Merge branch 'release/4.3.9' into main

CHANGELOG.md

@@ -1,5 +1,16 @@
 # Release Notes for Craft CMS 4
 
+## 4.3.9 - 2023-02-14
+
+- Image thumbnails and previews are no longer versioned if their image URL doesn’t begin with one of the asset’s base filesystem URLs. ([#12663](https://github.com/craftcms/cms/issues/12663))
+- HTML Purifier now allows `oembed` tags. ([ckeditor#59](https://github.com/craftcms/ckeditor/issues/59))
+- Added `craft\htmlpurifier\VideoEmbedUrlDef`.
+- `craft\helpers\Assets::revUrl()` now has an `$fsOnly` argument.
+- Fixed a bug where entries that aren’t propagated to the primary site weren’t showing revision notes. ([#12641](https://github.com/craftcms/cms/issues/12641))
+- Fixed a bug where HTML tags weren’t getting stripped from auto-generated Handle and URI Format setting values.
+- Fixed a JavaScript error that could occur if an object with `null` values was passed to `Craft.compare()`.
+- Fixed a bug where `craft\elements\db\ElementQuery::toArray()` was calling getter methods whose names conflicted with custom field handles. ([#12635](https://github.com/craftcms/cms/pull/12635))
+
 ## 4.3.8.2 - 2023-02-08
 
 - Fixed a PHP error that could occur if relational fields were getting eager-loaded for elements that the fields didn’t belong to. ([#12648](https://github.com/craftcms/cms/issues/12648))
@@ -8,7 +19,7 @@
 
 - Fixed a PHP error that occurred after performing a Composer action within Craft. ([#12647](https://github.com/craftcms/cms/issues/12647))
 - Fixed a bug where element attributes weren’t getting eager-loaded. ([#12646](https://github.com/craftcms/cms/pull/12646), [#12645](https://github.com/craftcms/cms/issues/12645))
-- Fixed a bug where images within the image editor weren’t getting versioned, unless the `revAssetUrls` config setting was enabled. ([#12603](https://github.com/craftcms/cms/issues/12603))
+- Fixed a bug where image previews weren’t getting versioned, unless the `revAssetUrls` config setting was enabled. ([#12603](https://github.com/craftcms/cms/issues/12603))
 
 ## 4.3.8 - 2023-02-07
 

src/base/Element.php

@@ -4248,6 +4248,7 @@ public function getCurrentRevision(): ?ElementInterface
         if (!isset($this->_currentRevision)) {
             $canonical = $this->getCanonical(true);
             $this->_currentRevision = static::find()
+                ->siteId($canonical->siteId)
                 ->revisionOf($canonical->id)
                 ->dateCreated($canonical->dateUpdated)
                 ->status(null)

src/config/app.php

@@ -3,7 +3,7 @@
 return [
     'id' => 'CraftCMS',
     'name' => 'Craft CMS',
-    'version' => '4.3.8.2',
+    'version' => '4.3.9',
     'schemaVersion' => '4.0.0.9',
     'minVersionRequired' => '3.7.11',
     'basePath' => dirname(__DIR__), // Defines the @app alias

src/elements/db/ElementQuery.php

@@ -1730,13 +1730,14 @@ public function prepareSubquery(?QueryBuilder $builder = null): Query
      */
     public function fields(): array
     {
-        $fields = array_unique(array_merge(
-            array_keys(Craft::getObjectVars($this)),
-            array_keys(Craft::getObjectVars($this->getBehavior('customFields')))
-        ));
-        $fields = array_combine($fields, $fields);
+        $vars = array_keys(Craft::getObjectVars($this));
+        $behavior = $this->getBehavior('customFields');
+        $behaviorVars = array_keys(Craft::getObjectVars($behavior));
+        $fields = array_merge(
+            array_combine($vars, $vars),
+            array_combine($behaviorVars, array_map(fn(string $var) => fn() => $behavior->$var, $behaviorVars))
+        );
         unset($fields['query'], $fields['subQuery'], $fields['owner']);
-
         return $fields;
     }
 

src/helpers/Assets.php

@@ -123,13 +123,30 @@ public static function revParams(Asset $asset, ?DateTime $dateUpdated = null): a
     /**
      * Appends revision parameters to a URL.
      *
+     * @param string $url
      * @param Asset $asset
      * @param DateTime|null $dateUpdated
+     * @param bool $fsOnly Only append a revision param if the URL begins with the asset’s filesystem URL
      * @return string
      * @since 4.3.7
      */
-    public static function revUrl(string $url, Asset $asset, ?DateTime $dateUpdated = null): string
+    public static function revUrl(string $url, Asset $asset, ?DateTime $dateUpdated = null, bool $fsOnly = false): string
     {
+        if ($fsOnly) {
+            $volume = $asset->getVolume();
+            $fss = array_unique([$volume->getFs(), $volume->getTransformFs()], SORT_REGULAR);
+            $matchingFs = ArrayHelper::contains($fss, function(FsInterface $fs) use ($url): bool {
+                if (!$fs->hasUrls) {
+                    return false;
+                }
+                $baseUrl = $fs->getRootUrl();
+                return $baseUrl !== null && StringHelper::startsWith($url, StringHelper::ensureRight($baseUrl, '/'));
+            });
+            if (!$matchingFs) {
+                return $url;
+            }
+        }
+
         $revParams = static::revParams($asset, $dateUpdated);
         return UrlHelper::urlWithParams($url, $revParams);
     }

src/helpers/Cp.php

@@ -338,7 +338,6 @@ public static function elementHtml(
         bool $autoReload = true,
     ): string {
         $isDraft = $element->getIsDraft();
-        $isRevision = !$isDraft && $element->getIsRevision();
         $label = $element->getUiLabel();
         $showStatus = $showStatus && ($isDraft || $element::hasStatuses());
 

src/helpers/HtmlPurifier.php

@@ -7,6 +7,7 @@
 
 namespace craft\helpers;
 
+use craft\htmlpurifier\VideoEmbedUrlDef;
 use HTMLPurifier_Config;
 use HTMLPurifier_Encoder;
 
@@ -76,6 +77,9 @@ public static function configure($config): void
 
             // https://github.com/ezyang/htmlpurifier/issues/152#issuecomment-414192516
             $def->addAttribute('a', 'download', 'URI');
+
+            $def->addElement('oembed', 'Block', 'Inline', 'Common');
+            $def->addAttribute('oembed', 'url', new VideoEmbedUrlDef());
         }
     }
 }

src/htmlpurifier/VideoEmbedUrlDef.php

@@ -0,0 +1,31 @@
+<?php
+/**
+ * @link https://craftcms.com/
+ * @copyright Copyright (c) Pixel & Tonic, Inc.
+ * @license https://craftcms.github.io/license/
+ */
+
+namespace craft\htmlpurifier;
+
+use HTMLPurifier_AttrDef_URI;
+
+/**
+ * Class VideoEmbedUrlDef
+ *
+ * @author Pixel & Tonic, Inc. <[email protected]>
+ * @since 4.3.9
+ */
+class VideoEmbedUrlDef extends HTMLPurifier_AttrDef_URI
+{
+    public function validate($uri, $config, $context)
+    {
+        $regexp = $config->get('URI.SafeIframeRegexp');
+        if ($regexp !== null) {
+            if (!preg_match($regexp, $uri)) {
+                return false;
+            }
+        }
+
+        return parent::validate($uri, $config, $context);
+    }
+}

src/services/Assets.php

@@ -649,7 +649,7 @@ public function getThumbUrl(Asset $asset, int $width, ?int $height = null): stri
             return AssetsHelper::iconUrl($extension);
         }
 
-        return AssetsHelper::revUrl($url, $asset);
+        return AssetsHelper::revUrl($url, $asset, fsOnly: true);
     }
 
     /**
@@ -690,7 +690,7 @@ public function getImagePreviewUrl(Asset $asset, int $maxWidth, int $maxHeight):
             throw new NotSupportedException('A preview URL couldn’t be generated for the asset.');
         }
 
-        return AssetsHelper::revUrl($url, $asset);
+        return AssetsHelper::revUrl($url, $asset, fsOnly: true);
     }
 
     /**

src/web/assets/cp/src/js/Craft.js

@@ -1318,7 +1318,7 @@ $.extend(Craft, {
       return false;
     }
 
-    if (typeof obj1 === 'object') {
+    if (typeof obj1 === 'object' && obj1 !== null && obj2 !== null) {
       // Compare the lengths
       if (obj1.length !== obj2.length) {
         return false;

src/web/assets/cp/src/js/HandleGenerator.js

@@ -6,7 +6,7 @@
 Craft.HandleGenerator = Craft.BaseInputGenerator.extend({
   generateTargetValue: function (sourceVal) {
     // Remove HTML tags
-    var handle = sourceVal.replace('/<(.*?)>/g', '');
+    var handle = sourceVal.replace(/<(.*?)>/g, '');
 
     // Remove inner-word punctuation
     handle = handle.replace(/['"‘’“”\[\]\(\)\{\}:]/g, '');

src/web/assets/cp/src/js/UriFormatGenerator.js

@@ -6,7 +6,7 @@
 Craft.UriFormatGenerator = Craft.BaseInputGenerator.extend({
   generateTargetValue: function (sourceVal) {
     // Remove HTML tags
-    sourceVal = sourceVal.replace('/<(.*?)>/g', '');
+    sourceVal = sourceVal.replace(/<(.*?)>/g, '');
 
     // Make it lowercase
     sourceVal = sourceVal.toLowerCase();