Development issueshttps://lab.civicrm.org/groups/dev/-/issues2023-05-24T06:21:51Zhttps://lab.civicrm.org/dev/core/-/issues/2435Save fields button on export screen is not permissioned2023-05-24T06:21:51ZandyburnsSave fields button on export screen is not permissionedI cannot find in the code where the _Save Fields_ button is and therefore what permission is needed to save export mappings.
![image](/uploads/e9be7ed19215554edc7e6397dde46518/image.png)
Currently there is no core permission on who ca...I cannot find in the code where the _Save Fields_ button is and therefore what permission is needed to save export mappings.
![image](/uploads/e9be7ed19215554edc7e6397dde46518/image.png)
Currently there is no core permission on who can export. There is [this extension](https://github.com/progressivetech/net.ourpowerbase.exportpermission/blob/master/README.md) that hides the seach action of export but does not effect the actual export mappings screen.
Currently, non-admins try to save a field mapping and it just spins causing user confusion. What permission is currently needed to save field mappings? I think the logical solution is to get a permission added on saving field mappings button so users that don't have that permission do not see it.https://lab.civicrm.org/dev/core/-/issues/4292Add validation to verify html body content for empty text/ only image in mailing2023-05-24T06:23:56ZyashodhaAdd validation to verify html body content for empty text/ only image in mailingAdd validation to verify html body content for empty text (if img are used) and show the error accordingly.Add validation to verify html body content for empty text (if img are used) and show the error accordingly.yashodhayashodhahttps://lab.civicrm.org/dev/core/-/issues/4301FormBuilder: Allow placeholder text to be configured2023-05-24T06:34:31Zaydunsaidan.saunders@squiffle.ukFormBuilder: Allow placeholder text to be configuredIt would be nice to be able to specify placeholder text on form fields such as filters.It would be nice to be able to specify placeholder text on form fields such as filters.https://lab.civicrm.org/dev/core/-/issues/4304getUFLocale() is not setting the proper locale2023-05-24T06:37:15ZshaneonabikegetUFLocale() is not setting the proper locale## Overview
Presently, the function ```getUFLocale()``` obtains the interface language for Wordpress with integration with WPML. The present formula is using incorrect ```apply_filters``` to generate the wrong locale for front-endusers....## Overview
Presently, the function ```getUFLocale()``` obtains the interface language for Wordpress with integration with WPML. The present formula is using incorrect ```apply_filters``` to generate the wrong locale for front-endusers.
This was discovered while working validating the pull request [#289](https://github.com/civicrm/civicrm-wordpress/pull/289) for better WPML integration for front-end users.
## What should happen
The link should be generated in the language that the current user has set.
## What is the problem
```php
// Maybe override with the locale that WPML reports.
elseif (defined('ICL_LANGUAGE_CODE')) {
$languages = apply_filters('wpml_active_languages', NULL);
foreach ($languages as $language) {
if ($language['active']) {
$locale = $language['default_locale'];
break;
}
}
}
```
According to the docs, ```apply_filters('wpml_active_languages', NULL)``` only retrieves a list of languages, but this has no bearing on the user's current language. The value ```$language['active']``` refers to whether the language is active or not. In my case, I have seen this reported as _false_ in some cases where languages are active - go figure :shrug: .
So we need to use ```apply_filters('wpml_current_language')``` [to obtain](https://wpml.org/wpml-hook/wpml_current_language/) the users front-end language.
I'll post a patch for this and link it to this one.
cc @kcristianohttps://lab.civicrm.org/dev/core/-/issues/4276Using profile in create mode with dedupe rule allows for leaking of private i...2023-05-24T06:51:10ZlarsssandergreenUsing profile in create mode with dedupe rule allows for leaking of private informationOverview
----------------------------------------
An anonymous user filling in a profile who leaves fields blank in create mode with deduping enabled will be shown the existing values for those fields if a duplicate is found. So if you h...Overview
----------------------------------------
An anonymous user filling in a profile who leaves fields blank in create mode with deduping enabled will be shown the existing values for those fields if a duplicate is found. So if you have an unsupervised dedupe rule of email only, then anyone can enter a contact's email and leave the remaining fields blank. They will shown existing data for that contact for fields that appear on the profile. This creates the potential to leak private information to anyone who knows minimal information about a contact and potentially could be used maliciously to expose data.
Reproduction steps
----------------------------------------
1. Create a profile that includes the fields in the your unsupervised dedupe rule, plus any other fields desired.
1. Use the profile in create mode anonymously, filling in only the fields required to match to an existing contact and leaving the other fields empty.
1. After submitting the profile, you are shown all the data for the fields left blank for that existing contact.
Current behaviour
----------------------------------------
Profile fields that are submitted blank are shown with existing data on the profile confirmation screen.
Additionally, the confirmation page URL contains both the contact id and checksum for the matched contact, which could be used to access other profiles or forms, exposing additional data.
Expected behaviour
----------------------------------------
All profile fields should be shown exactly as submitted on the profile confirmation screen.
The confirmation page URL should not show the contact id and checksum for the matched contact.
Comments
----------------------------------------
Have marked this confidential, since there is a potential for malicious use.https://lab.civicrm.org/dev/core/-/issues/4285Changing participant status should not add an Event Registration activity2023-05-24T06:53:21ZlarsssandergreenChanging participant status should not add an Event Registration activityIf you change a participant status, for example from Registered to Attended, an activity of type Event Registration is added with subject Event Name - Role - Status. It isn't an event registration, so the activity type should probably be...If you change a participant status, for example from Registered to Attended, an activity of type Event Registration is added with subject Event Name - Role - Status. It isn't an event registration, so the activity type should probably be Change Registration, but I'm not sure we want an activity recorded at all. Is this useful or does it just make the Activities tab less useful by filling it up with unimportant details?
For comparison, we don't record an activity for a change in contribution status, but we do record an activity for a change in membership status. This seems reasonable and the change in participant status seems more like a change in contribution status.
If someone cancels through the self service / Transfer or Cancel mechanism, a separate cancellation activity is recorded (so you end up with two activities for the cancellation).
My proposal is to not record an activity on participant status change, except through the self service mechanism.
If people feel like some of those activities are useful, maybe we could only record activities for changes to or to and from cancelled and transferred status. These should be Change Registration type activities and the separate activity from the self service mechanism would have to be removed so there is no duplication.https://lab.civicrm.org/dev/drupal/-/issues/187Installing drupal/fontawesome causes CiviCRM to freeze the browser.2023-05-24T06:53:44Zdarren.woodsInstalling drupal/fontawesome causes CiviCRM to freeze the browser.Install vanilla Drupal 9 via composer.
Installed CiviCRM via composer according to docs.
Installed the Fontawesome module: composer require 'drupal/fontawesome:^2.25'
Loading any CiviCRM paths /civicrm/admin causes the browser to enter...Install vanilla Drupal 9 via composer.
Installed CiviCRM via composer according to docs.
Installed the Fontawesome module: composer require 'drupal/fontawesome:^2.25'
Loading any CiviCRM paths /civicrm/admin causes the browser to enter an infinite loop once the DOM is loaded.
Tracked it down to all.js from Fontawesome.
Removing Fontawesome module resolves it: composer remove 'drupal/fontawesome'
Could this be related to the civicrm asset plugin?
Before the browser freezes, I can see there are two icons for each admin menu option.
We would dearly love to use fa icons in our Drupal theme :pray:https://lab.civicrm.org/dev/core/-/issues/2163log_date is missing on logging detail report2023-05-26T16:05:01ZDaveDlog_date is missing on logging detail report1. Turn on logging at Admin - System Settings - Misc.
2. Update a contact.
3. Go to the logging summary civireport.
4. Click on "Update" in the row for your update.
5. At the top of the detail report it will say something like `Change to...1. Turn on logging at Admin - System Settings - Misc.
2. Update a contact.
3. Go to the logging summary civireport.
4. Click on "Update" in the row for your update.
5. At the top of the detail report it will say something like `Change to blah made by somebody on :`
6. It's supposed to show the modified date at the end.
It's coming from [this check](https://github.com/civicrm/civicrm-core/blob/4d660b8e1e6ac980a06b096fbc4cde1e1666e0b9/CRM/Report/Form/Contact/LoggingSummary.php#L193) which decides the log date isn't needed. The comment when that check was added says it can make the report less accurate because of some older data that used to be the way things were logged. So I'm hesitant to just remove that check.
Some other options include passing it but with a different name, and then in the detail report know that that new name is just used in intro text. Or looking it up in the detail report.
TBD.
@VangelisP just FYI.https://lab.civicrm.org/dev/core/-/issues/2157Array to string conversion in DB_DataObject when doing on behalf of and no st...2023-05-26T16:13:04ZDaveDArray to string conversion in DB_DataObject when doing on behalf of and no state/provinceIf you submit a contribution on behalf of an org and leave the state/province blank, you get `Notice: Array to string conversion in DB_DataObject->_build_condition() (line 2903 of .../web/sites/all/modules/civicrm/packages/DB/DataObject....If you submit a contribution on behalf of an org and leave the state/province blank, you get `Notice: Array to string conversion in DB_DataObject->_build_condition() (line 2903 of .../web/sites/all/modules/civicrm/packages/DB/DataObject.php)`
(At the moment to see this you need to make the field not required on the profile, but it happens either way it's just there's currently a separate issue when the field is required and the country has no state/provinces.)
What happens is that at that code line `$this->name` and `$this->abbreviation` contain a big long list of numbers and letters, including, oddly, the strings "_A", "_B", "_C", etc, but ONLY up to "_P".https://lab.civicrm.org/dev/core/-/issues/4085SearchKit can't export more than a couple thousand rows2023-05-26T16:17:22ZJonGoldSearchKit can't export more than a couple thousand rowsOverview
----------------------------------------
When attempting to "Download Spreadsheet" in SK, it times out with more than a couple thousand rows. It's very PHP-intensive to do the pseudoconstant lookups, Smarty calculations, etc. ...Overview
----------------------------------------
When attempting to "Download Spreadsheet" in SK, it times out with more than a couple thousand rows. It's very PHP-intensive to do the pseudoconstant lookups, Smarty calculations, etc. That's not noticeable when it's calculating a page of 50, but doesn't scale.
Reproduction steps
----------------------------------------
1. Create an SK query that yields a large number of contacts. Ensure you have 2-3 pseudoconstant fields in your `SELECT`.
1. Attempt to export with "Download Spreadsheet"
Current behaviour
----------------------------------------
Times out, but appears to still be downloading.
Expected behaviour
----------------------------------------
Finishes successfully, or at least reports back to the user that the export won't finish.
Comments
----------------------------------------
Most systems that offer exports of large data sets - including our competitors like NationBuilder etc., but also many apps like PayPal - do not attempt to offer the export in real-time. They queue the export, then you visit a queue page to download the completed exports (most systems will email you when it's ready).
@eileen @totten I know you've both been working on queuing mechanisms. I can drum up some funding (maybe $750 USD? Need to check) to support this. I'm not sure if it's a heavy lift or a light one though, so I don't know if that's a substantial amount of funding.
Ideally, this would work like imports or CiviMail, where the queue job can build the export over multiple cron runs. The client who would fund this is on Pantheon, which doesn't have an unlimited cron job run time.https://lab.civicrm.org/dev/core/-/issues/4321Mailing Report link on Contact Mailings broken for A/B tests2023-05-30T22:22:24ZlarsssandergreenMailing Report link on Contact Mailings broken for A/B testsOverview
----------------------------------------
If you try to view a Mailing Report for an A/B Mailing from the Contact Mailings tab, you get unknown path instead of the mailing report. See [chat discussion here](https://chat.civicrm.o...Overview
----------------------------------------
If you try to view a Mailing Report for an A/B Mailing from the Contact Mailings tab, you get unknown path instead of the mailing report. See [chat discussion here](https://chat.civicrm.org/civicrm/pl/5rsi3a9y67dozbc8gzzmt71eic). The issue is that there is a [redirect](https://github.com/civicrm/civicrm-core/blob/cf6c1ffdcb96f45743752e451345140bdcfd7305/CRM/Mailing/Page/Report.php#L86) when the mailing report is an A/B test and that redirect does not work through [crmApp.js](https://github.com/civicrm/civicrm-core/blob/master/ang/crmApp.js) because it changes the $location, which does not work in a modal.
Reproduction steps
----------------------------------------
1. Enable Mailings for Viewing Contacts on Admin - Customize Data and Screens - Display Preferences.
1. Click Mailing Report beside an A/B test mailing on the Mailings tab on a Contact
1. Pop up says unknown path, no mailing report
Comments
----------------------------------------
Would be happy to do some work on fixing this, but I'm not sure what the approach would be.https://lab.civicrm.org/dev/core/-/issues/4257Allow editing of payment method on contribution edit form when no payments ar...2023-05-30T22:23:24ZlarsssandergreenAllow editing of payment method on contribution edit form when no payments are associatedCurrently, the contribution edit form does not allow editing of the payment method for a pending contribution. This may be useful for users, for example if someone fills out a contribution page with pay later and so their contribution pa...Currently, the contribution edit form does not allow editing of the payment method for a pending contribution. This may be useful for users, for example if someone fills out a contribution page with pay later and so their contribution payment method is set to check, but they will actually pay with an etransfer and we want to note this. It is also potentially confusing because the user can mark the payment as completed and record the payment two ways, by clicking Record Payment or by changing the status to completed, but only the first of these allows the user to change the payment method.
I think we can safely allow editing of the payment method when there are no payments associated with a contribution.https://lab.civicrm.org/dev/core/-/issues/3955Add show spaces remaining setting for price set fields2023-05-30T22:23:49ZlarsssandergreenAdd show spaces remaining setting for price set fieldsWith multiple participant registrations and price set options with registration limits, the fact that registrants can't see how many spaces are remaining in a specific option can cause a lot of frustration. What happens is Bob wants to r...With multiple participant registrations and price set options with registration limits, the fact that registrants can't see how many spaces are remaining in a specific option can cause a lot of frustration. What happens is Bob wants to register his family of four for a workshop that only has space remaining for three people. He fills out his details, selects the workshop, fills out his 2nd and 3rd family members' details and selects the workshop for them and only when he arrives on the 4th family members' registration page does he find out there aren't actually enough spaces in the workshop for his family. So he goes back to the start, changes the workshop to another one for each family member one by one, only to find out that the substitute workshop only has space for two... Cue frustration and annoyed emails or, even worse, Bob gives up and doesn't register at all.
To prevent this issue, I propose to add an option to price fields called "Show spaces remaining", which would only be shown when the price set is used for event registration. When this is enabled, each price option will include "(N left)" at the end of the option label, where the (Sold out) text would go, e.g. Identifying pinecones - $ 5.00 (4 left). Of course, this won't be shown for sold out options or options with no limit.
On the backend only, this will also be shown for oversubscribed options (N over limit), replacing (Sold out).
With the recent work I've done to simplify the process of building the [price set option labels](https://github.com/civicrm/civicrm-core/pull/24639), this will be much more easily accomplished.https://lab.civicrm.org/dev/core/-/issues/4322Smart groups in group tab for contact too slow2023-05-31T08:18:14ZyashodhaSmart groups in group tab for contact too slowSmart groups in group tab for contact too slow. This should be optimized.Smart groups in group tab for contact too slow. This should be optimized.yashodhayashodhahttps://lab.civicrm.org/dev/core/-/issues/1931Paypal Standard IPNs not being correctly handled leaving contributions as Pen...2023-06-01T19:13:12ZUpperholmePaypal Standard IPNs not being correctly handled leaving contributions as Pending (incomplete transaction)Overview
----------------------------------------
My client recently reported that payment records in CiviCRM were not being automatically marked as paid/completed despite the fact that they were successfully completed and listed in the ...Overview
----------------------------------------
My client recently reported that payment records in CiviCRM were not being automatically marked as paid/completed despite the fact that they were successfully completed and listed in the Paypal account. On investigating the issue it was clear that the IPNs were failing.
I updated the CiviCRM install to 5.27.0 to see if this would resolve the issue. It didn't. Yesterday I updated again to 5.27.4. Still no change.
The issue appears identical to this case reported on Stackexchange: https://civicrm.stackexchange.com/questions/37277/paypal-standard-payments-are-being-accepted-but-marked-as-incomplete-transaction
I tried adding the patch referred to in Eileen's comment, but it looks like the effect of that has been to remove any information from the log pertaining to the IPN.
I've double checked the IPN URL provided to Paypal. If I point my browser to this URL I get the message:
```
Failure: Missing Parameter
module
```
The CMS is Wordpress 5.3.25.31.1haystackhaystackhttps://lab.civicrm.org/dev/translation/-/issues/47Investigate javascript currency library2023-06-02T19:33:39ZeileenInvestigate javascript currency libraryI think that we should use an approach for money fields similar to date fields where formatting is at the js layer and the values are always submitted in unrounded US decimal format - ie. always submitted like 4,000.0123 (or preferably 4...I think that we should use an approach for money fields similar to date fields where formatting is at the js layer and the values are always submitted in unrounded US decimal format - ie. always submitted like 4,000.0123 (or preferably 4000.123) and the php can expect just to 'use what it gets'
There are a number of possible js libraries. https://bashooka.com/coding/javascript-libraries-for-formatting-number-currency-time-date/
I feel like the requirements are
1) Format currencies appropriately. If I have a page that accepts donations in EUR it should display as 2.534.234,00 €
2) Format currencies by locale if known. If I 'know' - probably from a drupal url or similar that my page is for French Euro users then I want 2 534 234,00 €
3) Use the site numeric separator on backend screens. If I'm used to using a US decimal format I want all donations displayed with the same 'meaning' of the decimal
4) Format on input.
5) Package is appropriately licenced
The first 3 seem comfortably addressed by https://osrec.github.io/currencyFormatter.js/ which also offers the very nice
```
<div class='money' data-ccy='EUR'> 1234564.58 </div>
<div class='money' data-ccy='GBP'> 8798583.85 </div>
<div class='money' data-ccy='CHF'> 0.9754 </div>
```
syntax - which we could extend for scenarios 2 & 3 if necessary. Is MIT license OK?
The package seems pretty static - and they have not merged a PR to add Romanian which might be not great. I'm just looking at a couple of others as well
I REALLY like the jquery syntax above :-)
See https://lab.civicrm.org/dev/translation/-/issues/47 for same topic but php layer
Also Format on input - http://autonumeric.org/ looks promising - also MIT
Dinero doesn't really seem to do much formatting https://dinerojs.com/module-dinero
http://numbrojs.com/format.html also offers pretty reasonable formatting. I like the 'unformat' function but I wonder if it would work for Euro currencies
Note the screenshot demonstrates where full locale-based formatting would make no sense. The rows all need to use the decimal point the same way
![Screen_Shot_2020-05-18_at_4.35.13_PM](/uploads/58e7cfce6e88ccae2e19ba1b711d9dc4/Screen_Shot_2020-05-18_at_4.35.13_PM.png)
https://lab.civicrm.org/dev/core/-/issues/3875Pressing return on additional participants page for event registration goes b...2023-06-03T19:57:34ZlarsssandergreenPressing return on additional participants page for event registration goes back to previous page instead of forwardThere are three buttons on the additional participant page: Go Back, Continue, Skip Participant. Since all three are type="submit", when you press the return/enter key, the first button of type="submit" is clicked, so you go back one pag...There are three buttons on the additional participant page: Go Back, Continue, Skip Participant. Since all three are type="submit", when you press the return/enter key, the first button of type="submit" is clicked, so you go back one page. Contrast with the primary participant registration page, where return does take you to the next page because there is only one button or with a contribution page where return takes you to the confirmation page, again because there is only one button.
The easiest fix would be to change the types of the other buttons to "button". The button type [is set here](https://github.com/civicrm/civicrm-core/blob/c94963f7637912571ce62b33de60f7d5ce640f69/CRM/Core/Form.php#L758) for all buttons as "submit" unless type="reset" is passed to addButtons. So I propose to review button types in use, setting those that make sense as "submit" (next, done, submit, upload, process, etc) and others as "button" (cancel, refresh). Any buttons without a type will be left as "submit" so as to avoid breaking anything.
There is also a class default added to buttons that have isDefault, but it's unclear to me what this does.https://lab.civicrm.org/dev/core/-/issues/4308CryptoKeys - Converting CryptoException into status messages2023-06-05T14:10:29ZVangelisPCryptoKeys - Converting CryptoException into status messages### Overview
From time to time, we clone/replicate our live sites into our development servers to do some reviews/coding enhancements etc. Since the live sites are having a different key from the development site(s), whenever we try to ...### Overview
From time to time, we clone/replicate our live sites into our development servers to do some reviews/coding enhancements etc. Since the live sites are having a different key from the development site(s), whenever we try to access the path `/civicrm/admin/setting/smtp?reset=1` (and assuming that we had set the configuration to SMTP with a username & password in live), we end up with an exception error: "Failed to find key by ID or tag", leaving us unable to access the page so that we can modify or re-enter the SMTP password.
### Reproduction steps
* Configure `CIVICRM_CRED_KEYS`
* Go to `/civicrm/admin/setting/smtp?reset=1`
* Set up the mailer as SMTP and store a password
* Clone the site's database and filebase (except the `civicrm.settings.php`) into another site OR change the `CIVICRM_CRED_KEYS`
* Try to access the page `/civicrm/admin/setting/smtp?reset=1`. You will get an exception error and the page won't load.
### Expected behaviour
* Manage to get to the page `/civicrm/admin/setting/smtp?reset=1` but throw a status message that there's something wrong with the stored password.
### Proposed solution
* On `/Civi/Crypto/CryptoRegistry.php` convert the `CryptoException`s into Status messages
* On `/Civi/Crypto/CryptoToken.php` check if the variable `$key` is null or set and if not, return the `$plaintext`
This way, even if the system cannot decode/decrypt properly the key, we will still be able to return to the password page but also throw the notices to the visitor.
I'm assuming that this exact behaviour/effect fires up wherever we use the crypto functionality.
I am also aware that in order to fix this, one needs to also configure the *same* `CIVICRM_CRED_KEY` as seen in the live site.
If this makes any sense, I can provide a patch/PR.
### Environment information
* CiviCRM: 5.57
* PHP: 7.4.33
* CMS: Drupal 9.4.15https://lab.civicrm.org/dev/core/-/issues/1984Sometimes Custom fields missing on profile2023-06-05T20:22:11ZPradeep Nayakpradpnayak@gmail.comSometimes Custom fields missing on profileCustom fields are not rendered on profile front end pages like contribution or event pages. As soon as civi cache is cleared they start appearing.
```
Php - 7.3
opcahe disabled
Clean-up Temporary Data and Files schedule job executed hou...Custom fields are not rendered on profile front end pages like contribution or event pages. As soon as civi cache is cleared they start appearing.
```
Php - 7.3
opcahe disabled
Clean-up Temporary Data and Files schedule job executed hourly by cron job
```https://lab.civicrm.org/dev/core/-/issues/4311Undefined array key warnings when entering a report page2023-06-06T05:54:40ZTobias KrauseUndefined array key warnings when entering a report pageWhen a report page is accessed several warnings appear in watchdog. For example the path of one of the reports is /civicrm/report/instance/3, the warnings are:
```
Warning: Undefined array key "batch_id_op" in include() (Zeile 42 in sit...When a report page is accessed several warnings appear in watchdog. For example the path of one of the reports is /civicrm/report/instance/3, the warnings are:
```
Warning: Undefined array key "batch_id_op" in include() (Zeile 42 in sites\default\files\private\civicrm\templates_c\en_US\%%E0\E0C\E0C36992%%Filters.tpl.php)
Warning: Trying to access array offset on value of type null in include() (Zeile 42 in sites\default\files\private\civicrm\templates_c\en_US\%%E0\E0C\E0C36992%%Filters.tpl.php)
Warning: Undefined array key "type" in include() (Zeile 48 in sites\default\files\private\civicrm\templates_c\en_US\%%1B\1BD\1BD7DE8F%%Statistics.tpl.php)
Warning: Undefined array key "type" in include() (Zeile 51 in sites\default\files\private\civicrm\templates_c\en_US\%%1B\1BD\1BD7DE8F%%Statistics.tpl.php)
```