function testSignValidate() { $cases = array(); $cases[] = array('signParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'validateParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'isValid' => TRUE); $cases[] = array('signParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'validateParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL, 'irrelevant' => 'totally-irrelevant'), 'isValid' => TRUE); $cases[] = array('signParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'validateParams' => array('a' => 'eh', 'b' => 'bee', 'c' => ''), 'isValid' => TRUE); $cases[] = array('signParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'validateParams' => array('a' => 'eh', 'b' => 'bee', 'c' => 0), 'isValid' => FALSE); $cases[] = array('signParams' => array('a' => 'eh', 'b' => 'bee', 'c' => 0), 'validateParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'isValid' => FALSE); $cases[] = array('signParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'validateParams' => array('a' => 'eh', 'b' => 'bay', 'c' => NULL), 'isValid' => FALSE); $cases[] = array('signParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'validateParams' => array('a' => 'eh', 'b' => 'bee', 'c' => FALSE), 'isValid' => FALSE); $cases[] = array('signParams' => array('a' => 1, 'b' => 'bee'), 'validateParams' => array('a' => '1', 'b' => 'bee'), 'isValid' => TRUE); foreach ($cases as $caseId => $case) { require_once 'CRM/Utils/Signer.php'; $signer = new CRM_Utils_Signer('secret', array('a', 'b', 'c')); $signature = $signer->sign($case['signParams']); $this->assertTrue(!empty($signature) && is_string($signature)); // arbitrary $validator = new CRM_Utils_Signer('secret', array('a', 'b', 'c')); // same as $signer but physically separate $isValid = $validator->validate($signature, $case['validateParams']); if ($isValid !== $case['isValid']) { $this->fail("Case {$caseId}: Mismatch: " . var_export($case, TRUE)); } $this->assertTrue(TRUE, 'Validation yielded expected result'); } }
/** * Generate a secure signature * * {code} * {crmSigner var=mySig extra=123} * var urlParams = ts={$mySig.ts}&extra={$mySig.extra}&sig={$mySig.signature} * {endcode} * * @param $params array with keys: * - var: string, a smarty variable to generate * - ts: int, the current time (if omitted, autogenerated) * - any other vars are put into the signature (sorted) */ function smarty_function_crmSigner($params, &$smarty) { $var = $params['var']; unset($params['var']); $params['ts'] = CRM_Utils_Time::getTimeRaw(); $fields = array_keys($params); sort($fields); $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), $fields); $params['signature'] = $signer->sign($params); $smarty->assign($var, $params); }
/** * @return string */ public static function createToken() { $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('for', 'ts')); $ts = CRM_Utils_Time::getTimeRaw(); return $signer->sign(array('for' => 'crmAttachment', 'ts' => $ts)) . ';;;' . $ts; }
static function deleteURLArgs($entityTable, $entityID, $fileID) { $params['entityTable'] = $entityTable; $params['entityID'] = $entityID; $params['fileID'] = $fileID; $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), self::$_signableFields); $params['_sgn'] = $signer->sign($params); return CRM_Utils_System::makeQueryString($params); }
/** * @param $rows * @param string $daoName * @param string $idName * @param $returnURL * @param null $filter */ public static function addOrder(&$rows, $daoName, $idName, $returnURL, $filter = NULL) { if (empty($rows)) { return; } $ids = array_keys($rows); $numIDs = count($ids); array_unshift($ids, 0); $ids[] = 0; $firstID = $ids[1]; $lastID = $ids[$numIDs]; if ($firstID == $lastID) { $rows[$firstID]['order'] = NULL; return; } $config = CRM_Core_Config::singleton(); $imageURL = $config->userFrameworkResourceURL . 'i/arrow'; $queryParams = array('reset' => 1, 'dao' => $daoName, 'idName' => $idName, 'url' => $returnURL, 'filter' => $filter); $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), self::$SIGNABLE_FIELDS); $queryParams['_sgn'] = $signer->sign($queryParams); $baseURL = CRM_Utils_System::url('civicrm/admin/weight', $queryParams); for ($i = 1; $i <= $numIDs; $i++) { $id = $ids[$i]; $prevID = $ids[$i - 1]; $nextID = $ids[$i + 1]; $links = array(); $url = "{$baseURL}&src={$id}"; if ($prevID != 0) { $alt = ts('Move to top'); $links[] = "<a class=\"crm-weight-arrow\" href=\"{$url}&dst={$firstID}&dir=first\"><img src=\"{$imageURL}/first.gif\" title=\"{$alt}\" alt=\"{$alt}\" class=\"order-icon\"></a>"; $alt = ts('Move up one row'); $links[] = "<a class=\"crm-weight-arrow\" href=\"{$url}&dst={$prevID}&dir=swap\"><img src=\"{$imageURL}/up.gif\" title=\"{$alt}\" alt=\"{$alt}\" class=\"order-icon\"></a>"; } else { $links[] = "<img src=\"{$imageURL}/spacer.gif\" class=\"order-icon\">"; $links[] = "<img src=\"{$imageURL}/spacer.gif\" class=\"order-icon\">"; } if ($nextID != 0) { $alt = ts('Move down one row'); $links[] = "<a class=\"crm-weight-arrow\" href=\"{$url}&dst={$nextID}&dir=swap\"><img src=\"{$imageURL}/down.gif\" title=\"{$alt}\" alt=\"{$alt}\" class=\"order-icon\"></a>"; $alt = ts('Move to bottom'); $links[] = "<a class=\"crm-weight-arrow\" href=\"{$url}&dst={$lastID}&dir=last\"><img src=\"{$imageURL}/last.gif\" title=\"{$alt}\" alt=\"{$alt}\" class=\"order-icon\"></a>"; } else { $links[] = "<img src=\"{$imageURL}/spacer.gif\" class=\"order-icon\">"; $links[] = "<img src=\"{$imageURL}/spacer.gif\" class=\"order-icon\">"; } $rows[$id]['weight'] = implode(' ', $links); } }
/** * This function for building custom fields * * @param object $qf form object (reference) * @param string $elementName name of the custom field * @param boolean $inactiveNeeded * @param boolean $userRequired true if required else false * @param boolean $search true if used for search else false * @param string $label label for custom field * * @access public * @static */ public static function addQuickFormElement(&$qf, $elementName, $fieldId, $inactiveNeeded = FALSE, $useRequired = TRUE, $search = FALSE, $label = NULL) { // we use $_POST directly, since we dont want to use session memory, CRM-4677 if (isset($_POST['_qf_Relationship_refresh']) && ($_POST['_qf_Relationship_refresh'] == 'Search' || $_POST['_qf_Relationship_refresh'] == 'Search Again')) { $useRequired = FALSE; } $field = self::getFieldObject($fieldId); // Custom field HTML should indicate group+field name $groupName = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_CustomGroup', $field->custom_group_id); $dataCrmCustomVal = $groupName . ':' . $field->name; $dataCrmCustomAttr = 'data-crm-custom="' . $dataCrmCustomVal . '"'; $field->attributes .= $dataCrmCustomAttr; // Fixed for Issue CRM-2183 if ($field->html_type == 'TextArea' && $search) { $field->html_type = 'Text'; } if (!isset($label)) { $label = $field->label; } /** * at some point in time we might want to split the below into small functions **/ switch ($field->html_type) { case 'Text': if ($field->is_search_range && $search) { $qf->add('text', $elementName . '_from', $label . ' ' . ts('From'), $field->attributes); $qf->add('text', $elementName . '_to', ts('To'), $field->attributes); } else { $element =& $qf->add(strtolower($field->html_type), $elementName, $label, $field->attributes, $useRequired && !$search); } break; case 'TextArea': $attributes = $dataCrmCustomAttr; if ($field->note_rows) { $attributes .= 'rows=' . $field->note_rows; } else { $attributes .= 'rows=4'; } if ($field->note_columns) { $attributes .= ' cols=' . $field->note_columns; } else { $attributes .= ' cols=60'; } if ($field->text_length) { $attributes .= ' maxlength=' . $field->text_length; } $element =& $qf->add(strtolower($field->html_type), $elementName, $label, $attributes, $useRequired && !$search); break; case 'Select Date': if ($field->is_search_range && $search) { $qf->addDate($elementName . '_from', $label . ' - ' . ts('From'), FALSE, array('format' => $field->date_format, 'timeFormat' => $field->time_format, 'startOffset' => $field->start_date_years, 'endOffset' => $field->end_date_years, 'data-crm-custom' => $dataCrmCustomVal)); $qf->addDate($elementName . '_to', ts('To'), FALSE, array('format' => $field->date_format, 'timeFormat' => $field->time_format, 'startOffset' => $field->start_date_years, 'endOffset' => $field->end_date_years, 'data-crm-custom' => $dataCrmCustomVal)); } else { $required = $useRequired && !$search; $qf->addDate($elementName, $label, $required, array('format' => $field->date_format, 'timeFormat' => $field->time_format, 'startOffset' => $field->start_date_years, 'endOffset' => $field->end_date_years, 'data-crm-custom' => $dataCrmCustomVal)); } break; case 'Radio': $choice = array(); if ($field->data_type != 'Boolean') { $customOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id); foreach ($customOption as $v => $l) { $choice[] = $qf->createElement('radio', NULL, '', $l, (string) $v, $field->attributes); } $qf->addGroup($choice, $elementName, $label); } else { $choice[] = $qf->createElement('radio', NULL, '', ts('Yes'), '1', $field->attributes); $choice[] = $qf->createElement('radio', NULL, '', ts('No'), '0', $field->attributes); $qf->addGroup($choice, $elementName, $label); } if ($useRequired && !$search) { $qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required'); } break; case 'Select': $selectOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id); $qf->add('select', $elementName, $label, array('' => ts('- select -')) + $selectOption, $useRequired && !$search, $dataCrmCustomAttr); break; //added for select multiple //added for select multiple case 'AdvMulti-Select': $selectOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id); if ($search && count($selectOption) > 1) { $selectOption['CiviCRM_OP_OR'] = ts('Select to match ANY; unselect to match ALL'); } $include =& $qf->addElement('advmultiselect', $elementName, $label, $selectOption, array('size' => 5, 'style' => '', 'class' => 'advmultiselect', 'data-crm-custom' => $dataCrmCustomVal)); $include->setButtonAttributes('add', array('value' => ts('Add >>'))); $include->setButtonAttributes('remove', array('value' => ts('<< Remove'))); if ($useRequired && !$search) { $qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required'); } break; case 'Multi-Select': $selectOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id); if ($search && count($selectOption) > 1) { $selectOption['CiviCRM_OP_OR'] = ts('Select to match ANY; unselect to match ALL'); } $qf->addElement('select', $elementName, $label, $selectOption, array('size' => '5', 'multiple', 'data-crm-custom' => $dataCrmCustomVal)); if ($useRequired && !$search) { $qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required'); } break; case 'CheckBox': $customOption = CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id); $check = array(); foreach ($customOption as $v => $l) { $check[] =& $qf->addElement('advcheckbox', $v, NULL, $l, array('data-crm-custom' => $dataCrmCustomVal)); } if ($search && count($check) > 1) { $check[] =& $qf->addElement('advcheckbox', 'CiviCRM_OP_OR', NULL, ts('Check to match ANY; uncheck to match ALL'), array('data-crm-custom' => $dataCrmCustomVal)); } $qf->addGroup($check, $elementName, $label); if ($useRequired && !$search) { $qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required'); } break; case 'File': // we should not build upload file in search mode if ($search) { return; } $qf->add(strtolower($field->html_type), $elementName, $label, $field->attributes, $useRequired && !$search); $qf->addUploadElement($elementName); break; case 'Select State/Province': //Add State $stateOption = array('' => ts('- select -')) + CRM_Core_PseudoConstant::stateProvince(); $qf->add('select', $elementName, $label, $stateOption, $useRequired && !$search, $dataCrmCustomAttr); break; case 'Multi-Select State/Province': //Add Multi-select State/Province $stateOption = CRM_Core_PseudoConstant::stateProvince(); $qf->addElement('select', $elementName, $label, $stateOption, array('size' => '5', 'multiple', 'data-crm-custom' => $dataCrmCustomVal)); if ($useRequired && !$search) { $qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required'); } break; case 'Select Country': //Add Country $countryOption = array('' => ts('- select -')) + CRM_Core_PseudoConstant::country(); $qf->add('select', $elementName, $label, $countryOption, $useRequired && !$search, $dataCrmCustomAttr); break; case 'Multi-Select Country': //Add Country $countryOption = CRM_Core_PseudoConstant::country(); $qf->addElement('select', $elementName, $label, $countryOption, array('size' => '5', 'multiple', 'data-crm-custom' => $dataCrmCustomVal)); if ($useRequired && !$search) { $qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required'); } break; case 'RichTextEditor': $attributes = array('rows' => $field->note_rows, 'cols' => $field->note_columns, 'data-crm-custom' => $dataCrmCustomVal); if ($field->text_length) { $attributes['maxlength'] = $field->text_length; } $qf->addWysiwyg($elementName, $label, $attributes, $search); break; case 'Autocomplete-Select': $qf->add('text', $elementName, $label, $field->attributes, $useRequired && !$search); $hiddenEleName = $elementName . '_id'; if (substr($elementName, -1) == ']') { $hiddenEleName = substr($elementName, 0, -1) . '_id]'; } $qf->addElement('hidden', $hiddenEleName, '', array('id' => str_replace(array(']', '['), array('', '_'), $hiddenEleName))); static $customUrls = array(); if ($field->data_type == 'ContactReference') { //$urlParams = "className=CRM_Contact_Page_AJAX&fnName=getContactList&json=1&reset=1&context=customfield&id={$field->id}"; $urlParams = "context=customfield&id={$field->id}"; $customUrls[$elementName] = CRM_Utils_System::url('civicrm/ajax/contactref', $urlParams, FALSE, NULL, FALSE); $actualElementValue = $qf->getSubmitValue($hiddenEleName); $qf->addRule($elementName, ts('Select a valid contact for %1.', array(1 => $label)), 'validContact', $actualElementValue); } else { $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('cfid', 'ogid', 'sigts')); $signParams = array('reset' => 1, 'sigts' => CRM_Utils_Time::getTimeRaw(), 'ogid' => $field->option_group_id, 'cfid' => $field->id); $signParams['sig'] = $signer->sign($signParams); $customUrls[$elementName] = CRM_Utils_System::url('civicrm/ajax/auto', $signParams, FALSE, NULL, FALSE); $qf->addRule($elementName, ts('Select a valid value for %1.', array(1 => $label)), 'autocomplete', array('fieldID' => $field->id, 'optionGroupID' => $field->option_group_id)); } $qf->assign('customUrls', $customUrls); break; } switch ($field->data_type) { case 'Int': // integers will have numeric rule applied to them. if ($field->is_search_range && $search) { $qf->addRule($elementName . '_from', ts('%1 From must be an integer (whole number).', array(1 => $label)), 'integer'); $qf->addRule($elementName . '_to', ts('%1 To must be an integer (whole number).', array(1 => $label)), 'integer'); } else { $qf->addRule($elementName, ts('%1 must be an integer (whole number).', array(1 => $label)), 'integer'); } break; case 'Float': if ($field->is_search_range && $search) { $qf->addRule($elementName . '_from', ts('%1 From must be a number (with or without decimal point).', array(1 => $label)), 'numeric'); $qf->addRule($elementName . '_to', ts('%1 To must be a number (with or without decimal point).', array(1 => $label)), 'numeric'); } else { $qf->addRule($elementName, ts('%1 must be a number (with or without decimal point).', array(1 => $label)), 'numeric'); } break; case 'Money': if ($field->is_search_range && $search) { $qf->addRule($elementName . '_from', ts('%1 From must in proper money format. (decimal point/comma/space is allowed).', array(1 => $label)), 'money'); $qf->addRule($elementName . '_to', ts('%1 To must in proper money format. (decimal point/comma/space is allowed).', array(1 => $label)), 'money'); } else { $qf->addRule($elementName, ts('%1 must be in proper money format. (decimal point/comma/space is allowed).', array(1 => $label)), 'money'); } break; case 'Link': $qf->add('text', $elementName, $label, array('onfocus' => "if (!this.value) { this.value='http://';} else return false", 'onblur' => "if ( this.value == 'http://') { this.value='';} else return false", 'data-crm-custom' => $dataCrmCustomVal), $useRequired && !$search); $qf->addRule($elementName, ts('Enter a valid Website.'), 'wikiURL'); break; } if ($field->is_view && !$search) { $qf->freeze($elementName); } }