Development issueshttps://lab.civicrm.org/groups/dev/-/issues2023-09-22T18:28:09Zhttps://lab.civicrm.org/dev/core/-/issues/4270CiviCRM Log File: Dates and Security2023-09-22T18:28:09ZAlanDixonCiviCRM Log File: Dates and SecurityOverview
----------------------------------------
The (text) log file generated by CiviCRM has three issues:
1. The risk of XSS (as described here: https://github.com/adixon/ca.civicrm.logviewer/issues/11)
2. The formatting of date/times...Overview
----------------------------------------
The (text) log file generated by CiviCRM has three issues:
1. The risk of XSS (as described here: https://github.com/adixon/ca.civicrm.logviewer/issues/11)
2. The formatting of date/times that are dependent on locale (as noted here: https://github.com/adixon/ca.civicrm.logviewer/pull/10)
3. The timezone of the date/time which is dependent on the source of the error but not specified in the output (i.e. the date time is of unknown and indeterminate timzeone).
Expected behaviour
----------------------------------------
1. I would expect the date/time of the error to be consistent and machine parseable and the timezone explicit.
2. I would expect the urls in the file to be XSS safe.
Comments
----------------------------------------
As per @bgm the log file date/times may be coming from a PEAR package.https://lab.civicrm.org/dev/financial/-/issues/215Incorrect membership status on payment failure2023-09-06T14:38:37ZMonish DebIncorrect membership status on payment failureOverview
----------------------------------------
If there is an active membership A and the user selects & renews for a different membership B, then on payment failure membership B retain the old membership status (current/new) instead ...Overview
----------------------------------------
If there is an active membership A and the user selects & renews for a different membership B, then on payment failure membership B retain the old membership status (current/new) instead of pending.
Reproduction steps
----------------------------------------
1. A user has active membership A
1. User made a live donation for membership B (that belongs to the same membership org)
1. Payment fails due to some reason.
Current behaviour
----------------------------------------
The user has an active membership B linked with a Pending (Incomplete transaction) contribution.
Expected behaviour
----------------------------------------
The membership status should be set to Pending
Environment information
----------------------------------------
* __Browser:__ _Firefox 59.0.1/Chrome 78.0.3904/Safari 13_
* __CiviCRM:__ _Master_
* __PHP:__ __8.0_
* __CMS:__ _Drupal 8_
* __Database:__ _MariaDB 10.4_
* __Web Server:__ _Apache 2.4_Monish DebMonish Debhttps://lab.civicrm.org/dev/core/-/issues/4267The dreaded afform scanner not found2023-05-01T08:02:42ZeileenThe dreaded afform scanner not foundFor some reason I thought we had gotten rid of this error but I just hit it on upgrading a live site (with warm caches) from php 5.60beta to 5.60.0
@totten can you remember the deal here - I think it's the cached container that causes t...For some reason I thought we had gotten rid of this error but I just hit it on upgrading a live site (with warm caches) from php 5.60beta to 5.60.0
@totten can you remember the deal here - I think it's the cached container that causes the problem?
[Error: Finish core DB updates 5.60.0]
Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException: "You have requested a non-existent service "afform_scanner"."
#0 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/vendor/symfony/dependency-injection/ContainerBuilder.php(600): Symfony\Component\DependencyInjection\ContainerBuilder->getDefinition()
#1 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/vendor/symfony/dependency-injection/ContainerBuilder.php(558): Symfony\Component\DependencyInjection\ContainerBuilder->doGet()
#2 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/Civi.php(175): Symfony\Component\DependencyInjection\ContainerBuilder->get()
#3 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/ext/afform/core/Civi/Api4/Action/Afform/Get.php(20): Civi::service()
#4 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/Civi/Api4/Generic/BasicGetAction.php(52): Civi\Api4\Action\Afform\Get->getRecords()
#5 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/Civi/Api4/Provider/ActionObjectProvider.php(72): Civi\Api4\Generic\BasicGetAction->_run()
#6 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/Civi/API/Kernel.php(158): Civi\Api4\Provider\ActionObjectProvider->invoke()
#7 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/Civi/Api4/Generic/AbstractAction.php(250): Civi\API\Kernel->runRequest()
#8 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/ext/afform/core/afform.php(591): Civi\Api4\Generic\AbstractAction->execute()
#9 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Utils/Hook.php(275): afform_civicrm_referenceCounts()
#10 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Utils/Hook/WordPress.php(136): CRM_Utils_Hook->runHooks()
#11 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/Civi/Core/CiviEventDispatcher.php(310): CRM_Utils_Hook_WordPress->invokeViaUF()
#12 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/vendor/symfony/event-dispatcher/EventDispatcher.php(251): Civi\Core\CiviEventDispatcher::delegateToUF()
#13 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/vendor/symfony/event-dispatcher/EventDispatcher.php(73): Symfony\Component\EventDispatcher\EventDispatcher->callListeners()
#14 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/Civi/Core/CiviEventDispatcher.php(260): Symfony\Component\EventDispatcher\EventDispatcher->dispatch()
#15 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Utils/Hook.php(167): Civi\Core\CiviEventDispatcher->dispatch()
#16 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Utils/Hook.php(821): CRM_Utils_Hook->invoke()
#17 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Core/DAO.php(2580): CRM_Utils_Hook::referenceCounts()
#18 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/Civi/Api4/Utils/CoreUtil.php(257): CRM_Core_DAO->getReferenceCounts()
#19 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Core/ManagedEntities.php(319): Civi\Api4\Utils\CoreUtil::getRefCount()
#20 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Core/ManagedEntities.php(149): CRM_Core_ManagedEntities->removeStaleEntity()
#21 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Core/ManagedEntities.php(113): CRM_Core_ManagedEntities->reconcileEntities()
#22 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Core/Invoke.php(417): CRM_Core_ManagedEntities->reconcile()
#23 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Upgrade/Form.php(799): CRM_Core_Invoke::rebuildMenuAndCaches()
#24 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Queue/Task.php(101): CRM_Upgrade_Form::doCoreFinish()
#25 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Queue/Runner.php(255): CRM_Queue_Task->run()
#26 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Queue/Page/AJAX.php(36): CRM_Queue_Runner->runNext()
#27 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Queue/ErrorPolicy.php(89): CRM_Queue_Page_AJAX::{closure}()
#28 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Queue/Page/AJAX.php(38): CRM_Queue_ErrorPolicy->call()
#29 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Core/Invoke.php(285): CRM_Queue_Page_AJAX::runNext()
#30 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Core/Invoke.php(69): CRM_Core_Invoke::runItem()
#31 /srv/www/mysite/wp-content/plugins/civicrm/civicrm/CRM/Core/Invoke.php(36): CRM_Core_Invoke::_invoke()
#32 /srv/www/mysite/wp-content/plugins/civicrm/civicrm.php(1199): CRM_Core_Invoke::invoke()
#33 /srv/www/mysite/wp-includes/class-wp-hook.php(307): CiviCRM_For_WordPress->invoke()
#34 /srv/www/mysite/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters()
#35 /srv/www/mysite/wp-includes/plugin.php(474): WP_Hook->do_action()
#36 /srv/www/mysite/wp-admin/admin.php(259): do_action()
#37 {main}https://lab.civicrm.org/dev/core/-/issues/4266Add hook to manipulate activity rows2023-05-01T08:00:13ZyashodhaAdd hook to manipulate activity rowsAdd hook to manipulate activity rowsAdd hook to manipulate activity rowsyashodhayashodhahttps://lab.civicrm.org/dev/core/-/issues/4265Checksum sent to Organization will not fill in "on behalf of" profile fields2023-11-23T07:47:01ZStoobChecksum sent to Organization will not fill in "on behalf of" profile fieldsScope the different [checksum token](https://docs.civicrm.org/user/en/latest/common-workflows/tokens-and-mail-merge/) behavior 'on behalf of' Org contribution page for
- an Individual related to an Organization https://civiteacher.com/c...Scope the different [checksum token](https://docs.civicrm.org/user/en/latest/common-workflows/tokens-and-mail-merge/) behavior 'on behalf of' Org contribution page for
- an Individual related to an Organization https://civiteacher.com/civicrm/contribute/transact?reset=1&id=9&cs=e8ecaad83d04439f381e4f2bf35d9322_1682576643_504&cid=102&mid=
- that Organization itself https://civiteacher.com/civicrm/contribute/transact?reset=1&id=9&cs=45ce7efc7d44ed07e8fd4097357ddc74_1682576099_504&cid=112&mid= with no contact info in org profile yet placing the org email in the individual email field
Should it not be the case that a checksum sent to an organization should fill out the 'on behalf of' section and leave the individual contact info blank to be filled out later? There are two good use cases where this may occur:
1. emails sent to the primary member organization _and_ the related contact individual(s) for maximum chance of renewal and/or in case contact person has quit
2. the organization primary member does not have a related contact indvidual at all. maybe it was entered incomplete or org imported without contact individual
But I cannot tell if it is a regression or if it has always been this way. @AllenShaw thoughts?https://lab.civicrm.org/dev/core/-/issues/4264SearchKit - can't filter by contribution ID2023-05-01T07:58:16ZeileenSearchKit - can't filter by contribution IDI can't just put contribution id into the WHERE cos it wants to find it...
![image](/uploads/2352f471b29d62632d07cf9f42a61aa8/image.png)
I found it like this
![image](/uploads/55aca8045c154588dc459bc6b8322f0b/image.png)I can't just put contribution id into the WHERE cos it wants to find it...
![image](/uploads/2352f471b29d62632d07cf9f42a61aa8/image.png)
I found it like this
![image](/uploads/55aca8045c154588dc459bc6b8322f0b/image.png)https://lab.civicrm.org/dev/core/-/issues/4261Membership Detail Report Date Recieved Value is Incorrect2023-05-01T07:55:40ZAlanDixonMembership Detail Report Date Recieved Value is IncorrectOverview
----------------------------------------
The Membership Detail report (CRM_Report_Form_Member_Detail) reports about the oldest contribution when there are multiple contributions associated with a membership.
Current behaviour
-...Overview
----------------------------------------
The Membership Detail report (CRM_Report_Form_Member_Detail) reports about the oldest contribution when there are multiple contributions associated with a membership.
Current behaviour
----------------------------------------
The sql that selects the contribution associated with the membership uses a simple left join which will select the oldest contribution towards that membership (or at least, the one with the lowest id, which is usually the oldest one).
That contribution information is not as useful as the most recent contribution associated with a membership.
Expected behaviour
----------------------------------------
I would expect to be reporting on the most recent contribution associated with a membership!
Comments
----------------------------------------
Here's where the SQL is getting added:
https://github.com/civicrm/civicrm-core/blob/d4780a599def82852c30bb0475f2e34370932683/CRM/Report/Form/Member/Detail.php#L296
PR forthcoming.https://lab.civicrm.org/dev/joomla/-/issues/50Dead code files in civicrm-joomla repo?2023-05-15T08:02:24ZAllenShawDead code files in civicrm-joomla repo?CiviCRM / Joomla / PHP 8 seems to be a viable combination (per some quick testing, and comments from @seamuslee and @nicol in https://lab.civicrm.org/dev/joomla/-/issues/43).
Yet several files in the civicrm-joomla repo contain syntax e...CiviCRM / Joomla / PHP 8 seems to be a viable combination (per some quick testing, and comments from @seamuslee and @nicol in https://lab.civicrm.org/dev/joomla/-/issues/43).
Yet several files in the civicrm-joomla repo contain syntax errors under PHP 8, specifically (in line 53, and other lines) in these files:
- https://github.com/civicrm/civicrm-joomla/blob/master/site/views/Events/tmpl/default.php#L53
- https://github.com/civicrm/civicrm-joomla/blob/master/site/views/Events/tmpl/register.php#L53
- https://github.com/civicrm/civicrm-joomla/blob/master/site/views/Profiles/tmpl/default.php#L53
So: I'm not sure if the above files are just dead code (i.e. they never run), or if they need to be cleaned up for proper PHP 8 support.https://lab.civicrm.org/dev/core/-/issues/4257Allow editing of payment method on contribution edit form when no payments ar...2023-05-30T22:23:24ZlarsssandergreenAllow editing of payment method on contribution edit form when no payments are associatedCurrently, the contribution edit form does not allow editing of the payment method for a pending contribution. This may be useful for users, for example if someone fills out a contribution page with pay later and so their contribution pa...Currently, the contribution edit form does not allow editing of the payment method for a pending contribution. This may be useful for users, for example if someone fills out a contribution page with pay later and so their contribution payment method is set to check, but they will actually pay with an etransfer and we want to note this. It is also potentially confusing because the user can mark the payment as completed and record the payment two ways, by clicking Record Payment or by changing the status to completed, but only the first of these allows the user to change the payment method.
I think we can safely allow editing of the payment method when there are no payments associated with a contribution.https://lab.civicrm.org/dev/core/-/issues/4256SearchKit: Does not list activities correctly on Contact Summary2023-06-30T10:16:22ZKurund JalmiSearchKit: Does not list activities correctly on Contact SummaryCreate a SK display to replace existing Activity tab.
![Screenshot_from_2023-04-22_17-46-25](/uploads/682c4d5e851ddcde05a825a286be6435/Screenshot_from_2023-04-22_17-46-25.png)
Activity Tab (SK) does not display activities.
![Screenshot...Create a SK display to replace existing Activity tab.
![Screenshot_from_2023-04-22_17-46-25](/uploads/682c4d5e851ddcde05a825a286be6435/Screenshot_from_2023-04-22_17-46-25.png)
Activity Tab (SK) does not display activities.
![Screenshot_from_2023-04-22_17-48-50](/uploads/28ef32556946fcc40b959a1fc507940e/Screenshot_from_2023-04-22_17-48-50.png)
Here is default Activity Tab
![Screenshot_from_2023-04-22_17-48-27](/uploads/5a7bb144c255c7461fa18eca54908eb8/Screenshot_from_2023-04-22_17-48-27.png)
I am checking this on master.https://lab.civicrm.org/dev/core/-/issues/4255AdminUI breadcrumb links are confusing and unhelpful2023-05-02T07:14:25ZlarsssandergreenAdminUI breadcrumb links are confusing and unhelpfulOverview
----------------------------------------
The breadcrumb links for AdminUI pages are incorrect and confusing for users.
Current behaviour
----------------------------------------
For example for profile fields, the breadcrumb li...Overview
----------------------------------------
The breadcrumb links for AdminUI pages are incorrect and confusing for users.
Current behaviour
----------------------------------------
For example for profile fields, the breadcrumb links are:
`Home › CiviCRM › Admin › FormBuilder › Edit Form › Profile Fields`
If a user clicks the breadcrumb link for Profile Fields, they get all profile fields for all profiles, not just the profile fields for their profile. They also cannot go back to the main profiles page or the settings for the profile they are editing the fields for.
This is the same for custom fields and other AdminUI pages.
Expected behaviour
----------------------------------------
The breadcrumb links should be:
`Home › CiviCRM › Admin › Profiles › PROFILENAME › Profile Fields`
Clicking the breadcrumb links should lead to the expected pages.
Environment information
----------------------------------------
dmasterhttps://lab.civicrm.org/dev/core/-/issues/4253cURL error when trying to update action-provider, data processor or CiviRules...2024-01-21T12:44:06ZMariaVcURL error when trying to update action-provider, data processor or CiviRules via UIOverview
----------------------------------------
When trying to update action provider or data processor via UI the following error occurs:
`(cURL error 28: Operation timed out after 5000 milliseconds with 142514 out of 408357 bytes rec...Overview
----------------------------------------
When trying to update action provider or data processor via UI the following error occurs:
`(cURL error 28: Operation timed out after 5000 milliseconds with 142514 out of 408357 bytes received (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)`
Reproduction steps
----------------------------------------
1. Click on _Extensions_
2. Upgrade action-provider or data processor or CiviRules
3. Error (see above)
Current behaviour
----------------------------------------
Using wget via terminal the download for action provider takes 15 seconds.
Data processor download takes 1m 52s via wget.
It seems that lab.civicrm.org is quite slow.
Expected behaviour
----------------------------------------
Successful Update via UI
Possible solution: time out increasehttps://lab.civicrm.org/dev/core/-/issues/4252Add a filter to mailing search/report to check if the mailing is mosaico or t...2023-05-01T07:38:30ZyashodhaAdd a filter to mailing search/report to check if the mailing is mosaico or traditionalAdd a filter to mailing search/report to check if the mailing is mosaico or traditional.
It might be useful to indicate the same next to result of mailing search -draft mailings, sent mailings.Add a filter to mailing search/report to check if the mailing is mosaico or traditional.
It might be useful to indicate the same next to result of mailing search -draft mailings, sent mailings.yashodhayashodhahttps://lab.civicrm.org/dev/core/-/issues/4251Track Contact `image_URL` files in the `civicrm_file` table2024-01-02T21:02:33ZcolemanwTrack Contact `image_URL` files in the `civicrm_file` table# History
**Note: CiviCRM is a large, old project with many contributors, which makes "big picture" perspectives cumbersome to gather. Often a contributor simply wants to fix a bug or add a small feature, not dive into decades-long hist...# History
**Note: CiviCRM is a large, old project with many contributors, which makes "big picture" perspectives cumbersome to gather. Often a contributor simply wants to fix a bug or add a small feature, not dive into decades-long history and contemplate massive refactoring. The story of the `civicrm_contact.image_URL` field is a microcosm of the complicated world of CiviCRM.**
- The `civicrm_contact.image_URL` field (added v1.1) predates the `civicrm_file` table (added v1.5), which may explain why it was originally designed as a simple textfield with no file-management. It is a simple varchar and can store the url to any image file on the web.
- Originally, the UI allowed contact image files to be uploaded to a publicly-readable directory on the webserver, and `image_URL` stored an absolute url to that file.
- In 2014, [security hardening](https://issues.civicrm.org/jira/browse/CRM-14499) led to the addition of an `.htaccess` rule which blocked the contents of that directory from public visibility.
- This accidentally broke contact images, leading to [a rushed fix](https://github.com/civicrm/civicrm-core/pull/3058) which created `CRM_Contact_Page_ImageFile` at `civicrm/contact/imagefile`. This path allows open access to all contact images, but not other files, by querying `civicrm_contact.image_URL` for a matching filename before outputting the contents. An upgrade script rewrote all local `image_URL` fields to point to this path, using an absolute URL. This solution works but is very slow on big databases due to the unindexed query.
- During this rushed fix, it doesn't appear that consideration was given to html escaping of `&` characters. The default behavior of `CRM_Utils_System::url` is to escape `&` to `&` which is (IMHO) a bad default and certainly a poor choice for storing url strings in the database, but it was the default and no one changed it, and then Tim inadvertently cemented it with 065034510d48b722844b2007f8016ea644bd0cbd so now in order to safely read the urls you must pass them through the aptly-named `CRM_Utils_String::unstupifyUrl()` function.
- In 2016 there was an [attempt to fix the absolute URL and performance issues](https://github.com/civicrm/civicrm-core/pull/9237) which updated all the `image_URL` fields to relative paths.
- But this would have broken Drupal Views and other tools that rely on the convenience of querying the field from the db and outputting the url directly (in the future, SearchKit would rely on this too).
- A [compromise solution was reached](https://github.com/civicrm/civicrm-core/pull/9241) which rewrites the url at runtime on Civi pages. A `image_URL` like `http://wp.demo/civicrm/contact/imagefile/?photo=abc.jpeg` would get rewritten to `http://wp.demo/civicrm/file?reset=1&filename=abc.jpeg&mime-type=image/jpeg`. For reasons not entirely clear, this goes through a different internal path (`civicrm/file` instead of `civicrm/contact/imagefile`).
- In 2019, thinking it was unused, [Eileen removed support](https://github.com/civicrm/civicrm-core/commit/2762985c11e01ede473d86a33af279bc341f9a46) for passing `filename=` into the `civicrm/file` path, since that endpoint is typically supplied with a file id from the `civicrm_file` table plus a security hash.
- This accidentally broke contact images, leading to [a rushed fix](https://github.com/civicrm/civicrm-core/pull/13663) which added back the ability to get files by name from the `civicrm/file` path (since contact images are not tracked in `civicrm_file` and don't have an `id`). With the benefit of the history laid out above, a better fix might have been to switch to using the `civicrm/contact/imagefile` path and keep the `civicrm/file` path secure.
- In 2021 [I proposed adding](https://lab.civicrm.org/dev/core/-/issues/2755) an `image_file_id` FK field to the `civicrm_contact` table to track uploaded files. This proposal was met with approval, but when I recently tried to implement it I realized that the `civicrm_file` table already has an FK to `civicrm_contact` and circular references are not allowed.
- In 2023 [an option group was added](https://github.com/civicrm/civicrm-core/pull/25904) for the previously unused column `civicrm_file.file_type_id`. One possible use for that field would be to designate a file type of `"contact_image"`.
# Current Situation
The `civicrm_contact.image_URL` field can still store any url string pointing to a file on or off the server. It could point to any image on the internet, and would work fine. But if it's a file uploaded via the Civi UI, it will be an absolute link pointing to the `civicrm/contact/imagefile` path with a `photo=filename` argument. If CiviCRM recognizes this pattern it will rewrite it on core pages to the other path at `civicrm/file`, otherwise it will leave it alone.
For the confused, yes contact images are accessible at two paths, and neither is a direct link to the file on disk:
| Path | `civicrm/contact/imagefile` | `civicrm/file` |
| ------ | ------ | ------ |
| Class | `CRM_Contact_Page_ImageFile` | `CRM_Core_Page_File` |
| Permission | _none_ | "access uploaded files" |
| Args | `photo` | `filename`, `mime-type` |
| Uses | Stored in `image_URL` field as absolute URL. Output by Views & SearchKit | `image_URL` rewritten to this path on Civi pages for logged-in users |
**This situation leads to the following quirks and problems**
1. The absolute url to `civicrm/contact/imagefile` works great in Views and SearchKit... as long as the site name never changes! Otherwise, absolute URLs are a pain.
2. The url is still stored with html-escaped `&` characters that must be unstupified.
3. Anyone can access a contact image via the 1st path if they know the filename, however, the 2nd has a permission check which means logged-in users without "access uploaded files" cannot see contact images even though anonymous users can!
4. The security hash usually required by `civicrm/file` can be circumvented if you know the filename and mime-type. But the risk is mitigated by that path requiring "access uploaded files" permission.
5. There is still no file-management of contact images. Deleting a contact does not delete their image file. Deleting or changing a contact image also doesn't delete the old one.
# Proposal for File Management
1. Stop using `civicrm/file` for all contact images and [restore the patch to remove support for `filename`](https://github.com/civicrm/civicrm-core/commit/2762985c11e01ede473d86a33af279bc341f9a46).
2. Include `cid` as an argument to `civicrm/contact/imagefile` (and update stored paths accordingly) to fix the unindexed query. Also add `is_deleted = 0` to the query.
3. Add an option_value `"contact_image"` to the option group for `civicrm_file.file_type_id`.
4. When uploading a new contact image, create a record in `civicrm_file` table, and designate it `file_type_id` = `"contact_image"`.
5. Also create a record in `civicrm_entity_file` for contact images.
6. Add a virtual APIv4 field for the contact entity `image_file_id` which would allow getting/setting the file id. When setting a new file id, regenerate the `image_URL` with a post hook.
# Thoughts on Absolute URLs
All of these changes would result in better file management, but still doesn't solve the absolute url issue. This is tricky to solve because Views and SearchKit still rely on being able to output the image url directly from a query. Here are a few ideas for that one:
1. Bite the bullet and update all `image_URL` fields pointing to a local file to use a relative URL. SearchKit will still work. Views and other SQL-based tools will still work unless embedded on a remote site. Random offsite images will be unaffected.
2. Keep `image_URL` absolute but add an APIv4 virtual field like `Contact.image` which calculates the url at runtime. This satisfies moree use-cases but at the expense of adding complexity to an already overcomplicated situation.https://lab.civicrm.org/dev/core/-/issues/4250Expose the mailing/mosaico template when viewing mailing report2023-06-19T23:42:32ZyashodhaExpose the mailing/mosaico template when viewing mailing reportCurrently, we don't show which mosaico template was used for a mailing in mailing reports.
It could be helpful as sometimes the template could be deleted and when the same mailing is re-used then mosaico is broken in the copied mailing....Currently, we don't show which mosaico template was used for a mailing in mailing reports.
It could be helpful as sometimes the template could be deleted and when the same mailing is re-used then mosaico is broken in the copied mailing. We could show name/id and deleted if not present.https://lab.civicrm.org/dev/core/-/issues/4246FormBuilder Recaptcha ignored in CiviCase Form2023-04-20T06:54:55ZshaneonabikeFormBuilder Recaptcha ignored in CiviCase FormOverview
----------------------------------------
When creating a Afform CiviCase form volunteer form it seems to ignore whether the actual Recaptcha is completed. There is an error being thrown in the logs, but the form continues and i...Overview
----------------------------------------
When creating a Afform CiviCase form volunteer form it seems to ignore whether the actual Recaptcha is completed. There is an error being thrown in the logs, but the form continues and is redrected to the Post-Submit page.
+ Create a Form with Individual and Case
+ Add Custom Fields associated to Individual and set Autofill on Current User
+ Set Case Type to ```Volunteer Application``` and Status ```New Request```
+ Set permissions on Case to ```Open Access``` and ```Create```
+ Set permissions on Individual to ```Open Access``` and ```Create and Update```
+ No deduping
Here's the actual Markup I have
```html
<af-form ctrl="afform">
<af-entity data="{contact_type: 'Individual', source: 'Volunteer Application'}" type="Contact" name="Individual1" label="Individual 1" actions="{create: true, update: true}" security="FBAC" autofill="user" contact-dedupe="" />
<af-entity data="{contact_id: 'Individual1', case_type_id: '3', subject: 'Request Form - Volunteer Application', status_id: '4'}" actions="{create: true, update: false}" type="Case" name="Case1" label="Case 1" security="FBAC" />
<div class="af-markup">
<p>If you don't have the necessary documents or would like to know more about any of our policies or processes, please contact the office.</p>
</div>
<fieldset af-fieldset="Individual1" class="af-container" af-title="Your details">
<div class="af-container af-layout-cols">
<af-field name="first_name" defn="{required: true, input_attrs: {}}" />
<af-field name="last_name" defn="{required: true, input_attrs: {}}" />
</div>
<fieldset af-join="Email">
<div class="af-container af-layout-cols">
<af-field name="email" />
<af-field name="location_type_id" />
<af-field name="is_primary" defn="{afform_default: '1'}" />
</div>
</fieldset>
<div af-join="Phone" af-repeat="Add" min="2" max="2">
<fieldset class="af-container af-layout-inline">
<af-field name="phone" defn="{required: false, input_attrs: {}}" />
<af-field name="location_type_id" defn="{required: false, input_attrs: {}}" />
<af-field name="phone_type_id" />
</fieldset>
</div>
<div af-join="Address">
<div class="af-container">
<af-field name="street_address" />
</div>
<div class="af-container af-layout-cols">
<af-field name="city" />
<af-field name="state_province_id" />
<af-field name="country_id" />
<af-field name="postal_code" />
<af-field name="location_type_id" defn="{label: 'Address Location', input_attrs: {}, required: false}" />
</div>
</div>
<div class="af-container af-layout-cols" af-title="Your interests and skills">
<af-field name="Volunteer_Details.Interests" defn="{label: 'Interests', required: true}" />
<af-field name="Volunteer_Details.Your_Skills" defn="{label: 'Abilities / Skills / Experience', required: true}" />
</div>
<div id="check" class="af-container" af-title="Police Information Check (PIC) is required for this position">
<div class="af-markup">
<p>markup</p>
</div>
<af-field name="Volunteer_Details.Police_Check" defn="{label: false}" />
</div>
<div id="driver" class="af-container af-layout-cols" af-title="Additional Required Information">
<af-field name="Volunteer_Details.Driver_s_License" defn="{label: 'Your Driver\'s License'}" />
<af-field name="Volunteer_Details.Driver_Insurance" defn="{label: 'Your Car Insurance'}" />
</div>
<div class="af-container" af-title="Availability">
<af-field name="Availability.Days_of_Week" defn="{required: true, label: 'Available Days of Week'}" />
<div class="af-container">
<af-field name="Availability.Location_willing_to_volunteer" defn="{required: true, label: 'What location are you willing to volunteer at?'}" />
<af-field name="Availability.Choose_a_depot" defn="{input_attrs: {autoOpen: true}, label: 'Choose a depot that you are hoping to volunteer at', required: true, saved_search: 'All_Depots', security: 'FBAC'}" />
</div>
<div id="outreach" af-join="Custom_Outreach">
<af-field name="How_did_you_hear_about_us_" defn="{label: 'How did you hear about us?', help_pre: 'Let us know how you heard about us.', help_post: null}" />
</div>
<div class="af-container" af-title="Privacy of our Members">
<af-field name="Volunteer_Details.Consent_to_confidentiality_of_member_and_organizational_informat" defn="{label: 'Do you consent to maintaining the confidentiality of members and organizational information?', required: true}" />
</div>
</div>
</fieldset>
<fieldset af-fieldset="Case1" class="af-container">
<af-field name="details" defn="{label: 'Tell us a little bit about yourself'}" />
<crm-recaptcha2></crm-recaptcha2>
<button class="af-button btn btn-primary" crm-icon="fa-check" ng-click="afform.submit()">Send Application</button>
</fieldset>
</af-form>
```
I don't think that this is a related problem to configuration of ```AuthX```, but if you need a screenshot of the permissions I set I can do that too.
Current behaviour
----------------------------------------
The submission goes directly to the Post-Submit page, and no actual entry is made for CiviCase.
The logs produce
```php
Apr 18 11:20:49 [debug] AJAX Error ({error_id}): failed with exception
Array
(
[error_id] => uJNn-04Ej-YDUq
[exception] => CRM_Core_Exception: "Validation Error"
#0 /var/aegir/platforms/wordpress/wp-content/plugins/civicrm/civicrm/ext/afform/core/Civi/Api4/Action/Afform/AbstractProcessor.php(74): Civi\Api4\Action\Afform\Submit->processForm()
#1 /var/aegir/platforms/wordpress/wp-content/plugins/civicrm/civicrm/Civi/Api4/Provider/ActionObjectProvider.php(72): Civi\Api4\Action\Afform\AbstractProcessor->_run()
#2 /var/aegir/platforms/wordpress/wp-content/plugins/civicrm/civicrm/Civi/API/Kernel.php(158): Civi\Api4\Provider\ActionObjectProvider->invoke()
#3 /var/aegir/platforms/wordpress/wp-content/plugins/civicrm/civicrm/Civi/Api4/Generic/AbstractAction.php(250): Civi\API\Kernel->runRequest()
#4 /var/aegir/platforms/wordpress/wp-content/plugins/civicrm/civicrm/api/api.php(85): Civi\Api4\Generic\AbstractAction->execute()
#5 /var/aegir/platforms/wordpress/wp-content/plugins/civicrm/civicrm/CRM/Api4/Page/AJAX.php(138): civicrm_api4()
#6 /var/aegir/platforms/wordpress/wp-content/plugins/civicrm/civicrm/CRM/Api4/Page/AJAX.php(79): CRM_Api4_Page_AJAX->execute()
#7 /var/aegir/platforms/wordpress/wp-content/plugins/civicrm/civicrm/CRM/Core/Invoke.php(319): CRM_Api4_Page_AJAX->run()
#8 /var/aegir/platforms/wordpress/wp-content/plugins/civicrm/civicrm/CRM/Core/Invoke.php(69): CRM_Core_Invoke::runItem()
#9 /var/aegir/platforms/wordpress/wp-content/plugins/civicrm/civicrm/CRM/Core/Invoke.php(36): CRM_Core_Invoke::_invoke()
#10 /var/aegir/platforms/wordpress/wp-content/plugins/civicrm/civicrm.php(1199): CRM_Core_Invoke::invoke()
#11 /var/aegir/platforms/wordpress/wp-includes/class-wp-hook.php(308): CiviCRM_For_WordPress->invoke()
#12 /var/aegir/platforms/wordpress/wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters()
#13 /var/aegir/platforms/wordpress/wp-includes/plugin.php(565): WP_Hook->do_action()
#14 /var/aegir/platforms/wordpress/wp-includes/class-wp.php(797): do_action_ref_array()
#15 /var/aegir/platforms/wordpress/wp-includes/functions.php(1334): WP->main()
#16 /var/aegir/platforms/wordpress/wp-blog-header.php(16): wp()
#17 /var/aegir/platforms/wordpress/index.php(17): require("/var/aegir/platforms/wordpress/wp-blog-header.php")
#18 {main}
)
```
Expected behaviour
----------------------------------------
The form would not allow me to passthrough and would display an error message.https://lab.civicrm.org/dev/core/-/issues/4245FormBuilder/SearchKit: add 'enabled' field2023-04-20T06:55:21Zaydunsaidan.saunders@squiffle.ukFormBuilder/SearchKit: add 'enabled' fieldOverview
----------------------------------------
Suggestion: add an 'enabled' field for both Searches and Forms (maybe Segments and related entities as well).
Why?: quite often I clone something, make some changes, switch to that - but...Overview
----------------------------------------
Suggestion: add an 'enabled' field for both Searches and Forms (maybe Segments and related entities as well).
Why?: quite often I clone something, make some changes, switch to that - but don't want to delete the original yet until I'm sure I don't want to revert to it. Marking it as 'not enabled' helps search & form management particularly as the numbers increase.https://lab.civicrm.org/dev/core/-/issues/4244"Invoice.pdf" filename not translatable2023-04-18T06:49:02Zmmyriam"Invoice.pdf" filename not translatableWhen "Automatically email invoice when user purchases online" is enabled in CiviContribute Component Settings a pdf invoice is sent to the user who makes an online contribution.
The attached invoice's filename is not translated/translat...When "Automatically email invoice when user purchases online" is enabled in CiviContribute Component Settings a pdf invoice is sent to the user who makes an online contribution.
The attached invoice's filename is not translated/translatable from Invoice.pdf because it is hardcoded:
https://github.com/civicrm/civicrm-core/blob/master/CRM/Contribute/Form/Task/Invoice.php#L613
```
public static function putFile($html, $name = 'Invoice.pdf', $format = NULL) {
return CRM_Utils_Mail::appendPDF($name, $html, $format)['fullPath'] ?? '';
}
```
The `putFile` function allows for a filename for when the invoice is sent by an admin from the contribution record.
In that case the invoice gets its name from the contribution invoice number which is created using the invoice prefix configured in CiviContribute Component Settings: https://github.com/civicrm/civicrm-core/blob/master/CRM/Contribute/Form/Task/Invoice.php#L434
Reproduction steps
----------------------------------------
1. Enable "Automatically email invoice when user purchases online" in CiviContribute Component Settings
1. Make an online contribution on a contribution form
* where the receipt is enabled
* in a different language than English
1. Receive an email with Invoice.pdf attachedhttps://lab.civicrm.org/dev/core/-/issues/4243Support APCu with apcu_* functions2023-04-18T17:34:00ZherbdoolSupport APCu with apcu_* functionsAPC and APCu is supported according to https://docs.civicrm.org/sysadmin/en/latest/setup/cache/#config-ref but it currently only supports `apc_*` functions which are ~~backwards-compatible with~~ _not compatible_ with APC. ~~But some set...APC and APCu is supported according to https://docs.civicrm.org/sysadmin/en/latest/setup/cache/#config-ref but it currently only supports `apc_*` functions which are ~~backwards-compatible with~~ _not compatible_ with APC. ~~But some setups may only have the newer `apcu_*` functions so the class should try both functions.~~ APCu only has `apcu_*` functions, but still uses `apc.` for the configuration.
UPDATE: discovered there are some differences between the two in how they handle things, which isn't surprising. So depending on how much they differ, may require different classes.https://lab.civicrm.org/dev/core/-/issues/4241Refresh custom fields names in "Reuse an existing set"2023-04-18T06:50:39ZkristinecRefresh custom fields names in "Reuse an existing set"Overview
----------------------------------------
When adding a new custom field and selecting "reuse an existing set" of custom fields, the dropdown list for some of the multiple choice option sets do not pick up the custom field set na...Overview
----------------------------------------
When adding a new custom field and selecting "reuse an existing set" of custom fields, the dropdown list for some of the multiple choice option sets do not pick up the custom field set names. For example, you have a multiple choice question called "Educational Status" in Custom Field Set A and the same name "Educational Status" in Custom Field B.
Current behaviour
----------------------------------------
In CiviCRM 5.59, the custom field set labeling are missing for some old custom fields (made before a certain Civi update?).
![Screenshot_2023-04-15_111421](/uploads/dc83d16e1c6fcf8a2e9cce1961260909/Screenshot_2023-04-15_111421.png)
Proposed behaviour
----------------------------------------
The word "refresh" or "reset" the dropdown list probably isn't the right word. But the expected behavior should appear as:
Custom Field Set A:: Educational Status
Custom Field Set B:: Educational Status
P.S. And yes, technically if the options in "Educational Status" are exactly the same, this field set should have been shared rather than exist in two separate custom field sets.