/** * @param array $post * Like global $_POST. * @param array $files * Like global $_FILES. * @param array $server * Like global $_SERVER. * @return array */ public static function _attachFile($post, $files, $server) { $config = CRM_Core_Config::singleton(); $results = array(); foreach ($files as $key => $file) { if (!$config->debug && !self::checkToken($post['crm_attachment_token'])) { require_once 'api/v3/utils.php'; $results[$key] = civicrm_api3_create_error("SECURITY ALERT: Attaching files via AJAX requires a recent, valid token.", array('IP' => $server['REMOTE_ADDR'], 'level' => 'security', 'referer' => $server['HTTP_REFERER'], 'reason' => 'CSRF suspected')); } elseif ($file['error']) { $results[$key] = civicrm_api3_create_error("Upload failed (code=" . $file['error'] . ")"); } else { CRM_Core_Transaction::create(TRUE)->run(function (CRM_Core_Transaction $tx) use($key, $file, $post, &$results) { // We want check_permissions=1 while creating the DB record and check_permissions=0 while moving upload, // so split the work across two api calls. $params = array(); if (isset($file['name'])) { $params['name'] = $file['name']; } if (isset($file['type'])) { $params['mime_type'] = $file['type']; } foreach (array('entity_table', 'entity_id', 'description') as $field) { if (isset($post[$field])) { $params[$field] = $post[$field]; } } $params['version'] = 3; $params['check_permissions'] = 1; $params['content'] = ''; $results[$key] = civicrm_api('Attachment', 'create', $params); if (!$results[$key]['is_error']) { $moveParams = array('id' => $results[$key]['id'], 'version' => 3, 'options.move-file' => $file['tmp_name']); $moveResult = civicrm_api('Attachment', 'create', $moveParams); if ($moveResult['is_error']) { $results[$key] = $moveResult; $tx->rollback(); } } }); } } return $results; }
/** * Delete MailingAB and all its associated records. * * @param int $id * Id of the mail to delete. */ public static function del($id) { if (empty($id)) { CRM_Core_Error::fatal(); } CRM_Core_Transaction::create()->run(function () use($id) { CRM_Utils_Hook::pre('delete', 'MailingAB', $id, CRM_Core_DAO::$_nullArray); $dao = new CRM_Mailing_DAO_MailingAB(); $dao->id = $id; if ($dao->find(TRUE)) { $mailing_ids = array($dao->mailing_id_a, $dao->mailing_id_b, $dao->mailing_id_c); $dao->delete(); foreach ($mailing_ids as $mailing_id) { if ($mailing_id) { CRM_Mailing_BAO_Mailing::del($mailing_id); } } } CRM_Core_Session::setStatus(ts('Selected mailing has been deleted.'), ts('Deleted'), 'success'); CRM_Utils_Hook::post('delete', 'MailingAB', $id, $dao); }); }
/** * @param string $createStyle * 'sql-insert'|'bao-create'. * @param string $commitStyle * 'implicit-commit'|'explicit-commit'. * @dataProvider dataCreateAndCommitStyles */ public function testRun_exception($createStyle, $commitStyle) { $tx = new CRM_Core_Transaction(); $test = $this; $e = NULL; // Exception try { CRM_Core_Transaction::create(TRUE)->run(function ($tx) use(&$test, $createStyle, $commitStyle) { $test->createContactWithTransaction('nest-tx', $createStyle, $commitStyle); $test->assertContactsExistByOffset(array(0 => TRUE)); throw new Exception("Ruh-roh"); }); } catch (Exception $ex) { $e = $ex; if (get_class($e) != 'Exception' || $e->getMessage() != 'Ruh-roh') { throw $e; } } $this->assertTrue($e instanceof Exception); $this->assertContactsExistByOffset(array(0 => FALSE)); }
/** * @param string $action * The API action (e.g. "create"). * @param string $entityTable * The target entity table (e.g. "civicrm_mailing"). * @param int|NULL $entityId * The target entity ID. * @param array $apiRequest * The full API request. * @throws \API_Exception * @throws \Civi\API\Exception\UnauthorizedException */ public function authorizeDelegate($action, $entityTable, $entityId, $apiRequest) { $entity = $this->getDelegatedEntityName($entityTable); if (!$entity) { throw new \API_Exception("Failed to run permission check: Unrecognized target entity table ({$entityTable})"); } if (!$entityId) { throw new \Civi\API\Exception\UnauthorizedException("Authorization failed on ({$entity}): Missing entity_id"); } if ($this->isTrusted($apiRequest)) { return; } /** * @var \Exception $exception */ $exception = NULL; $self = $this; \CRM_Core_Transaction::create(TRUE)->run(function ($tx) use($entity, $action, $entityId, &$exception, $self) { $tx->rollback(); // Just to be safe. $params = array('version' => 3, 'check_permissions' => 1, 'id' => $entityId); $result = $self->kernel->run($entity, $self->getDelegatedAction($action), $params); if ($result['is_error'] || empty($result['values'])) { $exception = new \Civi\API\Exception\UnauthorizedException("Authorization failed on ({$entity},{$entityId})", array('cause' => $result)); } }); if ($exception) { throw $exception; } }