/**
* @param array $post
* Like global $_POST.
* @param array $files
* Like global $_FILES.
* @param array $server
* Like global $_SERVER.
* @return array
*/
public static function _attachFile($post, $files, $server)
{
$config = CRM_Core_Config::singleton();
$results = array();
foreach ($files as $key => $file) {
if (!$config->debug && !self::checkToken($post['crm_attachment_token'])) {
require_once 'api/v3/utils.php';
$results[$key] = civicrm_api3_create_error("SECURITY ALERT: Attaching files via AJAX requires a recent, valid token.", array('IP' => $server['REMOTE_ADDR'], 'level' => 'security', 'referer' => $server['HTTP_REFERER'], 'reason' => 'CSRF suspected'));
} elseif ($file['error']) {
$results[$key] = civicrm_api3_create_error("Upload failed (code=" . $file['error'] . ")");
} else {
CRM_Core_Transaction::create(TRUE)->run(function (CRM_Core_Transaction $tx) use($key, $file, $post, &$results) {
// We want check_permissions=1 while creating the DB record and check_permissions=0 while moving upload,
// so split the work across two api calls.
$params = array();
if (isset($file['name'])) {
$params['name'] = $file['name'];
}
if (isset($file['type'])) {
$params['mime_type'] = $file['type'];
}
foreach (array('entity_table', 'entity_id', 'description') as $field) {
if (isset($post[$field])) {
$params[$field] = $post[$field];
}
}
$params['version'] = 3;
$params['check_permissions'] = 1;
$params['content'] = '';
$results[$key] = civicrm_api('Attachment', 'create', $params);
if (!$results[$key]['is_error']) {
$moveParams = array('id' => $results[$key]['id'], 'version' => 3, 'options.move-file' => $file['tmp_name']);
$moveResult = civicrm_api('Attachment', 'create', $moveParams);
if ($moveResult['is_error']) {
$results[$key] = $moveResult;
$tx->rollback();
}
}
});
}
}
return $results;
}
/**
* Delete MailingAB and all its associated records.
*
* @param int $id
* Id of the mail to delete.
*/
public static function del($id)
{
if (empty($id)) {
CRM_Core_Error::fatal();
}
CRM_Core_Transaction::create()->run(function () use($id) {
CRM_Utils_Hook::pre('delete', 'MailingAB', $id, CRM_Core_DAO::$_nullArray);
$dao = new CRM_Mailing_DAO_MailingAB();
$dao->id = $id;
if ($dao->find(TRUE)) {
$mailing_ids = array($dao->mailing_id_a, $dao->mailing_id_b, $dao->mailing_id_c);
$dao->delete();
foreach ($mailing_ids as $mailing_id) {
if ($mailing_id) {
CRM_Mailing_BAO_Mailing::del($mailing_id);
}
}
}
CRM_Core_Session::setStatus(ts('Selected mailing has been deleted.'), ts('Deleted'), 'success');
CRM_Utils_Hook::post('delete', 'MailingAB', $id, $dao);
});
}
/**
* @param string $createStyle
* 'sql-insert'|'bao-create'.
* @param string $commitStyle
* 'implicit-commit'|'explicit-commit'.
* @dataProvider dataCreateAndCommitStyles
*/
public function testRun_exception($createStyle, $commitStyle)
{
$tx = new CRM_Core_Transaction();
$test = $this;
$e = NULL;
// Exception
try {
CRM_Core_Transaction::create(TRUE)->run(function ($tx) use(&$test, $createStyle, $commitStyle) {
$test->createContactWithTransaction('nest-tx', $createStyle, $commitStyle);
$test->assertContactsExistByOffset(array(0 => TRUE));
throw new Exception("Ruh-roh");
});
} catch (Exception $ex) {
$e = $ex;
if (get_class($e) != 'Exception' || $e->getMessage() != 'Ruh-roh') {
throw $e;
}
}
$this->assertTrue($e instanceof Exception);
$this->assertContactsExistByOffset(array(0 => FALSE));
}
/**
* @param string $action
* The API action (e.g. "create").
* @param string $entityTable
* The target entity table (e.g. "civicrm_mailing").
* @param int|NULL $entityId
* The target entity ID.
* @param array $apiRequest
* The full API request.
* @throws \API_Exception
* @throws \Civi\API\Exception\UnauthorizedException
*/
public function authorizeDelegate($action, $entityTable, $entityId, $apiRequest)
{
$entity = $this->getDelegatedEntityName($entityTable);
if (!$entity) {
throw new \API_Exception("Failed to run permission check: Unrecognized target entity table ({$entityTable})");
}
if (!$entityId) {
throw new \Civi\API\Exception\UnauthorizedException("Authorization failed on ({$entity}): Missing entity_id");
}
if ($this->isTrusted($apiRequest)) {
return;
}
/**
* @var \Exception $exception
*/
$exception = NULL;
$self = $this;
\CRM_Core_Transaction::create(TRUE)->run(function ($tx) use($entity, $action, $entityId, &$exception, $self) {
$tx->rollback();
// Just to be safe.
$params = array('version' => 3, 'check_permissions' => 1, 'id' => $entityId);
$result = $self->kernel->run($entity, $self->getDelegatedAction($action), $params);
if ($result['is_error'] || empty($result['values'])) {
$exception = new \Civi\API\Exception\UnauthorizedException("Authorization failed on ({$entity},{$entityId})", array('cause' => $result));
}
});
if ($exception) {
throw $exception;
}
}
