diff --git a/CRM/Core/Controller.php b/CRM/Core/Controller.php index f31e5f963f72..7b0a5a477362 100644 --- a/CRM/Core/Controller.php +++ b/CRM/Core/Controller.php @@ -300,7 +300,10 @@ public function key($name, $addSequence = FALSE, $ignoreKey = FALSE) { // https://github.com/civicrm/civicrm-core/pull/17324 // and/or related get merged, then we should remove the REQUEST reference here. $key = $_POST['qfKey'] ?? $_GET['qfKey'] ?? $_REQUEST['qfKey'] ?? NULL; - if (!$key && in_array($_SERVER['REQUEST_METHOD'], ['GET', 'HEAD'])) { + // Allow POST if `$_GET['reset'] == 1` because standalone search actions require a + // (potentially large) amount of data to the server and must make the page request using POST. + // See https://lab.civicrm.org/dev/core/-/issues/3222 + if (!$key && (!empty($_GET['reset']) || in_array($_SERVER['REQUEST_METHOD'], ['GET', 'HEAD']))) { // Generate a key if this is an initial request without one. // We allow HEAD here because it is used by bots to validate URLs, so if // we issue a 500 server error to them they may think the site is broken. diff --git a/ext/search_kit/Civi/Api4/Action/SearchDisplay/GetSearchTasks.php b/ext/search_kit/Civi/Api4/Action/SearchDisplay/GetSearchTasks.php index b0ded1f45eee..97286984e377 100644 --- a/ext/search_kit/Civi/Api4/Action/SearchDisplay/GetSearchTasks.php +++ b/ext/search_kit/Civi/Api4/Action/SearchDisplay/GetSearchTasks.php @@ -41,7 +41,8 @@ public function _run(\Civi\Api4\Generic\Result $result) { 'icon' => 'fa-file-excel-o', 'crmPopup' => [ 'path' => "'civicrm/export/standalone'", - 'query' => "{reset: 1, entity: '{$entity['name']}', id: ids.join(',')}", + 'query' => "{reset: 1, entity: '{$entity['name']}'}", + 'data' => "{id: ids.join(',')}", ], ]; } @@ -104,7 +105,8 @@ public function _run(\Civi\Api4\Generic\Result $result) { 'icon' => $task['icon'] ?? 'fa-gear', 'crmPopup' => [ 'path' => "'{$task['url']}'", - 'query' => "{reset: 1, cids: ids.join(',')}", + 'query' => "{reset: 1}", + 'data' => "{cids: ids.join(',')}", ], ]; } @@ -141,7 +143,7 @@ public function _run(\Civi\Api4\Generic\Result $result) { 'icon' => $task['icon'] ?? 'fa-gear', 'crmPopup' => [ 'path' => "'{$task['url']}'", - 'query' => "{id: ids.join(',')}", + 'data' => "{id: ids.join(',')}", ], ]; } diff --git a/ext/search_kit/ang/crmSearchTasks/crmSearchTasks.component.js b/ext/search_kit/ang/crmSearchTasks/crmSearchTasks.component.js index 4910dcdd1944..639bc4cfddf7 100644 --- a/ext/search_kit/ang/crmSearchTasks/crmSearchTasks.component.js +++ b/ext/search_kit/ang/crmSearchTasks/crmSearchTasks.component.js @@ -67,7 +67,7 @@ if (action.crmPopup) { var path = $scope.$eval(action.crmPopup.path, data), query = action.crmPopup.query && $scope.$eval(action.crmPopup.query, data); - CRM.loadForm(CRM.url(path, query)) + CRM.loadForm(CRM.url(path, query), {post: action.crmPopup.data && $scope.$eval(action.crmPopup.data, data)}) .on('crmFormSuccess', ctrl.refresh); } // If action uses dialogService diff --git a/js/crm.ajax.js b/js/crm.ajax.js index 4cb20cd03ee7..57ed34f9932a 100644 --- a/js/crm.ajax.js +++ b/js/crm.ajax.js @@ -202,6 +202,7 @@ options: { url: null, block: true, + post: null, crmForm: null }, _originalContent: null, @@ -287,12 +288,22 @@ return false; }); }, + _ajax: function(url) { + if (!this.options.post || !this.isOriginalUrl()) { + return $.getJSON(url); + } + return $.post({ + url: url, + dataType: 'json', + data: this.options.post + }); + }, refresh: function() { var that = this; var url = this._formatUrl(this.options.url, 'json'); if (this.options.crmForm) $('form', this.element).ajaxFormUnbind(); if (this.options.block) this.element.block(); - $.getJSON(url, function(data) { + this._ajax(url).then(function(data) { if (data.status === 'redirect') { that.options.url = data.userContext; return that.refresh(); @@ -321,7 +332,7 @@ $('[name="'+formElement+'"]', that.element).crmError(msg); }); } - }).fail(function(data, msg, status) { + }, function(data, msg, status) { that._onFailure(data, status); }); },