1. 30 Apr, 2019 3 commits
    • totten's avatar
      (flexmailer#29) civicrm/mailing/view - Generate content via Mailing.preview API · 640d3ea6
      totten authored
      A root cause of flexmailer#29 is that the flexmailer has to override
      multiple parts of CiviMail.  Case in point: it overrides the
      `civicrm/mailing/view` and forces it to generate content via
      `Mailing.preview` API.  This is unfortunate because flexmailer's variant is
      missing other features (regarding permissioning and contact IDs).
      
      This revision makes it unnecessary for flexmailer to override
      `civicrm/mailing/view`.
      640d3ea6
    • totten's avatar
      CiviMail - Restore support for previewing mailing-tokens via TokenProcessor/Flexmailer · fa373cad
      totten authored
      See preceding commit for general description - this simply applies the same
      concept for another set of tokens.
      fa373cad
    • totten's avatar
      CiviMail - Restore support for previewing action-tokens via TokenProcessor/Flexmailer · e026b9e4
      totten authored
      Overview
      --------
      
      When using `TokenProcessor` to generate a mailing (e.g.  as with Flexmailer/Mosaico), the action-tokens (e.g.
      `{action.optOutUrl}`) are generated via `CRM_Mailing_ActionTokens`.  To properly generate them,
      `CRM_Mailing_ActionTokens` relies on certain information (e.g.  mailing/job ID).  However, that information is no
      longer available when performing a "Preview" -- leading to misbehavior in previews.  This patch allows Flexmailer to
      restore parity for previewing those tokens.
      
      Before (Pre-5.6)
      ----------------
      
      * When a user begins composing a mailing, CiviMail creates a draft mailing with a concrete ID (e.g.  `mailing #123`).
      * To preview the mailing, the UI calls `Mailing.preview` API with the ID of the mailing.
      * Flexmailer/Mosaico generates the preview by calling `TokenProcessor` and therefore `CRM_Mailing_ActionTokens`.
      * `CRM_Mailing_ActionTokens` has strictness checks. These pass because the ID is available.
      
      Before (5.6-5.12)
      ----------------
      
      As a performance enhancement, CiviCRM 5.6 (PR #12509; [mail#20](mail#20)) revised
      the signature for `Mailing.preview` API to allow previews *without* having a specific mailing record/job/ID. Consequently:
      
      * When a user begins composing a mailing, CiviMail creates a draft mailing with a concrete ID (e.g.  `mailing #123`).
      * To preview the mailing, the UI calls `Mailing.preview` API ~~with~~ **without** the ID of the mailing.
      * Flexmailer/Mosaico generates the preview by calling `TokenProcessor` and therefore `CRM_Mailing_ActionTokens`.
      * `CRM_Mailing_ActionTokens` has strictness checks. These ~~pass~~ **fail** because the ID is ~~available~~ **unavailable**.
      
      After
      ----------------
      
      * When a user begins composing a mailing, CiviMail creates a draft mailing with a concrete ID (e.g.  `mailing #123`).
      * To preview the mailing, the UI calls `Mailing.preview` API ~~with~~ **without** the ID of the mailing.
      * Flexmailer/Mosaico generates the preview by calling `TokenProcessor` and therefore `CRM_Mailing_ActionTokens`.
      * `CRM_Mailing_ActionTokens` has ~~strictness~~ **less strict** checks. These **pass** because the `context[schema]` hints that
        a mailing ID *will be available* when needed.
      e026b9e4
  2. 23 Apr, 2019 1 commit
  3. 17 Apr, 2019 1 commit
  4. 10 Apr, 2019 1 commit
  5. 07 Apr, 2019 1 commit
  6. 05 Apr, 2019 2 commits
  7. 02 Apr, 2019 1 commit
  8. 30 Mar, 2019 1 commit
  9. 28 Feb, 2019 1 commit
  10. 12 Jan, 2019 1 commit
  11. 08 Jan, 2019 1 commit
  12. 04 Jan, 2019 1 commit
  13. 03 Jan, 2019 1 commit
  14. 26 Dec, 2018 1 commit
  15. 19 Dec, 2018 2 commits
  16. 13 Dec, 2018 1 commit
  17. 01 Dec, 2018 1 commit
  18. 30 Nov, 2018 1 commit
  19. 29 Oct, 2018 1 commit
  20. 24 Oct, 2018 1 commit
  21. 23 Oct, 2018 1 commit
    • eileen's avatar
      Remove use of LOWER from mailing_name searches · b0f72207
      eileen authored
      This is already covered by the tess in CRM_Mailing_BAO_QueryTest::testSearch
      
      The main risk with these things is removing php strtolower
      & not mysql LOWER (the reverse still works). Here they are
      close together
      b0f72207
  22. 18 Oct, 2018 1 commit
  23. 16 Oct, 2018 1 commit
  24. 10 Oct, 2018 1 commit
    • eileen's avatar
      Fix order by on is_primary. · ab9703d1
      eileen authored
      As pointed out in mail#26 the order by is not the
      correct format for order_by and has no effect. I tested to make sure it was not
      some magic.
      
      I opted for (implict) ASC as the order by for non sms is ASC and further down
      processing seems to overwrite each row as it happens so primary later
      would overwrite earlier
      ab9703d1
  25. 09 Oct, 2018 1 commit
  26. 02 Oct, 2018 1 commit
  27. 27 Sep, 2018 1 commit
  28. 24 Sep, 2018 1 commit
  29. 27 Aug, 2018 1 commit
  30. 24 Aug, 2018 1 commit
  31. 13 Aug, 2018 1 commit
  32. 09 Aug, 2018 1 commit
  33. 07 Aug, 2018 1 commit
  34. 25 Jul, 2018 1 commit
  35. 18 Jul, 2018 1 commit
    • Sean Madsen's avatar
      security/core#14 Validate "context" inputs · edc80cda
      Sean Madsen authored
      When "context" is passed as a GET parameter, ensure that its values is
      a valid "Alphanumeric" type. This helps prevent XSS when the "context"
      value finds its way into templates that lack HTML output encoding.
      
      Replace...
      
          CRM_Utils_Request::retrieve\((['"])context\1,(\s*)(['"])String\3
      
      ...with...
      
          CRM_Utils_Request::retrieve\($1context$1,$3Alphanumeric$3
      
      Also search for the following and manually fix:
      
          \$_GET\[(['"])context\1\]
          \$_POST\[(['"])context\1\]
          \$_REQUEST\[(['"])context\1\]
      edc80cda
  36. 17 Jul, 2018 1 commit