Skip to content

Commit

Permalink
Merged in PG-361-CiviCRM-Security-Update-4.6.24 (pull request civicrm#23
Browse files Browse the repository at this point in the history 
)

PG-361: civicrm-4.6.24 update
  • Loading branch information
@vincent1892
vincent1892 committed Jan 9, 2017
2 parents 9eaca33 + a1dd110 commit 317a95e
Show file tree
Hide file tree
Showing 2,988 changed files with 158,347 additions and 35,784 deletions.
14 changes: 2 additions & 12 deletions sites/all/modules/civicrm/CRM/Case/BAO/Case.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1313,19 +1313,9 @@ public static function getCaseActivity($caseID, &$params, $contactID, $context =
}
// if there are file attachments we will return how many and, if only one, add a link to it
if (!empty($dao->attachment_ids)) {
$attachmentIDs = explode(',', $dao->attachment_ids);
$attachmentIDs = array_unique(explode(',', $dao->attachment_ids));
$values[$dao->id]['no_attachments'] = count($attachmentIDs);
if ($values[$dao->id]['no_attachments'] == 1) {
// if there is only one it's easy to do a link - otherwise just flag it
$attachmentViewUrl = CRM_Utils_System::url(
"civicrm/file",
"reset=1&eid=" . $dao->id . "&id=" . $dao->attachment_ids,
FALSE,
NULL,
FALSE
);
$url .= " <a href='$attachmentViewUrl' ><span class='icon paper-icon'></span></a>";
}
$url .= implode(' ', CRM_Core_BAO_File::paperIconAttachment('civicrm_activity', $dao->id));
}

$values[$dao->id]['links'] = $url;
Expand Down
10 changes: 6 additions & 4 deletions sites/all/modules/civicrm/CRM/Case/XMLProcessor/Report.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -669,10 +669,10 @@ public function getActivityTypeCustomSQL($activityTypeID, $dateFormat = NULL) {
$query = "
SELECT label, value
FROM civicrm_option_value
WHERE option_group_id = {$dao->optionGroupID}
WHERE option_group_id = %1
";

$option = CRM_Core_DAO::executeQuery($query);
$option = CRM_Core_DAO::executeQuery($query, array(1 => array($dao->optionGroupID, 'Positive')));
while ($option->fetch()) {
$dataType = $dao->dataType;
if ($dataType == 'Int' || $dataType == 'Float') {
Expand All @@ -691,9 +691,11 @@ public function getActivityTypeCustomSQL($activityTypeID, $dateFormat = NULL) {

foreach ($sql as $tableName => $values) {
$columnNames = implode(',', $values);
$title = CRM_Core_DAO::escapeString($groupTitle[$tableName]);
$mysqlTableName = CRM_Utils_Type::escape($tableName, 'MysqlColumnNameOrAlias');
$sql[$tableName] = "
SELECT '{$groupTitle[$tableName]}' as groupTitle, $columnNames
FROM $tableName
SELECT '" . $title . "' as groupTitle, $columnNames
FROM $mysqlTableName
WHERE entity_id = %1
";
}
Expand Down
3 changes: 2 additions & 1 deletion sites/all/modules/civicrm/CRM/Contact/BAO/ContactType.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,8 +95,9 @@ public static function basicTypeInfo($all = FALSE) {
$sql .= " AND is_active = 1";
}

$params = array();
$dao = CRM_Core_DAO::executeQuery($sql,
CRM_Core_DAO::$_nullArray,
$params,
FALSE,
'CRM_Contact_DAO_ContactType'
);
Expand Down
2 changes: 1 addition & 1 deletion sites/all/modules/civicrm/CRM/Contact/BAO/Group.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -517,7 +517,7 @@ public static function &create(&$params) {
* and store it for future use
*/
public function buildClause() {
$params = array(array('group', 'IN', array($this->id), 0, 0));
$params = array(array('group', 'IN', array($this->id => 1), 0, 0));

if (!empty($params)) {
$tables = $whereTables = array();
Expand Down
5 changes: 2 additions & 3 deletions sites/all/modules/civicrm/CRM/Contact/BAO/GroupContactCache.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,7 @@ public static function add($groupID) {

$returnProperties = array('contact_id');
foreach ($groupID as $gid) {
$params = array(array('group', 'IN', array($gid), 0, 0));
$params = array(array('group', 'IN', array($gid => 1), 0, 0));
// the below call updates the cache table as a byproduct of the query
CRM_Contact_BAO_Query::apiQuery($params, $returnProperties, NULL, NULL, 0, 0, FALSE);
}
Expand Down Expand Up @@ -600,8 +600,7 @@ public static function smartGroupCacheTimeout() {

if (
isset($config->smartGroupCacheTimeout) &&
is_numeric($config->smartGroupCacheTimeout) &&
$config->smartGroupCacheTimeout > 0
is_numeric($config->smartGroupCacheTimeout)
) {
return $config->smartGroupCacheTimeout;
}
Expand Down
7 changes: 4 additions & 3 deletions sites/all/modules/civicrm/CRM/Contact/BAO/Query.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3500,6 +3500,7 @@ public function includeContactIDs() {
$contactIds[] = substr($values[0], CRM_Core_Form::CB_PREFIX_LEN);
}
}
CRM_Utils_Type::validateAll($contactIds, 'Positive');
if (!empty($contactIds)) {
$this->_where[0][] = " ( contact_a.id IN (" . implode(',', $contactIds) . " ) ) ";
}
Expand Down Expand Up @@ -5583,7 +5584,7 @@ public function convertToPseudoNames(&$dao, $return = FALSE, $usedForAPI = FALSE
}

if (is_object($dao) && property_exists($dao, $value['idCol'])) {
$val = $dao->$value['idCol'];
$val = $dao->{$value['idCol']};

if (CRM_Utils_System::isNull($val)) {
$dao->$key = NULL;
Expand All @@ -5594,10 +5595,10 @@ public function convertToPseudoNames(&$dao, $return = FALSE, $usedForAPI = FALSE
$dao->$idColumn = $val;

if ($key == 'state_province_name') {
$dao->$value['pseudoField'] = $dao->$key = CRM_Core_PseudoConstant::stateProvinceAbbreviation($val);
$dao->{$value['pseudoField']} = $dao->$key = CRM_Core_PseudoConstant::stateProvinceAbbreviation($val);
}
else {
$dao->$value['pseudoField'] = $dao->$key = CRM_Core_PseudoConstant::getLabel($baoName, $value['pseudoField'], $val);
$dao->{$value['pseudoField']} = $dao->$key = CRM_Core_PseudoConstant::getLabel($baoName, $value['pseudoField'], $val);
}
}
elseif ($value['pseudoField'] == 'state_province_abbreviation') {
Expand Down
2 changes: 1 addition & 1 deletion sites/all/modules/civicrm/CRM/Contact/Import/Form/DataSource.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ public function buildQuickForm() {
$geoCode = FALSE;
if (!empty($config->geocodeMethod)) {
$geoCode = TRUE;
$this->addElement('checkbox', 'doGeocodeAddress', ts('Lookup mapping info during import?'));
$this->addElement('checkbox', 'doGeocodeAddress', ts('Geocode addresses during import?'));
}
$this->assign('geoCode', $geoCode);

Expand Down
15 changes: 15 additions & 0 deletions sites/all/modules/civicrm/CRM/Contribute/BAO/Contribution.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3183,6 +3183,21 @@ public static function updateFinancialAccounts(&$params, $context = NULL, $skipT
}
}


/**
* Is this contribution status a reversal.
*
* If so we would expect to record a negative value in the financial_trxn table.
*
* @param int $status_id
*
* @return bool
*/
public static function isContributionStatusNegative($status_id) {
$reversalStatuses = array('Cancelled', 'Chargeback', 'Refunded');
return in_array(CRM_Contribute_PseudoConstant::contributionStatus($status_id, 'name'), $reversalStatuses);
}

/**
* Check status validation on update of a contribution.
*
Expand Down
9 changes: 9 additions & 0 deletions sites/all/modules/civicrm/CRM/Contribute/Form/Contribution.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -707,6 +707,15 @@ public function buildQuickForm() {
}
}

// define the status IDs that show the cancellation info, see CRM-17589
$cancelInfo_show_ids = array();
foreach (array_keys($statusName) as $status_id) {
if (CRM_Contribute_BAO_Contribution::isContributionStatusNegative($status_id)) {
$cancelInfo_show_ids[] = "'$status_id'";
}
}
$this->assign('cancelInfo_show_ids', implode(',', $cancelInfo_show_ids));

if ($this->_id) {
$contributionStatus = CRM_Core_DAO::getFieldValue('CRM_Contribute_DAO_Contribution', $this->_id, 'contribution_status_id');
$name = CRM_Utils_Array::value($contributionStatus, $statusName);
Expand Down
27 changes: 25 additions & 2 deletions sites/all/modules/civicrm/CRM/Contribute/Form/ContributionBase.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -715,13 +715,29 @@ public function buildCustom($id, $name, $viewOnly = FALSE, $profileContactType =

CRM_Core_BAO_Address::checkContactSharedAddressFields($fields, $contactID);
$addCaptcha = FALSE;
$viewOnlyFileValues = empty($profileContactType) ? array() : array($profileContactType => array());
// fetch file preview when not submitted yet, like in online contribution Confirm and ThankYou page
foreach ($fields as $key => $field) {
if ($viewOnly &&
isset($field['data_type']) &&
$field['data_type'] == 'File' || ($viewOnly && $field['name'] == 'image_URL')
) {
// ignore file upload fields
continue;
//retrieve file value from submitted values on basis of $profileContactType
$fileValue = empty($profileContactType) ? CRM_Utils_Array::value($key, $this->_params) : CRM_Utils_Array::value(sprintf('%s[%s]', $profileContactType, $key), $this->_params);

if ($fileValue) {
$path = CRM_Utils_Array::value('name', $fileValue);
$fileType = CRM_Utils_Array::value('type', $fileValue);
$fileValue = CRM_Utils_File::getFileURL($path, $fileType);
}

// format custom file value fetched from submitted value
if ($profileContactType) {
$viewOnlyFileValues[$profileContactType][$key] = $fileValue;
}
else {
$viewOnlyFileValues[$key] = $fileValue;
}
}

if ($profileContactType) {
Expand Down Expand Up @@ -771,6 +787,13 @@ public function buildCustom($id, $name, $viewOnly = FALSE, $profileContactType =

$this->assign($name, $fields);

if ($profileContactType && count($viewOnlyFileValues[$profileContactType])) {
$this->assign('viewOnlyPrefixFileValues', $viewOnlyFileValues);
}
elseif (count($viewOnlyFileValues)) {
$this->assign('viewOnlyFileValues', $viewOnlyFileValues);
}

if ($addCaptcha && !$viewOnly) {
$captcha = CRM_Utils_ReCAPTCHA::singleton();
$captcha->add($this);
Expand Down
8 changes: 6 additions & 2 deletions sites/all/modules/civicrm/CRM/Contribute/Form/Task/Invoice.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@
+--------------------------------------------------------------------+
*/

use Dompdf\Dompdf;
use Dompdf\Options;
/**
*
* @package CRM
Expand Down Expand Up @@ -648,8 +650,10 @@ static public function addActivities($subject, $contactIds, $fileName, $params)
* Name of file which is in pdf format
*/
static public function putFile($html, $name = 'Invoice.pdf') {
require_once "vendor/dompdf/dompdf/dompdf_config.inc.php";
$doc = new DOMPDF();
$options = new Options();
$options->set('isRemoteEnabled', TRUE);

$doc = new DOMPDF($options);
$doc->load_html($html);
$doc->render();
$html = $doc->output();
Expand Down
3 changes: 1 addition & 2 deletions sites/all/modules/civicrm/CRM/Contribute/Form/Task/PDF.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,8 +207,7 @@ public function postProcess() {
$input['receipt_from_name'] = str_replace('"', '', $fromDetails[0]);
}

$mail = CRM_Contribute_BAO_Contribution::sendMail($input, $ids, $objects['contribution']->id, $values, FALSE,
$elements['createPdf']);
$mail = $elements['baseIPN']->sendMail($input, $ids, $objects, $values, FALSE, $elements['createPdf']);

if ($mail['html']) {
$message[] = $mail['html'];
Expand Down
38 changes: 24 additions & 14 deletions sites/all/modules/civicrm/CRM/Core/BAO/ActionSchedule.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@
*
* @package CRM
* @copyright CiviCRM LLC (c) 2004-2015
* $Id$
*
*/

/**
Expand Down Expand Up @@ -1220,10 +1218,10 @@ public static function buildRecipientContacts($mappingID, $now, $params = array(
$select[] = 'e.id as entity_id';
$select[] = "'{$mapping->entity}' as entity_table";
$select[] = "{$actionSchedule->id} as action_schedule_id";
$reminderJoinClause = "civicrm_action_log reminder ON reminder.contact_id = {$contactField} AND
reminder.entity_id = e.id AND
reminder.entity_table = '{$mapping->entity}' AND
reminder.action_schedule_id = %1";
$reminderJoinClause = "civicrm_action_log reminder ON reminder.contact_id = {$contactField}
AND reminder.entity_id = e.id
AND reminder.entity_table = '{$mapping->entity}'
AND reminder.action_schedule_id = %1";

if ($anniversary) {
// only consider reminders less than 11 months ago
Expand Down Expand Up @@ -1254,7 +1252,7 @@ public static function buildRecipientContacts($mappingID, $now, $params = array(
}

// ( now >= date_built_from_start_time ) OR ( now = absolute_date )
$dateClause = "reminder.id IS NULL AND {$startDate}";
$dateClause = $startDate ? " AND {$startDate} " : '';

// start composing query
$selectClause = 'SELECT ' . implode(', ', $select);
Expand All @@ -1272,26 +1270,38 @@ public static function buildRecipientContacts($mappingID, $now, $params = array(
{$fromClause}
{$joinClause}
LEFT JOIN {$reminderJoinClause}
{$whereClause} {$limitWhereClause} AND {$dateClause} {$notINClause}
{$whereClause} AND reminder.id IS NULL {$limitWhereClause} {$dateClause} {$notINClause}
";

// In some cases reference_date got outdated due to many reason e.g. In Membership renewal end_date got extended
// which means reference date mismatches with the end_date where end_date may be used as the start_action_date
// criteria for some schedule reminder so in order to send new reminder we INSERT new reminder with new reference_date
// value via UNION operation
// We need to add in reminders that
// have not already had a reminder for the current end date and HAVE had a reminder for a different
// end date for the same reminder. These will have been excluded earlier, on the basis of a reminder having gone out
// so we want to selectively re-add them.
if (strpos($selectColumns, 'reference_date') !== FALSE) {
$dateClause = str_replace('reminder.id IS NULL', 'reminder.id IS NOT NULL', $dateClause);
$referenceQuery = "
INSERT INTO civicrm_action_log ({$selectColumns})
{$selectClause}
{$fromClause}
{$joinClause}
LEFT JOIN {$reminderJoinClause}
{$whereClause} {$limitWhereClause} {$notINClause} AND {$dateClause} AND
reminder.action_date_time IS NOT NULL AND
reminder.reference_date IS NOT NULL
GROUP BY reminder.id, reminder.reference_date
HAVING reminder.id = MAX(reminder.id) AND reminder.reference_date <> {$dateField}
LEFT JOIN (
SELECT entity_id, entity_table
{$fromClause}
{$joinClause}
LEFT JOIN {$reminderJoinClause}
{$whereClause} {$limitWhereClause} {$dateClause} {$notINClause}
AND reminder.reference_date = $dateField
) as already_sent ON e.id = already_sent.entity_id AND already_sent.entity_table = '{$mapping->entity}'
{$whereClause} {$limitWhereClause} {$notINClause} {$dateClause}
AND reminder.id IS NOT NULL
AND reminder.reference_date IS NOT NULL
AND reminder.reference_date <> $dateField
AND already_sent.entity_table IS NULL
GROUP BY e.id
";
}

Expand Down
23 changes: 13 additions & 10 deletions sites/all/modules/civicrm/CRM/Core/BAO/CustomField.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,11 @@ public static function dataToHtml() {
public static function create(&$params) {
$origParams = array_merge(array(), $params);

if (!isset($params['id'])) {
$op = empty($params['id']) ? 'create' : 'edit';

CRM_Utils_Hook::pre($op, 'CustomField', CRM_Utils_Array::value('id', $params), $params);

if ($op == 'create') {
if (!isset($params['column_name'])) {
// if add mode & column_name not present, calculate it.
$params['column_name'] = strtolower(CRM_Utils_String::munge($params['label'], '_', 32));
Expand Down Expand Up @@ -289,7 +293,7 @@ public static function create(&$params) {

$triggerRebuild = CRM_Utils_Array::value('triggerRebuild', $params, TRUE);
//create/drop the index when we toggle the is_searchable flag
if (!empty($params['id'])) {
if ($op == 'edit') {
self::createField($customField, 'modify', $indexExist, $triggerRebuild);
}
else {
Expand All @@ -309,6 +313,8 @@ public static function create(&$params) {
// complete transaction
$transaction->commit();

CRM_Utils_Hook::post($op, 'CustomField', $customField->id, $customField);

CRM_Utils_System::flushCache();

return $customField;
Expand Down Expand Up @@ -1109,6 +1115,8 @@ public static function deleteField($field) {
$field->delete();
CRM_Core_BAO_UFField::delUFField($field->id);
CRM_Utils_Weight::correctDuplicateWeights('CRM_Core_DAO_CustomField');

CRM_Utils_Hook::post('delete', 'CustomField', $field->id, $field);
}

/**
Expand Down Expand Up @@ -1508,18 +1516,13 @@ public static function getFileURL($contactID, $cfID, $fileID = NULL, $absolute =
'id'
);
list($path) = CRM_Core_BAO_File::path($fileID, $entityId, NULL, NULL);
list($imageWidth, $imageHeight) = getimagesize($path);
list($imageThumbWidth, $imageThumbHeight) = CRM_Contact_BAO_Contact::getThumbSize($imageWidth, $imageHeight);
$url = CRM_Utils_System::url('civicrm/file',
"reset=1&id=$fileID&eid=$contactID",
$absolute, NULL, TRUE, TRUE
);
$result['file_url'] = "
<a href=\"$url\" class='crm-image-popup'>
<img src=\"$url\" width=$imageThumbWidth height=$imageThumbHeight/>
</a>";
// for non image files
$result['file_url'] = CRM_Utils_File::getFileURL($path, $fileType, $url);
}
// for non image files
else {
$uri = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_File',
$fileID,
Expand All @@ -1529,7 +1532,7 @@ public static function getFileURL($contactID, $cfID, $fileID = NULL, $absolute =
"reset=1&id=$fileID&eid=$contactID",
$absolute, NULL, TRUE, TRUE
);
$result['file_url'] = "<a href=\"$url\">{$uri}</a>";
$result['file_url'] = CRM_Utils_File::getFileURL($uri, $fileType, $url);
}
}
return $result;
Expand Down
Loading

0 comments on commit 317a95e

Please sign in to comment.