Seamus Lee [Fri, 20 Jul 2018 21:57:25 +0000 (07:57 +1000)]
Merge pull request #12524 from mukeshcompucorp/SHOR-9-regression-issues-advanced-search
Shoreditch support: Fix following change in core that resulted in visual regression in shoreditch in advanced search
colemanw [Fri, 20 Jul 2018 19:23:24 +0000 (15:23 -0400)]
Merge pull request #12518 from eileenmcnaughton/export_notice_tests
Export : Add a lot of unit tests. Fix an enotice
colemanw [Fri, 20 Jul 2018 16:10:48 +0000 (12:10 -0400)]
Merge pull request #12207 from JMAConsulting/access-3-contri
dev/accessiblity#3 Add aria-label to form elements of contribution page which don't have accessible labels
Mukesh Ram [Fri, 20 Jul 2018 09:25:01 +0000 (14:55 +0530)]
SHOR-9: Fix regression issues advanced search
Eileen McNaughton [Fri, 20 Jul 2018 04:41:53 +0000 (16:41 +1200)]
Merge pull request #12520 from civicrm/5.4
5.4
Eileen McNaughton [Fri, 20 Jul 2018 04:41:20 +0000 (16:41 +1200)]
Merge pull request #12517 from eileenmcnaughton/case_export_fail
Fix regression on case export from recent export fix
Seamus Lee [Fri, 20 Jul 2018 02:58:14 +0000 (12:58 +1000)]
Merge pull request #12519 from totten/5.4-purify
(Forward port) Add Smarty modifier to purify HTML
Sean Madsen [Sun, 22 Apr 2018 13:29:03 +0000 (09:29 -0400)]
Add Smarty modifier to purify HTML
With this modifier, we can write Smarty code like:
<div>{$untrustedHTML|purify}</div>
By using the purify modifier, we've protected against XSS, even if the
output variable contains HTML.
eileen [Thu, 19 Jul 2018 22:47:44 +0000 (10:47 +1200)]
Fix regression on case export from recent export fix
https://github.com/civicrm/civicrm-core/commit/
3b4adc92793dccfa446cf66f0740edb543f110d7 changed the way componentmode is defined
It now seems inconsistent
eileen [Thu, 19 Jul 2018 08:32:05 +0000 (20:32 +1200)]
Remove e-notice causing clause.
I'm pretty convinced that this would never be true - although it WOULD be true [] would have the case fields. We are calling queryFields both with case enabled & disabled which is the only thing changing it's output
eileen [Thu, 19 Jul 2018 07:26:28 +0000 (19:26 +1200)]
Test sql Column definitions for all default fields
Eileen McNaughton [Thu, 19 Jul 2018 21:14:52 +0000 (09:14 +1200)]
Merge pull request #12515 from civicrm/5.4
5.4 to master
Eileen McNaughton [Thu, 19 Jul 2018 21:14:26 +0000 (09:14 +1200)]
Merge pull request #12514 from seamuslee001/5-3-1-update-notes
Update 5.3.1 Release Notes to include final SA
Seamus Lee [Thu, 19 Jul 2018 21:02:03 +0000 (07:02 +1000)]
Update 5.3.1 Release Notes to include final SA
Monish Deb [Thu, 19 Jul 2018 11:58:33 +0000 (17:28 +0530)]
Merge pull request #12503 from eileenmcnaughton/strtolower_1
Remove LOWER from street_address search, rely on mysql to handle.
Eileen McNaughton [Thu, 19 Jul 2018 11:25:00 +0000 (23:25 +1200)]
Merge pull request #12483 from colemanw/DAODefault
Respect '0' as a default when generating DAOs
Eileen McNaughton [Wed, 18 Jul 2018 22:56:17 +0000 (10:56 +1200)]
Merge pull request #12511 from eileenmcnaughton/master
Merge 5.4 to master
eileen [Wed, 18 Jul 2018 22:53:14 +0000 (10:53 +1200)]
Merge branch '5.4' of https://github.com/civicrm/civicrm-core
Eileen McNaughton [Wed, 18 Jul 2018 22:34:36 +0000 (10:34 +1200)]
Merge pull request #12504 from eileenmcnaughton/yashi
Fix misformatted start_date default on new contribution page
Seamus Lee [Mon, 16 Jul 2018 05:27:14 +0000 (15:27 +1000)]
Add in 5.3.1 Release notes
eileen [Tue, 12 Jun 2018 22:22:44 +0000 (10:22 +1200)]
Add escape to various lines in merge.tpl
Coleman Watts [Wed, 25 Apr 2018 14:53:36 +0000 (10:53 -0400)]
Escape js strings in smarty templates
Sean Madsen [Sun, 22 Apr 2018 13:53:29 +0000 (09:53 -0400)]
security/core#3 Improve output escaping for errors
- In the template, use either `escape` or `purify` for all outputs.
- Remove `htmlspecialchars()` call in PHP since it's now happening in
Smarty via `escape`.
Sean Madsen [Sun, 22 Apr 2018 00:25:55 +0000 (20:25 -0400)]
security/core#2 Harden some of the "mode" inputs
Sean Madsen [Sun, 22 Apr 2018 15:07:56 +0000 (11:07 -0400)]
security/core#1 Escape outputs in report stats
Seamus Lee [Thu, 26 Apr 2018 21:55:56 +0000 (07:55 +1000)]
Resolve #19 Fix regression following upgrade to latest CKEditor by getting uploaded file response back in json
Seamus Lee [Tue, 24 Apr 2018 22:48:36 +0000 (08:48 +1000)]
Update to latest CKEdtior
Sean Madsen [Sun, 22 Apr 2018 02:11:56 +0000 (22:11 -0400)]
Add HTML purification to status messages
This is a security protection measure that protects us just a little bit
more against XSS.
Sean Madsen [Sun, 22 Apr 2018 23:06:46 +0000 (19:06 -0400)]
security/core#14 Add output encoding within js
Sean Madsen [Sun, 22 Apr 2018 21:50:47 +0000 (17:50 -0400)]
security/core#14 Validate "context" inputs
When "context" is passed as a GET parameter, ensure that its values is
a valid "Alphanumeric" type. This helps prevent XSS when the "context"
value finds its way into templates that lack HTML output encoding.
Replace...
CRM_Utils_Request::retrieve\((['"])context\1,(\s*)(['"])String\3
...with...
CRM_Utils_Request::retrieve\($1context$1,$3Alphanumeric$3
Also search for the following and manually fix:
\$_GET\[(['"])context\1\]
\$_POST\[(['"])context\1\]
\$_REQUEST\[(['"])context\1\]
Eileen McNaughton [Wed, 18 Jul 2018 21:54:15 +0000 (09:54 +1200)]
Merge pull request #12492 from eileenmcnaughton/msg_fix
dev/core/#/258 Fix message update routine.
colemanw [Wed, 18 Jul 2018 16:17:25 +0000 (12:17 -0400)]
Merge pull request #11197 from agileware/CRM-21104
CRM-21104: Forcing reCaptcha on Contribution pages(with online payments) which have no Profile associated with them.
Eileen McNaughton [Wed, 18 Jul 2018 13:53:36 +0000 (01:53 +1200)]
Merge pull request #12499 from wannesderoy/patch-4
Allow Drupal 8 vendor folder outside webroot
Eileen McNaughton [Wed, 18 Jul 2018 12:58:32 +0000 (00:58 +1200)]
Merge pull request #12508 from civicrm/5.4
5.4 to master
Eileen McNaughton [Wed, 18 Jul 2018 12:57:58 +0000 (00:57 +1200)]
Merge pull request #12502 from eileenmcnaughton/no_pay
Prevent financial transactions from being saved with no payment instr…
Eileen McNaughton [Wed, 18 Jul 2018 12:00:00 +0000 (00:00 +1200)]
Merge pull request #12469 from eileenmcnaughton/export_extract
Export cleanup Extract bulk of the transformation for each field to its own function
Eileen McNaughton [Wed, 18 Jul 2018 10:36:38 +0000 (22:36 +1200)]
Merge pull request #12489 from eileenmcnaughton/mergees
dev/core/#/233 Expose information about where a contact has been merged to
Eileen McNaughton [Wed, 18 Jul 2018 08:24:08 +0000 (20:24 +1200)]
Merge pull request #12507 from eileenmcnaughton/report_test_fix
Fix enotice in test
eileen [Wed, 18 Jul 2018 08:22:27 +0000 (20:22 +1200)]
Fix enotice in test
Not sure how the last fix got merged - did I misread the test result - this was a clear error
eileen [Wed, 18 Jul 2018 01:19:56 +0000 (13:19 +1200)]
Fix misformatted start_date default on new contribution page
Unreleased regression from https://github.com/civicrm/civicrm-core/pull/11881
see https://lab.civicrm.org/dev/core/issues/263
Eileen McNaughton [Wed, 18 Jul 2018 04:06:17 +0000 (16:06 +1200)]
Merge pull request #12500 from pradpnayak/28
dev/financial/issues/28, Financial Account cannot be change to non de…
eileen [Wed, 18 Jul 2018 00:18:38 +0000 (12:18 +1200)]
Remove LOWER from street_address search, rely on mysql to handle.
Per https://github.com/civicrm/civicrm-core/pull/12494 the use of LOWER
- hurts performance
- fails to return results on some char sets
- messes with REGEX
This is part of a continued (we removed from contribution search fields last year)
staggered approach to removing this old mechanism
Eileen McNaughton [Tue, 17 Jul 2018 23:49:17 +0000 (11:49 +1200)]
Merge pull request #12487 from agh1/rel-permission-icon-titles-aydun
dev/core#34 Add permission details in `title` attribute of icons
Coleman Watts [Tue, 17 Jul 2018 21:58:30 +0000 (17:58 -0400)]
Fix failing test
eileen [Tue, 17 Jul 2018 21:33:42 +0000 (09:33 +1200)]
Prevent financial transactions from being saved with no payment instrument
Eileen McNaughton [Tue, 17 Jul 2018 21:07:15 +0000 (09:07 +1200)]
Merge pull request #12490 from eileenmcnaughton/report
Test fix, use separate emails so distinct doesn't meld them
Pradeep Nayak [Tue, 17 Jul 2018 20:35:46 +0000 (02:05 +0530)]
dev/financial/issues/28, Financial Account cannot be change to non deductible
Wannes De Roy [Tue, 17 Jul 2018 19:59:12 +0000 (21:59 +0200)]
Allow Drupal 8 vendor folder outside webroot
eileen [Tue, 17 Jul 2018 07:09:11 +0000 (19:09 +1200)]
Test fix, use separate emails so distinct doesn't meld them
A change was merged today that would have required this change to the test to pass. However,
tests were not re-run & it was missed.
a DISTINCT is used so 2 separate emails make sense to test this
Eileen McNaughton [Tue, 17 Jul 2018 10:53:31 +0000 (22:53 +1200)]
Merge pull request #12485 from eileenmcnaughton/queryFields
Export cleanup - pass processor object rather than the query object
eileen [Tue, 17 Jul 2018 07:59:27 +0000 (19:59 +1200)]
Fix message update routine.
Turns out this was seeming to pass but not because the test wasn't running.
Monish Deb [Tue, 17 Jul 2018 07:39:00 +0000 (13:09 +0530)]
Merge pull request #12468 from eileenmcnaughton/export_return
Minor refactor preparatory to function extraction
eileen [Tue, 17 Jul 2018 05:18:42 +0000 (17:18 +1200)]
dev/core/#/233 Use merged data api to display navigation help on contact deleted by merge
eileen [Tue, 17 Jul 2018 04:38:31 +0000 (16:38 +1200)]
dev/core/#/233 Add apis to retrieve information about the ultimate destination contact and source contacts for merged contacts.
This 'data structure' is 'owned' by core & somewhat subject to future change so establishing a tested methodology for retrieving contact history in
core can support extensions such as
- extended reports - which exposes an address_history tab
- privacy extensions - which need to recover and potentially delete contacts that were merged
into the current contact
Eileen McNaughton [Tue, 17 Jul 2018 07:00:28 +0000 (19:00 +1200)]
Merge pull request #12482 from mattwire/nfc_cc_premium_financial
NFC cleanup to financial classes
Eileen McNaughton [Tue, 17 Jul 2018 06:24:52 +0000 (18:24 +1200)]
Merge pull request #12230 from JMAConsulting/dev_core_150
dev/core#150 : Chain select for country/state in Search Builder does not stay within OR groupings
Eileen McNaughton [Tue, 17 Jul 2018 04:50:25 +0000 (16:50 +1200)]
Merge pull request #12486 from eileenmcnaughton/savedSearch
dev/core#230 : set mapping id null on delete action
eileen [Mon, 16 Jul 2018 03:35:19 +0000 (15:35 +1200)]
Set, don't pass queryOperator
eileen [Mon, 16 Jul 2018 03:29:42 +0000 (15:29 +1200)]
Start passing around processor instead of query object
eileen [Sat, 14 Jul 2018 01:04:23 +0000 (13:04 +1200)]
Extract bulk of the transformation for each field to its own function
eileen [Sat, 14 Jul 2018 00:29:34 +0000 (12:29 +1200)]
Minor refactor preparatory to function extraction
Coleman Watts [Tue, 17 Jul 2018 01:22:21 +0000 (21:22 -0400)]
Respect '0' as a default when generating DAOs
Eileen McNaughton [Tue, 17 Jul 2018 00:20:47 +0000 (12:20 +1200)]
Merge pull request #12415 from aydun/core-34-v2
core-34 Add view-only option on permissioned relationships
Andrew Hunt [Tue, 17 Jul 2018 00:12:19 +0000 (20:12 -0400)]
dev/core#34 relationships: add display names and permission explanation as title for permission icons
Andrew Hunt [Tue, 17 Jul 2018 00:14:40 +0000 (20:14 -0400)]
NFC: make phpcs happy with spacing and no caps for `and` and `or`
Sunil Pawar [Mon, 16 Jul 2018 23:07:09 +0000 (11:07 +1200)]
dev/core#230 : set mapping id null on delete action
Eileen McNaughton [Mon, 16 Jul 2018 22:56:39 +0000 (10:56 +1200)]
Merge pull request #12452 from colemanw/arrayPath
Cleanup redundant array functions
Eileen McNaughton [Mon, 16 Jul 2018 22:38:26 +0000 (10:38 +1200)]
Merge pull request #12460 from freephile/patch-1
Fix false negatives in checkResourceUrl()
Eileen McNaughton [Mon, 16 Jul 2018 22:15:08 +0000 (10:15 +1200)]
Merge pull request #12484 from eileenmcnaughton/queryFields
Export code tidy up Use queryFields rather than query. Look to stop passing around query.
colemanw [Mon, 16 Jul 2018 22:12:21 +0000 (18:12 -0400)]
Merge pull request #11660 from JMAConsulting/CRM-21754
CRM-21754: Duplicate rows in Activity Details report when address fields are displayed
Greg Rundlett [Thu, 12 Jul 2018 13:47:27 +0000 (09:47 -0400)]
Fix false positives in checkResourceUrl()
Without this proposed fix, I'm receiving false errors about the CiviCRM Resource URL not being set correctly.
The stripos() function will return '0' if the needle string is the first thing found in the haystack. Thus, you must use equivalence rather than a true/false test where "position zero" evaluates to false.
Tested on Civi 5.3.0 on WordPress 4.9.7
I can access http://coastaltrails.org/wp-content/plugins/civicrm/civicrm/packages/jquery/css/images/arrow.png But WITHOUT the fix, I get an error
```
The Resource URL is not set correctly. Please set the CiviCRM Resource URL.
```
I have CiviCRM Resource URL set to `[civicrm.root]/`
My URL Variables are calculated as:
```
[cms.root] http://coastaltrails.org/
[civicrm.root] http://coastaltrails.org/wp-content/plugins/civicrm/civicrm/
[civicrm.files] http://coastaltrails.org/wp-content/uploads/civicrm/
These variables are computed automatically using civicrm.settings.php and its options, such as CIVICRM_TEMPLATE_COMPILEDIR.
```
eileen [Mon, 16 Jul 2018 03:18:22 +0000 (15:18 +1200)]
Use queryFields rather than query. Look to stop passing around query.
Eileen McNaughton [Mon, 16 Jul 2018 12:42:04 +0000 (00:42 +1200)]
Merge pull request #12479 from eileenmcnaughton/export_class
Export class code cleanup Start building export processor class.
Matthew Wire [Mon, 16 Jul 2018 09:27:30 +0000 (10:27 +0100)]
NFC cleanup to financial classes
eileen [Sun, 15 Jul 2018 23:53:22 +0000 (11:53 +1200)]
Start building export processor class.
A fundamental cause of code mess in the Export class is that it is a mishmash of static functions with variables passed around crazily. This starts the process of moving work to a object oriented class.
I think this migratory approach is the best plan to clean up the code
I did move some vars to being accessed via 'self' but there is leakage across tests so going
full OOO seems like a better approach
Eileen McNaughton [Mon, 16 Jul 2018 04:54:27 +0000 (16:54 +1200)]
Merge pull request #12453 from eileenmcnaughton/activity_report
Fix activity report to bring it under standardised report testing
eileen [Fri, 13 Jul 2018 04:46:32 +0000 (16:46 +1200)]
Alter temp report creation to
a) use new temp table mechanism and
b) add sql to dev tab and
c) make temp table cleanup easier in tests
eileen [Wed, 11 Jul 2018 03:58:27 +0000 (15:58 +1200)]
Fix activity report to bring it under standardised report testing
Eileen McNaughton [Mon, 16 Jul 2018 00:39:30 +0000 (12:39 +1200)]
Merge pull request #12423 from mattwire/optiongroup_isreserved
dev/core#155 Fix optiongroup is_reserved data and use when selecting option group for custom fields
Eileen McNaughton [Mon, 16 Jul 2018 00:17:21 +0000 (12:17 +1200)]
Merge pull request #12474 from mattwire/deprecate_bao_managepremiums
Rename CRM_Contribute_BAO_ManagePremiums to CRM_Contribute_BAO_Product and deprecate CRM_Contribute_BAO_ManagePremiums
Eileen McNaughton [Sun, 15 Jul 2018 23:02:58 +0000 (11:02 +1200)]
Merge pull request #12352 from MiyaNoctem/CRM-188-fix-floating-point-comparison
dev/core#188: Fix Floating Point Precision Comparison Exception
Eileen McNaughton [Sun, 15 Jul 2018 22:16:26 +0000 (10:16 +1200)]
Merge pull request #12315 from mattwire/CRM-21682_onlyrenewmembershipwhencompleted
Only auto-renew membership when contribution status is completed
Eileen McNaughton [Sun, 15 Jul 2018 22:03:07 +0000 (10:03 +1200)]
Merge pull request #12477 from seamuslee001/membership_type_test_comment
(NFC) Update comment on membership type domain_id API Test
Eileen McNaughton [Sun, 15 Jul 2018 22:02:31 +0000 (10:02 +1200)]
Merge pull request #12478 from seamuslee001/optiongroup_regen_dao
(NFC) Regenerate OptionGroup DAO file
colemanw [Sun, 15 Jul 2018 20:57:54 +0000 (16:57 -0400)]
Merge pull request #12476 from colemanw/navigation
BAO_Navigation: Respect domain_id param
Coleman Watts [Sun, 15 Jul 2018 15:08:53 +0000 (11:08 -0400)]
Add test, remove redundant api default
Matthew Wire [Sat, 14 Jul 2018 17:46:31 +0000 (18:46 +0100)]
Add unit test for Membership renewal when contribution not completed
Matthew Wire [Sun, 15 Jul 2018 11:03:26 +0000 (12:03 +0100)]
Don't overwrite Product parameters on update
Matthew Wire [Fri, 15 Jun 2018 08:07:52 +0000 (09:07 +0100)]
Only auto-renew membership when contribution status is completed
Seamus Lee [Sun, 15 Jul 2018 04:07:37 +0000 (14:07 +1000)]
Merge pull request #12312 from colemanw/multiRecordCustomProfile
Disable inline-edit of multi-record custom fields in profiles
Seamus Lee [Sun, 15 Jul 2018 03:57:00 +0000 (13:57 +1000)]
(NFC) Regenerate OptionGroup DAO file
Seamus Lee [Sun, 15 Jul 2018 03:50:49 +0000 (13:50 +1000)]
(NFC) Update comment on membership type domain_id API Test
Coleman Watts [Sun, 15 Jul 2018 02:58:22 +0000 (22:58 -0400)]
BAO_Navigation: Respect domain_id param
Seamus Lee [Sat, 14 Jul 2018 22:37:19 +0000 (08:37 +1000)]
Merge pull request #12461 from eileenmcnaughton/domain_id
Make domain_id optional in membership_type api.
Seamus Lee [Sat, 14 Jul 2018 21:22:30 +0000 (07:22 +1000)]
Merge pull request #12472 from eileenmcnaughton/add_product
Remove unused variables & comment cleanup
Matthew Wire [Sat, 14 Jul 2018 16:14:03 +0000 (17:14 +0100)]
Rename CRM_Contribute_BAO_ManagePremiums to CRM_Contribute_BAO_Product and deprecate CRM_Contribute_BAO_ManagePremiums
Matthew Wire [Wed, 11 Jul 2018 11:59:29 +0000 (12:59 +0100)]
Fix is_reserved flag on option groups
eileen [Sat, 14 Jul 2018 02:09:55 +0000 (14:09 +1200)]
Comment clean up
eileen [Sat, 14 Jul 2018 02:03:23 +0000 (14:03 +1200)]
Remove redundant variables
Eileen McNaughton [Sat, 14 Jul 2018 01:25:28 +0000 (13:25 +1200)]
Merge pull request #12464 from jaapjansma/issue_141
Fixed #141: only check if name exists.