From 921ea49debc5ec5b1e89a81b93470b29cab4920d Mon Sep 17 00:00:00 2001
From: Marc Michalsky forumZFD <michalsky@forumzfd.de>
Date: Fri, 19 Feb 2021 14:44:06 +0100
Subject: [PATCH] [#43] [#44] validate campaign_id

cast numeric string to integer and test if a related campaign exists
---
 CRM/Twingle/Submission.php | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/CRM/Twingle/Submission.php b/CRM/Twingle/Submission.php
index 0daee20..b96c64e 100644
--- a/CRM/Twingle/Submission.php
+++ b/CRM/Twingle/Submission.php
@@ -117,6 +117,30 @@ class CRM_Twingle_Submission {
         );
       }
     }
+
+    // Validate campaign_id, if given.
+    if (!empty($params['campaign_id'])) {
+      // Check whether campaign_id is a numeric string and cast it to an integer.
+      if (is_numeric($params['campaign_id'])) {
+        $params['campaign_id'] = intval($params['campaign_id']);
+      }
+      else {
+        throw new CiviCRM_API3_Exception(
+          E::ts('campaign_id must be a numeric string. '),
+          'invalid_format'
+        );
+      }
+      // Check whether given campaign_id exists and if not, unset the parameter.
+      try {
+        civicrm_api3(
+          'Campaign',
+          'getsingle',
+          ['id' => $params['campaign_id']]
+        );
+      } catch (CiviCRM_API3_Exception $e) {
+        unset($params['campaign_id']);
+      }
+    }
   }
 
   /**