Merge branch 'release/1.7.14'

CHANGELOG.md

@@ -1,3 +1,14 @@
+# v1.7.14
+## 04/29/2021
+
+1. [](#new)
+    * Added `MediaUploadTrait::checkFileMetadata()` method
+1. [](#improved)
+    * Updating a theme should always keep the custom files [getgrav/grav-plugin-admin#2135](https://github.com/getgrav/grav-plugin-admin/issues/2135)
+1. [](#bugfix)
+    * Fixed broken numeric language codes in Flex Pages [#3332](https://github.com/getgrav/grav/issues/3332)
+    * Fixed broken `exif_imagetype()` twig function
+
 # v1.7.13
 ## 04/23/2021
 

system/defines.php

@@ -9,7 +9,7 @@
 
 // Some standard defines
 define('GRAV', true);
-define('GRAV_VERSION', '1.7.13');
+define('GRAV_VERSION', '1.7.14');
 define('GRAV_SCHEMA', '1.7.0_2020-11-20_1');
 define('GRAV_TESTING', false);
 

system/src/Grav/Common/Flex/Types/Pages/PageIndex.php

@@ -416,7 +416,7 @@ protected function translateEntries(array $entries, string $lang, bool $fallback
         $languages = $this->getFallbackLanguages($lang, $fallback);
         foreach ($entries as $key => &$entry) {
             // Find out which version of the page we should load.
-            $translations = $this->getLanguageTemplates($key);
+            $translations = $this->getLanguageTemplates((string)$key);
             if (!$translations) {
                 // No translations found, is this a folder?
                 continue;

system/src/Grav/Common/GPM/Installer.php

@@ -135,7 +135,10 @@ public static function install($zip, $destination, $options = [], $extracted = n
         }
 
         if (!$options['sophisticated']) {
-            if ($options['theme']) {
+            $isTheme = $options['theme'] ?? false;
+            // Make sure that themes are always being copied, even if option was not set!
+            $isTheme = $isTheme || preg_match('|/themes/[^/]+|ui', $install_path);
+            if ($isTheme) {
                 self::copyInstall($extracted, $install_path);
             } else {
                 self::moveInstall($extracted, $install_path);

system/src/Grav/Common/Media/Traits/MediaUploadTrait.php

@@ -71,15 +71,6 @@ public function createFromUploadedFile(UploadedFileInterface $uploadedFile, arra
      */
     public function checkUploadedFile(UploadedFileInterface $uploadedFile, string $filename = null, array $settings = null): string
     {
-        // Add the defaults to the settings.
-        $settings = $this->getUploadSettings($settings);
-
-        // Destination is always needed (but it can be set in defaults).
-        $self = $settings['self'] ?? false;
-        if (!isset($settings['destination']) && $self === false) {
-            throw new RuntimeException($this->translate('PLUGIN_ADMIN.DESTINATION_NOT_SPECIFIED'), 400);
-        }
-
         // Check if there is an upload error.
         switch ($uploadedFile->getError()) {
             case UPLOAD_ERR_OK:
@@ -101,10 +92,38 @@ public function checkUploadedFile(UploadedFileInterface $uploadedFile, string $f
                 throw new RuntimeException($this->translate('PLUGIN_ADMIN.UNKNOWN_ERRORS'), 400);
         }
 
+        $metadata = [
+            'filename' => $uploadedFile->getClientFilename(),
+            'mime' => $uploadedFile->getClientMediaType(),
+            'size' => $uploadedFile->getSize(),
+        ];
+
+        return $this->checkFileMetadata($metadata, $filename, $settings);
+    }
+
+    /**
+     * Checks that file metadata meets the requirements. Returns new filename.
+     *
+     * @param array $metadata
+     * @param array|null $settings
+     * @return string|null
+     * @throws RuntimeException
+     */
+    public function checkFileMetadata(array $metadata, string $filename = null, array $settings = null): string
+    {
+        // Add the defaults to the settings.
+        $settings = $this->getUploadSettings($settings);
+
+        // Destination is always needed (but it can be set in defaults).
+        $self = $settings['self'] ?? false;
+        if (!isset($settings['destination']) && $self === false) {
+            throw new RuntimeException($this->translate('PLUGIN_ADMIN.DESTINATION_NOT_SPECIFIED'), 400);
+        }
+
         if (null === $filename) {
             // If no filename is given, use the filename from the uploaded file (path is not allowed).
             $folder = '';
-            $filename = $uploadedFile->getClientFilename() ?? '';
+            $filename = $metadata['filename'] ?? '';
         } else {
             // If caller sets the filename, we will accept any custom path.
             $folder = dirname($filename);
@@ -128,7 +147,7 @@ public function checkUploadedFile(UploadedFileInterface $uploadedFile, string $f
                 $filename = date('YmdHis') . '-' . $filename;
             }
         }
-        $filepath = $folder !== '' ? $folder . $filename : $filename;
+        $filepath = $folder . $filename;
 
         // Check if the filename is allowed.
         if (!Utils::checkFilename($filename)) {
@@ -148,14 +167,14 @@ public function checkUploadedFile(UploadedFileInterface $uploadedFile, string $f
         $filesize = $settings['filesize'];
         if ($filesize) {
             $max_filesize = $filesize * 1048576;
-            if ($uploadedFile->getSize() > $max_filesize) {
+            if ($metadata['size'] > $max_filesize) {
                 // TODO: use own language string
                 throw new RuntimeException($this->translate('PLUGIN_ADMIN.EXCEEDED_GRAV_FILESIZE_LIMIT'), 400);
             }
         } elseif (null === $filesize) {
             // Check size against the Grav upload limit.
             $grav_limit = Utils::getUploadLimit();
-            if ($grav_limit > 0 && $uploadedFile->getSize() > $grav_limit) {
+            if ($grav_limit > 0 && $metadata['size'] > $grav_limit) {
                 throw new RuntimeException($this->translate('PLUGIN_ADMIN.EXCEEDED_GRAV_FILESIZE_LIMIT'), 400);
             }
         }
@@ -165,6 +184,11 @@ public function checkUploadedFile(UploadedFileInterface $uploadedFile, string $f
         $errors = [];
         // Do not trust mime type sent by the browser.
         $mime = Utils::getMimeByFilename($filename);
+        $mimeTest = $metadata['mime'] ?? $mime;
+        if ($mime !== $mimeTest) {
+            throw new RuntimeException('The mime type does not match to file extension', 400);
+        }
+
         foreach ((array)$settings['accept'] as $type) {
             // Force acceptance of any file when star notation
             if ($type === '*') {

system/src/Grav/Common/Page/Markdown/Excerpts.php

@@ -114,7 +114,7 @@ static function ($carry, $item) {
             );
 
             // Valid attributes supported.
-            $valid_attributes = $grav['config']->get('system.pages.markdown.valid_link_attributes');
+            $valid_attributes = $grav['config']->get('system.pages.markdown.valid_link_attributes') ?? [];
 
             $skip = [];
             // Unless told to not process, go through actions.

system/src/Grav/Common/Twig/Extension/FilesystemExtension.php

@@ -265,7 +265,7 @@ public function exif_imagetype($filename)
             return false;
         }
 
-        return @exif_imagetype();
+        return @exif_imagetype($filename);
     }
 
     /**

system/src/Grav/Framework/Flex/FlexForm.php

@@ -119,7 +119,7 @@ public function __construct(string $name, FlexObjectInterface $object, array $op
         }
         $this->setUniqueId($uniqueId);
         $directory = $object->getFlexDirectory();
-        $this->setFlashLookupFolder($directory->getBlueprint()->get('form/flash_folder') ?? 'tmp://forms/[SESSIONID]');
+        $this->setFlashLookupFolder($options['flash_folder'] ?? $directory->getBlueprint()->get('form/flash_folder') ?? 'tmp://forms/[SESSIONID]');
         $this->form = $options['form'] ?? null;
 
         if (!empty($options['reset'])) {

tests/phpstan/phpstan.neon

@@ -124,8 +124,11 @@ parameters:
 
         # Support for deprecated features
         -
-            message: '#Instantiation of deprecated class Doctrine\\Common\\Cache\\MemcacheCache#'
+            message: '#Instantiation of deprecated class Doctrine\\Common\\Cache\\(\w+)Cache#'
             path: '*/system/src/Grav/Common/Cache.php'
+        -
+            message: '#Instantiation of deprecated class Doctrine\\Common\\Cache\\(\w+)Cache#'
+            path: '*/system/src/Grav/Common/GPM/Remote/*.php'
         -
             message: '#Call to deprecated method order#'
             path: '*/system/src/Grav/Common/Page/Pages.php'