Extension NOT COMPATIBLE with CiviCRM 5.19.3

[bjendres]

Unfortunately, the fix for security issue CIVI-SA-2019-21 shipped with CiviCRM 5.19.3 is incompatible with the way this extension stores its settings.

That means, you will lose all settings and cannot store any new ones.

Until a new version of the extension is released, you can mitigate this issue by applying THIS PATCH to disable the security fix. But don't forget to undo this once you have upgraded this extension, the fix was there for a reason.

[jensschuppe]

5548c3ba5fd9677c3452b627c71a02ebe8aa88f2 adds an upgrader that converts the serialized settings object into an array and makes sure that settings are not stored as objects anymore.

This upgrader should be run prior to a CiviCRM upgrade to 5.19.3 or with the patch provided by @bjendres applied (which should be un-applied immediately after the Newsletter upgrader ran successfully).

Note that accessing the Newsletter profile configuration or running an API call the extension provides may already have deleted your Newsletter API settings. In this case, in order to safely restore your settings, restore the settings from a backup, and run the Newsletter upgrader immediately before anything accesses Newsletter profiles.

The (obviously unneccessary) cast to object in CRM_Newsletter_Profile::storeProfiles() resulted from a bogus method signature of CRM_Core_BAO_Setting::setItem() which expects the $value parameter to be an object.

[jensschuppe]

The upgrader seems to work fine. Released with version 0.2.