Merge branch 'pimcore:10.5' into 10.5

bundles/AdminBundle/Controller/Admin/DataObject/ClassificationstoreController.php

@@ -366,7 +366,7 @@ public function collectionsAction(Request $request): JsonResponse
 
             $config->save();
 
-            return $this->adminJson(['success' => true, 'data' => $config]);
+            return $this->adminJson(['success' => true, 'data' => $this->getConfigItem($config)]);
         }
 
         return $this->adminJson(['success' => false]);
@@ -528,7 +528,7 @@ public function groupsAction(Request $request): JsonResponse
 
             $config->save();
 
-            return $this->adminJson(['success' => true, 'data' => $config]);
+            return $this->adminJson(['success' => true, 'data' => $this->getConfigItem($config)]);
         }
 
         return $this->adminJson(['success' => false]);
@@ -1322,7 +1322,7 @@ public function propertiesGetAction(Request $request): JsonResponse
 
         $data = [];
         foreach ($configList as $config) {
-            $item = $this->getConfigItem($config);
+            $item = $this->getKeyConfigItem($config);
             $data[] = $item;
         }
         $rootElement['data'] = $data;
@@ -1358,40 +1358,25 @@ public function propertiesAction(Request $request): JsonResponse
             }
 
             $config->save();
-            $item = $this->getConfigItem($config);
+            $item = $this->getKeyConfigItem($config);
 
             return $this->adminJson(['success' => true, 'data' => $item]);
         }
 
         return $this->adminJson(['success' => false]);
     }
 
-    /**
-     * @param Classificationstore\KeyConfig $config
-     *
-     * @return array
-     */
-    protected function getConfigItem($config): array
+    protected function getConfigItem(Classificationstore\KeyConfig|Classificationstore\CollectionConfig|Classificationstore\GroupConfig $config): array
     {
         $name = $config->getName();
 
-        $groupDescription = null;
         $item = [
             'storeId' => $config->getStoreId(),
             'id' => $config->getId(),
             'name' => $name,
             'description' => $config->getDescription(),
-            'type' => $config->getType() ? $config->getType() : 'input',
-            'definition' => $config->getDefinition(),
         ];
 
-        if ($config->getDefinition()) {
-            $definition = json_decode($config->getDefinition(), true);
-            if ($definition) {
-                $item['title'] = $definition['title'];
-            }
-        }
-
         if ($config->getCreationDate()) {
             $item['creationDate'] = $config->getCreationDate();
         }
@@ -1403,6 +1388,23 @@ protected function getConfigItem($config): array
         return $item;
     }
 
+    protected function getKeyConfigItem(Classificationstore\KeyConfig $config): array
+    {
+        $item = $this->getConfigItem($config);
+        $item['type'] = $config->getType() ? $config->getType() : 'input';
+        $definition = $config->getDefinition();
+        $item['definition'] = $definition;
+
+        if ($definition) {
+            $definition = json_decode($definition, true);
+            if ($definition) {
+                $item['title'] = $definition['title'];
+            }
+        }
+
+        return $item;
+    }
+
     /**
      * @Route("/add-property", name="addproperty", methods={"POST"})
      *

bundles/AdminBundle/Controller/Admin/DataObject/DataObjectController.php

@@ -569,10 +569,12 @@ static function (Task $task) {
 
             DataObject\Service::removeElementFromSession('object', $object->getId());
 
-            $layoutArray = json_decode($this->encodeJson($data['layout']), true);
-            $this->classFieldDefinitions = json_decode($this->encodeJson($object->getClass()->getFieldDefinitions()), true);
-            $this->injectValuesForCustomLayout($layoutArray);
-            $data['layout'] = $layoutArray;
+            if ($data['layout'] ?? false) {
+                $layoutArray = json_decode($this->encodeJson($data['layout']), true);
+                $this->classFieldDefinitions = json_decode($this->encodeJson($object->getClass()->getFieldDefinitions()), true);
+                $this->injectValuesForCustomLayout($layoutArray);
+                $data['layout'] = $layoutArray;
+            }
 
             return $this->adminJson($data);
         }
@@ -1289,7 +1291,11 @@ protected function updateIndexesOfObjectSiblings(DataObject\AbstractObject $upda
                         DataObject::OBJECT_TYPE_VARIANT,
                         DataObject::OBJECT_TYPE_FOLDER,
                     ]
-                ).'\') ORDER BY o_index LIMIT '. $updatedObject->getParent()->getChildAmount() .')
+                ).'\') ORDER BY o_index LIMIT '. $updatedObject->getParent()->getChildAmount([
+                            DataObject::OBJECT_TYPE_OBJECT,
+                            DataObject::OBJECT_TYPE_VARIANT,
+                            DataObject::OBJECT_TYPE_FOLDER,
+                        ]) .')
                             SELECT @n := IF(@n = ? - 1,@n + 2,@n + 1) AS newIndex, o_id
                             FROM cte,
                             (SELECT @n := -1) variable

bundles/AdminBundle/Controller/Admin/DataObject/DataObjectHelperController.php

@@ -1532,7 +1532,7 @@ protected function csvObjectData($object)
     }
 
     /**
-     * @Route("/get-batch-jobs", name="getbatchjobs", methods={"GET"})
+     * @Route("/get-batch-jobs", name="getbatchjobs", methods={"POST"})
      *
      * @param Request $request
      *
@@ -1641,6 +1641,12 @@ public function batchAction(Request $request)
                     } elseif (count($parts) > 1) {
                         // check for bricks
                         $brickType = $parts[0];
+
+                        if (strpos($brickType, '?') !== false) {
+                            $brickDescriptor = substr($brickType, 1);
+                            $brickDescriptor = json_decode($brickDescriptor, true);
+                            $brickType = $brickDescriptor['containerKey'];
+                        }
                         $brickKey = $parts[1];
                         $brickField = DataObject\Service::getFieldForBrickType($object->getClass(), $brickType);
 

bundles/AdminBundle/Controller/Admin/LogController.php

@@ -73,20 +73,9 @@ public function showAction(Request $request, Connection $db)
         }
 
         $priority = $request->get('priority');
-        if ($priority !== '-1' && ($priority == '0' || $priority)) {
-            $levels = [];
-
-            // add every level until the filtered one
-            foreach (['emergency', 'alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'] as $level) {
-                $levels[] = $level;
-
-                if ($priority === $level) {
-                    break;
-                }
-            }
-
-            $qb->andWhere($qb->expr()->in('priority', ':priority'));
-            $qb->setParameter('priority', $levels, Connection::PARAM_STR_ARRAY);
+        if(!empty($priority)) {
+            $qb->andWhere($qb->expr()->eq('priority', ':priority'));
+            $qb->setParameter('priority', $priority);
         }
 
         if ($fromDate = $this->parseDateObject($request->get('fromDate'), $request->get('fromTime'))) {
@@ -189,7 +178,7 @@ private function parseDateObject($date = null, $time = null)
      */
     public function priorityJsonAction(Request $request)
     {
-        $priorities[] = ['key' => '-1', 'value' => '-'];
+        $priorities[] = ['key' => '', 'value' => '-'];
         foreach (ApplicationLoggerDb::getPriorities() as $key => $p) {
             $priorities[] = ['key' => $key, 'value' => $p];
         }

bundles/AdminBundle/Controller/Admin/LoginController.php

@@ -53,6 +53,7 @@ class LoginController extends AdminController implements BruteforceProtectedCont
 {
     public function __construct(
         protected ResponseHelper $responseHelper,
+        protected EventDispatcherInterface $eventDispatcher,
     ) {
     }
 
@@ -94,8 +95,14 @@ public function onKernelResponseEvent(ResponseEvent $event)
      */
     public function loginAction(Request $request, CsrfProtectionHandler $csrfProtection, Config $config)
     {
+        $queryParams = $request->query->all();
         if ($request->get('_route') === 'pimcore_admin_login_fallback') {
-            return $this->redirectToRoute('pimcore_admin_login', $request->query->all(), Response::HTTP_MOVED_PERMANENTLY);
+            return $this->redirectToRoute('pimcore_admin_login', $queryParams, Response::HTTP_MOVED_PERMANENTLY);
+        }
+
+        $redirectUrl = $this->dispatchLoginRedirect($queryParams);
+        if ($this->generateUrl('pimcore_admin_login', $queryParams) != $redirectUrl) {
+            return new RedirectResponse($redirectUrl);
         }
 
         $csrfProtection->regenerateCsrfToken();
@@ -172,7 +179,7 @@ public function loginCheckAction()
     /**
      * @Route("/login/lostpassword", name="pimcore_admin_login_lostpassword")
      */
-    public function lostpasswordAction(Request $request, ?BruteforceProtectionHandler $bruteforceProtectionHandler, CsrfProtectionHandler $csrfProtection, Config $config, EventDispatcherInterface $eventDispatcher, RateLimiterFactory $resetPasswordLimiter)
+    public function lostpasswordAction(Request $request, ?BruteforceProtectionHandler $bruteforceProtectionHandler, CsrfProtectionHandler $csrfProtection, Config $config, RateLimiterFactory $resetPasswordLimiter)
     {
         $params = $this->buildLoginPageViewParams($config);
         $error = null;
@@ -220,7 +227,7 @@ public function lostpasswordAction(Request $request, ?BruteforceProtectionHandle
 
                 try {
                     $event = new LostPasswordEvent($user, $loginUrl);
-                    $eventDispatcher->dispatch($event, AdminEvents::LOGIN_LOSTPASSWORD);
+                    $this->eventDispatcher->dispatch($event, AdminEvents::LOGIN_LOSTPASSWORD);
 
                     // only send mail if it wasn't prevented in event
                     if ($event->getSendMail()) {
@@ -261,7 +268,7 @@ public function lostpasswordAction(Request $request, ?BruteforceProtectionHandle
     /**
      * @Route("/login/deeplink", name="pimcore_admin_login_deeplink")
      */
-    public function deeplinkAction(Request $request, EventDispatcherInterface $eventDispatcher)
+    public function deeplinkAction(Request $request)
     {
         // check for deeplink
         $queryString = $_SERVER['QUERY_STRING'];
@@ -271,26 +278,22 @@ public function deeplinkAction(Request $request, EventDispatcherInterface $event
             $perspective = strip_tags($request->get('perspective', ''));
 
             if (strpos($queryString, 'token')) {
-                $event = new LoginRedirectEvent('pimcore_admin_login', [
+                $url = $this->dispatchLoginRedirect([
                     'deeplink' => $deeplink,
                     'perspective' => $perspective,
                 ]);
-                $eventDispatcher->dispatch($event, AdminEvents::LOGIN_REDIRECT);
-
-                $url = $this->generateUrl($event->getRouteName(), $event->getRouteParams());
                 $url .= '&' . $queryString;
 
                 return $this->redirect($url);
             } elseif ($queryString) {
-                $event = new LoginRedirectEvent('pimcore_admin_login', [
+                $url = $this->dispatchLoginRedirect([
                     'deeplink' => 'true',
                     'perspective' => $perspective,
                 ]);
-                $eventDispatcher->dispatch($event, AdminEvents::LOGIN_REDIRECT);
 
                 return $this->render('@PimcoreAdmin/Admin/Login/deeplink.html.twig', [
                     'tab' => $deeplink,
-                    'redirect' => $this->generateUrl($event->getRouteName(), $event->getRouteParams()),
+                    'redirect' => $url,
                 ]);
             }
         }
@@ -364,4 +367,12 @@ public function detectBrowser()
 
         return $supported;
     }
+
+    private function dispatchLoginRedirect(array $routeParams = []): string
+    {
+        $event = new LoginRedirectEvent('pimcore_admin_login', $routeParams);
+        $this->eventDispatcher->dispatch($event, AdminEvents::LOGIN_REDIRECT);
+
+        return $this->generateUrl($event->getRouteName(), $event->getRouteParams());
+    }
 }

bundles/AdminBundle/Controller/Admin/TranslationController.php

@@ -1172,8 +1172,7 @@ public function wordExportAction(Request $request)
                     fclose($f);
                 }
             } catch (\Exception $e) {
-                Logger::error('Word Export: ' . $e->getMessage());
-                Logger::error((string) $e);
+                Logger::error('Word Export: ' . $e);
 
                 throw $e;
             }

bundles/AdminBundle/Controller/Admin/UserController.php

@@ -287,12 +287,13 @@ public function deleteAction(Request $request)
     public function updateAction(Request $request)
     {
         $user = User\UserRole::getById((int)$request->get('id'));
+        $currentUserIsAdmin = $this->getAdminUser()->isAdmin();
 
         if (!$user) {
             throw $this->createNotFoundException();
         }
 
-        if ($user instanceof User && $user->isAdmin() && !$this->getAdminUser()->isAdmin()) {
+        if ($user instanceof User && $user->isAdmin() && !$currentUserIsAdmin) {
             throw $this->createAccessDeniedHttpException('Only admin users are allowed to modify admin users');
         }
 
@@ -325,7 +326,7 @@ public function updateAction(Request $request)
 
             // only admins are allowed to create admin users
             // if the logged in user isn't an admin, set admin always to false
-            if ($user instanceof User && !$this->getAdminUser()->isAdmin()) {
+            if ($user instanceof User && !$currentUserIsAdmin) {
                 $user->setAdmin(false);
             }
 

bundles/AdminBundle/Helper/GridHelperService.php

@@ -24,6 +24,7 @@
 use PhpOffice\PhpSpreadsheet\Writer\Exception;
 use PhpOffice\PhpSpreadsheet\Writer\Xlsx;
 use Pimcore\Db;
+use Pimcore\File;
 use Pimcore\Logger;
 use Pimcore\Model;
 use Pimcore\Model\DataObject;
@@ -859,10 +860,22 @@ public function createXlsxExportFile(FilesystemOperator $storage, string $fileHa
         $csvReader->setSheetIndex(0);
 
         $csvStream= $storage->readStream($csvFile);
-        $tempMetaData = stream_get_meta_data($csvStream);
-        //TODO: use this method and storage->read() to avoid the extra temp file, is not available in the current version. See: https://github.com/PHPOffice/PhpSpreadsheet/pull/2792
-        //$spreadsheet = $csvReader->loadSpreadsheetFromString($storage->read($csvFile));
-        $spreadsheet = $csvReader->load($tempMetaData['uri']);
+        if (stream_is_local($csvStream)) {
+            $tempMetaData = stream_get_meta_data($csvStream);
+            $spreadsheet = $csvReader->load($tempMetaData['uri']);
+        } else {
+            $tmpFilePath = File::getLocalTempFilePath('xlsx', false);
+            $dest = fopen($tmpFilePath, 'wb', false, File::getContext());
+            if (!$dest) {
+                throw new \Exception(sprintf('Unable to create temporary file in %s', $tmpFilePath));
+            }
+
+            stream_copy_to_stream($csvStream, $dest);
+            fclose($dest);
+
+            $spreadsheet = $csvReader->load($tmpFilePath);
+        }
+
         $writer = new Xlsx($spreadsheet);
         $xlsxFilename = PIMCORE_SYSTEM_TEMP_DIRECTORY. '/' .$fileHandle. '.xlsx';
         $writer->save($xlsxFilename);

bundles/AdminBundle/Resources/public/css/admin.css

@@ -1185,6 +1185,7 @@ span.warning {
     position:relative;
     padding: 10px;
     min-height: 80px;
+    height: 100%;
     font: normal 12px tahoma, arial, helvetica, sans-serif;
     background-color: #fff;
 }

bundles/AdminBundle/Resources/public/js/pimcore/document/editables/link.js

@@ -108,7 +108,7 @@ pimcore.document.editables.link = Class.create(pimcore.document.editable, {
                 displayHtml += this.config.textSuffix;
             }
 
-            return '<a href="' + fullpath + '" class="' + this.config["class"] + ' ' + this.data["class"] + '">' + displayHtml + '</a>';
+            return '<a href="' + fullpath + '" class="' + this.config["class"] + ' ' + Ext.util.Format.htmlEncode(this.data["class"]) + '">' + displayHtml + '</a>';
         }
         return text;
     },