From a88091609053ae476b7abcb417a74b79b07d8313 Mon Sep 17 00:00:00 2001 From: Coleman Watts Date: Fri, 9 Jan 2015 10:07:24 -0500 Subject: [PATCH] CRM-15803 - Validate EntityRef values before rendering --- CRM/Core/Form/Renderer.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/CRM/Core/Form/Renderer.php b/CRM/Core/Form/Renderer.php index 7a35a97c46..a39d0521c8 100644 --- a/CRM/Core/Form/Renderer.php +++ b/CRM/Core/Form/Renderer.php @@ -211,29 +211,29 @@ class CRM_Core_Form_Renderer extends HTML_QuickForm_Renderer_ArraySmarty { */ public static function preProcessEntityRef($field) { $val = $field->getValue(); - // Support array values - if (is_array($val)) { - $val = implode(',', $val); - $field->setValue($val); + // Temporarily convert string values to an array + if (!is_array($val)) { + // Try to auto-detect method of serialization + $val = strpos($val, ',') ? explode(',', str_replace(', ', ',', $val)) : (array) CRM_Utils_Array::explodePadded($val); } if ($val) { $entity = $field->getAttribute('data-api-entity'); // Get api params, ensure it is an array $params = $field->getAttribute('data-api-params'); $params = $params ? json_decode($params, TRUE) : array(); - // Support serialized values - if (strpos($val, CRM_Core_DAO::VALUE_SEPARATOR) !== FALSE) { - $val = str_replace(CRM_Core_DAO::VALUE_SEPARATOR, ',', trim($val, CRM_Core_DAO::VALUE_SEPARATOR)); - $field->setValue($val); - } $result = civicrm_api3($entity, 'getlist', array('id' => $val) + $params); if ($field->isFrozen()) { + // Prevent js from treating frozen entityRef as a "live" field $field->removeAttribute('class'); } if (!empty($result['values'])) { $field->setAttribute('data-entity-value', json_encode($result['values'])); } + // CRM-15803 - Remove invalid values + $val = array_intersect($val, CRM_Utils_Array::collect('id', $result['values'])); } + // Convert array values back to a string + $field->setValue(implode(',', $val)); } /** -- 2.25.1