Seamus Lee [Wed, 22 Apr 2020 06:32:08 +0000 (16:32 +1000)]
Merge pull request #17139 from civicrm/5.25
5.25
Seamus Lee [Wed, 22 Apr 2020 03:54:42 +0000 (13:54 +1000)]
Merge pull request #17134 from jitendrapurohit/core-1723-rc
dev/core#1723 - Adv Search - Reciprocal relationship search with custom fields leads to error
Jitendra Purohit [Tue, 21 Apr 2020 11:31:34 +0000 (17:01 +0530)]
RC fix for #17132
unit test fix
Tim Otten [Wed, 22 Apr 2020 02:07:27 +0000 (19:07 -0700)]
Merge pull request #17133 from eileenmcnaughton/dep
(NFC) Comment clarification in test class
Seamus Lee [Wed, 22 Apr 2020 01:26:33 +0000 (11:26 +1000)]
Merge pull request #17137 from seamuslee001/dev_core_1717
dev/core#1717 - Fix SMTP failure involving `disconnect()` method
Seamus Lee [Tue, 21 Apr 2020 21:11:29 +0000 (07:11 +1000)]
dev/core#1717 Fix SMTP failure on fail to disconnect due to new wrapper smtp mailer
Add in wrapper around to check if we can call it
Tim Otten [Tue, 21 Apr 2020 22:05:23 +0000 (15:05 -0700)]
Merge pull request #17105 from colemanw/psr-4
dev/core#1684 - Use PSR-4 autoloader instead of PSR-0 for "Civi" namespace
colemanw [Tue, 21 Apr 2020 21:49:52 +0000 (17:49 -0400)]
Merge pull request #16716 from mattwire/cancelsubscriptionaddemail
Add contributor email address to cancelSubscription form so it is cle…
Eileen McNaughton [Tue, 21 Apr 2020 20:00:30 +0000 (08:00 +1200)]
Merge pull request #17135 from demeritcowboy/leftover-description
dev/user-interface#19 - Remove leftover description text on contribution form mistakenly left in
demeritcowboy [Tue, 21 Apr 2020 18:31:50 +0000 (14:31 -0400)]
leftover description text from net amount field removal years ago
Matthew Wire [Mon, 9 Mar 2020 12:35:28 +0000 (12:35 +0000)]
Add contributor email address to cancelSubscription form so it is clear where it will be sent
eileen [Tue, 21 Apr 2020 11:25:16 +0000 (23:25 +1200)]
Comment clarification in test class
I just updated the comments on this helper to clarify the limitations of the function & the
fact that it should not be our only way to test thousand separators.
I was noticing perfect was becoming the enemy of the good here. The function was marked as deprecated
because it doesn't cover all scenarios - but the upshot was that we stopped increasing out
thousand separator testing. In fact we need lots of form tests to do some testing of
the separators and a very small number to test more variants - this latter has been added
& the comments point to the need for more without going as far as deprecating
Seamus Lee [Tue, 21 Apr 2020 04:19:13 +0000 (14:19 +1000)]
Merge pull request #17123 from civicrm/5.25
5.25
Yashodha Chaku [Tue, 21 Apr 2020 03:21:50 +0000 (08:51 +0530)]
Merge pull request #17099 from lcdservices/dev-core-1718
dev/core#1718 membership batch entry join date fix
Seamus Lee [Tue, 21 Apr 2020 02:27:10 +0000 (12:27 +1000)]
Merge pull request #17119 from agh1/5.25.0-releasenotes
5.25.0 release notes first run
colemanw [Tue, 21 Apr 2020 00:14:29 +0000 (20:14 -0400)]
Merge pull request #17064 from eileenmcnaughton/email3
Convert bcc field to use an entity reference.
colemanw [Tue, 21 Apr 2020 00:10:03 +0000 (20:10 -0400)]
Merge pull request #17121 from eileenmcnaughton/update
[REF] Minor var simplification
eileen [Mon, 20 Apr 2020 22:39:33 +0000 (10:39 +1200)]
[REF] Minor var simplification
Eileen McNaughton [Mon, 20 Apr 2020 22:11:35 +0000 (10:11 +1200)]
Merge pull request #17106 from pradpnayak/statepro1
Update Colmbra state/province to Coimbra
Eileen McNaughton [Mon, 20 Apr 2020 22:09:48 +0000 (10:09 +1200)]
Merge pull request #17109 from colemanw/noAlias
APIv4 - Prevent field alias conflicts.
Andrew Hunt [Mon, 20 Apr 2020 21:52:21 +0000 (17:52 -0400)]
5.25.0 release notes: added boilerplate
Andrew Hunt [Mon, 20 Apr 2020 21:47:41 +0000 (17:47 -0400)]
5.25.0 release notes: raw from script
colemanw [Mon, 20 Apr 2020 17:29:33 +0000 (13:29 -0400)]
Merge pull request #17113 from colemanw/restoreApiSql
Restore #16947 - APIv4 support for sql functions and grouping
Coleman Watts [Mon, 20 Apr 2020 15:43:18 +0000 (11:43 -0400)]
Restore #16947 - APIv4 support for sql functions and grouping
Seamus Lee [Mon, 20 Apr 2020 09:17:44 +0000 (19:17 +1000)]
Merge pull request #17111 from seamuslee001/master
5.25
Seamus Lee [Mon, 20 Apr 2020 09:16:14 +0000 (19:16 +1000)]
Merge in 5.25
Seamus Lee [Mon, 20 Apr 2020 09:11:39 +0000 (19:11 +1000)]
Merge pull request #17093 from eileenmcnaughton/cont
[NFC] Remove calculation of unused parameter
Seamus Lee [Mon, 20 Apr 2020 08:54:32 +0000 (18:54 +1000)]
Merge pull request #17108 from colemanw/revertSqlFn
Revert #16947 from 5.25RC
Coleman Watts [Mon, 20 Apr 2020 00:55:19 +0000 (20:55 -0400)]
APIv4 - Prevent field alias conflicts.
Do not allow regular fields to be aliased - only expressions.
Prevent an alias from using the same name as an existing field.
colemanw [Mon, 20 Apr 2020 00:50:55 +0000 (20:50 -0400)]
Merge pull request #17069 from colemanw/removeUselessChecks
[REF] Remove duplicate checks for an array key existing
Coleman Watts [Sun, 19 Apr 2020 23:56:26 +0000 (19:56 -0400)]
Revert "APIv4 - Add rudimentary support for groupBy"
This reverts commit
fba513f62ec8815e08fa838e0d0501279bf34501.
Coleman Watts [Sun, 19 Apr 2020 23:56:25 +0000 (19:56 -0400)]
Revert "Api4SelectQuery - add more metadata to apiFieldSpec"
This reverts commit
9b06167d3c8dc54bb51e22e3583b18799a46c930.
Coleman Watts [Sun, 19 Apr 2020 23:56:20 +0000 (19:56 -0400)]
Revert "APIv4 - Add SQL expression handling and aggregate functions"
This reverts commit
3176b04cb62b0e8f94454e367736f50454f89de8.
Pradeep Nayak [Sun, 19 Apr 2020 19:58:58 +0000 (20:58 +0100)]
updated civicrm_generated.mysql file
Pradeep Nayak [Sun, 19 Apr 2020 17:39:50 +0000 (18:39 +0100)]
Update Colmbra state/province to Coimbra
Coleman Watts [Sun, 19 Apr 2020 01:08:38 +0000 (21:08 -0400)]
dev/core#1684 Use psr-4 autoloader instead of psr-0 for Civi directory
This change is to allow underscores in class names, which were being misinterpreted as directory separators.
colemanw [Sun, 19 Apr 2020 01:33:06 +0000 (21:33 -0400)]
Merge pull request #17080 from colemanw/importExtract
[REF] Import - extract duplicate code to function
colemanw [Sat, 18 Apr 2020 15:50:56 +0000 (11:50 -0400)]
Merge pull request #17101 from totten/master-gitlab-tpl
(NFC) Gitlab Template - Request more detail about upgrade problems
colemanw [Sat, 18 Apr 2020 15:14:09 +0000 (11:14 -0400)]
Merge pull request #17100 from artfulrobot/artfulrobot-lab-1917
Replace CaseType's own XML encoding function
Rich Lott / Artful Robot [Sat, 18 Apr 2020 07:55:51 +0000 (08:55 +0100)]
dev-core/1719: replace xml encoding function in CaseType
colemanw [Fri, 17 Apr 2020 23:32:06 +0000 (19:32 -0400)]
Merge pull request #17098 from mattwire/removeunusedparameterjob
Remove unused parameter from function
Seamus Lee [Fri, 17 Apr 2020 21:49:07 +0000 (07:49 +1000)]
Merge pull request #17051 from eileenmcnaughton/ex
Remove outputHeader as a param for writeCSVFile as it is always true
Seamus Lee [Fri, 17 Apr 2020 21:48:22 +0000 (07:48 +1000)]
Merge pull request #17102 from mattwire/removevar
Remove var that is defined on parent
Matthew Wire [Fri, 17 Apr 2020 19:47:51 +0000 (20:47 +0100)]
Remove var that is defined on parent
Tim Otten [Fri, 17 Apr 2020 19:25:27 +0000 (12:25 -0700)]
(NFC) Gitlab Template - Request more detail about upgrades
Brian Shaughnessy [Fri, 17 Apr 2020 15:34:04 +0000 (11:34 -0400)]
dev/core#1718 membership batch entry join date fix
Matthew Wire [Fri, 17 Apr 2020 14:40:34 +0000 (15:40 +0100)]
Merge pull request #17087 from eileenmcnaughton/ids
[REF] Stop passing ids to membership::create from createRelatedMemberships
Matthew Wire [Fri, 17 Apr 2020 14:39:46 +0000 (15:39 +0100)]
Merge pull request #17086 from eileenmcnaughton/memview
Don't pass empty ids parameter, fix fatal
Matthew Wire [Fri, 17 Jan 2020 19:02:32 +0000 (19:02 +0000)]
Remove unused parameter from function
colemanw [Fri, 17 Apr 2020 12:40:59 +0000 (08:40 -0400)]
Merge pull request #17089 from eileenmcnaughton/memdate
[REF] get rid of variable variable structure
Matthew Wire [Fri, 17 Apr 2020 10:53:22 +0000 (11:53 +0100)]
Merge pull request #16714 from christianwach/lab-1638
Introduce "civi.dao.preUpdate" and "civi.dao.preInsert" events
Seamus Lee [Fri, 17 Apr 2020 09:44:14 +0000 (19:44 +1000)]
Merge pull request #17095 from civicrm/5.25
5.25
Seamus Lee [Fri, 17 Apr 2020 09:43:20 +0000 (19:43 +1000)]
Merge pull request #17097 from seamuslee001/5.25
Add release-notes/5.24.4.md
Tim Otten [Fri, 17 Apr 2020 09:30:06 +0000 (02:30 -0700)]
Add release-notes/5.24.4.md
Tim Otten [Fri, 17 Apr 2020 03:56:19 +0000 (20:56 -0700)]
Merge pull request #17085 from seamuslee001/typo3_drupal8
Generalise typo3/phar-stream-wrapper so CiviCRM can be installed on d…
eileen [Thu, 16 Apr 2020 06:23:26 +0000 (18:23 +1200)]
[REF] get rid of variable variable structure
Readability improvement
eileen [Fri, 17 Apr 2020 02:57:34 +0000 (14:57 +1200)]
[NFC] Remove calculation of unused parameter
Eileen McNaughton [Fri, 17 Apr 2020 02:27:53 +0000 (14:27 +1200)]
Merge pull request #17092 from civicrm/5.25
5.25
Eileen McNaughton [Fri, 17 Apr 2020 02:22:49 +0000 (14:22 +1200)]
Merge pull request #17090 from colemanw/ssCleanup
[REF] SavedSearch - additional cleanup & bugfixes
Seamus Lee [Fri, 17 Apr 2020 02:04:38 +0000 (12:04 +1000)]
Merge pull request #17081 from eileenmcnaughton/session
Fix unsubscribe regression
Seamus Lee [Fri, 17 Apr 2020 02:01:36 +0000 (12:01 +1000)]
Merge pull request #17088 from eileenmcnaughton/ids2
[NFC] Remove all the places where tests unnecessarily pass to Membership::create
Seamus Lee [Fri, 17 Apr 2020 02:00:12 +0000 (12:00 +1000)]
Merge pull request #17073 from eileenmcnaughton/msg_template
Add MessageTemplate api to v4
Eileen McNaughton [Fri, 17 Apr 2020 01:39:11 +0000 (13:39 +1200)]
Merge pull request #17074 from joshgowans/patch-4
Archive text
Coleman Watts [Thu, 9 Apr 2020 15:31:23 +0000 (11:31 -0400)]
SavedSearch - additional cleanup & bugfixes
colemanw [Thu, 16 Apr 2020 14:38:54 +0000 (10:38 -0400)]
Merge pull request #17062 from colemanw/apiExpPerf
[REF] APIv4 Explorer - improve performance
joshgowans [Thu, 16 Apr 2020 12:45:30 +0000 (13:45 +0100)]
Correct spelling
Correct spelling of work 'recognition'.
colemanw [Thu, 16 Apr 2020 11:56:19 +0000 (07:56 -0400)]
Merge pull request #17003 from colemanw/smartererGroups
Allow other base tables for api4-based smart groups
Coleman Watts [Tue, 7 Apr 2020 00:56:43 +0000 (20:56 -0400)]
Allow other base tables for api4-based smart groups
eileen [Thu, 16 Apr 2020 06:04:27 +0000 (18:04 +1200)]
[NFC] Remove all the places where tests unnecessarily pass to Membership::create
The param is deprecated - no reasonn to pass in the tests
eileen [Thu, 16 Apr 2020 05:54:24 +0000 (17:54 +1200)]
Stop passing ids to membership::create from createRelatedMemberships
We are passing in an empty array. Per the code comments there was concern that the array might NOT be empty after calling
create & that needed to be checked out. However, I just went through it & concluded that values in the ids var would
only ever be set if ids['membership'] was passed in - so if it goes in empty it will come out empty
eileen [Thu, 16 Apr 2020 05:33:28 +0000 (17:33 +1200)]
Don't pass empty ids paramter, fix fatal
Seamus Lee [Thu, 16 Apr 2020 04:45:16 +0000 (14:45 +1000)]
Generalise typo3/phar-stream-wrapper so CiviCRM can be installed on drupal8
Seamus Lee [Thu, 16 Apr 2020 02:12:23 +0000 (12:12 +1000)]
Merge pull request #17083 from seamuslee001/master
5.25
Seamus Lee [Thu, 16 Apr 2020 02:11:08 +0000 (12:11 +1000)]
Merge 5.25
eileen [Thu, 16 Apr 2020 01:37:00 +0000 (13:37 +1200)]
Fix issue with form values not being available onn submit
Possible fix for https://civicrm.stackexchange.com/questions/35323/missing-parameters-error-in-unsubscribe-confirmation
The theory is that not having committed the transaction is causing the session not to be saved
CiviCRM [Thu, 16 Apr 2020 02:04:24 +0000 (02:04 +0000)]
Set version to 5.25.beta2
Tim Otten [Thu, 16 Apr 2020 01:28:50 +0000 (18:28 -0700)]
release-notes - Small copy edits
Seamus Lee [Thu, 16 Apr 2020 01:02:23 +0000 (11:02 +1000)]
Add in release notes for 5.24.3
Tim Otten [Fri, 3 Apr 2020 02:45:21 +0000 (19:45 -0700)]
Update composer.lock (`composer update --lock`)
Tim Otten [Fri, 3 Apr 2020 02:34:00 +0000 (19:34 -0700)]
[MOSS] CIV-01-001 - Display sensible error if someone tries to use "qunit" when it's missing
Tim Otten [Fri, 3 Apr 2020 02:23:03 +0000 (19:23 -0700)]
[MOSS] CIV-01-001 - Remove more unnecessary files from google-code-prettifier
Seamus Lee [Wed, 18 Mar 2020 01:25:01 +0000 (12:25 +1100)]
[MOSS] CIV-01-001 Remove Qunit and google-code-prettifier demo html file
Seamus Lee [Thu, 12 Dec 2019 20:08:34 +0000 (07:08 +1100)]
Include the job name and job details on the popup notice and also on the form asking if your sure about executing it
Allow disabled jobs to be executed and fix copy
Seamus Lee [Tue, 10 Dec 2019 20:07:57 +0000 (07:07 +1100)]
security/core#10 Ensure there is CSRF Protection when running Scheduled Jobs from the Admin scheduled jobs UI
Seamus Lee [Sun, 29 Mar 2020 21:23:33 +0000 (08:23 +1100)]
Remove code handling for profile search listing
Seamus Lee [Sun, 29 Mar 2020 20:55:14 +0000 (07:55 +1100)]
Also escape when value starts with a [ and validate the negative operation as well
Seamus Lee [Tue, 3 Mar 2020 20:48:35 +0000 (07:48 +1100)]
[MOSS] CIV-01-020 Validate value in the query building logic for privacy flag fields
Seamus Lee [Sat, 29 Feb 2020 22:32:21 +0000 (09:32 +1100)]
[MOSS] CIV-01-014 Validate status_id and campaign_type_id for camapginSummary function and the source_record_id and activity_type_id for Activity delete function
Seamus Lee [Sun, 9 Feb 2020 08:32:48 +0000 (19:32 +1100)]
security/core#40 Purify activity details when viewing case activities and case reports
Patrick Figel [Tue, 18 Feb 2020 19:44:11 +0000 (20:44 +0100)]
security/core#60 - Fix PHP Object Injection via Phar Deserialization
This mitigates Phar deserialization vulnerabilities by registering an
alternative Phar stream wrapper that filters out insecure Phar files.
PHP makes it possible to trigger Object Injection vulnerabilities by using
a side-effect of the phar:// stream wrapper that unserializes Phar
metadata. To mitigate this vulnerability, projects such as TYPO3 and Drupal
have implemented an alternative Phar stream wrapper that disallows
inclusion of phar files based on certain parameters. This change implements
a similar approach for Civi in environments where the vulnerability isn't
mitigated by the CMS.
Fixes security/core#60
Tim Otten [Wed, 4 Mar 2020 02:54:50 +0000 (18:54 -0800)]
CIV-01-021 - Improve entity name sanitization
Before
------
* There exist two functions which purport to take an API entity name and sanitize it,
producing a canonical API entity name. (`\Civi\API\Request::normalizeEntityName`
and `_civicrm_api_get_camel_name`)
* The two functions are identical for typical inputs. Both call `convertStringToCamel()`.
* The difference relates to unusual/unspecified input characters like `/` or `.` or `+`.
* `_civicrm_api_get_camel_name()` allows/returns unusual characters.
* `normalizeEntityName()` filters them out via `\CRM_Utils_String::munge()`
After
-----
* `_civicrm_api_get_camel_name()` just calls `normalizeEntityName()`
* A unit-test provides some comparison/contrast between the old+new behaviors.
Comments
--------
I came into this because CIV-01-021 pointed out that `_civicrm_api_get_camel_name()` had
insufficient sanitization of wonky inputs and could potentially lead to unexpected file-reads.
You can potentially address those wonky inputs by filtering them out or by throwing an exception.
I initially started doing an exception... but it turned out that `normalizeEntityName()` was already
filtering out and didn't really need a change. Also, regardless of the policy, the functions should be
brought into alignment.
Anyway, it seemed like this was the simpler change - it keeps `normalizeEntityName()` working exactly
as before, and only changes `_civicrm_api_get_camel_name()` to match.
Patrick Figel [Tue, 18 Feb 2020 20:54:05 +0000 (21:54 +0100)]
security/core#73 - Fix Contact.getquick API key exposure
This fixes an issue where API keys can be exposed via the field_name
parameter of the Contact.getquick API. Since there is no valid use-case
for requesting API keys via getquick, the fix simply triggers an API
error if the API key is requested.
Eileen McNaughton [Wed, 15 Apr 2020 21:10:52 +0000 (09:10 +1200)]
Merge pull request #17066 from mattwire/fixselectedchild
Fix 'selectedChild' parameter for pages with tabs
Coleman Watts [Wed, 15 Apr 2020 20:50:01 +0000 (16:50 -0400)]
Import - extract duplicate code to function
FIXME: Extracting this was a first step, but there's also still lots of inconsistency
and duplication with how the various import classes handle custom data.
colemanw [Wed, 15 Apr 2020 20:41:34 +0000 (16:41 -0400)]
Merge pull request #17055 from mattwire/customgroupfield_id
Add ID to custom group/field admin forms
Matthew Wire [Wed, 15 Apr 2020 09:28:45 +0000 (10:28 +0100)]
Merge pull request #17076 from agh1/cancelnotban
Export: use X icon `fa-times` for closing things
Eileen McNaughton [Wed, 15 Apr 2020 02:16:35 +0000 (14:16 +1200)]
Merge pull request #16756 from eileenmcnaughton/memtest
[NFC] Improve cleanup on membershipStatus to cope with undeleted memberships
eileen [Wed, 15 Apr 2020 00:35:38 +0000 (12:35 +1200)]
Use apiv4 on save
colemanw [Wed, 15 Apr 2020 00:30:01 +0000 (20:30 -0400)]
Merge pull request #17077 from eileenmcnaughton/dedup
Follow up fix on change to merge sqls
eileen [Wed, 15 Apr 2020 00:17:33 +0000 (12:17 +1200)]
[REF] MessageTemplate form code level improvements
I'm looking to cleanup this form to use the apiv4 (I'd rather got the extra step & switch it to an afform but
that seems like too big a leap).
This switches the loading to use apiv4. Note that
1) I decided that it doesn't make sense to setCheckPermissions = FALSE - I think the form should not
be availble to non-permissioned users (& perhaps a hook might like to play a role here).
2) I removed the inheritence from the parent which seemed to do 3 things
- added admin.css - none of the classes seemed to apply
- added iconpicker - didn't seem to apply
- loaded the defaults - which this change does on the form more succinctly