Seamus Lee [Sat, 22 Aug 2020 06:46:03 +0000 (16:46 +1000)]
Merge pull request #18223 from eileenmcnaughton/529deupe
dev/core#1964 Fix regression bug on deduping contacts with dedupe_exception matches
eileen [Fri, 21 Aug 2020 22:36:18 +0000 (10:36 +1200)]
dev/core#1964 Fix regression bug on deduping contacts with dedupe_exception matches
I want to do another pass on this & do more SELECT queries & less UPDATE queries so we are doing
less locking - but for now this should get us past the logged regression
Eileen McNaughton [Fri, 21 Aug 2020 21:54:20 +0000 (09:54 +1200)]
Merge pull request #18214 from eileenmcnaughton/dedupe
Fix dedupe regression whereby deleted contacts are found
eileen [Fri, 21 Aug 2020 03:40:07 +0000 (15:40 +1200)]
Fix dedupe regression whereby deleted contacts are found
This affects api calls where check_permissions = TRUE and getduplicates is called. This can be
done via the api (per this test) or ann easy UI way is with the deduper extension but it should
also affect the 'normal' dedupe screen.
Note that there can be cases where the dedupe results are cached into prevnext cache to hide this
Seamus Lee [Fri, 21 Aug 2020 04:27:45 +0000 (14:27 +1000)]
Merge pull request #18206 from chamilwijesooriya/issue-1959
dev/core#1959 Brick\Math\Exception\RoundingNecessaryException
Seamus Lee [Fri, 21 Aug 2020 04:27:13 +0000 (14:27 +1000)]
Merge pull request #18213 from eileenmcnaughton/is_deleted
Fix regression whereby deleted contacts are in quicksearch results
eileen [Fri, 21 Aug 2020 02:37:10 +0000 (14:37 +1200)]
Fix regression whereby deleted contacts are in quicksearch results
Chamil Wijesooriya [Thu, 20 Aug 2020 15:15:56 +0000 (16:15 +0100)]
dev/core#1959 Brick\Math\Exception\RoundingNecessaryException
Seamus Lee [Thu, 20 Aug 2020 20:51:08 +0000 (06:51 +1000)]
Merge pull request #18205 from demeritcowboy/expandy
dev/core#1963 - Expanded icon on manage groups appears as unknown icon
Seamus Lee [Thu, 20 Aug 2020 20:50:03 +0000 (06:50 +1000)]
Merge pull request #18204 from eileenmcnaughton/529
dev/core#1961 Fix regression - cancel button not working on recurring contributions
demeritcowboy [Thu, 20 Aug 2020 15:23:29 +0000 (11:23 -0400)]
specify font
eileen [Thu, 20 Aug 2020 11:08:27 +0000 (23:08 +1200)]
dev/core#1961 Fix regression - cancel button not working on recurring contributions
Note this form only shows for some processors. To test an easy way is to edit
CRM_Core_Payment::supportsCancelRecurring to return FALSE
Then attempt to cancel a recurring contribution - the cancel button does not launch a form
without this.
Regression from
https://github.com/civicrm/civicrm-core/pull/17178/files#diff-63d76bd172c85725aaf2e76247b86354L11
https://lab.civicrm.org/dev/core/-/issues/1961
Seamus Lee [Thu, 20 Aug 2020 06:49:09 +0000 (16:49 +1000)]
Merge pull request #18200 from seamuslee001/5.29
(dev/core#1846) Container, ClassLoader Caches - Separate caches by ve…
Tim Otten [Thu, 2 Jul 2020 21:03:34 +0000 (14:03 -0700)]
(dev/core#1846) Container, ClassLoader Caches - Separate caches by version number
Before
------
If you load a new version of the CiviCRM codebase, then a freshness check
should cause the container cache to reset automatically (based on the fact
that various files have new timestamps).
However, it's possible that some kind of bug or omission prevents this from working.
Many developers won't notice such a bug because they're obsessive-compulsive
about clearing caches anyway.
After
-----
If you load a new version of the CiviCRM codebase, then it should use a new
container cache - regardless of how well the freshness check works.
Seamus Lee [Thu, 20 Aug 2020 02:48:58 +0000 (12:48 +1000)]
Jenkins style fix
Tim Otten [Thu, 20 Aug 2020 00:40:15 +0000 (17:40 -0700)]
Copy-edits for 5.28.1.md
Seamus Lee [Wed, 19 Aug 2020 07:41:16 +0000 (17:41 +1000)]
Add in release notes for 5.28.1
Seamus Lee [Wed, 5 Aug 2020 20:31:22 +0000 (06:31 +1000)]
security/core#95 Purify Summary and description fields for events on the event info and event cart screens
Seamus Lee [Wed, 5 Aug 2020 23:46:33 +0000 (09:46 +1000)]
security/core#96 Escape the profile description field
Seamus Lee [Wed, 5 Aug 2020 23:57:26 +0000 (09:57 +1000)]
Apply edit groups permission check to the button not the generaal permissionedForGroup check
Seamus Lee [Tue, 28 Jul 2020 03:48:39 +0000 (13:48 +1000)]
[REF] Only show button to edit smart group if user has permissions
Seamus Lee [Wed, 29 Apr 2020 07:53:46 +0000 (17:53 +1000)]
Security/core#61 Limit Access to update smart group task to only if the logged in user has edit groups permission.
Put a permission restriction on loading page without manage groups permission when saved search id is specified in the URL
Seamus Lee [Wed, 15 Jul 2020 03:00:33 +0000 (13:00 +1000)]
security/core#94 Escape subject content when loading the Activity list for a contact
Coleman Watts [Fri, 3 Jul 2020 02:37:03 +0000 (22:37 -0400)]
Fix auto-refresh of CKEditor configurator form
Coleman Watts [Thu, 28 May 2020 20:26:47 +0000 (16:26 -0400)]
Convert CK Config form to quickform
Coleman Watts [Thu, 28 May 2020 19:15:26 +0000 (15:15 -0400)]
CKEditor Config - Validate input before saving config file
Also removes support for 'customConfig' supplimental file.
Coleman Watts [Thu, 28 May 2020 19:08:43 +0000 (15:08 -0400)]
CRM_Utils_JS - Improve validation of strings
Runs strings through json_decode to ensure they are valid.
Optionally throws an exception on error.
Seamus Lee [Fri, 29 May 2020 07:17:04 +0000 (17:17 +1000)]
security/core#78 Purify HTML of activity details field when viewing the activity
Tim Otten [Mon, 6 Apr 2020 08:07:12 +0000 (01:07 -0700)]
CRM_Core_Key - Strengthen signature algorithm
This alters the qfKey signature algorithm, with a few aims:
1. If someone wants to perform a brute-force to figure the per-session
private-key, we want it go slow. Therefore, use a slower hash (ie
HMAC-SHA256 instead of MD5).
2. If someone performs a timing attack aimed at figuring a passable qfKey,
the execution-time for `validate()` should not provide any hints.
3. If someone finds a way to manipulate one of the constituent parts
($sessionID, $name, $privateKey), we want it to be hard to create a
collsion. So... (a) Use HMAC instead of a vanilla hash. (b) Use delimiters
between the data sections ($sessionID, $name).
Tim Otten [Mon, 6 Apr 2020 06:33:55 +0000 (23:33 -0700)]
CRM_Core_Key - Improve entropy of "privateKey"
In PHP 4/5, there was no good, universal source of entropy. The old code
mitigated this by aggregating mediocre sources. On my system, it appears
to be roughly:
* 2^31 for each `mt_rand()`
* 10^8 =~ 2^26 for each `uniqid(...TRUE)` (after discounting the non-random right half of the uniqid).
So that's ~114 bits (albeit low-quality bits).
In PHP 7, the docs describe `random_bytes()` as "generat[ing] cryptographically secure pseudo-random bytes."
Seamus Lee [Thu, 28 May 2020 07:46:06 +0000 (17:46 +1000)]
Additional code from Drupal's implementation
Seamus Lee [Thu, 28 May 2020 07:43:19 +0000 (17:43 +1000)]
Update to use code from Drupal's patch
Seamus Lee [Thu, 28 May 2020 06:00:57 +0000 (16:00 +1000)]
Patch jQuery for CVE-2020-11022 and CVE-2020-11023
Coleman Watts [Tue, 12 May 2020 14:14:32 +0000 (10:14 -0400)]
security/core#81 Escape html in CRM_Core_LegacyErrorHandler messages
Seamus Lee [Tue, 12 May 2020 05:07:32 +0000 (15:07 +1000)]
security/core#74 Prevent CSRF in CKEditor Config screen by switching to using Quickform built form
Eileen McNaughton [Wed, 19 Aug 2020 03:47:37 +0000 (15:47 +1200)]
Merge pull request #18180 from eileenmcnaughton/recur
dev/core#1945 Fix recur access regression
eileen [Mon, 17 Aug 2020 09:17:09 +0000 (21:17 +1200)]
dev/core#1945 Fix recur access regression
Eileen McNaughton [Tue, 18 Aug 2020 04:20:46 +0000 (16:20 +1200)]
Merge pull request #18174 from demeritcowboy/d8-upgrade-warning
dev/core#1937 - Upgrade message about needing composer patching turned on and updating mysql in DSN strings
Eileen McNaughton [Tue, 18 Aug 2020 03:24:14 +0000 (15:24 +1200)]
Merge pull request #18185 from civicrm/revert-18091-xbutton-529
Revert "Swap out button/submit inputs for button elements"
colemanw [Tue, 18 Aug 2020 00:49:42 +0000 (20:49 -0400)]
Revert "Swap out button/submit inputs for button elements"
demeritcowboy [Sun, 16 Aug 2020 21:24:04 +0000 (17:24 -0400)]
upgrade message about composer patches
Seamus Lee [Sun, 16 Aug 2020 23:26:35 +0000 (09:26 +1000)]
Merge pull request #18175 from demeritcowboy/installation-doclinks
Installation doclinks not getting url-rewritten
demeritcowboy [Sun, 16 Aug 2020 22:29:50 +0000 (18:29 -0400)]
installation doclinks
Seamus Lee [Sun, 16 Aug 2020 21:00:19 +0000 (07:00 +1000)]
Merge pull request #18166 from demeritcowboy/cvv-required
cvv required html attribute should depend on backoffice setting
demeritcowboy [Sun, 16 Aug 2020 01:43:21 +0000 (21:43 -0400)]
required
Seamus Lee [Sun, 16 Aug 2020 01:28:13 +0000 (11:28 +1000)]
Merge pull request #18163 from seamuslee001/5.29
[REF] Remove unnecessary comma
Seamus Lee [Sat, 15 Aug 2020 23:31:54 +0000 (09:31 +1000)]
[REF] Remove unnecessary comma
Seamus Lee [Sat, 15 Aug 2020 20:48:05 +0000 (06:48 +1000)]
Merge pull request #18133 from eileenmcnaughton/utf529
Fix 5.29 (unreleased) regression using temp tables
Eileen McNaughton [Sat, 15 Aug 2020 00:56:41 +0000 (12:56 +1200)]
Merge pull request #18149 from seamuslee001/dev_core_1952
dev/core#1952 Remove uncessary component checking when exporting all …
eileen [Wed, 12 Aug 2020 04:20:38 +0000 (16:20 +1200)]
Fix 5.29 regression using temp tables
I just pushed 5.29rc through our WMF CI & it failed on a situation where it created a temp
table and that got joined on a non-temp table with a collation mix error. The issue is that the
DB default is set to utf8_general_ci (at least on our development DBs) whereas the
civicrm tables are utf8_unicode_ci. Until https://github.com/civicrm/civicrm-core/pull/18012/files
there was a list of permitted matches for db collation but now any 'utf' string matches.
From what I can tell utf8_general_ci is a pretty common collation on drupal DBs and from my tests
it causes problems if not excluded here
Seamus Lee [Fri, 14 Aug 2020 23:22:08 +0000 (09:22 +1000)]
dev/core#1952 Remove uncessary component checking when exporting all activities
Seamus Lee [Fri, 14 Aug 2020 23:04:42 +0000 (09:04 +1000)]
Merge pull request #18144 from seamuslee001/dev_core_1953
dev/core#1953 Ensure that Contribution pages do not fail validation o…
Seamus Lee [Fri, 14 Aug 2020 21:09:00 +0000 (07:09 +1000)]
dev/core#1953 Ensure that Contribution pages do not fail validation on credit cards when a zero dollar price is offered
Seamus Lee [Tue, 11 Aug 2020 23:23:36 +0000 (09:23 +1000)]
Merge pull request #18126 from eileenmcnaughton/dupe529
dev/core#1934 fix regression on merging contacts with settings using contact_id
Seamus Lee [Tue, 11 Aug 2020 22:49:39 +0000 (08:49 +1000)]
Merge pull request #18123 from seamuslee001/dev_core_1936_alternate
dev/core#1936 Make the price field value label field not required
eileen [Tue, 11 Aug 2020 21:38:05 +0000 (09:38 +1200)]
dev/core#1934 fix regression on merging contacts with settings using contact_id
This is an interim fix to a reported regression. I'll look at more carefully in master when time permits
Seamus Lee [Tue, 11 Aug 2020 00:09:36 +0000 (10:09 +1000)]
dev/core#1936 Make the price field value label field not required
Fix test and ensure default value is NULL
Matthew Wire [Mon, 10 Aug 2020 12:42:37 +0000 (13:42 +0100)]
Merge pull request #18091 from agh1/xbutton-529
Swap out button/submit inputs for button elements
Seamus Lee [Sat, 8 Aug 2020 04:27:00 +0000 (14:27 +1000)]
Merge pull request #18101 from demeritcowboy/eventcart-settingcheck
dev/event#40 - EventCart - Check legacy setting until extension is public
demeritcowboy [Sat, 8 Aug 2020 00:59:20 +0000 (20:59 -0400)]
check legacy setting until extension is public
Seamus Lee [Sat, 8 Aug 2020 00:09:19 +0000 (10:09 +1000)]
Merge pull request #18068 from seamuslee001/dev_wordpress_66
dev/wordpress#66 Re-instate newer variables but with more support for…
Eileen McNaughton [Fri, 7 Aug 2020 22:59:19 +0000 (10:59 +1200)]
Merge pull request #18092 from seamuslee001/preimum_onbehalfof_fix
[REF] Fix jquery validation for on behalf of fields when combined wit…
Seamus Lee [Fri, 7 Aug 2020 02:09:55 +0000 (12:09 +1000)]
[REF] Fix jquery validation for on behalf of fields when combined with a preimum
Seamus Lee [Thu, 6 Aug 2020 22:53:24 +0000 (08:53 +1000)]
Merge pull request #17950 from lcdservices/dev-core-1895
dev/core#1895 fix first/last name adv search
Andrew Hunt [Thu, 6 Aug 2020 22:17:31 +0000 (18:17 -0400)]
More radical cleanup of button CSS
Andrew Hunt [Thu, 6 Aug 2020 22:00:58 +0000 (18:00 -0400)]
Fix CSS for new buttons
Andrew Hunt [Thu, 6 Aug 2020 20:06:56 +0000 (16:06 -0400)]
Fix JS for input buttons that are now button buttons
Andrew Hunt [Thu, 6 Aug 2020 19:36:47 +0000 (15:36 -0400)]
Remove deprecated submitOnce js function
Andrew Hunt [Thu, 6 Aug 2020 18:57:11 +0000 (14:57 -0400)]
No need for crm-button wrappers for real buttons
Andrew Hunt [Thu, 6 Aug 2020 17:55:52 +0000 (13:55 -0400)]
Give buttons a value when the submitted value is used to identify them
Andrew Hunt [Thu, 6 Aug 2020 17:12:36 +0000 (13:12 -0400)]
Put icons inside of button elements
Andrew Hunt [Thu, 6 Aug 2020 15:19:56 +0000 (11:19 -0400)]
Swap out button/submit inputs for button elements
Seamus Lee [Thu, 6 Aug 2020 22:35:44 +0000 (08:35 +1000)]
Merge pull request #18088 from agh1/forcebackend
dev/core#1905 force backend links for new "configure" buttons
Seamus Lee [Thu, 6 Aug 2020 21:27:55 +0000 (07:27 +1000)]
Merge pull request #18085 from totten/5.29-periodic
dev/core#1932 - Make status-checks more polite during upgrade
Seamus Lee [Tue, 4 Aug 2020 20:59:25 +0000 (06:59 +1000)]
dev/wordpress#66 Re-instate newer variables but with more support for legacy file systems
Andrew Hunt [Thu, 6 Aug 2020 18:31:40 +0000 (14:31 -0400)]
dev/core#1905 force backend links for new "configure" buttons
Tim Otten [Thu, 6 Aug 2020 09:04:36 +0000 (02:04 -0700)]
dev/core#1932 - Make status-checks more polite during upgrade
Before
------
If you happen to run a status-check (eg `showPeriodicAlerts()`) in the interim between
downloading code and running DB upgrades, then you'll get weird failures.
After
-----
The status-checks are able to complete.
Technical Details
-----------------
(1) I figure that this conditional is lightweight because it relies on data
that's read-once and then cached in memory:
```
CRM_Utils_System::version() !== CRM_Core_BAO_Domain::version()
```
(2) The easiest way to reproduce is to get a DB from before 4.7 and coerce
`CRM_Utils_Check::CHECK_TIMER`.
CiviCRM [Thu, 6 Aug 2020 06:23:07 +0000 (06:23 +0000)]
Set version to 5.29.beta1
Seamus Lee [Thu, 6 Aug 2020 03:54:01 +0000 (13:54 +1000)]
Merge pull request #18080 from seamuslee001/dev_core_1928
dev/core#1928 Fix HTML5 error due to required attribute being set swi…
Seamus Lee [Thu, 6 Aug 2020 03:25:30 +0000 (13:25 +1000)]
Merge pull request #18084 from civicrm/5.28
5.28
Tim Otten [Thu, 6 Aug 2020 03:23:56 +0000 (20:23 -0700)]
Merge pull request #18083 from totten/5.28-rn
(NFC) 5.28.0.md - Describe last minute PR. Random copyedits.
Seamus Lee [Thu, 6 Aug 2020 02:53:29 +0000 (12:53 +1000)]
Merge pull request #18082 from seamuslee001/master
5.28
Tim Otten [Thu, 6 Aug 2020 02:47:27 +0000 (19:47 -0700)]
5.28.0.md - Describe last minute PR. Random copyedits.
Seamus Lee [Thu, 6 Aug 2020 02:38:20 +0000 (12:38 +1000)]
Merge in 5.28
Seamus Lee [Thu, 6 Aug 2020 02:35:59 +0000 (12:35 +1000)]
Merge pull request #18079 from eileenmcnaughton/528
dev/core#1930 fix for move-related checkbox being overridden to true …
Seamus Lee [Thu, 6 Aug 2020 01:18:33 +0000 (11:18 +1000)]
dev/core#1928 Fix HTML5 error due to required attribute being set switch to using a class as jquery.validation picks up the class as well
eileen [Thu, 6 Aug 2020 00:50:43 +0000 (12:50 +1200)]
dev/core#1930 fix for move-related checkbox being overridden to true in form
Seamus Lee [Wed, 5 Aug 2020 23:16:02 +0000 (09:16 +1000)]
Merge pull request #18078 from eileenmcnaughton/directp
dev/financial#135 Remove stub function from payflowPro
Seamus Lee [Wed, 5 Aug 2020 22:14:57 +0000 (08:14 +1000)]
Merge pull request #18077 from civicrm/5.28
5.28
Seamus Lee [Wed, 5 Aug 2020 21:20:04 +0000 (07:20 +1000)]
Merge pull request #18000 from eileenmcnaughton/brn
Fix button name on updated form
eileen [Wed, 5 Aug 2020 21:05:56 +0000 (09:05 +1200)]
Remove stub function
We used to do this, we don't now
Mathieu Lu [Wed, 5 Aug 2020 20:33:23 +0000 (16:33 -0400)]
Merge pull request #18074 from agh1/5.28.0-releasenotes-final
5.28.0 release notes final edits
Andrew Hunt [Wed, 5 Aug 2020 18:50:10 +0000 (14:50 -0400)]
5.28.0 release notes: added late changes
Andrew Hunt [Wed, 5 Aug 2020 16:04:32 +0000 (12:04 -0400)]
5.28.0 release notes: misc edits
Eileen McNaughton [Wed, 5 Aug 2020 12:20:24 +0000 (00:20 +1200)]
Merge pull request #18073 from seamuslee001/provider_test_php74
[NFC] Fix provider unit test on PHP7.4
Eileen McNaughton [Wed, 5 Aug 2020 12:18:52 +0000 (00:18 +1200)]
Merge pull request #17981 from eileenmcnaughton/merge_form
[REF] Move handling of form elements back to the Form
Matthew Wire [Wed, 5 Aug 2020 10:26:48 +0000 (11:26 +0100)]
Merge pull request #18071 from eileenmcnaughton/anet
Do not pass-by-reference to recur function
Matthew Wire [Wed, 5 Aug 2020 10:26:16 +0000 (11:26 +0100)]
Merge pull request #18072 from eileenmcnaughton/manual
dev/financial#135 Remove unreachable doDirectPayment from manual processor
Seamus Lee [Wed, 5 Aug 2020 10:14:03 +0000 (20:14 +1000)]
[NFC] Fix provider unit test on PHP7.4
Matthew Wire [Wed, 5 Aug 2020 09:57:03 +0000 (10:57 +0100)]
Merge pull request #18049 from christianwach/lab-core-1891
Refactor "applyLocale" and remove references to "language" column in UFMatch table