'recentItemsMaxCount' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME,
'recentItemsProviders' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME,
'dedupe_default_limit' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME,
- 'allow_profile_html_snippet' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME,
+ 'remote_profile_submissions_allowed' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME,
);
public $_uploadMaxSize;
if ($secondArg == 'edit' || $secondArg == 'create') {
if ($secondArg == 'edit') {
- $allowHtmlSnippet = Civi::settings()->get('allow_profile_html_snippet');
+ $allowRemoteSubmit = Civi::settings()->get('remote_profile_submissions_allowed');
$controller = new CRM_Core_Controller_Simple('CRM_Profile_Form_Edit',
ts('Create Profile'),
CRM_Core_Action::UPDATE,
- FALSE, FALSE, $allowHtmlSnippet
+ FALSE, FALSE, $allowRemoteSubmit
);
$controller->set('edit', 1);
$controller->process();
'extra' => 'onclick = "return confirm(\'' . $copyExtra . '\');"',
),
);
- $allowHtmlSnippet = Civi::settings()->get('allow_profile_html_snippet');
- if ($allowHtmlSnippet) {
+ $allowRemoteSubmit = Civi::settings()->get('remote_profile_submissions_allowed');
+ if ($allowRemoteSubmit) {
self::$_actionLinks[CRM_Core_Action::PROFILE] = array(
'name' => ts('HTML Form Snippet'),
'url' => 'civicrm/admin/uf/group',
$postUpgradeMessage .= '<p>' . ts('The custom fatal error template setting has been removed.') . '</p>';
}
- if ($rev == '4.7.9') {
- $postUpgradeMessage .= '<br /><br />' . ts("WARNING: To improve security, HTML snippets for profiles are no longer allowed to create or edit data by default. If you need to allow users to submit profiles using HTML snippets, you can enable by going to Administer > System Settings > Misc (Undelete, PDFs, Limits, Logging, Captcha, etc.) and clicking to enable 'Override security by accepting unauthenticated posts from other sites?");
+ if ($rev == '4.7.21') {
+ $postUpgradeMessage .= '<br /><br />' . ts("WARNING: For increased security, profile submissions embedded in remote sites are no longer allowed to create or edit data by default. If you need to allow users to submit profiles from external sites, you can restore this at Administer > System Settings > Misc (Undelete, PDFs, Limits, Logging, Captcha, etc.) > 'Accept profile submissions from external sites'");
}
}
* $Id$
*
*/
-/*
+
+/**
* Settings metadata file
*/
return array(
'description' => NULL,
'help_text' => NULL,
),
- 'allow_profile_html_snippet' => array(
+ 'remote_profile_submissions_allowed' => array(
'group_name' => 'CiviCRM Preferences',
'group' => 'core',
- 'name' => 'allow_profile_html_snippet',
+ 'name' => 'remote_profile_submissions_allowed',
'type' => 'Boolean',
'quick_form_type' => 'YesNo',
'default' => FALSE,
'html_type' => 'radio',
'add' => '4.7',
- 'title' => 'Allow Profile Html Snippet',
+ 'title' => 'Accept profile submissions from external sites',
'is_domain' => 1,
'is_contact' => 0,
- 'description' => 'This settings allows to enable HTML snippet for profile.',
+ 'description' => 'If enabled, CiviCRM will permit submissions from external sites to profiles. This is disabled by default to limit abuse.',
'help_text' => NULL,
),
'editor_id' => array(
<td>{$form.recentItemsProviders.html}<br />
<span class="description">{$recentItemsProviders_description}</span></td>
</tr>
- <tr class="crm-miscellaneous-form-block-allow_profile_html_snippet">
- <td class="label">{$form.allow_profile_html_snippet.label}</td>
- <td>{$form.allow_profile_html_snippet.html}<br />
- <p class="description">{ts}If enabled, CiviCRM will allow users to submit profiles using HTML snippets.{/ts}</p>
+ <tr class="crm-miscellaneous-form-block-remote_profile_submissions_allowed">
+ <td class="label">{$form.remote_profile_submissions_allowed.label}</td>
+ <td>{$form.remote_profile_submissions_allowed.html}<br />
+ <p class="description">{ts}If enabled, CiviCRM will allow users to submit profiles from external sites. This is disabled by default to limit abuse.{/ts}</p>
</td>
</tr>
projects / civicrm-core.git / commitdiff