Commit edc80cda authored by Sean Madsen's avatar Sean Madsen Committed by totten

security/core#14 Validate "context" inputs

When "context" is passed as a GET parameter, ensure that its values is
a valid "Alphanumeric" type. This helps prevent XSS when the "context"
value finds its way into templates that lack HTML output encoding.

Replace...

    CRM_Utils_Request::retrieve\((['"])context\1,(\s*)(['"])String\3

...with...

    CRM_Utils_Request::retrieve\($1context$1,$3Alphanumeric$3

Also search for the following and manually fix:

    \$_GET\[(['"])context\1\]
    \$_POST\[(['"])context\1\]
    \$_REQUEST\[(['"])context\1\]
parent d92edefc
......@@ -255,7 +255,7 @@ class CRM_Activity_Form_Activity extends CRM_Contact_Form_Task {
// Give the context.
if (!isset($this->_context)) {
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
if (CRM_Contact_Form_Search::isSearchContext($this->_context)) {
$this->_context = 'search';
}
......
......@@ -42,7 +42,7 @@ class CRM_Activity_Form_ActivityView extends CRM_Core_Form {
public function preProcess() {
// Get the activity values.
$activityId = CRM_Utils_Request::retrieve('id', 'Positive', $this);
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$cid = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
// Check for required permissions, CRM-6264.
......
......@@ -87,7 +87,7 @@ class CRM_Activity_Form_Search extends CRM_Core_Form_Search {
$this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean');
$this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE);
$this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search');
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search');
$this->assign("context", $this->_context);
......
......@@ -63,7 +63,7 @@ class CRM_Activity_Page_Tab extends CRM_Core_Page {
*/
public function edit() {
// used for ajax tabs
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->assign('context', $context);
$this->_id = CRM_Utils_Request::retrieve('id', 'Integer', $this);
......@@ -159,7 +159,7 @@ class CRM_Activity_Page_Tab extends CRM_Core_Page {
* Perform actions and display for activities.
*/
public function run() {
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$contactId = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
$action = CRM_Utils_Request::retrieve('action', 'String', $this);
$this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this);
......
......@@ -54,7 +54,7 @@ class CRM_Batch_Page_AJAX {
* @deprecated
*/
public static function getBatchList() {
$context = isset($_REQUEST['context']) ? CRM_Utils_Type::escape($_REQUEST['context'], 'String') : NULL;
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric');
if ($context != 'financialBatch') {
$sortMapper = array(
0 => 'title',
......
......@@ -76,7 +76,7 @@ class CRM_Campaign_Form_Campaign extends CRM_Core_Form {
CRM_Utils_System::permissionDenied();
}
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->assign('context', $this->_context);
......
......@@ -47,7 +47,7 @@ class CRM_Campaign_Form_Petition extends CRM_Core_Form {
CRM_Utils_System::permissionDenied();
}
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->assign('context', $this->_context);
......
......@@ -81,7 +81,7 @@ class CRM_Campaign_Form_Search extends CRM_Core_Form_Search {
//useful when we are being driven by the wizard framework
$this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this);
$this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE);
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search');
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search');
$this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean');
//operation for state machine.
......
......@@ -60,7 +60,7 @@ class CRM_Campaign_Form_Survey_Main extends CRM_Campaign_Form_Survey {
public function preProcess() {
parent::preProcess();
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->assign('context', $this->_context);
......
......@@ -63,7 +63,7 @@ class CRM_Case_Form_Activity extends CRM_Activity_Form_Activity {
public function preProcess() {
$caseIds = CRM_Utils_Request::retrieve('caseid', 'String', $this);
$this->_caseId = explode(',', $caseIds);
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
if (!$this->_context) {
$this->_context = 'caseActivity';
}
......
......@@ -62,7 +62,7 @@ class CRM_Case_Form_Activity_OpenCase {
return;
}
$form->_context = CRM_Utils_Request::retrieve('context', 'String', $form);
$form->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $form);
$form->_contactID = CRM_Utils_Request::retrieve('cid', 'Positive', $form);
$form->assign('context', $form->_context);
......
......@@ -77,7 +77,7 @@ class CRM_Case_Form_CaseView extends CRM_Core_Form {
CRM_Core_Error::fatal(ts('You are not authorized to access this page.'));
}
$fulltext = CRM_Utils_Request::retrieve('context', 'String');
$fulltext = CRM_Utils_Request::retrieve('context', 'Alphanumeric');
if ($fulltext == 'fulltext') {
$this->assign('fulltext', $fulltext);
}
......
......@@ -42,7 +42,7 @@ class CRM_Case_Form_EditClient extends CRM_Core_Form {
public function preProcess() {
$cid = CRM_Utils_Request::retrieve('cid', 'Positive', $this, TRUE);
CRM_Utils_Request::retrieve('id', 'Positive', $this, TRUE);
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
//get current client name.
$this->assign('currentClientName', CRM_Contact_BAO_Contact::displayName($cid));
......
......@@ -97,7 +97,7 @@ class CRM_Case_Form_Search extends CRM_Core_Form_Search {
$this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean');
$this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE);
$this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search');
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search');
$this->assign('context', $this->_context);
......
......@@ -41,7 +41,7 @@ class CRM_Case_Page_CaseDetails extends CRM_Core_Page {
*/
public function run() {
$this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse');
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->assign('action', $this->_action);
$this->assign('context', $this->_context);
......
......@@ -59,7 +59,7 @@ class CRM_Case_Page_Tab extends CRM_Core_Page {
}
$this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
if ($this->_contactId) {
$this->assign('contactId', $this->_contactId);
......@@ -178,7 +178,7 @@ class CRM_Case_Page_Tab extends CRM_Core_Page {
*/
public function run() {
$contactID = CRM_Utils_Request::retrieve('cid', 'Positive', CRM_Core_DAO::$_nullArray);
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
if ($context == 'standalone' && !$contactID) {
$this->_action = CRM_Core_Action::ADD;
......
......@@ -235,7 +235,7 @@ class CRM_Contact_Form_Contact extends CRM_Core_Form {
// omitting contactImage from title for now since the summary overlay css doesn't work outside of our crm-container
CRM_Utils_System::setTitle($displayName);
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$qfKey = CRM_Utils_Request::retrieve('key', 'String', $this);
$urlParams = 'reset=1&cid=' . $this->_contactId;
......@@ -1055,7 +1055,7 @@ class CRM_Contact_Form_Contact extends CRM_Core_Form {
$session->replaceUserContext(CRM_Utils_System::url('civicrm/contact/add', $resetStr));
}
else {
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$qfKey = CRM_Utils_Request::retrieve('key', 'String', $this);
//validate the qfKey
$urlParams = 'reset=1&cid=' . $contact->id;
......
......@@ -70,7 +70,7 @@ class CRM_Contact_Form_GroupContact extends CRM_Core_Form {
public function preProcess() {
$this->_contactId = $this->get('contactId');
$this->_groupContactId = $this->get('groupContactId');
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
}
/**
......
......@@ -555,7 +555,7 @@ class CRM_Contact_Form_Search extends CRM_Core_Form_Search {
}
// assign context to drive the template display, make sure context is valid
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search');
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search');
if (!CRM_Utils_Array::value($this->_context, self::validContext())) {
$this->_context = 'search';
}
......
......@@ -150,7 +150,7 @@ class CRM_Contact_Form_Task_Delete extends CRM_Contact_Form_Task {
if ($this->_single) {
// also fix the user context stack in case the user hits cancel
$context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'basic');
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'basic');
if ($context == 'search' && CRM_Utils_Rule::qfKey($this->_searchKey)) {
$urlParams = "&context=$context&key=$this->_searchKey";
}
......@@ -200,7 +200,7 @@ class CRM_Contact_Form_Task_Delete extends CRM_Contact_Form_Task {
$session = CRM_Core_Session::singleton();
$currentUserId = $session->get('userID');
$context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'basic');
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'basic');
$urlParams = 'force=1';
$urlString = "civicrm/contact/search/$context";
......
......@@ -96,7 +96,7 @@ class CRM_Contact_Form_Task_Email extends CRM_Contact_Form_Task {
public function preProcess() {
// store case id if present
$this->_caseId = CRM_Utils_Request::retrieve('caseid', 'String', $this, FALSE);
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$cid = CRM_Utils_Request::retrieve('cid', 'String', $this, FALSE);
......
......@@ -63,7 +63,7 @@ class CRM_Contact_Form_Task_Map extends CRM_Contact_Form_Task {
$this, FALSE
);
$this->assign('profileGID', $profileGID);
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$type = 'Contact';
if ($cid) {
......
......@@ -53,7 +53,7 @@ class CRM_Contact_Form_Task_SMS extends CRM_Contact_Form_Task {
public function preProcess() {
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$cid = CRM_Utils_Request::retrieve('cid', 'Positive', $this, FALSE);
......
......@@ -415,7 +415,7 @@ LIMIT {$offset}, {$rowCount}
// send query to hook to be modified if needed
CRM_Utils_Hook::contactListQuery($query,
$name,
CRM_Utils_Request::retrieve('context', 'String'),
CRM_Utils_Request::retrieve('context', 'Alphanumeric'),
CRM_Utils_Request::retrieve('cid', 'Positive')
);
......@@ -440,7 +440,7 @@ LIMIT {$offset}, {$rowCount}
// send query to hook to be modified if needed
CRM_Utils_Hook::contactListQuery($query,
$name,
CRM_Utils_Request::retrieve('context', 'String'),
CRM_Utils_Request::retrieve('context', 'Alphanumeric'),
CRM_Utils_Request::retrieve('cid', 'Positive')
);
......@@ -510,7 +510,7 @@ LIMIT {$offset}, {$rowCount}
// send query to hook to be modified if needed
CRM_Utils_Hook::contactListQuery($query,
$name,
CRM_Utils_Request::retrieve('context', 'String'),
CRM_Utils_Request::retrieve('context', 'Alphanumeric'),
CRM_Utils_Request::retrieve('cid', 'Positive')
);
......@@ -1050,7 +1050,7 @@ LIMIT {$offset}, {$rowCount}
*/
public static function getContactRelationships() {
$contactID = CRM_Utils_Type::escape($_GET['cid'], 'Integer');
$context = CRM_Utils_Type::escape($_GET['context'], 'String');
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric');
$relationship_type_id = CRM_Utils_Type::escape(CRM_Utils_Array::value('relationship_type_id', $_GET), 'Integer', FALSE);
if (!CRM_Contact_BAO_Contact_Permission::allow($contactID)) {
......
......@@ -84,7 +84,7 @@ class CRM_Contact_Page_DedupeFind extends CRM_Core_Page_Basic {
$this->initialize();
$gid = CRM_Utils_Request::retrieve('gid', 'Positive', $this, FALSE, 0);
$action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 0);
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$limit = CRM_Utils_Request::retrieve('limit', 'Integer', $this);
$rgid = CRM_Utils_Request::retrieve('rgid', 'Positive', $this);
$cid = CRM_Utils_Request::retrieve('cid', 'Positive', $this, FALSE, 0);
......
......@@ -101,7 +101,7 @@ class CRM_Contact_Page_DedupeRules extends CRM_Core_Page_Basic {
public function run() {
$id = $this->getIdAndAction();
$context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE);
if ($context == 'nonDupe') {
CRM_Core_Session::setStatus(ts('Selected contacts have been marked as not duplicates'), ts('Changes Saved'), 'success');
}
......
......@@ -217,7 +217,7 @@ class CRM_Contact_Page_View_Relationship extends CRM_Core_Page {
}
public function setContext() {
$context = CRM_Utils_Request::retrieve('context', 'String',
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric',
$this, FALSE, 'search'
);
......
......@@ -471,7 +471,7 @@ INNER JOIN civicrm_contribution con ON ( con.id = mp.contribution_id )
$cid = CRM_Utils_Request::retrieve('cid', 'Integer');
$mid = CRM_Utils_Request::retrieve('mid', 'Integer');
$qfkey = CRM_Utils_Request::retrieve('key', 'String');
$context = CRM_Utils_Request::retrieve('context', 'String');
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric');
if ($cid) {
switch ($context) {
case 'contribution':
......
......@@ -250,7 +250,7 @@ class CRM_Contribute_Form_Contribution extends CRM_Contribute_Form_AbstractEditP
$this->assign('isUsePaymentBlock', TRUE);
}
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->assign('context', $this->_context);
$this->_compId = CRM_Utils_Request::retrieve('compId', 'Positive', $this);
......
......@@ -42,7 +42,7 @@ class CRM_Contribute_Form_ContributionView extends CRM_Core_Form {
public function preProcess() {
$id = $this->get('id');
$params = array('id' => $id);
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->assign('context', $context);
$values = CRM_Contribute_BAO_Contribution::getValuesWithMappings($params);
......
......@@ -83,7 +83,7 @@ class CRM_Contribute_Form_Search extends CRM_Core_Form_Search {
$this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean');
$this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE);
$this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search');
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search');
$this->assign("context", $this->_context);
......
......@@ -35,7 +35,7 @@ class CRM_Contribute_Page_PaymentInfo extends CRM_Core_Page {
$this->_component = CRM_Utils_Request::retrieve('component', 'String', $this, TRUE);
$this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse');
$this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this, TRUE);
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, TRUE);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, TRUE);
$this->_cid = CRM_Utils_Request::retrieve('cid', 'String', $this, TRUE);
$this->assign('cid', $this->_cid);
......
......@@ -313,7 +313,7 @@ class CRM_Contribute_Page_Tab extends CRM_Core_Page {
}
public function preProcess() {
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse');
$this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this);
......@@ -371,7 +371,7 @@ class CRM_Contribute_Page_Tab extends CRM_Core_Page {
public function setContext() {
$qfKey = CRM_Utils_Request::retrieve('key', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'String',
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric',
$this, FALSE, 'search'
);
$compContext = CRM_Utils_Request::retrieve('compContext', 'String', $this);
......
......@@ -98,9 +98,8 @@ class CRM_Core_Page_AJAX {
$id = CRM_Utils_Type::escape($_REQUEST['id'], 'Integer');
}
if (!empty($_REQUEST['context'])) {
$context = CRM_Utils_Type::escape($_REQUEST['context'], 'String');
}
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric');
// return false if $id is null and
// $context is not civicrm_event or civicrm_contribution_page
if (!$id || !in_array($context, array('civicrm_event', 'civicrm_contribution_page'))) {
......
......@@ -50,7 +50,7 @@ class CRM_Dashlet_Page_Activity extends CRM_Core_Page {
$this->assign('contactID', $contactID);
$this->assign('contactId', $contactID);
$context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'dashlet');
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'dashlet');
$this->assign('context', $context);
// a user can always view their own activity
......
......@@ -45,7 +45,7 @@ class CRM_Dashlet_Page_AllCases extends CRM_Core_Page {
* @return void
*/
public function run() {
$context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'dashlet');
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'dashlet');
$this->assign('context', $context);
//check for civicase access.
......
......@@ -70,7 +70,7 @@ class CRM_Dashlet_Page_GettingStarted extends CRM_Core_Page {
* List gettingStarted page as dashlet.
*/
public function run() {
$context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'dashlet');
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'dashlet');
// Assign smarty variables.
$this->assign('context', $context);
......
......@@ -45,7 +45,7 @@ class CRM_Dashlet_Page_MyCases extends CRM_Core_Page {
* @return void
*/
public function run() {
$context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'dashlet');
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'dashlet');
$this->assign('context', $context);
//check for civicase access.
......
......@@ -223,7 +223,7 @@ class CRM_Event_Form_Participant extends CRM_Contribute_Form_AbstractEditPayment
// @todo eliminate this duplication.
$this->_contactId = $this->_contactID;
$this->_eID = CRM_Utils_Request::retrieve('eid', 'Positive', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->assign('context', $this->_context);
if ($this->_contactID) {
......
......@@ -97,7 +97,7 @@ class CRM_Event_Form_Search extends CRM_Core_Form_Search {
$this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean');
$this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE);
$this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search');
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search');
$this->_ssID = CRM_Utils_Request::retrieve('ssID', 'Positive', $this);
$this->assign("context", $this->_context);
......
......@@ -57,7 +57,7 @@ class CRM_Event_Form_Task_Badge extends CRM_Event_Form_Task {
* @return void
*/
public function preProcess() {
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
if ($this->_context == 'view') {
$this->_single = TRUE;
......
......@@ -59,7 +59,7 @@ class CRM_Event_Page_EventInfo extends CRM_Core_Page {
}
$action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE);
$context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'register');
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'register');
$this->assign('context', $context);
// Sometimes we want to suppress the Event Full msg
......
......@@ -119,7 +119,7 @@ class CRM_Event_Page_Tab extends CRM_Core_Page {
}
public function preProcess() {
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse');
$this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this);
......
......@@ -47,7 +47,7 @@ class CRM_Financial_Form_FinancialBatch extends CRM_Contribute_Form {
* Set variables up before form is built.
*/
public function preProcess() {
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->set("context", $context);
$this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this);
parent::preProcess();
......
......@@ -267,7 +267,7 @@ class CRM_Financial_Page_AJAX {
$rowCount = isset($_REQUEST['iDisplayLength']) ? CRM_Utils_Type::escape($_REQUEST['iDisplayLength'], 'Integer') : 25;
$sort = isset($_REQUEST['iSortCol_0']) ? CRM_Utils_Array::value(CRM_Utils_Type::escape($_REQUEST['iSortCol_0'], 'Integer'), $sortMapper) : NULL;
$sortOrder = isset($_REQUEST['sSortDir_0']) ? CRM_Utils_Type::escape($_REQUEST['sSortDir_0'], 'String') : 'asc';
$context = isset($_REQUEST['context']) ? CRM_Utils_Type::escape($_REQUEST['context'], 'String') : NULL;
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric');
$entityID = isset($_REQUEST['entityID']) ? CRM_Utils_Type::escape($_REQUEST['entityID'], 'String') : NULL;
$notPresent = isset($_REQUEST['notPresent']) ? CRM_Utils_Type::escape($_REQUEST['notPresent'], 'String') : NULL;
$statusID = isset($_REQUEST['statusID']) ? CRM_Utils_Type::escape($_REQUEST['statusID'], 'String') : NULL;
......
......@@ -74,7 +74,7 @@ class CRM_Financial_Page_FinancialBatch extends CRM_Core_Page_Basic {
* Finally it calls the parent's run method.
*/
public function run() {
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->set("context", $context);
$id = $this->getIdAndAction();
......
......@@ -75,7 +75,7 @@ class CRM_Grant_Form_Grant extends CRM_Core_Form {
if ($this->_id) {
$this->_grantType = CRM_Core_DAO::getFieldValue('CRM_Grant_DAO_Grant', $this->_id, 'grant_type_id');
}
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->assign('action', $this->_action);
$this->assign('context', $this->_context);
......
......@@ -47,7 +47,7 @@ class CRM_Grant_Form_GrantView extends CRM_Core_Form {
public function preProcess() {
$this->_contactID = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
$this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this);
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->assign('context', $context);
$values = array();
......
......@@ -91,7 +91,7 @@ class CRM_Grant_Form_Search extends CRM_Core_Form_Search {
$this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean');
$this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE);
$this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search');
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search');
$this->assign("context", $this->_context);
......
......@@ -102,7 +102,7 @@ class CRM_Grant_Page_Tab extends CRM_Contact_Page_View {
* @return void
*/
public function preProcess() {
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse');
$this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this);
......@@ -151,7 +151,7 @@ class CRM_Grant_Page_Tab extends CRM_Contact_Page_View {
}
public function setContext() {
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->_id = CRM_Utils_Request::retrieve('id', 'Integer', $this);
$session = CRM_Core_Session::singleton();
......
......@@ -63,7 +63,7 @@ class CRM_Mailing_Page_Event extends CRM_Core_Page {
// check that the user has permission to access mailing id
CRM_Mailing_BAO_Mailing::checkPermission($mailing_id);
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
if ($context == 'activitySelector') {
$cid = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
......
......@@ -110,7 +110,7 @@ class CRM_Mailing_Page_Report extends CRM_Core_Page_Basic {
CRM_Mailing_BAO_Mailing::getMailingContent($report, $this);
// assign backurl
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$cid = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
if ($context == 'activitySelector') {
......
......@@ -110,7 +110,7 @@ class CRM_Member_Form extends CRM_Contribute_Form_AbstractEditPayment {
parent::preProcess();
$params = array();
$params['context'] = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'membership');
$params['context'] = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'membership');
$params['id'] = CRM_Utils_Request::retrieve('id', 'Positive', $this);
$params['mode'] = CRM_Utils_Request::retrieve('mode', 'String', $this);
......
......@@ -166,7 +166,7 @@ class CRM_Member_Form_MembershipView extends CRM_Core_Form {
$this->contactID = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
// Make sure context is assigned to template for condition where we come here view civicrm/membership/view
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->assign('context', $context);
if ($this->membershipID) {
......
......@@ -92,7 +92,7 @@ class CRM_Member_Form_Search extends CRM_Core_Form_Search {
$this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean');
$this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE);
$this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this);
$this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search');
$this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search');
$this->assign("context", $this->_context);
......
......@@ -306,7 +306,7 @@ class CRM_Member_Page_Tab extends CRM_Core_Page {
}
public function preProcess() {
$context = CRM_Utils_Request::retrieve('context', 'String', $this);
$context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
$this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse');
$this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this);
......@@ -390,7 +390,7 @@ class CRM_Member_Page_Tab extends CRM_Core_Page {
* @param int $contactId
*/
public static function setContext(&$form, $contactId = NULL) {