Skip to content

Commit

Permalink
Merge pull request #4236 from ExpressionEngine/7.dev
Browse files Browse the repository at this point in the history 
ExpressionEngine 7.4.7
  • Loading branch information
@matthewjohns0n
matthewjohns0n committed Apr 15, 2024
2 parents 7482a67 + df16989 commit f2cfad6
Show file tree
Hide file tree
Showing 45 changed files with 583 additions and 112 deletions.
2 changes: 1 addition & 1 deletion build-tools/build.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"tag": "7.4.6",
"tag": "7.4.7",

"repositories": {
"app": "git@github.com:ExpressionEngine/ExpressionEngine",
Expand Down
3 changes: 2 additions & 1 deletion system/ee/ExpressionEngine/Addons/file/views/publish.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,8 @@
'createNewDirectory' => false,
'ignoreChild' => false,
'addInput' => false,
'imitationButton' => false
'imitationButton' => false,
'allowMultipleFiles' => false,
];
?>

Expand Down
1 change: 1 addition & 0 deletions system/ee/ExpressionEngine/Addons/grid/views/file_grid.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
'allowedDirectory' => $allowed_directory,
'contentType' => $content_type,
'maxRows' => $grid_max_rows,
'allowMultipleFiles' => true,
];
?>

Expand Down
55 changes: 30 additions & 25 deletions system/ee/ExpressionEngine/Addons/member/ft.member.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -309,35 +309,40 @@ private function _buildOption($member)
*/
public function pre_process($data)
{
if (! ee('LivePreview')->hasEntryData()) {
$data = [];
$wheres = array(
'parent_id' => $this->row['entry_id'],
'field_id' => $this->field_id,
'grid_col_id' => 0,
'grid_field_id' => 0,
'grid_row_id' => 0,
'fluid_field_data_id' => (isset($this->settings['fluid_field_data_id'])) ? $this->settings['fluid_field_data_id'] : 0
);
// Determine if this is a LivePreview request
// We need to flip the data from Live Preview so we have member_id => order
if(ee('LivePreview')->forEntryId($this->row['entry_id'])) {
return array_flip($data['data'] ?? []);
}

if (isset($this->settings['grid_row_id'])) {
$wheres['grid_col_id'] = $this->settings['col_id'];
$wheres['grid_field_id'] = $this->settings['grid_field_id'];
$wheres['grid_row_id'] = $this->settings['grid_row_id'];
}
$data = [];
$wheres = array(
'parent_id' => $this->row['entry_id'],
'field_id' => $this->field_id,
'grid_col_id' => 0,
'grid_field_id' => 0,
'grid_row_id' => 0,
'fluid_field_data_id' => (isset($this->settings['fluid_field_data_id'])) ? $this->settings['fluid_field_data_id'] : 0
);

ee()->db
->select('child_id, order')
->from($this->_table)
->where($wheres)
->order_by('order', 'asc');
if (isset($this->settings['grid_row_id'])) {
$wheres['grid_col_id'] = $this->settings['col_id'];
$wheres['grid_field_id'] = $this->settings['grid_field_id'];
$wheres['grid_row_id'] = $this->settings['grid_row_id'];
}

$related = ee()->db->get()->result_array();
ee()->db
->select('child_id, order')
->from($this->_table)
->where($wheres)
->order_by('order', 'asc');

foreach ($related as $row) {
$data[$row['child_id']] = $row['order'];
}
$related = ee()->db->get()->result_array();

foreach ($related as $row) {
$data[$row['child_id']] = $row['order'];
}

return $data;
}

Expand Down Expand Up @@ -430,7 +435,7 @@ public function replace_length($data, $params = array(), $tagdata = false)
*/
public function replace_total_rows($data, $params = '', $tagdata = '')
{
return count($data);
return (is_array($data) || $data instanceof \Countable) ? count($data) : 0;
}

/**
Expand Down
2 changes: 1 addition & 1 deletion system/ee/ExpressionEngine/Addons/member/mod.member_images.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ public function edit_avatar()
->where('member_id', (int) ee()->session->userdata('member_id'))
->get('members');

if ($query->row('avatar_filename') == '') {
if (empty($query->row('avatar_filename'))) {
$template = $this->_deny_if('avatar', $template);
$template = $this->_allow_if('no_avatar', $template);

Expand Down
42 changes: 31 additions & 11 deletions system/ee/ExpressionEngine/Addons/member/mod.member_register.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -666,15 +666,8 @@ public function register_member()
$message = lang('mbr_membership_instructions_email');
} elseif (ee()->config->item('req_mbr_activation') == 'manual') {
$message = lang('mbr_admin_will_activate');
} else {
// Log user in (the extra query is a little annoying)
ee()->load->library('auth');
$member_data_q = ee()->db->get_where('members', array('member_id' => $member_id));

$incoming = new Auth_result($member_data_q->row());
$incoming->remember_me();
$incoming->start_session();

} elseif (ee()->config->item('registration_auto_login') === 'y' || ee()->config->item('registration_auto_login') === false) {
$this->startMemberSession($member_id);
$message = lang('mbr_your_are_logged_in');
}

Expand Down Expand Up @@ -805,19 +798,46 @@ public function activate_member()
//
// -------------------------------------------

// Upate Stats
$loginStateMessage = lang('mbr_may_now_log_in');

if (bool_config_item('activation_auto_login')) {
$this->startMemberSession($member->getId());
$loginStateMessage = lang('mbr_your_are_logged_in');
}

if (!empty(ee()->config->item('activation_redirect'))) {
return ee()->functions->redirect(ee()->functions->create_url(ee()->config->item('activation_redirect')));
}

// Upate Stats
ee()->stats->update_member_stats();

// Show success message
$data = array('title' => lang('mbr_activation'),
'heading' => lang('thank_you'),
'content' => lang('mbr_activation_success') . "\n\n" . lang('mbr_may_now_log_in'),
'content' => lang('mbr_activation_success') . "\n\n" . $loginStateMessage,
'link' => array($return, $site_name)
);

ee()->output->show_message($data);
}

/**
* Helper function to authenticate and start a session for a newly activated Member
*
* @param int $member_id
* @return void
*/
private function startMemberSession($member_id)
{
// Log user in (the extra query is a little annoying)
ee()->load->library('auth');
$member_data_q = ee()->db->get_where('members', array('member_id' => $member_id));

$incoming = new Auth_result($member_data_q->row());
$incoming->remember_me();
$incoming->start_session();
}
}
// END CLASS

Expand Down
15 changes: 8 additions & 7 deletions system/ee/ExpressionEngine/Addons/member/mod.member_settings.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1070,12 +1070,12 @@ public function update_profile()

// username & password
$need_validation = false;
if (ee()->config->item('allow_username_change') == 'y' && ee()->input->post('username') != '') {
if (ee()->config->item('allow_username_change') == 'y' && ee()->input->post('username') != '' && ee()->input->post('username') !== $member->username) {
$member->username = ee()->input->post('username');
$need_validation = true;
}

if (ee()->input->post('screen_name') != '') {
if (ee()->input->post('screen_name') != '' && ee()->input->post('screen_name') !== $member->screen_name) {
$need_validation = true;
$member->screen_name = ee()->input->post('screen_name');
}
Expand All @@ -1098,12 +1098,13 @@ public function update_profile()

$result = $member->validate();

if (ee()->input->post('password')) {
$password_confirm = $validator->validate($_POST);
// Extra validation is sometimes required outside of the Member model validation
// Add any failures from this validation to the Member model result object
if (isset($validator)) {
$validatorResult = $validator->validate($_POST);

// Add password confirmation failure to main result object
if ($password_confirm->failed()) {
$rules = $password_confirm->getFailed();
if ($validatorResult->failed()) {
$rules = $validatorResult->getFailed();
foreach ($rules as $field => $rule) {
$result->addFailed($field, $rule[0]);
}
Expand Down
56 changes: 37 additions & 19 deletions system/ee/ExpressionEngine/Addons/pro/Controller/Members/Profile/Mfa.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ public function __construct()
$id = ee()->session->userdata['member_id'];
}

if ($id != ee()->session->userdata['member_id']) {
if ($id != ee()->session->userdata['member_id'] && !ee('Permission')->isSuperAdmin()) {
show_error(lang('unauthorized_access'), 403);
}

Expand Down Expand Up @@ -86,8 +86,7 @@ public function mfa()
if (ee('Request')->isPost() && (ee()->form_validation->run() !== false || empty($rules))) {
$sessions = ee('Model')
->get('Session')
->filter('member_id', ee()->session->userdata('member_id'))
->filter('fingerprint', ee()->session->userdata('fingerprint'))
->filter('member_id', $this->member->member_id)
->all();
if (!empty($_POST['mfa_code'])) {
$validated = ee('pro:Mfa')->validateOtp(ee('Security/XSS')->clean(ee('Request')->post('mfa_code')), ee()->session->userdata('unique_id') . md5(ee('Security/XSS')->clean(ee('Request')->post('backup_mfa_code'))));
Expand All @@ -97,6 +96,12 @@ public function mfa()
->withTitle(lang('mfa_wrong_code'))
->addToBody(lang('mfa_wrong_code_desc'))
->now();
} elseif (ee()->session->userdata('member_id') != $this->member->member_id) {
ee('CP/Alert')->makeInline('shared-form')
->asIssue()
->withTitle(lang('unauthorized_access'))
->addToBody(lang('mfa_wrong_user_desc'))
->now();
} else {
$this->member->enable_mfa = true;
$this->member->backup_mfa_code = md5(ee('Security/XSS')->clean(ee('Request')->post('backup_mfa_code')));
Expand Down Expand Up @@ -136,24 +141,37 @@ public function mfa()
->now();
}

$vars['sections'] = array(
array(
$vars['sections'] = [];
if (ee()->session->userdata('member_id') == $this->member->member_id || $this->member->enable_mfa === true) {
$vars['sections'] = array(
array(
'title' => 'enable_mfa',
'fields' => array(
'enable_mfa' => array(
'type' => 'yes_no',
'disabled' => version_compare(PHP_VERSION, 7.1, '<'),
'value' => $this->member->enable_mfa,
'group_toggle' => array(
'n' => 'password',
'y' => 'qr_code'
array(
'title' => 'enable_mfa',
'fields' => array(
'enable_mfa' => array(
'type' => 'yes_no',
'disabled' => version_compare(PHP_VERSION, 7.1, '<'),
'value' => $this->member->enable_mfa,
'group_toggle' => array(
'n' => 'password',
'y' => 'qr_code'
)
)
)
)
),
)
);
),
)
);
} else {
$vars['sections'] = array_merge($vars['sections'], [
[
ee('CP/Alert')->makeInline('mfa_not_available')
->asWarning()
->addToBody(lang('mfa_wrong_user_desc'))
->cannotClose()
->render()
]
]);
}

if (version_compare(PHP_VERSION, 7.1, '<')) {
ee()->lang->load('addons');
Expand All @@ -172,7 +190,7 @@ public function mfa()
]);
}

if (version_compare(PHP_VERSION, 7.1, '>=') && $this->member->enable_mfa === false) {
if (version_compare(PHP_VERSION, 7.1, '>=') && $this->member->enable_mfa === false && ee()->session->userdata('member_id') == $this->member->member_id) {
$vars['sections'][0] = array_merge($vars['sections'][0], array(
array(
'title' => 'mfa_qr_code',
Expand Down
2 changes: 1 addition & 1 deletion system/ee/ExpressionEngine/Boot/boot.common.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -669,7 +669,7 @@ function array_key_first(array $arr)
* Polyfill for missing tmpfile()
* https://www.php.net/manual/en/function.tmpfile.php
*/
if (!function_exists('tmpfile')) {
if (!function_exists('tmpfile') && version_compare(PHP_VERSION, '8', '>=')) {
function tmpfile()
{
return \ExpressionEngine\Library\Filesystem\TempFileFactory::fallback();
Expand Down
11 changes: 11 additions & 0 deletions system/ee/ExpressionEngine/Controller/Fields/Fields.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -437,6 +437,7 @@ public function edit($id)
if ($_POST['field_label'] == $field->field_label) {
$_POST['field_label'] = lang('copy_of') . ' ' . $_POST['field_label'];
}

return $this->create(!empty($active_groups) ? $active_groups[0] : null);
}

Expand Down Expand Up @@ -824,6 +825,16 @@ private function form(ChannelField $field = null)

try {
$field_options = $dummy_field->getSettingsForm();
// When fieldtype settings contain fields with their own group toggles
// we need to loop through them and append the fieldtype group name
foreach ($field_options as &$option) {
foreach ($option['settings'] ?? [] as $key => $setting) {
if (isset($setting['group']) && isset($option['group'])) {
$option['settings'][$key]['group'] = $option['group'] . '|' . $setting['group'];
}
}
}

if (is_array($field_options) && ! empty($field_options)) {
$sections = array_merge($sections, $field_options);
}
Expand Down
2 changes: 1 addition & 1 deletion system/ee/ExpressionEngine/Controller/Members/Profile/Profile.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ protected function generateSidebar($active = null)
$list->addItem(lang('email_settings'), ee('CP/URL')->make('members/profile/email', $this->query_string));
$list->addItem(lang('auth_settings'), ee('CP/URL')->make('members/profile/auth', $this->query_string));

if ($this->member->member_id == ee()->session->userdata['member_id'] && ee('pro:Access')->hasRequiredLicense() && (ee()->config->item('enable_mfa') === false || ee()->config->item('enable_mfa') === 'y')) {
if ((ee('Permission')->isSuperAdmin() || $this->member->member_id == ee()->session->userdata['member_id']) && ee('pro:Access')->hasRequiredLicense() && (ee()->config->item('enable_mfa') === false || ee()->config->item('enable_mfa') === 'y')) {
ee()->lang->load('pro');
$list->addItem(lang('mfa'), ee('CP/URL')->make('members/profile/pro/mfa', $this->query_string));
}
Expand Down
28 changes: 28 additions & 0 deletions system/ee/ExpressionEngine/Controller/Settings/Members.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,10 +63,38 @@ public function index()
'none' => lang('req_mbr_activation_opt_none'),
'email' => lang('req_mbr_activation_opt_email'),
'manual' => lang('req_mbr_activation_opt_manual')
),
'group_toggle' => array(
'none' => 'activation_none',
'email' => 'activation_email'
)
)
)
),
array(
'title' => 'registration_auto_login',
'desc' => 'registration_auto_login_desc',
'group' => 'activation_none',
'fields' => array(
'registration_auto_login' => array('type' => 'yes_no')
)
),
array(
'title' => 'activation_auto_login',
'desc' => 'activation_auto_login_desc',
'group' => 'activation_email',
'fields' => array(
'activation_auto_login' => array('type' => 'yes_no')
)
),
array(
'title' => 'activation_redirect',
'desc' => 'activation_redirect_desc',
'group' => 'activation_email',
'fields' => array(
'activation_redirect' => array('type' => 'text')
)
),
array(
'title' => 'approved_member_notification',
'desc' => 'approved_member_notification_desc',
Expand Down
3 changes: 2 additions & 1 deletion system/ee/ExpressionEngine/Library/CP/FileManager/Traits/FileManagerTrait.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -270,7 +270,8 @@ function ($key) {
'createNewDirectory' => false,
'ignoreChild' => false,
'addInput' => false,
'imitationButton' => true
'imitationButton' => true,
'allowMultipleFiles' => false,
];

if (!$filepickerMode || ee('Request')->get('hasUpload') == 1) {
Expand Down

0 comments on commit f2cfad6

Please sign in to comment.