Skip to content

hook_civicrm_userContentPolicy¶

Summary¶

This hook is called when Smarty Security mode is enabled for user content evaluation such as in message templates.

Notes¶

This hook was introduced as part of a security release (CiviCRM 5.74.4, 5.69.6-ESR).
See the related security advisory, CIVI-SA-2024-03.
For CiviCRM's default policy, see CRM/Core/Smarty/UserContentPolicy.php.

Definition¶

hook_civicrm_userContentPolicy($policy = NULL)

Parameters¶

$policy - is an instance of \CRM_Core_Smarty_UserContentPolicy

Returns¶

return void

Example¶

function allowapi_civicrm_userContentPolicy(CRM_Core_Smarty_UserContentPolicy $policy) {
  // Enable access to '{crmAPI}'
  $policy->disabled_tags = array_diff($policy->disabled_tags, ['crmAPI']);
}