page/Group.php @@ -406,7 +406,7 @@ class CRM_UF_Page_Group extends CRM_Core_Page { * @param $action */ public function setContext($id, $action) { - $context = CRM_Utils_Request::retrieve('context', 'String', $this); + $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this); //we need to differentiate context for update and preview profile. if (!$context && !($action & (CRM_Core_Action::UPDATE | CRM_Core_Action::PREVIEW))) {