Merge pull request #2 from craftcms/develop

Merging from upstream
craftcms · Oct 4, 2017 · c9d4519 · c9d4519
2 parents a22d2fd + 90c77fb
commit c9d4519
Show file tree

Hide file tree

Showing 32 changed files with 278 additions and 113 deletions.
diff --git a/CHANGELOG-v3.md b/CHANGELOG-v3.md
@@ -1,28 +1,46 @@
 Craft CMS 3.0 Working Changelog
 ===============================
 
-## 3.0.0-beta.29 (WIP)
+## 3.0.0-beta.30 (WIP)
+
+### Changed
+- Explicitly added `craft\base\PluginInterface::getVersion()`. ([#2012](https://github.com/craftcms/cms/issues/2012))
+
+### Fixed
+- Fixed a bug where Craft was not enforcing current password validation when a user changed their password from a front-end form.
+- Fixed a bug where Craft was not performing normal user validation when an invalid profile photo was uploaded from a front-end form.
+
+## 3.0.0-beta.29 - 2017-09-29
 
 ### Added
 - Added the `checkboxGroupField()` macro to `_includes/forms.html`. ([#1991](https://github.com/craftcms/cms/issues/1991))
 - Added the `Craft.DynamicGenerator` JavaScript class, for creating dynamic input generators.
 - Added `craft\config\DbConfig::updateDsn()`.
+- Added `craft\console\Request::getIsActionRequest()` (always `false`).
+- Added `craft\console\Request::getIsCpRequest()` (always `false`).
+- Added `craft\console\Request::getIsSiteRequest()` (always `false`).
 - Added a `setup/db-creds` command that collects all the database credentials, tests them, and saves them to the `.env` file.
 - Added a `setup` command that runs through the `setup/security-key`, `setup/db-creds`, and `install` commands.
+- Brought back the `siteName` config setting. ([#2003](https://github.com/craftcms/cms/issues/2003))
 
 ### Changed
 - It is now possible to force an update to be installed, even if Craft thinks that someone else may already be performing an update. ([#1990](https://github.com/craftcms/cms/issues/1990))
 - `options` arrays passed to `_includes/forms/checkboxGroup.html` and `checkboxSelect.html` can now contain any of the properties supported by `checkbox.html` (e.g. `disabled`). ([#1994](https://github.com/craftcms/cms/issues/1994))
 - `options` arrays passed to `_includes/forms/radioGroup.html` can now contain any of the properties supported by `radio.html` (e.g. `disabled`). ([#1994](https://github.com/craftcms/cms/issues/1994))
 - The `limit` property is no longer required by `_includes/forms/elementSelect.html`.
 - Craft’s required PHP version and extensions are now specified in `composer.json`.
+- Craft no longer re-saves *all* localizable elements after a new site is created; entries and Matrix blocks are skipped, and plugins that supply custom element types must now re-save their elements manually as well.
 
 ### Fixed
 - Fixed a PHP error that could occur if a DeleteStaleTemplateCaches job was improperly configured.
 - Fixed a PHP error that occurred after cancelling a DB-only update.
 - Fixed a bug where all fields were getting marked as translatable on edit pages. ([#1996](https://github.com/craftcms/cms/issues/1996))
 - Fixed a PHP error that would occur when calling `craft\services\UserGroups::getGroupByHandle()`.
 - Fixed a JavaScript error that occurred if an asset select input was initialized without a `criteria` setting.
+- Fixed a bug where field types, volume types, mail transport types, and widget types weren’t getting listed in alphabetical order.
+- Fixed a bug where the queue info in the Control Panel wasn’t refreshing instantly after retrying or cancelling a failed job.
+- Fixed a bug where a queue job to resave all Matrix blocks after creating a new site would fail. ([#2001](https://github.com/craftcms/cms/issues/2001))
+- Fixed a PHP error that occurred when submitting a front-end user profile form with a new user photo. ([#2005](https://github.com/craftcms/cms/issues/2005))
 
 ## 3.0.0-beta.28 - 2017-09-15
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,10 +1,17 @@
 Craft CMS Changelog
 ===================
 
-## Unreleased
+## 2.6.2991 - 2017-09-29
 
 ### Fixed
 - Fixed a bug where Craft was allowing multiple tags with the same title to be added if they had leading/trailing whitespace. ([#1997](https://github.com/craftcms/cms/issues/1997))
+- Fixed a MySQL error that could occur when saving a disabled element with a column value that was too large for its database column.
+- Fixed a PHP warning that could occur when submitting a non-numeric value for a Number field, on servers running PHP 7.
+- Fixed a bug where color inputs were really narrow in Safari 11. ([#2010](https://github.com/craftcms/cms/issues/2010))
+- Fixed some buggy behavior on structured element index views when collapsing/expanding elements, if no elements had been collapsed before.
+
+### Security
+- Fixed an XSS vulnerability.
 
 ## 2.6.2990 - 2017-09-15
 

diff --git a/composer.json b/composer.json
@@ -1,7 +1,7 @@
 {
   "name": "craftcms/cms",
   "description": "Craft CMS",
-  "version": "3.0.0-beta.28",
+  "version": "3.0.0-beta.29",
   "keywords": [
     "cms",
     "craftcms",

diff --git a/src/base/PluginInterface.php b/src/base/PluginInterface.php
@@ -30,6 +30,13 @@ interface PluginInterface
      */
     public function getHandle(): string;
 
+    /**
+     * Returns the plugin’s current version.
+     *
+     * @return string The plugin’s current version
+     */
+    public function getVersion();
+
     /**
      * Installs the plugin.
      *

diff --git a/src/config/GeneralConfig.php b/src/config/GeneralConfig.php
@@ -602,6 +602,12 @@ class GeneralConfig extends Object
      * that you do not use beta releases of Craft in a production environment.
      */
     public $showBetaUpdates = false;
+    /**
+     * @var string|string[] The site name(s). If set, it will take precedence over the Name settings in Settings → Sites → [Site Name].
+     *
+     * This can be set to a string, which will override the primary site’s name only, or an array with site handles used as the keys.
+     */
+    public $siteName;
     /**
      * @var string|string[] The base URL to the site(s). If set, it will take precedence over the Base URL settings in Settings → Sites → [Site Name].
      *

diff --git a/src/config/app/main.php b/src/config/app/main.php
@@ -3,7 +3,7 @@
 return [
     'id' => 'CraftCMS',
     'name' => 'Craft CMS',
-    'version' => '3.0.0-beta.28',
+    'version' => '3.0.0-beta.29',
     'schemaVersion' => '3.0.61',
     'minVersionRequired' => '2.6.2788',
     'basePath' => dirname(__DIR__, 2), // Defines the @app alias

diff --git a/src/console/Request.php b/src/console/Request.php
@@ -24,4 +24,34 @@ class Request extends \yii\console\Request
 
     // Public Methods
     // =========================================================================
+
+    /**
+     * Returns whether the Control Panel was requested. (Narrator: It wasn't.)
+     *
+     * @return bool
+     */
+    public function getIsCpRequest(): bool
+    {
+        return false;
+    }
+
+    /**
+     * Returns whether the front end site was requested. (Narrator: It wasn't.)
+     *
+     * @return bool
+     */
+    public function getIsSiteRequest(): bool
+    {
+        return false;
+    }
+
+    /**
+     * Returns whether a specific controller action was requested. (Narrator: There wasn't.)
+     *
+     * @return bool
+     */
+    public function getIsActionRequest(): bool
+    {
+        return false;
+    }
 }
diff --git a/src/controllers/DashboardController.php b/src/controllers/DashboardController.php
@@ -12,6 +12,7 @@
 use craft\base\Widget;
 use craft\base\WidgetInterface;
 use craft\helpers\App;
+use craft\helpers\ArrayHelper;
 use craft\helpers\FileHelper;
 use craft\helpers\Json;
 use craft\helpers\StringHelper;
@@ -80,6 +81,9 @@ public function actionIndex(): Response
             ];
         }
 
+        // Sort them by name
+        ArrayHelper::multisort($widgetTypeInfo, 'name');
+
         $view->setNamespace($namespace);
         $variables = [];
 

diff --git a/src/controllers/EntriesController.php b/src/controllers/EntriesController.php
@@ -516,7 +516,7 @@ public function actionSaveEntry()
             $return['id'] = $entry->id;
             $return['title'] = $entry->title;
 
-            if (!$request->getIsConsoleRequest() && $request->getIsCpRequest()) {
+            if ($request->getIsCpRequest()) {
                 $return['cpEditUrl'] = $entry->getCpEditUrl();
             }
 

diff --git a/src/controllers/FieldsController.php b/src/controllers/FieldsController.php
@@ -12,6 +12,7 @@
 use craft\base\FieldInterface;
 use craft\fields\MissingField;
 use craft\fields\PlainText;
+use craft\helpers\ArrayHelper;
 use craft\helpers\UrlHelper;
 use craft\models\FieldGroup;
 use craft\web\Controller;
@@ -176,6 +177,9 @@ public function actionEditField(int $fieldId = null, FieldInterface $field = nul
             }
         }
 
+        // Sort them by name
+        ArrayHelper::multisort($fieldTypeOptions, 'label');
+
         // Groups
         // ---------------------------------------------------------------------
 

diff --git a/src/controllers/RebrandController.php b/src/controllers/RebrandController.php
@@ -54,43 +54,37 @@ public function actionUploadSiteImage(): Response
             return $this->asErrorJson(Craft::t('app', 'That is not an allowed image type.'));
         }
 
-        // Upload the file and drop it in the temporary folder
-        $file = UploadedFile::getInstanceByName('image');
-
-        try {
-            // Make sure a file was uploaded
-            if ($file) {
-                $filename = Assets::prepareAssetName($file->name, true, true);
+        // Grab the uploaded file
+        if (($file = UploadedFile::getInstanceByName('image')) === null) {
+            return $this->asErrorJson(Craft::t('app', 'There was an error uploading your photo'));
+        }
 
-                if (!Image::canManipulateAsImage($file->getExtension())) {
-                    throw new BadRequestHttpException(Craft::t('app', 'The uploaded file is not an image'));
-                }
+        $filename = Assets::prepareAssetName($file->name, true, true);
 
-                $targetPath = Craft::$app->getPath()->getRebrandPath().'/'.$type.'/';
+        if (!Image::canManipulateAsImage($file->getExtension())) {
+            return $this->asErrorJson(Craft::t('app', 'The uploaded file is not an image.'));
+        }
 
-                if (!is_dir($targetPath)) {
-                    FileHelper::createDirectory($targetPath);
-                } else {
-                    FileHelper::clearDirectory($targetPath);
-                }
+        $targetPath = Craft::$app->getPath()->getRebrandPath().'/'.$type.'/';
 
-                $fileDestination = $targetPath.'/'.$filename;
+        if (!is_dir($targetPath)) {
+            FileHelper::createDirectory($targetPath);
+        } else {
+            FileHelper::clearDirectory($targetPath);
+        }
 
-                move_uploaded_file($file->tempName, $fileDestination);
+        $fileDestination = $targetPath.'/'.$filename;
 
-                $imagesService = Craft::$app->getImages();
-                $imagesService->cleanImage($fileDestination);
-                $imagesService->loadImage($fileDestination)->scaleToFit(300, 300)->saveAs($fileDestination);
-                $html = $this->getView()->renderTemplate('settings/general/_images/'.$type);
+        move_uploaded_file($file->tempName, $fileDestination);
 
-                return $this->asJson(['html' => $html]);
-            }
-        } catch (BadRequestHttpException $exception) {
-            return $this->asErrorJson(Craft::t('app', 'The uploaded file is not an image.'));
-        }
+        $imagesService = Craft::$app->getImages();
+        $imagesService->cleanImage($fileDestination);
+        $imagesService->loadImage($fileDestination)->scaleToFit(300, 300)->saveAs($fileDestination);
+        $html = $this->getView()->renderTemplate('settings/general/_images/'.$type);
 
-        return $this->asErrorJson(Craft::t('app',
-            'There was an error uploading your photo'));
+        return $this->asJson([
+            'html' => $html,
+        ]);
     }
 
     /**
@@ -111,6 +105,8 @@ public function actionDeleteSiteImage(): Response
 
         $html = $this->getView()->renderTemplate('settings/general/_images/'.$type);
 
-        return $this->asJson(['html' => $html]);
+        return $this->asJson([
+            'html' => $html,
+        ]);
     }
 }
diff --git a/src/controllers/SystemSettingsController.php b/src/controllers/SystemSettingsController.php
@@ -10,6 +10,7 @@
 use Craft;
 use craft\elements\GlobalSet;
 use craft\errors\MissingComponentException;
+use craft\helpers\ArrayHelper;
 use craft\helpers\MailerHelper;
 use craft\helpers\Template;
 use craft\helpers\UrlHelper;
@@ -185,6 +186,9 @@ public function actionEditEmailSettings(MailSettings $settings = null, Transport
             }
         }
 
+        // Sort them by name
+        ArrayHelper::multisort($transportTypeOptions, 'label');
+
         return $this->renderTemplate('settings/email/_index', [
             'settings' => $settings,
             'adapter' => $adapter,

diff --git a/src/controllers/UsersController.php b/src/controllers/UsersController.php
@@ -1004,19 +1004,19 @@ public function actionSaveUser()
         // Validate and save!
         // ---------------------------------------------------------------------
 
-        $imageValidates = true;
         $photo = UploadedFile::getInstanceByName('photo');
 
         if ($photo && !Image::canManipulateAsImage($photo->getExtension())) {
-            $imageValidates = false;
             $user->addError('photo', Craft::t('app', 'The user photo provided is not an image.'));
         }
 
         if ($thisIsPublicRegistration) {
             $user->validateCustomFields = false;
         }
 
-        if (!$imageValidates || !Craft::$app->getElements()->saveElement($user)) {
+        if (!$user->validate(null, false)) {
+            Craft::info('User not saved due to validation error.', __METHOD__);
+
             if ($thisIsPublicRegistration) {
                 // Move any 'newPassword' errors over to 'password'
                 $user->addErrors(['password' => $user->getErrors('newPassword')]);
@@ -1039,6 +1039,9 @@ public function actionSaveUser()
             return null;
         }
 
+        // Save the user (but no need to re-validate)
+        Craft::$app->getElements()->saveElement($user, false);
+
         // Save their preferences too
         $preferences = [
             'language' => $request->getBodyParam('preferredLanguage', $user->getPreference('language')),
@@ -1155,27 +1158,28 @@ public function actionUploadUserPhoto()
             $this->requirePermission('editUsers');
         }
 
-        $file = UploadedFile::getInstanceByName('photo');
+        if (($file = UploadedFile::getInstanceByName('photo')) === null) {
+            return null;
+        }
 
         try {
-            // Make sure a file was uploaded
-            if ($file) {
-                if ($file->getHasError()) {
-                    throw new UploadFailedException($file->error);
-                }
+            if ($file->getHasError()) {
+                throw new UploadFailedException($file->error);
+            }
 
-                $users = Craft::$app->getUsers();
-                $user = $users->getUserById($userId);
+            $users = Craft::$app->getUsers();
+            $user = $users->getUserById($userId);
 
-                // Move to our own temp location
-                $fileLocation = Assets::tempFilePath($file->getExtension());
-                move_uploaded_file($file->tempName, $fileLocation);
-                $users->saveUserPhoto($fileLocation, $user, $file->name);
+            // Move to our own temp location
+            $fileLocation = Assets::tempFilePath($file->getExtension());
+            move_uploaded_file($file->tempName, $fileLocation);
+            $users->saveUserPhoto($fileLocation, $user, $file->name);
 
-                $html = $this->getView()->renderTemplate('users/_photo', ['account' => $user]);
+            $html = $this->getView()->renderTemplate('users/_photo', ['account' => $user]);
 
-                return $this->asJson(['html' => $html]);
-            }
+            return $this->asJson([
+                'html' => $html,
+            ]);
         } catch (\Throwable $exception) {
             /** @noinspection UnSafeIsSetOverArrayInspection - FP */
             if (isset($fileLocation)) {
@@ -1184,11 +1188,10 @@ public function actionUploadUserPhoto()
 
             Craft::error('There was an error uploading the photo: '.$exception->getMessage(), __METHOD__);
 
-            return $this->asErrorJson(Craft::t('app',
-                'There was an error uploading your photo: {error}', ['error' => $exception->getMessage()]));
+            return $this->asErrorJson(Craft::t('app', 'There was an error uploading your photo: {error}', [
+                'error' => $exception->getMessage()
+            ]));
         }
-
-        return null;
     }
 
     /**
@@ -1679,8 +1682,14 @@ private function _processUserPhoto(User $user)
         if ($photo = UploadedFile::getInstanceByName('photo')) {
             $fileLocation = Assets::tempFilePath($photo->getExtension());
             move_uploaded_file($photo->tempName, $fileLocation);
-            $users->saveUserPhoto($fileLocation, $user, $photo->name);
-            FileHelper::removeFile($fileLocation);
+            try {
+                $users->saveUserPhoto($fileLocation, $user, $photo->name);
+            } catch (\Throwable $e) {
+                if (file_exists($fileLocation)) {
+                    FileHelper::removeFile($fileLocation);
+                }
+                throw $e;
+            }
         }
     }