Skip to content

CiviCRM Documentation

hook_civicrm_userContentPolicy

Home > Developer Guide > Hooks > Uncategorized Hooks

hook_civicrm_userContentPolicy

Summary

This hook is called when Smarty Security mode is enabled for user content evaluation such as in message templates.

Notes

This hook was introduced as part of a security release (CiviCRM 5.74.4, 5.69.6-ESR).
See the related security advisory, CIVI-SA-2024-03.
For CiviCRM's default policy, see CRM/Core/Smarty/UserContentPolicy.php.

Definition

hook_civicrm_userContentPolicy($policy = NULL)

Parameters

$policy - is an instance of \CRM_Core_Smarty_UserContentPolicy

Returns

return void

Example

function allowapi_civicrm_userContentPolicy(CRM_Core_Smarty_UserContentPolicy $policy) {
  // Enable access to '{crmAPI}'
  $policy->disabled_tags = array_diff($policy->disabled_tags, ['crmAPI']);
}