From 650c5d3f5e1334a5cc1fc0be15538374baa21534 Mon Sep 17 00:00:00 2001 From: Stian Torjussen <53934716+StianTorjussen@users.noreply.github.com> Date: Wed, 18 Mar 2020 17:18:01 +0100 Subject: [PATCH 01/11] PHP7.2 fix: Added array check before count. (#1454) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Added array check before counting * Apply suggestions from code review Check for existence of post variable Co-Authored-By: André R. <289757+andrerom@users.noreply.github.com> --- .../ezobjectrelationlist/ezobjectrelationlisttype.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/classes/datatypes/ezobjectrelationlist/ezobjectrelationlisttype.php b/kernel/classes/datatypes/ezobjectrelationlist/ezobjectrelationlisttype.php index dc7cf8d240a..64c8abd233a 100644 --- a/kernel/classes/datatypes/ezobjectrelationlist/ezobjectrelationlisttype.php +++ b/kernel/classes/datatypes/ezobjectrelationlist/ezobjectrelationlisttype.php @@ -71,7 +71,8 @@ function validateObjectAttributeHTTPInput( $http, $base, $contentObjectAttribute // If in browse mode and relations have been added using the search field // items are stored in the post variable if ( - $http->postVariable( $postVariableName ) != array( "no_relation" ) + $http->hasPostVariable( $postVariableName ) + && $http->postVariable( $postVariableName ) != array( "no_relation" ) && count( $http->postVariable( $postVariableName ) ) > 0 ) { From 9a282308b040059e10c7960830fc34bd339baafd Mon Sep 17 00:00:00 2001 From: Serhey Dolgushev Date: Tue, 12 May 2020 12:59:23 -0400 Subject: [PATCH 02/11] eZObjectRelationList: Do not store content attribute in fetch call (#1455) eZObjectRelationList: Do not store the content object attribute in the fetch call, because it clears the object's data_map, which means other content object attributes cannot access the data map. --- .../datatypes/ezobjectrelationlist/ezobjectrelationlisttype.php | 1 - 1 file changed, 1 deletion(-) diff --git a/kernel/classes/datatypes/ezobjectrelationlist/ezobjectrelationlisttype.php b/kernel/classes/datatypes/ezobjectrelationlist/ezobjectrelationlisttype.php index 64c8abd233a..b26153af4e0 100644 --- a/kernel/classes/datatypes/ezobjectrelationlist/ezobjectrelationlisttype.php +++ b/kernel/classes/datatypes/ezobjectrelationlist/ezobjectrelationlisttype.php @@ -210,7 +210,6 @@ function fetchObjectAttributeHTTPInput( $http, $base, $contentObjectAttribute ) { $content['relation_list'] = array(); $contentObjectAttribute->setContent( $content ); - $contentObjectAttribute->store(); return true; } // Type is browse and we have no http input From 5dd4ccf2dae85f777b85a3ba15976f6feefff483 Mon Sep 17 00:00:00 2001 From: Gunnstein Lye Date: Tue, 26 May 2020 16:27:18 +0200 Subject: [PATCH 03/11] Travis: Drop missing 5.5 build (#1456) --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 041fa86db97..44e54345e4a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -23,7 +23,7 @@ env: # Aim to run tests on all versions of php, make sure each db is run at least once matrix: include: - - php: 5.5 + - php: 5.6 env: DB="postgresql" DB_USER="postgres" - php: 5.6 env: DB="mysql" DB_USER="root" From 068af41fb1ce81e5df6f037f503590c44276d45f Mon Sep 17 00:00:00 2001 From: Gunnstein Lye Date: Tue, 26 May 2020 14:40:45 +0000 Subject: [PATCH 04/11] Travis: Keep 5.5 build but use Trusty distro --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 44e54345e4a..db5b7136fbd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -23,7 +23,8 @@ env: # Aim to run tests on all versions of php, make sure each db is run at least once matrix: include: - - php: 5.6 + - php: 5.5 + dist: trusty env: DB="postgresql" DB_USER="postgres" - php: 5.6 env: DB="mysql" DB_USER="root" From 925cc50add1e0b5706d7f8a68f5263df2005dc56 Mon Sep 17 00:00:00 2001 From: Gunnstein Lye Date: Wed, 27 May 2020 08:35:17 +0000 Subject: [PATCH 05/11] Revert "Travis: Keep 5.5 build but use Trusty distro" This reverts commit 068af41fb1ce81e5df6f037f503590c44276d45f. --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index db5b7136fbd..44e54345e4a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -23,8 +23,7 @@ env: # Aim to run tests on all versions of php, make sure each db is run at least once matrix: include: - - php: 5.5 - dist: trusty + - php: 5.6 env: DB="postgresql" DB_USER="postgres" - php: 5.6 env: DB="mysql" DB_USER="root" From 39596ffc23905a921f0ee00a2ce9316117e48cef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paulo=20Rog=C3=A9rio=20Teruel=20Valle?= Date: Thu, 27 Aug 2020 00:00:31 -0700 Subject: [PATCH 06/11] EZP-30416: INI settings don't support loose typing (#1429) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Bug fix: INI settings don't support loose typing * Fix not set setting definition * Update settings/contentstructuremenu.ini Co-authored-by: André R <289757+andrerom@users.noreply.github.com> --- settings/contentstructuremenu.ini | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/settings/contentstructuremenu.ini b/settings/contentstructuremenu.ini index d763b79d23e..98d0d492126 100644 --- a/settings/contentstructuremenu.ini +++ b/settings/contentstructuremenu.ini @@ -36,9 +36,8 @@ MaxNodes=150 # SortBy[] # SortBy[]=name/ascending # SortBy[]=published/descending -# if set to "false" - default sorting will be implemented -# (which is defined for each node) -SortBy=false +# if an empty array, it uses the sorting defined for each node instead (from the Ordering tab) +SortBy[] # enabled/disabled ToolTips=enabled From b7c2a06f8f8f2081d767fb66cee5811d800ccba3 Mon Sep 17 00:00:00 2001 From: Gunnstein Lye Date: Mon, 5 Oct 2020 14:11:56 +0000 Subject: [PATCH 07/11] EZP-31643 Object injection in discountruleedit (#139) --- kernel/shop/discountruleedit.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/kernel/shop/discountruleedit.php b/kernel/shop/discountruleedit.php index b64f252d503..e0ab3145f23 100644 --- a/kernel/shop/discountruleedit.php +++ b/kernel/shop/discountruleedit.php @@ -46,9 +46,9 @@ 'discountrule_id' => $discountRuleID ), 'persistent_data' => array( 'discountrule_name' => $http->postVariable( 'discountrule_name' ), 'discountrule_percent' => $http->postVariable( 'discountrule_percent' ), - 'Contentclasses' => ( $http->hasPostVariable( 'Contentclasses' ) )? serialize( $http->postVariable( 'Contentclasses' ) ): '', - 'Sections' => ( $http->hasPostVariable( 'Sections' ) )? serialize( $http->postVariable( 'Sections' ) ): '', - 'Products' => ( $http->hasPostVariable( 'Products' ) )? serialize( $http->postVariable( 'Products' ) ): '' ), + 'Contentclasses' => ( $http->hasPostVariable( 'Contentclasses' ) )? json_encode( $http->postVariable( 'Contentclasses' ) ): '', + 'Sections' => ( $http->hasPostVariable( 'Sections' ) )? json_encode( $http->postVariable( 'Sections' ) ): '', + 'Products' => ( $http->hasPostVariable( 'Products' ) )? json_encode( $http->postVariable( 'Products' ) ): '' ), 'from_page' => "/shop/discountruleedit/$discountGroupID/$discountRuleID" ), $module ); return; @@ -68,7 +68,7 @@ $discountRuleSelectedClasses = $http->postVariable( 'Contentclasses' ); if ( !is_array( $discountRuleSelectedClasses ) ) { - $discountRuleSelectedClasses = unserialize( $discountRuleSelectedClasses ); + $discountRuleSelectedClasses = json_decode( $discountRuleSelectedClasses ); } } @@ -78,7 +78,7 @@ $discountRuleSelectedSections = $http->postVariable( 'Sections' ); if ( !is_array( $discountRuleSelectedSections ) ) { - $discountRuleSelectedSections = unserialize( $discountRuleSelectedSections ); + $discountRuleSelectedSections = json_decode( $discountRuleSelectedSections ); } } @@ -88,7 +88,7 @@ $discountRuleSelectedProducts = $http->postVariable( 'Products' ); if ( !is_array( $discountRuleSelectedProducts ) ) { - $discountRuleSelectedProducts = unserialize( $discountRuleSelectedProducts ); + $discountRuleSelectedProducts = json_decode( $discountRuleSelectedProducts ); } } From f21bbc5ec96aec0384058c81e9eb1b5c71b499e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hrvoje=20Kne=C5=BEevi=C4=87?= Date: Mon, 12 Oct 2020 15:53:12 +0200 Subject: [PATCH 08/11] Fix handling of headings in table header cells (#1457) --- extension/ezoe/ezxmltext/handlers/input/ezoeinputparser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extension/ezoe/ezxmltext/handlers/input/ezoeinputparser.php b/extension/ezoe/ezxmltext/handlers/input/ezoeinputparser.php index 7181f73e4dc..a04cea77285 100644 --- a/extension/ezoe/ezxmltext/handlers/input/ezoeinputparser.php +++ b/extension/ezoe/ezxmltext/handlers/input/ezoeinputparser.php @@ -999,7 +999,7 @@ function structHandlerHeader( $element, $newParent ) { ++$sectionLevel; } - elseif ( $current->nodeName === 'td' ) + elseif ( $current->nodeName === 'td' || $current->nodeName === 'th' ) { ++$sectionLevel; break; From 9f16e49e7226f52fe541f6f092b728ddc65472c3 Mon Sep 17 00:00:00 2001 From: Bartek Date: Mon, 12 Oct 2020 16:10:07 +0200 Subject: [PATCH 09/11] EZP-32018: Fixed empty ezdate field transformation (#1464) * EZP-32018: Fixed empty ezdate field transformation * EZP-32018: CS * EZP-32018: CS --- lib/ezutils/classes/eztimestamp.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lib/ezutils/classes/eztimestamp.php b/lib/ezutils/classes/eztimestamp.php index fcbecd85b23..181d58f4644 100644 --- a/lib/ezutils/classes/eztimestamp.php +++ b/lib/ezutils/classes/eztimestamp.php @@ -14,6 +14,12 @@ class eZTimestamp \return a timestamp in UTC */ public static function getUtcTimestampFromLocalTimestamp( $localTimestamp ) { + + if ( !$localTimestamp ) + { + return null; + } + $utcTimezone = new \DateTimeZone( 'UTC' ); $localTimezone = new \DateTimeZone( date_default_timezone_get() ); @@ -28,6 +34,12 @@ public static function getUtcTimestampFromLocalTimestamp( $localTimestamp ) { \return a timestamp in timezone defined in php.ini */ public static function getLocalTimestampFromUtcTimestamp( $utcTimestamp ) { + + if ( !$utcTimestamp ) + { + return null; + } + $utcTimezone = new \DateTimeZone( 'UTC' ); $localTimezone = new \DateTimeZone( date_default_timezone_get() ); From a6a6c323c77d2467ff7396838ab18cd549ea7776 Mon Sep 17 00:00:00 2001 From: Bartek Date: Wed, 14 Oct 2020 09:31:24 +0200 Subject: [PATCH 10/11] EZP-32018: Added additional validation to ezdate fieldtype (#1465) --- lib/ezutils/classes/eztimestamp.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/ezutils/classes/eztimestamp.php b/lib/ezutils/classes/eztimestamp.php index 181d58f4644..6e952f05ffb 100644 --- a/lib/ezutils/classes/eztimestamp.php +++ b/lib/ezutils/classes/eztimestamp.php @@ -15,7 +15,7 @@ class eZTimestamp */ public static function getUtcTimestampFromLocalTimestamp( $localTimestamp ) { - if ( !$localTimestamp ) + if ( $localTimestamp === null || $localTimestamp === '' ) { return null; } @@ -35,7 +35,7 @@ public static function getUtcTimestampFromLocalTimestamp( $localTimestamp ) { */ public static function getLocalTimestampFromUtcTimestamp( $utcTimestamp ) { - if ( !$utcTimestamp ) + if ( $utcTimestamp === null || $utcTimestamp === '' ) { return null; } From f8e3a97afd92efb9148134a4bacb35a875777a42 Mon Sep 17 00:00:00 2001 From: Gunnstein Lye Date: Fri, 3 Sep 2021 18:17:40 +0200 Subject: [PATCH 11/11] Merge pull request from GHSA-jpwx-ffjq-wr4w --- kernel/private/classes/ezcontentobjectstate.php | 2 ++ kernel/private/classes/ezcontentobjectstategroup.php | 1 + 2 files changed, 3 insertions(+) diff --git a/kernel/private/classes/ezcontentobjectstate.php b/kernel/private/classes/ezcontentobjectstate.php index 27f320aa2fe..1d1f115d53a 100644 --- a/kernel/private/classes/ezcontentobjectstate.php +++ b/kernel/private/classes/ezcontentobjectstate.php @@ -67,6 +67,7 @@ static function definition() */ public static function fetchById( $id ) { + $id = (int)$id; $states = self::fetchByConditions( array( "ezcobj_state.id=$id" ), 1, 0 ); $state = count( $states ) > 0 ? $states[0] : false; return $state; @@ -145,6 +146,7 @@ private static function fetchByConditions( $conditions, $limit, $offset ) */ public static function fetchByGroup( $groupID, $limit = false, $offset = false ) { + $groupID = (int)$groupID; return self::fetchByConditions( array( "ezcobj_state_group.id=$groupID" ), $limit, $offset ); } diff --git a/kernel/private/classes/ezcontentobjectstategroup.php b/kernel/private/classes/ezcontentobjectstategroup.php index 8ef56dc738a..008ab006dc7 100644 --- a/kernel/private/classes/ezcontentobjectstategroup.php +++ b/kernel/private/classes/ezcontentobjectstategroup.php @@ -65,6 +65,7 @@ public static function definition() */ public static function fetchById( $id ) { + $id = (int)$id; $stateGroups = self::fetchByConditions( array( "ezcobj_state_group.id=$id" ), 1, 0 ); $stateGroup = count( $stateGroups ) > 0 ? $stateGroups[0] : false; return $stateGroup;