herbdool
diff --git a/‎profiles/civicrm_starterkit/civicrm_starterkit.make
+1-1 b/‎profiles/civicrm_starterkit/civicrm_starterkit.make
+1-1
diff --git a/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Activity/BAO/Activity.php
+68-44 b/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Activity/BAO/Activity.php
+68-44
diff --git a/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Activity/BAO/Query.php
+3-3 b/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Activity/BAO/Query.php
+3-3
diff --git a/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Activity/Form/Activity.php
+1-1 b/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Activity/Form/Activity.php
+1-1
diff --git a/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Activity/Form/ActivityView.php
+1-1 b/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Activity/Form/ActivityView.php
+1-1
diff --git a/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Activity/Form/Search.php
+1-1 b/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Activity/Form/Search.php
+1-1
diff --git a/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Activity/Page/Tab.php
+2-2 b/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Activity/Page/Tab.php
+2-2
diff --git a/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Admin/Form/MessageTemplates.php
+21 b/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Admin/Form/MessageTemplates.php
+21
diff --git a/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Admin/Form/Options.php
+7-7 b/‎profiles/civicrm_starterkit/modules/civicrm/CRM/Admin/Form/Options.php
+7-7
@@ -13,7 +13,7 @@ projects[drupal][version] = "7.51"
 ; ====== CIVICRM RELATED =========
 
 libraries[civicrm][download][type] = get
-libraries[civicrm][download][url] = "https://download.civicrm.org/civicrm-5.2.1-drupal.tar.gz"
+libraries[civicrm][download][url] = "https://download.civicrm.org/civicrm-5.3.1-drupal.tar.gz"
 libraries[civicrm][destination] = modules
 libraries[civicrm][directory_name] = civicrm
 
 
@@ -676,13 +676,11 @@ public static function logActivityAction($activity, $logMessage = NULL) {
    *
    * @return array|int
    *   Relevant data object values of open activities
+   * @throws \CiviCRM_API3_Exception
    */
   public static function getActivities($params, $getCount = FALSE) {
     $activities = array();
 
-    // fetch all active activity types
-    $activityTypes = CRM_Core_OptionGroup::values('activity_type');
-
     // Activity.Get API params
     $activityParams = array(
       'is_deleted' => 0,
@@ -711,37 +709,11 @@ public static function getActivities($params, $getCount = FALSE) {
       ),
     );
 
-    // activity type ID clause
-    if (!empty($params['activity_type_id'])) {
-      if (is_array($params['activity_type_id'])) {
-        foreach ($params['activity_type_id'] as $idx => $value) {
-          $params['activity_type_id'][$idx] = CRM_Utils_Type::escape($value, 'Positive');
-        }
-        $activityParams['activity_type_id'] = array('IN' => $params['activity_type_id']);
-      }
-      else {
-        $activityParams['activity_type_id'] = CRM_Utils_Type::escape($params['activity_type_id'], 'Positive');
-      }
-    }
-    elseif (!empty($activityTypes) && count($activityTypes)) {
-      $activityParams['activity_type_id'] = array('IN' => array_keys($activityTypes));
-    }
-
     if (!empty($params['activity_status_id'])) {
       $activityParams['activity_status_id'] = array('IN' => explode(',', $params['activity_status_id']));
     }
 
-    $excludeActivityIDs = array();
-    if (!empty($params['activity_type_exclude_id'])) {
-      if (is_array($params['activity_type_exclude_id'])) {
-        foreach ($params['activity_type_exclude_id'] as $idx => $value) {
-          $excludeActivityIDs[$idx] = CRM_Utils_Type::escape($value, 'Positive');
-        }
-      }
-      else {
-        $excludeActivityIDs[] = CRM_Utils_Type::escape($params['activity_type_exclude_id'], 'Positive');
-      }
-    }
+    $activityParams['activity_type_id'] = self::filterActivityTypes($params);
 
     if (!empty($params['rowCount']) &&
       $params['rowCount'] > 0
@@ -771,8 +743,8 @@ public static function getActivities($params, $getCount = FALSE) {
     $result = civicrm_api3('Activity', 'Get', $activityParams);
 
     $enabledComponents = self::activityComponents();
+    $bulkActivityTypeID = CRM_Core_PseudoConstant::getKey('CRM_Activity_BAO_Activity', 'activity_type_id', 'Bulk Email');
     $allCampaigns = CRM_Campaign_BAO_Campaign::getCampaigns(NULL, NULL, FALSE, FALSE, FALSE, TRUE);
-    $bulkActivityTypeID = CRM_Core_PseudoConstant::getKey(__CLASS__, 'activity_type_id', 'Bulk Email');
 
     // CRM-3553, need to check user has access to target groups.
     $mailingIDs = CRM_Mailing_BAO_Mailing::mailingACLIDs();
@@ -797,9 +769,7 @@ public static function getActivities($params, $getCount = FALSE) {
 
     foreach ($result['values'] as $id => $activity) {
       // skip case activities if CiviCase is not enabled OR those actvities which are
-      if ((!empty($activity['case_id']) && !in_array('CiviCase', $enabledComponents)) ||
-        (count($excludeActivityIDs) && in_array($activity['activity_type_id'], $excludeActivityIDs))
-      ) {
+      if (!empty($activity['case_id']) && !in_array('CiviCase', $enabledComponents)) {
         continue;
       }
 
@@ -840,7 +810,7 @@ public static function getActivities($params, $getCount = FALSE) {
         else {
           $activities[$id][$expectedName] = CRM_Utils_Array::value($apiKey, $activity);
           if ($apiKey == 'activity_type_id') {
-            $activities[$id]['activity_type'] = CRM_Utils_Array::value($activities[$id][$expectedName], $activityTypes);
+            $activities[$id]['activity_type'] = CRM_Core_PseudoConstant::getName('CRM_Activity_BAO_Activity', 'activity_type_id', $activities[$id][$expectedName]);
           }
           elseif ($apiKey == 'campaign_id') {
             $activities[$id]['campaign'] = CRM_Utils_Array::value($activities[$id][$expectedName], $allCampaigns);
@@ -859,6 +829,60 @@ public static function getActivities($params, $getCount = FALSE) {
     return $getCount ? count($activities) : $activities;
   }
 
+  /**
+   * Filter the activity types to only return the ones we actually asked for
+   * Uses params['activity_type_id'] and params['activity_type_exclude_id']
+   *
+   * @param $params
+   * @return array|null (Use in Activity.get API activity_type_id)
+   */
+  public static function filterActivityTypes($params) {
+    $activityTypes = array();
+
+    // If no activity types are specified, get all the active ones
+    if (empty($params['activity_type_id'])) {
+      $activityTypes = CRM_Activity_BAO_Activity::buildOptions('activity_type_id', 'get');
+    }
+
+    // If no activity types are specified or excluded, return the list of all active ones
+    if (empty($params['activity_type_id']) && empty($params['activity_type_exclude_id'])) {
+      if (!empty($activityTypes)) {
+        return array('IN' => array_keys($activityTypes));
+      }
+      return NULL;
+    }
+
+    // If we have specified activity types, build a list to return, excluding the ones we don't want.
+    if (!empty($params['activity_type_id'])) {
+      if (!is_array($params['activity_type_id'])) {
+        // Turn it into array if only one specified, so we don't duplicate processing below
+        $params['activity_type_id'] = array($params['activity_type_id'] => $params['activity_type_id']);
+      }
+      foreach ($params['activity_type_id'] as $value) {
+        // Add each activity type that was specified to list
+        $value = CRM_Utils_Type::escape($value, 'Positive');
+        $activityTypes[$value] = $value;
+      }
+    }
+
+    // Build the list of activity types to exclude (from $params['activity_type_exclude_id'])
+    if (!empty($params['activity_type_exclude_id'])) {
+      if (!is_array($params['activity_type_exclude_id'])) {
+        // Turn it into array if only one specified, so we don't duplicate processing below
+        $params['activity_type_exclude_id'] = array($params['activity_type_exclude_id'] => $params['activity_type_exclude_id']);
+      }
+      foreach ($params['activity_type_exclude_id'] as $value) {
+        // Remove each activity type from list if it should be excluded
+        $value = CRM_Utils_Type::escape($value, 'Positive');
+        if (array_key_exists($value, $activityTypes)) {
+          unset($activityTypes[$value]);
+        }
+      }
+    }
+
+    return array('IN' => array_keys($activityTypes));
+  }
+
   /**
    * Get the list Activities.
    *
@@ -1181,6 +1205,8 @@ public static function getActivitiesCount($input) {
   /**
    * Get the activity Count.
    *
+   * @deprecated
+   *
    * @param array $input
    *   Array of parameters.
    *    Keys include
@@ -1216,6 +1242,8 @@ public static function deprecatedGetActivitiesCount($input) {
   /**
    * Get the activity sql clause to pick activities.
    *
+   * @deprecated
+   *
    * @param array $input
    *   Array of parameters.
    *    Keys include
@@ -1476,9 +1504,7 @@ public static function sendEmail(
     }
 
     //create the meta level record first ( email activity )
-    $activityTypeID = CRM_Core_PseudoConstant::getKey('CRM_Activity_BAO_Activity', 'activity_type_id',
-      'Email'
-    );
+    $activityTypeID = CRM_Core_PseudoConstant::getKey('CRM_Activity_BAO_Activity', 'activity_type_id', 'Email');
 
     // CRM-6265: save both text and HTML parts in details (if present)
     if ($html and $text) {
@@ -1496,7 +1522,7 @@ public static function sendEmail(
       'subject' => $subject,
       'details' => $details,
       // FIXME: check for name Completed and get ID from that lookup
-      'status_id' => 2,
+      'status_id' => CRM_Core_PseudoConstant::getKey('CRM_Activity_BAO_Activity', 'status_id', 'Completed'),
       'campaign_id' => $campaignId,
     );
 
@@ -2095,7 +2121,8 @@ public static function addActivity(
     }
     elseif ($activity->__table == 'civicrm_contribution') {
       // create activity record only for Completed Contributions
-      if ($activity->contribution_status_id != 1) {
+      $contributionCompletedStatusId = CRM_Core_PseudoConstant::getKey('CRM_Contribute_BAO_Contribution', 'contribution_status_id', 'Completed');
+      if ($activity->contribution_status_id != $contributionCompletedStatusId) {
         return NULL;
       }
       $activityType = $component = 'Contribution';
@@ -2383,10 +2410,7 @@ public static function createFollowupActivity($activityId, $params) {
     $followupParams = array();
     $followupParams['parent_id'] = $activityId;
     $followupParams['source_contact_id'] = CRM_Core_Session::getLoggedInContactID();
-    $followupParams['status_id'] = CRM_Core_PseudoConstant::getKey('CRM_Activity_BAO_Activity',
-      'activity_status_id',
-      'Scheduled'
-    );
+    $followupParams['status_id'] = CRM_Core_PseudoConstant::getKey('CRM_Activity_BAO_Activity', 'activity_status_id', 'Scheduled');
 
     $followupParams['activity_type_id'] = $params['followup_activity_type_id'];
     // Get Subject of Follow-up Activiity, CRM-4491
 
@@ -318,8 +318,8 @@ public static function whereClauseSingle(&$values, &$query) {
 
       case 'activity_result':
         if (is_array($value)) {
-          $safe = NULL;
-          while (list(, $k) = each($value)) {
+          $safe = [];
+          foreach ($values as $id => $k) {
             $safe[] = "'" . CRM_Utils_Type::escape($k, 'String') . "'";
           }
           $query->_where[$grouping][] = "civicrm_activity.result IN (" . implode(',', $safe) . ")";
@@ -505,7 +505,7 @@ public static function buildSearchForm(&$form) {
         if ($name) {
           $value = CRM_Core_OptionGroup::values($name);
           if (!empty($value)) {
-            while (list($k, $v) = each($value)) {
+            foreach ($value as $k => $v) {
               $resultOptions[$v] = $v;
             }
           }
 
@@ -255,7 +255,7 @@ public function preProcess() {
 
     // Give the context.
     if (!isset($this->_context)) {
-      $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
+      $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
       if (CRM_Contact_Form_Search::isSearchContext($this->_context)) {
         $this->_context = 'search';
       }
 
@@ -42,7 +42,7 @@ class CRM_Activity_Form_ActivityView extends CRM_Core_Form {
   public function preProcess() {
     // Get the activity values.
     $activityId = CRM_Utils_Request::retrieve('id', 'Positive', $this);
-    $context = CRM_Utils_Request::retrieve('context', 'String', $this);
+    $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
     $cid = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
 
     // Check for required permissions, CRM-6264.
 
@@ -87,7 +87,7 @@ public function preProcess() {
     $this->_reset = CRM_Utils_Request::retrieve('reset', 'Boolean');
     $this->_force = CRM_Utils_Request::retrieve('force', 'Boolean', $this, FALSE);
     $this->_limit = CRM_Utils_Request::retrieve('limit', 'Positive', $this);
-    $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'search');
+    $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'search');
 
     $this->assign("context", $this->_context);
 
 
@@ -63,7 +63,7 @@ public function browse() {
    */
   public function edit() {
     // used for ajax tabs
-    $context = CRM_Utils_Request::retrieve('context', 'String', $this);
+    $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
     $this->assign('context', $context);
 
     $this->_id = CRM_Utils_Request::retrieve('id', 'Integer', $this);
@@ -159,7 +159,7 @@ public function delete() {
    * Perform actions and display for activities.
    */
   public function run() {
-    $context = CRM_Utils_Request::retrieve('context', 'String', $this);
+    $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);
     $contactId = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
     $action = CRM_Utils_Request::retrieve('action', 'String', $this);
     $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this);
 
@@ -106,6 +106,7 @@ public function buildQuickForm() {
     }
     else {
       $this->_workflow_id = CRM_Utils_Array::value('workflow_id', $this->_values);
+      $this->checkUserPermission($this->_workflow_id);
       $this->assign('workflow_id', $this->_workflow_id);
 
       if ($this->_workflow_id) {
@@ -214,6 +215,26 @@ public function buildQuickForm() {
     }
   }
 
+  /**
+   * Restrict users access based on permission
+   *
+   * @param int $workflowId
+   */
+  private function checkUserPermission($workflowId) {
+    if (isset($workflowId)) {
+      $canView = CRM_Core_Permission::check('edit system workflow message templates');
+    }
+    else {
+      $canView = CRM_Core_Permission::check('edit user-driven message templates');
+    }
+
+    if (!$canView && !CRM_Core_Permission::check('edit message templates')) {
+      CRM_Core_Session::setStatus(ts('You do not have permission to view requested page.'), ts('Access Denied'));
+      $url = CRM_Utils_System::url('civicrm/admin/messageTemplates', "reset=1");
+      CRM_Utils_System::redirect($url);
+    }
+  }
+
   /**
    * Global form rule.
    *
 
@@ -129,7 +129,7 @@ public function setDefaultValues() {
       }
     }
 
-    //setDefault of contact types for email greeting, postal greeting, addressee, CRM-4575
+    // setDefault of contact types for email greeting, postal greeting, addressee, CRM-4575
     if (in_array($this->_gName, array(
       'email_greeting',
       'postal_greeting',
@@ -302,7 +302,7 @@ public function buildQuickForm() {
       $enabled->freeze();
     }
 
-    //fix for CRM-3552, CRM-4575
+    // fix for CRM-3552, CRM-4575
     $showIsDefaultGroups = array(
       'email_greeting',
       'postal_greeting',
@@ -322,7 +322,7 @@ public function buildQuickForm() {
       $this->add('checkbox', 'is_default', ts('Default Option?'));
     }
 
-    //get contact type for which user want to create a new greeting/addressee type, CRM-4575
+    // get contact type for which user want to create a new greeting/addressee type, CRM-4575
     if (in_array($this->_gName, array(
         'email_greeting',
         'postal_greeting',
@@ -341,7 +341,7 @@ public function buildQuickForm() {
 
     if ($this->_gName == 'participant_status') {
       // For Participant Status options, expose the 'filter' field to track which statuses are "Counted", and the Visibility field
-      $element = $this->add('checkbox', 'filter', ts('Counted?'));
+      $this->add('checkbox', 'filter', ts('Counted?'));
       $this->add('select', 'visibility_id', ts('Visibility'), CRM_Core_PseudoConstant::visibility());
     }
     if ($this->_gName == 'participant_role') {
@@ -364,6 +364,7 @@ public function buildQuickForm() {
    *
    * @return array
    *   array of errors / empty array.
+   * @throws \CRM_Core_Exception
    */
   public static function formRule($fields, $files, $self) {
     $errors = array();
@@ -406,7 +407,7 @@ public static function formRule($fields, $files, $self) {
     $dataType = self::getOptionGroupDataType($self->_gName);
     if ($dataType && $self->_gName !== 'activity_type') {
       $validate = CRM_Utils_Type::validate($fields['value'], $dataType, FALSE);
-      if (!$validate) {
+      if ($validate === FALSE) {
         CRM_Core_Session::setStatus(
           ts('Data Type of the value field for this option value does not match ' . $dataType),
           ts('Value field Data Type mismatch'));
@@ -435,7 +436,7 @@ public static function getOptionGroupDataType($optionGroupName) {
   public function postProcess() {
     if ($this->_action & CRM_Core_Action::DELETE) {
       $fieldValues = array('option_group_id' => $this->_gid);
-      $wt = CRM_Utils_Weight::delWeight('CRM_Core_DAO_OptionValue', $this->_id, $fieldValues);
+      CRM_Utils_Weight::delWeight('CRM_Core_DAO_OptionValue', $this->_id, $fieldValues);
 
       if (CRM_Core_BAO_OptionValue::del($this->_id)) {
         if ($this->_gName == 'phone_type') {
@@ -450,7 +451,6 @@ public function postProcess() {
       }
     }
     else {
-      $ids = array();
       $params = $this->exportValues();
 
       // allow multiple defaults within group.
Original file line number	Diff line number	Diff line change
`@@ -318,8 +318,8 @@ public static function whereClauseSingle(&$values, &$query) {`
`318`	`318`
`319`	`319`	`case 'activity_result':`
`320`	`320`	`if (is_array($value)) {`
`321`		`- $safe = NULL;`
`322`		`- while (list(, $k) = each($value)) {`
	`321`	`+ $safe = [];`
	`322`	`+ foreach ($values as $id => $k) {`
`323`	`323`	`$safe[] = "'" . CRM_Utils_Type::escape($k, 'String') . "'";`
`324`	`324`	`}`
`325`	`325`	`$query->_where[$grouping][] = "civicrm_activity.result IN (" . implode(',', $safe) . ")";`
`@@ -505,7 +505,7 @@ public static function buildSearchForm(&$form) {`
`505`	`505`	`if ($name) {`
`506`	`506`	`$value = CRM_Core_OptionGroup::values($name);`
`507`	`507`	`if (!empty($value)) {`
`508`		`- while (list($k, $v) = each($value)) {`
	`508`	`+ foreach ($value as $k => $v) {`
`509`	`509`	`$resultOptions[$v] = $v;`
`510`	`510`	`}`
`511`	`511`	`}`
Original file line number	Diff line number	Diff line change
`@@ -255,7 +255,7 @@ public function preProcess() {`
`255`	`255`
`256`	`256`	`// Give the context.`
`257`	`257`	`if (!isset($this->_context)) {`
`258`		`- $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);`
	`258`	`+ $this->_context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this);`
`259`	`259`	`if (CRM_Contact_Form_Search::isSearchContext($this->_context)) {`
`260`	`260`	`$this->_context = 'search';`
`261`	`261`	`}`