Merge branch '9.2.x' into feature/better-api-redirect-uris

KorvinSzanto · May 6, 2024 · f87d969 · f87d969
2 parents 31eed59 + b176973
commit f87d969
Show file tree

Hide file tree

Showing 14 changed files with 37 additions and 27 deletions.
diff --git a/build/tasks/build-release/download.js b/build/tasks/build-release/download.js
@@ -3,7 +3,7 @@
 const download = require('download');
 
 module.exports = function(grunt, config, parameters, done) {
-	var zipUrl = parameters.releaseSourceZip || 'https://github.com/concretecms/concretecms/archive/refs/tags/9.2.7.zip';
+	var zipUrl = parameters.releaseSourceZip || 'https://github.com/concretecms/concretecms/archive/refs/tags/9.2.8.zip';
 	var workFolder = parameters.releaseWorkFolder || './release';
 	function endForError(e) {
 		process.stderr.write(e.message || e);

diff --git a/concrete/blocks/file/view.php b/concrete/blocks/file/view.php
@@ -16,7 +16,7 @@
     ?>
     <div class="ccm-block-file">
         <a href="<?php echo (!empty($forceDownload)) ? $f->getForceDownloadURL() : $f->getDownloadURL(); ?>">
-            <?php echo stripslashes($controller->getLinkText()) ?>
+            <?php echo h(stripslashes($controller->getLinkText())) ?>
         </a>
     </div>
     <?php

diff --git a/concrete/config/concrete.php b/concrete/config/concrete.php
@@ -6,8 +6,8 @@
      *
      * @var string
      */
-    'version' => '9.2.7',
-    'version_installed' => '9.2.7',
+    'version' => '9.2.8',
+    'version_installed' => '9.2.8',
     'version_db' => '20240318000000', // the key of the latest database migration
 
     /*

diff --git a/concrete/controllers/dialog/express/preset/delete.php b/concrete/controllers/dialog/express/preset/delete.php
@@ -71,7 +71,7 @@ public function remove_search_preset()
                     }
                     if (!$this->error->has()) {
                         $response = new EditResponse();
-                        $response->setMessage(t('%s deleted successfully.', $searchPreset->getPresetName()));
+                        $response->setMessage(t('%s deleted successfully.', h($searchPreset->getPresetName())));
                         $response->setAdditionalDataAttribute('presetID', $presetID);
                         $em = $this->app->make(\Doctrine\ORM\EntityManager::class);
                         $em->remove($searchPreset);

diff --git a/concrete/controllers/dialog/file/preset/delete.php b/concrete/controllers/dialog/file/preset/delete.php
@@ -46,7 +46,7 @@ public function remove_search_preset()
                     }
                     if (!$this->error->has()) {
                         $response = new EditResponse();
-                        $response->setMessage(t('%s deleted successfully.', $searchPreset->getPresetName()));
+                        $response->setMessage(t('%s deleted successfully.', h($searchPreset->getPresetName())));
                         $response->setAdditionalDataAttribute('presetID', $presetID);
                         $node = TreeNodeSearchPreset::getNodeBySavedSearchID($presetID);
                         if (is_object($node)) {

diff --git a/concrete/controllers/dialog/search/preset/delete.php b/concrete/controllers/dialog/search/preset/delete.php
@@ -48,7 +48,7 @@ public function remove_search_preset()
                     }
                     if (!$this->error->has()) {
                         $response = new EditResponse();
-                        $response->setMessage(t('%s deleted successfully.', $searchPreset->getPresetName()));
+                        $response->setMessage(t('%s deleted successfully.', h($searchPreset->getPresetName())));
                         $response->setAdditionalDataAttribute('presetID', $presetID);
                         $em = $this->app->make(EntityManager::class);
                         $em->remove($searchPreset);

diff --git a/concrete/controllers/dialog/search/preset/edit.php b/concrete/controllers/dialog/search/preset/edit.php
@@ -49,7 +49,7 @@ public function edit_search_preset()
                     }
                     if (!$this->error->has()) {
                         $response = new EditResponse();
-                        $response->setMessage(t('%s edited successfully.', $newPresetName));
+                        $response->setMessage(t('%s edited successfully.', h($newPresetName)));
                         $response->setAdditionalDataAttribute('presetID', $presetID);
                         $response->setAdditionalDataAttribute('actionURL', (string) $this->getSavedSearchBaseURL($searchPreset));
                         $searchPreset->setPresetName($newPresetName);

diff --git a/concrete/elements/page_controls_footer.php b/concrete/elements/page_controls_footer.php
@@ -182,7 +182,7 @@
                 } else {
                     ?>
                     <li class="float-end d-none d-md-block">
-                        <a <?php if ($show_tooltips) { ?>class="launch-tooltip"<?php } ?> data-bs-toggle="tooltip" data-bs-placement="bottom" href="<?=URL::to('/login', 'logout', $valt->generate('logout'))?>" title="<?=t('Sign Out')?>">
+                        <a <?php if ($show_tooltips) { ?>class="launch-tooltip"<?php } ?> data-bs-toggle="tooltip" data-bs-placement="bottom" href="<?=URL::to('/login', 'do_logout', $valt->generate('do_logout'))?>" title="<?=t('Sign Out')?>">
                             <i class="fas fa-sign-out-alt"></i><span class="ccm-toolbar-accessibility-title ccm-toolbar-accessibility-title-site-settings"><?= tc('toolbar', 'Sign Out') ?></span>
                         </a>
                     </li>

diff --git a/concrete/single_pages/dashboard/system/calendar/colors.php b/concrete/single_pages/dashboard/system/calendar/colors.php
@@ -8,11 +8,11 @@
         <legend><?=t('Default Colors')?></legend>
         <div class="form-group">
             <?=$form->label('defaultBackgroundColor', t('Background'))?>
-            <?=$color->output('defaultBackgroundColor', $defaultBackgroundColor)?>
+            <?=$color->output('defaultBackgroundColor', h($defaultBackgroundColor))?>
         </div>
         <div class="form-group">
             <?=$form->label('defaultTextColor', t('Text'))?>
-            <?=$color->output('defaultTextColor', $defaultTextColor)?>
+            <?=$color->output('defaultTextColor', h($defaultTextColor))?>
         </div>
     </fieldset>
 
@@ -45,10 +45,10 @@
                 <tr>
                     <td style="text-align: center; width: 10px"><?=$form->checkbox('override[]', $topic->getTreeNodeID(), $checked)?></td>
                     <td style="width: 50%"><?=$topic->getTreeNodeDisplayName()?></td>
-                    <td><?=$color->output('backgroundColor[' . $topic->getTreeNodeID() . ']', $backgroundColor)?></td>
-                    <td><?=$color->output('textColor[' . $topic->getTreeNodeID() . ']', $textColor)?></td>
+                    <td><?=$color->output('backgroundColor[' . $topic->getTreeNodeID() . ']', h($backgroundColor))?></td>
+                    <td><?=$color->output('textColor[' . $topic->getTreeNodeID() . ']', h($textColor))?></td>
                 </tr>
-            <?php 
+            <?php
 }
     ?>
             </table>

diff --git a/concrete/src/Application/Service/FileManager.php b/concrete/src/Application/Service/FileManager.php
@@ -44,7 +44,7 @@ class FileManager
      *             ],
      *             [
      *                 'field' => 'extension',
-     *                 'extension' => ['.png', '.jpg'],
+     *                 'extension' => ['png', 'jpg'],
      *             ],
      *         ],
      *     ]

diff --git a/concrete/src/StyleCustomizer/Inline/StyleSet.php b/concrete/src/StyleCustomizer/Inline/StyleSet.php
@@ -256,8 +256,14 @@ public static function populateFromRequest(Request $request)
 
         $v = $post->get('customClass');
         if (is_array($v)) {
-            $set->setCustomClass(implode(' ', $v));
-            $return = true;
+            $v = array_filter($v, function ($class) {
+                return preg_match('/^-?[_a-zA-Z]+[_a-zA-Z0-9-]*$/', $class);
+            });
+
+            if (count($v) > 0) {
+                $set->setCustomClass(implode(' ', $v));
+                $return = true;
+            }
         }
 
         $v = trim($post->get('customID', ''));

diff --git a/concrete/themes/dashboard/elements/header.php b/concrete/themes/dashboard/elements/header.php
@@ -15,6 +15,7 @@
 
 $config = $app->make('config');
 
+$sitemapHelper = $app->make('helper/concrete/dashboard/sitemap');
 if (!isset($hideDashboardPanel)) {
     $hideDashboardPanel = false;
 }
@@ -92,15 +93,18 @@
                         <span class="ccm-toolbar-accessibility-title ccm-toolbar-accessibility-title-site-settings"><?= tc('toolbar', 'Dashboard'); ?></span>
                     </a>
                 </li>
-                <li class="float-end d-none d-sm-none d-md-block">
-                    <a <?php if ($show_tooltips) {
-                        ?>class="launch-tooltip"<?php
-                    } ?>  data-bs-toggle="tooltip" data-bs-placement="bottom" href="#" data-panel-url="<?= URL::to('/ccm/system/panels/sitemap'); ?>" title="<?= t('Add Pages and Navigate Your Site'); ?>" data-launch-panel="sitemap">
-                        <svg><use xlink:href="#icon-sitemap" /></svg>
-                        <span class="ccm-toolbar-accessibility-title ccm-toolbar-accessibility-title-add-page"><?= tc('toolbar', 'Pages'); ?></span>
-                    </a>
-                </li>
                 <?php
+                if ($sitemapHelper->canViewSitemapPanel()) { ?>
+                    <li class="float-end d-none d-sm-none d-md-block">
+                        <a <?php if ($show_tooltips) {
+                            ?>class="launch-tooltip"<?php
+                        } ?>  data-bs-toggle="tooltip" data-bs-placement="bottom" href="#" data-panel-url="<?= URL::to('/ccm/system/panels/sitemap'); ?>" title="<?= t('Add Pages and Navigate Your Site'); ?>" data-launch-panel="sitemap">
+                            <svg><use xlink:href="#icon-sitemap" /></svg>
+                            <span class="ccm-toolbar-accessibility-title ccm-toolbar-accessibility-title-add-page"><?= tc('toolbar', 'Pages'); ?></span>
+                        </a>
+                    </li>
+                <?php
+                }
                 $items = $ihm->getPageHeaderMenuItems('right');
                 foreach ($items as $ih) {
                     $cnt = $ih->getController();

diff --git a/concrete/views/dialogs/search/preset/delete.php b/concrete/views/dialogs/search/preset/delete.php
@@ -4,7 +4,7 @@
     <form method="post" data-dialog-form="remove-search-preset" class="form-horizontal" action="<?= $controller->getDeleteSearchPresetAction(); ?>">
         <?= $token->output('remove_search_preset'); ?>
         <?= $form->hidden('presetID', $searchPreset->getId()); ?>
-        <p><?= t('Are you sure you want to remove the "%s" search preset?', $searchPreset->getPresetName()); ?></p>
+        <p><?= t('Are you sure you want to remove the "%s" search preset?', h($searchPreset->getPresetName())); ?></p>
 
         <div class="dialog-buttons clearfix">
             <button class="btn btn-secondary" data-dialog-action="cancel"><?= t('Cancel'); ?></button>

diff --git a/concrete/views/dialogs/search/preset/edit.php b/concrete/views/dialogs/search/preset/edit.php
@@ -6,7 +6,7 @@
         <?= $form->hidden('presetID', $searchPreset->getId()); ?>
         <div class="form-group">
             <?= $form->label('presetName', t('Name')); ?>
-            <?= $form->text('presetName', $searchPreset->getPresetName()); ?>
+            <?= $form->text('presetName', h($searchPreset->getPresetName())); ?>
         </div>
 
         <div class="dialog-buttons clearfix">
-Original file line number
+Diff line change
@@ Expand Up / @@ -44,7 +44,7 @@ class FileManager @@
          *             ],
          *             [
          *                 'field' => 'extension',
-         *                 'extension' => ['.png', '.jpg'],
+         *                 'extension' => ['png', 'jpg'],
          *             ],
          *         ],
          *     ]
@@ Expand Down @@