Extensions issueshttps://lab.civicrm.org/groups/extensions/-/issues2024-03-28T21:26:04Zhttps://lab.civicrm.org/extensions/stripe/-/issues/474What does the Stripe security requirements 'change' mean2024-03-28T21:26:04ZeileenWhat does the Stripe security requirements 'change' mean
Josh got this email from Stripe - what does it mean for us?
=================================================================================
Thanks again for taking the time to meet with us and discuss the CiviCRM plugin and ways tha...
Josh got this email from Stripe - what does it mean for us?
=================================================================================
Thanks again for taking the time to meet with us and discuss the CiviCRM plugin and ways that we can deepen our partnership. As we mentioned on the call, Stripe is heightening our security standards by requiring all plugin developers and merchants to use a Stripe Apps supported authentication method.
There are 2 ways CiviCRM can achieve these new security requirements: by implementing either OAuth or Restricted API key (RAK) authentication via a Stripe App, and/or migrating to standard Connect. Please review the [technical onboarding guide](https://stripe.com/docs/stripe-apps/onboarding-plugin) and documentation for [OAuth](https://stripe.com/docs/stripe-apps/api-authentication/oauth) Apps and [RAK](https://stripe.com/docs/stripe-apps/api-authentication/rak) Apps.
All plugin developers using unrestricted API keys must complete the security upgrade by June 2024 in order to avoid any impact to your plugin. Below is a high level timeline of this deprecation:
* April ‘24 - Stripe will send a security risk notification to all merchants using non-secure plugins and will add a security flag on all non-secure plugins in the Stripe Dashboard.
* August ‘24 - Stripe will begin to deprecate the use of non-secure plugins.
Upgrading to Stripe Apps will not only help you meet these security requirements, but can also help you increase your plugin’s distribution. As part of the update, we are offering all developers a Stripe App Marketplace listing, plugin analytics dashboards, and an invitation to [Stripe’s Partner Program](https://docs.stripe.com/partners#benefits).
In addition, the Stripe Apps marketplace and our new, more secure framework do not support legacy integrations. *As such, we will require all plugins in the Stripe Apps marketplace to be on non-legacy UIs (Card Element) in order to ensure the best user and merchant experience.* By implementing Stripe's Optimized Checkout Suite ([payment elements](https://stripe.com/docs/payments/payment-element/migration), [payment methods](https://stripe.com/docs/payments/elements/link-authentication-element), and [Link](https://stripe.com/docs/payments/elements/link-authentication-element)) CiviCRM can leverage our newest checkout products and drive revenue.
Please let us know once you've had a chance to review with your team. We would like to schedule a follow up call later this week or next to help you scope your upgrades, discuss Connect revshare opportunity, and answer any technical questions.https://lab.civicrm.org/extensions/ukgiftaid/-/issues/42PHP 8 error on Remove from Gift Aid batch2024-03-28T17:01:05ZdavejPHP 8 error on Remove from Gift Aid batchOn PHP 8.1, we got a PHP error on the _Remove from Gift Aid batch_ task. This resulted in the remove from batch form being only partially rendered, unstyled and not usable. The PHP error:
```
TypeError: count(): Argument #1 ($value) must...On PHP 8.1, we got a PHP error on the _Remove from Gift Aid batch_ task. This resulted in the remove from batch form being only partially rendered, unstyled and not usable. The PHP error:
```
TypeError: count(): Argument #1 ($value) must be of type Countable|array, null given in include() (line 54 of .../files/civicrm/templates_c/en_GB/%%1D/1D7/1D7FFE0E%%RemoveFromBatch.tpl.php).
```
PR to follow.
**Versions**
- UK Gift Aid 3.5.3
- CiviCRM 5.65.2
- Drupal 10.2.2
- PHP 8.1.27https://lab.civicrm.org/extensions/theisland/-/issues/17Confirmation page is full screen with no border2024-03-28T16:06:52ZGuillaumeSorelConfirmation page is full screen with no borderIs there a way to override the /civicrm/ext/theisland/css/custom-civicrm.css? It's using a default #e8eef0 forced as important for the main wrapper or comes with tiny or no padding.
![image](/uploads/5f48b571bbaaf322a85e6db3fe9416a6/ima...Is there a way to override the /civicrm/ext/theisland/css/custom-civicrm.css? It's using a default #e8eef0 forced as important for the main wrapper or comes with tiny or no padding.
![image](/uploads/5f48b571bbaaf322a85e6db3fe9416a6/image.png)https://lab.civicrm.org/extensions/dataprocessor/-/issues/141Creating Report Output causes "navigation_menu" dependency error (site goes d...2024-03-28T20:34:16ZpbarmakCreating Report Output causes "navigation_menu" dependency error (site goes down)On the latest version of dataprocessor, on WordPress with Civi 5.71.1, if I create a new data processor and I add an output of Search / Report, I get the following error and the whole site goes down (cannot navigate anywhere without that...On the latest version of dataprocessor, on WordPress with Civi 5.71.1, if I create a new data processor and I add an output of Search / Report, I get the following error and the whole site goes down (cannot navigate anywhere without that error and nothing else shows):
`The parameter "navigation_menu" has a dependency on a non-existent parameter "2Fdataprocessor_search".`
This happens on any type of data processor where I select Search / Report as an output. Other outputs I've tried (ex. dashlet) seem to work. And it's only happening on WordPress, my Drupal 7 site seems fine.https://lab.civicrm.org/extensions/gdpr/-/issues/343Missing translation for Terms & Conditions2024-03-26T09:38:18ZGuillaumeSorelMissing translation for Terms & ConditionsIn French but I guess in other languages it's not possible de get the translated chain for 'Terms & Conditions'.
I had to hard translate in ./templates/CRM/Gdpr/TermsConditionsField.tpl to get it in French.
It looks like it's related to...In French but I guess in other languages it's not possible de get the translated chain for 'Terms & Conditions'.
I had to hard translate in ./templates/CRM/Gdpr/TermsConditionsField.tpl to get it in French.
It looks like it's related to the '&' here https://lab.civicrm.org/extensions/gdpr/-/blame/master/templates/CRM/Gdpr/TermsConditionsField.tpl?ref_type=heads#L5
![image](/uploads/fd3caa423f4e940e4c685bec729b7255/image.png)https://lab.civicrm.org/extensions/firewall/-/issues/34Payment fails on Drupal 9.2+ webforms for anonymous users2024-03-26T00:03:43ZBobSPayment fails on Drupal 9.2+ webforms for anonymous usersDrupal 9.2+ does not by default create a [session for anonymous users](https://www.drupal.org/node/3006306). This results in a CSRF failure when submitting webforms which include a payment section.
CiviCRM ensures that a session is crea...Drupal 9.2+ does not by default create a [session for anonymous users](https://www.drupal.org/node/3006306). This results in a CSRF failure when submitting webforms which include a payment section.
CiviCRM ensures that a session is created for all form requests that it handles, but this does not include webform requests.
When responding to Ajax requests to /drupal/civicrm/payment/form initiated from a Drupal Webform,
`Firewall::generateCSRFToken()` calls `\CRM_Core_Config::singleton()->userSystem->getSessionId()` which in turn initializes the `civicrm.tempstore.sessionid` $_SESSION array element. Normally, this would cause Drupal to save the session. However, the Ajax request is terminated by CiviCRM before the normal Drupal request flow is completed, and thus, the session is not saved and no session cookie is emitted.
One solution would be to modify CiviCRM core to save the session before terminating Ajax requests. But, since this failure is specific to the CSRF token generated by the Firewall extension, I think it is more appropriate to fix it there.
The following patch to Firewall::generateCSRFToken() (v1.5.9) resolves the problem. It was tested on Drupal 10.2.3 for both anonymous and logged-in users, and is believed to be compatible with earlier Drupal versions.
```
*** firewall/Civi/Firewall/Firewall_v1.5.9.php Mon Mar 25 09:18:23 2024
--- firewall/Civi/Firewall/Firewall.php Mon Mar 25 17:01:36 2024
***************
*** 277,282 ****
--- 277,294 ----
if (!empty($context)) {
\CRM_Core_Session::singleton()->set('csrf.' . $publicToken, $context, 'civi.firewall');
}
+
+ //Drupal 9.2+ does not by default create a session for anonymous users.
+ //While processing an Ajax request to /drupal/civicrm/payment/form initiated
+ //from a Drupal Webform, we therefore save the session to ensure that anonymous
+ //users receive a session cookie.
+ if (($_REQUEST["is_drupal_webform"] ?? '') == '1' &&
+ method_exists('\Drupal', 'request') &&
+ method_exists(\Drupal::request(), 'getSession') &&
+ method_exists(\Drupal::request()->getSession(), 'save')) {
+ \Drupal::request()->getSession()->save();
+ }
+
return $publicToken;
}
```
See duplicate issue https://lab.civicrm.org/extensions/stripe/-/issues/473.https://lab.civicrm.org/extensions/ncn-civi-zoom/-/issues/7Returns ID not found for valid ID2024-03-25T13:19:50ZlokerReturns ID not found for valid IDI'm using the extension for few months with success, but today I've started to get an error like "Meeting ID (...) not found for this user ID: <email>" but the user and IDs are both correct. Both event on zoom and information on civicrm ...I'm using the extension for few months with success, but today I've started to get an error like "Meeting ID (...) not found for this user ID: <email>" but the user and IDs are both correct. Both event on zoom and information on civicrm are the exact same settings with previously working one. If I enter , between digits as it become after checking, it says Parameters missing.https://lab.civicrm.org/extensions/civimobile/-/issues/2Search just loops forever - no results2024-03-22T14:50:24ZthemakSearch just loops forever - no resultsSearching for anything - the search just loops (ajax loader gif) - nothing loads.
This has been going on for a while - not sure what the solution is.
On two wordpress sites - similar hosting environment.Searching for anything - the search just loops (ajax loader gif) - nothing loads.
This has been going on for a while - not sure what the solution is.
On two wordpress sites - similar hosting environment.https://lab.civicrm.org/extensions/areas/-/issues/13Question - how to define postcodes?2024-03-21T12:08:04ZDavid Hartnettsupport@solas-cpc.orgQuestion - how to define postcodes?Hi, I'm just wondering how to define an area by postcode. I can "Add Area Defintion" of type "postal code" - that's great, but what are the acceptable parameters in this field? I'm working with UK postcodes...
So it would be good to crea...Hi, I'm just wondering how to define an area by postcode. I can "Add Area Defintion" of type "postal code" - that's great, but what are the acceptable parameters in this field? I'm working with UK postcodes...
So it would be good to create an area definition of, for example, all NE postcodes (NE1 1AA, NE1 1AB, NE1 1AC, etc). How can I enter this?
Thankshttps://lab.civicrm.org/extensions/taxcalculator/-/issues/7Backend Event registration calculations are broken2024-03-21T10:16:53ZbgmBackend Event registration calculations are broken- Enable tax-receipting, add a tax account, set the tax to 99%
- Setup taxcalculator
- Create an event in Quebec
- Register a contact to that event, using the backend
- the amounts displayed on screen are OK
- when saved,
The resul...- Enable tax-receipting, add a tax account, set the tax to 99%
- Setup taxcalculator
- Create an event in Quebec
- Register a contact to that event, using the backend
- the amounts displayed on screen are OK
- when saved,
The results are way off. The "Contribution Total" is OK, but everything else is wrong:
- Event pre-tax fee is displayed as 462.21 instead of 800
- Total event fees (with tax) displayed as 531.43, but 919.80 was paid, so 388.37 owed
Online/public event registration works fine.https://lab.civicrm.org/extensions/fixoptiontranslations/-/issues/5Error during installation2024-03-19T11:13:43ZGuillaumeSorelError during installationWhile installing the extension (with the gitclone command) we received this error on WP 6.4.3 / CiviCRM 5.69.5 / PHP 8.1.27
It seems that `The field_name is not valid`
```
Error: API Call Failed: Array
(
[entity] => Extension
[a...While installing the extension (with the gitclone command) we received this error on WP 6.4.3 / CiviCRM 5.69.5 / PHP 8.1.27
It seems that `The field_name is not valid`
```
Error: API Call Failed: Array
(
[entity] => Extension
[action] => install
[params] => Array
(
[keys] => Array
(
[0] => fixoptiontranslations
)
[debug] => 1
[version] => 3
)
[result] => Array
(
[error_code] => 0
[entity] => Extension
[action] => install
[is_error] => 1
[error_message] => The field_name is not valid
[trace] => #0 /var/www/vhosts/domain.com/httpdocs/wp-content/uploads/civicrm/ext/fixoptiontranslations/CRM/Fixoptiontranslations/Upgrader.php(83): civicrm_api3()
```https://lab.civicrm.org/extensions/reporterror/-/issues/7Version 3.8 Crashed Site (missing PHP libs)2024-03-18T19:50:20ZthemakVersion 3.8 Crashed Site (missing PHP libs)![Screenshot_2024-03-18_at_12.53.18_PM](/uploads/20835d19939e4da1857470d3130f4923/Screenshot_2024-03-18_at_12.53.18_PM.png)
![Screenshot_2024-03-18_at_12.53.34_PM](/uploads/bf611b79108a6eebf88dde82f38fe8cf/Screenshot_2024-03-18_at_12.53...![Screenshot_2024-03-18_at_12.53.18_PM](/uploads/20835d19939e4da1857470d3130f4923/Screenshot_2024-03-18_at_12.53.18_PM.png)
![Screenshot_2024-03-18_at_12.53.34_PM](/uploads/bf611b79108a6eebf88dde82f38fe8cf/Screenshot_2024-03-18_at_12.53.34_PM.png)https://lab.civicrm.org/extensions/civimobileapi/-/issues/96Bug in the extension related to creation of event templates2024-03-18T04:33:40ZyashodhaBug in the extension related to creation of event templatesSteps to replicate :
----------------------
Go to Events > event templates
Add new event template.
We can edit elements on the first screen.
Then hit continue, an event ID is assigned in the URL : this seems like the normal process.
Th...Steps to replicate :
----------------------
Go to Events > event templates
Add new event template.
We can edit elements on the first screen.
Then hit continue, an event ID is assigned in the URL : this seems like the normal process.
Then click save and done and we are directed to the Manage events screen, instead of the list of event templates
No event template has been created
An event with the event id that was assigned earlier in the URL is created.
The issue is that in the database event.is_template is 0 instead of 1.
This happens when civimobileapi extension has been installed.https://lab.civicrm.org/extensions/civimobileapi/-/issues/95[5.85] processAmount() will be removed from core2024-03-17T12:44:55Zjofranzfranz@systopia.de[5.85] processAmount() will be removed from core```
Call to deprecated method processAmount() of class CRM_Price_BAO_PriceSet:
since 5.69 will be removed around 5.85. This function is still in use but marking deprecated to make it clear that
we are moving away from it. There is no fun...```
Call to deprecated method processAmount() of class CRM_Price_BAO_PriceSet:
since 5.69 will be removed around 5.85. This function is still in use but marking deprecated to make it clear that
we are moving away from it. There is no function that has the guaranteed stable signature
that would allow us to support if from outside of core so if using this or the core alternative
from an extension you need to rely on unit tests to keep your code stable. Within core we
already have good test cover on code that calls this.
```https://lab.civicrm.org/extensions/mosaicoextras/-/issues/2WP - Update permissions to non-deprecated format2024-03-28T07:46:07ZspeleoWP - Update permissions to non-deprecated formatRunning
- CiviCRM 5.71.1
- php 8.1.27
- version 1.99 of dataprocessor.php
This seems related to extensions/dataprocessor!125 which has been marked as fixed/closed.
https://lab.civicrm.org/extensions/dataprocessor/-/merge_requests/125...Running
- CiviCRM 5.71.1
- php 8.1.27
- version 1.99 of dataprocessor.php
This seems related to extensions/dataprocessor!125 which has been marked as fixed/closed.
https://lab.civicrm.org/extensions/dataprocessor/-/merge_requests/125?commit_id=c2e6a48725b05cd5f69d259194d1f3539a6395a4
I've checked and I'm already running this fix.
debug.log full of
PHP Deprecated: Permission 'xxxx' should be declared with 'label' and 'description' keys. See https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_permission/ Caller: CRM_Core_Permission::assembleBasicPermissions in /home/bertie/public_html/wp/wp-content/plugins/civicrm/civicrm/CRM/Core/Error.php on line 1129
The permissission xxxx above is one of
- CiviMobile backend access
- view Agenda
- see tags
- see groups
- CiviMobile backend access
- administer CiviDiscount
- can check in on event
If the calling method has been fixed, would the notices be caused by the extension code not passing the right arguments?https://lab.civicrm.org/extensions/action-provider/-/issues/51(regression) version 1.140 breaks when Smarty3 is enabled2024-03-20T07:28:34ZJonGold(regression) version 1.140 breaks when Smarty3 is enabledThe change in 1.140 did a `civix upgrade`, but only to version 22.05.2. This causes a 500 error on systems with Smarty 3 defined (which is recommended by a system check on Civi 5.69+).
My guess is you ran `civix upgrade` but have an ou...The change in 1.140 did a `civix upgrade`, but only to version 22.05.2. This causes a 500 error on systems with Smarty 3 defined (which is recommended by a system check on Civi 5.69+).
My guess is you ran `civix upgrade` but have an outdated version of `civix`. Running `civix upgrade` with a version from February 2023 or later resolves the issue.https://lab.civicrm.org/extensions/resendmailing/-/issues/5merging extension2024-03-14T20:25:31ZRichmerging extensionI'm planning to merge this into v2 of
https://lab.civicrm.org/extensions/refinemailing/-/tree/2.0.0/docs?ref_type=heads
That ext now does a number of mailing things starting from search results. Makes sense to merge I think.I'm planning to merge this into v2 of
https://lab.civicrm.org/extensions/refinemailing/-/tree/2.0.0/docs?ref_type=heads
That ext now does a number of mailing things starting from search results. Makes sense to merge I think.https://lab.civicrm.org/extensions/mosaicoextras/-/issues/15.71 compatibility2024-03-28T07:46:06ZDetlev Sieber5.71 compatibilityThe cronjob is throwing a warning message:
> \[PHP User Deprecation\] Permission 'delete Mosaico templates' should be declared with 'label' and 'description' keys. See https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_permission...The cronjob is throwing a warning message:
> \[PHP User Deprecation\] Permission 'delete Mosaico templates' should be declared with 'label' and 'description' keys. See https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_permission/ Caller: CRM_Core_Permission::assembleBasicPermissions at /usr/www/users/crmxxxxx/sub.domain.tld/vendor/civicrm/civicrm-core/CRM/Core/Error.php:1129
In a Drupal environment, this is sending an email every time the cronjob is running.https://lab.civicrm.org/extensions/dataprocessor/-/issues/139Custom field not showing in filters2024-03-12T17:47:22ZedvanleeuwenCustom field not showing in filtersI have a custom field referencing contacts. I have added it as a field, but I cannot add it as a filter option.
This resembles https://lab.civicrm.org/extensions/dataprocessor/-/issues/36
Civi 5.70.0. DP 1.96.I have a custom field referencing contacts. I have added it as a field, but I cannot add it as a filter option.
This resembles https://lab.civicrm.org/extensions/dataprocessor/-/issues/36
Civi 5.70.0. DP 1.96.https://lab.civicrm.org/extensions/stripe/-/issues/473Drupal 9 + WebForm: "Bad Request" after upgrading to CiviCRM 5.71.02024-03-25T20:04:28ZmasettoDrupal 9 + WebForm: "Bad Request" after upgrading to CiviCRM 5.71.0I don't know if this is a Stripe or Firewall issue, I write what happened to me.
I have a CiviCRM installation with Drupal 9.5.11 and WebForm 6.2.4. After upgrading to CiviCRM 5.71.0 (I had the same problem on v5.70.0), the webform conn...I don't know if this is a Stripe or Firewall issue, I write what happened to me.
I have a CiviCRM installation with Drupal 9.5.11 and WebForm 6.2.4. After upgrading to CiviCRM 5.71.0 (I had the same problem on v5.70.0), the webform connected with Stripe payment processor give me an error
![image](/uploads/fb6448037d868c3d01be677fec1b1d14/image.png)
I debugged and found that the error is generated in `Civi/Api4/Action/StripePaymentintent/ProcessPublic.php`:
```php
$event = \Civi::dispatcher()->dispatch('civi.stripe.authorize', $authorizeEvent);`
if ($event->isAuthorized() === FALSE) {
throw new \CRM_Core_Exception('Bad Request');
}
```
The API4 is `StripePaymentintent.ProcessPublic` and these are the parameters:
```
Array
(
[paymentMethodID] => pm_1OrhO7GYnf18AbeR11Ftobfo
[amount] => 4.00
[currency] => EUR
[paymentProcessorID] => 3
[description] => Donate Now
[extraData] =>
[csrfToken] => 1709820194.b23530a1ab275ce872a9271d.3454a517e3658a9bbf1e380ec4a9228d49d0c618efaa7fb13dbfc41e860f7445
[captcha] =>
[checkPermissions] => 1
)
```
My IP finished in `civicrm_firewall_ipaddress` table, event_type "InvalidCSRFEvent" and source "tampered hash".
Sorry if I wrote in the wrong place, but I don't know how to untangle myself to understand and fix it.