'recentItemsMaxCount' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME,
'recentItemsProviders' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME,
'dedupe_default_limit' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME,
+ 'allow_profile_html_snippet' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME,
);
public $_uploadMaxSize;
if ($secondArg == 'edit' || $secondArg == 'create') {
if ($secondArg == 'edit') {
+ $allowHtmlSnippet = Civi::settings()->get('allow_profile_html_snippet');
$controller = new CRM_Core_Controller_Simple('CRM_Profile_Form_Edit',
ts('Create Profile'),
CRM_Core_Action::UPDATE,
- FALSE, FALSE, TRUE
+ FALSE, FALSE, $allowHtmlSnippet
);
$controller->set('edit', 1);
$controller->process();
ts('Create Profile'),
array(
'mode' => CRM_Core_Action::ADD,
- 'ignoreKey' => TRUE,
+ 'ignoreKey' => $allowHtmlSnippet,
)
);
}
'qs' => 'action=delete&id=%%id%%',
'title' => ts('Delete CiviCRM Profile Group'),
),
- CRM_Core_Action::PROFILE => array(
- 'name' => ts('HTML Form Snippet'),
- 'url' => 'civicrm/admin/uf/group',
- 'qs' => 'action=profile&gid=%%id%%',
- 'title' => ts('HTML Form Snippet for this Profile'),
- ),
CRM_Core_Action::COPY => array(
'name' => ts('Copy'),
'url' => 'civicrm/admin/uf/group',
'extra' => 'onclick = "return confirm(\'' . $copyExtra . '\');"',
),
);
+ $allowHtmlSnippet = Civi::settings()->get('allow_profile_html_snippet');
+ if ($allowHtmlSnippet) {
+ self::$_actionLinks[CRM_Core_Action::PROFILE] = array(
+ 'name' => ts('HTML Form Snippet'),
+ 'url' => 'civicrm/admin/uf/group',
+ 'qs' => 'action=profile&gid=%%id%%',
+ 'title' => ts('HTML Form Snippet for this Profile'),
+ );
+ }
}
return self::$_actionLinks;
}
$postUpgradeMessage .= '<p>' . ts('The custom fatal error template setting has been removed.') . '</p>';
}
+ if ($rev == '4.7.9') {
+ $postUpgradeMessage .= '<br /><br />' . ts("WARNING: To improve security, HTML snippets for profiles are no longer allowed to create or edit data by default. If you need to allow users to submit profiles using HTML snippets, you can enable by going to Administer > System Settings > Misc (Undelete, PDFs, Limits, Logging, Captcha, etc.) and clicking to enable 'Override security by accepting unauthenticated posts from other sites?");
+ }
}
/**
'description' => NULL,
'help_text' => NULL,
),
+ 'allow_profile_html_snippet' => array(
+ 'group_name' => 'CiviCRM Preferences',
+ 'group' => 'core',
+ 'name' => 'allow_profile_html_snippet',
+ 'type' => 'Boolean',
+ 'quick_form_type' => 'YesNo',
+ 'default' => FALSE,
+ 'html_type' => 'radio',
+ 'add' => '4.7',
+ 'title' => 'Allow Profile Html Snippet',
+ 'is_domain' => 1,
+ 'is_contact' => 0,
+ 'description' => 'This settings allows to enable HTML snippet for profile.',
+ 'help_text' => NULL,
+ ),
'editor_id' => array(
'group_name' => 'CiviCRM Preferences',
'group' => 'core',
</td>
</tr>
{/foreach}
+ </tr>
+ <tr class="crm-miscellaneous-form-block-recentItemsMaxCount">
+ <td class="label">{$form.recentItemsMaxCount.label}</td>
+ <td>{$form.recentItemsMaxCount.html}<br />
+ <span class="description">{$recentItemsMaxCount_description}</span></td>
+ </tr>
+ <tr class="crm-miscellaneous-form-block-recentItemsProviders">
+ <td class="label">{$form.recentItemsProviders.label}</td>
+ <td>{$form.recentItemsProviders.html}<br />
+ <span class="description">{$recentItemsProviders_description}</span></td>
+ </tr>
+ <tr class="crm-miscellaneous-form-block-allow_profile_html_snippet">
+ <td class="label">{$form.allow_profile_html_snippet.label}</td>
+ <td>{$form.allow_profile_html_snippet.html}<br />
+ <p class="description">{ts}If enabled, CiviCRM will allow users to submit profiles using HTML snippets.{/ts}</p>
+ </td>
+ </tr>
</table>
<h3>{ts}reCAPTCHA Keys{/ts}</h3>
projects / civicrm-core.git / commitdiff