Seamus Lee [Thu, 3 Sep 2020 02:25:40 +0000 (12:25 +1000)]
Merge pull request #18332 from totten/5.29-norm-basepage
dev/wordpress#73 - Be more forgiving about slash in wpBasePage
Tim Otten [Wed, 2 Sep 2020 23:34:27 +0000 (16:34 -0700)]
dev/wordpress#73 - Be more forgiving about slash in wpBasePage
Overview
--------
The correct functioning of `wpBasePage` depends on whether the administrator
omitted or added a trailing slash. This is apparent on URLs with a trailing slash, eg
```
http://wpmaster.bknix:8001/civicrm/contribute/transact/?reset=1&id=1
```
Make it less sensitive.
Before
------
URL is OK with default setting `wpBasePage=civicrm`
URL fails with setting `wpBasePage=civicrm/`
After
-----
URL is OK with either setting `wpBasePage=civicrm` or `wpBasePage=civicrm/`
Technical Details
-----------------
I believe the old symptom arose because of the formula which produces the WP
rewrite rules (`'^' . $config->wpBasePage . '/([^?]*)?'`) expects that
there is no trailing slash. You could theoretically patch there, but this
seems like it'll provide more thorough normalization.
When testing, the results affect the WP rewrite rules, so you may need to be particularly
aggressive about clearing caches whenever you make a change in code or settings, eg
```
wp cache flush ; cv flush; wp rewrite flush
```
Seamus Lee [Wed, 2 Sep 2020 21:23:46 +0000 (07:23 +1000)]
Merge pull request #18326 from agh1/5.29.0-releasenotes
5.29.0 release notes final
Andrew Hunt [Wed, 2 Sep 2020 19:19:00 +0000 (15:19 -0400)]
5.29.0 release notes: get sections in right order
Andrew Hunt [Wed, 2 Sep 2020 19:14:34 +0000 (15:14 -0400)]
5.29.0 release notes: finished writing
Alice Frumin [Tue, 1 Sep 2020 21:02:10 +0000 (17:02 -0400)]
sorting and annotating
Alice Frumin [Tue, 1 Sep 2020 18:15:29 +0000 (14:15 -0400)]
commenting and sorting
Alice Frumin [Tue, 1 Sep 2020 17:16:51 +0000 (13:16 -0400)]
5.29 Release Notes first pass
Seamus Lee [Wed, 2 Sep 2020 09:33:15 +0000 (19:33 +1000)]
Merge pull request #18319 from seamuslee001/5.29
5.28.4 release notes
Tim Otten [Tue, 1 Sep 2020 23:19:19 +0000 (16:19 -0700)]
Fix anchors in release-notes/5.28.3.md
Tim Otten [Tue, 1 Sep 2020 23:08:39 +0000 (16:08 -0700)]
Add release-notes/5.28.4.md
Eileen McNaughton [Wed, 2 Sep 2020 00:11:08 +0000 (12:11 +1200)]
Merge pull request #18272 from eileenmcnaughton/custchange
dev/core#1974 Fix incorrect handling of serialize key when changing custom field type
Eileen McNaughton [Wed, 2 Sep 2020 00:06:07 +0000 (12:06 +1200)]
Merge pull request #18307 from agh1/5.29.0-releasenotes-initial
5.29.0 release notes initial run
Eileen McNaughton [Wed, 2 Sep 2020 00:05:30 +0000 (12:05 +1200)]
Merge pull request #18310 from colemanw/revert-18005
Revert #18005 Fix buggy placement of icons
Noah Miller [Tue, 1 Sep 2020 22:23:25 +0000 (15:23 -0700)]
dev/core#1974 - ChangeFieldType - "Select (w/serialize)" field should be treated like older "Multi-Select" fields
Coleman Watts [Tue, 1 Sep 2020 20:48:57 +0000 (16:48 -0400)]
Revert #18005 Fix buggy placement of icons
Eileen McNaughton [Tue, 1 Sep 2020 19:43:56 +0000 (07:43 +1200)]
Merge pull request #18304 from highfalutin/noah/dev-core-1974
dev/core#1974: correct UI regression on custom field edit
Andrew Hunt [Tue, 1 Sep 2020 15:18:38 +0000 (11:18 -0400)]
5.29.0 release notes: yank changes already in 5.8.x
Andrew Hunt [Tue, 1 Sep 2020 15:18:07 +0000 (11:18 -0400)]
5.29.0 release notes: added boilerplate
Andrew Hunt [Tue, 1 Sep 2020 15:08:02 +0000 (11:08 -0400)]
5.29.0 release notes: raw from script
Seamus Lee [Tue, 1 Sep 2020 09:04:48 +0000 (19:04 +1000)]
Merge pull request #18290 from eileenmcnaughton/tax
dev/core#1983 Fix to tax calculation on multi-line-item
Noah Miller [Tue, 1 Sep 2020 06:38:30 +0000 (23:38 -0700)]
Custom field create/edit form: replace dysfunctional checkbox with static label in edit mode
Eileen McNaughton [Tue, 1 Sep 2020 00:14:35 +0000 (12:14 +1200)]
Merge pull request #18301 from demeritcowboy/dev-core-1982-5.29
dev/core#1982 - 5.29 version of PR 18282
demeritcowboy [Mon, 31 Aug 2020 21:58:56 +0000 (17:58 -0400)]
faulty check for simplexml node value - see also PR 18282
eileen [Sun, 30 Aug 2020 22:10:35 +0000 (10:10 +1200)]
dev/core#1983 Fix to tax calculation on multi-line-item
This is similar to https://github.com/civicrm/civicrm-core/pull/18284 - it differs in that the totals are calculated by iterating
through the line item array afterwards, rather than expecting the 'getLine' function to calculate totals. Some
obvious follow ups suggest themselves but I will look against master.
This is difficult to test (Karin gave it a really good shot) because of the weird way it's calculated in Main and thenn
used in Confirm. Cleanup should resolve the testability issue too
Seamus Lee [Fri, 28 Aug 2020 05:06:55 +0000 (15:06 +1000)]
Merge pull request #18271 from eileenmcnaughton/tax529
dev/core#1972 Fix tax_amount calclation on renewal form
eileen [Fri, 28 Aug 2020 02:06:57 +0000 (14:06 +1200)]
dev/core#1974 Fix incorrect handling of serialize key when changing custom field type
See https://lab.civicrm.org/dev/core/-/issues/1974
eileen [Fri, 28 Aug 2020 00:52:42 +0000 (12:52 +1200)]
dev/core#1972 Fix tax_amount calclation on renewal form
Seamus Lee [Sat, 22 Aug 2020 20:29:10 +0000 (06:29 +1000)]
Merge pull request #18230 from seamuslee001/5.29
Update contributor key for Andrew
Seamus Lee [Sat, 22 Aug 2020 09:32:19 +0000 (19:32 +1000)]
Update contributor key for Andrew
Tim Otten [Sat, 22 Aug 2020 09:32:32 +0000 (02:32 -0700)]
Merge pull request #18228 from seamuslee001/5.29
5.28.2 & 5.29.3 Release Notes
Tim Otten [Thu, 20 Aug 2020 05:34:44 +0000 (22:34 -0700)]
Add release-notes/5.28.2.md
Tim Otten [Sat, 22 Aug 2020 08:29:31 +0000 (01:29 -0700)]
Add release-notes/5.28.3.md
Seamus Lee [Sat, 22 Aug 2020 06:46:03 +0000 (16:46 +1000)]
Merge pull request #18223 from eileenmcnaughton/529deupe
dev/core#1964 Fix regression bug on deduping contacts with dedupe_exception matches
eileen [Fri, 21 Aug 2020 22:36:18 +0000 (10:36 +1200)]
dev/core#1964 Fix regression bug on deduping contacts with dedupe_exception matches
I want to do another pass on this & do more SELECT queries & less UPDATE queries so we are doing
less locking - but for now this should get us past the logged regression
Eileen McNaughton [Fri, 21 Aug 2020 21:54:20 +0000 (09:54 +1200)]
Merge pull request #18214 from eileenmcnaughton/dedupe
Fix dedupe regression whereby deleted contacts are found
eileen [Fri, 21 Aug 2020 03:40:07 +0000 (15:40 +1200)]
Fix dedupe regression whereby deleted contacts are found
This affects api calls where check_permissions = TRUE and getduplicates is called. This can be
done via the api (per this test) or ann easy UI way is with the deduper extension but it should
also affect the 'normal' dedupe screen.
Note that there can be cases where the dedupe results are cached into prevnext cache to hide this
Seamus Lee [Fri, 21 Aug 2020 04:27:45 +0000 (14:27 +1000)]
Merge pull request #18206 from chamilwijesooriya/issue-1959
dev/core#1959 Brick\Math\Exception\RoundingNecessaryException
Seamus Lee [Fri, 21 Aug 2020 04:27:13 +0000 (14:27 +1000)]
Merge pull request #18213 from eileenmcnaughton/is_deleted
Fix regression whereby deleted contacts are in quicksearch results
eileen [Fri, 21 Aug 2020 02:37:10 +0000 (14:37 +1200)]
Fix regression whereby deleted contacts are in quicksearch results
Chamil Wijesooriya [Thu, 20 Aug 2020 15:15:56 +0000 (16:15 +0100)]
dev/core#1959 Brick\Math\Exception\RoundingNecessaryException
Seamus Lee [Thu, 20 Aug 2020 20:51:08 +0000 (06:51 +1000)]
Merge pull request #18205 from demeritcowboy/expandy
dev/core#1963 - Expanded icon on manage groups appears as unknown icon
Seamus Lee [Thu, 20 Aug 2020 20:50:03 +0000 (06:50 +1000)]
Merge pull request #18204 from eileenmcnaughton/529
dev/core#1961 Fix regression - cancel button not working on recurring contributions
demeritcowboy [Thu, 20 Aug 2020 15:23:29 +0000 (11:23 -0400)]
specify font
eileen [Thu, 20 Aug 2020 11:08:27 +0000 (23:08 +1200)]
dev/core#1961 Fix regression - cancel button not working on recurring contributions
Note this form only shows for some processors. To test an easy way is to edit
CRM_Core_Payment::supportsCancelRecurring to return FALSE
Then attempt to cancel a recurring contribution - the cancel button does not launch a form
without this.
Regression from
https://github.com/civicrm/civicrm-core/pull/17178/files#diff-63d76bd172c85725aaf2e76247b86354L11
https://lab.civicrm.org/dev/core/-/issues/1961
Seamus Lee [Thu, 20 Aug 2020 06:49:09 +0000 (16:49 +1000)]
Merge pull request #18200 from seamuslee001/5.29
(dev/core#1846) Container, ClassLoader Caches - Separate caches by ve…
Tim Otten [Thu, 2 Jul 2020 21:03:34 +0000 (14:03 -0700)]
(dev/core#1846) Container, ClassLoader Caches - Separate caches by version number
Before
------
If you load a new version of the CiviCRM codebase, then a freshness check
should cause the container cache to reset automatically (based on the fact
that various files have new timestamps).
However, it's possible that some kind of bug or omission prevents this from working.
Many developers won't notice such a bug because they're obsessive-compulsive
about clearing caches anyway.
After
-----
If you load a new version of the CiviCRM codebase, then it should use a new
container cache - regardless of how well the freshness check works.
Seamus Lee [Thu, 20 Aug 2020 02:48:58 +0000 (12:48 +1000)]
Jenkins style fix
Tim Otten [Thu, 20 Aug 2020 00:40:15 +0000 (17:40 -0700)]
Copy-edits for 5.28.1.md
Seamus Lee [Wed, 19 Aug 2020 07:41:16 +0000 (17:41 +1000)]
Add in release notes for 5.28.1
Seamus Lee [Wed, 5 Aug 2020 20:31:22 +0000 (06:31 +1000)]
security/core#95 Purify Summary and description fields for events on the event info and event cart screens
Seamus Lee [Wed, 5 Aug 2020 23:46:33 +0000 (09:46 +1000)]
security/core#96 Escape the profile description field
Seamus Lee [Wed, 5 Aug 2020 23:57:26 +0000 (09:57 +1000)]
Apply edit groups permission check to the button not the generaal permissionedForGroup check
Seamus Lee [Tue, 28 Jul 2020 03:48:39 +0000 (13:48 +1000)]
[REF] Only show button to edit smart group if user has permissions
Seamus Lee [Wed, 29 Apr 2020 07:53:46 +0000 (17:53 +1000)]
Security/core#61 Limit Access to update smart group task to only if the logged in user has edit groups permission.
Put a permission restriction on loading page without manage groups permission when saved search id is specified in the URL
Seamus Lee [Wed, 15 Jul 2020 03:00:33 +0000 (13:00 +1000)]
security/core#94 Escape subject content when loading the Activity list for a contact
Coleman Watts [Fri, 3 Jul 2020 02:37:03 +0000 (22:37 -0400)]
Fix auto-refresh of CKEditor configurator form
Coleman Watts [Thu, 28 May 2020 20:26:47 +0000 (16:26 -0400)]
Convert CK Config form to quickform
Coleman Watts [Thu, 28 May 2020 19:15:26 +0000 (15:15 -0400)]
CKEditor Config - Validate input before saving config file
Also removes support for 'customConfig' supplimental file.
Coleman Watts [Thu, 28 May 2020 19:08:43 +0000 (15:08 -0400)]
CRM_Utils_JS - Improve validation of strings
Runs strings through json_decode to ensure they are valid.
Optionally throws an exception on error.
Seamus Lee [Fri, 29 May 2020 07:17:04 +0000 (17:17 +1000)]
security/core#78 Purify HTML of activity details field when viewing the activity
Tim Otten [Mon, 6 Apr 2020 08:07:12 +0000 (01:07 -0700)]
CRM_Core_Key - Strengthen signature algorithm
This alters the qfKey signature algorithm, with a few aims:
1. If someone wants to perform a brute-force to figure the per-session
private-key, we want it go slow. Therefore, use a slower hash (ie
HMAC-SHA256 instead of MD5).
2. If someone performs a timing attack aimed at figuring a passable qfKey,
the execution-time for `validate()` should not provide any hints.
3. If someone finds a way to manipulate one of the constituent parts
($sessionID, $name, $privateKey), we want it to be hard to create a
collsion. So... (a) Use HMAC instead of a vanilla hash. (b) Use delimiters
between the data sections ($sessionID, $name).
Tim Otten [Mon, 6 Apr 2020 06:33:55 +0000 (23:33 -0700)]
CRM_Core_Key - Improve entropy of "privateKey"
In PHP 4/5, there was no good, universal source of entropy. The old code
mitigated this by aggregating mediocre sources. On my system, it appears
to be roughly:
* 2^31 for each `mt_rand()`
* 10^8 =~ 2^26 for each `uniqid(...TRUE)` (after discounting the non-random right half of the uniqid).
So that's ~114 bits (albeit low-quality bits).
In PHP 7, the docs describe `random_bytes()` as "generat[ing] cryptographically secure pseudo-random bytes."
Seamus Lee [Thu, 28 May 2020 07:46:06 +0000 (17:46 +1000)]
Additional code from Drupal's implementation
Seamus Lee [Thu, 28 May 2020 07:43:19 +0000 (17:43 +1000)]
Update to use code from Drupal's patch
Seamus Lee [Thu, 28 May 2020 06:00:57 +0000 (16:00 +1000)]
Patch jQuery for CVE-2020-11022 and CVE-2020-11023
Coleman Watts [Tue, 12 May 2020 14:14:32 +0000 (10:14 -0400)]
security/core#81 Escape html in CRM_Core_LegacyErrorHandler messages
Seamus Lee [Tue, 12 May 2020 05:07:32 +0000 (15:07 +1000)]
security/core#74 Prevent CSRF in CKEditor Config screen by switching to using Quickform built form
Eileen McNaughton [Wed, 19 Aug 2020 03:47:37 +0000 (15:47 +1200)]
Merge pull request #18180 from eileenmcnaughton/recur
dev/core#1945 Fix recur access regression
eileen [Mon, 17 Aug 2020 09:17:09 +0000 (21:17 +1200)]
dev/core#1945 Fix recur access regression
Eileen McNaughton [Tue, 18 Aug 2020 04:20:46 +0000 (16:20 +1200)]
Merge pull request #18174 from demeritcowboy/d8-upgrade-warning
dev/core#1937 - Upgrade message about needing composer patching turned on and updating mysql in DSN strings
Eileen McNaughton [Tue, 18 Aug 2020 03:24:14 +0000 (15:24 +1200)]
Merge pull request #18185 from civicrm/revert-18091-xbutton-529
Revert "Swap out button/submit inputs for button elements"
colemanw [Tue, 18 Aug 2020 00:49:42 +0000 (20:49 -0400)]
Revert "Swap out button/submit inputs for button elements"
demeritcowboy [Sun, 16 Aug 2020 21:24:04 +0000 (17:24 -0400)]
upgrade message about composer patches
Seamus Lee [Sun, 16 Aug 2020 23:26:35 +0000 (09:26 +1000)]
Merge pull request #18175 from demeritcowboy/installation-doclinks
Installation doclinks not getting url-rewritten
demeritcowboy [Sun, 16 Aug 2020 22:29:50 +0000 (18:29 -0400)]
installation doclinks
Seamus Lee [Sun, 16 Aug 2020 21:00:19 +0000 (07:00 +1000)]
Merge pull request #18166 from demeritcowboy/cvv-required
cvv required html attribute should depend on backoffice setting
demeritcowboy [Sun, 16 Aug 2020 01:43:21 +0000 (21:43 -0400)]
required
Seamus Lee [Sun, 16 Aug 2020 01:28:13 +0000 (11:28 +1000)]
Merge pull request #18163 from seamuslee001/5.29
[REF] Remove unnecessary comma
Seamus Lee [Sat, 15 Aug 2020 23:31:54 +0000 (09:31 +1000)]
[REF] Remove unnecessary comma
Seamus Lee [Sat, 15 Aug 2020 20:48:05 +0000 (06:48 +1000)]
Merge pull request #18133 from eileenmcnaughton/utf529
Fix 5.29 (unreleased) regression using temp tables
Eileen McNaughton [Sat, 15 Aug 2020 00:56:41 +0000 (12:56 +1200)]
Merge pull request #18149 from seamuslee001/dev_core_1952
dev/core#1952 Remove uncessary component checking when exporting all …
eileen [Wed, 12 Aug 2020 04:20:38 +0000 (16:20 +1200)]
Fix 5.29 regression using temp tables
I just pushed 5.29rc through our WMF CI & it failed on a situation where it created a temp
table and that got joined on a non-temp table with a collation mix error. The issue is that the
DB default is set to utf8_general_ci (at least on our development DBs) whereas the
civicrm tables are utf8_unicode_ci. Until https://github.com/civicrm/civicrm-core/pull/18012/files
there was a list of permitted matches for db collation but now any 'utf' string matches.
From what I can tell utf8_general_ci is a pretty common collation on drupal DBs and from my tests
it causes problems if not excluded here
Seamus Lee [Fri, 14 Aug 2020 23:22:08 +0000 (09:22 +1000)]
dev/core#1952 Remove uncessary component checking when exporting all activities
Seamus Lee [Fri, 14 Aug 2020 23:04:42 +0000 (09:04 +1000)]
Merge pull request #18144 from seamuslee001/dev_core_1953
dev/core#1953 Ensure that Contribution pages do not fail validation o…
Seamus Lee [Fri, 14 Aug 2020 21:09:00 +0000 (07:09 +1000)]
dev/core#1953 Ensure that Contribution pages do not fail validation on credit cards when a zero dollar price is offered
Seamus Lee [Tue, 11 Aug 2020 23:23:36 +0000 (09:23 +1000)]
Merge pull request #18126 from eileenmcnaughton/dupe529
dev/core#1934 fix regression on merging contacts with settings using contact_id
Seamus Lee [Tue, 11 Aug 2020 22:49:39 +0000 (08:49 +1000)]
Merge pull request #18123 from seamuslee001/dev_core_1936_alternate
dev/core#1936 Make the price field value label field not required
eileen [Tue, 11 Aug 2020 21:38:05 +0000 (09:38 +1200)]
dev/core#1934 fix regression on merging contacts with settings using contact_id
This is an interim fix to a reported regression. I'll look at more carefully in master when time permits
Seamus Lee [Tue, 11 Aug 2020 00:09:36 +0000 (10:09 +1000)]
dev/core#1936 Make the price field value label field not required
Fix test and ensure default value is NULL
Matthew Wire [Mon, 10 Aug 2020 12:42:37 +0000 (13:42 +0100)]
Merge pull request #18091 from agh1/xbutton-529
Swap out button/submit inputs for button elements
Seamus Lee [Sat, 8 Aug 2020 04:27:00 +0000 (14:27 +1000)]
Merge pull request #18101 from demeritcowboy/eventcart-settingcheck
dev/event#40 - EventCart - Check legacy setting until extension is public
demeritcowboy [Sat, 8 Aug 2020 00:59:20 +0000 (20:59 -0400)]
check legacy setting until extension is public
Seamus Lee [Sat, 8 Aug 2020 00:09:19 +0000 (10:09 +1000)]
Merge pull request #18068 from seamuslee001/dev_wordpress_66
dev/wordpress#66 Re-instate newer variables but with more support for…
Eileen McNaughton [Fri, 7 Aug 2020 22:59:19 +0000 (10:59 +1200)]
Merge pull request #18092 from seamuslee001/preimum_onbehalfof_fix
[REF] Fix jquery validation for on behalf of fields when combined wit…
Seamus Lee [Fri, 7 Aug 2020 02:09:55 +0000 (12:09 +1000)]
[REF] Fix jquery validation for on behalf of fields when combined with a preimum
Seamus Lee [Thu, 6 Aug 2020 22:53:24 +0000 (08:53 +1000)]
Merge pull request #17950 from lcdservices/dev-core-1895
dev/core#1895 fix first/last name adv search
Andrew Hunt [Thu, 6 Aug 2020 22:17:31 +0000 (18:17 -0400)]
More radical cleanup of button CSS
Andrew Hunt [Thu, 6 Aug 2020 22:00:58 +0000 (18:00 -0400)]
Fix CSS for new buttons
Andrew Hunt [Thu, 6 Aug 2020 20:06:56 +0000 (16:06 -0400)]
Fix JS for input buttons that are now button buttons