Andrew Engelbrecht [Wed, 19 Jul 2017 20:31:29 +0000 (16:31 -0400)]
remove unneeded file (latex.patch)
this was apparently not removed in the git rebase.
Ruben Rodriguez [Thu, 1 Dec 2016 21:59:27 +0000 (16:59 -0500)]
Comment cleanup
Ruben Rodriguez [Thu, 1 Dec 2016 21:28:53 +0000 (16:28 -0500)]
Updated the LaTeX header for letters
Ruben Rodriguez [Fri, 10 Jun 2016 19:06:07 +0000 (15:06 -0400)]
Added hack for scaping curly brackets on smarty LaTeX templates
Ruben Rodriguez [Fri, 10 Jun 2016 19:05:21 +0000 (15:05 -0400)]
Tuned up PdfLatex font settings
k [Tue, 15 Mar 2016 17:41:14 +0000 (13:41 -0400)]
redisabling mail tracking
k [Tue, 15 Mar 2016 17:37:59 +0000 (13:37 -0400)]
redoing replacement of "Confirm Contribution" with "Review Contribution"
k [Tue, 15 Mar 2016 17:13:26 +0000 (13:13 -0400)]
Solving RT ticket #
adding civicrm ID to contributin record
Lisa Marie Maginnis [Thu, 15 Oct 2015 03:10:17 +0000 (23:10 -0400)]
reverted js changes back to upstream
Lisa Marie Maginnis [Mon, 21 Sep 2015 17:33:03 +0000 (13:33 -0400)]
ipn receiver for external api
Lisa Marie Maginnis [Mon, 21 Sep 2015 17:28:53 +0000 (13:28 -0400)]
Priceset 2nd half
Lisa Marie Maginnis [Mon, 21 Sep 2015 17:28:43 +0000 (13:28 -0400)]
Lisa Marie Maginnis [Mon, 21 Sep 2015 17:18:43 +0000 (13:18 -0400)]
Removed cache rebuild from the GroupContact
Lisa Marie Maginnis [Mon, 21 Sep 2015 17:15:03 +0000 (13:15 -0400)]
RT#765026, patch for null values in civicrm_acl_cache
Ruben Rodriguez [Thu, 10 Sep 2015 22:24:23 +0000 (18:24 -0400)]
Added the current uncommited changes to production code, and rebased to 4.6.8
Lisa Marie Maginnis [Thu, 1 May 2014 21:29:27 +0000 (17:29 -0400)]
Additional files for PDF/Latex
Lisa Marie Maginnis [Thu, 1 May 2014 21:04:18 +0000 (17:04 -0400)]
Our changes
Tim Otten [Thu, 16 Apr 2020 01:28:50 +0000 (18:28 -0700)]
release-notes - Small copy edits
Seamus Lee [Thu, 16 Apr 2020 01:02:23 +0000 (11:02 +1000)]
Add in release notes for 5.24.3
Seamus Lee [Thu, 16 Apr 2020 00:50:16 +0000 (10:50 +1000)]
Set version to 5.24.3
Tim Otten [Fri, 3 Apr 2020 02:45:21 +0000 (19:45 -0700)]
Update composer.lock (`composer update --lock`)
Tim Otten [Fri, 3 Apr 2020 02:44:51 +0000 (19:44 -0700)]
[MOSS] CIV-01-001 - Add security check to ensure full deletion
Some admin workflows don't handle implicit deletions. This guard ensures that deletion is complete.
Tim Otten [Fri, 3 Apr 2020 02:34:00 +0000 (19:34 -0700)]
[MOSS] CIV-01-001 - Display sensible error if someone tries to use "qunit" when it's missing
Tim Otten [Fri, 3 Apr 2020 02:23:03 +0000 (19:23 -0700)]
[MOSS] CIV-01-001 - Remove more unnecessary files from google-code-prettifier
Seamus Lee [Wed, 18 Mar 2020 01:25:01 +0000 (12:25 +1100)]
[MOSS] CIV-01-001 Remove Qunit and google-code-prettifier demo html file
Seamus Lee [Thu, 12 Dec 2019 20:08:34 +0000 (07:08 +1100)]
Include the job name and job details on the popup notice and also on the form asking if your sure about executing it
Allow disabled jobs to be executed and fix copy
Seamus Lee [Tue, 10 Dec 2019 20:07:57 +0000 (07:07 +1100)]
security/core#10 Ensure there is CSRF Protection when running Scheduled Jobs from the Admin scheduled jobs UI
Seamus Lee [Sun, 29 Mar 2020 21:23:33 +0000 (08:23 +1100)]
Remove code handling for profile search listing
Seamus Lee [Sun, 29 Mar 2020 20:55:14 +0000 (07:55 +1100)]
Also escape when value starts with a [ and validate the negative operation as well
Seamus Lee [Tue, 3 Mar 2020 20:48:35 +0000 (07:48 +1100)]
[MOSS] CIV-01-020 Validate value in the query building logic for privacy flag fields
Seamus Lee [Sat, 29 Feb 2020 22:32:21 +0000 (09:32 +1100)]
[MOSS] CIV-01-014 Validate status_id and campaign_type_id for camapginSummary function and the source_record_id and activity_type_id for Activity delete function
Patrick Figel [Tue, 18 Feb 2020 19:44:11 +0000 (20:44 +0100)]
security/core#60 - Fix PHP Object Injection via Phar Deserialization
This mitigates Phar deserialization vulnerabilities by registering an
alternative Phar stream wrapper that filters out insecure Phar files.
PHP makes it possible to trigger Object Injection vulnerabilities by using
a side-effect of the phar:// stream wrapper that unserializes Phar
metadata. To mitigate this vulnerability, projects such as TYPO3 and Drupal
have implemented an alternative Phar stream wrapper that disallows
inclusion of phar files based on certain parameters. This change implements
a similar approach for Civi in environments where the vulnerability isn't
mitigated by the CMS.
Fixes security/core#60
Seamus Lee [Sun, 9 Feb 2020 08:32:48 +0000 (19:32 +1100)]
security/core#40 Purify activity details when viewing case activities and case reports
Tim Otten [Wed, 4 Mar 2020 02:54:50 +0000 (18:54 -0800)]
CIV-01-021 - Improve entity name sanitization
* There exist two functions which purport to take an API entity name and sanitize it,
producing a canonical API entity name. (`\Civi\API\Request::normalizeEntityName`
and `_civicrm_api_get_camel_name`)
* The two functions are identical for typical inputs. Both call `convertStringToCamel()`.
* The difference relates to unusual/unspecified input characters like `/` or `.` or `+`.
* `_civicrm_api_get_camel_name()` allows/returns unusual characters.
* `normalizeEntityName()` filters them out via `\CRM_Utils_String::munge()`
* `_civicrm_api_get_camel_name()` just calls `normalizeEntityName()`
* A unit-test provides some comparison/contrast between the old+new behaviors.
I came into this because CIV-01-021 pointed out that `_civicrm_api_get_camel_name()` had
insufficient sanitization of wonky inputs and could potentially lead to unexpected file-reads.
You can potentially address those wonky inputs by filtering them out or by throwing an exception.
I initially started doing an exception... but it turned out that `normalizeEntityName()` was already
filtering out and didn't really need a change. Also, regardless of the policy, the functions should be
brought into alignment.
Anyway, it seemed like this was the simpler change - it keeps `normalizeEntityName()` working exactly
as before, and only changes `_civicrm_api_get_camel_name()` to match.
Patrick Figel [Tue, 18 Feb 2020 20:54:05 +0000 (21:54 +0100)]
security/core#73 - Fix Contact.getquick API key exposure
This fixes an issue where API keys can be exposed via the field_name
parameter of the Contact.getquick API. Since there is no valid use-case
for requesting API keys via getquick, the fix simply triggers an API
error if the API key is requested.
davejenx [Thu, 9 Apr 2020 10:01:29 +0000 (11:01 +0100)]
Fix version number in title.
Tim Otten [Thu, 9 Apr 2020 07:21:12 +0000 (00:21 -0700)]
Merge pull request #17040 from totten/5.24-bump2
Update to 5.24.2. Add release notes.
Seamus Lee [Thu, 9 Apr 2020 07:16:51 +0000 (17:16 +1000)]
Merge pull request #17039 from seamuslee001/524
Revert "temp workaround for dev/core#1675"
Tim Otten [Thu, 9 Apr 2020 06:22:33 +0000 (23:22 -0700)]
Add release-notes/5.24.2
Seamus Lee [Wed, 8 Apr 2020 21:20:48 +0000 (07:20 +1000)]
Revert "temp workaround for dev/core#1675"
This reverts commit
Tim Otten [Thu, 9 Apr 2020 05:08:35 +0000 (22:08 -0700)]
Set version to 5.24.2
Eileen McNaughton [Wed, 8 Apr 2020 23:43:20 +0000 (11:43 +1200)]
Merge pull request #17036 from seamuslee001/5.24
CRM_Core_I18n - Provide a better label for new/unknown locales
Tim Otten [Wed, 8 Apr 2020 04:14:38 +0000 (21:14 -0700)]
CRM_Core_I18n - Provide a better label for new/unknown locales
Suppose you add new/unrecognized data files in the `l10n` folder - and then
you navigate to the screen `civicrm/admin/setting/localization?reset=1`.
The new language appears in the admin UI as a blank item.
Every page in the app displays a warning about the unrecognized locale.
The new language appears in the admin UI with a placeholder name (based on the code).
The warnings are not displayed.
We've just had an issue where a new language was added to the `l10n`
data-set, and then all automated test-suites for all versions (incl `5.25`
RC and `5.24` stable) started to throw blocker errors on unrelated PRs.
This is because the `l10n` data is generally evergreen, but each branch/tag
of `civicrm-core` has the list hard-coded in multiple spots.
This patch tries to make the symptom less painful when mixing/matching
different revisions of `civicrm-core.git` and `l10n.git`.
Seamus Lee [Wed, 8 Apr 2020 08:30:27 +0000 (18:30 +1000)]
Merge pull request #17010 from colemanw/fixhookissue24
Fixed fatal error for class not found when managed hook is invoked during upgrade
Eileen McNaughton [Wed, 8 Apr 2020 04:45:08 +0000 (16:45 +1200)]
Merge pull request #17017 from seamuslee001/nl_be_524
add nl_BE language
demeritcowboy [Thu, 2 Apr 2020 21:59:21 +0000 (17:59 -0400)]
add nl_BE language
Pradeep Nayak [Tue, 7 Apr 2020 02:16:44 +0000 (03:16 +0100)]
Fixed fatal error for class not found when managed hook is invoked during upgrade
Tim Otten [Sun, 5 Apr 2020 01:04:21 +0000 (18:04 -0700)]
Merge pull request #16977 from totten/5.24-bump1
Set version to 5.24.1. Add notes.
Tim Otten [Sun, 5 Apr 2020 00:50:45 +0000 (17:50 -0700)]
Add release-notes/5.24.1
Tim Otten [Sun, 5 Apr 2020 00:50:40 +0000 (17:50 -0700)]
Set version to 5.24.1
Seamus Lee [Fri, 3 Apr 2020 23:50:49 +0000 (10:50 +1100)]
Merge pull request #16972 from totten/5.24-seqcredit
dev/financial#84 - Fix upgrade failure. Thin-out activation logic for `sequentialcreditnotes`.
Tim Otten [Fri, 3 Apr 2020 22:22:44 +0000 (15:22 -0700)]
dev/financial#84 - Simplify upgrader. Fix "wp-demo" upgrade scenario.
Steps to reproduce
* Create a site based on `wp-demo` with Civi 5.21
* Make a DB snapshot
* Update code to 5.24
* In the web UI, run the DB upgrade
* Note: It's important to use the web UI. The problem does not reproduce in CLI.
The upgrader freezes on "Upgrade DB to 5.24.alpha1". The `CiviCRM.log` includes:
Apr 03 14:41:50 [info] Running task: Upgrade DB to 5.24.alpha1: SQL
Apr 03 14:41:55 [info] Running task: Install sequential creditnote extension
Apr 03 14:42:14 [info] $CRM_Queue_ErrorPolicy_reportError = Array
[is_error] => 1
[is_continue] => 0
[exception] => Error 1: Uncaught Error: Class 'CRM_Volunteer_Permission' not found in /home/me/bknix/build/wpmaster/web/wp-content/plugins/civicrm/civicrm/tools/extensions/civivolunteer/volunteer.php:497
Stack trace:
0 /home/me/bknix/build/wpmaster/web/wp-content/plugins/civicrm/civicrm/CRM/Utils/Hook.php(286): volunteer_civicrm_permission(Array)
1 /home/me/bknix/build/wpmaster/web/wp-content/plugins/civicrm/civicrm/CRM/Utils/Hook/WordPress.php(139): CRM_Utils_Hook->runHooks(Array, 'civicrm_permiss...', 1, Array, NULL, NULL, NULL, NULL, NULL)
2 /home/me/bknix/build/wpmaster/web/wp-content/plugins/civicrm/civicrm/Civi/Core/CiviEventDispatcher.php(86): CRM_Utils_Hook_WordPress->invokeViaUF(1, Array, NULL, NULL, NULL, NULL, NULL, 'civicrm_permiss...')
3 /home/me/bknix/build/wpmaster/web/wp-content/plugins/civicrm/civicrm/vendor/symfony/event-dispatcher/EventDispatcher.php(184): Civi\Core\CiviEventDispatcher::delegateToUF(Object(Civi\Core\Event\GenericHookEvent), 'hook_civicrm_p
[last_task_title] => Install sequential creditnote extension
The upgrade completes. After installation, the `sequentialcreditnotes` extension is active.
colemanw [Fri, 3 Apr 2020 15:30:42 +0000 (11:30 -0400)]
Merge pull request #16963 from seamuslee001/dev_core_1688_524
core#1688 - false positive on missing custom field check
Jon Goldberg [Thu, 2 Apr 2020 18:07:33 +0000 (14:07 -0400)]
core#1688 - false positive on missing custom field check
CiviCRM [Wed, 1 Apr 2020 23:48:38 +0000 (23:48 +0000)]
Set version to 5.24.0
Seamus Lee [Wed, 1 Apr 2020 20:40:40 +0000 (07:40 +1100)]
Merge pull request #16944 from alifrumin/5.24-rn
[NFC] adding late changes to release notes for 5.24
Alice Frumin [Wed, 1 Apr 2020 15:37:42 +0000 (11:37 -0400)]
late changes to release notes
Eileen McNaughton [Wed, 1 Apr 2020 02:32:53 +0000 (15:32 +1300)]
Merge pull request #16937 from seamuslee001/5.24
[REF] Fix handling of owner url parameter from Membership Dashboard
Seamus Lee [Wed, 1 Apr 2020 00:51:26 +0000 (11:51 +1100)]
[REF] Fix handling of owner url parameter from Membership Dashboard
Seamus Lee [Wed, 1 Apr 2020 00:45:40 +0000 (11:45 +1100)]
Merge pull request #16933 from eileenmcnaughton/member_search
dev/user-interface#14 Fix membership_status_id url handling (recent regression).
Seamus Lee [Wed, 1 Apr 2020 00:38:32 +0000 (11:38 +1100)]
Merge pull request #16930 from eileenmcnaughton/524
dev/core#1677 Fix multisite regression on domain membership types
colemanw [Tue, 31 Mar 2020 15:43:28 +0000 (11:43 -0400)]
Merge pull request #16932 from eileenmcnaughton/mailing_name
dev/core#1656 Remove duplicate label
eileen [Tue, 31 Mar 2020 08:31:44 +0000 (21:31 +1300)]
dev/user-interface#14 Fix membership_status_id url handling (recent regression).
The right fix here is to fix the xml to the field setting it to export & adding a uniquename.
However, with our search focus moving on to the new search functionality in the pipeline & us having had
a hiatus on dealing with search code I think this more conservative change + a rc focus makes sense
at the moment
eileen [Tue, 31 Mar 2020 07:25:15 +0000 (20:25 +1300)]
Remove duplicate label
Eileen McNaughton [Tue, 31 Mar 2020 05:57:54 +0000 (18:57 +1300)]
Merge pull request #16926 from demeritcowboy/quickfix-case-addtimeline
dev/core#1675 - Temporary regression fix for case add timeline
eileen [Tue, 31 Mar 2020 05:12:33 +0000 (18:12 +1300)]
dev/core#1677 Fix multisite regression on domain membership types
Fixes a regression where membership types bleed between domains
demeritcowboy [Mon, 30 Mar 2020 20:12:12 +0000 (16:12 -0400)]
temp workaround for dev/core#1675
Seamus Lee [Wed, 25 Mar 2020 02:45:54 +0000 (13:45 +1100)]
Merge pull request #16842 from demeritcowboy/lang-install-crash
dev/translation#40 - Fix crash when change language on installer page
Seamus Lee [Tue, 24 Mar 2020 23:46:40 +0000 (10:46 +1100)]
Merge pull request #16891 from seamuslee001/5_23_4_release_notes
Add release-notes/
Seamus Lee [Tue, 24 Mar 2020 23:45:56 +0000 (10:45 +1100)]
Merge pull request #16887 from totten/5.24-dbl-path
dev/joomla#26 - Fix path derivation when CMS is rooted in a subdir
Tim Otten [Tue, 24 Mar 2020 22:28:00 +0000 (15:28 -0700)]
Add release-notes/
Tim Otten [Tue, 24 Mar 2020 21:46:10 +0000 (14:46 -0700)]
(NFC) Update comments in PathsTest.php
Tim Otten [Tue, 24 Mar 2020 05:56:36 +0000 (22:56 -0700)]
dev/joomla#26 - Fix path derivation when CMS is rooted in a subdir
CiviCRM is deployed inside a CMS. The CMS is usually deployed at the HTTP root (``),
but it is sometimes deployed in a subdirectory (``).
Some asset URLs are computed using the variables `[civicrm.bower]`, `[civicrm.packages]`, and `[civicrm.vendor]`, which
are derived from the value of `[civicrm.root]`. However, if the site is deployed in a subdirectory, and if using v5.23,
then the computation of `[civicrm.bower]` (etc) can misbehave.
When the URL for `[civicrm.bower]` (or similar) is derived, it goes through multiple filters - first, from absolute to
relative, and then later from relative back to absolute. In the process, the base is inadvertently changed.
When the URL is derived, it is computed in absolute format - and simply kept that way.
Regarding test coverage, there are two relevant unit-tests. This PR only updates one.
* `E2E\Core\PathUrlTest`: This is a more concrete smoke test which demonstrates functional problems with variables like
`[civicrm.bower]`. It should already catch problems like dev/joomla#26... but only if you run the E2E suite on a system
where the CMS was deployed to a subdirectory. `civibuild` doesn't currently include such a build-type.
* `Civi\Core\PathsTest`: This is a more abstract, headless test to examine edge-cases in `Civi\Core\Paths`. It does not
specifically check for `[civicrm.bower]` or similar variables (b/c the URL routing is ill-defined in a headless context).
However, I've updated it to compare/contrast the working and non-working ways to derive variables.
Eileen McNaughton [Tue, 24 Mar 2020 00:45:43 +0000 (13:45 +1300)]
Merge pull request #16876 from colemanw/ssFix
Fix undefined index warning in SavedSearch api
Tim Otten [Mon, 23 Mar 2020 03:32:47 +0000 (20:32 -0700)]
Merge pull request #16702 from seamuslee001/5.24
bin/*, extern/* - Fix leak of "$config" in global namespace
Coleman Watts [Sat, 21 Mar 2020 19:32:06 +0000 (15:32 -0400)]
Fix undefined index warning in SavedSearch api
Eileen McNaughton [Fri, 20 Mar 2020 21:40:54 +0000 (10:40 +1300)]
Merge pull request #16834 from colemanw/apiGroup
APIv4 - Improve saveSearch popup in Explorer
Coleman Watts [Tue, 17 Mar 2020 20:28:14 +0000 (16:28 -0400)]
APIv4 - Improve saveSearch popup in Explorer
Eileen McNaughton [Thu, 19 Mar 2020 22:16:12 +0000 (11:16 +1300)]
Merge pull request #16858 from eileenmcnaughton/5.24
dev/core#1662 - Saved mappings doesn't work for all use cases
Jitendra Purohit [Thu, 19 Mar 2020 10:29:41 +0000 (15:59 +0530)]
dev/core#1662 - Saved mappings doesn't work for all use cases
Seamus Lee [Wed, 18 Mar 2020 23:50:38 +0000 (10:50 +1100)]
Merge pull request #16841 from seamuslee001/ckeditor_4_14_upgrade
Update CKEditor 4.14
demeritcowboy [Wed, 18 Mar 2020 22:30:44 +0000 (18:30 -0400)]
fix crash when change language on installer page
Seamus Lee [Wed, 18 Mar 2020 22:16:36 +0000 (09:16 +1100)]
Update CKEditor 4.14
Seamus Lee [Tue, 17 Mar 2020 22:09:24 +0000 (09:09 +1100)]
Merge pull request #16830 from alifrumin/rn-5.24
[NFC] release-notes 5.24 first pass
Alice Frumin [Mon, 9 Mar 2020 18:29:08 +0000 (14:29 -0400)]
release-notes 5.24 first pass
Seamus Lee [Mon, 16 Mar 2020 20:37:23 +0000 (07:37 +1100)]
Merge pull request #16752 from eileenmcnaughton/ext24
Fix fatal error on loading extension page when an extension has been deleted
Seamus Lee [Mon, 16 Mar 2020 06:15:16 +0000 (17:15 +1100)]
Merge pull request #16796 from seamuslee001/notes_5_23_3
Tim Otten [Mon, 16 Mar 2020 06:08:46 +0000 (23:08 -0700)]
Seamus Lee [Mon, 16 Mar 2020 03:51:27 +0000 (14:51 +1100)]
Merge pull request #16791 from totten/5.24-dot
(REF) dev/core#1637, dev/core#1651 - Restore format of packagesBase
Tim Otten [Mon, 16 Mar 2020 00:53:57 +0000 (17:53 -0700)]
(NFC) Document format of packagesBase, resourceBase.
Try to prevent future bounciness in changing these variables.
Tim Otten [Mon, 16 Mar 2020 00:52:26 +0000 (17:52 -0700)]
dev/core#1637 - Restore format of packagesBase
These use-cases had been tested during PR dev for 5.23.alpha, but they
regressed in 5.23.1. In 5.23.1's #16735, note item (5) and the flip-flop on
`/.` Item (5) references some greps to find references `/.` For obscure
reasons, the file `l10n.js.tpl` didn't match the greps.
Tim Otten [Mon, 16 Mar 2020 00:20:12 +0000 (17:20 -0700)]
Revert "inline editing not working and other js packages issues"
This reverts commit
Eileen McNaughton [Sun, 15 Mar 2020 22:29:21 +0000 (11:29 +1300)]
Merge pull request #16763 from eileenmcnaughton/mem_dash
dev/user-interface#14 Fix regression whereby links from membership dashboard don't work for export
Eileen McNaughton [Sun, 15 Mar 2020 22:26:02 +0000 (11:26 +1300)]
Merge pull request #16775 from demeritcowboy/fin-fatals
dev/core#1645 - (Test for) Fatal error when assigning account to financial type
Seamus Lee [Sun, 15 Mar 2020 20:08:03 +0000 (07:08 +1100)]
Merge pull request #16776 from eileenmcnaughton/fform
dev/core#1645 fix regression by removing form inheritance
Seamus Lee [Sun, 15 Mar 2020 19:34:26 +0000 (06:34 +1100)]
Merge pull request #16779 from demeritcowboy/inline-edit
dev/core#1651 and dev/core#1637 - Inline editing not working on many admin screens and other js packages issues
demeritcowboy [Sun, 15 Mar 2020 15:26:41 +0000 (11:26 -0400)]
inline editing not working and other js packages issues
eileen [Sat, 14 Mar 2020 21:38:28 +0000 (10:38 +1300)]
dev/core#1645 fix regression by removing form inheritence
The Assign Account form is failing to load because it inherits indirectly from CRM_Admin_Form which
now has a different visibility on the _id property.
I took a look and there really is no reason for this complex inheritence - this is a standalone form
and the setDefaults of the parent seems of no use, let alone the parent's parent.
Assign, edit & browse seem to still work fine
demeritcowboy [Sat, 14 Mar 2020 17:35:30 +0000 (13:35 -0400)]
fatal error when assigning account to financial type
Seamus Lee [Fri, 13 Mar 2020 10:03:53 +0000 (21:03 +1100)]
Merge pull request #16766 from seamuslee001/5_23_2_release_notes