From fa4dc35113d42aa6f3609095203ab852d387be56 Mon Sep 17 00:00:00 2001
From: Kevin Cristiano <kcristiano@kcristiano.com>
Date: Wed, 15 Feb 2023 21:05:40 -0500
Subject: [PATCH] civicrm release-5.58.1
---
civicrm.php | 4 +-
civicrm/CRM/Contact/Tokens.php | 5 +-
civicrm/CRM/Contribute/Form/Task/Invoice.php | 5 +-
civicrm/CRM/Core/BAO/MessageTemplate.php | 20 ++++++-
civicrm/CRM/Core/BAO/PdfFormat.php | 1 +
civicrm/CRM/Core/EntityTokens.php | 8 +--
.../Event/Form/ManageEvent/Registration.php | 3 +-
civicrm/CRM/Extension/ClassLoader.php | 7 ++-
civicrm/CRM/Report/Form.php | 15 ++++--
.../CRM/Utils/Check/Component/Timestamps.php | 2 +-
civicrm/CRM/Utils/File.php | 7 +--
civicrm/Civi/Test/CiviTestListener.php | 1 +
.../Civi/Test/CiviTestListenerPHPUnit7.php | 1 +
civicrm/Civi/Test/Legacy/CiviTestListener.php | 1 +
civicrm/civicrm-version.php | 2 +-
civicrm/composer.lock | 12 ++---
civicrm/ext/afform/admin/info.xml | 2 +-
civicrm/ext/afform/core/info.xml | 2 +-
civicrm/ext/afform/html/info.xml | 2 +-
civicrm/ext/afform/mock/info.xml | 2 +-
civicrm/ext/authx/info.xml | 2 +-
civicrm/ext/civicrm_admin_ui/info.xml | 2 +-
civicrm/ext/civigrant/info.xml | 2 +-
civicrm/ext/civiimport/info.xml | 2 +-
civicrm/ext/ckeditor4/info.xml | 2 +-
.../ext/contributioncancelactions/info.xml | 2 +-
civicrm/ext/elavon/info.xml | 2 +-
civicrm/ext/eventcart/info.xml | 2 +-
civicrm/ext/ewaysingle/info.xml | 2 +-
civicrm/ext/financialacls/info.xml | 2 +-
civicrm/ext/flexmailer/info.xml | 2 +-
civicrm/ext/greenwich/info.xml | 2 +-
civicrm/ext/legacycustomsearches/info.xml | 2 +-
civicrm/ext/message_admin/info.xml | 2 +-
civicrm/ext/oauth-client/info.xml | 2 +-
civicrm/ext/payflowpro/info.xml | 2 +-
civicrm/ext/recaptcha/info.xml | 2 +-
civicrm/ext/search_kit/info.xml | 2 +-
civicrm/ext/sequentialcreditnotes/info.xml | 2 +-
civicrm/release-notes.md | 10 ++++
civicrm/release-notes/5.58.1.md | 53 +++++++++++++++++++
civicrm/sql/civicrm_data.mysql | 2 +-
civicrm/sql/civicrm_generated.mysql | 2 +-
civicrm/vendor/autoload.php | 2 +-
civicrm/vendor/composer/autoload_real.php | 14 ++---
civicrm/vendor/composer/autoload_static.php | 12 ++---
civicrm/vendor/composer/include_paths.php | 2 +-
civicrm/vendor/composer/installed.json | 14 ++---
civicrm/vendor/composer/installed.php | 10 ++--
civicrm/vendor/dompdf/dompdf/VERSION | 2 +-
.../vendor/dompdf/dompdf/src/Image/Cache.php | 23 ++++----
civicrm/xml/version.xml | 2 +-
.../civicrm.metabox.contact.add.php | 10 ++--
53 files changed, 205 insertions(+), 93 deletions(-)
create mode 100644 civicrm/release-notes/5.58.1.md
diff --git a/civicrm.php b/civicrm.php
index ede12b9f4f..a4dbcfaec3 100644
--- a/civicrm.php
+++ b/civicrm.php
@@ -2,7 +2,7 @@
/**
* Plugin Name: CiviCRM
* Description: CiviCRM - Growing and Sustaining Relationships
- * Version: 5.58.0
+ * Version: 5.58.1
* Requires at least: 4.9
* Requires PHP: 7.3
* Author: CiviCRM LLC
@@ -36,7 +36,7 @@ if (!defined('ABSPATH')) {
}
// Set version here: changing it forces Javascript and CSS to reload.
-define('CIVICRM_PLUGIN_VERSION', '5.58.0');
+define('CIVICRM_PLUGIN_VERSION', '5.58.1');
// Store reference to this file.
if (!defined('CIVICRM_PLUGIN_FILE')) {
diff --git a/civicrm/CRM/Contact/Tokens.php b/civicrm/CRM/Contact/Tokens.php
index 4dc0cc9236..a99da6faff 100644
--- a/civicrm/CRM/Contact/Tokens.php
+++ b/civicrm/CRM/Contact/Tokens.php
@@ -397,14 +397,17 @@ class CRM_Contact_Tokens extends CRM_Core_EntityTokens {
foreach ($metadata as $field) {
if ($entity === 'website') {
// It's not the primary - it's 'just one of them' - so the name is _first not _primary
+ $field['name'] = 'website_first.' . $field['name'];
$this->addFieldToTokenMetadata($tokensMetadata, $field, $exposedFields, 'website_first');
}
else {
+ $field['name'] = $entity . '_primary.' . $field['name'];
$this->addFieldToTokenMetadata($tokensMetadata, $field, $exposedFields, $entity . '_primary');
$field['label'] .= ' (' . ts('Billing') . ')';
// Set audience to sysadmin in case adding them to UI annoys people. If people ask to see this
// in the UI we could set to 'user'.
$field['audience'] = 'sysadmin';
+ $field['name'] = $entity . '_billing.' . $field['name'];
$this->addFieldToTokenMetadata($tokensMetadata, $field, $exposedFields, $entity . '_billing');
}
}
@@ -453,13 +456,11 @@ class CRM_Contact_Tokens extends CRM_Core_EntityTokens {
if ($fieldSpec['table_name'] === 'civicrm_website') {
$tableAlias = 'website_first';
$joins[$tableAlias] = $fieldSpec['entity'];
- $prefix = $tableAlias . '.';
}
if ($fieldSpec['table_name'] === 'civicrm_openid') {
// We could start to deprecate this one maybe..... I've made it un-advertised.
$tableAlias = 'openid_primary';
$joins[$tableAlias] = $fieldSpec['entity'];
- $prefix = $tableAlias . '.';
}
if ($fieldSpec['type'] === 'Custom') {
$customFields['custom_' . $fieldSpec['custom_field_id']] = $fieldSpec['name'];
diff --git a/civicrm/CRM/Contribute/Form/Task/Invoice.php b/civicrm/CRM/Contribute/Form/Task/Invoice.php
index c2beedce0f..c67b0a10ff 100644
--- a/civicrm/CRM/Contribute/Form/Task/Invoice.php
+++ b/civicrm/CRM/Contribute/Form/Task/Invoice.php
@@ -233,10 +233,9 @@ class CRM_Contribute_Form_Task_Invoice extends CRM_Contribute_Form_Task {
$refundedStatusId = CRM_Utils_Array::key('Refunded', $contributionStatusID);
$cancelledStatusId = CRM_Utils_Array::key('Cancelled', $contributionStatusID);
$pendingStatusId = CRM_Utils_Array::key('Pending', $contributionStatusID);
- $pdfFormat = CRM_Core_BAO_PdfFormat::getByName('default_invoice_pdf_format');
-
+ $pdfFormat = CRM_Core_BAO_MessageTemplate::getPDFFormatForTemplate('contribution_invoice_receipt');
foreach ($elementDetails as $contributionID => $detail) {
- $input = $ids = [];
+ $input = [];
if (in_array($detail['contact'], $excludedContactIDs)) {
continue;
}
diff --git a/civicrm/CRM/Core/BAO/MessageTemplate.php b/civicrm/CRM/Core/BAO/MessageTemplate.php
index bdb9a9d644..12fe6914c7 100644
--- a/civicrm/CRM/Core/BAO/MessageTemplate.php
+++ b/civicrm/CRM/Core/BAO/MessageTemplate.php
@@ -203,7 +203,7 @@ class CRM_Core_BAO_MessageTemplate extends CRM_Core_DAO_MessageTemplate implemen
*/
public static function getMessageTemplates($all = TRUE, $isSMS = FALSE) {
- $messageTemplates = \Civi\Api4\MessageTemplate::get()
+ $messageTemplates = MessageTemplate::get()
->addSelect('id', 'msg_title')
->addWhere('is_active', '=', TRUE)
->addWhere('is_sms', '=', $isSMS);
@@ -218,6 +218,24 @@ class CRM_Core_BAO_MessageTemplate extends CRM_Core_DAO_MessageTemplate implemen
return $msgTpls;
}
+ /**
+ * Get the appropriate pdf format for the given template.
+ *
+ * @param string $workflow
+ *
+ * @return array
+ * @throws \CRM_Core_Exception
+ */
+ public static function getPDFFormatForTemplate(string $workflow): array {
+ $pdfFormatID = MessageTemplate::get(FALSE)
+ ->addWhere('workflow_name', '=', $workflow)
+ ->addSelect('pdf_format_id')
+ ->execute()->first()['pdf_format_id'] ?? 0;
+ // Get by ID will fall back to retrieving the default values if
+ // it does not find the appropriate ones - hence passing in 0 works.
+ return CRM_Core_BAO_PdfFormat::getById($pdfFormatID);
+ }
+
/**
* Revert a message template to its default subject+text+HTML state.
*
diff --git a/civicrm/CRM/Core/BAO/PdfFormat.php b/civicrm/CRM/Core/BAO/PdfFormat.php
index cfe2ebfb01..0113ec6224 100644
--- a/civicrm/CRM/Core/BAO/PdfFormat.php
+++ b/civicrm/CRM/Core/BAO/PdfFormat.php
@@ -230,6 +230,7 @@ class CRM_Core_BAO_PdfFormat extends CRM_Core_DAO_OptionValue {
* (reference) associative array of name/value pairs
*/
public static function &getByName($name) {
+ CRM_Core_Error::deprecatedFunctionWarning('none');
return self::getPdfFormat('name', $name);
}
diff --git a/civicrm/CRM/Core/EntityTokens.php b/civicrm/CRM/Core/EntityTokens.php
index af3ba17efd..9672f08c14 100644
--- a/civicrm/CRM/Core/EntityTokens.php
+++ b/civicrm/CRM/Core/EntityTokens.php
@@ -611,7 +611,8 @@ class CRM_Core_EntityTokens extends AbstractTokenSubscriber {
* @param string $prefix
*/
protected function addFieldToTokenMetadata(array &$tokensMetadata, array $field, array $exposedFields, string $prefix = ''): void {
- if ($field['type'] !== 'Custom' && !in_array($field['name'], $exposedFields, TRUE)) {
+ $isExposed = in_array(str_replace($prefix . '.', '', $field['name']), $exposedFields, TRUE);
+ if ($field['type'] !== 'Custom' && !$isExposed) {
return;
}
$field['audience'] = $field['audience'] ?? 'user';
@@ -635,8 +636,9 @@ class CRM_Core_EntityTokens extends AbstractTokenSubscriber {
$tokensMetadata[$tokenName] = $field;
return;
}
- $tokenName = $prefix ? ($prefix . '.' . $field['name']) : $field['name'];
- if (in_array($field['name'], $exposedFields, TRUE)) {
+ $tokenName = $field['name'];
+ // Presumably this line can not be reached unless isExposed = TRUE.
+ if ($isExposed) {
if (
($field['options'] || !empty($field['suffixes']))
// At the time of writing currency didn't have a label option - this may have changed.
diff --git a/civicrm/CRM/Event/Form/ManageEvent/Registration.php b/civicrm/CRM/Event/Form/ManageEvent/Registration.php
index babb08cc9f..4a76047396 100644
--- a/civicrm/CRM/Event/Form/ManageEvent/Registration.php
+++ b/civicrm/CRM/Event/Form/ManageEvent/Registration.php
@@ -444,7 +444,8 @@ class CRM_Event_Form_ManageEvent_Registration extends CRM_Event_Form_ManageEvent
if (($values['registration_link_text'] ?? '') === '') {
$errorMsg['registration_link_text'] = ts('Please enter Registration Link Text');
}
- if (($values['confirm_title'] ?? '') === '') {
+ // Check if the confirm text is set if we have enabled the confirmation page or page is monetary which forces the confirm page.
+ if (($values['confirm_title'] ?? '') === '' && (!empty($values['is_confirm_enabled']) || CRM_Core_DAO::getFieldValue('CRM_Event_DAO_Event', $form->_id, 'is_monetary'))) {
$errorMsg['confirm_title'] = ts('Please enter a Title for the registration Confirmation Page');
}
if (($values['thankyou_title'] ?? '') === '') {
diff --git a/civicrm/CRM/Extension/ClassLoader.php b/civicrm/CRM/Extension/ClassLoader.php
index 9ca81638bf..7f84b083a9 100644
--- a/civicrm/CRM/Extension/ClassLoader.php
+++ b/civicrm/CRM/Extension/ClassLoader.php
@@ -179,7 +179,12 @@ class CRM_Extension_ClassLoader {
* @return string
*/
protected function getCacheFile() {
- $envId = \CRM_Core_Config_Runtime::getId();
+ $envId = md5(implode(',', array_merge(
+ [\CRM_Core_Config_Runtime::getId()],
+ array_column($this->mapper->getActiveModuleFiles(), 'prefix')
+ // dev/core#4055 - When toggling ext's on systems with opcode caching, you may get stale reads for a moment.
+ // New cache key ensures new data-set.
+ )));
$file = \Civi::paths()->getPath("[civicrm.compile]/CachedExtLoader.{$envId}.php");
return $file;
}
diff --git a/civicrm/CRM/Report/Form.php b/civicrm/CRM/Report/Form.php
index 37a08a2e41..432d3f1ed2 100644
--- a/civicrm/CRM/Report/Form.php
+++ b/civicrm/CRM/Report/Form.php
@@ -3770,14 +3770,18 @@ WHERE cg.extends IN ('" . implode("','", $this->_customGroupExtends) . "') AND
}
CRM_Contact_BAO_GroupContactCache::check($smartGroups);
-
+ $aclFilter = NULL;
+ $selectWhereClauses = array_filter(CRM_Contact_BAO_Group::getSelectWhereClause('group'));
+ $aclFilter = implode(' AND ', $selectWhereClauses);
+ $aclFilter = !empty($aclFilter) ? ' AND ' . $aclFilter : '';
$smartGroupQuery = '';
if (!empty($smartGroups)) {
$smartGroups = implode(',', $smartGroups);
$smartGroupQuery = " UNION DISTINCT
SELECT DISTINCT smartgroup_contact.contact_id
FROM civicrm_group_contact_cache smartgroup_contact
- WHERE smartgroup_contact.group_id IN ({$smartGroups}) ";
+ INNER JOIN `civicrm_group` AS `group` ON `group`.id = smartgroup_contact.group_id
+ WHERE smartgroup_contact.group_id IN ({$smartGroups}) {$aclFilter}";
}
$sqlOp = $this->getSQLOperator($op);
@@ -3796,7 +3800,8 @@ WHERE cg.extends IN ('" . implode("','", $this->_customGroupExtends) . "') AND
return " {$contactAlias}.id {$sqlOp} (
SELECT DISTINCT {$this->_aliases['civicrm_group']}.contact_id
FROM civicrm_group_contact {$this->_aliases['civicrm_group']}
- WHERE {$clause} AND {$this->_aliases['civicrm_group']}.status = 'Added'
+ INNER JOIN `civicrm_group` AS `group` ON `group`.id = {$this->_aliases['civicrm_group']}.group_id
+ WHERE {$clause} AND {$this->_aliases['civicrm_group']}.status = 'Added' {$aclFilter}
{$smartGroupQuery} ) ";
}
@@ -3950,6 +3955,10 @@ WHERE cg.extends IN ('" . implode("','", $this->_customGroupExtends) . "') AND
$ret = [];
foreach ($this->selectedTables() as $tableName) {
$baoName = str_replace('_DAO_', '_BAO_', (CRM_Core_DAO_AllCoreTables::getClassForTable($tableName) ?? ''));
+ // Do not include CiviCRM group add Select Where clause because we don't necessarily join here for reports with optimisedGroupFilters
+ if ($baoName === 'CRM_Contact_BAO_Group') {
+ continue;
+ }
if ($baoName && class_exists($baoName) && !empty($this->_columns[$tableName]['alias'])) {
$tableAlias = $this->_columns[$tableName]['alias'];
$clauses = array_filter($baoName::getSelectWhereClause($tableAlias));
diff --git a/civicrm/CRM/Utils/Check/Component/Timestamps.php b/civicrm/CRM/Utils/Check/Component/Timestamps.php
index 0514ee4ca8..c2240cf179 100644
--- a/civicrm/CRM/Utils/Check/Component/Timestamps.php
+++ b/civicrm/CRM/Utils/Check/Component/Timestamps.php
@@ -58,7 +58,7 @@ class CRM_Utils_Check_Component_Timestamps extends CRM_Utils_Check_Component {
1 => 'target="_blank" href="https://dev.mysql.com/doc/refman/8.0/en/mysql-tzinfo-to-sql.html"',
]),
ts('MySQL Timezone Problem'),
- \Psr\Log\LogLevel::WARNING,
+ \Psr\Log\LogLevel::NOTICE,
'fa-clock-o'
);
}
diff --git a/civicrm/CRM/Utils/File.php b/civicrm/CRM/Utils/File.php
index bc882aa8f4..a822f32c6f 100644
--- a/civicrm/CRM/Utils/File.php
+++ b/civicrm/CRM/Utils/File.php
@@ -352,8 +352,7 @@ class CRM_Utils_File {
* @return bool
*/
public static function isExtensionSafe($ext) {
- static $extensions = NULL;
- if (!$extensions) {
+ if (!isset(Civi::$statics[__CLASS__]['file_extensions'])) {
$extensions = CRM_Core_OptionGroup::values('safe_file_extension', TRUE);
// make extensions to lowercase
@@ -370,9 +369,11 @@ class CRM_Utils_File {
unset($extensions['html']);
unset($extensions['htm']);
}
+ Civi::$statics[__CLASS__]['file_extensions'] = $extensions;
}
+ $restricted = CRM_Utils_Constant::value('CIVICRM_RESTRICTED_UPLOADS', '/(php|php\d|phtml|phar|pl|py|cgi|asp|js|sh|exe|pcgi\d)/i');
// support lower and uppercase file extensions
- return (bool) isset($extensions[strtolower($ext)]);
+ return (bool) isset(Civi::$statics[__CLASS__]['file_extensions'][strtolower($ext)]) && !preg_match($restricted, strtolower($ext));
}
/**
diff --git a/civicrm/Civi/Test/CiviTestListener.php b/civicrm/Civi/Test/CiviTestListener.php
index 6e3b4cdc08..fbd6fd8878 100644
--- a/civicrm/Civi/Test/CiviTestListener.php
+++ b/civicrm/Civi/Test/CiviTestListener.php
@@ -121,6 +121,7 @@ else {
\CRM_Core_Session::singleton()->set('userID', NULL);
// ugh, performance
$config = \CRM_Core_Config::singleton(TRUE, TRUE);
+ $config->userSystem->setMySQLTimeZone();
if (property_exists($config->userPermissionClass, 'permissions')) {
$config->userPermissionClass->permissions = NULL;
diff --git a/civicrm/Civi/Test/CiviTestListenerPHPUnit7.php b/civicrm/Civi/Test/CiviTestListenerPHPUnit7.php
index 8b4b9af92e..c29c572e81 100644
--- a/civicrm/Civi/Test/CiviTestListenerPHPUnit7.php
+++ b/civicrm/Civi/Test/CiviTestListenerPHPUnit7.php
@@ -114,6 +114,7 @@ class CiviTestListenerPHPUnit7 implements \PHPUnit\Framework\TestListener {
\CRM_Core_Session::singleton()->set('userID', NULL);
// ugh, performance
$config = \CRM_Core_Config::singleton(TRUE, TRUE);
+ $config->userSystem->setMySQLTimeZone();
if (property_exists($config->userPermissionClass, 'permissions')) {
$config->userPermissionClass->permissions = NULL;
diff --git a/civicrm/Civi/Test/Legacy/CiviTestListener.php b/civicrm/Civi/Test/Legacy/CiviTestListener.php
index 93fb4ac8fb..4889da722b 100644
--- a/civicrm/Civi/Test/Legacy/CiviTestListener.php
+++ b/civicrm/Civi/Test/Legacy/CiviTestListener.php
@@ -111,6 +111,7 @@ class CiviTestListener extends \PHPUnit_Framework_BaseTestListener {
\CRM_Core_Session::singleton()->set('userID', NULL);
// ugh, performance
$config = \CRM_Core_Config::singleton(TRUE, TRUE);
+ $config->userSystem->setMySQLTimeZone();
if (property_exists($config->userPermissionClass, 'permissions')) {
$config->userPermissionClass->permissions = NULL;
diff --git a/civicrm/civicrm-version.php b/civicrm/civicrm-version.php
index 9f43a6eb58..0622fa7f4d 100644
--- a/civicrm/civicrm-version.php
+++ b/civicrm/civicrm-version.php
@@ -1,7 +1,7 @@
<?php
/** @deprecated */
function civicrmVersion( ) {
- return array( 'version' => '5.58.0',
+ return array( 'version' => '5.58.1',
'cms' => 'Wordpress',
'revision' => '' );
}
diff --git a/civicrm/composer.lock b/civicrm/composer.lock
index a7dada33e2..13078911fa 100644
--- a/civicrm/composer.lock
+++ b/civicrm/composer.lock
@@ -612,16 +612,16 @@
},
{
"name": "dompdf/dompdf",
- "version": "v2.0.2",
+ "version": "v2.0.3",
"source": {
"type": "git",
"url": "https://github.com/dompdf/dompdf.git",
- "reference": "ad4c631bf8897fc1ca7b566468a969cfd71a558a"
+ "reference": "e8d2d5e37e8b0b30f0732a011295ab80680d7e85"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/dompdf/dompdf/zipball/ad4c631bf8897fc1ca7b566468a969cfd71a558a",
- "reference": "ad4c631bf8897fc1ca7b566468a969cfd71a558a",
+ "url": "https://api.github.com/repos/dompdf/dompdf/zipball/e8d2d5e37e8b0b30f0732a011295ab80680d7e85",
+ "reference": "e8d2d5e37e8b0b30f0732a011295ab80680d7e85",
"shasum": ""
},
"require": {
@@ -668,9 +668,9 @@
"homepage": "https://github.com/dompdf/dompdf",
"support": {
"issues": "https://github.com/dompdf/dompdf/issues",
- "source": "https://github.com/dompdf/dompdf/tree/v2.0.2"
+ "source": "https://github.com/dompdf/dompdf/tree/v2.0.3"
},
- "time": "2023-01-31T13:30:40+00:00"
+ "time": "2023-02-07T12:51:48+00:00"
},
{
"name": "ezyang/htmlpurifier",
diff --git a/civicrm/ext/afform/admin/info.xml b/civicrm/ext/afform/admin/info.xml
index b1fc0efe10..31c7ec80ac 100644
--- a/civicrm/ext/afform/admin/info.xml
+++ b/civicrm/ext/afform/admin/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-09</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>beta</develStage>
<compatibility>
<ver>5.58</ver>
diff --git a/civicrm/ext/afform/core/info.xml b/civicrm/ext/afform/core/info.xml
index e8247b5e43..38db7d63bc 100644
--- a/civicrm/ext/afform/core/info.xml
+++ b/civicrm/ext/afform/core/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-09</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>beta</develStage>
<compatibility>
<ver>5.58</ver>
diff --git a/civicrm/ext/afform/html/info.xml b/civicrm/ext/afform/html/info.xml
index 38c79d2e1b..b4852505eb 100644
--- a/civicrm/ext/afform/html/info.xml
+++ b/civicrm/ext/afform/html/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-09</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>alpha</develStage>
<compatibility>
<ver>5.58</ver>
diff --git a/civicrm/ext/afform/mock/info.xml b/civicrm/ext/afform/mock/info.xml
index 15cc1c62cc..1801f0ad37 100644
--- a/civicrm/ext/afform/mock/info.xml
+++ b/civicrm/ext/afform/mock/info.xml
@@ -12,7 +12,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-09</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/authx/info.xml b/civicrm/ext/authx/info.xml
index b33d350433..47b654cd16 100644
--- a/civicrm/ext/authx/info.xml
+++ b/civicrm/ext/authx/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-02-11</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.58</ver>
diff --git a/civicrm/ext/civicrm_admin_ui/info.xml b/civicrm/ext/civicrm_admin_ui/info.xml
index 824a80e055..6aeef831e4 100644
--- a/civicrm/ext/civicrm_admin_ui/info.xml
+++ b/civicrm/ext/civicrm_admin_ui/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2022-01-02</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>alpha</develStage>
<compatibility>
<ver>5.58</ver>
diff --git a/civicrm/ext/civigrant/info.xml b/civicrm/ext/civigrant/info.xml
index 02faef117e..1545bb4905 100644
--- a/civicrm/ext/civigrant/info.xml
+++ b/civicrm/ext/civigrant/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-11-11</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.58</ver>
diff --git a/civicrm/ext/civiimport/info.xml b/civicrm/ext/civiimport/info.xml
index a14b4566de..877c1b2b03 100644
--- a/civicrm/ext/civiimport/info.xml
+++ b/civicrm/ext/civiimport/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2022-08-11</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>alpha</develStage>
<compatibility>
<ver>5.58</ver>
diff --git a/civicrm/ext/ckeditor4/info.xml b/civicrm/ext/ckeditor4/info.xml
index f8b075b332..2fe1dd6c96 100644
--- a/civicrm/ext/ckeditor4/info.xml
+++ b/civicrm/ext/ckeditor4/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">https://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-05-23</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.58</ver>
diff --git a/civicrm/ext/contributioncancelactions/info.xml b/civicrm/ext/contributioncancelactions/info.xml
index a93b4514a5..f3b7ea1fd1 100644
--- a/civicrm/ext/contributioncancelactions/info.xml
+++ b/civicrm/ext/contributioncancelactions/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-10-12</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.58</ver>
diff --git a/civicrm/ext/elavon/info.xml b/civicrm/ext/elavon/info.xml
index d97c229a39..4477e1f043 100644
--- a/civicrm/ext/elavon/info.xml
+++ b/civicrm/ext/elavon/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2022-08-05</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.58</ver>
diff --git a/civicrm/ext/eventcart/info.xml b/civicrm/ext/eventcart/info.xml
index b675a63654..b84e15f037 100644
--- a/civicrm/ext/eventcart/info.xml
+++ b/civicrm/ext/eventcart/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-08-03</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/ewaysingle/info.xml b/civicrm/ext/ewaysingle/info.xml
index 6c5d857922..e5fac2c140 100644
--- a/civicrm/ext/ewaysingle/info.xml
+++ b/civicrm/ext/ewaysingle/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-10-07</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/financialacls/info.xml b/civicrm/ext/financialacls/info.xml
index 65029056bb..47ce98a29a 100644
--- a/civicrm/ext/financialacls/info.xml
+++ b/civicrm/ext/financialacls/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-08-27</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.58</ver>
diff --git a/civicrm/ext/flexmailer/info.xml b/civicrm/ext/flexmailer/info.xml
index 6a0f469e4e..7a71dddabf 100644
--- a/civicrm/ext/flexmailer/info.xml
+++ b/civicrm/ext/flexmailer/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-08-05</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>stable</develStage>
<comments>
FlexMailer is an email delivery engine which replaces the internal guts
diff --git a/civicrm/ext/greenwich/info.xml b/civicrm/ext/greenwich/info.xml
index e063c2102d..c98060aa5b 100644
--- a/civicrm/ext/greenwich/info.xml
+++ b/civicrm/ext/greenwich/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-07-21</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/legacycustomsearches/info.xml b/civicrm/ext/legacycustomsearches/info.xml
index fd2c926acf..59ee823f8c 100644
--- a/civicrm/ext/legacycustomsearches/info.xml
+++ b/civicrm/ext/legacycustomsearches/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-07-25</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>stable</develStage>
<tags>
<tag>mgmt:hidden</tag>
diff --git a/civicrm/ext/message_admin/info.xml b/civicrm/ext/message_admin/info.xml
index 59bf012b17..a8e835b4a0 100644
--- a/civicrm/ext/message_admin/info.xml
+++ b/civicrm/ext/message_admin/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-06-12</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>alpha</develStage>
<compatibility>
<ver>5.58</ver>
diff --git a/civicrm/ext/oauth-client/info.xml b/civicrm/ext/oauth-client/info.xml
index aa0093af19..e5063c1c3b 100644
--- a/civicrm/ext/oauth-client/info.xml
+++ b/civicrm/ext/oauth-client/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-10-23</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.58</ver>
diff --git a/civicrm/ext/payflowpro/info.xml b/civicrm/ext/payflowpro/info.xml
index a2ce72e813..00b3b400ec 100644
--- a/civicrm/ext/payflowpro/info.xml
+++ b/civicrm/ext/payflowpro/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-04-13</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.58</ver>
diff --git a/civicrm/ext/recaptcha/info.xml b/civicrm/ext/recaptcha/info.xml
index 4595946a29..ef978c7f7a 100644
--- a/civicrm/ext/recaptcha/info.xml
+++ b/civicrm/ext/recaptcha/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-04-03</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/search_kit/info.xml b/civicrm/ext/search_kit/info.xml
index 45d85fb36c..ebab5ba583 100644
--- a/civicrm/ext/search_kit/info.xml
+++ b/civicrm/ext/search_kit/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-01-06</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<develStage>stable</develStage>
<tags>
<tag>mgmt:required</tag>
diff --git a/civicrm/ext/sequentialcreditnotes/info.xml b/civicrm/ext/sequentialcreditnotes/info.xml
index 86f8b93090..5ed5ee2a77 100644
--- a/civicrm/ext/sequentialcreditnotes/info.xml
+++ b/civicrm/ext/sequentialcreditnotes/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-28</releaseDate>
- <version>5.58.0</version>
+ <version>5.58.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/release-notes.md b/civicrm/release-notes.md
index 36908d4d8d..e154f37420 100644
--- a/civicrm/release-notes.md
+++ b/civicrm/release-notes.md
@@ -15,6 +15,16 @@ Other resources for identifying changes are:
* https://github.com/civicrm/civicrm-joomla
* https://github.com/civicrm/civicrm-wordpress
+## CiviCRM 5.58.1
+
+Released February 15, 2023
+
+- **[Synopsis](release-notes/5.58.1.md#synopsis)**
+- **[Security advisories](release-notes/5.58.1.md#security)**
+- **[Bugs resolved](release-notes/5.58.1.md#bugs)**
+- **[Credits](release-notes/5.58.1.md#credits)**
+- **[Feedback](release-notes/5.58.1.md#feedback)**
+
## CiviCRM 5.58.0
Released February 1, 2023
diff --git a/civicrm/release-notes/5.58.1.md b/civicrm/release-notes/5.58.1.md
new file mode 100644
index 0000000000..db065998ce
--- /dev/null
+++ b/civicrm/release-notes/5.58.1.md
@@ -0,0 +1,53 @@
+# CiviCRM 5.58.1
+
+Released February 15, 2023
+
+- **[Synopsis](#synopsis)**
+- **[Security advisories](#security)**
+- **[Bugs resolved](#bugs)**
+- **[Credits](#credits)**
+- **[Feedback](#feedback)**
+
+## <a name="synopsis"></a>Synopsis
+
+| *Does this version...?* | |
+| --------------------------------------------------------------- | -------- |
+| Change the database schema? | no |
+| Alter the API? | no |
+| Require attention to configuration options? | no |
+| Fix problems installing or upgrading to a previous version? | no |
+| Introduce features? | no |
+| **Fix bugs?** | **yes** |
+| **Fix security vulnerabilities?** | **yes** |
+
+## <a name="security"></a>Security advisories
+
+* **[CIVI-SA-2023-04](https://civicrm.org/advisory/civi-sa-2023-04-file-type-restrictions): File Type Restrictions**
+* **[CIVI-SA-2023-05](https://civicrm.org/advisory/civi-sa-2023-05-quick-add-xss): Quick Add XSS (WordPress)**
+* **[CIVI-SA-2023-06](https://civicrm.org/advisory/civi-sa-2023-06-dompdf-203): Dompdf 2.0.3 RCE**
+
+## <a name="bugs"></a>Bugs resolved
+
+* **_CiviContribute_: PDF invoice renders with incorrect formatting ([dev/core#4080](https://lab.civicrm.org/dev/core/-/issues/4080): [#25547](https://github.com/civicrm/civicrm-core/pull/25547))**
+* **_CiviEvent_: Excessive validation of title field ([dev/core#4119](https://lab.civicrm.org/dev/core/-/issues/4119): [#25578](https://github.com/civicrm/civicrm-core/pull/25578))**
+* **_CiviReports_: Error "no such field" when displaying to limited-access user ([dev/core#4068](https://lab.civicrm.org/dev/core/-/issues/4068): [#25525](https://github.com/civicrm/civicrm-core/pull/25525))**
+* **_Extensions_: During installation, new classes may not initially load ([dev/core#4055](https://lab.civicrm.org/dev/core/-/issues/4055): [#25379](https://github.com/civicrm/civicrm-core/pull/25379))**
+* **_Status Check_: Tweak severity of new timezone warning ([#25583](https://github.com/civicrm/civicrm-core/pull/25583/))**
+* **_Testing_: Headless tests should initialize timezone ([#25534](https://github.com/civicrm/civicrm-core/pull/25534))**
+* **_Tokens_: Tokens like `{contact.email_primary.email}` do not render consistently ([dev/core#4109](https://lab.civicrm.org/dev/core/-/issues/4109): [#25548](https://github.com/civicrm/civicrm-core/pull/25548/))**
+
+## <a name="credits"></a>Credits
+
+This release was developed by the following authors and reviewers:
+
+Wikimedia Foundation - Eileen McNaughton; timinaust; Tadpole Collective - Kevin Cristiano;
+Megaphone Technology Consulting - Jon Goldberg; Maria; JMA Consulting - Seamus Lee;
+Deloitte - Andrea Intilangelo; Dave D; CiviDesk - Yashodha Chaku; CiviCRM - Tim Otten;
+CiviCoop - Klaas Eikelboom, Erik Hommel; Circle Interactive - Pradeep Nayak; Bob Silvern;
+ben_fairless; Australian Greens - Andrew Cormick-Dockery
+
+## <a name="feedback"></a>Feedback
+
+These release notes are edited by Tim Otten and Andie Hunt. If you'd like to
+provide feedback on them, please login to https://chat.civicrm.org/civicrm and
+contact `@agh1`.
diff --git a/civicrm/sql/civicrm_data.mysql b/civicrm/sql/civicrm_data.mysql
index 2dfca6f7c6..aaf3e96633 100644
--- a/civicrm/sql/civicrm_data.mysql
+++ b/civicrm/sql/civicrm_data.mysql
@@ -23665,4 +23665,4 @@ INSERT INTO `civicrm_report_instance`
( `domain_id`, `title`, `report_id`, `description`, `permission`, `form_values`)
VALUES
( @domainID, 'Survey Details', 'survey/detail', 'Detailed report for canvassing, phone-banking, walk lists or other surveys.', 'access CiviReport', 'a:39:{s:6:"fields";a:2:{s:9:"sort_name";s:1:"1";s:6:"result";s:1:"1";}s:22:"assignee_contact_id_op";s:2:"eq";s:25:"assignee_contact_id_value";s:0:"";s:12:"sort_name_op";s:3:"has";s:15:"sort_name_value";s:0:"";s:17:"street_number_min";s:0:"";s:17:"street_number_max";s:0:"";s:16:"street_number_op";s:3:"lte";s:19:"street_number_value";s:0:"";s:14:"street_name_op";s:3:"has";s:17:"street_name_value";s:0:"";s:15:"postal_code_min";s:0:"";s:15:"postal_code_max";s:0:"";s:14:"postal_code_op";s:3:"lte";s:17:"postal_code_value";s:0:"";s:7:"city_op";s:3:"has";s:10:"city_value";s:0:"";s:20:"state_province_id_op";s:2:"in";s:23:"state_province_id_value";a:0:{}s:13:"country_id_op";s:2:"in";s:16:"country_id_value";a:0:{}s:12:"survey_id_op";s:2:"in";s:15:"survey_id_value";a:0:{}s:12:"status_id_op";s:2:"eq";s:15:"status_id_value";s:1:"1";s:11:"custom_1_op";s:2:"in";s:14:"custom_1_value";a:0:{}s:11:"custom_2_op";s:2:"in";s:14:"custom_2_value";a:0:{}s:17:"custom_3_relative";s:1:"0";s:13:"custom_3_from";s:0:"";s:11:"custom_3_to";s:0:"";s:11:"description";s:75:"Detailed report for canvassing, phone-banking, walk lists or other surveys.";s:13:"email_subject";s:0:"";s:8:"email_to";s:0:"";s:8:"email_cc";s:0:"";s:10:"permission";s:17:"access CiviReport";s:6:"groups";s:0:"";s:9:"domain_id";i:1;}');
-UPDATE civicrm_domain SET version = '5.58.0';
+UPDATE civicrm_domain SET version = '5.58.1';
diff --git a/civicrm/sql/civicrm_generated.mysql b/civicrm/sql/civicrm_generated.mysql
index 9804f8dbc1..83764dab85 100644
--- a/civicrm/sql/civicrm_generated.mysql
+++ b/civicrm/sql/civicrm_generated.mysql
@@ -3056,7 +3056,7 @@ UNLOCK TABLES;
LOCK TABLES `civicrm_domain` WRITE;
/*!40000 ALTER TABLE `civicrm_domain` DISABLE KEYS */;
INSERT INTO `civicrm_domain` (`id`, `name`, `description`, `version`, `contact_id`, `locales`, `locale_custom_strings`) VALUES
- (1,'Default Domain Name',NULL,'5.58.0',1,NULL,'a:1:{s:5:\"en_US\";a:0:{}}');
+ (1,'Default Domain Name',NULL,'5.58.1',1,NULL,'a:1:{s:5:\"en_US\";a:0:{}}');
/*!40000 ALTER TABLE `civicrm_domain` ENABLE KEYS */;
UNLOCK TABLES;
diff --git a/civicrm/vendor/autoload.php b/civicrm/vendor/autoload.php
index 06c26c107e..88d7f9c244 100644
--- a/civicrm/vendor/autoload.php
+++ b/civicrm/vendor/autoload.php
@@ -4,4 +4,4 @@
require_once __DIR__ . '/composer/autoload_real.php';
-return ComposerAutoloaderInit0a6d5998695b3b88d8c91af1ab91d6ad::getLoader();
+return ComposerAutoloaderInit9f9955bf8d90b6eb142de17e7c9fca9f::getLoader();
diff --git a/civicrm/vendor/composer/autoload_real.php b/civicrm/vendor/composer/autoload_real.php
index 7b36999685..af7d58b020 100644
--- a/civicrm/vendor/composer/autoload_real.php
+++ b/civicrm/vendor/composer/autoload_real.php
@@ -2,7 +2,7 @@
// autoload_real.php @generated by Composer
-class ComposerAutoloaderInit0a6d5998695b3b88d8c91af1ab91d6ad
+class ComposerAutoloaderInit9f9955bf8d90b6eb142de17e7c9fca9f
{
private static $loader;
@@ -24,9 +24,9 @@ class ComposerAutoloaderInit0a6d5998695b3b88d8c91af1ab91d6ad
require __DIR__ . '/platform_check.php';
- spl_autoload_register(array('ComposerAutoloaderInit0a6d5998695b3b88d8c91af1ab91d6ad', 'loadClassLoader'), true, true);
+ spl_autoload_register(array('ComposerAutoloaderInit9f9955bf8d90b6eb142de17e7c9fca9f', 'loadClassLoader'), true, true);
self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
- spl_autoload_unregister(array('ComposerAutoloaderInit0a6d5998695b3b88d8c91af1ab91d6ad', 'loadClassLoader'));
+ spl_autoload_unregister(array('ComposerAutoloaderInit9f9955bf8d90b6eb142de17e7c9fca9f', 'loadClassLoader'));
$includePaths = require __DIR__ . '/include_paths.php';
$includePaths[] = get_include_path();
@@ -36,7 +36,7 @@ class ComposerAutoloaderInit0a6d5998695b3b88d8c91af1ab91d6ad
if ($useStaticLoader) {
require __DIR__ . '/autoload_static.php';
- call_user_func(\Composer\Autoload\ComposerStaticInit0a6d5998695b3b88d8c91af1ab91d6ad::getInitializer($loader));
+ call_user_func(\Composer\Autoload\ComposerStaticInit9f9955bf8d90b6eb142de17e7c9fca9f::getInitializer($loader));
} else {
$map = require __DIR__ . '/autoload_namespaces.php';
foreach ($map as $namespace => $path) {
@@ -57,12 +57,12 @@ class ComposerAutoloaderInit0a6d5998695b3b88d8c91af1ab91d6ad
$loader->register(true);
if ($useStaticLoader) {
- $includeFiles = Composer\Autoload\ComposerStaticInit0a6d5998695b3b88d8c91af1ab91d6ad::$files;
+ $includeFiles = Composer\Autoload\ComposerStaticInit9f9955bf8d90b6eb142de17e7c9fca9f::$files;
} else {
$includeFiles = require __DIR__ . '/autoload_files.php';
}
foreach ($includeFiles as $fileIdentifier => $file) {
- composerRequire0a6d5998695b3b88d8c91af1ab91d6ad($fileIdentifier, $file);
+ composerRequire9f9955bf8d90b6eb142de17e7c9fca9f($fileIdentifier, $file);
}
return $loader;
@@ -74,7 +74,7 @@ class ComposerAutoloaderInit0a6d5998695b3b88d8c91af1ab91d6ad
* @param string $file
* @return void
*/
-function composerRequire0a6d5998695b3b88d8c91af1ab91d6ad($fileIdentifier, $file)
+function composerRequire9f9955bf8d90b6eb142de17e7c9fca9f($fileIdentifier, $file)
{
if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
$GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
diff --git a/civicrm/vendor/composer/autoload_static.php b/civicrm/vendor/composer/autoload_static.php
index 252be81cf2..fa4028dd78 100644
--- a/civicrm/vendor/composer/autoload_static.php
+++ b/civicrm/vendor/composer/autoload_static.php
@@ -4,7 +4,7 @@
namespace Composer\Autoload;
-class ComposerStaticInit0a6d5998695b3b88d8c91af1ab91d6ad
+class ComposerStaticInit9f9955bf8d90b6eb142de17e7c9fca9f
{
public static $files = array (
'a4a119a56e50fbb293281d9a48007e0e' => __DIR__ . '/..' . '/symfony/polyfill-php80/bootstrap.php',
@@ -738,11 +738,11 @@ class ComposerStaticInit0a6d5998695b3b88d8c91af1ab91d6ad
public static function getInitializer(ClassLoader $loader)
{
return \Closure::bind(function () use ($loader) {
- $loader->prefixLengthsPsr4 = ComposerStaticInit0a6d5998695b3b88d8c91af1ab91d6ad::$prefixLengthsPsr4;
- $loader->prefixDirsPsr4 = ComposerStaticInit0a6d5998695b3b88d8c91af1ab91d6ad::$prefixDirsPsr4;
- $loader->prefixesPsr0 = ComposerStaticInit0a6d5998695b3b88d8c91af1ab91d6ad::$prefixesPsr0;
- $loader->fallbackDirsPsr0 = ComposerStaticInit0a6d5998695b3b88d8c91af1ab91d6ad::$fallbackDirsPsr0;
- $loader->classMap = ComposerStaticInit0a6d5998695b3b88d8c91af1ab91d6ad::$classMap;
+ $loader->prefixLengthsPsr4 = ComposerStaticInit9f9955bf8d90b6eb142de17e7c9fca9f::$prefixLengthsPsr4;
+ $loader->prefixDirsPsr4 = ComposerStaticInit9f9955bf8d90b6eb142de17e7c9fca9f::$prefixDirsPsr4;
+ $loader->prefixesPsr0 = ComposerStaticInit9f9955bf8d90b6eb142de17e7c9fca9f::$prefixesPsr0;
+ $loader->fallbackDirsPsr0 = ComposerStaticInit9f9955bf8d90b6eb142de17e7c9fca9f::$fallbackDirsPsr0;
+ $loader->classMap = ComposerStaticInit9f9955bf8d90b6eb142de17e7c9fca9f::$classMap;
}, null, ClassLoader::class);
}
diff --git a/civicrm/vendor/composer/include_paths.php b/civicrm/vendor/composer/include_paths.php
index 189ce0e9b6..06cf2843ee 100644
--- a/civicrm/vendor/composer/include_paths.php
+++ b/civicrm/vendor/composer/include_paths.php
@@ -12,9 +12,9 @@ return array(
$vendorDir . '/pear/console_getopt',
$vendorDir . '/pear/pear-core-minimal/src',
$vendorDir . '/pear/db',
- $vendorDir . '/pear/log',
$vendorDir . '/pear/mail',
$vendorDir . '/pear/mail_mime',
+ $vendorDir . '/pear/log',
$vendorDir . '/pear/net_socket',
$vendorDir . '/pear/net_smtp',
$vendorDir . '/pear/validate_finance_creditcard',
diff --git a/civicrm/vendor/composer/installed.json b/civicrm/vendor/composer/installed.json
index d391cf0e34..a193a2405d 100644
--- a/civicrm/vendor/composer/installed.json
+++ b/civicrm/vendor/composer/installed.json
@@ -644,17 +644,17 @@
},
{
"name": "dompdf/dompdf",
- "version": "v2.0.2",
- "version_normalized": "2.0.2.0",
+ "version": "v2.0.3",
+ "version_normalized": "2.0.3.0",
"source": {
"type": "git",
"url": "https://github.com/dompdf/dompdf.git",
- "reference": "ad4c631bf8897fc1ca7b566468a969cfd71a558a"
+ "reference": "e8d2d5e37e8b0b30f0732a011295ab80680d7e85"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/dompdf/dompdf/zipball/ad4c631bf8897fc1ca7b566468a969cfd71a558a",
- "reference": "ad4c631bf8897fc1ca7b566468a969cfd71a558a",
+ "url": "https://api.github.com/repos/dompdf/dompdf/zipball/e8d2d5e37e8b0b30f0732a011295ab80680d7e85",
+ "reference": "e8d2d5e37e8b0b30f0732a011295ab80680d7e85",
"shasum": ""
},
"require": {
@@ -678,7 +678,7 @@
"ext-imagick": "Improves image processing performance",
"ext-zlib": "Needed for pdf stream compression"
},
- "time": "2023-01-31T13:30:40+00:00",
+ "time": "2023-02-07T12:51:48+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
@@ -703,7 +703,7 @@
"homepage": "https://github.com/dompdf/dompdf",
"support": {
"issues": "https://github.com/dompdf/dompdf/issues",
- "source": "https://github.com/dompdf/dompdf/tree/v2.0.2"
+ "source": "https://github.com/dompdf/dompdf/tree/v2.0.3"
},
"install-path": "../dompdf/dompdf"
},
diff --git a/civicrm/vendor/composer/installed.php b/civicrm/vendor/composer/installed.php
index fa86928f8c..906722d6a1 100644
--- a/civicrm/vendor/composer/installed.php
+++ b/civicrm/vendor/composer/installed.php
@@ -5,7 +5,7 @@
'type' => 'library',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
- 'reference' => 'cd24acea9d5cf85df3b0fe54fc5cadfcf60a8cef',
+ 'reference' => '755314ae9e46286a587e1138a15b92aaaa0278a1',
'name' => 'civicrm/civicrm-core',
'dev' => true,
),
@@ -61,7 +61,7 @@
'type' => 'library',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
- 'reference' => 'cd24acea9d5cf85df3b0fe54fc5cadfcf60a8cef',
+ 'reference' => '755314ae9e46286a587e1138a15b92aaaa0278a1',
'dev_requirement' => false,
),
'civicrm/civicrm-cxn-rpc' => array(
@@ -119,12 +119,12 @@
'dev_requirement' => false,
),
'dompdf/dompdf' => array(
- 'pretty_version' => 'v2.0.2',
- 'version' => '2.0.2.0',
+ 'pretty_version' => 'v2.0.3',
+ 'version' => '2.0.3.0',
'type' => 'library',
'install_path' => __DIR__ . '/../dompdf/dompdf',
'aliases' => array(),
- 'reference' => 'ad4c631bf8897fc1ca7b566468a969cfd71a558a',
+ 'reference' => 'e8d2d5e37e8b0b30f0732a011295ab80680d7e85',
'dev_requirement' => false,
),
'ezyang/htmlpurifier' => array(
diff --git a/civicrm/vendor/dompdf/dompdf/VERSION b/civicrm/vendor/dompdf/dompdf/VERSION
index e9307ca575..50ffc5aa7f 100644
--- a/civicrm/vendor/dompdf/dompdf/VERSION
+++ b/civicrm/vendor/dompdf/dompdf/VERSION
@@ -1 +1 @@
-2.0.2
+2.0.3
diff --git a/civicrm/vendor/dompdf/dompdf/src/Image/Cache.php b/civicrm/vendor/dompdf/dompdf/src/Image/Cache.php
index 6141cb503a..8e36aa2b7c 100644
--- a/civicrm/vendor/dompdf/dompdf/src/Image/Cache.php
+++ b/civicrm/vendor/dompdf/dompdf/src/Image/Cache.php
@@ -135,15 +135,19 @@ class Cache
function ($parser, $name, $attributes) use ($options, $parsed_url, $full_url) {
if (strtolower($name) === "image") {
$attributes = array_change_key_case($attributes, CASE_LOWER);
- $url = $attributes["xlink:href"] ?? $attributes["href"];
- if (!empty($url)) {
- $inner_full_url = Helpers::build_url($parsed_url["protocol"], $parsed_url["host"], $parsed_url["path"], $url);
- if ($inner_full_url === $full_url) {
- throw new ImageException("SVG self-reference is not allowed", E_WARNING);
- }
- [$resolved_url, $type, $message] = self::resolve_url($url, $parsed_url["protocol"], $parsed_url["host"], $parsed_url["path"], $options);
- if (!empty($message)) {
- throw new ImageException("This SVG document references a restricted resource. $message", E_WARNING);
+ $urls = [];
+ $urls[] = $attributes["xlink:href"] ?? "";
+ $urls[] = $attributes["href"] ?? "";
+ foreach ($urls as $url) {
+ if (!empty($url)) {
+ $inner_full_url = Helpers::build_url($parsed_url["protocol"], $parsed_url["host"], $parsed_url["path"], $url);
+ if ($inner_full_url === $full_url) {
+ throw new ImageException("SVG self-reference is not allowed", E_WARNING);
+ }
+ [$resolved_url, $type, $message] = self::resolve_url($url, $parsed_url["protocol"], $parsed_url["host"], $parsed_url["path"], $options);
+ if (!empty($message)) {
+ throw new ImageException("This SVG document references a restricted resource. $message", E_WARNING);
+ }
}
}
}
@@ -156,6 +160,7 @@ class Cache
xml_parse($parser, $line, false);
}
fclose($fp);
+ xml_parse($parser, "", true);
}
xml_parser_free($parser);
}
diff --git a/civicrm/xml/version.xml b/civicrm/xml/version.xml
index 06550a834c..679fb654b1 100644
--- a/civicrm/xml/version.xml
+++ b/civicrm/xml/version.xml
@@ -1,4 +1,4 @@
<?xml version="1.0" encoding="iso-8859-1" ?>
<version>
- <version_no>5.58.0</version_no>
+ <version_no>5.58.1</version_no>
</version>
diff --git a/includes/admin-metaboxes/civicrm.metabox.contact.add.php b/includes/admin-metaboxes/civicrm.metabox.contact.add.php
index 0bb9a21c26..4bb01d48cf 100644
--- a/includes/admin-metaboxes/civicrm.metabox.contact.add.php
+++ b/includes/admin-metaboxes/civicrm.metabox.contact.add.php
@@ -222,7 +222,11 @@ class CiviCRM_For_WordPress_Admin_Metabox_Contact_Add {
// Check our session for data.
$session = CRM_Core_Session::singleton();
$recents = $session->get('quick_add_recents');
-
+ if (!empty($recents) && is_array($recents)) {
+ foreach ($recents as $key => $value) {
+ $recents[$key] = CRM_Utils_String::purifyHtml($value);
+ }
+ }
// Maybe add a class to the "Recently Added" wrapper.
$visiblity_class = '';
if (!empty($recents)) {
@@ -351,7 +355,7 @@ class CiviCRM_For_WordPress_Admin_Metabox_Contact_Add {
// Construct list item containing link to "View Contact" screen.
$url = $this->civi->admin->get_admin_link('civicrm/contact/view', 'reset=1&cid=' . $contact['id']);
- $link = '<li><a href="' . $url . '" target="_blank">' . $contact['display_name'] . '</a></li>';
+ $link = CRM_Utils_String::purifyHtml('<li><a href="' . $url . '" target="_blank">' . $contact['display_name'] . '</a></li>');
// Check our session for existing data.
$session = CRM_Core_Session::singleton();
@@ -514,7 +518,7 @@ class CiviCRM_For_WordPress_Admin_Metabox_Contact_Add {
// Construct list item containing link to "View Contact" screen.
$url = $this->civi->admin->get_admin_link('civicrm/contact/view', 'reset=1&cid=' . $contact['id']);
- $link = '<li><a href="' . $url . '" target="_blank">' . $contact['display_name'] . '</a></li>';
+ $link = CRM_Utils_String::purifyHtml('<li><a href="' . $url . '" target="_blank">' . $contact['display_name'] . '</a></li>');
// Check our session for existing data.
$session = CRM_Core_Session::singleton();
--
GitLab