1. 07 Apr, 2019 1 commit
  2. 05 Apr, 2019 1 commit
  3. 13 Dec, 2018 1 commit
  4. 28 Aug, 2018 1 commit
  5. 20 Aug, 2018 1 commit
  6. 30 Jul, 2018 1 commit
  7. 18 Jul, 2018 2 commits
    • Sean Madsen's avatar
      19046166
    • Sean Madsen's avatar
      security/core#14 Validate "context" inputs · edc80cda
      Sean Madsen authored
      When "context" is passed as a GET parameter, ensure that its values is
      a valid "Alphanumeric" type. This helps prevent XSS when the "context"
      value finds its way into templates that lack HTML output encoding.
      
      Replace...
      
          CRM_Utils_Request::retrieve\((['"])context\1,(\s*)(['"])String\3
      
      ...with...
      
          CRM_Utils_Request::retrieve\($1context$1,$3Alphanumeric$3
      
      Also search for the following and manually fix:
      
          \$_GET\[(['"])context\1\]
          \$_POST\[(['"])context\1\]
          \$_REQUEST\[(['"])context\1\]
      edc80cda
  8. 08 May, 2018 1 commit
  9. 19 Apr, 2018 1 commit
    • totten's avatar
      (NFC) Update version in header · fee14197
      totten authored
      This is a simple administrative update to the headers. It was generated with the command:
      
      ```
      rgrep '| CiviCRM version 4.7' CRM/ Civi ang api bin extern install/ settings/ templates -l \
        | xargs sed -i'' "s/| CiviCRM version 4.7/| CiviCRM version 5  /g"
      ```
      
      Tthe inclusion of `|` aimed to avoid matching any non-header text (e.g. inline docs that
      mentioned the version incidentally). But then I did a looser search and for just
      
      ```
      rgrep 'CiviCRM version 4.7'
      ````
      
      and manually patched the remainder.
      
      Note: I'm not really keen on doing this every month, so I relaxed the header
      statement -- instead of `CiviCRM version 5.0`, it's just `CiviCRM version 5`.
      fee14197
  10. 23 Feb, 2018 1 commit
  11. 03 Feb, 2018 1 commit
  12. 16 Oct, 2017 1 commit
  13. 22 Aug, 2017 1 commit
  14. 31 May, 2017 1 commit
  15. 24 May, 2017 1 commit
  16. 19 Apr, 2017 1 commit
  17. 13 Apr, 2017 1 commit
    • eileen's avatar
      CRM-20413 fix to setting wrong payment_instrument_id, by passing responsibility to the processor. · 18135422
      eileen authored
      This also reflects work towards allowing payment_instrument specific fields on the payment form - ie. check, credit_card_type, pan_truncation.
      
      This idea is to finish the code allowing pay-later to be the manual payment processor indexed with a 0 on all payment forms, and have the
      form render with appropriate fields. Note that I got this working on multiple forms, this commit reflects the smallest piece I could
      break off that is complete within itself, and resolves an issue
      
      I tested that it was still possible to enter checks on the offline contribution as well as membership & additional payment forms, and the
      check number still shows up.
      
      I also tested front end contribution credit card & pay later & front end event forms
      18135422
  18. 02 Jan, 2017 1 commit
  19. 15 Nov, 2016 1 commit
  20. 13 Sep, 2016 1 commit
  21. 21 Mar, 2016 1 commit
  22. 23 Feb, 2016 1 commit
  23. 30 Nov, 2015 2 commits
  24. 27 Aug, 2015 1 commit
  25. 26 Aug, 2015 3 commits
  26. 16 Aug, 2015 2 commits
  27. 15 Aug, 2015 1 commit
    • eileenmcnaugton's avatar
      fix for test regressions · ccb02c2d
      eileenmcnaugton authored
      Note there has been traditional hodgepodge of use of paramters for the same thing causing ongoing confusion here, trying to reduce that
      ccb02c2d
  28. 11 Aug, 2015 1 commit
  29. 12 Jul, 2015 1 commit
  30. 09 Jul, 2015 1 commit
  31. 06 Jul, 2015 1 commit
  32. 02 Jul, 2015 1 commit
  33. 27 May, 2015 1 commit
  34. 18 May, 2015 1 commit
  35. 13 May, 2015 1 commit
    • Eileen McNaughton's avatar
      Put common preProcess actions into parent class · 42e8b05c
      Eileen McNaughton authored
      Note that this switches the Participant form to calling
            CRM_Contact_Form_Task::preProcessCommon($this);
            rather than parent::preProcess();
            I think this may remove the need for the twisted inheritance
            but haven't set AbstractEditPayment back to inherit from
            CRM_Core_Form
            which is more desirable.y
      
      towards consolidating onto parent preProcess
      but the whole cdtype seems to block tidy up - although cdType seems to be a misimplementation -
      in that there should be a custom data type form called for ajax rather than putting it on every form
      
      r
      
      r
      42e8b05c