Commit 44884df9 authored by MikeyMJCO's avatar MikeyMJCO
Browse files

Merge branch 'invalidatehook' into 'master'

Add hook_civicrm_invalidateChecksum

See merge request !960
parents 230b50b8 2fa21b5a
......@@ -6,6 +6,8 @@ For API changes, see [APIv4 Changelog](../api/v4/changes.md) and [APIv3 Changelo
## CiviCRM 5.x
### 5.41: hook_invalidateChecksum added.
### 5.39: hook_searchKitTasks added.
### 5.31: deprecated hook_civicrm_tabs finally removed
......
# hook_civicrm_invalidateChecksum
## Summary
This hook allows you to invalidate contact checksums (see https://docs.civicrm.org/user/en/latest/common-workflows/tokens-and-mail-merge/#checksum).
It does NOT allow marking a checksum as valid because it could easily open up a security hole - e.g. it could inadvertently allow access to data it shouldn't, especially if multiple extensions implement the hook.
## Definition
hook_civicrm_invalidateChecksum($contactID, $checksum, &$invalid)
## Parameters
- `$contactID` (string) - The contact ID of the checksum.
- `$checksum` (string) - The checksum to validate.
- `$invalid` (bool) - Default `false`. Set this to `true` to invalidate.
## Returns
- null
## Example (Invalidate a list of checksums)
/**
* Implements hook_civicrm_invalidateChecksum().
*
* @param string $contactID
* @param string $checksum
* @param bool $invalid
*/
function example_civicrm_invalidateChecksum($contactID, $checksum, &$invalid) {
// These checksums sent out hardcoded via mailing on 14th July (valid for 30 days)
if (in_array($checksum, ['fdsfsdfdsf_sfsd_123', 'fsa34f30fsfs_sf34f_123'])) {
$invalid = TRUE;
\Civi::log()->warning('Invalidated checksum was used: ' . $checksum . ' for contact ID ' . $contactID);
// Optionally trigger a redirect to another page explaining why it was invalid
// CRM_Utils_System::redirect('https://example.org/invalidchecksumlandingpage');
}
}
......@@ -123,6 +123,7 @@ This is an overview list of all available hooks, listed by category.
* **[hook_civicrm_aclGroup](hook_civicrm_aclGroup.md)** - called when composing the ACL to restrict access to civicrm entities (civicrm groups, profiles and events).
* **[hook_civicrm_aclWhereClause](hook_civicrm_aclWhereClause.md)** - called when composing the ACL where clause to restrict visibility of contacts to the logged in user.
* **[hook_civicrm_alterAPIPermissions](hook_civicrm_alterAPIPermissions.md)** - called when API version 3 permissions are checked. Note that this does not apply to API version 4.
* **[hook_civicrm_invalidateChecksum](hook_civicrm_invalidateChecksum.md)** - allows you to invalidate contact checksums (see https://docs.civicrm.org/user/en/latest/common-workflows/tokens-and-mail-merge/#checksum).
* **[hook_civicrm_notePrivacy](hook_civicrm_notePrivacy.md)** - provides a way to override the default privacy behavior for notes.
* **[hook_civicrm_permission](hook_civicrm_permission.md)** - called to allow custom permissions to be defined.
* **[hook_civicrm_permission_check](hook_civicrm_permission_check.md)** - called to dynamically alter permissions based on conditions or external criteria.
......
......@@ -221,6 +221,7 @@ nav:
- hook_civicrm_aclGroup: hooks/hook_civicrm_aclGroup.md
- hook_civicrm_aclWhereClause: hooks/hook_civicrm_aclWhereClause.md
- hook_civicrm_alterAPIPermissions: hooks/hook_civicrm_alterAPIPermissions.md
- hook_civicrm_invalidateChecksum: hooks/hook_civicrm_invalidateChecksum.md
- hook_civicrm_notePrivacy: hooks/hook_civicrm_notePrivacy.md
- hook_civicrm_permission: hooks/hook_civicrm_permission.md
- hook_civicrm_permission_check: hooks/hook_civicrm_permission_check.md
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment