/**
  * @return array<string> list of field names
  */
 public static function getSkipFields()
 {
     if (self::$skipFields === NULL) {
         self::$skipFields = array('widget_code', 'html_message', 'body_html', 'msg_html', 'description', 'intro', 'thankyou_text', 'tf_thankyou_text', 'intro_text', 'page_text', 'body_text', 'footer_text', 'thankyou_footer', 'thankyou_footer_text', 'new_text', 'renewal_text', 'help_pre', 'help_post', 'confirm_title', 'confirm_text', 'confirm_footer_text', 'confirm_email_text', 'event_full_text', 'waitlist_text', 'approval_req_text', 'report_header', 'report_footer', 'cc_id', 'bcc_id', 'premiums_intro_text', 'honor_block_text', 'pay_later_receipt', 'label', 'url', 'details', 'msg_text', 'text_message', 'data', 'sqlQuery', 'pcp_title', 'pcp_intro_text');
     }
     return self::$skipFields;
 }
Exemplo n.º 2
0
 /**
  * Returns 'safe' elements' values
  *
  * Unlike getSubmitValues(), this will return only the values 
  * corresponding to the elements present in the form.
  * 
  * @param   mixed   Array/string of element names, whose values we want. If not set then return all elements.
  * @access  public
  * @return  array   An assoc array of elements' values
  * @throws  HTML_QuickForm_Error
  */
 function exportValues($elementList = null)
 {
     $values = array();
     if (null === $elementList) {
         // iterate over all elements, calling their exportValue() methods
         foreach (array_keys($this->_elements) as $key) {
             $value = $this->_elements[$key]->exportValue($this->_submitValues, true);
             $fldName = null;
             if (isset($this->_elements[$key]->_attributes['name'])) {
                 //filter the value across XSS vulnerability issues.
                 $fldName = $this->_elements[$key]->_attributes['name'];
             }
             if (!in_array($this->_elements[$key]->_type, array('text', 'textarea')) or CRM_Core_HTMLInputCoder::isSkippedField($fldName)) {
                 // …don’t filter, otherwise filter (else clause below)
             } else {
                 //here value might be array or single value.
                 //so we should iterate and get filtered value.
                 CRM_Core_HTMLInputCoder::encodeInput($value);
             }
             if (is_array($value)) {
                 // This shit throws a bogus warning in PHP 4.3.x
                 $values = HTML_QuickForm::arrayMerge($values, $value);
             }
         }
     } else {
         if (!is_array($elementList)) {
             $elementList = array_map('trim', explode(',', $elementList));
         }
         foreach ($elementList as $elementName) {
             $value = $this->exportValue($elementName);
             //filter the value across XSS vulnerability issues.
             if (!CRM_Core_HTMLInputCoder::isSkippedField($elementName)) {
                 CRM_Core_HTMLInputCoder::encodeInput($value);
             }
             if (PEAR::isError($value)) {
                 return $value;
             }
             $values[$elementName] = $value;
         }
     }
     return $values;
 }
Exemplo n.º 3
0
function civicrm_api($entity, $action, $params, $extra = NULL)
{
    $apiWrappers = array(CRM_Core_HTMLInputCoder::singleton());
    try {
        require_once 'api/v3/utils.php';
        require_once 'api/Exception.php';
        if (!is_array($params)) {
            throw new API_Exception('Input variable `params` is not an array', 2000);
        }
        _civicrm_api3_initialize();
        $errorScope = CRM_Core_TemporaryErrorScope::useException();
        require_once 'CRM/Utils/String.php';
        require_once 'CRM/Utils/Array.php';
        $apiRequest = array();
        $apiRequest['entity'] = CRM_Utils_String::munge($entity);
        $apiRequest['action'] = CRM_Utils_String::munge($action);
        $apiRequest['version'] = civicrm_get_api_version($params);
        $apiRequest['params'] = $params;
        $apiRequest['extra'] = $extra;
        // look up function, file, is_generic
        $apiRequest += _civicrm_api_resolve($apiRequest);
        if (strtolower($action) == 'create' || strtolower($action) == 'delete') {
            $apiRequest['is_transactional'] = 1;
            $tx = new CRM_Core_Transaction();
        }
        $errorFnName = $apiRequest['version'] == 2 ? 'civicrm_create_error' : 'civicrm_api3_create_error';
        if ($apiRequest['version'] > 2) {
            _civicrm_api3_api_check_permission($apiRequest['entity'], $apiRequest['action'], $apiRequest['params']);
        }
        // we do this before we
        _civicrm_api3_swap_out_aliases($apiRequest);
        if (strtolower($action) != 'getfields') {
            if (!CRM_Utils_Array::value('id', $params)) {
                $apiRequest['params'] = array_merge(_civicrm_api3_getdefaults($apiRequest), $apiRequest['params']);
            }
            //if 'id' is set then only 'version' will be checked but should still be checked for consistency
            civicrm_api3_verify_mandatory($apiRequest['params'], NULL, _civicrm_api3_getrequired($apiRequest));
        }
        foreach ($apiWrappers as $apiWrapper) {
            $apiRequest = $apiWrapper->fromApiInput($apiRequest);
        }
        $function = $apiRequest['function'];
        if ($apiRequest['function'] && $apiRequest['is_generic']) {
            // Unlike normal API implementations, generic implementations require explicit
            // knowledge of the entity and action (as well as $params). Bundle up these bits
            // into a convenient data structure.
            $result = $function($apiRequest);
        } elseif ($apiRequest['function'] && !$apiRequest['is_generic']) {
            _civicrm_api3_validate_fields($apiRequest['entity'], $apiRequest['action'], $apiRequest['params']);
            $result = isset($extra) ? $function($apiRequest['params'], $extra) : $function($apiRequest['params']);
        } else {
            return $errorFnName("API (" . $apiRequest['entity'] . "," . $apiRequest['action'] . ") does not exist (join the API team and implement it!)");
        }
        foreach ($apiWrappers as $apiWrapper) {
            $result = $apiWrapper->toApiOutput($apiRequest, $result);
        }
        if (CRM_Utils_Array::value('format.is_success', $apiRequest['params']) == 1) {
            if ($result['is_error'] === 0) {
                return 1;
            } else {
                return 0;
            }
        }
        if (CRM_Utils_Array::value('format.only_id', $apiRequest['params']) && isset($result['id'])) {
            return $result['id'];
        }
        if (CRM_Utils_Array::value('is_error', $result, 0) == 0) {
            _civicrm_api_call_nested_api($apiRequest['params'], $result, $apiRequest['action'], $apiRequest['entity'], $apiRequest['version']);
        }
        if (CRM_Utils_Array::value('format.smarty', $apiRequest['params']) || CRM_Utils_Array::value('format_smarty', $apiRequest['params'])) {
            // return _civicrm_api_parse_result_through_smarty($result,$apiRequest['params']);
        }
        if (function_exists('xdebug_time_index') && CRM_Utils_Array::value('debug', $apiRequest['params']) && is_array($result)) {
            $result['xdebug']['peakMemory'] = xdebug_peak_memory_usage();
            $result['xdebug']['memory'] = xdebug_memory_usage();
            $result['xdebug']['timeIndex'] = xdebug_time_index();
        }
        return $result;
    } catch (PEAR_Exception $e) {
        if (CRM_Utils_Array::value('format.is_success', $apiRequest['params']) == 1) {
            return 0;
        }
        $data = array();
        $err = civicrm_api3_create_error($e->getMessage(), $data, $apiRequest);
        if (CRM_Utils_Array::value('debug', $apiRequest['params'])) {
            $err['trace'] = $e->getTraceSafe();
        } else {
            $err['tip'] = "add debug=1 to your API call to have more info about the error";
        }
        if (CRM_Utils_Array::value('is_transactional', $apiRequest)) {
            $tx->rollback();
        }
        return $err;
    } catch (API_Exception $e) {
        if (!isset($apiRequest)) {
            $apiRequest = array();
        }
        if (CRM_Utils_Array::value('format.is_success', CRM_Utils_Array::value('params', $apiRequest)) == 1) {
            return 0;
        }
        $data = $e->getExtraParams();
        $err = civicrm_api3_create_error($e->getMessage(), $data, $apiRequest, $e->getCode());
        if (CRM_Utils_Array::value('debug', CRM_Utils_Array::value('params', $apiRequest))) {
            $err['trace'] = $e->getTraceAsString();
        }
        if (CRM_Utils_Array::value('is_transactional', CRM_Utils_Array::value('params', $apiRequest))) {
            $tx->rollback();
        }
        return $err;
    } catch (Exception $e) {
        if (CRM_Utils_Array::value('format.is_success', $apiRequest['params']) == 1) {
            return 0;
        }
        $data = array();
        $err = civicrm_api3_create_error($e->getMessage(), $data, $apiRequest, $e->getCode());
        if (CRM_Utils_Array::value('debug', $apiRequest['params'])) {
            $err['trace'] = $e->getTraceAsString();
        }
        if (CRM_Utils_Array::value('is_transactional', $apiRequest)) {
            $tx->rollback();
        }
        return $err;
    }
}