Merge pull request #23331 from colemanw/post

SearchKit - Use POST to send contact ids to action forms

CRM/Core/Controller.php

@@ -300,7 +300,10 @@ public function key($name, $addSequence = FALSE, $ignoreKey = FALSE) {
     // https://github.com/civicrm/civicrm-core/pull/17324
     // and/or related get merged, then we should remove the REQUEST reference here.
     $key = $_POST['qfKey'] ?? $_GET['qfKey'] ?? $_REQUEST['qfKey'] ?? NULL;
-    if (!$key && in_array($_SERVER['REQUEST_METHOD'], ['GET', 'HEAD'])) {
+    // Allow POST if `$_GET['reset'] == 1` because standalone search actions require a
+    // (potentially large) amount of data to the server and must make the page request using POST.
+    // See https://lab.civicrm.org/dev/core/-/issues/3222
+    if (!$key && (!empty($_GET['reset']) || in_array($_SERVER['REQUEST_METHOD'], ['GET', 'HEAD']))) {
       // Generate a key if this is an initial request without one.
       // We allow HEAD here because it is used by bots to validate URLs, so if
       // we issue a 500 server error to them they may think the site is broken.

ext/search_kit/Civi/Api4/Action/SearchDisplay/GetSearchTasks.php

@@ -41,7 +41,8 @@ public function _run(\Civi\Api4\Generic\Result $result) {
         'icon' => 'fa-file-excel-o',
         'crmPopup' => [
           'path' => "'civicrm/export/standalone'",
-          'query' => "{reset: 1, entity: '{$entity['name']}', id: ids.join(',')}",
+          'query' => "{reset: 1, entity: '{$entity['name']}'}",
+          'data' => "{id: ids.join(',')}",
         ],
       ];
     }
@@ -104,7 +105,8 @@ public function _run(\Civi\Api4\Generic\Result $result) {
             'icon' => $task['icon'] ?? 'fa-gear',
             'crmPopup' => [
               'path' => "'{$task['url']}'",
-              'query' => "{reset: 1, cids: ids.join(',')}",
+              'query' => "{reset: 1}",
+              'data' => "{cids: ids.join(',')}",
             ],
           ];
         }
@@ -141,7 +143,7 @@ public function _run(\Civi\Api4\Generic\Result $result) {
             'icon' => $task['icon'] ?? 'fa-gear',
             'crmPopup' => [
               'path' => "'{$task['url']}'",
-              'query' => "{id: ids.join(',')}",
+              'data' => "{id: ids.join(',')}",
             ],
           ];
         }

ext/search_kit/ang/crmSearchTasks/crmSearchTasks.component.js

@@ -67,7 +67,7 @@
         if (action.crmPopup) {
           var path = $scope.$eval(action.crmPopup.path, data),
             query = action.crmPopup.query && $scope.$eval(action.crmPopup.query, data);
-          CRM.loadForm(CRM.url(path, query))
+          CRM.loadForm(CRM.url(path, query), {post: action.crmPopup.data && $scope.$eval(action.crmPopup.data, data)})
             .on('crmFormSuccess', ctrl.refresh);
         }
         // If action uses dialogService

js/crm.ajax.js

@@ -202,6 +202,7 @@
     options: {
       url: null,
       block: true,
+      post: null,
       crmForm: null
     },
     _originalContent: null,
@@ -287,12 +288,22 @@
         return false;
       });
     },
+    _ajax: function(url) {
+      if (!this.options.post || !this.isOriginalUrl()) {
+        return $.getJSON(url);
+      }
+      return $.post({
+        url: url,
+        dataType: 'json',
+        data: this.options.post
+      });
+    },
     refresh: function() {
       var that = this;
       var url = this._formatUrl(this.options.url, 'json');
       if (this.options.crmForm) $('form', this.element).ajaxFormUnbind();
       if (this.options.block) this.element.block();
-      $.getJSON(url, function(data) {
+      this._ajax(url).then(function(data) {
         if (data.status === 'redirect') {
           that.options.url = data.userContext;
           return that.refresh();
@@ -321,7 +332,7 @@
             $('[name="'+formElement+'"]', that.element).crmError(msg);
           });
         }
-      }).fail(function(data, msg, status) {
+      }, function(data, msg, status) {
         that._onFailure(data, status);
       });
     },