Details
-
Type:
Improvement
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 4.5
-
Fix Version/s: 4.5
-
Component/s: CiviCRM Profile
-
Labels:None
Description
Currently profiles used in reserved forms (e.g New Individual, New Household, etc.) need to have the 'Standalone Form and Listing' checkbox TRUE. (This means they have a row in uf_join table where module='Profile')
However, this means these forms can be exposed unintentionally to spam-bots. We'll prevent unintentional exposure of these reserved profile forms by allowing their internal use WITHOUT the 'Profile' module property.
Implementation
===========
1. Update new installation meta-data to remove the 'Standalone Form and Listing' property from all reserved profiles (uf_group where is_reserved = 1).
2. Modify the code which checks whether a profile form can be loaded in create mode to check for either module=Profile OR (is_reserved is true AND user has "add contacts" permission.
NOTE: I don't think we should change the settings for reserved profiles in the upgrade because folks may be INTENTIONALLY using these profiles as standalone forms.
