Commit 9c57d89e authored by Romain Thouvenin's avatar Romain Thouvenin
Browse files

API function to sieve tracking errors and keep the interesting stuff

parent 9ed0c1a8
<?php
use CRM_Traxivi_ExtensionUtil as E;
function _civicrm_api3_traxy_Ignoreknownerrors_spec(&$spec) {
$spec['message']['api.required'] = 1;
}
/**
* Rabbitizen consumer meant to process messages rejected by other traxy consumers,
* and ignore anything that is a known hacking attempt or anything else that we don't care about,
* so that we can focus on actual potential human mistakes or civicrm bugs
*/
function civicrm_api3_traxy_Ignoreknownerrors($params) {
$json_msg = json_decode($params['message']);
$queue_id = $json_msg->params->qid;
if (!CRM_Utils_Rule::positiveInteger($queue_id)) {
//This is an SQL injection attempt or some other form of ill-constructed URL
//We assume here that the civicrm click-and-open tracker is sufficiently old and stable that it won't generate such links
return civicrm_api3_create_success();
}
$max_qid = CRM_Core_DAO::executeQuery("SELECT FLOOR(MAX(id) * 1.1) FROM civicrm_mailing_event_queue")->fetchValue();
if ($queue_id > $max_qid) {
//This is probably someone trying some random value of queue id
return civicrm_api3_create_success();
}
if (isset($json_msg->params->u)) {
//Same as for queue id
$url_id = $json_msg->params->u;
if (!CRM_Utils_Rule::positiveInteger($url_id)) {
return civicrm_api3_create_success();
}
$max_uid = CRM_Core_DAO::executeQuery("SELECT FLOOR(MAX(id) * 1.1) FROM civicrm_mailing_trackable_url")->fetchValue();
if ($url_id > $max_uid) {
return civicrm_api3_create_success();
}
}
return civicrm_api3_create_error("The message cannot be ignored", ['retry_later' => FALSE]);
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment