/** * @param array $cxn * @param string $entity * @param string $action * @param array $params * @return mixed */ public static function route($cxn, $entity, $action, $params) { $SUPER_PERM = array('administer CiviCRM'); require_once 'api/v3/utils.php'; // FIXME: Shouldn't the X-Forwarded-Proto check be part of CRM_Utils_System::isSSL()? if (CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'enableSSL') && !CRM_Utils_System::isSSL() && strtolower(CRM_Utils_Array::value('X_FORWARDED_PROTO', CRM_Utils_System::getRequestHeaders())) != 'https') { return civicrm_api3_create_error('System policy requires HTTPS.'); } // Note: $cxn and cxnId are authenticated before router is called. $dao = new CRM_Cxn_DAO_Cxn(); $dao->cxn_id = $cxn['cxnId']; if (empty($cxn['cxnId']) || !$dao->find(TRUE) || !$dao->cxn_id) { return civicrm_api3_create_error('Failed to lookup connection authorizations.'); } if (!$dao->is_active) { return civicrm_api3_create_error('Connection is inactive.'); } if (!is_string($entity) || !is_string($action) || !is_array($params)) { return civicrm_api3_create_error('API parameters are malformed.'); } if (empty($cxn['perm']['api']) || !is_array($cxn['perm']['api']) || empty($cxn['perm']['grant']) || !(is_array($cxn['perm']['grant']) || is_string($cxn['perm']['grant']))) { return civicrm_api3_create_error('Connection has no permissions.'); } $whitelist = \Civi\API\WhitelistRule::createAll($cxn['perm']['api']); \Civi::service('dispatcher')->addSubscriber(new \Civi\API\Subscriber\WhitelistSubscriber($whitelist)); CRM_Core_Config::singleton()->userPermissionTemp = new CRM_Core_Permission_Temp(); if ($cxn['perm']['grant'] === '*') { CRM_Core_Config::singleton()->userPermissionTemp->grant($SUPER_PERM); } else { CRM_Core_Config::singleton()->userPermissionTemp->grant($cxn['perm']['grant']); } $params['check_permissions'] = 'whitelist'; return civicrm_api($entity, $action, $params); }
static function redirectToSSL($abort = false) { $config = CRM_Core_Config::singleton(); $req_headers = CRM_Utils_System::getRequestHeaders(); if ($config->enableSSL && (!isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) == 'off') && strtolower($req_headers['X_FORWARDED_PROTO']) != 'https') { // ensure that SSL is enabled on a civicrm url (for cookie reasons etc) $url = "https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; if (!self::checkURL($url, true)) { if ($abort) { CRM_Core_Error::fatal('HTTPS is not set up on this machine'); } else { CRM_Core_Session::setStatus('HTTPS is not set up on this machine'); // admin should be the only one following this // since we dont want the user stuck in a bad place return; } } CRM_Utils_System::redirect($url); } }