Merge branch 'release/4.5.6' into main

Author: brandonkelly

CHANGELOG.md

@@ -1,5 +1,36 @@
 # Release Notes for Craft CMS 4
 
+## 4.5.6 - 2023-09-26
+
+- When slideouts are opened within Live Preview, they now slide up over the editor pane, rather than covering the preview pane. ([#13739](https://github.com/craftcms/cms/pull/13739))
+- Cross-site validation now only involves fields which were actually modified in the element save. ([#13675](https://github.com/craftcms/cms/discussions/13675))
+- Row headings within Table fields now get statically translated. ([#13703](https://github.com/craftcms/cms/discussions/13703))
+- Element condition settings within field layout components now display a warning if the `autosaveDrafts` config setting is disabled. ([#12348](https://github.com/craftcms/cms/issues/12348))
+- Added the `resave/addresses` command. ([#13720](https://github.com/craftcms/cms/discussions/13720))
+- The `resave/matrix-blocks` command now supports an `--owner-id` option.
+- Added `craft\helpers\App::phpExecutable()`.
+- Added `craft\helpers\Component::cleanseConfig()`.
+- `craft\helpers\Component::createComponent()` now filters out `as X` and `on X` keys from the component config.
+- `craft\services\Announcements::push()` now has an `$adminsOnly` argument. ([#13728](https://github.com/craftcms/cms/discussions/13728))
+- `Craft.appendHeadHtml()` and `appendBodyHtml()` now load external scripts asynchronously, and return promises.
+- Improved the reliability of Composer operations when PHP is running via FastCGI. ([#13681](https://github.com/craftcms/cms/issues/13681))
+- Fixed a bug where it wasn’t always possible to create new entries from custom sources which were limited to one section.
+- Fixed a bug where relational fields weren’t factoring in cross-site elements when enforcing their “Min Relations”, “Max Relations”, and “Validate related entries” settings. ([#13699](https://github.com/craftcms/cms/issues/13699))
+- Fixed a bug where pagination wasn’t working for admin tables, if the `onQueryParams` callback method wasn’t set. ([#13677](https://github.com/craftcms/cms/issues/13677))
+- Fixed a bug where relations within Matrix blocks weren’t getting restored when restoring a revision’s content. ([#13626](https://github.com/craftcms/cms/issues/13626))
+- Fixed a bug where the filesystem and volume-creation slideouts could keep reappearing if canceled. ([#13707](https://github.com/craftcms/cms/issues/13707))
+- Fixed an error that could occur when reattempting to update to Craft 4.5. ([#13714](https://github.com/craftcms/cms/issues/13714))
+- Fixed a bug where date and time inputs could be parsed incorrectly, if the user’s formatting locale wasn’t explicitly set, or it changed between page load and form submit. ([#13731](https://github.com/craftcms/cms/issues/13731))
+- Fixed JavaScript errors that could occur when control panel resources were being loaded from a different domain. ([#13715](https://github.com/craftcms/cms/issues/13715))
+- Fixed a PHP error that occurred if the `CRAFT_DOTENV_PATH` environment variable was set, or a console command was executed with the `--dotenvPath` option. ([#13725](https://github.com/craftcms/cms/issues/13725))
+- Fixed a bug where long element titles weren’t always getting truncated in the control panel. ([#13718](https://github.com/craftcms/cms/issues/13718))
+- Fixed a bug where checkboxes could be preselected if they had an empty value. ([#13710](https://github.com/craftcms/cms/issues/13710))
+- Fixed a bug where links in validation summaries weren’t working if the offending field was in a collapsed Matrix block. ([#13708](https://github.com/craftcms/cms/issues/13708))
+- Fixed a bug where cross-site validation could apply even if `craft\services\Elements::saveElement()` was called with `$runValidation` set to `false`.
+- Fixed some wonky scrolling behavior on pages where the details pane was shorter than the content pane. ([#13637](https://github.com/craftcms/cms/issues/13637))
+- Fixed a division by zero error. ([#13712](https://github.com/craftcms/cms/issues/13712))
+- Fixed an RCE vulnerability.
+
 ## 4.5.5 - 2023-09-14
 
 - Added the `maxGraphqlBatchSize` config setting. ([#13693](https://github.com/craftcms/cms/issues/13693))

bootstrap/bootstrap.php

@@ -41,12 +41,14 @@
     }
 };
 
-$findConfigPath = function($cliName, $envName) use ($createFolder) {
+$findConfigPath = function(string $cliName, string $envName, bool $isFile = false) use ($createFolder) {
     $path = App::cliOption($cliName, true) ?? App::env($envName);
     if (!$path) {
         return null;
     }
-    $createFolder($path);
+    if (!$isFile) {
+        $createFolder($path);
+    }
     return realpath($path);
 };
 
@@ -76,8 +78,8 @@
 // Set the "project root" path that contains config/, storage/, etc. By default assume that it's up a level from vendor/.
 $rootPath = $findConfigPath('--basePath', 'CRAFT_BASE_PATH') ?? dirname($vendorPath);
 
-// By default the remaining directories will be in the base directory
-$dotenvPath = $findConfigPath('--dotenvPath', 'CRAFT_DOTENV_PATH') ?? "$rootPath/.env";
+// By default the remaining files/directories will be in the base directory
+$dotenvPath = $findConfigPath('--dotenvPath', 'CRAFT_DOTENV_PATH', true) ?? "$rootPath/.env";
 $configPath = $findConfigPath('--configPath', 'CRAFT_CONFIG_PATH') ?? "$rootPath/config";
 $contentMigrationsPath = $findConfigPath('--contentMigrationsPath', 'CRAFT_CONTENT_MIGRATIONS_PATH') ?? "$rootPath/migrations";
 $storagePath = $findConfigPath('--storagePath', 'CRAFT_STORAGE_PATH') ?? "$rootPath/storage";

packages/craftcms-vue/admintable/App.vue

@@ -610,7 +610,9 @@
         };
 
         if (this.onQueryParams instanceof Function) {
-          params = this.onQueryParams(params);
+          let callbackParams = this.onQueryParams(params);
+          // if `callbackParams` is not undefined, use them instead of `params`
+          params = callbackParams || params;
         }
 
         return params;

src/base/FieldLayoutComponent.php

@@ -261,6 +261,12 @@ public function getSettingsHtml(): string
                     'instructions' => Craft::t('app', 'Only show when editing {type} that match the following rules:', [
                         'type' => $elementType::pluralLowerDisplayName(),
                     ]),
+                    'warning' => !Craft::$app->getConfig()->getGeneral()->autosaveDrafts
+                        ? sprintf(
+                            '`autosaveDrafts` must be enabled for this condition to take effect automatically when editing %s.',
+                            $elementType::pluralLowerDisplayName(),
+                        )
+                        : null,
                 ]);
             }
         }

src/config/app.php

@@ -3,7 +3,7 @@
 return [
     'id' => 'CraftCMS',
     'name' => 'Craft CMS',
-    'version' => '4.5.5',
+    'version' => '4.5.6',
     'schemaVersion' => '4.5.3.0',
     'minVersionRequired' => '3.7.11',
     'basePath' => dirname(__DIR__), // Defines the @app alias

src/console/controllers/ResaveController.php

@@ -10,6 +10,7 @@
 use Craft;
 use craft\base\ElementInterface;
 use craft\console\Controller;
+use craft\elements\Address;
 use craft\elements\Asset;
 use craft\elements\Category;
 use craft\elements\db\ElementQuery;
@@ -184,6 +185,18 @@ final public static function normalizeTo(?string $to): callable
      */
     public ?string $field = null;
 
+    /**
+     * @var string|int[]|null Comma-separated list of owner element IDs.
+     * @since 4.5.6
+     */
+    public string|array|null $ownerId = null;
+
+    /**
+     * @var string|null Comma-separated list of country codes.
+     * @since 4.5.6
+     */
+    public ?string $countryCode = null;
+
     /**
      * @var string|null An attribute name that should be set for each of the elements. The value will be determined by --to.
      * @since 3.7.29
@@ -233,6 +246,10 @@ public function options($actionID): array
         $options[] = 'touch';
 
         switch ($actionID) {
+            case 'addresses':
+                $options[] = 'ownerId';
+                $options[] = 'countryCode';
+                break;
             case 'assets':
                 $options[] = 'volume';
                 break;
@@ -252,6 +269,7 @@ public function options($actionID): array
                 break;
             case 'matrix-blocks':
                 $options[] = 'field';
+                $options[] = 'ownerId';
                 $options[] = 'type';
                 break;
         }
@@ -299,6 +317,24 @@ public function beforeAction($action): bool
         return true;
     }
 
+    /**
+     * Re-saves user addresses.
+     *
+     * @return int
+     * @since 4.5.6
+     */
+    public function actionAddresses(): int
+    {
+        $criteria = [];
+        if (isset($this->ownerId)) {
+            $criteria['ownerId'] = array_map(fn(string $id) => (int)$id, explode(',', (string)$this->ownerId));
+        }
+        if (isset($this->countryCode)) {
+            $criteria['countryCode'] = explode(',', (string)$this->countryCode);
+        }
+        return $this->resaveElements(Address::class, $criteria);
+    }
+
     /**
      * Re-saves assets.
      *
@@ -358,6 +394,9 @@ public function actionMatrixBlocks(): int
         if (isset($this->field)) {
             $criteria['field'] = explode(',', $this->field);
         }
+        if (isset($this->ownerId)) {
+            $criteria['ownerId'] = array_map(fn(string $id) => (int)$id, explode(',', (string)$this->ownerId));
+        }
         if (isset($this->type)) {
             $criteria['type'] = explode(',', $this->type);
         }

src/console/controllers/SetupController.php

@@ -29,7 +29,6 @@
 use Symfony\Component\Console\Helper\QuestionHelper;
 use Symfony\Component\Console\Input\StringInput;
 use Symfony\Component\Console\Output\StreamOutput;
-use Symfony\Component\Process\PhpExecutableFinder;
 use Symfony\Component\Process\Process;
 use Throwable;
 use yii\base\InvalidConfigException;
@@ -627,7 +626,7 @@ public function actionCloud(): int
         }
 
         $process = new Process([
-            (new PhpExecutableFinder())->find() ?: 'php',
+            App::phpExecutable() ?? 'php',
             $script,
             'cloud/setup',
         ]);

src/console/controllers/UpdateController.php

@@ -21,7 +21,6 @@
 use craft\models\Updates;
 use craft\models\Updates as UpdatesModel;
 use Symfony\Component\Process\Exception\ProcessFailedException;
-use Symfony\Component\Process\PhpExecutableFinder;
 use Symfony\Component\Process\Process;
 use Throwable;
 use yii\base\InvalidConfigException;
@@ -416,7 +415,7 @@ private function _migrate(): bool
 
         $this->stdout('Applying new migrations ... ', Console::FG_YELLOW);
 
-        $php = (new PhpExecutableFinder())->find() ?: 'php';
+        $php = App::phpExecutable() ?? 'php';
         $process = new Process([$php, $script, 'migrate/all', '--no-backup', '--no-content']);
         $process->setTimeout(null);
         try {
@@ -480,7 +479,7 @@ private function _revertComposerChanges(): void
 
         $this->stdout('Reverting Composer changes ... ', Console::FG_YELLOW);
 
-        $php = (new PhpExecutableFinder())->find() ?: 'php';
+        $php = App::phpExecutable() ?? 'php';
         $process = new Process([$php, $script, 'update/composer-install']);
         $process->setTimeout(null);
         try {

src/fields/BaseOptionsField.php

@@ -345,19 +345,7 @@ public function normalizeValue(mixed $value, ?ElementInterface $element = null):
         $optionLabels = [];
         foreach ($this->options() as $option) {
             if (!isset($option['optgroup'])) {
-                // special case for blank options, when $value is null
-                if ($value === null && $option['value'] === '') {
-                    if (!$selectedBlankOption) {
-                        $selectedValues[] = '';
-                        $selectedBlankOption = true;
-                        $selected = true;
-                    } else {
-                        $selected = false;
-                    }
-                } else {
-                    $selected = in_array($option['value'], $selectedValues, true);
-                }
-
+                $selected = $this->isOptionSelected($option, $value, $selectedValues, $selectedBlankOption);
                 $options[] = new OptionData($option['label'], $option['value'], $selected, true);
                 $optionValues[] = (string)$option['value'];
                 $optionLabels[] = (string)$option['label'];
@@ -390,6 +378,20 @@ public function normalizeValue(mixed $value, ?ElementInterface $element = null):
         return $value;
     }
 
+    /**
+     * Check if given option should be marked as selected.
+     *
+     * @param array $option
+     * @param mixed $value
+     * @param array $selectedValues
+     * @param bool $selectedBlankOption
+     * @return bool
+     */
+    protected function isOptionSelected(array $option, mixed $value, array &$selectedValues, bool &$selectedBlankOption): bool
+    {
+        return in_array($option['value'], $selectedValues, true);
+    }
+
     /**
      * @inheritdoc
      */

src/fields/BaseRelationField.php

@@ -439,6 +439,10 @@ public function validateRelationCount(ElementInterface $element): void
             /** @var ElementQueryInterface|Collection $value */
             $value = $element->getFieldValue($this->handle);
 
+            if ($value instanceof ElementQueryInterface) {
+                $value = $this->_all($value);
+            }
+
             $arrayValidator = new NumberValidator([
                 'min' => $this->minRelations,
                 'max' => $this->maxRelations,
@@ -473,6 +477,11 @@ public function validateRelatedElements(ElementInterface $element): void
 
         /** @var ElementQueryInterface|Collection $value */
         $value = $element->getFieldValue($this->handle);
+
+        if ($value instanceof ElementQueryInterface) {
+            $value = $this->_all($value);
+        }
+
         $errorCount = 0;
 
         foreach ($value->all() as $i => $related) {

src/fields/Dropdown.php

@@ -113,4 +113,23 @@ protected function optionsSettingLabel(): string
     {
         return Craft::t('app', 'Dropdown Options');
     }
+
+    /**
+     * @inheritdoc
+     */
+    protected function isOptionSelected(array $option, mixed $value, array &$selectedValues, bool &$selectedBlankOption): bool
+    {
+        // special case for blank options, when $value is null
+        if ($value === null && $option['value'] === '') {
+            if (!$selectedBlankOption) {
+                $selectedValues[] = '';
+                $selectedBlankOption = true;
+                return true;
+            }
+
+            return false;
+        }
+
+        return in_array($option['value'], $selectedValues, true);
+    }
 }

src/fields/Table.php

@@ -440,6 +440,15 @@ private function _normalizeValueInternal(mixed $value, ?ElementInterface $elemen
 
         $defaults = $this->defaults ?? [];
 
+        // Apply static translations
+        foreach ($defaults as &$row) {
+            foreach ($this->columns as $colId => $col) {
+                if ($col['type'] === 'heading' && isset($row[$colId])) {
+                    $row[$colId] = Craft::t('site', $row[$colId]);
+                }
+            }
+        }
+
         if (is_string($value) && !empty($value)) {
             $value = Json::decodeIfJson($value);
         } elseif ($value === null && $this->isFresh($element)) {

src/helpers/App.php

@@ -34,6 +34,7 @@
 use HTMLPurifier_Encoder;
 use ReflectionClass;
 use ReflectionProperty;
+use Symfony\Component\Process\PhpExecutableFinder;
 use yii\base\Event;
 use yii\base\Exception;
 use yii\base\InvalidArgumentException;
@@ -604,6 +605,35 @@ public static function isPathAllowed(string $path): bool
         return false;
     }
 
+    /**
+     * Returns the path to a PHP executable which should be used by sub processes.
+     *
+     * @return string|null The PHP executable path, or `null` if it can’t be determined.
+     * @since 4.5.6
+     */
+    public static function phpExecutable(): ?string
+    {
+        // If PHP_BINARY was set to $_SERVER, update the environment variable to match
+        if (isset($_SERVER['PHP_BINARY']) && $_SERVER['PHP_BINARY'] !== getenv('PHP_BINARY')) {
+            putenv(sprintf('PHP_BINARY=%s', $_SERVER['PHP_BINARY']));
+        }
+
+        if (
+            getenv('PHP_BINARY') === false &&
+            PHP_BINARY &&
+            PHP_SAPI === 'cgi-fcgi' &&
+            str_ends_with(PHP_BINARY, 'php-cgi')
+        ) {
+            // See if a `php` file exists alongside `php-cgi`, and if so, use that
+            $file = dirname(PHP_BINARY) . DIRECTORY_SEPARATOR . 'php';
+            if (@is_executable($file) && !@is_dir($file)) {
+                return $file;
+            }
+        }
+
+        return (new PhpExecutableFinder())->find() ?: null;
+    }
+
     /**
      * Tests whether ini_set() works.
      *

src/helpers/Component.php

@@ -140,7 +140,7 @@ public static function createComponent(string|array $config, ?string $instanceOf
 
         // Instantiate and return
         $config['class'] = $class;
-        return Craft::createObject($config);
+        return Craft::createObject(static::cleanseConfig($config));
     }
 
     /**