From 1bfe4abfa7b921db6e3256c9d2e39ca0fee963e9 Mon Sep 17 00:00:00 2001 From: Chris Burgess Date: Wed, 24 Aug 2016 11:54:29 +1200 Subject: [PATCH] CRM-15928. Rename variable to be more descriptive, update inline docs. --- CRM/Admin/Form/Setting/Miscellaneous.php | 2 +- CRM/Profile/Page/Router.php | 4 ++-- CRM/UF/Page/Group.php | 4 ++-- CRM/Upgrade/Incremental/php/FourSeven.php | 4 ++-- settings/Core.setting.php | 11 ++++++----- templates/CRM/Admin/Form/Setting/Miscellaneous.tpl | 8 ++++---- 6 files changed, 17 insertions(+), 16 deletions(-) diff --git a/CRM/Admin/Form/Setting/Miscellaneous.php b/CRM/Admin/Form/Setting/Miscellaneous.php index 8ad66345c2..7252e404c8 100644 --- a/CRM/Admin/Form/Setting/Miscellaneous.php +++ b/CRM/Admin/Form/Setting/Miscellaneous.php @@ -52,7 +52,7 @@ class CRM_Admin_Form_Setting_Miscellaneous extends CRM_Admin_Form_Setting { 'recentItemsMaxCount' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'recentItemsProviders' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'dedupe_default_limit' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, - 'allow_profile_html_snippet' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, + 'remote_profile_submissions_allowed' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, ); public $_uploadMaxSize; diff --git a/CRM/Profile/Page/Router.php b/CRM/Profile/Page/Router.php index 4d3288842a..8d3ff09abb 100644 --- a/CRM/Profile/Page/Router.php +++ b/CRM/Profile/Page/Router.php @@ -98,11 +98,11 @@ class CRM_Profile_Page_Router extends CRM_Core_Page { if ($secondArg == 'edit' || $secondArg == 'create') { if ($secondArg == 'edit') { - $allowHtmlSnippet = Civi::settings()->get('allow_profile_html_snippet'); + $allowRemoteSubmit = Civi::settings()->get('remote_profile_submissions_allowed'); $controller = new CRM_Core_Controller_Simple('CRM_Profile_Form_Edit', ts('Create Profile'), CRM_Core_Action::UPDATE, - FALSE, FALSE, $allowHtmlSnippet + FALSE, FALSE, $allowRemoteSubmit ); $controller->set('edit', 1); $controller->process(); diff --git a/CRM/UF/Page/Group.php b/CRM/UF/Page/Group.php index facff57a4f..0949bc2f7f 100644 --- a/CRM/UF/Page/Group.php +++ b/CRM/UF/Page/Group.php @@ -126,8 +126,8 @@ class CRM_UF_Page_Group extends CRM_Core_Page { 'extra' => 'onclick = "return confirm(\'' . $copyExtra . '\');"', ), ); - $allowHtmlSnippet = Civi::settings()->get('allow_profile_html_snippet'); - if ($allowHtmlSnippet) { + $allowRemoteSubmit = Civi::settings()->get('remote_profile_submissions_allowed'); + if ($allowRemoteSubmit) { self::$_actionLinks[CRM_Core_Action::PROFILE] = array( 'name' => ts('HTML Form Snippet'), 'url' => 'civicrm/admin/uf/group', diff --git a/CRM/Upgrade/Incremental/php/FourSeven.php b/CRM/Upgrade/Incremental/php/FourSeven.php index d1d2bce59e..f609a26eda 100644 --- a/CRM/Upgrade/Incremental/php/FourSeven.php +++ b/CRM/Upgrade/Incremental/php/FourSeven.php @@ -99,8 +99,8 @@ class CRM_Upgrade_Incremental_php_FourSeven extends CRM_Upgrade_Incremental_Base $postUpgradeMessage .= '

' . ts('The custom fatal error template setting has been removed.') . '

'; } - if ($rev == '4.7.9') { - $postUpgradeMessage .= '

' . ts("WARNING: To improve security, HTML snippets for profiles are no longer allowed to create or edit data by default. If you need to allow users to submit profiles using HTML snippets, you can enable by going to Administer > System Settings > Misc (Undelete, PDFs, Limits, Logging, Captcha, etc.) and clicking to enable 'Override security by accepting unauthenticated posts from other sites?"); + if ($rev == '4.7.21') { + $postUpgradeMessage .= '

' . ts("WARNING: For increased security, profile submissions embedded in remote sites are no longer allowed to create or edit data by default. If you need to allow users to submit profiles from external sites, you can restore this at Administer > System Settings > Misc (Undelete, PDFs, Limits, Logging, Captcha, etc.) > 'Accept profile submissions from external sites'"); } } diff --git a/settings/Core.setting.php b/settings/Core.setting.php index de65a3e91f..ac7ead14af 100644 --- a/settings/Core.setting.php +++ b/settings/Core.setting.php @@ -32,7 +32,8 @@ * $Id$ * */ -/* + +/** * Settings metadata file */ return array( @@ -176,19 +177,19 @@ return array( 'description' => NULL, 'help_text' => NULL, ), - 'allow_profile_html_snippet' => array( + 'remote_profile_submissions_allowed' => array( 'group_name' => 'CiviCRM Preferences', 'group' => 'core', - 'name' => 'allow_profile_html_snippet', + 'name' => 'remote_profile_submissions_allowed', 'type' => 'Boolean', 'quick_form_type' => 'YesNo', 'default' => FALSE, 'html_type' => 'radio', 'add' => '4.7', - 'title' => 'Allow Profile Html Snippet', + 'title' => 'Accept profile submissions from external sites', 'is_domain' => 1, 'is_contact' => 0, - 'description' => 'This settings allows to enable HTML snippet for profile.', + 'description' => 'If enabled, CiviCRM will permit submissions from external sites to profiles. This is disabled by default to limit abuse.', 'help_text' => NULL, ), 'editor_id' => array( diff --git a/templates/CRM/Admin/Form/Setting/Miscellaneous.tpl b/templates/CRM/Admin/Form/Setting/Miscellaneous.tpl index 234f6a9536..9c886b12c3 100644 --- a/templates/CRM/Admin/Form/Setting/Miscellaneous.tpl +++ b/templates/CRM/Admin/Form/Setting/Miscellaneous.tpl @@ -84,10 +84,10 @@ {$form.recentItemsProviders.html}
{$recentItemsProviders_description} - - {$form.allow_profile_html_snippet.label} - {$form.allow_profile_html_snippet.html}
-

{ts}If enabled, CiviCRM will allow users to submit profiles using HTML snippets.{/ts}

+ + {$form.remote_profile_submissions_allowed.label} + {$form.remote_profile_submissions_allowed.html}
+

{ts}If enabled, CiviCRM will allow users to submit profiles from external sites. This is disabled by default to limit abuse.{/ts}

-- 2.25.1