From 61f53f0d67d4a86180bcf9d4b30790f3c79be6a2 Mon Sep 17 00:00:00 2001 From: Pradeep Nayak Date: Fri, 10 Jun 2016 17:46:47 +0530 Subject: [PATCH] CRM-15928, Added code to create qfkey for profile on the basis of global settings --- CRM/Admin/Form/Setting/Miscellaneous.php | 1 + CRM/Profile/Page/Router.php | 5 +++-- CRM/UF/Page/Group.php | 15 +++++++++------ CRM/Upgrade/Incremental/php/FourSeven.php | 3 +++ settings/Core.setting.php | 15 +++++++++++++++ .../CRM/Admin/Form/Setting/Miscellaneous.tpl | 17 +++++++++++++++++ 6 files changed, 48 insertions(+), 8 deletions(-) diff --git a/CRM/Admin/Form/Setting/Miscellaneous.php b/CRM/Admin/Form/Setting/Miscellaneous.php index 762d8b3468..8ad66345c2 100644 --- a/CRM/Admin/Form/Setting/Miscellaneous.php +++ b/CRM/Admin/Form/Setting/Miscellaneous.php @@ -52,6 +52,7 @@ class CRM_Admin_Form_Setting_Miscellaneous extends CRM_Admin_Form_Setting { 'recentItemsMaxCount' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'recentItemsProviders' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'dedupe_default_limit' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, + 'allow_profile_html_snippet' => CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, ); public $_uploadMaxSize; diff --git a/CRM/Profile/Page/Router.php b/CRM/Profile/Page/Router.php index a9b6ab2b37..4d3288842a 100644 --- a/CRM/Profile/Page/Router.php +++ b/CRM/Profile/Page/Router.php @@ -98,10 +98,11 @@ class CRM_Profile_Page_Router extends CRM_Core_Page { if ($secondArg == 'edit' || $secondArg == 'create') { if ($secondArg == 'edit') { + $allowHtmlSnippet = Civi::settings()->get('allow_profile_html_snippet'); $controller = new CRM_Core_Controller_Simple('CRM_Profile_Form_Edit', ts('Create Profile'), CRM_Core_Action::UPDATE, - FALSE, FALSE, TRUE + FALSE, FALSE, $allowHtmlSnippet ); $controller->set('edit', 1); $controller->process(); @@ -113,7 +114,7 @@ class CRM_Profile_Page_Router extends CRM_Core_Page { ts('Create Profile'), array( 'mode' => CRM_Core_Action::ADD, - 'ignoreKey' => TRUE, + 'ignoreKey' => $allowHtmlSnippet, ) ); } diff --git a/CRM/UF/Page/Group.php b/CRM/UF/Page/Group.php index 82b7dd8b48..facff57a4f 100644 --- a/CRM/UF/Page/Group.php +++ b/CRM/UF/Page/Group.php @@ -118,12 +118,6 @@ class CRM_UF_Page_Group extends CRM_Core_Page { 'qs' => 'action=delete&id=%%id%%', 'title' => ts('Delete CiviCRM Profile Group'), ), - CRM_Core_Action::PROFILE => array( - 'name' => ts('HTML Form Snippet'), - 'url' => 'civicrm/admin/uf/group', - 'qs' => 'action=profile&gid=%%id%%', - 'title' => ts('HTML Form Snippet for this Profile'), - ), CRM_Core_Action::COPY => array( 'name' => ts('Copy'), 'url' => 'civicrm/admin/uf/group', @@ -132,6 +126,15 @@ class CRM_UF_Page_Group extends CRM_Core_Page { 'extra' => 'onclick = "return confirm(\'' . $copyExtra . '\');"', ), ); + $allowHtmlSnippet = Civi::settings()->get('allow_profile_html_snippet'); + if ($allowHtmlSnippet) { + self::$_actionLinks[CRM_Core_Action::PROFILE] = array( + 'name' => ts('HTML Form Snippet'), + 'url' => 'civicrm/admin/uf/group', + 'qs' => 'action=profile&gid=%%id%%', + 'title' => ts('HTML Form Snippet for this Profile'), + ); + } } return self::$_actionLinks; } diff --git a/CRM/Upgrade/Incremental/php/FourSeven.php b/CRM/Upgrade/Incremental/php/FourSeven.php index 9988e9c6d6..d1d2bce59e 100644 --- a/CRM/Upgrade/Incremental/php/FourSeven.php +++ b/CRM/Upgrade/Incremental/php/FourSeven.php @@ -99,6 +99,9 @@ class CRM_Upgrade_Incremental_php_FourSeven extends CRM_Upgrade_Incremental_Base $postUpgradeMessage .= '

' . ts('The custom fatal error template setting has been removed.') . '

'; } + if ($rev == '4.7.9') { + $postUpgradeMessage .= '

' . ts("WARNING: To improve security, HTML snippets for profiles are no longer allowed to create or edit data by default. If you need to allow users to submit profiles using HTML snippets, you can enable by going to Administer > System Settings > Misc (Undelete, PDFs, Limits, Logging, Captcha, etc.) and clicking to enable 'Override security by accepting unauthenticated posts from other sites?"); + } } /** diff --git a/settings/Core.setting.php b/settings/Core.setting.php index babe57747d..de65a3e91f 100644 --- a/settings/Core.setting.php +++ b/settings/Core.setting.php @@ -176,6 +176,21 @@ return array( 'description' => NULL, 'help_text' => NULL, ), + 'allow_profile_html_snippet' => array( + 'group_name' => 'CiviCRM Preferences', + 'group' => 'core', + 'name' => 'allow_profile_html_snippet', + 'type' => 'Boolean', + 'quick_form_type' => 'YesNo', + 'default' => FALSE, + 'html_type' => 'radio', + 'add' => '4.7', + 'title' => 'Allow Profile Html Snippet', + 'is_domain' => 1, + 'is_contact' => 0, + 'description' => 'This settings allows to enable HTML snippet for profile.', + 'help_text' => NULL, + ), 'editor_id' => array( 'group_name' => 'CiviCRM Preferences', 'group' => 'core', diff --git a/templates/CRM/Admin/Form/Setting/Miscellaneous.tpl b/templates/CRM/Admin/Form/Setting/Miscellaneous.tpl index 32125f8966..234f6a9536 100644 --- a/templates/CRM/Admin/Form/Setting/Miscellaneous.tpl +++ b/templates/CRM/Admin/Form/Setting/Miscellaneous.tpl @@ -73,6 +73,23 @@ {/foreach} + + + {$form.recentItemsMaxCount.label} + {$form.recentItemsMaxCount.html}
+ {$recentItemsMaxCount_description} + + + {$form.recentItemsProviders.label} + {$form.recentItemsProviders.html}
+ {$recentItemsProviders_description} + + + {$form.allow_profile_html_snippet.label} + {$form.allow_profile_html_snippet.html}
+

{ts}If enabled, CiviCRM will allow users to submit profiles using HTML snippets.{/ts}

+ +

{ts}reCAPTCHA Keys{/ts}

-- 2.25.1