Merge branch 'master' into bugfix/unlock-phpstan-level-5

calendar-bundle/src/Resources/contao/dca/tl_calendar_events.php

@@ -1199,17 +1199,19 @@ public function toggleVisibility($intId, $blnVisible, DataContainer $dc=null)
 			throw new AccessDeniedException('Not enough permissions to publish/unpublish event ID ' . $intId . '.');
 		}
 
+		$objRow = $this->Database->prepare("SELECT * FROM tl_calendar_events WHERE id=?")
+								 ->limit(1)
+								 ->execute($intId);
+
+		if ($objRow->numRows < 1)
+		{
+			throw new AccessDeniedException('Invalid event ID ' . $intId . '.');
+		}
+
 		// Set the current record
 		if ($dc)
 		{
-			$objRow = $this->Database->prepare("SELECT * FROM tl_calendar_events WHERE id=?")
-									 ->limit(1)
-									 ->execute($intId);
-
-			if ($objRow->numRows)
-			{
-				$dc->activeRecord = $objRow;
-			}
+			$dc->activeRecord = $objRow;
 		}
 
 		$objVersions = new Versions('tl_calendar_events', $intId);

calendar-bundle/src/Resources/contao/dca/tl_content.php

@@ -13,20 +13,15 @@
 use Contao\BackendUser;
 use Contao\Calendar;
 use Contao\CoreBundle\Exception\AccessDeniedException;
-use Contao\DataContainer;
-use Contao\Image;
 use Contao\Input;
-use Contao\StringUtil;
 use Contao\System;
-use Contao\Versions;
 use Symfony\Component\HttpFoundation\Session\SessionInterface;
 
 // Dynamically add the permission check and other callbacks
 if (Input::get('do') == 'calendar')
 {
 	array_unshift($GLOBALS['TL_DCA']['tl_content']['config']['onload_callback'], array('tl_content_calendar', 'checkPermission'));
 	$GLOBALS['TL_DCA']['tl_content']['config']['onload_callback'][] = array('tl_content_calendar', 'generateFeed');
-	$GLOBALS['TL_DCA']['tl_content']['list']['operations']['toggle']['button_callback'] = array('tl_content_calendar', 'toggleIcon');
 }
 
 /**
@@ -177,149 +172,4 @@ public function generateFeed()
 
 		$objSession->set('calendar_feed_updater', null);
 	}
-
-	/**
-	 * Return the "toggle visibility" button
-	 *
-	 * @param array  $row
-	 * @param string $href
-	 * @param string $label
-	 * @param string $title
-	 * @param string $icon
-	 * @param string $attributes
-	 *
-	 * @return string
-	 */
-	public function toggleIcon($row, $href, $label, $title, $icon, $attributes)
-	{
-		if (Input::get('cid'))
-		{
-			$this->toggleVisibility(Input::get('cid'), (Input::get('state') == 1), (@func_get_arg(12) ?: null));
-			$this->redirect($this->getReferer());
-		}
-
-		// Check permissions AFTER checking the cid, so hacking attempts are logged
-		if (!$this->User->hasAccess('tl_content::invisible', 'alexf'))
-		{
-			return '';
-		}
-
-		$href .= '&id=' . Input::get('id') . '&cid=' . $row['id'] . '&state=' . $row['invisible'];
-
-		if ($row['invisible'])
-		{
-			$icon = 'invisible.svg';
-		}
-
-		return '<a href="' . $this->addToUrl($href) . '" title="' . StringUtil::specialchars($title) . '" data-tid="cid"' . $attributes . '>' . Image::getHtml($icon, $label, 'data-state="' . ($row['invisible'] ? 0 : 1) . '"') . '</a> ';
-	}
-
-	/**
-	 * Toggle the visibility of an element
-	 *
-	 * @param integer       $intId
-	 * @param boolean       $blnVisible
-	 * @param DataContainer $dc
-	 */
-	public function toggleVisibility($intId, $blnVisible, DataContainer $dc=null)
-	{
-		// Set the ID and action
-		Input::setGet('id', $intId);
-		Input::setGet('act', 'toggle');
-
-		if ($dc)
-		{
-			$dc->id = $intId; // see #8043
-		}
-
-		// Trigger the onload_callback
-		if (is_array($GLOBALS['TL_DCA']['tl_content']['config']['onload_callback']))
-		{
-			foreach ($GLOBALS['TL_DCA']['tl_content']['config']['onload_callback'] as $callback)
-			{
-				if (is_array($callback))
-				{
-					$this->import($callback[0]);
-					$this->{$callback[0]}->{$callback[1]}($dc);
-				}
-				elseif (is_callable($callback))
-				{
-					$callback($dc);
-				}
-			}
-		}
-
-		// Check the field access
-		if (!$this->User->hasAccess('tl_content::invisible', 'alexf'))
-		{
-			throw new AccessDeniedException('Not enough permissions to publish/unpublish content element ID ' . $intId . '.');
-		}
-
-		// Set the current record
-		if ($dc)
-		{
-			$objRow = $this->Database->prepare("SELECT * FROM tl_content WHERE id=?")
-									 ->limit(1)
-									 ->execute($intId);
-
-			if ($objRow->numRows)
-			{
-				$dc->activeRecord = $objRow;
-			}
-		}
-
-		$objVersions = new Versions('tl_content', $intId);
-		$objVersions->initialize();
-
-		// Reverse the logic (elements have invisible=1)
-		$blnVisible = !$blnVisible;
-
-		// Trigger the save_callback
-		if (is_array($GLOBALS['TL_DCA']['tl_content']['fields']['invisible']['save_callback']))
-		{
-			foreach ($GLOBALS['TL_DCA']['tl_content']['fields']['invisible']['save_callback'] as $callback)
-			{
-				if (is_array($callback))
-				{
-					$this->import($callback[0]);
-					$blnVisible = $this->{$callback[0]}->{$callback[1]}($blnVisible, $dc);
-				}
-				elseif (is_callable($callback))
-				{
-					$blnVisible = $callback($blnVisible, $dc);
-				}
-			}
-		}
-
-		$time = time();
-
-		// Update the database
-		$this->Database->prepare("UPDATE tl_content SET tstamp=$time, invisible='" . ($blnVisible ? '1' : '') . "' WHERE id=?")
-					   ->execute($intId);
-
-		if ($dc)
-		{
-			$dc->activeRecord->tstamp = $time;
-			$dc->activeRecord->invisible = ($blnVisible ? '1' : '');
-		}
-
-		// Trigger the onsubmit_callback
-		if (is_array($GLOBALS['TL_DCA']['tl_content']['config']['onsubmit_callback']))
-		{
-			foreach ($GLOBALS['TL_DCA']['tl_content']['config']['onsubmit_callback'] as $callback)
-			{
-				if (is_array($callback))
-				{
-					$this->import($callback[0]);
-					$this->{$callback[0]}->{$callback[1]}($dc);
-				}
-				elseif (is_callable($callback))
-				{
-					$callback($dc);
-				}
-			}
-		}
-
-		$objVersions->create();
-	}
 }

calendar-bundle/src/Resources/contao/languages/en/tl_calendar.xlf

@@ -54,7 +54,7 @@
         <source>Require login to comment</source>
       </trans-unit>
       <trans-unit id="tl_calendar.requireLogin.1">
-        <source>Allow only authenticated users to create comments.</source>
+        <source>Allow only authenticated members to create comments.</source>
       </trans-unit>
       <trans-unit id="tl_calendar.disableCaptcha.0">
         <source>Disable spam protection</source>

calendar-bundle/src/Resources/contao/modules/ModuleEventlist.php

@@ -273,7 +273,19 @@ protected function compile()
 			}
 		}
 
-		$rootDir = System::getContainer()->getParameter('kernel.project_dir');
+		$projectDir = System::getContainer()->getParameter('kernel.project_dir');
+		$uuids = array();
+
+		for ($i=$offset; $i<$limit; $i++)
+		{
+			if ($arrEvents[$i]['addImage'] && $arrEvents[$i]['singleSRC'] != '')
+			{
+				$uuids[] = $arrEvents[$i]['singleSRC'];
+			}
+		}
+
+		// Preload all images in one query so they are loaded into the model registry
+		FilesModel::findMultipleByUuids($uuids);
 
 		// Parse events
 		for ($i=$offset; $i<$limit; $i++)
@@ -340,7 +352,7 @@ protected function compile()
 			{
 				$objModel = FilesModel::findByUuid($event['singleSRC']);
 
-				if ($objModel !== null && is_file($rootDir . '/' . $objModel->path))
+				if ($objModel !== null && is_file($projectDir . '/' . $objModel->path))
 				{
 					if ($imgSize)
 					{

calendar-bundle/src/Security/ContaoCalendarPermissions.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of Contao.
+ *
+ * (c) Leo Feyer
+ *
+ * @license LGPL-3.0-or-later
+ */
+
+namespace Contao\CalendarBundle\Security;
+
+final class ContaoCalendarPermissions
+{
+    public const USER_CAN_EDIT_CALENDAR = 'contao_user.calendars';
+    public const USER_CAN_CREATE_CALENDARS = 'contao_user.calendarp.create';
+    public const USER_CAN_DELETE_CALENDARS = 'contao_user.calendarp.delete';
+
+    public const USER_CAN_EDIT_FEED = 'contao_user.calendarfeeds';
+    public const USER_CAN_CREATE_FEEDS = 'contao_user.calendarfeedp.create';
+    public const USER_CAN_DELETE_FEEDS = 'contao_user.calendarfeedp.delete';
+}

comments-bundle/src/Resources/contao/dca/tl_comments.php

@@ -699,17 +699,19 @@ public function toggleVisibility($intId, $blnVisible, DataContainer $dc=null)
 			throw new AccessDeniedException('Not enough permissions to publish/unpublish comment ID ' . $intId . '.');
 		}
 
+		$objRow = $this->Database->prepare("SELECT * FROM tl_comments WHERE id=?")
+								 ->limit(1)
+								 ->execute($intId);
+
+		if ($objRow->numRows < 1)
+		{
+			throw new AccessDeniedException('Invalid comment ID ' . $intId . '.');
+		}
+
 		// Set the current record
 		if ($dc)
 		{
-			$objRow = $this->Database->prepare("SELECT * FROM tl_comments WHERE id=?")
-									 ->limit(1)
-									 ->execute($intId);
-
-			if ($objRow->numRows)
-			{
-				$dc->activeRecord = $objRow;
-			}
+			$dc->activeRecord = $objRow;
 		}
 
 		$objVersions = new Versions('tl_comments', $intId);

comments-bundle/src/Resources/contao/languages/en/tl_content.xlf

@@ -30,7 +30,7 @@
         <source>Require login to comment</source>
       </trans-unit>
       <trans-unit id="tl_content.com_requireLogin.1">
-        <source>Allow only authenticated users to create comments.</source>
+        <source>Allow only authenticated members to create comments.</source>
       </trans-unit>
       <trans-unit id="tl_content.com_disableCaptcha.0">
         <source>Disable spam protection</source>

composer.json

@@ -47,6 +47,7 @@
         "contao-components/tinymce4": "^4.7",
         "contao/image": "^1.0",
         "contao/imagine-svg": "^0.2.3 || ^1.0",
+        "contao/maintenance-bundle-deprecated": "^2.1.5",
         "contao/manager-plugin": "^2.6.2",
         "doctrine/dbal": "^2.10",
         "doctrine/doctrine-bundle": "^1.8 || ^2.0",
@@ -60,7 +61,6 @@
         "lcobucci/jwt": "^3.2",
         "league/uri-components": "^1.8",
         "league/uri-schemes": "^1.2",
-        "lexik/maintenance-bundle": "^2.1.5",
         "matthiasmullie/minify": "^1.3",
         "michelf/php-markdown": "^1.4",
         "nelmio/cors-bundle": "^1.5.3 || ^2.0.1",

core-bundle/composer.json

@@ -116,20 +116,20 @@
     "require-dev": {
         "ext-fileinfo": "*",
         "composer/composer": "^1.0",
+        "contao/maintenance-bundle-deprecated": "^2.1.5",
         "contao/manager-plugin": "^2.3.1",
         "contao/test-case": "^4.2",
         "doctrine/event-manager": "^1.0",
-        "lexik/maintenance-bundle": "^2.1.5",
         "monolog/monolog": "^1.24",
         "phpunit/phpunit": "^8.4",
         "psr/event-dispatcher": "^1.0",
         "symfony/browser-kit": "4.4.*",
         "symfony/http-client": "4.4.*",
+        "symfony/monolog-bundle": "^3.1",
         "symfony/phpunit-bridge": "4.4.*"
     },
     "suggest": {
-        "contao/tcpdf-bundle": "To export articles as PDF files",
-        "lexik/maintenance-bundle": "To put the application into maintenance mode"
+        "contao/tcpdf-bundle": "To export articles as PDF files"
     },
     "extra": {
         "branch-alias": {

core-bundle/src/Cache/ContaoCacheWarmer.php

@@ -48,7 +48,7 @@ class ContaoCacheWarmer implements CacheWarmerInterface
     /**
      * @var string
      */
-    private $rootDir;
+    private $projectDir;
 
     /**
      * @var Connection
@@ -68,12 +68,12 @@ class ContaoCacheWarmer implements CacheWarmerInterface
     /**
      * @internal Do not inherit from this class; decorate the "contao.cache.warm_internal" service instead
      */
-    public function __construct(Filesystem $filesystem, ResourceFinderInterface $finder, FileLocator $locator, string $rootDir, Connection $connection, ContaoFramework $framework, array $locales)
+    public function __construct(Filesystem $filesystem, ResourceFinderInterface $finder, FileLocator $locator, string $projectDir, Connection $connection, ContaoFramework $framework, array $locales)
     {
         $this->filesystem = $filesystem;
         $this->finder = $finder;
         $this->locator = $locator;
-        $this->rootDir = $rootDir;
+        $this->projectDir = $projectDir;
         $this->connection = $connection;
         $this->framework = $framework;
         $this->locales = $locales;
@@ -140,7 +140,7 @@ private function generateLanguageCache(string $cacheDir): void
     {
         $dumper = new CombinedFileDumper(
             $this->filesystem,
-            new DelegatingLoader(new LoaderResolver([new PhpFileLoader(), new XliffFileLoader($this->rootDir)])),
+            new DelegatingLoader(new LoaderResolver([new PhpFileLoader(), new XliffFileLoader($this->projectDir)])),
             Path::join($cacheDir, 'contao')
         );
 
@@ -223,7 +223,7 @@ private function generateTemplateMapper(string $cacheDir): void
         $mapper = [];
 
         foreach ($files as $file) {
-            $mapper[$file->getBasename('.html5')] = Path::makeRelative($file->getPath(), $this->rootDir);
+            $mapper[$file->getBasename('.html5')] = Path::makeRelative($file->getPath(), $this->projectDir);
         }
 
         $this->filesystem->dumpFile(

core-bundle/src/Command/AutomatorCommand.php

@@ -28,6 +28,8 @@
  */
 class AutomatorCommand extends Command
 {
+    protected static $defaultName = 'contao:automator';
+
     /**
      * @var array
      */
@@ -48,7 +50,6 @@ public function __construct(ContaoFramework $framework)
     protected function configure(): void
     {
         $this
-            ->setName('contao:automator')
             ->addArgument('task', InputArgument::OPTIONAL, "The name of the task:\n  - ".implode("\n  - ", $this->getCommands()))
             ->setDescription('Runs automator tasks on the command line.')
         ;