Skip to content

Commit

Permalink
Merge branch '7.3' into bugfix/nodeGetPropertyReturnsArrayWithHolesFo…
Browse files Browse the repository at this point in the history 
…rReferences
  • Loading branch information
@bwaidelich
bwaidelich committed Jan 14, 2024
2 parents 6277218 + 4b1457e commit 7639495
Show file tree
Hide file tree
Showing 64 changed files with 867 additions and 1,481 deletions.
11 changes: 10 additions & 1 deletion Neos.ContentRepository/Classes/Command/NodeCommandControllerPlugin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -833,7 +833,16 @@ public function removeBrokenEntityReferences($workspaceName)
$convertedProperty->__load();
} /** @noinspection PhpRedundantCatchClauseInspection */ catch (EntityNotFoundException $e) {
$nodesWithBrokenEntityReferences[$nodeData->getIdentifier()][$propertyName] = $nodeData;
$this->dispatch(self::EVENT_NOTICE, sprintf('Broken reference in "<i>%s</i>" (%s), property "<i>%s</i>" (<i>%s</i>) referring to <i>%s</i>.', $nodeData->getPath(), $nodeData->getIdentifier(), $propertyName, $propertyType, $propertyValue));
$this->dispatch(self::EVENT_NOTICE, sprintf(
'Broken reference in "<i>%s</i>" (%s), property "<i>%s</i>" (<i>%s</i>)%s.',
$nodeData->getPath(),
$nodeData->getIdentifier(),
$propertyName,
$propertyType,
method_exists($propertyValue, '__toString') ?
' referring to <i>' . $propertyValue->__toString() . '</i>' :
''
));
$brokenReferencesCount ++;
}
}
Expand Down
2 changes: 1 addition & 1 deletion Neos.Fusion/Classes/Core/Parser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -618,7 +618,7 @@ protected function parseInclude($include)
}
$recursiveDirectoryIterator = new \RecursiveDirectoryIterator($basePath);
$iterator = new \RecursiveIteratorIterator($recursiveDirectoryIterator);
// Match simple wildcard globbing "*"
// Match simple wildcard globbing "*"
} elseif (preg_match('#([^\*]*)\*#', $include, $matches) === 1) {
$basePath = $matches['1'];
if (!is_dir($basePath)) {
Expand Down
27 changes: 26 additions & 1 deletion Neos.Media.Browser/Classes/Controller/AssetController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@

use Doctrine\Common\Persistence\Proxy as DoctrineProxy;
use Doctrine\ORM\EntityNotFoundException;
use enshrined\svgSanitize\Sanitizer;
use Neos\Error\Messages\Error;
use Neos\Error\Messages\Message;
use Neos\Flow\Annotations as Flow;
Expand All @@ -35,6 +36,7 @@
use Neos\Media\Domain\Model\AssetCollection;
use Neos\Media\Domain\Model\AssetInterface;
use Neos\Media\Domain\Model\AssetSource\AssetNotFoundExceptionInterface;
use Neos\Media\Domain\Model\AssetSource\AssetProxy\AssetProxyInterface;
use Neos\Media\Domain\Model\AssetSource\AssetProxyRepositoryInterface;
use Neos\Media\Domain\Model\AssetSource\AssetSourceConnectionExceptionInterface;
use Neos\Media\Domain\Model\AssetSource\AssetSourceInterface;
Expand Down Expand Up @@ -371,7 +373,8 @@ public function showAction(string $assetSourceIdentifier, string $assetProxyIden

$this->view->assignMultiple([
'assetProxy' => $assetProxy,
'assetCollections' => $this->assetCollectionRepository->findAll()
'assetCollections' => $this->assetCollectionRepository->findAll(),
'assetContainsMaliciousContent' => $this->checkForMaliciousContent($assetProxy)
]);
} catch (AssetNotFoundExceptionInterface | AssetSourceConnectionExceptionInterface $e) {
$this->view->assign('connectionError', $e);
Expand Down Expand Up @@ -424,6 +427,7 @@ public function editAction(string $assetSourceIdentifier, string $assetProxyIden
'assetCollections' => $this->assetCollectionRepository->findAll(),
'contentPreview' => $contentPreview,
'assetSource' => $assetSource,
'assetContainsMaliciousContent' => $this->checkForMaliciousContent($assetProxy),
'canShowVariants' => ($assetProxy instanceof NeosAssetProxy) && ($assetProxy->getAsset() instanceof VariantSupportInterface)
]);
} catch (AssetNotFoundExceptionInterface | AssetSourceConnectionExceptionInterface $e) {
Expand Down Expand Up @@ -1023,4 +1027,25 @@ private function forwardWithConstraints(string $actionName, string $controllerNa
}
$this->forward($actionName, $controllerName, null, $arguments);
}

private function checkForMaliciousContent(AssetProxyInterface $assetProxy): bool
{
if ($assetProxy->getMediaType() == 'image/svg+xml') {
// @todo: Simplify again when https://github.com/darylldoyle/svg-sanitizer/pull/90 is merged and released.
$previousXmlErrorHandling = libxml_use_internal_errors(true);
$sanitizer = new Sanitizer();

$resource = stream_get_contents($assetProxy->getImportStream());

$sanitizer->sanitize($resource);
libxml_clear_errors();
libxml_use_internal_errors($previousXmlErrorHandling);
$issues = $sanitizer->getXmlIssues();
if ($issues && count($issues) > 0) {
return true;
}
}

return false;
}
}
13 changes: 10 additions & 3 deletions Neos.Media.Browser/Resources/Private/Partials/ContentDefaultPreview.html
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,14 @@
{namespace m=Neos\Media\ViewHelpers}
{namespace neos=Neos\Neos\ViewHelpers}
<div class="neos-preview-image" id="neos-preview-image">
<a href="{assetProxy.originalUri}" target="_blank">
<img src="{assetProxy.previewUri}" class="img-polaroid" alt="{assetProxy.label}"/>
</a>
<f:if condition="{assetContainsMaliciousContent}">
<f:then>
<img src="{assetProxy.previewUri}" class="img-polaroid" alt="{assetProxy.label}"/>
</f:then>
<f:else>
<a href="{assetProxy.originalUri}" target="_blank">
<img src="{assetProxy.previewUri}" class="img-polaroid" alt="{assetProxy.label}"/>
</a>
</f:else>
</f:if>
</div>
14 changes: 13 additions & 1 deletion Neos.Media.Browser/Resources/Private/Templates/Asset/Edit.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,19 @@ <h2>{neos:backend.translate(id: 'connectionError', package: 'Neos.Media.Browser'
</f:if>
<tr>
<th>{neos:backend.translate(id: 'metadata.filename', package: 'Neos.Media.Browser')}</th>
<td><a href="#" target="_blank">{assetProxy.filename}</a></td>
<td>
<f:if condition="{assetContainsMaliciousContent}">
<f:then>
{assetProxy.filename}
<div class="neos-badge neos-badge-important">
{neos:backend.translate(id: 'message.assetContainsMaliciousContent', package: 'Neos.Media.Browser')}
</div>
</f:then>
<f:else>
<a href="{assetProxy.originalUri}" target="_blank">{assetProxy.filename}</a>
</f:else>
</f:if>
</td>
</tr>
<tr>
<th>{neos:backend.translate(id: 'metadata.lastModified', package: 'Neos.Media.Browser')}</th>
Expand Down
27 changes: 23 additions & 4 deletions Neos.Media.Browser/Resources/Private/Templates/Asset/Show.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,19 @@
</f:if>
<tr>
<th>{neos:backend.translate(id: 'metadata.filename', package: 'Neos.Media.Browser')}</th>
<td><a href="{assetProxy.originalUri}" target="_blank">{assetProxy.filename}</a></td>
<td>
<f:if condition="{assetContainsMaliciousContent}">
<f:then>
{assetProxy.filename}
<div class="neos-badge neos-badge-important">
{neos:backend.translate(id: 'message.assetContainsMaliciousContent', package: 'Neos.Media.Browser')}
</div>
</f:then>
<f:else>
<a href="{assetProxy.originalUri}" target="_blank">{assetProxy.filename}</a>
</f:else>
</f:if>
</td>
</tr>
<tr>
<th>{neos:backend.translate(id: 'metadata.lastModified', package: 'Neos.Media.Browser')}</th>
Expand Down Expand Up @@ -85,9 +97,16 @@
<f:section name="ContentImage">
<label>{neos:backend.translate(id: 'preview', package: 'Neos.Media.Browser')}</label>
<div class="neos-preview-image">
<a href="{assetProxy.originalUri}" target="_blank">
<img src="{assetProxy.previewUri}" class="img-polaroid" alt="{assetProxy.label}"/>
</a>
<f:if condition="{assetContainsMaliciousContent}">
<f:then>
<img src="{assetProxy.previewUri}" class="img-polaroid" alt="{assetProxy.label}"/>
</f:then>
<f:else>
<a href="{assetProxy.originalUri}" target="_blank">
<img src="{assetProxy.previewUri}" class="img-polaroid" alt="{assetProxy.label}"/>
</a>
</f:else>
</f:if>
</div>
</f:section>

Expand Down
3 changes: 3 additions & 0 deletions Neos.Media.Browser/Resources/Private/Translations/en/Main.xlf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,9 @@
<trans-unit id="message.operationCannotBeUndone" xml:space="preserve">
<source>This operation cannot be undone.</source>
</trans-unit>
<trans-unit id="message.assetContainsMaliciousContent" xml:space="preserve">
<source>This asset might contain malicious content!</source>
</trans-unit>
<trans-unit id="cancel" xml:space="preserve">
<source>Cancel</source>
</trans-unit>
Expand Down
4 changes: 4 additions & 0 deletions Neos.Media.Browser/Resources/Private/Translations/es/Main.xlf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -570,6 +570,10 @@
<source>Create missing variants</source>
<target state="translated">Crear las variantes que faltan</target>
</trans-unit>
<trans-unit id="message.assetContainsMaliciousContent" xml:space="preserve">
<source>This asset might contain malicious content!</source>
<target state="translated">¡Este activo puede tener contenido malicioso!</target>
</trans-unit>
</body>
</file>
</xliff>
Loading

0 comments on commit 7639495

Please sign in to comment.