Skip to content
Permalink
Branch: 4.2
Commits on May 12, 2015
Commits on Mar 11, 2015
  1. Update version to 4.2.21

    Dawnthorn committed Mar 11, 2015
Commits on Mar 2, 2015
Commits on Nov 4, 2014
  1. Update version to 4.2.20

    nganivet authored and eileenmcnaughton committed Nov 4, 2014
  2. Merge pull request #69 from giant-rabbit/CRM-15510-and-CRM-15251

    eileenmcnaughton committed Nov 4, 2014
    CRM-15510 and CRM-15251
  3. CRM-15251 4.4 class variants

    eileenmcnaughton authored and Dawnthorn committed Oct 21, 2014
  4. CRM-15251 - Contact details revealed when certain URLs indexed by sea…

    JohnFF authored and Dawnthorn committed Oct 2, 2014
    …rch engines
    
    Added No Follow and No Index to:
    Petition Confirmation pages
    Mailing Optouts & Unsubscribe pages
    Mailing Subscription Confirmation pages
    
    Conflicts:
    	CRM/Mailing/Form/Optout.php
    	CRM/Mailing/Form/Unsubscribe.php
Commits on Sep 9, 2014
  1. CRM-15248 - footer.tpl - For front-end users, redact point-release.

    totten authored and eileenmcnaughton committed Sep 9, 2014
    On one hand, giving a precise version can help attackers match their targets
    with exploits.  On the other hand, giving some kind of version indication is
    useful for support and marketing.  This PR attempts to balance the interests
    by giving a precise version ("Powered by CiviCRM 4.4.6") to users with
    permission "access CiviCRM" while giving a coarse-version ("Powered by
    CiviCRM 4.4") to anyone else.
    
    Conflicts:
    	templates/CRM/common/footer.tpl
  2. CRM-15247 - CRM_Contact_Page_AJAX::checkUserName - Require a token be…

    totten authored and eileenmcnaughton committed Sep 6, 2014
    …fore checking username
    
    The use-case for this function: when a new constituent signs up for a user
    account, we give advice on whether the username is available.
    
    Unfortunately, attackers can use that functionality to scan the list of
    usernames.  There's no protection from a motivated attacker (except to
    disable new signups).
    
    This patch aims to mitigate the problem in two ways:
     - For sites which don't allow user signups, the scanning won't work (b/c
       attackers can't obtain a token).
     - For sites which do allow signups, scanning requires more work
       (to obtain & refresh tokens).
    
    Conflicts:
    	templates/CRM/common/checkUsernameAvailable.tpl
  3. CRM-15247 - CRM_Contact_Page_AJAX::getContactEmail - Validate inputs

    totten authored and eileenmcnaughton committed Sep 6, 2014
    Conflicts:
    	CRM/Contact/Page/AJAX.php
Commits on Aug 15, 2014
  1. CRM-12499 static warning fix

    eileenmcnaughton committed Aug 15, 2014
    Conflicts:
    	packages
Commits on Aug 9, 2014
  1. Update version to 4.2.19

    nganivet committed Aug 9, 2014
  2. Update version to 4.2.19

    nganivet committed Aug 9, 2014
  3. Update version to 4.2.18

    nganivet committed Aug 9, 2014
Commits on Aug 5, 2014
  1. notice fixes

    kurund authored and eileenmcnaughton committed Apr 8, 2014
  2. CRM-13459 fix : added additional filter of entity_table = 'civicrm_pcp'

    Pratik Joshi authored and eileenmcnaughton committed Sep 27, 2013
    ----------------------------------------
    * CRM-13459: PCP Image does not display correct image
      http://issues.civicrm.org/jira/browse/CRM-13459
Commits on Jul 22, 2014
  1. CRM-12499 Joomla fix

    eileenmcnaughton committed Jul 22, 2014
  2. CRM-12499 - CRM_Core_Permission_Joomla - Add translation

    totten authored and eileenmcnaughton committed May 25, 2013
    ----------------------------------------
    * CRM-12499: Allow users with 'access user profiles' to access $userRecordUrl
      http://issues.civicrm.org/jira/browse/CRM-12499
Commits on Jul 21, 2014
  1. Merge pull request #68 from eileenmcnaughton/CRM-12499

    eileenmcnaughton committed Jul 21, 2014
    CRM-12499 - CRM_Core_Permission_Base::translatePermission
  2. CRM-12499 - CRM_Core_Permission_Base::translatePermission

    totten authored and eileenmcnaughton committed May 25, 2013
    Add helper function translatePermission which translates an expression like
    "administer CiviCRM", "cms:view user account", or "drupal:access user
    profiles" into something understood by native CMS.
    
    Use translatePermission as part of check() in D6, D7, WP.
    
    Use placeholder permssions ALWAYS_ALLOW_PERMISSION and
    ALWAYS_DENY_PERMISSION for select corner cases.
    
    ----------------------------------------
    * CRM-12499: Allow users with 'access user profiles' to access $userRecordUrl
      http://issues.civicrm.org/jira/browse/CRM-12499
    
    Conflicts:
    	CRM/Core/Permission/Base.php
    	CRM/Core/Permission/Drupal.php
    	CRM/Core/Permission/Drupal6.php
    	CRM/Core/Permission/DrupalBase.php
  3. CRM-12499 - Add CRM_Utils_String::parsePrefix

    totten authored and eileenmcnaughton committed May 25, 2013
    ----------------------------------------
    * CRM-12499: Allow users with 'access user profiles' to access $userRecordUrl
      http://issues.civicrm.org/jira/browse/CRM-12499
    
    Conflicts:
    	CRM/Utils/String.php
Commits on Jul 11, 2014
  1. Add Message File from upstream

    eileenmcnaughton committed Jul 11, 2014
    Conflicts:
    	packages
Commits on Jul 1, 2014
  1. Merge pull request #67 from totten/4.2-fix-menu

    nganivet committed Jul 1, 2014
    CRM/Contribute/xml/Menu/Contribute.xml - Fix fatal from bad merge
Commits on Jun 24, 2014
  1. Merge pull request #66 from eileenmcnaughton/4.2

    eileenmcnaughton committed Jun 24, 2014
    CRM-14856 profile add to group fixes
  2. CRM-14856 - CRM_Profile_Form - Restore behavior of add_to_group_id wh

    eileenmcnaughton committed Jun 24, 2014
    en there are multiple profiles
    
    The behavior is to scan a combined list of UFFields, see if each UFField's
    parent UFGroup has add_to_group, and use it if found.  If multiple
    UFGroups define add_to_group, then the value of the last UFField wins.
    
    I don't see this as good behavior -- just compatible behavior.
Older
You can’t perform that action at this time.