Merge pull request #13194 from jeabakker/upmerge-3.3.4

Upmerge 3.3.4 into master
Elgg · Apr 29, 2020 · 6237eb4 · 6237eb4
2 parents b94190a + 9251d34
commit 6237eb4
Show file tree

Hide file tree

Showing 23 changed files with 45 additions and 26 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,20 @@
+<a name="3.3.4"></a>
+### 3.3.4  (2020-04-24)
+
+#### Contributors
+
+* Jerôme Bakker (4)
+* Jeroen Dalsem (1)
+
+#### Bug Fixes
+
+* **core:**
+  * use correct input for password reset ([5ceaed52](https://github.com/Elgg/Elgg/commit/5ceaed5210b2270f234c74c44a30df824162eba1))
+  * log exceptions by default ([3d085449](https://github.com/Elgg/Elgg/commit/3d0854490bd7e1a20e6a1ab72dc04bf5822ae692))
+* **developers:** remove entity button in explorer now works ([fed4809a](https://github.com/Elgg/Elgg/commit/fed4809ac389eab149bf4dc3f2ed2bde052367d6))
+* **logger:** correctly support legacy value 'OFF' ([df80433c](https://github.com/Elgg/Elgg/commit/df80433c6a6f64066ad7dcb5b4b002bdf3be7fc0))
+
+
 <a name="3.3.3"></a>
 ### 3.3.3  (2020-03-27)
 

diff --git a/actions/user/changepassword.php b/actions/user/changepassword.php
@@ -6,8 +6,8 @@
 use Elgg\Exceptions\Configuration\RegistrationException;
 use Elgg\Exceptions\LoginException;
 
-$password = get_input('password1');
-$password_repeat = get_input('password2');
+$password = get_input('password1', null, false);
+$password_repeat = get_input('password2', null, false);
 $user_guid = (int) get_input('u');
 $code = get_input('c');
 
@@ -17,7 +17,7 @@
 	return elgg_error_response($e->getMessage());
 }
 
-if ($password != $password_repeat) {
+if ($password !== $password_repeat) {
 	return elgg_error_response(elgg_echo('RegistrationException:PasswordMismatch'));
 }
 

diff --git a/composer.json b/composer.json
@@ -1,6 +1,6 @@
 {
     "name": "elgg/elgg",
-    "version": "3.3.3",
+    "version": "3.3.4",
     "description": "Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications.",
     "license": "GPL-2.0-only",
     "minimum-stability": "dev",

diff --git a/composer.lock b/composer.lock
diff --git a/docs/guides/actions.rst b/docs/guides/actions.rst
@@ -608,7 +608,7 @@ In rare cases, you may need to generate tokens manually:
 
 .. code-block:: php
 
-   $__elgg_ts = time();
+   $__elgg_ts = elgg()->csrf->getCurrentTime()->getTimestamp();
    $__elgg_token = elgg()->csrf->generateActionToken($__elgg_ts);
 
 You can also access the tokens from javascript:

diff --git a/docs/locale/pot/about.pot b/docs/locale/pot/about.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Elgg master\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-03-27 11:49+0100\n"
+"POT-Creation-Date: 2020-04-24 13:13+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

diff --git a/docs/locale/pot/admin.pot b/docs/locale/pot/admin.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Elgg master\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-03-27 11:49+0100\n"
+"POT-Creation-Date: 2020-04-24 13:13+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

diff --git a/docs/locale/pot/appendix.pot b/docs/locale/pot/appendix.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Elgg master\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-03-27 11:49+0100\n"
+"POT-Creation-Date: 2020-04-24 13:13+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

diff --git a/docs/locale/pot/contribute.pot b/docs/locale/pot/contribute.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Elgg master\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-03-27 11:49+0100\n"
+"POT-Creation-Date: 2020-04-24 13:13+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

diff --git a/docs/locale/pot/design.pot b/docs/locale/pot/design.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Elgg master\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-03-27 11:49+0100\n"
+"POT-Creation-Date: 2020-04-24 13:13+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

diff --git a/docs/locale/pot/guides.pot b/docs/locale/pot/guides.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Elgg master\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-03-27 11:49+0100\n"
+"POT-Creation-Date: 2020-04-24 13:13+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

diff --git a/docs/locale/pot/index.pot b/docs/locale/pot/index.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Elgg master\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-03-27 11:49+0100\n"
+"POT-Creation-Date: 2020-04-24 13:13+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

diff --git a/docs/locale/pot/intro.pot b/docs/locale/pot/intro.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Elgg master\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-03-27 11:49+0100\n"
+"POT-Creation-Date: 2020-04-24 13:13+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

diff --git a/docs/locale/pot/plugins.pot b/docs/locale/pot/plugins.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Elgg master\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-03-27 11:49+0100\n"
+"POT-Creation-Date: 2020-04-24 13:13+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

diff --git a/docs/locale/pot/tutorials.pot b/docs/locale/pot/tutorials.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Elgg master\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-03-27 11:49+0100\n"
+"POT-Creation-Date: 2020-04-24 13:13+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

diff --git a/engine/classes/Elgg/BootService.php b/engine/classes/Elgg/BootService.php
@@ -6,6 +6,7 @@
 use Elgg\Debug\Profilable;
 use Elgg\Di\ServiceProvider;
 use ElggCache;
+use Psr\Log\LogLevel;
 
 /**
  * Boots Elgg and manages a cache of data needed during boot
@@ -110,7 +111,7 @@ public function boot(ServiceProvider $services) {
 		$services->plugins->setBootPlugins($data->getActivePlugins(), false);
 
 		// use value in settings.php if available
-		$debug = $config->hasInitialValue('debug') ? $config->getInitialValue('debug') : $config->debug;
+		$debug = $config->hasInitialValue('debug') ? $config->getInitialValue('debug') : ($config->debug ?: LogLevel::CRITICAL);
 		$services->logger->setLevel($debug);
 
 		if ($config->system_cache_enabled) {

diff --git a/engine/classes/Elgg/Controllers/RefreshCsrfToken.php b/engine/classes/Elgg/Controllers/RefreshCsrfToken.php
@@ -2,7 +2,6 @@
 
 namespace Elgg\Controllers;
 
-use Elgg\TimeUsing;
 use Symfony\Component\HttpFoundation\Response;
 
 /**
@@ -12,8 +11,6 @@
  */
 class RefreshCsrfToken {
 
-	use TimeUsing;
-
 	/**
 	 * Send an updated CSRF token, provided the page's current tokens were not fake.
 	 *
@@ -38,7 +35,7 @@ public function __invoke(\Elgg\Http\Request $request) {
 			}
 		}
 
-		$ts = $this->getCurrentTime()->getTimestamp();
+		$ts = _elgg_services()->csrf->getCurrentTime()->getTimestamp();
 		$token = _elgg_services()->csrf->generateActionToken($ts);
 
 		$data = [

diff --git a/engine/classes/Elgg/Logger.php b/engine/classes/Elgg/Logger.php
@@ -144,6 +144,10 @@ protected function normalizeLevel($level = null) {
 
 		if (array_key_exists($level, self::$legacy_levels)) {
 			$level = self::$legacy_levels[$level];
+			if ($level === false) {
+				// can't array_key_exists for false
+				return 0;
+			}
 		}
 
 		if (array_key_exists($level, self::$elgg_levels)) {

diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
@@ -689,7 +689,7 @@ function elgg_add_action_tokens_to_url($url, $html_encode = false) {
 	}
 
 	// append action tokens to the existing query
-	$query['__elgg_ts'] = time();
+	$query['__elgg_ts'] = elgg()->csrf->getCurrentTime()->getTimestamp();
 	$query['__elgg_token'] = elgg()->csrf->generateActionToken($query['__elgg_ts']);
 	$components['query'] = http_build_query($query);
 

diff --git a/engine/lib/views.php b/engine/lib/views.php
@@ -1634,7 +1634,7 @@ function _elgg_get_js_page_data() {
 		],
 		'security' => [
 			'token' => [
-				'__elgg_ts' => $ts = time(),
+				'__elgg_ts' => $ts = elgg()->csrf->getCurrentTime()->getTimestamp(),
 				'__elgg_token' => elgg()->csrf->generateActionToken($ts),
 			],
 		],

diff --git a/engine/tests/classes/Elgg/Testing.php b/engine/tests/classes/Elgg/Testing.php
@@ -49,7 +49,7 @@ public static function prepareHttpRequest($uri = '', $method = 'GET', $parameter
 		$path = '/' . ltrim(substr(elgg_normalize_url($uri), strlen($site_url)), '/');
 
 		if ($add_csrf_tokens) {
-			$ts = time();
+			$ts = _elgg_services()->csrf->getCurrentTime()->getTimestamp();
 			$parameters['__elgg_ts'] = $ts;
 			$parameters['__elgg_token'] = _elgg_services()->csrf->generateActionToken($ts);
 		}

diff --git a/engine/tests/phpunit/unit/Elgg/ActionsServiceUnitTest.php b/engine/tests/phpunit/unit/Elgg/ActionsServiceUnitTest.php
@@ -74,7 +74,7 @@ function createService(Request $request) {
 	}
 
 	function addCsrfTokens(Request $request) {
-		$ts = time();
+		$ts = _elgg_services()->csrf->getCurrentTime()->getTimestamp();
 		$request->query->set('__elgg_ts', $ts);
 		$request->query->set('__elgg_token', _elgg_services()->csrf->generateActionToken($ts));
 	}

diff --git a/views/default/input/securitytoken.php b/views/default/input/securitytoken.php
@@ -5,7 +5,7 @@
  * It is still recommended that you use input/form.
  */
 
-$ts = time();
+$ts = elgg()->csrf->getCurrentTime()->getTimestamp();
 $token = elgg()->csrf->generateActionToken($ts);
 
 echo elgg_view('input/hidden', ['name' => '__elgg_token', 'value' => $token]);