Eileen McNaughton [Thu, 30 May 2019 02:12:54 +0000 (14:12 +1200)]
Merge pull request #14378 from seamuslee001/dev_core_969
Update bower.json to target fixed jquery branch for dev/core#969
Seamus Lee [Thu, 30 May 2019 02:07:11 +0000 (12:07 +1000)]
Update bower.json to target fixed jquery branch for dev/core#969
Seamus Lee [Wed, 29 May 2019 02:13:42 +0000 (12:13 +1000)]
Merge pull request #14355 from seamuslee001/harden_extern_open
Validate queue_id is a positive integer before passing to the BAO
Seamus Lee [Mon, 27 May 2019 06:27:25 +0000 (16:27 +1000)]
Validate queue_id is a positive integer before passing to the BAO
Switch to using retrieveValue as per Eileen
Seamus Lee [Mon, 27 May 2019 06:59:27 +0000 (16:59 +1000)]
Merge pull request #14351 from seamuslee001/ics_file
dev/core#974 Whitelist .ics extension
Seamus Lee [Mon, 20 May 2019 23:04:49 +0000 (09:04 +1000)]
Whitelist .ics file extension
Include Upgrade step and regenrate civicrm_generated file
Fix upgrade
Eileen McNaughton [Mon, 27 May 2019 04:15:37 +0000 (16:15 +1200)]
Merge pull request #14280 from seamuslee001/dev_core_975
dev/core#975 Fix url for new activity in breadcrumbs
Seamus Lee [Tue, 21 May 2019 09:11:41 +0000 (19:11 +1000)]
dev/core#975 Fix url for new activity in breadcrumbs in find activity search
Eileen McNaughton [Sun, 26 May 2019 20:54:47 +0000 (08:54 +1200)]
Merge pull request #14332 from civicrm/colemanw-patch-1
dev/core#968 Fix javascript error on public pages
colemanw [Sat, 25 May 2019 19:15:19 +0000 (15:15 -0400)]
dev/core#968 Fix javascript error on public pages
Checks for the existence of the toolbar item before referencing it.
Seamus Lee [Fri, 24 May 2019 23:44:35 +0000 (09:44 +1000)]
Merge pull request #14322 from AlainBenbassat/5.14
fixes issue #981: sort participants did not remember search criteria
Alain Benbassat [Fri, 24 May 2019 21:37:58 +0000 (23:37 +0200)]
fixes issue #981: sort participants did not remember search criteria
Seamus Lee [Tue, 21 May 2019 21:18:32 +0000 (07:18 +1000)]
Merge pull request #14277 from seamuslee001/dev_core_976
Remove htmlpurifier from composer and move it back to within IDS to f…
Seamus Lee [Tue, 21 May 2019 02:31:32 +0000 (12:31 +1000)]
Remove htmlpurifier from composer and move it back to within IDS to fix breakage on drupal with the htmlpurifier module
Seamus Lee [Wed, 15 May 2019 20:39:27 +0000 (06:39 +1000)]
Jenkins style fix
totten [Wed, 15 May 2019 15:48:00 +0000 (15:48 +0000)]
Update 5.13.4.md
Seamus Lee [Tue, 14 May 2019 21:19:22 +0000 (07:19 +1000)]
Update date of 5.13.3 release and add in APIv4 SA into 5.13.4
totten [Tue, 14 May 2019 10:34:04 +0000 (10:34 +0000)]
Update 5.13.4.md
Seamus Lee [Wed, 1 May 2019 02:40:10 +0000 (12:40 +1000)]
WIP Release Notes for security release
Update Release notes based on Tim's Review and likely drop of 5.13.3
Tim Otten [Wed, 8 May 2019 23:41:55 +0000 (16:41 -0700)]
civicrm/file - Be forgiving about old image hyperlinks
Previous versions of Civi sometimes generated URLs for contact-images with incorrect `&mime-type` values:
http://dmaster.bknix:8001/civicrm/file?reset=1&filename=Hello_cca4153cb14beab37c68ab7f07162425.jpg&mime-type=image/jpg
The recent security update will generate an error if the mime-type is incorrect, so this patch relaxes it
to allow the old links to continue working.
Seamus Lee [Fri, 3 May 2019 04:53:48 +0000 (14:53 +1000)]
Add whitelist back in and validate extension of file is permtted for the mime-type supplied and use mime-type from db if supplied with an fid and eid
Switch to different libary that is php5.6 compatable
Seamus Lee [Fri, 29 Mar 2019 23:34:47 +0000 (10:34 +1100)]
Strength mime checking by comparing mime-type to the file path mime-type if we have entity_id and file id otherwise only permit image mime_types to be accepted if going via the filename route
Ensure mimetype is set in the case where we are passing it through and its valid
Remove Whitelisting of mime-types as not useful and only check mime-types if we have had one passed in
Seamus Lee [Sun, 3 Mar 2019 01:14:16 +0000 (12:14 +1100)]
Resolve security/core#45 by validating the mimeType of the file with the supplied mime-type
Seamus Lee [Mon, 29 Apr 2019 04:05:15 +0000 (14:05 +1000)]
Resolve security/core#52 by validating that an installtype is sensible
Seamus Lee [Sat, 30 Mar 2019 05:19:58 +0000 (16:19 +1100)]
security/core#49 Ensure that only intergers are passed to the IN build options in address
Fix Rule checking and add a unit test
Add in unit test on building country_id options too
Add in a unit test for building county options with a state_province_id filter
Seamus Lee [Sun, 28 Apr 2019 22:32:58 +0000 (08:32 +1000)]
Also escape subtype to fix POC#2 found by Patrick
Jamie McClelland [Wed, 20 Feb 2019 17:59:34 +0000 (12:59 -0500)]
escape alphanumeric/checkbox custom data
Seamus Lee [Mon, 22 Apr 2019 07:45:52 +0000 (17:45 +1000)]
Fix security/core#51 by paramatising the Event Type part of the wuere clause
Seamus Lee [Wed, 24 Apr 2019 20:03:57 +0000 (06:03 +1000)]
Resolve security/core#53 by updating tcpdf to latest version of 6.2.x
Tim Otten [Tue, 23 Apr 2019 23:00:35 +0000 (16:00 -0700)]
(security/core#50) Update jQuery to address prototype pollution
Coleman Watts [Tue, 26 Mar 2019 22:16:18 +0000 (18:16 -0400)]
Don't expose condition to api.getoptions
Tim Otten [Tue, 5 Mar 2019 00:05:06 +0000 (16:05 -0800)]
Harden against serialization vulnerabilities (#46)
Seamus Lee [Tue, 14 May 2019 23:28:23 +0000 (09:28 +1000)]
Merge pull request #14246 from seamuslee001/5.14-release-notes
5.13.3 Release Notes
Tim Otten [Tue, 14 May 2019 10:54:21 +0000 (11:54 +0100)]
contributor-key.yml, 5.13.13.md - Fix typo in credit
I saw a typo and asked Patrick for preferred text.
Tim Otten [Sat, 11 May 2019 08:04:52 +0000 (09:04 +0100)]
Update 5.13.3.md
Tim Otten [Sat, 11 May 2019 08:03:11 +0000 (09:03 +0100)]
Update 5.13.3.md
Seamus Lee [Sat, 11 May 2019 01:59:59 +0000 (11:59 +1000)]
Update release notes
Seamus Lee [Fri, 10 May 2019 22:42:58 +0000 (08:42 +1000)]
Add in Release notes for 5.13.3 Drop
Eileen McNaughton [Sat, 11 May 2019 23:48:34 +0000 (11:48 +1200)]
Merge pull request #14236 from seamuslee001/activity_test
Fix Failing Activity Test
Seamus Lee [Sat, 11 May 2019 07:25:11 +0000 (17:25 +1000)]
Fix Failing Activity Test
Seamus Lee [Sat, 11 May 2019 06:40:48 +0000 (16:40 +1000)]
Merge pull request #14223 from eileenmcnaughton/5.14
dev/core#942 fix failure to render names for some activities
eileenmcnaugton [Fri, 10 May 2019 04:13:11 +0000 (16:13 +1200)]
dev/core#942 fix failure to render names for some activities
Overview
----------------------------------------
Set limit for activity_contact retrieval to 0, allowing to retrieve more than 25 activity contacts when rendering the first 25 activities on the activity contact tab
Before
----------------------------------------
![before](https://user-images.githubusercontent.com/336308/
57439801-
e42a0580-729a-11e9-80a1-
45df93d0c5eb.jpg)
After
----------------------------------------
![after](https://user-images.githubusercontent.com/336308/
57439960-
39fead80-729b-11e9-9701-
acd79ff73497.jpg)
Technical Details
----------------------------------------
This moves the logic for retrieving the target contacts back into the getActivities function. We are stil not wanting to bypass the ACLs so still using the
api but strictly limiting the number of contacts we retrieve (at the cost of extra queries, but cheap ones).
Some tests added on the Bulk Mail activity.
Comments
----------------------------------------
Eileen McNaughton [Sat, 11 May 2019 01:33:52 +0000 (13:33 +1200)]
Merge pull request #14233 from seamuslee001/participant_count_search_fix
dev/core#956 Fix hard breakage in find participants form when you do a filter on o…
Seamus Lee [Fri, 10 May 2019 23:31:19 +0000 (09:31 +1000)]
Merge pull request #14220 from pradpnayak/core/issues/923
core/issues/923, Fixed notice error when creating/editing profile
Seamus Lee [Fri, 10 May 2019 23:24:47 +0000 (09:24 +1000)]
dev/core#956 Fix hard breakage in find participants form when you do a filter on one event and n participant statues
Eileen McNaughton [Fri, 10 May 2019 09:05:17 +0000 (21:05 +1200)]
Merge pull request #14214 from jitendrapurohit/activity-input
Add select2 to input field of datepicker
Eileen McNaughton [Fri, 10 May 2019 09:02:30 +0000 (21:02 +1200)]
Merge pull request #14221 from seamuslee001/activty_wrapper_date_picker_template
Add in Wrapper template around DatePickerRange template to have bette…
Seamus Lee [Fri, 10 May 2019 00:16:19 +0000 (10:16 +1000)]
Add in Wrapper template around DatePickerRange template to have better layout of Activity Search Form
Allow for colspan and class to be set when adding in wrapper
Update the wrapper to be only one td and not all and fix activity template appropriately
Eileen McNaughton [Thu, 9 May 2019 23:52:24 +0000 (11:52 +1200)]
Merge pull request #14219 from colemanw/hover
dev/core#950 Remove deprecated :hover jQuery selector
Coleman Watts [Thu, 9 May 2019 21:50:53 +0000 (17:50 -0400)]
Remove deprecated :hover jQuery selector
Pradeep Nayak [Thu, 9 May 2019 21:35:00 +0000 (22:35 +0100)]
core/issues/923, Fixed notice error when creating/editing profile
Jitendra Purohit [Wed, 8 May 2019 04:40:18 +0000 (10:10 +0530)]
Add select2 to input field of datepicker
Seamus Lee [Tue, 7 May 2019 01:35:15 +0000 (11:35 +1000)]
Merge pull request #14210 from seamuslee001/5_13_2_release_notes
Add 5.13.2 release notes
Tim Otten [Mon, 6 May 2019 23:32:12 +0000 (16:32 -0700)]
Update 5.13.2.md
Seamus Lee [Mon, 6 May 2019 22:35:55 +0000 (08:35 +1000)]
Update Release notes for dev/core#940
Include Dave D for review purposes
Tim Otten [Mon, 6 May 2019 19:31:11 +0000 (12:31 -0700)]
Add 5.13.2 release notes
Seamus Lee [Mon, 6 May 2019 23:34:42 +0000 (09:34 +1000)]
Merge pull request #14208 from seamuslee001/dev_core_940_5_14
(dev/core#940) Fix regression involving Email Processor filing and ".unknown" attachments
Seamus Lee [Mon, 6 May 2019 22:29:50 +0000 (08:29 +1000)]
Fix Regression in Email Processor filing all emails as .unknown attachments
Seamus Lee [Mon, 6 May 2019 20:36:27 +0000 (06:36 +1000)]
Merge pull request #14204 from totten/5.14-act-sort
(dev/core#934; followup) Fix escaping on new query code
Tim Otten [Mon, 6 May 2019 19:34:37 +0000 (12:34 -0700)]
(dev/core#934; followup) Fix escaping on new query code
This updates a line which was added in the past day (#14194) to ensure that
the data is escaped.
Seamus Lee [Sun, 5 May 2019 02:38:19 +0000 (12:38 +1000)]
Merge pull request #14194 from eileenmcnaughton/activity_sort
dev/core#934 Fix regression on sorting activity tab by 'Added by'
eileen [Fri, 3 May 2019 02:37:14 +0000 (14:37 +1200)]
dev/core#934 Fix regression on sorting activity tab by 'Added by'
Eileen McNaughton [Fri, 3 May 2019 05:29:19 +0000 (17:29 +1200)]
Merge pull request #14193 from seamuslee001/5.14
On PHP 7.2 we cannot start session until it has been configured by Dr…
mark burdett [Tue, 16 Apr 2019 23:29:43 +0000 (16:29 -0700)]
On PHP 7.2 we cannot start session until it has been configured by Drupal.
Seamus Lee [Fri, 3 May 2019 00:55:29 +0000 (10:55 +1000)]
Merge pull request #14191 from seamuslee001/5_13_release_notes
Add in release notes for 5.13.1 drop
Seamus Lee [Thu, 2 May 2019 23:16:12 +0000 (09:16 +1000)]
Merge pull request #14135 from colemanw/menubarVars
Hook to alter menubar css variables & fix breakpoint in WP
Tim Otten [Thu, 2 May 2019 22:48:16 +0000 (15:48 -0700)]
Update 5.13.1.md
Seamus Lee [Thu, 2 May 2019 22:08:02 +0000 (08:08 +1000)]
Merge pull request #14189 from MegaphoneJon/wordpress-26-5.14
wordpress#26 - fix REST
Seamus Lee [Thu, 2 May 2019 21:30:39 +0000 (07:30 +1000)]
Add in release notes for 5.13.1 drop
Jon Goldberg [Thu, 2 May 2019 20:00:19 +0000 (16:00 -0400)]
wordpress#26 - fix REST
Seamus Lee [Thu, 2 May 2019 21:09:40 +0000 (07:09 +1000)]
Merge pull request #14188 from seamuslee001/dev_core_931_5_14
Resolve dev/core#931 by not doing translation on the query if field e…
Seamus Lee [Thu, 2 May 2019 20:22:41 +0000 (06:22 +1000)]
Resolve dev/core#931 by not doing translation on the query if field exists during the upgrade process
CiviCRM [Thu, 2 May 2019 04:35:35 +0000 (04:35 +0000)]
Set version to 5.14.beta1
Seamus Lee [Thu, 2 May 2019 02:29:36 +0000 (12:29 +1000)]
Merge pull request #14176 from civicrm/5.13
5.13
Tim Otten [Thu, 2 May 2019 02:23:55 +0000 (19:23 -0700)]
Merge pull request #14056 from agh1/5.13.0-releasenotes
5.13.0 release notes
Tim Otten [Wed, 1 May 2019 23:50:50 +0000 (16:50 -0700)]
Update 5.13.0.md
Eileen McNaughton [Wed, 1 May 2019 23:27:10 +0000 (11:27 +1200)]
Merge pull request #14173 from mlutfy/cart-payment-cid
Event Cart: pass the contactID to fix payment on Stripe
Eileen McNaughton [Wed, 1 May 2019 23:26:27 +0000 (11:26 +1200)]
Merge pull request #14170 from mlutfy/cart-emails
Event Cart: fix sending of email receipts
Eileen McNaughton [Wed, 1 May 2019 23:25:51 +0000 (11:25 +1200)]
Merge pull request #14175 from mlutfy/cart-cc-icons
Event Cart: add support for the Credit Card type icons
Eileen McNaughton [Wed, 1 May 2019 23:25:31 +0000 (11:25 +1200)]
Merge pull request #14174 from mlutfy/cart-allow-same-participant
Event Cart: honor the allow_same_participant_emails setting
Mathieu Lutfy [Wed, 1 May 2019 15:08:06 +0000 (11:08 -0400)]
Event Cart: pass the contactID to fix payment on Stripe
Andrew Hunt [Wed, 1 May 2019 21:23:38 +0000 (17:23 -0400)]
5.13.0 release notes: late changes
Alice Frumin [Thu, 25 Apr 2019 20:12:08 +0000 (16:12 -0400)]
uppercase if work is continued or begun
Alice Frumin [Thu, 25 Apr 2019 20:06:12 +0000 (16:06 -0400)]
moving gitlab issues to the end
Alice Frumin [Tue, 16 Apr 2019 17:21:09 +0000 (13:21 -0400)]
5.13.0 release notes: bulk of edits
Andrew Hunt [Mon, 15 Apr 2019 21:01:28 +0000 (17:01 -0400)]
5.13.0 release notes: added boilerplate
Andrew Hunt [Mon, 15 Apr 2019 19:21:33 +0000 (15:21 -0400)]
5.13.0 release notes: raw from script
Mathieu Lutfy [Wed, 1 May 2019 15:33:37 +0000 (11:33 -0400)]
Event Cart: add support for the Credit Card type icons
Mathieu Lutfy [Wed, 1 May 2019 15:13:28 +0000 (11:13 -0400)]
Event Cart: honor the allow_same_participant_emails setting
Matthew Wire [Wed, 1 May 2019 12:05:26 +0000 (13:05 +0100)]
Merge pull request #14169 from mlutfy/cart-i18n
Event Cart: fix start_date formatting in line items during checkout
Matthew Wire [Wed, 1 May 2019 11:26:04 +0000 (12:26 +0100)]
Merge pull request #14168 from eileenmcnaughton/enotice
dev/core#918 enotice fix part 2 #14165
Mathieu Lutfy [Wed, 1 May 2019 10:32:52 +0000 (06:32 -0400)]
Event Cart: fix sending of email receipts
Mathieu Lutfy [Wed, 1 May 2019 10:25:00 +0000 (06:25 -0400)]
Event Cart: fix start_date formatting in line items during checkout
eileen [Wed, 1 May 2019 08:34:34 +0000 (20:34 +1200)]
dev/core#918 enotice fix part 2 #14165
Seamus Lee [Wed, 1 May 2019 00:33:41 +0000 (10:33 +1000)]
Merge pull request #14166 from civicrm/5.13
5.13
Seamus Lee [Wed, 1 May 2019 00:25:06 +0000 (10:25 +1000)]
Merge pull request #14163 from seamuslee001/flexmailer_26
(flexmailer#29) civicrm/mailing/view - Use Mailing.preview API. Fix compatibility with Flexmailer.
Eileen McNaughton [Tue, 30 Apr 2019 23:59:47 +0000 (11:59 +1200)]
Merge pull request #13887 from eileenmcnaughton/group_entity
dev/core#818 Partial conversion of Group form to be an EntityForm
Eileen McNaughton [Tue, 30 Apr 2019 23:41:42 +0000 (11:41 +1200)]
Merge pull request #14164 from eileenmcnaughton/in_fix
Fix deprecation handling [intra-rc-follow up] on #13999]
Seamus Lee [Tue, 30 Apr 2019 23:11:56 +0000 (09:11 +1000)]
Return MailingID rather than ['id'] as id may not always be supplied
Tim Otten [Tue, 30 Apr 2019 22:50:21 +0000 (15:50 -0700)]
(flexmailer#29) civicrm/mailing/view - Generate content via Mailing.preview API
A root cause of flexmailer#29 is that the flexmailer has to override
multiple parts of CiviMail. Case in point: it overrides the
`civicrm/mailing/view` and forces it to generate content via
`Mailing.preview` API. This is unfortunate because flexmailer's variant is
missing other features (regarding permissioning and contact IDs).
This revision makes it unnecessary for flexmailer to override
`civicrm/mailing/view`.