Seamus Lee [Wed, 15 May 2019 21:51:00 +0000 (07:51 +1000)]
Merge pull request #14257 from civicrm/5.14
5.14
Seamus Lee [Wed, 15 May 2019 20:39:27 +0000 (06:39 +1000)]
Jenkins style fix
totten [Wed, 15 May 2019 15:48:00 +0000 (15:48 +0000)]
Update 5.13.4.md
Seamus Lee [Tue, 14 May 2019 21:19:22 +0000 (07:19 +1000)]
Update date of 5.13.3 release and add in APIv4 SA into 5.13.4
totten [Tue, 14 May 2019 10:34:04 +0000 (10:34 +0000)]
Update 5.13.4.md
Seamus Lee [Wed, 1 May 2019 02:40:10 +0000 (12:40 +1000)]
WIP Release Notes for security release
Update Release notes based on Tim's Review and likely drop of 5.13.3
Tim Otten [Wed, 8 May 2019 23:41:55 +0000 (16:41 -0700)]
civicrm/file - Be forgiving about old image hyperlinks
Previous versions of Civi sometimes generated URLs for contact-images with incorrect `&mime-type` values:
http://dmaster.bknix:8001/civicrm/file?reset=1&filename=Hello_cca4153cb14beab37c68ab7f07162425.jpg&mime-type=image/jpg
The recent security update will generate an error if the mime-type is incorrect, so this patch relaxes it
to allow the old links to continue working.
Seamus Lee [Fri, 3 May 2019 04:53:48 +0000 (14:53 +1000)]
Add whitelist back in and validate extension of file is permtted for the mime-type supplied and use mime-type from db if supplied with an fid and eid
Switch to different libary that is php5.6 compatable
Seamus Lee [Fri, 29 Mar 2019 23:34:47 +0000 (10:34 +1100)]
Strength mime checking by comparing mime-type to the file path mime-type if we have entity_id and file id otherwise only permit image mime_types to be accepted if going via the filename route
Ensure mimetype is set in the case where we are passing it through and its valid
Remove Whitelisting of mime-types as not useful and only check mime-types if we have had one passed in
Seamus Lee [Sun, 3 Mar 2019 01:14:16 +0000 (12:14 +1100)]
Resolve security/core#45 by validating the mimeType of the file with the supplied mime-type
Seamus Lee [Mon, 29 Apr 2019 04:05:15 +0000 (14:05 +1000)]
Resolve security/core#52 by validating that an installtype is sensible
Seamus Lee [Sat, 30 Mar 2019 05:19:58 +0000 (16:19 +1100)]
security/core#49 Ensure that only intergers are passed to the IN build options in address
Fix Rule checking and add a unit test
Add in unit test on building country_id options too
Add in a unit test for building county options with a state_province_id filter
Seamus Lee [Sun, 28 Apr 2019 22:32:58 +0000 (08:32 +1000)]
Also escape subtype to fix POC#2 found by Patrick
Jamie McClelland [Wed, 20 Feb 2019 17:59:34 +0000 (12:59 -0500)]
escape alphanumeric/checkbox custom data
Seamus Lee [Mon, 22 Apr 2019 07:45:52 +0000 (17:45 +1000)]
Fix security/core#51 by paramatising the Event Type part of the wuere clause
Seamus Lee [Wed, 24 Apr 2019 20:03:57 +0000 (06:03 +1000)]
Resolve security/core#53 by updating tcpdf to latest version of 6.2.x
Tim Otten [Tue, 23 Apr 2019 23:00:35 +0000 (16:00 -0700)]
(security/core#50) Update jQuery to address prototype pollution
Coleman Watts [Tue, 26 Mar 2019 22:16:18 +0000 (18:16 -0400)]
Don't expose condition to api.getoptions
Tim Otten [Tue, 5 Mar 2019 00:05:06 +0000 (16:05 -0800)]
Harden against serialization vulnerabilities (#46)
Seamus Lee [Wed, 15 May 2019 11:40:31 +0000 (21:40 +1000)]
Merge pull request #14248 from civicrm/5.14
5.14
Seamus Lee [Tue, 14 May 2019 23:28:23 +0000 (09:28 +1000)]
Merge pull request #14246 from seamuslee001/5.14-release-notes
5.13.3 Release Notes
Tim Otten [Tue, 14 May 2019 10:54:21 +0000 (11:54 +0100)]
contributor-key.yml, 5.13.13.md - Fix typo in credit
I saw a typo and asked Patrick for preferred text.
Tim Otten [Sat, 11 May 2019 08:04:52 +0000 (09:04 +0100)]
Update 5.13.3.md
Tim Otten [Sat, 11 May 2019 08:03:11 +0000 (09:03 +0100)]
Update 5.13.3.md
Seamus Lee [Sat, 11 May 2019 01:59:59 +0000 (11:59 +1000)]
Update release notes
Seamus Lee [Fri, 10 May 2019 22:42:58 +0000 (08:42 +1000)]
Add in Release notes for 5.13.3 Drop
Seamus Lee [Mon, 13 May 2019 04:37:53 +0000 (14:37 +1000)]
Merge pull request #14239 from colemanw/haveACrack
Remove broken delete from customGroupCreate
Coleman Watts [Mon, 13 May 2019 02:36:42 +0000 (22:36 -0400)]
Remove broken delete from customGroupCreate
colemanw [Sun, 12 May 2019 23:25:27 +0000 (19:25 -0400)]
Merge pull request #14181 from eileenmcnaughton/group_search
dev/core#926 [ref] adds a test & does a preliminary extraction
Eileen McNaughton [Sun, 12 May 2019 23:13:34 +0000 (11:13 +1200)]
Merge pull request #14195 from mlutfy/dev932
dev/core#932 Fix dedupe contacts flip selection
Eileen McNaughton [Sun, 12 May 2019 22:07:52 +0000 (10:07 +1200)]
Merge pull request #14160 from demeritcowboy/fix-change-status-warning
dev/core#896 - fix notice warning on closing a case
Eileen McNaughton [Sun, 12 May 2019 22:03:23 +0000 (10:03 +1200)]
Merge pull request #14206 from mattwire/paymentforms_refactor
REF Refactor to reduce duplication on payment forms
Seamus Lee [Sun, 12 May 2019 05:35:32 +0000 (15:35 +1000)]
Merge pull request #14226 from eileenmcnaughton/master
Update testGetActivityAccessCiviCRMEnough test for clarity
Seamus Lee [Sun, 12 May 2019 02:32:34 +0000 (12:32 +1000)]
Merge pull request #14238 from civicrm/5.14
5.14
Eileen McNaughton [Sat, 11 May 2019 23:49:48 +0000 (11:49 +1200)]
Merge pull request #14118 from eileenmcnaughton/no_fin_item
Fix financial acl permissions to respect check_permissions
Eileen McNaughton [Sat, 11 May 2019 23:48:34 +0000 (11:48 +1200)]
Merge pull request #14236 from seamuslee001/activity_test
Fix Failing Activity Test
Seamus Lee [Sat, 11 May 2019 07:25:11 +0000 (17:25 +1000)]
Fix Failing Activity Test
Seamus Lee [Sat, 11 May 2019 06:40:48 +0000 (16:40 +1000)]
Merge pull request #14223 from eileenmcnaughton/5.14
dev/core#942 fix failure to render names for some activities
eileenmcnaugton [Fri, 10 May 2019 04:13:11 +0000 (16:13 +1200)]
dev/core#942 fix failure to render names for some activities
Overview
----------------------------------------
Set limit for activity_contact retrieval to 0, allowing to retrieve more than 25 activity contacts when rendering the first 25 activities on the activity contact tab
Before
----------------------------------------
After
----------------------------------------
Technical Details
----------------------------------------
This moves the logic for retrieving the target contacts back into the getActivities function. We are stil not wanting to bypass the ACLs so still using the
api but strictly limiting the number of contacts we retrieve (at the cost of extra queries, but cheap ones).
Some tests added on the Bulk Mail activity.
Comments
----------------------------------------
Eileen McNaughton [Sat, 11 May 2019 01:33:52 +0000 (13:33 +1200)]
Merge pull request #14233 from seamuslee001/participant_count_search_fix
dev/core#956 Fix hard breakage in find participants form when you do a filter on o…
Seamus Lee [Fri, 10 May 2019 23:31:19 +0000 (09:31 +1000)]
Merge pull request #14220 from pradpnayak/core/issues/923
core/issues/923, Fixed notice error when creating/editing profile
Seamus Lee [Fri, 10 May 2019 23:24:47 +0000 (09:24 +1000)]
dev/core#956 Fix hard breakage in find participants form when you do a filter on one event and n participant statues
Eileen McNaughton [Fri, 10 May 2019 22:18:36 +0000 (10:18 +1200)]
Merge pull request #14216 from alifrumin/dontmunge
When creating relationship types don't munge names
Eileen McNaughton [Fri, 10 May 2019 09:05:50 +0000 (21:05 +1200)]
Merge pull request #14227 from civicrm/5.14
5.14 to master
Eileen McNaughton [Fri, 10 May 2019 09:05:17 +0000 (21:05 +1200)]
Merge pull request #14214 from jitendrapurohit/activity-input
Add select2 to input field of datepicker
Eileen McNaughton [Fri, 10 May 2019 09:02:30 +0000 (21:02 +1200)]
Merge pull request #14221 from seamuslee001/activty_wrapper_date_picker_template
Add in Wrapper template around DatePickerRange template to have bette…
eileenmcnaugton [Fri, 10 May 2019 08:55:47 +0000 (20:55 +1200)]
Update testGetActivityAccessCiviCRMEnough test for clarity
Seamus Lee [Fri, 10 May 2019 00:16:19 +0000 (10:16 +1000)]
Add in Wrapper template around DatePickerRange template to have better layout of Activity Search Form
Allow for colspan and class to be set when adding in wrapper
Update the wrapper to be only one td and not all and fix activity template appropriately
Eileen McNaughton [Thu, 9 May 2019 23:52:24 +0000 (11:52 +1200)]
Merge pull request #14219 from colemanw/hover
dev/core#950 Remove deprecated :hover jQuery selector
Coleman Watts [Thu, 9 May 2019 21:50:53 +0000 (17:50 -0400)]
Remove deprecated :hover jQuery selector
Pradeep Nayak [Thu, 9 May 2019 21:35:00 +0000 (22:35 +0100)]
core/issues/923, Fixed notice error when creating/editing profile
Monish Deb [Thu, 9 May 2019 12:50:54 +0000 (18:20 +0530)]
Merge pull request #14217 from prondubuisi/this-in-static-method
dev/core#945 - fix use of $this error in static method
Matthew Wire [Thu, 9 May 2019 09:55:08 +0000 (10:55 +0100)]
Merge pull request #14004 from mfb/set-utf8
Remove CIVICRM_TEMP_FORCE_UTF8; deprecate TempTable::setUtf8()
Matthew Wire [Thu, 9 May 2019 09:53:16 +0000 (10:53 +0100)]
Merge pull request #14185 from mfb/watchdog
Pass the RFC 3164 severity level thru to drupal watchdog.
Onyemenam Ndubuisi [Thu, 9 May 2019 05:53:30 +0000 (06:53 +0100)]
dev/core#945 - fix use of $this error in static method
Alice Frumin [Wed, 8 May 2019 16:02:54 +0000 (12:02 -0400)]
When creating relationship types thru the api Don't munge names
Jitendra Purohit [Wed, 8 May 2019 04:40:18 +0000 (10:10 +0530)]
Add select2 to input field of datepicker
Eileen McNaughton [Tue, 7 May 2019 20:18:26 +0000 (08:18 +1200)]
Merge pull request #14203 from yashodha/dev_705
(dev/core#705) Disabling Alphabetical Pager is not respected for events
Yashodha Chaku [Tue, 7 May 2019 06:12:31 +0000 (11:42 +0530)]
Merge pull request #14183 from eileenmcnaughton/copy_dao
Fix CRM-21832 - Recurring activities don't carry over custom datas & add test provided by Agileware
Seamus Lee [Tue, 7 May 2019 04:13:00 +0000 (14:13 +1000)]
Merge pull request #14205 from civicrm/5.14
5.14
Seamus Lee [Tue, 7 May 2019 01:35:15 +0000 (11:35 +1000)]
Merge pull request #14210 from seamuslee001/5_13_2_release_notes
Add 5.13.2 release notes
Tim Otten [Mon, 6 May 2019 23:32:12 +0000 (16:32 -0700)]
Update 5.13.2.md
Seamus Lee [Mon, 6 May 2019 22:35:55 +0000 (08:35 +1000)]
Update Release notes for dev/core#940
Include Dave D for review purposes
Tim Otten [Mon, 6 May 2019 19:31:11 +0000 (12:31 -0700)]
Add 5.13.2 release notes
Seamus Lee [Mon, 6 May 2019 23:34:42 +0000 (09:34 +1000)]
Merge pull request #14208 from seamuslee001/dev_core_940_5_14
(dev/core#940) Fix regression involving Email Processor filing and ".unknown" attachments
Seamus Lee [Mon, 6 May 2019 22:29:50 +0000 (08:29 +1000)]
Fix Regression in Email Processor filing all emails as .unknown attachments
Matthew Wire [Mon, 6 May 2019 22:12:58 +0000 (23:12 +0100)]
Merge pull request #14198 from eileenmcnaughton/pay_activity
[REF+ test] start process of cleaning up payment activity handling
Matthew Wire [Mon, 6 May 2019 22:11:53 +0000 (23:11 +0100)]
Merge pull request #14197 from eileenmcnaughton/cont_cancel
dev/core#927 [ref] Extract contribution.cancel function
Matthew Wire (MJW Consulting) [Mon, 6 May 2019 21:58:11 +0000 (22:58 +0100)]
Refactor to reduce duplication on payment forms
Seamus Lee [Mon, 6 May 2019 20:36:27 +0000 (06:36 +1000)]
Merge pull request #14204 from totten/5.14-act-sort
(dev/core#934; followup) Fix escaping on new query code
eileen [Thu, 2 May 2019 02:19:50 +0000 (14:19 +1200)]
Fix failure to copy custom fields & add test provided by Agileware
Per https://github.com/civicrm/civicrm-core/pull/13470 custom fields are
inconsistently copied where copying entities. This makes the code from
BAO_Event called from the genericCopy function.
I did a bit of an audit and the places where this is currently called from don't appear
to call the copyGeneric function with the 'custom' param that would have activated the old
code. I also consistently removed the & when it was being called so I could take it
out of the signature.
The original PR handled tags as well, but not in a generic way. I've left that out of scope
but the test is present, commented out, so it would be easy enough to revist
Tim Otten [Mon, 6 May 2019 19:34:37 +0000 (12:34 -0700)]
(dev/core#934; followup) Fix escaping on new query code
This updates a line which was added in the past day (#14194) to ensure that
the data is escaped.
yashodha [Mon, 6 May 2019 12:55:47 +0000 (18:25 +0530)]
(dev/core#705) Disabling Alphabetical Pager is not respected for events
Eileen McNaughton [Sun, 5 May 2019 21:48:52 +0000 (09:48 +1200)]
Merge pull request #14199 from colemanw/relActive
Stop overriding is_active default when saving new relationship
Coleman Watts [Sun, 5 May 2019 00:11:10 +0000 (20:11 -0400)]
Stop overriding is_active default when saving new relationship
For some obscure reason the relationsip BAO was forcing the is_active field
to default to 0 even though the schema sets a more sensible default of 1.
Seamus Lee [Sun, 5 May 2019 02:39:53 +0000 (12:39 +1000)]
Merge pull request #14202 from civicrm/5.14
5.14
Seamus Lee [Sun, 5 May 2019 02:39:21 +0000 (12:39 +1000)]
Merge pull request #14200 from demeritcowboy/to-be-or-not-to-be
contributor-keys file - jira/lab.c.o username fix
Seamus Lee [Sun, 5 May 2019 02:38:19 +0000 (12:38 +1000)]
Merge pull request #14194 from eileenmcnaughton/activity_sort
dev/core#934 Fix regression on sorting activity tab by 'Added by'
DemeritCowboy [Sun, 5 May 2019 01:07:53 +0000 (21:07 -0400)]
fix change case status warning
Eileen McNaughton [Sat, 4 May 2019 23:30:16 +0000 (11:30 +1200)]
Merge pull request #14177 from eileenmcnaughton/free
IDE re-format of tools directory
eileen [Sat, 4 May 2019 05:16:36 +0000 (17:16 +1200)]
[REF] start process of cleaning up payment activity handling
At the moment activities are created when using the additional payment form but not the UI.
This needs cleaning up & this takes the first step by adding testing & slightly
simplifying where decisions are made about variables (assign title directly rather than component
just to assign title deeper down
Eileen McNaughton [Sat, 4 May 2019 23:18:33 +0000 (11:18 +1200)]
Merge pull request #14180 from eileenmcnaughton/recur_search
Enotice fix on creating a smart group
eileen [Fri, 3 May 2019 02:37:14 +0000 (14:37 +1200)]
dev/core#934 Fix regression on sorting activity tab by 'Added by'
DemeritCowboy [Fri, 3 May 2019 23:49:27 +0000 (19:49 -0400)]
jira
eileen [Fri, 3 May 2019 23:20:35 +0000 (11:20 +1200)]
dev/core#927 Extract contribution.cancel function
Mathieu Lutfy [Fri, 3 May 2019 13:09:25 +0000 (09:09 -0400)]
dev/core#932 Fix dedupe contacts flip selection
Eileen McNaughton [Fri, 3 May 2019 05:29:19 +0000 (17:29 +1200)]
Merge pull request #14193 from seamuslee001/5.14
On PHP 7.2 we cannot start session until it has been configured by Dr…
mark burdett [Tue, 16 Apr 2019 23:29:43 +0000 (16:29 -0700)]
On PHP 7.2 we cannot start session until it has been configured by Drupal.
Eileen McNaughton [Fri, 3 May 2019 01:26:13 +0000 (13:26 +1200)]
Merge pull request #14192 from civicrm/5.14
5.14
Seamus Lee [Fri, 3 May 2019 00:55:29 +0000 (10:55 +1000)]
Merge pull request #14191 from seamuslee001/5_13_release_notes
Add in release notes for 5.13.1 drop
Tim Otten [Thu, 2 May 2019 23:22:01 +0000 (16:22 -0700)]
Merge pull request #14074 from mfb/session-start
Don't call session_start() before CMS bootstrap (PHP 7.2 compat)
Seamus Lee [Thu, 2 May 2019 23:16:12 +0000 (09:16 +1000)]
Merge pull request #14135 from colemanw/menubarVars
Hook to alter menubar css variables & fix breakpoint in WP
Tim Otten [Thu, 2 May 2019 22:48:16 +0000 (15:48 -0700)]
Update 5.13.1.md
Seamus Lee [Thu, 2 May 2019 22:08:02 +0000 (08:08 +1000)]
Merge pull request #14189 from MegaphoneJon/wordpress-26-5.14
wordpress#26 - fix REST
Seamus Lee [Thu, 2 May 2019 21:30:39 +0000 (07:30 +1000)]
Add in release notes for 5.13.1 drop
Jon Goldberg [Thu, 2 May 2019 20:00:19 +0000 (16:00 -0400)]
wordpress#26 - fix REST
Seamus Lee [Thu, 2 May 2019 21:09:40 +0000 (07:09 +1000)]
Merge pull request #14188 from seamuslee001/dev_core_931_5_14
Resolve dev/core#931 by not doing translation on the query if field e…
Seamus Lee [Thu, 2 May 2019 20:22:41 +0000 (06:22 +1000)]
Resolve dev/core#931 by not doing translation on the query if field exists during the upgrade process
mark burdett [Thu, 2 May 2019 13:49:06 +0000 (06:49 -0700)]
Pass the RFC 3164 severity level thru to drupal watchdog.
Matthew Wire [Thu, 2 May 2019 09:32:19 +0000 (10:32 +0100)]
Merge pull request #14171 from eileenmcnaughton/copy_dao
[ref] Move copyCustomFields function from Event to Core_DAO for re-usablibilty
projects / civicrm-core.git / log