Andrew Engelbrecht [Thu, 18 Oct 2018 16:49:55 +0000 (12:49 -0400)]
corrected class name in old FSF code
https://rt.gnu.org/Ticket/Display.html?id=
1330057
Ruben Rodriguez [Thu, 23 Aug 2018 22:17:57 +0000 (18:17 -0400)]
Use proxy to look for civicrm updates, fixes RT#
1314844
Andrew Engelbrecht [Thu, 19 Jul 2018 23:05:29 +0000 (19:05 -0400)]
Merge tag '5.3.1' of civicrm-core into 5.3.1-fsf
Tim Otten [Wed, 18 Jul 2018 20:52:38 +0000 (13:52 -0700)]
Set version to 5.3.1
Seamus Lee [Tue, 10 Jul 2018 20:57:12 +0000 (06:57 +1000)]
Add in Release notes for 5.3.1 and duplicate 5.3.0 upgrade mysql to ensure all sites get the upgrade steps just in case
Update Release notes based on changed SAs
eileen [Tue, 12 Jun 2018 22:22:44 +0000 (10:22 +1200)]
Add escape to various lines in merge.tpl
Coleman Watts [Wed, 25 Apr 2018 14:53:36 +0000 (10:53 -0400)]
Escape js strings in smarty templates
Seamus Lee [Mon, 23 Apr 2018 04:52:46 +0000 (14:52 +1000)]
Resolve Securty/Core#13 Fix Security/Core SQLi in getTree function of CustomGroup Class
Sean Madsen [Sun, 22 Apr 2018 13:53:29 +0000 (09:53 -0400)]
security/core#3 Improve output escaping for errors
- In the template, use either `escape` or `purify` for all outputs.
- Remove `htmlspecialchars()` call in PHP since it's now happening in
Smarty via `escape`.
Sean Madsen [Sun, 22 Apr 2018 00:25:55 +0000 (20:25 -0400)]
security/core#2 Harden some of the "mode" inputs
Sean Madsen [Sun, 22 Apr 2018 15:07:56 +0000 (11:07 -0400)]
security/core#1 Escape outputs in report stats
Seamus Lee [Thu, 26 Apr 2018 21:55:56 +0000 (07:55 +1000)]
Resolve #19 Fix regression following upgrade to latest CKEditor by getting uploaded file response back in json
Seamus Lee [Tue, 24 Apr 2018 22:48:36 +0000 (08:48 +1000)]
Update to latest CKEdtior
Sean Madsen [Sun, 22 Apr 2018 13:29:03 +0000 (09:29 -0400)]
Add Smarty modifier to purify HTML
With this modifier, we can write Smarty code like:
<div>{$untrustedHTML|purify}</div>
By using the purify modifier, we've protected against XSS, even if the
output variable contains HTML.
Sean Madsen [Sun, 22 Apr 2018 02:11:56 +0000 (22:11 -0400)]
Add HTML purification to status messages
This is a security protection measure that protects us just a little bit
more against XSS.
Sean Madsen [Sun, 22 Apr 2018 23:06:46 +0000 (19:06 -0400)]
security/core#14 Add output encoding within js
Sean Madsen [Sun, 22 Apr 2018 21:50:47 +0000 (17:50 -0400)]
security/core#14 Validate "context" inputs
When "context" is passed as a GET parameter, ensure that its values is
a valid "Alphanumeric" type. This helps prevent XSS when the "context"
value finds its way into templates that lack HTML output encoding.
Replace...
CRM_Utils_Request::retrieve\((['"])context\1,(\s*)(['"])String\3
...with...
CRM_Utils_Request::retrieve\($1context$1,$3Alphanumeric$3
Also search for the following and manually fix:
\$_GET\[(['"])context\1\]
\$_POST\[(['"])context\1\]
\$_REQUEST\[(['"])context\1\]
Monish Deb [Wed, 18 Jul 2018 12:47:30 +0000 (18:17 +0530)]
Merge pull request #12506 from eileenmcnaughton/fix_53
Prevent financial transactions from being saved with no payment instrument
eileen [Tue, 17 Jul 2018 21:33:42 +0000 (09:33 +1200)]
Prevent financial transactions from being saved with no payment instrument
Tim Otten [Thu, 5 Jul 2018 05:59:04 +0000 (22:59 -0700)]
Merge pull request #12420 from seamuslee001/5.3-upgrade-move
dev/core#234 Move all steps from 5.3.alpha1.mysql.tpl to 5.3.0.mysql.tpl due to upgrade issues
Seamus Lee [Thu, 5 Jul 2018 05:15:26 +0000 (15:15 +1000)]
dev/core#234 Move all steps to 5.3.0 from 5.3.alpha1
Eileen McNaughton [Thu, 5 Jul 2018 05:07:57 +0000 (17:07 +1200)]
Merge pull request #12419 from seamuslee001/5.3
Ensure that the .mysql.tpl file is run for 5.3.alpha1
Seamus Lee [Thu, 5 Jul 2018 03:12:45 +0000 (13:12 +1000)]
Ensure that the .mysql.tpl file is run for 5.3.alpha1
CiviCRM [Wed, 4 Jul 2018 07:23:44 +0000 (07:23 +0000)]
Set version to 5.3.0
Eileen McNaughton [Wed, 4 Jul 2018 06:10:52 +0000 (18:10 +1200)]
Merge pull request #12409 from eileenmcnaughton/paydata
dev/core/issues/211 Fix mis-allocation of financial transactions when editing payment method on a completed payment
Eileen McNaughton [Wed, 4 Jul 2018 06:10:35 +0000 (18:10 +1200)]
Add late changes
eileen [Tue, 3 Jul 2018 23:52:22 +0000 (11:52 +1200)]
Fix mis-allocation of financial transactions
Per
https://lab.civicrm.org/dev/core/issues/211 there seems to be an issue with assigning entity_financial_trxn
entries the wrong financial_trxn_id - I cannot find any recent change that would have caused this
(unless it's simply the greater use of the payment edit block) - it has been reported as working in
5.0.2.
Seamus Lee [Tue, 3 Jul 2018 23:15:04 +0000 (09:15 +1000)]
Merge pull request #12399 from eileenmcnaughton/jamie
dev/core/#/229 Fix fatal error on send test mail
Eileen McNaughton [Tue, 3 Jul 2018 22:24:06 +0000 (10:24 +1200)]
Merge pull request #12398 from agh1/5.3.0-releasenotes
5.3.0 release notes
eileen [Tue, 3 Jul 2018 02:21:30 +0000 (14:21 +1200)]
Fix fatal error on send test mail
Seamus Lee [Tue, 3 Jul 2018 07:53:27 +0000 (17:53 +1000)]
Merge pull request #12400 from seamuslee001/dev_core_227
dev/core#227 Fix issue where on some extened groups the multiple reco…
CiviCRM [Wed, 20 Jun 2018 06:00:44 +0000 (06:00 +0000)]
Add release notes for 5.2.2
Tim Otten [Fri, 8 Jun 2018 23:39:40 +0000 (23:39 +0000)]
Add release notes for 5.2.1
Andrew Hunt [Tue, 3 Jul 2018 02:15:20 +0000 (22:15 -0400)]
5.3.0 release notes: combined, organized, added contributors, boilerplate
Also removed redundant issues from 5.2.1 and 5.2.2
Andrew Hunt [Tue, 3 Jul 2018 01:50:06 +0000 (21:50 -0400)]
5.3.0 release notes: my half of the issues
Alice Frumin [Mon, 2 Jul 2018 20:37:32 +0000 (16:37 -0400)]
5.3.0 release notes: Alice part of release notes
Seamus Lee [Tue, 3 Jul 2018 02:24:09 +0000 (12:24 +1000)]
dev/core#227 Fix issue where on some extened groups the multiple records checkbox doesn't show this causes empty string to be passed in which was causing problems when working out if we needed to make changes to the custom value table
Andrew Hunt [Mon, 2 Jul 2018 17:37:55 +0000 (13:37 -0400)]
5.3.0 release notes: raw from script
Monish Deb [Sun, 1 Jul 2018 18:56:54 +0000 (00:26 +0530)]
Merge pull request #12305 from eileenmcnaughton/dedupe_limit
Re-instate Dedupe limit functionality & fix select toggle functionality
Eileen McNaughton [Sun, 1 Jul 2018 07:17:47 +0000 (00:17 -0700)]
Merge pull request #12382 from eileenmcnaughton/jaap
Fix mis-reporting of false booleans in reports
eileen [Sun, 1 Jul 2018 07:10:12 +0000 (19:10 +1200)]
Fix mis-reporting of false booleans in reports
Eileen McNaughton [Mon, 18 Jun 2018 21:09:39 +0000 (09:09 +1200)]
Merge pull request #12333 from pradpnayak/185
dev/core/issues/189, fixed smarty error
Pradeep Nayak [Mon, 18 Jun 2018 19:07:50 +0000 (00:37 +0530)]
fixed smarty error
Eileen McNaughton [Sat, 16 Jun 2018 22:22:36 +0000 (10:22 +1200)]
Merge pull request #12326 from pradpnayak/185
dev/core/issues/185 “Print selected rows” option missing in Event Participant listing dropdown actions
Pradeep Nayak [Thu, 14 Jun 2018 21:55:27 +0000 (03:25 +0530)]
Wrong key assigned to task action
eileen [Tue, 12 Jun 2018 02:37:53 +0000 (14:37 +1200)]
Re-instate batch limit
eileen [Tue, 5 Jun 2018 05:27:50 +0000 (17:27 +1200)]
Pass cachekey around more & criteria less
It turned out the toggleDuplicates was not working when criteria was set as the validation rule didn't work.
Passing around cacheKey
is easier to validate and we know the cache willbe created at the point of toggle. Use cacheKey instead
in url
Seamus Lee [Mon, 11 Jun 2018 03:39:56 +0000 (13:39 +1000)]
Merge pull request #12277 from seamuslee001/dev_core_163
dev/core#163 Improve inclusion of disabled groups when getting all ma…
Seamus Lee [Thu, 7 Jun 2018 03:25:55 +0000 (13:25 +1000)]
dev/core#163 Improve way of getting all groups for use in getting all mailing accessable by a user by removing is_active filter alltogether
Seamus Lee [Sun, 10 Jun 2018 23:17:33 +0000 (09:17 +1000)]
Merge pull request #12293 from colemanw/arrayUtil
Improve CRM_Utils_Array::recursiveBuild to work with existing arrays.
Coleman Watts [Sun, 10 Jun 2018 19:41:42 +0000 (15:41 -0400)]
Improve CRM_Utils_Array::recursiveBuild to work with existing arrays.
colemanw [Fri, 8 Jun 2018 20:14:37 +0000 (16:14 -0400)]
Merge pull request #12287 from eileenmcnaughton/5.3
core/#170 minimal fix for fatal on soft_credit field
eileen [Fri, 8 Jun 2018 01:35:57 +0000 (13:35 +1200)]
core/#170 minimal fix for fatal on soft_credit field
Eileen McNaughton [Thu, 7 Jun 2018 08:35:01 +0000 (20:35 +1200)]
Merge pull request #12278 from eileenmcnaughton/5.3
Fix incorrect operator on previous Export fix
eileen [Thu, 7 Jun 2018 06:29:18 +0000 (18:29 +1200)]
Fix incorrect operator on previous Export fix
CiviCRM [Thu, 7 Jun 2018 03:40:49 +0000 (03:40 +0000)]
Set version to 5.3.beta1
Eileen McNaughton [Wed, 6 Jun 2018 20:15:11 +0000 (08:15 +1200)]
Merge pull request #12275 from JMAConsulting/dev_mail_11-1
dev/mail#11 add CRM_Mailing_BAO_MailingJob::del()
Monish Deb [Wed, 6 Jun 2018 19:10:27 +0000 (00:40 +0530)]
Merge pull request #12193 from eileenmcnaughton/dedupe
Fix non-display of conflicts after batch dedupe from dedupe screen
deb.monish [Wed, 6 Jun 2018 14:53:30 +0000 (20:23 +0530)]
dev/mail#11 add CRM_Mailing_BAO_MailingJob::del()
Eileen McNaughton [Wed, 6 Jun 2018 13:09:57 +0000 (01:09 +1200)]
Merge pull request #12274 from civicrm/5.2
5.2 to master
Eileen McNaughton [Wed, 6 Jun 2018 13:09:23 +0000 (01:09 +1200)]
Merge pull request #12273 from eileenmcnaughton/notices
dev/core#158 group contacts list and export limits results to 500 records
eileen [Wed, 6 Jun 2018 12:44:13 +0000 (00:44 +1200)]
Fix e-notices on export coming from https://github.com/civicrm/civicrm-core/pull/12110/files
Eileen McNaughton [Wed, 6 Jun 2018 08:38:23 +0000 (20:38 +1200)]
Merge pull request #12266 from jitendrapurohit/core-154
dev/core#154 - Can't edit related records when current employer has a…
Eileen McNaughton [Wed, 6 Jun 2018 06:53:58 +0000 (18:53 +1200)]
Merge pull request #10630 from tschuettler/CRM-CRM-20841
CRM-20841 - Dedupe - Show on_hold, is_bulkmail or signature merge…
Eileen McNaughton [Wed, 6 Jun 2018 06:13:07 +0000 (18:13 +1200)]
Merge pull request #12269 from civicrm/5.2
5.2.0 merge to master
Andrew Hunt [Wed, 6 Jun 2018 06:12:32 +0000 (02:12 -0400)]
5.2.0 release notes (#12100)
* 5.2.0 release notes: raw from script
* 5.2.0 release notes: added boilerplate
* 5.2.0 release notes: first pass of release notes
* 5.2.0 release notes: updated contributors
* 5.2.0 release notes: final edits
* 5.2.0 release notes: update with late RC changes
* Add release notes for 5.1.2
* release-notes - Update 5.1.2
* Fix typo in release-notes for 5.1.2
Jitendra Purohit [Tue, 5 Jun 2018 10:47:11 +0000 (16:17 +0530)]
dev/core#154 - Can't edit related records when current employer has a pending membership
check for pending status instead of pay later
Eileen McNaughton [Wed, 6 Jun 2018 01:37:50 +0000 (13:37 +1200)]
Merge pull request #12259 from seamuslee001/dev_core_163
dev/core#163 Fix issue where disabling a group would block access to …
Eileen McNaughton [Tue, 5 Jun 2018 19:51:45 +0000 (07:51 +1200)]
Merge pull request #12267 from colemanw/dev/core/#152
dev/core/#152 - AdvMulti-Select cleanup
Monish Deb [Tue, 5 Jun 2018 13:21:57 +0000 (18:51 +0530)]
Merge pull request #12265 from agileware/Accessibility-Issue-9
Accessibility #9: Regression - js error due to alertDismissal setting fixed.
Coleman Watts [Tue, 5 Jun 2018 13:17:31 +0000 (09:17 -0400)]
dev/core/#152 - AdvMulti-Select cleanup
Alok Patel [Tue, 5 Jun 2018 11:04:07 +0000 (16:34 +0530)]
Accessibility #9: Regression - js error due to alertDismissal setting fixed.
Eileen McNaughton [Tue, 5 Jun 2018 10:21:00 +0000 (22:21 +1200)]
Merge pull request #12264 from civicrm/5.2
5.2 merge to maste
Eileen McNaughton [Tue, 5 Jun 2018 10:20:33 +0000 (22:20 +1200)]
Merge pull request #12262 from JMAConsulting/dev_mail_13-rc
dev/mail#13 - All members should not be excluded from Smart unsubscribe group
Eileen McNaughton [Tue, 5 Jun 2018 10:20:14 +0000 (22:20 +1200)]
Merge pull request #12255 from hosseinamin/master
fix related to issue dev/core#127, in depth overlap of filter related contacts
Monish Deb [Tue, 5 Jun 2018 08:54:30 +0000 (14:24 +0530)]
Merge pull request #10341 from colemanw/CRM-20565
CRM-20565 - Improve ajax dedupe lookups on contact add form
Monish Deb [Tue, 5 Jun 2018 08:52:47 +0000 (14:22 +0530)]
Merge pull request #12257 from eileenmcnaughton/relationship_type
Fix unreleased regression - fatal when editing relationship type Employer
lslade [Mon, 4 Jun 2018 15:02:00 +0000 (11:02 -0400)]
Fix code style - use elseif
lslade [Fri, 1 Jun 2018 16:40:04 +0000 (12:40 -0400)]
Fix for dev/mail#13 - All members should not be excluded from Smart unsubscribe group.
deb.monish [Tue, 5 Jun 2018 07:42:44 +0000 (13:12 +0530)]
dev/mail#13 : Added unit test
eileen [Tue, 29 May 2018 02:40:29 +0000 (14:40 +1200)]
Tidy up comments
eileen [Tue, 29 May 2018 02:13:53 +0000 (14:13 +1200)]
Make getWhereString function sane by not appending a limit clause
eileen [Thu, 24 May 2018 04:44:07 +0000 (16:44 +1200)]
Fix display of conflicts on duplicate screen.
There are 2 bulk dedupe scenarios
1) dedupe selected
2) dedupe all
In the case of the former, but not the latter, the display to which contacts
are redirected should be filted by 'selected'
Currently the selected filter is being applied whenever conflicts is true, resulting in an
empty form in the latter case.
This fix disambiguates the 2 concepts & attempts to rationalise & clarify related parameters in the flow.
Seamus Lee [Tue, 5 Jun 2018 07:07:12 +0000 (17:07 +1000)]
Merge pull request #12258 from eileenmcnaughton/alpha
Add 'Alphanumeric' rule type
Eileen McNaughton [Tue, 5 Jun 2018 05:57:21 +0000 (17:57 +1200)]
Merge pull request #12238 from colemanw/dev/core/#152
dev/core/#152 - Remove AdvMulti-Select custom field type
Seamus Lee [Tue, 5 Jun 2018 05:54:14 +0000 (15:54 +1000)]
Merge pull request #12243 from eileenmcnaughton/custom_group
Fix enotice when updating a custom group with is_multiple = 1
Seamus Lee [Tue, 5 Jun 2018 05:35:32 +0000 (15:35 +1000)]
dev/core#163 Fix issue where disabling a group would block access to any mailing reports that group was used for
Sean Madsen [Tue, 24 Apr 2018 20:38:23 +0000 (16:38 -0400)]
Add 'Alphanumeric' rule type
This type is now available when reading GET parameters with
`CRM_Utils_Request::retrieve()` and it offers improved security over the
widely used 'String' type by being strict enough to reject just about
any conceivable attack payload, while still accepting relatively simple
strings.
Eileen McNaughton [Tue, 5 Jun 2018 04:11:24 +0000 (16:11 +1200)]
Merge pull request #12252 from seamuslee001/dev_core_160
dev/core#160 Set the import progress widget to poll the server every …
eileen [Tue, 5 Jun 2018 02:06:29 +0000 (14:06 +1200)]
Fix unrelease regression - fatal when editing relationship type Employer
colemanw [Tue, 5 Jun 2018 01:04:24 +0000 (21:04 -0400)]
Merge pull request #12256 from colemanw/CRM-20621
CRM-20621 - Initial cleanup toward performance improvements
Eileen McNaughton [Mon, 4 Jun 2018 21:45:26 +0000 (09:45 +1200)]
Merge pull request #12254 from jitendrapurohit/core-162
dev/core#162 - Use checksum to access user dashboard
Coleman Watts [Mon, 4 Jun 2018 16:31:11 +0000 (12:31 -0400)]
CRM-20621 - Initial cleanup toward performance improvements
colemanw [Mon, 4 Jun 2018 19:35:45 +0000 (15:35 -0400)]
Merge pull request #12241 from michaelmcandrew/dev/core#157
ensure that the indexed column is not an FK before deleting the index
Hossein Amin [Mon, 4 Jun 2018 15:34:53 +0000 (18:34 +0300)]
fix related to issue dev/core#127, in depth overlap of filter related contacts
Michael McAndrew [Thu, 31 May 2018 20:39:17 +0000 (21:39 +0100)]
ensure that the indexed column is not an FK before deleting the index
Monish Deb [Mon, 4 Jun 2018 10:08:29 +0000 (15:38 +0530)]
Merge pull request #12248 from colemanw/tagsets
Auto-open tagest fields
Seamus Lee [Mon, 4 Jun 2018 10:03:48 +0000 (20:03 +1000)]
Merge pull request #12249 from hosseinamin/master
fix of issue dev/core#127 (at gitlab), incorrect cache records for smart groups
Monish Deb [Mon, 4 Jun 2018 10:00:31 +0000 (15:30 +0530)]
Merge pull request #12114 from jitendrapurohit/membership-2
dev/membership#2 - Add membership start date and registration start/end date to schedule reminder
Jitendra Purohit [Mon, 4 Jun 2018 09:21:42 +0000 (14:51 +0530)]
dev/core#162 - Use checksum to access user dashboard
projects / civicrm-core.git / log