CiviCRM Core issueshttps://lab.civicrm.org/dev/core/-/issues2024-03-18T15:33:44Zhttps://lab.civicrm.org/dev/core/-/issues/5082CiviCRM 5.70.0, 5.71.0 - With URL tracking enabled, a personalised "View in y...2024-03-18T15:33:44Zjustinfreeman (Agileware)CiviCRM 5.70.0, 5.71.0 - With URL tracking enabled, a personalised "View in your browser" link incorrectly replaces ? with & which causes CiviCRM to respond with error: "You do not have permission to access this page"CiviCRM 5.70.0, 5.71.0 - With URL tracking enabled, a personalised "View in your browser" link incorrectly replaces ? with & which causes CiviCRM to respond with error: "You do not have permission to access this page".
This happens when...CiviCRM 5.70.0, 5.71.0 - With URL tracking enabled, a personalised "View in your browser" link incorrectly replaces ? with & which causes CiviCRM to respond with error: "You do not have permission to access this page".
This happens when using a personalised "View in your browser" URL like this in the mailing, note the use of tokens:
https://goodcause.org.au/civicrm/mailing/view?id={mailing.key}&{contact.checksum}&cid={contact.contact_id}
Which is then incorrectly converted to - this only happens with URL tracking enabled. When URL tracking is disabled, no problems at all.
https://goodcause.org.au/civicrm/mailing/view&id=38&cs=838eae033aa8c2edb56f25b54a1edde5_1709775006_2880&cid=389
And then CiviCRM to respond with error: "You do not have permission to access this page"
The fix and workaround for this issue is to instead just use this token as the URL, which will render correctly.
{mailing.viewUrl}
It's not unreasonable to expect the personalised "View in your browser" URL will work, the first URL parameter should not be converted in this way. This may have implications for other types of URLs too.
Agileware Ref: CIVICRM-2230https://lab.civicrm.org/dev/core/-/issues/5080SearchKit: Join on contact reference in event not working if event isn't root...2024-03-12T13:29:16ZTobias Voigttobias.voigt@civiservice.deSearchKit: Join on contact reference in event not working if event isn't root entityI'm trying to create a SearchKit for participants. I have a join on the participant's events as a secondary entity. From the events I then want to join on a contact via a custom field on the event that is a contact reference - but it doe...I'm trying to create a SearchKit for participants. I have a join on the participant's events as a secondary entity. From the events I then want to join on a contact via a custom field on the event that is a contact reference - but it doesn't work.
When I have the event as the root entity everything works fine. Yet, if I start from participants I can't join on the contact reference.https://lab.civicrm.org/dev/core/-/issues/5078Formbuilder: updates not saved when a populated field of type "file" is prese...2024-03-27T21:07:26ZNadaillacFormbuilder: updates not saved when a populated field of type "file" is present in the formOverview
----------------------------------------
When a field of type "file" is present in the form, then updates in this form when submitted, are not saved.
https://chat.civicrm.org/civicrm/pl/jq8ei9pxa3r58nr13rsgzqy9tr
Reproduction s...Overview
----------------------------------------
When a field of type "file" is present in the form, then updates in this form when submitted, are not saved.
https://chat.civicrm.org/civicrm/pl/jq8ei9pxa3r58nr13rsgzqy9tr
Reproduction steps in WP master
----------------------------------------
Create a customized field "file" for contact. Ex: Resume
Create a basic form with an individual: first name, last name marital status, and the field Resume
![Civi_f0](/uploads/e49a4fcd969f61914d9782981032f5b0/Civi_f0.png)
view as logged in (as a user "demo")
Update first name, last name (but not the file)
![Civi_f1](/uploads/6628ffadd5479d87a71792710920ef53/Civi_f1.png)
The data are correctly saved
Update a field and upload a file
![Civi_f2](/uploads/c818403e6c530a6625340099b37d8734/Civi_f2.png)
The data are correctly saved
![Civi_f3](/uploads/4b0091e52e64f5460fce384695ba0536/Civi_f3.png)
view again and update marital status, first name
![Civi_f4](/uploads/a3cf5991f8a55938ad2207f09a743206/Civi_f4.png)
Updates re not saved
![Civi_f5](/uploads/61c9669dfafa7db3c783b103933da511/Civi_f5.png)
I remove the file and change the marital status
![Civi_f6](/uploads/1a71cdcf72f0dec27e29d36861d8d94e/Civi_f6.png)
The marital status has been updated but the file has not been removed
![Civi_F7](/uploads/1c4bb33e3446bdef76b48111a2809436/Civi_F7.png)
Environment information
----------------------------------------
Wpmaster 5.72
The bug is also in 5.70.2
I'm OK to fund the fix !! I need it for a client :-)colemanwcolemanwhttps://lab.civicrm.org/dev/core/-/issues/5076Error on install2024-03-12T13:27:18ZJonGoldError on installI just attempted to install via the normal web UI for the first time in a very long time. Brand new D7 site, brand new Civi. Disabled all components but CiviEvent and CiviMail. On install, I received this message:
```
CRM_Extension_E...I just attempted to install via the normal web UI for the first time in a very long time. Brand new D7 site, brand new Civi. Disabled all components but CiviEvent and CiviMail. On install, I received this message:
```
CRM_Extension_Exception_DependencyException: Cannot disable extension due to dependencies. Consider disabling all these: civi_campaign,civi_case,civi_contribute,civi_member,civi_pledge,civi_report,financialacls in CRM_Extension_Manager->disable() (line 387 of /var/www/mysite.org/web/sites/all/modules/civicrm/CRM/Extension/Manager.php).
```
Reloading the page got me past the error but since it's the first thing a new admin will see it's worth fixing IMO.https://lab.civicrm.org/dev/core/-/issues/5075When adding fields to a profile if you choose Contact as the entity the dropd...2024-03-12T13:26:32ZDaveDWhen adding fields to a profile if you choose Contact as the entity the dropdown includes Grant fieldsThis sounds familiar but I'm not sure if it's something new or something that came back. I can't find a ticket about it with a quick search.This sounds familiar but I'm not sure if it's something new or something that came back. I can't find a ticket about it with a quick search.https://lab.civicrm.org/dev/core/-/issues/5074Standalone installer header squished on wide screens2024-03-12T13:25:50ZufundoStandalone installer header squished on wide screensOn screens wider than 2000px the installer title overlaps the logo:
![image](/uploads/5bdae7eb821fc67c637939d2abc7f983/image.png)
Minor but it's not the best intro for new people to CiviCRM!
(Maybe it is a good intro :eyes: )On screens wider than 2000px the installer title overlaps the logo:
![image](/uploads/5bdae7eb821fc67c637939d2abc7f983/image.png)
Minor but it's not the best intro for new people to CiviCRM!
(Maybe it is a good intro :eyes: )https://lab.civicrm.org/dev/core/-/issues/5073Standalone default folder structure2024-03-08T10:24:03ZufundoStandalone default folder structureSome wise suggestions from @artfulrobot for clearer folder naming / out-of-the-box security:
> ```
> - civicrm-standalone-X.Y.Z.zip
> - index.php
> - .htaccess
> - robots.txt ➌
> - data/
> - data/ext/....Some wise suggestions from @artfulrobot for clearer folder naming / out-of-the-box security:
> ```
> - civicrm-standalone-X.Y.Z.zip
> - index.php
> - .htaccess
> - robots.txt ➌
> - data/
> - data/ext/.htaccess
> - data/public/.htaccess ➊
> - data/.private/.htaccess ➋
> - core/<ALL-THE-CODES>
> ```
>
> 1. use 'public' not 'upload'. It partners well with 'private', and 'upload' is such a daft relative-to-what? term (not everything you upload through a browser ought to be in a public dir). I think the whole 'persist' 'contribute' etc. is a right mess - or at least I don't understand the logic if there is logic, though last time I looked at it the logic was that at some point in history the first thing to allow uploads was civi contribute so ...
>
> 2. use a dot before _private/_. It's very common, and easy, to ban http access to all 'dot files'. So this gives an extra _likely_ shield against the "oh, I didn't realise nginx ignored .htaccess files" users. Just feels safer, if we're focussing on making this easy.
>
> 3. In terms of sensible defaults, I feel we should have a robots.txt that does its best to ban crawlers, especially AI ones, on everything except specific paths (e.g. event pages). It's one thing to have someone tell you you've accidentally exposed data and someone saw it, it's another to find that your [exposed data now lives in an LLM](https://arstechnica.com/information-technology/2022/09/artist-finds-private-medical-record-photos-in-popular-ai-training-data-set/) training set, ready to be given to anyone with a particular prompt.
Maybe to the nginx point, we could add `nginx-civicrm-site.conf.sample` in the root?
I think the principles for the public / private upload folder names apply to the composer template and the tarball.ufundoufundohttps://lab.civicrm.org/dev/core/-/issues/5072SearchKit: Ghost custom data2024-03-12T15:46:29ZfrancescbassasSearchKit: Ghost custom dataHow to reproduce:
1. Create a custom field for a membership type.
2. Create a membership type and fill the custom field.
3. Change the membership type for the previous membership. Membership no longer have custom field, at least at UI l...How to reproduce:
1. Create a custom field for a membership type.
2. Create a membership type and fill the custom field.
3. Change the membership type for the previous membership. Membership no longer have custom field, at least at UI level, data remains in database tables.
4. Create a SearchKit to list memberships and custom field created in step 1.
5. The SearchKit results show data for non-applicable field for the membership created in step 2.
I suspect it's applicable for custom data groups associated with other entities (contact subtypes, participants, etc)https://lab.civicrm.org/dev/core/-/issues/5070Contribution pending status wrong2024-03-07T18:16:21Zaydunsaidan.saunders@squiffle.ukContribution pending status wrong## Overview
After creating a Pending Contribution it lists as `Pending (Incomplete Transaction)`, not `Pending (Pay Later)`, but editing and saving with no changes causes it to show correctly.
## Reproduction steps
1. Choose a contact...## Overview
After creating a Pending Contribution it lists as `Pending (Incomplete Transaction)`, not `Pending (Pay Later)`, but editing and saving with no changes causes it to show correctly.
## Reproduction steps
1. Choose a contact.
2. `Actions` \> `Add Contribution` (or `Contributions` tab \> `Record Contribution`, or API4)
3. Choose any Financial Type and Amount, set Status to `Pending`
4. View the Contributions list
## Current behaviour
The status shows as `Pending (Incomplete Transaction)`
Then `Edit` the contribution, don't make any changes, just hit `Save`
Note that the status is now `Pending (Pay Later)`
## Expected behaviour
Should be `Pending (Pay Later)`
## Environment information
* **CiviCRM:** _Master & 5.70.0 - maybe others_
Reproducible on dmaster.demo.civicrm.org
## Comments
_See_ https://chat.civicrm.org/civicrm/pl/qcmoueddmfbm7bpfq4uauympcwhttps://lab.civicrm.org/dev/core/-/issues/5069standalone: permanent "session already active" errors2024-03-26T14:20:29ZRichstandalone: permanent "session already active" errorsEvery page, including the login form has:
* session_set_save_handler(): Session save handler cannot be changed when a session is active [2]
/var/www/standalone.localhost/web/core/CRM/Utils/System/Standalone.php line 567
* sessi...Every page, including the login form has:
* session_set_save_handler(): Session save handler cannot be changed when a session is active [2]
/var/www/standalone.localhost/web/core/CRM/Utils/System/Standalone.php line 567
* session_start(): Ignoring session_start() because a session is already active [8]
/var/www/standalone.localhost/web/core/CRM/Utils/System/Standalone.php line 580
I first encountered this while reviewing https://github.com/civicrm/civicrm-core/pull/29352 but after experiencing it once, I could not get it to repeat, so thought it was a random local thing. But now it's back.
I have some installs that don't have it, and others that do; I'm trying to figure out how to reproduce/what makes the difference.https://lab.civicrm.org/dev/core/-/issues/5067Docker image - initial version2024-03-08T09:40:10ZMichael McAndrewDocker image - initial versionFor the initial image, we will focus on CiviCRM Standalone with a simple implementation of layer 3 (see #5066). While we are retaining a narrow focus for the initial release, the Design principles and scope #5066 are an attempt to future...For the initial image, we will focus on CiviCRM Standalone with a simple implementation of layer 3 (see #5066). While we are retaining a narrow focus for the initial release, the Design principles and scope #5066 are an attempt to future proof this work by considering a wider set of use cases.https://lab.civicrm.org/dev/core/-/issues/5063Payment Processor shows Machine Name instead of Backend Title in Configure Ev...2024-03-07T13:44:21Za.valllloveraPayment Processor shows Machine Name instead of Backend Title in Configure Event FeeCurrently the Machine Name of the Payment Processor is shown instead of the Backend Title in Configure Event Fee.
![image.png](/uploads/8029ab7c4e2e343a7adcd43b9ff57bbd/image.png)
![image.png](/uploads/15041218f9d5c10911b5b3d4c5e72fcb/...Currently the Machine Name of the Payment Processor is shown instead of the Backend Title in Configure Event Fee.
![image.png](/uploads/8029ab7c4e2e343a7adcd43b9ff57bbd/image.png)
![image.png](/uploads/15041218f9d5c10911b5b3d4c5e72fcb/image.png)
In Event:
![image.png](/uploads/d8ed15dd94db3f41c2c6ac93ed4544cc/image.png)
Additionally, this means that is meaningless to rename the Backend Title since it will not be displayed. Seems that is getting the `name` field instead of the `title` field.
The tests were made in Master.
EDIT: Seems the problem is here: [PseudoConstant.php](https://github.com/civicrm/civicrm-core/blob/2b410a28eb62e3fc0ada7df712e538794cd06efa/CRM/Core/PseudoConstant.php#L978)https://lab.civicrm.org/dev/core/-/issues/5062APIv4: Cannot set multi-select ContactRef field that is part of a multi-recor...2024-03-07T15:44:13ZmmyriamAPIv4: Cannot set multi-select ContactRef field that is part of a multi-record custom fieldsetOverview
----------------------------------------
Adding multiple Contact References in a field that is part of a multi-record field set fails with APIv4.
Reproduction steps
----------------------------------------
1. Create a custom f...Overview
----------------------------------------
Adding multiple Contact References in a field that is part of a multi-record field set fails with APIv4.
Reproduction steps
----------------------------------------
1. Create a custom field set for all Individuals and check "Does this Custom Field Set allow multiple records?"
2. Add a ContactRef field and check "Multi-Select"
3. Try to set it via the APIv4 Explorer
![image](/uploads/44ecbf788a66150425e55a9de8a6212f/image.png)
Current behaviour
----------------------------------------
Failing with error:
```
{
"error_code": 0,
"error_message": "value: \u00013\u000193\u0001 is not of the right field data type: ContactReference",
"status": 500
}
```
Environment information
----------------------------------------
https://dmaster.demo.civicrm.org running 5.72.alpha1
Comments
---
Not an issue if the multi-select ContactRef field is not part of a multi-record custom fieldset.https://lab.civicrm.org/dev/core/-/issues/5059FormBuilder Contact Blocks break with various modifications2024-03-02T23:35:31ZJoeMurrayFormBuilder Contact Blocks break with various modificationsOverview
----------------------------------------
_Address block for individual contact on wpmaster does not render properly on simple FB form, but does on dmaster._
Reproduction steps
----------------------------------------
1. On wpma...Overview
----------------------------------------
_Address block for individual contact on wpmaster does not render properly on simple FB form, but does on dmaster._
Reproduction steps
----------------------------------------
1. On wpmaster 5.72.alpha1 rebuilt as http://demo-248-8hhyk.test-1.civicrm.org:8001/, click on **Administer > Customize Data and Screens > FormBuilder**.
2. Click on New Submission Form.
3. Set Title = test, Permission to Generic: Allow all users, Page Route civicrm/test , Accessible on Front End of Site = true.
4. Click Individual 1 tab, set Security to Form-Based, then drag Contact Address(es) block into bottom of Individual 1 canvas.
4. Form renders improperly.
![2024-03-02_18-26-12](/uploads/fa4edb46a99b74179ce9e17875ecd750/2024-03-02_18-26-12.png)
1. On dmaster, click on **Administer > Customize Data and Screens > FormBuilder**.
2. Click on New Submission Form.
3. Set Title = test, Permission to Generic: Allow all users, Page Route civicrm/test , Accessible on Front End of Site = true.
4. Click Individual 1 tab, set Security to Form-Based, then drag Contact Address(es) block into bottom of Individual 1 canvas.
4. Form renders properly.
![2024-03-02_18-09-55](/uploads/e3c5cbe752876a2e35cab1e70f703ba4/2024-03-02_18-09-55.png)colemanwcolemanwhttps://lab.civicrm.org/dev/core/-/issues/5058FormBuilder "magic" links should log in the user so that User-based Entity se...2024-03-07T13:41:11ZKeith NunnFormBuilder "magic" links should log in the user so that User-based Entity security behaves as expectedOverview
----------------------------------------
When sending a link to a Form Builder form to a user by token (e.g. {afform.afformSubmissionLink}), the generated URL provides information that allows the form to auto-populate. It should...Overview
----------------------------------------
When sending a link to a Form Builder form to a user by token (e.g. {afform.afformSubmissionLink}), the generated URL provides information that allows the form to auto-populate. It should also log in the specific contact who received the link similarly to the behaviour of the contact_id and checksum tokens when used together.
Reproduction steps
----------------------------------------
1. create a new basic submission form
1. set 'Expose to:' to include 'Message Tokens'
1. set 'Individual 1' Security to 'User-based'
1. set 'Autofill' to 'current user'
1. Go to a contact summary page and merge document to use the exposed token.
1. Follow the link in the merged document
Current behaviour
----------------------------------------
Sometimes the form will throw an error, other times if the overall display permissions are open enough, the form will display and auto-populate, but any changes to the Individual 1 contact record will fail.
Expected behaviour
----------------------------------------
CiviCRM should recognize the user as a logged-in contact because we have sent them a 'magic' link.
Environment information
----------------------------------------
https://wpmaster.demo.civicrm.org test environment via firefox 123
Comments
----------------------------------------https://lab.civicrm.org/dev/core/-/issues/5057Make descriptions visible in drop down2024-03-22T18:22:38ZyashodhaMake descriptions visible in drop downAll the select2 drop-down are mostly option values which do have a description field in the database.
It will be useful to use this for display in select2 drop-downs.
We already show description for entities like events. It will be help...All the select2 drop-down are mostly option values which do have a description field in the database.
It will be useful to use this for display in select2 drop-downs.
We already show description for entities like events. It will be helpful to choose options for the user(if options do indeed explanation and are configured as such)https://lab.civicrm.org/dev/core/-/issues/5056Theming of remote oEmbed / iFrame2024-03-07T13:38:52ZJoeMurrayTheming of remote oEmbed / iFrameWe are adding the ability to publish eEmbed / iFrame functionality from CiviCRM to remote sites. (https://github.com/totten/civicrm-core/blob/master-oembed/ext/oembed/README.md#issues--todos). The backend CiviCRM site is a provider or pu...We are adding the ability to publish eEmbed / iFrame functionality from CiviCRM to remote sites. (https://github.com/totten/civicrm-core/blob/master-oembed/ext/oembed/README.md#issues--todos). The backend CiviCRM site is a provider or publisher of content, typically forms. We're going to call front end sites that consume this content consumer sites.
Two prototypical use cases are:
1. An organization uses a Standalone backend CiviCRM instance to publish public facing pages on their public WordPress site (contribution page, newsletter subscription page, event registration pages) which is the only consumer site.
2. An organization publishes some content that it encourages aligned partners to display on their sites, e.g. a FormBuilder based petition that needs to appear on many consumer sites with different themes including colour schemes, fonts, etc.
In both cases there is a need to make the content inside the oEmbed/iFrame look okay or even good on the consumer sites.
There is a need to develop approaches to theming the content that will be presently remotely on consumer sites.
In case 1, it may be reasonable for the organization to create a theme on the backend publisher site that matches the front end theme. However, the backend CiviCRM publisher may be a locked down site like Spark which does not provide this level of access.
As of March 1, 2024 it is possible on backend site to select a site-wide theme, and for parameters in the oEmbed/iFrame requests to include width and height for the window of content.
@kcristiano has had success in using css on a consumer site to theme the content inside an iFrame (target the selectors).
Many sites that publish pages in iFrames for remote consumption allow small theming choices to be made, eg foreground and background colour, etc.
As of March 1, 2024, selected content on a CiviCRM site can expose urls for oEmbed and iFrame references to that content.
It might be desirable to have a consumer choose to make some small theming adjustments to the CiviCRM content that will be rendered on their site, adjusting the url for the oEmbed or iFrame. The url could get key-value pairs for the theming adjustments or perhaps they could be stored in a record in a database or used to create a css file on disk that would be requested with a single key-value pair in the url.
What are the considerations and desiderata for providing a simple usable approach to end users to get an iFrame reference that provides some theming of the content? For example, what is a reasonable set of end user oriented settings that are not overwhelming that could be made available? Foreground colour, background colour, font, etc?
Should there be a different set that would make available a fairly full set of tags for CiviCRM forms, including h1, h2, etc all the way to styling of selects, buttons, checkboxes, etc.?JoeMurrayJoeMurrayhttps://lab.civicrm.org/dev/core/-/issues/5055Does anyone use CRM_Mailing_Form_Approve?2024-03-07T13:37:04ZherbdoolDoes anyone use CRM_Mailing_Form_Approve?As part of clean up of accordions, we noticed that it's hard to test template for `civicrm/mailing/approve` which calls `CRM_Mailing_Form_Approve`. Is this being used? There's a permission as well which seems like it can't even be set. U...As part of clean up of accordions, we noticed that it's hard to test template for `civicrm/mailing/approve` which calls `CRM_Mailing_Form_Approve`. Is this being used? There's a permission as well which seems like it can't even be set. Unless I'm missing something.https://lab.civicrm.org/dev/core/-/issues/5054Add postal address columns to soft credit report2024-03-07T13:35:18ZyashodhaAdd postal address columns to soft credit reportAdd postal address columns for both `Soft Credit` and `Contributor`contacts to soft credit report .Add postal address columns for both `Soft Credit` and `Contributor`contacts to soft credit report .yashodhayashodhahttps://lab.civicrm.org/dev/core/-/issues/5053Formbuilder/ event tab: Add the possibility to create or select a location2024-03-07T13:34:54ZNadaillacFormbuilder/ event tab: Add the possibility to create or select a locationIn the tab event, there should be the possibility to select a location or create a location, and in that case set all location fields. Similarly to the current backend form.
This enhancement could be funded.
Discussed with @colemanwIn the tab event, there should be the possibility to select a location or create a location, and in that case set all location fields. Similarly to the current backend form.
This enhancement could be funded.
Discussed with @colemanw