Improve type checking in getContactPhone and use CRM_Utils_Request::r… #12687
Conversation
|
(Standard links)
|
seamuslee001
force-pushed
the
get_phone_improvement
branch
from
e39bdff to
adcca48
Compare
|
I tested with http://dmaster.local/civicrm/ajax/checkphone?cid=96,97,95,148 http://dmaster.local/civicrm/ajax/checkphone?name=Jacobs, Elbert & this didn't work. For the first url the following patch worked Note that the (int) is required because of the way 0 is handled in retrieve function For the 'name' retrieval it's more complex. Valid name variables include more than just alphanumeric. In my test there was a comma and a space (it works off sort_name) but also consider O'Connor. We probably need to filter things out ? Do we need a new filter |
|
@eileenmcnaughton possibly yes, i guess what i can do is for the moment send it back to string but yeh i think it would be good. Maybe we could allow for one space in the alphanumeric but hmmm its a difficult question |
|
@seamuslee001 specifically stripping < & > seems good |
CRM/Contact/Page/AJAX.php
Outdated
| if ($name) { | ||
| $name = CRM_Utils_Type::escape($name, 'String'); | ||
| $queryString = " ( cc.sort_name LIKE '%$name%' OR cp.phone LIKE '%$name%' ) "; |
There was a problem hiding this comment.
I really don't think we should be concatenating string values from the url into a query. I think this line ought to be using %1 %2 etc placeholders and we should be feeding values into an array as the 2nd param to executeQuery.
|
@seamuslee001 I took a look at this - there are a few instance where you use retrieveValue instead of the existing CRM_Utils_Array::value + escape. For commaSeparatedInteger & Integer I think the validate action is solid enough not to also require escaping. However for the first one - ie. the one that is string - the validate doesn't do much now we've backed off your original 'Alphanumeric' - making the change @colemanw suggested would work - although the way the hook has been jammed in that function it arguably could mess with it. Alternatively CRM_Core_DAO::composeQuery could be used to do the interpolation. |
|
@seamuslee001 this needs an update by you per comments |
seamuslee001
force-pushed
the
get_phone_improvement
branch
from
4451876 to
d9a81f1
Compare
|
@eileenmcnaughton updated now |
seamuslee001
force-pushed
the
get_phone_improvement
branch
from
d9a81f1 to
13a6395
Compare
|
Thanks @seamuslee001 this is good to merge IMHO |
|
@seamuslee001 oops I take it back - I'm getting a notice |
…etrieve to get data from GET Fix retrieving value from GET param as per review by Eileen Replace inserted variables with placeholders as per standards
seamuslee001
force-pushed
the
get_phone_improvement
branch
from
13a6395 to
3ae9c7d
Compare
|
@eileenmcnaughton hopefully fixed that e-notice now |
|
@seamuslee001 yep seems good |
|
Merging as per the tag |
…etrieve to get data from GET
Overview
This improves the type checking on the
namekey by making it use the typeAlphanumericrather than string. It also switches to useCRM_Utils_Request::retrieverather thanCRM_Utils_Array::valueto get data from the $_GET variableping @eileenmcnaughton @monishdeb @colemanw