Skip to content

Commit

Permalink
PCHR-4346: Fix custom Home URL parsing
Browse files Browse the repository at this point in the history 
Included in CiviCRM 5.8.0
Core PR: civicrm#13031
  • Loading branch information
@davialexandre
davialexandre committed Nov 9, 2018
1 parent cdac282 commit 38a8156
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 25 deletions.
2 changes: 1 addition & 1 deletion CRM/Admin/Page/AJAX.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ public static function getNavigationMenu() {
$smarty = CRM_Core_Smarty::singleton();
$smarty->assign('includeEmail', civicrm_api3('setting', 'getvalue', array('name' => 'includeEmailInName', 'group' => 'Search Preferences')));
print $smarty->fetchWith('CRM/common/navigation.js.tpl', array(
'navigation' => CRM_Core_BAO_Navigation::createNavigation($contactID),
'navigation' => CRM_Core_BAO_Navigation::createNavigation(),
));
}
CRM_Utils_System::civiExit();
Expand Down
65 changes: 41 additions & 24 deletions CRM/Core/BAO/Navigation.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -493,22 +493,7 @@ public static function getMenuName(&$value, &$skipMenuItems) {

$makeLink = FALSE;
if (!empty($url)) {
// Skip processing fully-formed urls
if (substr($url, 0, 4) !== 'http' && $url[0] !== '/' && $url[0] !== '#') {
//CRM-7656 --make sure to separate out url path from url params,
//as we'r going to validate url path across cross-site scripting.
$parsedUrl = parse_url($url);
if (empty($parsedUrl['query'])) {
$parsedUrl['query'] = NULL;
}
if (empty($parsedUrl['fragment'])) {
$parsedUrl['fragment'] = NULL;
}
$url = CRM_Utils_System::url($parsedUrl['path'], $parsedUrl['query'], FALSE, $parsedUrl['fragment'], TRUE);
}
elseif (strpos($url, '&') === FALSE) {
$url = htmlspecialchars($url);
}
$url = self::makeFullyFormedUrl($url);
$makeLink = TRUE;
}

Expand Down Expand Up @@ -581,15 +566,10 @@ public static function getMenuName(&$value, &$skipMenuItems) {
/**
* Create navigation for CiviCRM Admin Menu.
*
* @param int $contactID
* Contact id.
*
* @return string
* returns navigation html
*/
public static function createNavigation($contactID) {
$config = CRM_Core_Config::singleton();

public static function createNavigation() {
$navigation = self::buildNavigation();

if ($navigation) {
Expand All @@ -603,8 +583,7 @@ public static function createNavigation($contactID) {
$homeIcon = '<span class="crm-logo-sm" ></span>';
self::retrieve($homeParams, $homeNav);
if ($homeNav) {
list($path, $q) = explode('?', $homeNav['url']);
$homeURL = CRM_Utils_System::url($path, $q);
$homeURL = self::makeFullyFormedUrl($homeNav['url']);
$homeLabel = $homeNav['label'];
// CRM-6804 (we need to special-case this as we don’t ts()-tag variables)
if ($homeLabel == 'Home') {
Expand All @@ -630,6 +609,44 @@ public static function createNavigation($contactID) {
return $prepandString . $navigation;
}

/**
* Turns relative URLs (like civicrm/foo/bar) into fully-formed
* ones (i.e. example.com/wp-admin?q=civicrm/dashboard).
*
* If the URL is already fully-formed, nothing will be done.
*
* @param string $url
*
* @return string
*/
private static function makeFullyFormedUrl($url) {
if (self::isNotFullyFormedUrl($url)) {
//CRM-7656 --make sure to separate out url path from url params,
//as we'r going to validate url path across cross-site scripting.
$path = parse_url($url, PHP_URL_PATH);
$q = parse_url($url, PHP_URL_QUERY);
$fragment = parse_url($url, PHP_URL_FRAGMENT);
return CRM_Utils_System::url($path, $q, FALSE, $fragment);
}

if (strpos($url, '&amp;') === FALSE) {
return htmlspecialchars($url);
}

return $url;
}

/**
* Checks if the given URL is not fully-formed
*
* @param string $url
*
* @return bool
*/
private static function isNotFullyFormedUrl($url) {
return substr($url, 0, 4) !== 'http' && $url[0] !== '/' && $url[0] !== '#';
}

/**
* Reset navigation for all contacts or a specified contact.
*
Expand Down

0 comments on commit 38a8156

Please sign in to comment.