From 41ccb6fc3dbaea35cbf8c12cdbf05e5c11b37f08 Mon Sep 17 00:00:00 2001 From: CiviCRM Date: Sun, 3 Jan 2016 17:42:45 -0800 Subject: [PATCH] System.get API - Return whitelisted settings --- api/v3/System.php | 24 ++++++++++++++--- api/v3/System/setting-whitelist.txt | 41 +++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 3 deletions(-) create mode 100644 api/v3/System/setting-whitelist.txt diff --git a/api/v3/System.php b/api/v3/System.php index ad9b271d80..712d80e231 100644 --- a/api/v3/System.php +++ b/api/v3/System.php @@ -259,9 +259,8 @@ function civicrm_api3_system_get($params) { CRM_Extension_System::singleton()->getManager()->getStatuses(), PREG_GREP_INVERT ), - 'domains' => CRM_Core_DAO::singleValueQuery('SELECT count(*) FROM civicrm_domain'), - 'languageLimit' => CRM_Core_Config::singleton()->languageLimit, - 'lcMessages' => CRM_Core_Config::singleton()->lcMessages, + 'multidomain' => CRM_Core_DAO::singleValueQuery('SELECT count(*) FROM civicrm_domain') > 1, + 'settings' => _civicrm_api3_system_get_redacted_settings(), 'exampleUrl' => CRM_Utils_System::url('civicrm/example', NULL, TRUE, NULL, FALSE), ), 'http' => array( @@ -349,6 +348,25 @@ function _civicrm_api3_system_get_redacted_mysql() { return $result; } +function _civicrm_api3_system_get_redacted_settings() { + static $whitelist = NULL; + if ($whitelist === NULL) { + $whitelist = _civicrm_api3_system_get_whitelist(__DIR__ . '/System/setting-whitelist.txt'); + } + + $apiResult = civicrm_api3('Setting', 'get', array()); + $result = array(); + foreach ($apiResult['values'] as $settings) { + foreach ($settings as $key => $value) { + if (in_array($key, $whitelist)) { + $result[$key] = $value; + } + } + } + + return $result; +} + /** * Read a whitelist. * diff --git a/api/v3/System/setting-whitelist.txt b/api/v3/System/setting-whitelist.txt new file mode 100644 index 0000000000..5f4b74bd9b --- /dev/null +++ b/api/v3/System/setting-whitelist.txt @@ -0,0 +1,41 @@ +## As a rule of thumb, we include booleans/integer/enum settings +## but omit free-form settings which could include identifying info. +ajaxPopupsEnabled +allowPermDeleteFinancial +backtrace +civimail_multiple_bulk_emails +civimail_server_wide_lock +civimail_workflow +contact_ajax_check_similar +contact_undelete +debug_enabled +disable_core_css +disable_mandatory_tokens_check +editor_id +enableSSL +enable_cart +enable_innodb_fts +fts_query_mode +includeAlphabeticalPager +includeEmailInName +includeNickNameInName +includeOrderByClause +includeWildCardInName +inheritLocale +languageLimit +lcMessages +legacyEncoding +logging +mailThrottleTime +mailerBatchLimit +mailerJobSize +mailerJobsMax +maxFileSize +max_attachments +replyTo +secondDegRelPermissions +securityAlert +smartGroupCacheTimeout +track_civimail_replies +uniq_email_per_site +verifySSL -- 2.25.1