CiviCRM Core issueshttps://lab.civicrm.org/dev/core/-/issues2024-03-15T02:24:51Zhttps://lab.civicrm.org/dev/core/-/issues/5091crm.ajax.js uses synchronous XHR2024-03-15T02:24:51ZJonGoldcrm.ajax.js uses synchronous XHROverview
----------------------------------------
When editing a contribution loaded in a modal, if the server is configured to disallow synchronous XHR, the "Cancel" and "Save" buttons don't appear.
Example use-case
------------------...Overview
----------------------------------------
When editing a contribution loaded in a modal, if the server is configured to disallow synchronous XHR, the "Cancel" and "Save" buttons don't appear.
Example use-case
----------------------------------------
1. In your web server config, modify your Permissions-Policy or add one that disables synchronous XHR, e.g. for Apache:
```
Header always set Permissions-Policy "sync-xhr=()"
```
1. Click **Edit** next to a contribution (without opening in a new tab, so it appears in a modal).
Current behaviour
----------------------------------------
"Cancel" and "Save" buttons are missing.
Proposed behaviour
----------------------------------------
"Cancel" and "Save" buttons should appear.
Comments
----------------------------------------
The console error is:
```
[Violation] Permissions policy violation: Synchronous requests are disabled by permissions policy.
```
It faults `crm.ajax.js` line 329 (currently: `that.element.html(data.content);`).
Per the [XHR spec](https://xhr.spec.whatwg.org/#the-open()-method):
> Synchronous XMLHttpRequest outside of workers is in the process of being removed from the web platform as it has detrimental effects to the end user’s experience. (This is a long process that takes many years.) Developers must not pass false for the async argument when the current global object is a Window object. User agents are strongly encouraged to warn about such usage in developer tools and may experiment with throwing an "InvalidAccessError" DOMException when it occurs.
This isn't urgent - most folks aren't blocking Synchronous XHR - but since this is the only issue I've seen in months of having this permissions policy, it seems like we can get atop things.https://lab.civicrm.org/dev/core/-/issues/5087Links to export and import Data Segmentation saved searches2024-03-12T20:00:39ZherbdoolLinks to export and import Data Segmentation saved searchesRight now there's no easy way to export a Data Segmentation saved search. One can export the main saved search, but if it references a Data Segmentation there is no easy way to export it as well.
So the only way is to go to the API4 exp...Right now there's no easy way to export a Data Segmentation saved search. One can export the main saved search, but if it references a Data Segmentation there is no easy way to export it as well.
So the only way is to go to the API4 explorer, select Saved Segmentation, guess at the ID (since it's not visible in the UI or even the link), export to JSON and copy that. Then go to the other site and only include part of that JSON (everything in `values`) and save it.https://lab.civicrm.org/dev/core/-/issues/5086Ability to export FormBuilder forms from the UI2024-03-18T15:35:22ZherbdoolAbility to export FormBuilder forms from the UIWe've got an export link for SearchKit, but if a saved search is wrapped up in a FormBuilder form there's no easy way to also export those files. I can imagine a modal with the text from the forms files (`*.html`, `*.json`) and a link to...We've got an export link for SearchKit, but if a saved search is wrapped up in a FormBuilder form there's no easy way to also export those files. I can imagine a modal with the text from the forms files (`*.html`, `*.json`) and a link to copy it. Or even ability to save the files as a zip file.
And I suppose we'd need an import link as well to import on a different site (similar to SearchKit's link).https://lab.civicrm.org/dev/core/-/issues/5083SearchKit: It's not possible to uppercase countries and states/provinces2024-03-12T13:30:39ZfrancescbassasSearchKit: It's not possible to uppercase countries and states/provincesReproduced on dmaster.demo.civicrm.org at 5.73.alpha1
![imatge](/uploads/92832dc535bb7b462cd714cc3b58dec5/imatge.png)Reproduced on dmaster.demo.civicrm.org at 5.73.alpha1
![imatge](/uploads/92832dc535bb7b462cd714cc3b58dec5/imatge.png)https://lab.civicrm.org/dev/core/-/issues/5082CiviCRM 5.70.0, 5.71.0 - With URL tracking enabled, a personalised "View in y...2024-03-28T23:33:13Zjustinfreeman (Agileware)CiviCRM 5.70.0, 5.71.0 - With URL tracking enabled, a personalised "View in your browser" link incorrectly replaces ? with & which causes CiviCRM to respond with error: "You do not have permission to access this page"CiviCRM 5.70.0, 5.71.0 - With URL tracking enabled, a personalised "View in your browser" link incorrectly replaces ? with & which causes CiviCRM to respond with error: "You do not have permission to access this page".
This happens when...CiviCRM 5.70.0, 5.71.0 - With URL tracking enabled, a personalised "View in your browser" link incorrectly replaces ? with & which causes CiviCRM to respond with error: "You do not have permission to access this page".
This happens when using a personalised "View in your browser" URL like this in the mailing, note the use of tokens:
https://goodcause.org.au/civicrm/mailing/view?id={mailing.key}&{contact.checksum}&cid={contact.contact_id}
Which is then incorrectly converted to - this only happens with URL tracking enabled. When URL tracking is disabled, no problems at all.
https://goodcause.org.au/civicrm/mailing/view&id=38&cs=838eae033aa8c2edb56f25b54a1edde5_1709775006_2880&cid=389
And then CiviCRM to respond with error: "You do not have permission to access this page"
The fix and workaround for this issue is to instead just use this token as the URL, which will render correctly.
{mailing.viewUrl}
It's not unreasonable to expect the personalised "View in your browser" URL will work, the first URL parameter should not be converted in this way. This may have implications for other types of URLs too.
Agileware Ref: CIVICRM-2230https://lab.civicrm.org/dev/core/-/issues/5080SearchKit: Join on contact reference in event not working if event isn't root...2024-03-12T13:29:16ZTobias Voigttobias.voigt@civiservice.deSearchKit: Join on contact reference in event not working if event isn't root entityI'm trying to create a SearchKit for participants. I have a join on the participant's events as a secondary entity. From the events I then want to join on a contact via a custom field on the event that is a contact reference - but it doe...I'm trying to create a SearchKit for participants. I have a join on the participant's events as a secondary entity. From the events I then want to join on a contact via a custom field on the event that is a contact reference - but it doesn't work.
When I have the event as the root entity everything works fine. Yet, if I start from participants I can't join on the contact reference.https://lab.civicrm.org/dev/core/-/issues/5078Formbuilder: updates not saved when a populated field of type "file" is prese...2024-03-27T21:07:26ZNadaillacFormbuilder: updates not saved when a populated field of type "file" is present in the formOverview
----------------------------------------
When a field of type "file" is present in the form, then updates in this form when submitted, are not saved.
https://chat.civicrm.org/civicrm/pl/jq8ei9pxa3r58nr13rsgzqy9tr
Reproduction s...Overview
----------------------------------------
When a field of type "file" is present in the form, then updates in this form when submitted, are not saved.
https://chat.civicrm.org/civicrm/pl/jq8ei9pxa3r58nr13rsgzqy9tr
Reproduction steps in WP master
----------------------------------------
Create a customized field "file" for contact. Ex: Resume
Create a basic form with an individual: first name, last name marital status, and the field Resume
![Civi_f0](/uploads/e49a4fcd969f61914d9782981032f5b0/Civi_f0.png)
view as logged in (as a user "demo")
Update first name, last name (but not the file)
![Civi_f1](/uploads/6628ffadd5479d87a71792710920ef53/Civi_f1.png)
The data are correctly saved
Update a field and upload a file
![Civi_f2](/uploads/c818403e6c530a6625340099b37d8734/Civi_f2.png)
The data are correctly saved
![Civi_f3](/uploads/4b0091e52e64f5460fce384695ba0536/Civi_f3.png)
view again and update marital status, first name
![Civi_f4](/uploads/a3cf5991f8a55938ad2207f09a743206/Civi_f4.png)
Updates re not saved
![Civi_f5](/uploads/61c9669dfafa7db3c783b103933da511/Civi_f5.png)
I remove the file and change the marital status
![Civi_f6](/uploads/1a71cdcf72f0dec27e29d36861d8d94e/Civi_f6.png)
The marital status has been updated but the file has not been removed
![Civi_F7](/uploads/1c4bb33e3446bdef76b48111a2809436/Civi_F7.png)
Environment information
----------------------------------------
Wpmaster 5.72
The bug is also in 5.70.2
I'm OK to fund the fix !! I need it for a client :-)colemanwcolemanwhttps://lab.civicrm.org/dev/core/-/issues/5076Error on install2024-03-12T13:27:18ZJonGoldError on installI just attempted to install via the normal web UI for the first time in a very long time. Brand new D7 site, brand new Civi. Disabled all components but CiviEvent and CiviMail. On install, I received this message:
```
CRM_Extension_E...I just attempted to install via the normal web UI for the first time in a very long time. Brand new D7 site, brand new Civi. Disabled all components but CiviEvent and CiviMail. On install, I received this message:
```
CRM_Extension_Exception_DependencyException: Cannot disable extension due to dependencies. Consider disabling all these: civi_campaign,civi_case,civi_contribute,civi_member,civi_pledge,civi_report,financialacls in CRM_Extension_Manager->disable() (line 387 of /var/www/mysite.org/web/sites/all/modules/civicrm/CRM/Extension/Manager.php).
```
Reloading the page got me past the error but since it's the first thing a new admin will see it's worth fixing IMO.https://lab.civicrm.org/dev/core/-/issues/5075When adding fields to a profile if you choose Contact as the entity the dropd...2024-03-12T13:26:32ZDaveDWhen adding fields to a profile if you choose Contact as the entity the dropdown includes Grant fieldsThis sounds familiar but I'm not sure if it's something new or something that came back. I can't find a ticket about it with a quick search.This sounds familiar but I'm not sure if it's something new or something that came back. I can't find a ticket about it with a quick search.https://lab.civicrm.org/dev/core/-/issues/5074Standalone installer header squished on wide screens2024-03-12T13:25:50ZufundoStandalone installer header squished on wide screensOn screens wider than 2000px the installer title overlaps the logo:
![image](/uploads/5bdae7eb821fc67c637939d2abc7f983/image.png)
Minor but it's not the best intro for new people to CiviCRM!
(Maybe it is a good intro :eyes: )On screens wider than 2000px the installer title overlaps the logo:
![image](/uploads/5bdae7eb821fc67c637939d2abc7f983/image.png)
Minor but it's not the best intro for new people to CiviCRM!
(Maybe it is a good intro :eyes: )https://lab.civicrm.org/dev/core/-/issues/5073Standalone default folder structure2024-03-29T07:36:10ZufundoStandalone default folder structureSome wise suggestions from @artfulrobot for clearer folder naming / out-of-the-box security:
> ```
> - civicrm-standalone-X.Y.Z.zip
> - index.php
> - .htaccess
> - robots.txt ➌
> - data/
> - data/ext/....Some wise suggestions from @artfulrobot for clearer folder naming / out-of-the-box security:
> ```
> - civicrm-standalone-X.Y.Z.zip
> - index.php
> - .htaccess
> - robots.txt ➌
> - data/
> - data/ext/.htaccess
> - data/public/.htaccess ➊
> - data/.private/.htaccess ➋
> - core/<ALL-THE-CODES>
> ```
>
> 1. use 'public' not 'upload'. It partners well with 'private', and 'upload' is such a daft relative-to-what? term (not everything you upload through a browser ought to be in a public dir). I think the whole 'persist' 'contribute' etc. is a right mess - or at least I don't understand the logic if there is logic, though last time I looked at it the logic was that at some point in history the first thing to allow uploads was civi contribute so ...
>
> 2. use a dot before _private/_. It's very common, and easy, to ban http access to all 'dot files'. So this gives an extra _likely_ shield against the "oh, I didn't realise nginx ignored .htaccess files" users. Just feels safer, if we're focussing on making this easy.
>
> 3. In terms of sensible defaults, I feel we should have a robots.txt that does its best to ban crawlers, especially AI ones, on everything except specific paths (e.g. event pages). It's one thing to have someone tell you you've accidentally exposed data and someone saw it, it's another to find that your [exposed data now lives in an LLM](https://arstechnica.com/information-technology/2022/09/artist-finds-private-medical-record-photos-in-popular-ai-training-data-set/) training set, ready to be given to anyone with a particular prompt.
Maybe to the nginx point, we could add `nginx-civicrm-site.conf.sample` in the root?
I think the principles for the public / private upload folder names apply to the composer template and the tarball.ufundoufundohttps://lab.civicrm.org/dev/core/-/issues/5072SearchKit: Ghost custom data2024-03-12T15:46:29ZfrancescbassasSearchKit: Ghost custom dataHow to reproduce:
1. Create a custom field for a membership type.
2. Create a membership type and fill the custom field.
3. Change the membership type for the previous membership. Membership no longer have custom field, at least at UI l...How to reproduce:
1. Create a custom field for a membership type.
2. Create a membership type and fill the custom field.
3. Change the membership type for the previous membership. Membership no longer have custom field, at least at UI level, data remains in database tables.
4. Create a SearchKit to list memberships and custom field created in step 1.
5. The SearchKit results show data for non-applicable field for the membership created in step 2.
I suspect it's applicable for custom data groups associated with other entities (contact subtypes, participants, etc)https://lab.civicrm.org/dev/core/-/issues/5070Contribution pending status wrong2024-03-07T18:16:21Zaydunsaidan.saunders@squiffle.ukContribution pending status wrong## Overview
After creating a Pending Contribution it lists as `Pending (Incomplete Transaction)`, not `Pending (Pay Later)`, but editing and saving with no changes causes it to show correctly.
## Reproduction steps
1. Choose a contact...## Overview
After creating a Pending Contribution it lists as `Pending (Incomplete Transaction)`, not `Pending (Pay Later)`, but editing and saving with no changes causes it to show correctly.
## Reproduction steps
1. Choose a contact.
2. `Actions` \> `Add Contribution` (or `Contributions` tab \> `Record Contribution`, or API4)
3. Choose any Financial Type and Amount, set Status to `Pending`
4. View the Contributions list
## Current behaviour
The status shows as `Pending (Incomplete Transaction)`
Then `Edit` the contribution, don't make any changes, just hit `Save`
Note that the status is now `Pending (Pay Later)`
## Expected behaviour
Should be `Pending (Pay Later)`
## Environment information
* **CiviCRM:** _Master & 5.70.0 - maybe others_
Reproducible on dmaster.demo.civicrm.org
## Comments
_See_ https://chat.civicrm.org/civicrm/pl/qcmoueddmfbm7bpfq4uauympcwhttps://lab.civicrm.org/dev/core/-/issues/5069standalone: permanent "session already active" errors2024-03-26T14:20:29ZRichstandalone: permanent "session already active" errorsEvery page, including the login form has:
* session_set_save_handler(): Session save handler cannot be changed when a session is active [2]
/var/www/standalone.localhost/web/core/CRM/Utils/System/Standalone.php line 567
* sessi...Every page, including the login form has:
* session_set_save_handler(): Session save handler cannot be changed when a session is active [2]
/var/www/standalone.localhost/web/core/CRM/Utils/System/Standalone.php line 567
* session_start(): Ignoring session_start() because a session is already active [8]
/var/www/standalone.localhost/web/core/CRM/Utils/System/Standalone.php line 580
I first encountered this while reviewing https://github.com/civicrm/civicrm-core/pull/29352 but after experiencing it once, I could not get it to repeat, so thought it was a random local thing. But now it's back.
I have some installs that don't have it, and others that do; I'm trying to figure out how to reproduce/what makes the difference.https://lab.civicrm.org/dev/core/-/issues/5068Do we need the qfkey in group urls?2024-03-07T13:49:27ZAndrew WestDo we need the qfkey in group urls?My users are forever emailing each other broken links to Civi groups, due to the qfkey in the URL. This doesn't seem to be needed in most of the rest of Civi - is it worth my investigating how to remove it? Or would we aim to replace tha...My users are forever emailing each other broken links to Civi groups, due to the qfkey in the URL. This doesn't seem to be needed in most of the rest of Civi - is it worth my investigating how to remove it? Or would we aim to replace that page with a search kit version soon anyway?https://lab.civicrm.org/dev/core/-/issues/5067Docker image - initial version2024-03-08T09:40:10ZMichael McAndrewDocker image - initial versionFor the initial image, we will focus on CiviCRM Standalone with a simple implementation of layer 3 (see #5066). While we are retaining a narrow focus for the initial release, the Design principles and scope #5066 are an attempt to future...For the initial image, we will focus on CiviCRM Standalone with a simple implementation of layer 3 (see #5066). While we are retaining a narrow focus for the initial release, the Design principles and scope #5066 are an attempt to future proof this work by considering a wider set of use cases.https://lab.civicrm.org/dev/core/-/issues/5066Docker image - design principles and scope2024-03-13T16:58:38ZMichael McAndrewDocker image - design principles and scope**_This text is draft - feedback welcome_**
We are creating CiviCRM Docker image designed to be used as a building block in the _production hosting_ of CiviCRM (see #5064 for more details). It will support both CiviCRM Standalone and Ci...**_This text is draft - feedback welcome_**
We are creating CiviCRM Docker image designed to be used as a building block in the _production hosting_ of CiviCRM (see #5064 for more details). It will support both CiviCRM Standalone and CiviCRM alongside a CMS.
We expect the image to be used as part of a wider set of tools to create reliable, performant, scalable hosting infrastructure. Creating that infrastructure is outside of the scope of this image and we are agnostic on what tools used to do so. Commonly used tools include Kubernetes, Docker swarm, etc.
The image can also be used as part of a development environment to enable 'dev prod parity'. When we say development environment we are referring specifically to a development environment for production hosting, not a development environment for core CiviCRM development (buildkit etc.).
Note: we will likely encounter limitations in making each CMS 'Docker friendly' that are outside of our control.Note: support for core development workflows (buildkit, etc.) is outside of the scope of this project.
It is based on the following **principles**:
**No surprises**. We'll follow the well trodden path. Use CiviCRM defaults and recommendations, and Docker and cloud best practices, e.g. https://12factor.net/. There are many different opinions about the best way to deploy CiviCRM and we won't be able to please everyone. If you want to do something extra special or clever, then this _might_ not be for you.
**Be conservative about options**. Each option that we add multiplies complexity and increases the chance of bugs and breakages and we'll avoid adding them unless there is a compelling reason. That said, where possible we'll design the image in such a way that it can be used as a base for more opinionated solutions (e.g. by breaking the Docker image into layers).
### Build process
A possible architecture is as follows:
* Layer 1: CiviCRM Dependencies and tools
* Layer 2: CMS/standalone dependencies and tools
* Layer 3: Application source code
Consumers can choose the image that is the most appropriate jumping off point for their infrastructure.
We expect many consumers of this repository will roll their own Layer 3 that makes sense for their own own build process. A simple approach to building a Layer 3 would be to copy a source code tree from a repository. Other options include using CMS tools such as `drush` or `wp` or dependency managers like `composer`.
We could consider swapping the order of Layers 1 and 2 and rely on official CMS builds as the base layer. This would save time but mean we were reliant on the upstream base images and need to deal with any variance between them. It is worth noting that the Drupal and WordPress images on Docker hub are maintained by the Docker community, not the projects themselves.
### Configuration
We should consider patching CiviCRM to allow it to consume settings passed as environment variables (or similar).
### Backing services
All 'backing services', including MySQL, email delivery, payment providers, etc, are outside the scope of this image and are expected to be configured via environment variables or similar.
We may consider creating recommended images for backing services (e.g. MySQL, email services) further down the line.
### Admin processes
We will include existing tools like `cv` and `civix` to assist with the execution of one off admin processes (e.g. upgrades, config changes, etc.) These tools are also useful during development.
There are some admin processes, e.g. backups, snapshots, for which there are currently no official tools. We should consider creating these as part of this project.
We may also include cron for scheduled tasks.
### Port binding
The image wil expose CiviCRM (and the CMS via http on a specific port. Reverse proxies, caches, firewalls, etc. are outside of the scope of this project.
### Concurrency
The image will be designed to support horizontal scaling, i.e. running multiple instances of the image in parallel.
### Logs
All logs (CiviCRM, Apache, PHP) will be sent to stdout/stderr.https://lab.civicrm.org/dev/core/-/issues/5065Docker image - review of existing CiviCRM Docker codebases2024-03-13T21:32:52ZMichael McAndrewDocker image - review of existing CiviCRM Docker codebasesAs part of https://lab.civicrm.org/dev/core/-/issues/5064 we would like to review existing CiviCRM Docker codebases **_that are currently being used for production hosting_** in order to distil existing best practice and also to not repe...As part of https://lab.civicrm.org/dev/core/-/issues/5064 we would like to review existing CiviCRM Docker codebases **_that are currently being used for production hosting_** in order to distil existing best practice and also to not repeat previous mistakes.
If you have an existing CiviCRM Docker based solution that you would be willing to share, please add a link below with some narrative and pointers for us.
Some questions it would be great if you could answer:
- What is working well for you in your current set up?
- What the challenges have you experienced? / what problems are yet to be solved?
- Are the any Docker APIs or features that you are not making use of that you think would be useful
- anything else you think is relevanthttps://lab.civicrm.org/dev/core/-/issues/5064An official CiviCRM docker image2024-03-12T16:30:24ZMichael McAndrewAn official CiviCRM docker imageWe'd like to create an official CiviCRM Docker image that people can use as a building block when creating CiviCRM hosting infrastructure.
This issue is as an overview with links to various sub-tasks, some of which have issues linked be...We'd like to create an official CiviCRM Docker image that people can use as a building block when creating CiviCRM hosting infrastructure.
This issue is as an overview with links to various sub-tasks, some of which have issues linked below.
1. Review existing Docker based set ups and collect best practice #5065
2. Design principles and scope #5066
3. Develop initial version of the image #5067
4. Create publishing infrastructure
5. Sketch roadmap for further development
6. Document how to use and contribute to the project
This project has received funding from SFE's CiviClick project (thank you SFE!) which will help kick start things but won't cover everything we need to do.
SFE are also funding improvements to CiviCRM to make it more Docker friendly and a project to orchestrate CiviCRM using Kubernetes. See https://cloud.software-fuer-engagierte.de/index.php/s/KrTmxnxH5AZYzg4 for the users stories that this work is intended to cater for.https://lab.civicrm.org/dev/core/-/issues/5063Payment Processor shows Machine Name instead of Backend Title in Configure Ev...2024-03-07T13:44:21Za.valllloveraPayment Processor shows Machine Name instead of Backend Title in Configure Event FeeCurrently the Machine Name of the Payment Processor is shown instead of the Backend Title in Configure Event Fee.
![image.png](/uploads/8029ab7c4e2e343a7adcd43b9ff57bbd/image.png)
![image.png](/uploads/15041218f9d5c10911b5b3d4c5e72fcb/...Currently the Machine Name of the Payment Processor is shown instead of the Backend Title in Configure Event Fee.
![image.png](/uploads/8029ab7c4e2e343a7adcd43b9ff57bbd/image.png)
![image.png](/uploads/15041218f9d5c10911b5b3d4c5e72fcb/image.png)
In Event:
![image.png](/uploads/d8ed15dd94db3f41c2c6ac93ed4544cc/image.png)
Additionally, this means that is meaningless to rename the Backend Title since it will not be displayed. Seems that is getting the `name` field instead of the `title` field.
The tests were made in Master.
EDIT: Seems the problem is here: [PseudoConstant.php](https://github.com/civicrm/civicrm-core/blob/2b410a28eb62e3fc0ada7df712e538794cd06efa/CRM/Core/PseudoConstant.php#L978)