From 6ca4a6aaae831df842965e15b2e02eb8271ae942 Mon Sep 17 00:00:00 2001 From: Wojdylak Date: Wed, 8 May 2024 10:26:32 +0200 Subject: [PATCH 01/23] [Maintenance] Update docker docs --- .../installation/installation_with_docker.rst | 17 ++++------ docs/cookbook/deployment/docker.rst | 33 ------------------- docs/cookbook/deployment/map.rst.inc | 1 - .../deployment.rst | 3 -- 4 files changed, 7 insertions(+), 47 deletions(-) delete mode 100644 docs/cookbook/deployment/docker.rst diff --git a/docs/book/installation/installation_with_docker.rst b/docs/book/installation/installation_with_docker.rst index f425325bc99..a8b1ad7b51f 100644 --- a/docs/book/installation/installation_with_docker.rst +++ b/docs/book/installation/installation_with_docker.rst @@ -14,7 +14,7 @@ testing, and implementation. Docker significantly reduces the delay between writ .. note:: - Make sure you have `Docker `_ installed on your local machine. + Make sure you have `Docker `_ and `make `_ installed on your local machine. Project Setup ------------- @@ -29,15 +29,12 @@ with Sylius-Standard content. Development ----------- -`Sylius Standard `_ comes with the `multi-stage build `_. -You can execute it via the ``docker compose up -d`` command in your favorite terminal. Please note that the speed of building images -and initializing containers depends on your local machine and internet connection - it may take some time. Then enter ``localhost`` in your browser or execute ``open localhost`` in your terminal. +`Sylius Standard `_ comes with the `docker compose `_ configuration. +You can start the development environment via the ``make init`` command in your favorite terminal. Please note that the speed of building images +and initializing containers depends on your local machine and internet connection - it may take some time. +Then enter ``localhost`` in your browser or execute ``open http://localhost/`` in your terminal. .. code-block:: bash - docker compose up -d - open localhost - -.. tip:: - - :doc:`Learn how to deploy Sylius-Standard production ready Docker Compose configuration ` + make init + open http://localhost/ diff --git a/docs/cookbook/deployment/docker.rst b/docs/cookbook/deployment/docker.rst deleted file mode 100644 index c2919f1c6b5..00000000000 --- a/docs/cookbook/deployment/docker.rst +++ /dev/null @@ -1,33 +0,0 @@ -How to deploy Sylius with Docker? -================================= - -The simplest way to deploy your Sylius store with Docker is to use the template provided in the Sylius-Standard ``docker-compose.prod.yml`` configuration file. - -.. tip:: - - When using a Virtual Private Server (VPS) we recommend having at least 2GB of RAM memory. - -1. Install Docker on your VPS ------------------------------ - -.. code-block:: bash - - curl -fsSL https://get.docker.com -o get-docker.sh - sudo sh get-docker.sh - -2. Execute Docker Compose Configuration ---------------------------------------- - -.. code-block:: bash - - export MYSQL_PASSWORD=SLyPJLaye7 - docker compose -f docker-compose.prod.yml up -d - -.. tip:: - - Deploying the database on the same machine as the application is not the best practice. **Use Managed Database solution instead.** - -Learn more ----------- - -* `Check out Docker learning recommendations! `_ diff --git a/docs/cookbook/deployment/map.rst.inc b/docs/cookbook/deployment/map.rst.inc index ce3f33827ea..18e78166130 100644 --- a/docs/cookbook/deployment/map.rst.inc +++ b/docs/cookbook/deployment/map.rst.inc @@ -1,3 +1,2 @@ * :doc:`/cookbook/deployment/platform-sh` * :doc:`/cookbook/deployment/cron-jobs` -* :doc:`/cookbook/deployment/docker` diff --git a/docs/getting-started-with-sylius/deployment.rst b/docs/getting-started-with-sylius/deployment.rst index 477d0c5dee5..a1cb2e6adb5 100644 --- a/docs/getting-started-with-sylius/deployment.rst +++ b/docs/getting-started-with-sylius/deployment.rst @@ -6,14 +6,11 @@ application deployment into the server. We believe, that it should be as easy an Check out our deployment cookbooks: - .. tip:: - 👉 :doc:`How to deploy Sylius to Platform.sh? ` - - 🐳 :doc:`How to deploy Sylius with Docker ` Learn more about the deployment platforms ----------------------------------------- * `Platform.sh `_ -* `Docker `_ From 3fa947e4c91eeb6166ede182825884d40615d0cf Mon Sep 17 00:00:00 2001 From: Wojdylak Date: Wed, 8 May 2024 10:33:54 +0200 Subject: [PATCH 02/23] [Maintenance] Remove unnecessary line --- docs/cookbook/index.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/cookbook/index.rst b/docs/cookbook/index.rst index 94ee35ef043..6d3ced0923b 100644 --- a/docs/cookbook/index.rst +++ b/docs/cookbook/index.rst @@ -133,7 +133,6 @@ Deployment deployment/platform-sh deployment/cron-jobs - deployment/docker .. include:: /cookbook/deployment/map.rst.inc From ac1d7279857b234be00d33369ca20a7f434e0d94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jib=C3=A9=20Barth?= Date: Wed, 8 May 2024 10:42:29 +0200 Subject: [PATCH 03/23] Add wider support for deprecation contract --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 9ab49b8c05b..e1b915190f0 100644 --- a/composer.json +++ b/composer.json @@ -93,7 +93,7 @@ "symfony/config": "^5.4.21 || ^6.4", "symfony/console": "^5.4.21 || ^6.4", "symfony/dependency-injection": "^5.4.21 || ^6.4", - "symfony/deprecation-contracts": "^2.5", + "symfony/deprecation-contracts": "^2.5 || ^3.0", "symfony/doctrine-bridge": "^5.4.21 || ^6.4", "symfony/doctrine-messenger": "^5.4.21 || ^6.4", "symfony/event-dispatcher": "^5.4.21 || ^6.4", From d4812f9c14c7b2acc1f2f64cff363533e4c77b41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Pysiak?= Date: Mon, 6 May 2024 11:33:55 +0200 Subject: [PATCH 04/23] Fix potential xss in admin panel --- .../Resources/private/js/sylius-lazy-choice-tree.js | 5 +++-- .../AdminBundle/Resources/private/js/sylius-sanitizer.js | 5 +++++ .../UiBundle/Resources/private/js/sylius-auto-complete.js | 7 ++++--- .../UiBundle/Resources/private/js/sylius-sanitizer.js | 5 +++++ 4 files changed, 17 insertions(+), 5 deletions(-) create mode 100644 src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-sanitizer.js create mode 100644 src/Sylius/Bundle/UiBundle/Resources/private/js/sylius-sanitizer.js diff --git a/src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-lazy-choice-tree.js b/src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-lazy-choice-tree.js index b1f4dd0d27d..cb34c7422bb 100644 --- a/src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-lazy-choice-tree.js +++ b/src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-lazy-choice-tree.js @@ -10,6 +10,7 @@ import 'semantic-ui-css/components/api'; import 'semantic-ui-css/components/checkbox'; import $ from 'jquery'; +import { sanitizeInput} from "./sylius-sanitizer"; const createRootContainer = function createRootContainer() { return $('
'); @@ -81,7 +82,7 @@ $.fn.extend({ onSuccess(response) { response.forEach((leafNode) => { leafContainerElement.append(( - createLeafFunc(leafNode.name, leafNode.code, leafNode.hasChildren, multiple, leafNode.level) + createLeafFunc(sanitizeInput(leafNode.name), sanitizeInput(leafNode.code), leafNode.hasChildren, multiple, leafNode.level) )); }); content.append(leafContainerElement); @@ -169,7 +170,7 @@ $.fn.extend({ const rootContainer = createRootContainer(); response.forEach((rootNode) => { rootContainer.append(( - createLeaf(rootNode.name, rootNode.code, rootNode.hasChildren, multiple, rootNode.level) + createLeaf(sanitizeInput(rootNode.name), sanitizeInput(rootNode.code), rootNode.hasChildren, multiple, rootNode.level) )); }); tree.append(rootContainer); diff --git a/src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-sanitizer.js b/src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-sanitizer.js new file mode 100644 index 00000000000..f3dd2cd4cfb --- /dev/null +++ b/src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-sanitizer.js @@ -0,0 +1,5 @@ +export function sanitizeInput(input) { + const div = document.createElement('div'); + div.textContent = input; + return div.innerHTML; // Converts text content to plain HTML, stripping any scripts +} diff --git a/src/Sylius/Bundle/UiBundle/Resources/private/js/sylius-auto-complete.js b/src/Sylius/Bundle/UiBundle/Resources/private/js/sylius-auto-complete.js index 737c47a55a2..e52a6f42dac 100644 --- a/src/Sylius/Bundle/UiBundle/Resources/private/js/sylius-auto-complete.js +++ b/src/Sylius/Bundle/UiBundle/Resources/private/js/sylius-auto-complete.js @@ -9,6 +9,7 @@ import 'semantic-ui-css/components/dropdown'; import $ from 'jquery'; +import { sanitizeInput } from "./sylius-sanitizer"; $.fn.extend({ autoComplete() { @@ -37,8 +38,8 @@ $.fn.extend({ }, onResponse(response) { let results = response.map(item => ({ - name: item[choiceName], - value: item[choiceValue], + name: sanitizeInput(item[choiceName]), + value: sanitizeInput(item[choiceValue]), })); if (!element.hasClass('multiple')) { @@ -72,7 +73,7 @@ $.fn.extend({ onSuccess(response) { response.forEach((item) => { menuElement.append(( - $(`
${item[choiceName]}
`) + $(`
${sanitizeInput(item[choiceName])}
`) )); }); diff --git a/src/Sylius/Bundle/UiBundle/Resources/private/js/sylius-sanitizer.js b/src/Sylius/Bundle/UiBundle/Resources/private/js/sylius-sanitizer.js new file mode 100644 index 00000000000..f3dd2cd4cfb --- /dev/null +++ b/src/Sylius/Bundle/UiBundle/Resources/private/js/sylius-sanitizer.js @@ -0,0 +1,5 @@ +export function sanitizeInput(input) { + const div = document.createElement('div'); + div.textContent = input; + return div.innerHTML; // Converts text content to plain HTML, stripping any scripts +} From 29d18a39935e4d6e3d59bac5ebca798bfff00fe2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Pysiak?= Date: Mon, 6 May 2024 13:42:01 +0200 Subject: [PATCH 05/23] Use function from UIBundle --- .../Resources/private/js/sylius-lazy-choice-tree.js | 2 +- .../AdminBundle/Resources/private/js/sylius-sanitizer.js | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) delete mode 100644 src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-sanitizer.js diff --git a/src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-lazy-choice-tree.js b/src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-lazy-choice-tree.js index cb34c7422bb..18bb2d3a27e 100644 --- a/src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-lazy-choice-tree.js +++ b/src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-lazy-choice-tree.js @@ -10,7 +10,7 @@ import 'semantic-ui-css/components/api'; import 'semantic-ui-css/components/checkbox'; import $ from 'jquery'; -import { sanitizeInput} from "./sylius-sanitizer"; +import { sanitizeInput } from "sylius/ui/sylius-sanitizer"; const createRootContainer = function createRootContainer() { return $('
'); diff --git a/src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-sanitizer.js b/src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-sanitizer.js deleted file mode 100644 index f3dd2cd4cfb..00000000000 --- a/src/Sylius/Bundle/AdminBundle/Resources/private/js/sylius-sanitizer.js +++ /dev/null @@ -1,5 +0,0 @@ -export function sanitizeInput(input) { - const div = document.createElement('div'); - div.textContent = input; - return div.innerHTML; // Converts text content to plain HTML, stripping any scripts -} From c11c424c1cd4918a71831152f69bc9b1915d542d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Pysiak?= Date: Tue, 7 May 2024 06:32:11 +0200 Subject: [PATCH 06/23] Fix product-auto-complete --- .../Resources/private/js/sylius-product-auto-complete.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/Sylius/Bundle/UiBundle/Resources/private/js/sylius-product-auto-complete.js b/src/Sylius/Bundle/UiBundle/Resources/private/js/sylius-product-auto-complete.js index acbe655ba32..64e34d9bfb3 100644 --- a/src/Sylius/Bundle/UiBundle/Resources/private/js/sylius-product-auto-complete.js +++ b/src/Sylius/Bundle/UiBundle/Resources/private/js/sylius-product-auto-complete.js @@ -9,6 +9,7 @@ import 'semantic-ui-css/components/dropdown'; import $ from 'jquery'; +import { sanitizeInput } from "./sylius-sanitizer"; $.fn.extend({ productAutoComplete() { @@ -38,8 +39,8 @@ $.fn.extend({ return { success: true, results: response._embedded.items.map(item => ({ - name: item.name, - value: item.code, + name: sanitizeInput(item.name), + value: sanitizeInput(item.code), })), }; }, From 0a7fe9ee4be074754bab08f04cf5ae2041bc6c73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Pysiak?= Date: Tue, 30 Apr 2024 11:24:25 +0200 Subject: [PATCH 07/23] Add js sanitizeInput function --- .../ShopBundle/Resources/private/js/sylius-province-field.js | 3 ++- .../ShopBundle/Resources/private/js/sylius-sanitizer.js | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 src/Sylius/Bundle/ShopBundle/Resources/private/js/sylius-sanitizer.js diff --git a/src/Sylius/Bundle/ShopBundle/Resources/private/js/sylius-province-field.js b/src/Sylius/Bundle/ShopBundle/Resources/private/js/sylius-province-field.js index 17b3d350cf0..8a7084930f1 100644 --- a/src/Sylius/Bundle/ShopBundle/Resources/private/js/sylius-province-field.js +++ b/src/Sylius/Bundle/ShopBundle/Resources/private/js/sylius-province-field.js @@ -8,9 +8,10 @@ */ import $ from 'jquery'; +import { sanitizeInput } from './sylius-sanitizer'; const getProvinceInputValue = function getProvinceInputValue(valueSelector) { - return valueSelector == undefined ? '' : `value="${valueSelector}"`; + return valueSelector == undefined ? '' : `value="${sanitizeInput(valueSelector)}"`; }; $.fn.extend({ diff --git a/src/Sylius/Bundle/ShopBundle/Resources/private/js/sylius-sanitizer.js b/src/Sylius/Bundle/ShopBundle/Resources/private/js/sylius-sanitizer.js new file mode 100644 index 00000000000..f3dd2cd4cfb --- /dev/null +++ b/src/Sylius/Bundle/ShopBundle/Resources/private/js/sylius-sanitizer.js @@ -0,0 +1,5 @@ +export function sanitizeInput(input) { + const div = document.createElement('div'); + div.textContent = input; + return div.innerHTML; // Converts text content to plain HTML, stripping any scripts +} From 89880cd7b3beab15be845ebc58deb875da427a06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Pysiak?= Date: Mon, 6 May 2024 13:38:23 +0200 Subject: [PATCH 08/23] Add sanitizer function to UIBundle --- .../Resources/private/js/sylius-sanitizer.js | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename src/Sylius/Bundle/{ShopBundle => UiBundle}/Resources/private/js/sylius-sanitizer.js (100%) diff --git a/src/Sylius/Bundle/ShopBundle/Resources/private/js/sylius-sanitizer.js b/src/Sylius/Bundle/UiBundle/Resources/private/js/sylius-sanitizer.js similarity index 100% rename from src/Sylius/Bundle/ShopBundle/Resources/private/js/sylius-sanitizer.js rename to src/Sylius/Bundle/UiBundle/Resources/private/js/sylius-sanitizer.js From 19cea9aa1bd13765e677943aaae5199da9db0908 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Pysiak?= Date: Mon, 6 May 2024 13:38:49 +0200 Subject: [PATCH 09/23] Use function from UIBundle --- .../ShopBundle/Resources/private/js/sylius-province-field.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Sylius/Bundle/ShopBundle/Resources/private/js/sylius-province-field.js b/src/Sylius/Bundle/ShopBundle/Resources/private/js/sylius-province-field.js index 8a7084930f1..60983648ab1 100644 --- a/src/Sylius/Bundle/ShopBundle/Resources/private/js/sylius-province-field.js +++ b/src/Sylius/Bundle/ShopBundle/Resources/private/js/sylius-province-field.js @@ -8,7 +8,7 @@ */ import $ from 'jquery'; -import { sanitizeInput } from './sylius-sanitizer'; +import { sanitizeInput } from 'sylius/ui/sylius-sanitizer'; const getProvinceInputValue = function getProvinceInputValue(valueSelector) { return valueSelector == undefined ? '' : `value="${sanitizeInput(valueSelector)}"`; From 3d66fb067253160ef40b3b300d9fc7fb0cd81fd8 Mon Sep 17 00:00:00 2001 From: Grzegorz Sadowski Date: Thu, 9 May 2024 15:20:39 +0200 Subject: [PATCH 10/23] [AddressBook] Add scenario for preventing from a potential XSS attack --- ...om_xss_attack_during_updating_address.feature | 16 ++++++++++++++++ .../Behat/Context/Setup/AddressContext.php | 13 +++++++++++++ .../Behat/Context/Ui/Shop/AddressBookContext.php | 11 ++++++++++- .../Page/Shop/Account/AddressBook/UpdatePage.php | 5 +++++ .../Account/AddressBook/UpdatePageInterface.php | 2 ++ 5 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 features/account/customer_account/address_book/preventing_from_xss_attack_during_updating_address.feature diff --git a/features/account/customer_account/address_book/preventing_from_xss_attack_during_updating_address.feature b/features/account/customer_account/address_book/preventing_from_xss_attack_during_updating_address.feature new file mode 100644 index 00000000000..4800bc5ccf5 --- /dev/null +++ b/features/account/customer_account/address_book/preventing_from_xss_attack_during_updating_address.feature @@ -0,0 +1,16 @@ +@address_book +Feature: Preventing from a potential XSS attack during updating the address + In order to keep my information safe + As a Customer + I want to be protected against the potential XSS attacks + + Background: + Given the store operates on a single channel in "United States" + And I am a logged in customer + And I have an address "Lucifer Morningstar", "Seaside Fwy", "90802", "Los Angeles", "United States", "Arkansas" in my address book + And this address has province '">' + + @ui @javascript @no-api + Scenario: Preventing from a potential XSS attack during updating the address + When I want to edit the address of "Lucifer Morningstar" + Then I should be able to update it without unexpected alert diff --git a/src/Sylius/Behat/Context/Setup/AddressContext.php b/src/Sylius/Behat/Context/Setup/AddressContext.php index f810565fff7..82c762964d7 100644 --- a/src/Sylius/Behat/Context/Setup/AddressContext.php +++ b/src/Sylius/Behat/Context/Setup/AddressContext.php @@ -66,6 +66,19 @@ public function iHaveAnAddressInAddressBook(ShopUserInterface $user, AddressInte $customer = $user->getCustomer(); $this->addAddressToCustomer($customer, $address); + + $this->sharedStorage->set('address', $address); + } + + /** + * @Given this address has province :province + */ + public function thisAddressHasProvince(string $provinceName): void + { + $address = $this->sharedStorage->get('address'); + $address->setProvinceName($provinceName); + + $this->customerManager->flush(); } /** diff --git a/src/Sylius/Behat/Context/Ui/Shop/AddressBookContext.php b/src/Sylius/Behat/Context/Ui/Shop/AddressBookContext.php index dd223762044..2b538eead96 100644 --- a/src/Sylius/Behat/Context/Ui/Shop/AddressBookContext.php +++ b/src/Sylius/Behat/Context/Ui/Shop/AddressBookContext.php @@ -41,8 +41,9 @@ public function __construct( /** * @Given I am editing the address of :fullName + * @When I want to edit the address of :fullName */ - public function iEditAddressOf($fullName) + public function iEditAddressOf(string $fullName): void { $this->sharedStorage->set('full_name', $fullName); @@ -350,6 +351,14 @@ public function addressShouldBeMarkedAsMyDefaultAddress(AddressInterface $addres Assert::same($actualFullName, $expectedFullName); } + /** + * @Then I should be able to update it without unexpected alert + */ + public function iShouldBeAbleToUpdateItWithoutUnexpectedAlert(): void + { + $this->addressBookUpdatePage->waitForFormToStopLoading(); + } + /** * @param string $fullName * diff --git a/src/Sylius/Behat/Page/Shop/Account/AddressBook/UpdatePage.php b/src/Sylius/Behat/Page/Shop/Account/AddressBook/UpdatePage.php index 5cda3d3606f..5308a0f4278 100644 --- a/src/Sylius/Behat/Page/Shop/Account/AddressBook/UpdatePage.php +++ b/src/Sylius/Behat/Page/Shop/Account/AddressBook/UpdatePage.php @@ -71,6 +71,11 @@ public function selectCountry(string $name): void JQueryHelper::waitForFormToStopLoading($this->getDocument()); } + public function waitForFormToStopLoading(): void + { + JQueryHelper::waitForFormToStopLoading($this->getDocument()); + } + public function saveChanges(): void { JQueryHelper::waitForFormToStopLoading($this->getDocument()); diff --git a/src/Sylius/Behat/Page/Shop/Account/AddressBook/UpdatePageInterface.php b/src/Sylius/Behat/Page/Shop/Account/AddressBook/UpdatePageInterface.php index 336354eca79..5988a1da23f 100644 --- a/src/Sylius/Behat/Page/Shop/Account/AddressBook/UpdatePageInterface.php +++ b/src/Sylius/Behat/Page/Shop/Account/AddressBook/UpdatePageInterface.php @@ -29,5 +29,7 @@ public function selectProvince(string $name): void; public function selectCountry(string $name): void; + public function waitForFormToStopLoading(): void; + public function saveChanges(): void; } From 925554057badcc1fb0397f5f64714e871a483c9d Mon Sep 17 00:00:00 2001 From: Grzegorz Sadowski Date: Fri, 10 May 2024 07:13:15 +0200 Subject: [PATCH 11/23] [Checkout] Add scenario for preventing from a potential XSS attack --- ...ng_from_xss_attack_during_checkout.feature | 21 +++++++++++++++++++ .../Checkout/CheckoutAddressingContext.php | 8 +++++++ .../Behat/Page/Shop/Checkout/AddressPage.php | 5 +++++ .../Shop/Checkout/AddressPageInterface.php | 2 ++ 4 files changed, 36 insertions(+) create mode 100644 features/checkout/addressing_order/preventing_from_xss_attack_during_checkout.feature diff --git a/features/checkout/addressing_order/preventing_from_xss_attack_during_checkout.feature b/features/checkout/addressing_order/preventing_from_xss_attack_during_checkout.feature new file mode 100644 index 00000000000..848f166dce3 --- /dev/null +++ b/features/checkout/addressing_order/preventing_from_xss_attack_during_checkout.feature @@ -0,0 +1,21 @@ +@checkout +Feature: Preventing from a potential XSS attack during updating the address in the checkout + In order to keep my information safe + As a Visitor + I want to be protected against the potential XSS attacks + + Background: + Given the store operates on a single channel in "United States" + And the store has a product "PHP T-Shirt" priced at "$19.99" + And the store ships everywhere for Free + And I have product "PHP T-Shirt" in the cart + And I am at the checkout addressing step + + @ui @javascript @no-api + Scenario: Preventing from a potential XSS attack during updating the address in the checkout + When I specify the email as "john.doe@example.com" + And I specify the billing address as "Ankh Morpork", "Frost Alley", "90210", "United States" for "Jon Doe" + And I specify the province name manually as '">' for billing address + And I complete the addressing step + And I decide to change my address + Then I should be able to update the address without unexpected alert diff --git a/src/Sylius/Behat/Context/Ui/Shop/Checkout/CheckoutAddressingContext.php b/src/Sylius/Behat/Context/Ui/Shop/Checkout/CheckoutAddressingContext.php index 05763b94ac0..ee2d9d9f574 100644 --- a/src/Sylius/Behat/Context/Ui/Shop/Checkout/CheckoutAddressingContext.php +++ b/src/Sylius/Behat/Context/Ui/Shop/Checkout/CheckoutAddressingContext.php @@ -484,6 +484,14 @@ public function shouldHaveCountriesToChooseFrom(string ...$countries): void Assert::same($availableBillingCountries, $countries); } + /** + * @Then I should be able to update the address without unexpected alert + */ + public function iShouldBeAbleToUpdateTheAddressWithoutUnexpectedAlert(): void + { + $this->addressPage->waitForFormToStopLoading(); + } + /** * @return AddressInterface */ diff --git a/src/Sylius/Behat/Page/Shop/Checkout/AddressPage.php b/src/Sylius/Behat/Page/Shop/Checkout/AddressPage.php index 89fea14f9f5..26aea7708ed 100644 --- a/src/Sylius/Behat/Page/Shop/Checkout/AddressPage.php +++ b/src/Sylius/Behat/Page/Shop/Checkout/AddressPage.php @@ -281,6 +281,11 @@ public function getAvailableBillingCountries(): array return $this->getOptionsFromSelect($this->getElement('billing_country')); } + public function waitForFormToStopLoading(): void + { + JQueryHelper::waitForFormToStopLoading($this->getDocument()); + } + protected function getDefinedElements(): array { return array_merge(parent::getDefinedElements(), [ diff --git a/src/Sylius/Behat/Page/Shop/Checkout/AddressPageInterface.php b/src/Sylius/Behat/Page/Shop/Checkout/AddressPageInterface.php index de0fa8ad7a6..2a787df6f16 100644 --- a/src/Sylius/Behat/Page/Shop/Checkout/AddressPageInterface.php +++ b/src/Sylius/Behat/Page/Shop/Checkout/AddressPageInterface.php @@ -81,4 +81,6 @@ public function getAvailableBillingCountries(): array; public function isDifferentShippingAddressChecked(): bool; public function isShippingAddressVisible(): bool; + + public function waitForFormToStopLoading(): void; } From 30de6ff277a0617d16a9f8b64541a46622752cb7 Mon Sep 17 00:00:00 2001 From: Grzegorz Sadowski Date: Fri, 10 May 2024 07:22:38 +0200 Subject: [PATCH 12/23] [Behat] Minor scenarios improvements after code review --- ... => preventing_xss_attack_during_updating_address.feature} | 4 ++-- ....feature => preventing_xss_attack_during_checkout.feature} | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) rename features/account/customer_account/address_book/{preventing_from_xss_attack_during_updating_address.feature => preventing_xss_attack_during_updating_address.feature} (81%) rename features/checkout/addressing_order/{preventing_from_xss_attack_during_checkout.feature => preventing_xss_attack_during_checkout.feature} (85%) diff --git a/features/account/customer_account/address_book/preventing_from_xss_attack_during_updating_address.feature b/features/account/customer_account/address_book/preventing_xss_attack_during_updating_address.feature similarity index 81% rename from features/account/customer_account/address_book/preventing_from_xss_attack_during_updating_address.feature rename to features/account/customer_account/address_book/preventing_xss_attack_during_updating_address.feature index 4800bc5ccf5..db2cc2adc7f 100644 --- a/features/account/customer_account/address_book/preventing_from_xss_attack_during_updating_address.feature +++ b/features/account/customer_account/address_book/preventing_xss_attack_during_updating_address.feature @@ -1,5 +1,5 @@ @address_book -Feature: Preventing from a potential XSS attack during updating the address +Feature: Preventing a potential XSS attack during updating the address In order to keep my information safe As a Customer I want to be protected against the potential XSS attacks @@ -11,6 +11,6 @@ Feature: Preventing from a potential XSS attack during updating the address And this address has province '">' @ui @javascript @no-api - Scenario: Preventing from a potential XSS attack during updating the address + Scenario: Preventing a potential XSS attack during updating the address When I want to edit the address of "Lucifer Morningstar" Then I should be able to update it without unexpected alert diff --git a/features/checkout/addressing_order/preventing_from_xss_attack_during_checkout.feature b/features/checkout/addressing_order/preventing_xss_attack_during_checkout.feature similarity index 85% rename from features/checkout/addressing_order/preventing_from_xss_attack_during_checkout.feature rename to features/checkout/addressing_order/preventing_xss_attack_during_checkout.feature index 848f166dce3..f8c11316fd4 100644 --- a/features/checkout/addressing_order/preventing_from_xss_attack_during_checkout.feature +++ b/features/checkout/addressing_order/preventing_xss_attack_during_checkout.feature @@ -1,5 +1,5 @@ @checkout -Feature: Preventing from a potential XSS attack during updating the address in the checkout +Feature: Preventing a potential XSS attack during updating the address in the checkout In order to keep my information safe As a Visitor I want to be protected against the potential XSS attacks @@ -12,7 +12,7 @@ Feature: Preventing from a potential XSS attack during updating the address in t And I am at the checkout addressing step @ui @javascript @no-api - Scenario: Preventing from a potential XSS attack during updating the address in the checkout + Scenario: Preventing a potential XSS attack during updating the address in the checkout When I specify the email as "john.doe@example.com" And I specify the billing address as "Ankh Morpork", "Frost Alley", "90210", "United States" for "Jon Doe" And I specify the province name manually as '">' for billing address From a17de6d1ed47155277732bcfab61fb491cac8cb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Pysiak?= Date: Fri, 10 May 2024 06:23:32 +0200 Subject: [PATCH 13/23] Test adding new taxon --- ...g_xss_attack_while_adding_a_new_taxon.feature | 16 ++++++++++++++++ .../Context/Ui/Admin/ManagingTaxonsContext.php | 1 + 2 files changed, 17 insertions(+) create mode 100644 features/taxonomy/managing_taxons/preventing_xss_attack_while_adding_a_new_taxon.feature diff --git a/features/taxonomy/managing_taxons/preventing_xss_attack_while_adding_a_new_taxon.feature b/features/taxonomy/managing_taxons/preventing_xss_attack_while_adding_a_new_taxon.feature new file mode 100644 index 00000000000..f3327f47328 --- /dev/null +++ b/features/taxonomy/managing_taxons/preventing_xss_attack_while_adding_a_new_taxon.feature @@ -0,0 +1,16 @@ +@managing_taxons +Feature: Preventing a potential XSS attack while adding new taxon + In order to keep my information safe + As an Administrator + I want to be protected against the potential XSS attacks + + Background: + Given the store operates on a single channel in "United States" + And the store has "Category" taxonomy + And the store has "" taxonomy + And I am logged in as an administrator + + @ui @javascript @no-api + Scenario: Preventing a potential XSS attack while adding new taxon + When I want to create a new taxon + Then I should be able to change its parent taxon to "Category" diff --git a/src/Sylius/Behat/Context/Ui/Admin/ManagingTaxonsContext.php b/src/Sylius/Behat/Context/Ui/Admin/ManagingTaxonsContext.php index 3a193a15730..5ae3bb21100 100644 --- a/src/Sylius/Behat/Context/Ui/Admin/ManagingTaxonsContext.php +++ b/src/Sylius/Behat/Context/Ui/Admin/ManagingTaxonsContext.php @@ -136,6 +136,7 @@ public function iDescribeItAs($description, $language) /** * @Given /^I set its (parent taxon to "[^"]+")$/ * @Given /^I change its (parent taxon to "[^"]+")$/ + * @Given /^I should be able to change its (parent taxon to "[^"]+")$/ */ public function iChangeItsParentTaxonTo(TaxonInterface $taxon) { From d25edf3ff097dbb704ecf4dc35b766526008516a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Pysiak?= Date: Fri, 10 May 2024 07:03:27 +0200 Subject: [PATCH 14/23] Test adding new simple product --- ..._xss_attack_while_adding_a_new_product.feature | 15 +++++++++++++++ .../Context/Ui/Admin/ManagingProductsContext.php | 1 + 2 files changed, 16 insertions(+) create mode 100644 features/product/managing_products/preventing_xss_attack_while_adding_a_new_product.feature diff --git a/features/product/managing_products/preventing_xss_attack_while_adding_a_new_product.feature b/features/product/managing_products/preventing_xss_attack_while_adding_a_new_product.feature new file mode 100644 index 00000000000..ba056c0e90b --- /dev/null +++ b/features/product/managing_products/preventing_xss_attack_while_adding_a_new_product.feature @@ -0,0 +1,15 @@ +@managing_products +Feature: Preventing a potential XSS attack while adding new product + In order to keep my information safe + As an Administrator + I want to be protected against the potential XSS attacks + + Background: + Given the store operates on a single channel in "United States" + And the store has "" taxonomy + And I am logged in as an administrator + + @ui @javascript @no-api + Scenario: Preventing a potential XSS attack while adding new product + When I want to create a new simple product + Then I should be able to name it "No XSS" in "English (United States)" diff --git a/src/Sylius/Behat/Context/Ui/Admin/ManagingProductsContext.php b/src/Sylius/Behat/Context/Ui/Admin/ManagingProductsContext.php index 0c17a02ced6..c490fe20794 100644 --- a/src/Sylius/Behat/Context/Ui/Admin/ManagingProductsContext.php +++ b/src/Sylius/Behat/Context/Ui/Admin/ManagingProductsContext.php @@ -88,6 +88,7 @@ public function iSpecifyItsCodeAs($code = null) * @When I do not name it * @When I name it :name in :language * @When I rename it to :name in :language + * @When I should be able to name it :name in :language */ public function iRenameItToIn(?string $name = null, ?string $language = null): void { From 63c3cf7a12ff7e1471ef3af2e2141c474e42aa03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Pysiak?= Date: Fri, 10 May 2024 07:23:18 +0200 Subject: [PATCH 15/23] Test adding similar products --- ...xss_attack_while_adding_a_new_product.feature | 7 +++++++ ...ting_xss_attack_while_editing_product.feature | 16 ++++++++++++++++ .../Context/Ui/Admin/ManagingProductsContext.php | 2 ++ 3 files changed, 25 insertions(+) create mode 100644 features/product/managing_products/preventing_xss_attack_while_editing_product.feature diff --git a/features/product/managing_products/preventing_xss_attack_while_adding_a_new_product.feature b/features/product/managing_products/preventing_xss_attack_while_adding_a_new_product.feature index ba056c0e90b..7820b56c223 100644 --- a/features/product/managing_products/preventing_xss_attack_while_adding_a_new_product.feature +++ b/features/product/managing_products/preventing_xss_attack_while_adding_a_new_product.feature @@ -7,9 +7,16 @@ Feature: Preventing a potential XSS attack while adding new product Background: Given the store operates on a single channel in "United States" And the store has "" taxonomy + And the store has "No XSS" taxonomy And I am logged in as an administrator @ui @javascript @no-api Scenario: Preventing a potential XSS attack while adding new product When I want to create a new simple product Then I should be able to name it "No XSS" in "English (United States)" + + @ui @javascript @no-api + Scenario: Preventing a potential XSS attack while choosing main taxon for a new product + When I want to create a new simple product + Then I should be able to choose main taxon "No XSS" + diff --git a/features/product/managing_products/preventing_xss_attack_while_editing_product.feature b/features/product/managing_products/preventing_xss_attack_while_editing_product.feature new file mode 100644 index 00000000000..2b058d1544e --- /dev/null +++ b/features/product/managing_products/preventing_xss_attack_while_editing_product.feature @@ -0,0 +1,16 @@ +@managing_products +Feature: Preventing a potential XSS attack while selecting similar product + In order to keep my information safe + As an Administrator + I want to be protected against the potential XSS attacks + + Background: + Given the store operates on a single channel in "United States" + And the store has a product association type "Accessories" + And the store has "" and "LG headphones" products + And I am logged in as an administrator + + @ui @javascript @no-api + Scenario: Preventing a potential XSS attack while editing product + When I want to create a new simple product + Then I should be able to associate as "Accessories" the "LG headphones" product diff --git a/src/Sylius/Behat/Context/Ui/Admin/ManagingProductsContext.php b/src/Sylius/Behat/Context/Ui/Admin/ManagingProductsContext.php index c490fe20794..4d78fa877e5 100644 --- a/src/Sylius/Behat/Context/Ui/Admin/ManagingProductsContext.php +++ b/src/Sylius/Behat/Context/Ui/Admin/ManagingProductsContext.php @@ -748,6 +748,7 @@ public function theOptionFieldShouldBeDisabled() /** * @When /^I choose main (taxon "[^"]+")$/ + * @When /^I should be able to choose main taxon "([^"]+)"$/ */ public function iChooseMainTaxon(TaxonInterface $taxon) { @@ -820,6 +821,7 @@ public function iAttachImageWithType($path, $type = null) /** * @When I associate as :productAssociationType the :productName product + * @When I should be able to associate as :productAssociationType the :productName product * @When I associate as :productAssociationType the :firstProductName and :secondProductName products */ public function iAssociateProductsAsProductAssociation( From 679e79352156f19e1747ab1d735070187b3788d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Pysiak?= Date: Fri, 10 May 2024 08:02:15 +0200 Subject: [PATCH 16/23] Fixes after CR --- src/Sylius/Behat/Context/Ui/Admin/ManagingProductsContext.php | 4 ++-- src/Sylius/Behat/Context/Ui/Admin/ManagingTaxonsContext.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Sylius/Behat/Context/Ui/Admin/ManagingProductsContext.php b/src/Sylius/Behat/Context/Ui/Admin/ManagingProductsContext.php index 4d78fa877e5..5a32b027072 100644 --- a/src/Sylius/Behat/Context/Ui/Admin/ManagingProductsContext.php +++ b/src/Sylius/Behat/Context/Ui/Admin/ManagingProductsContext.php @@ -748,7 +748,7 @@ public function theOptionFieldShouldBeDisabled() /** * @When /^I choose main (taxon "[^"]+")$/ - * @When /^I should be able to choose main taxon "([^"]+)"$/ + * @Then /^I should be able to choose main (taxon "[^"]+")$/ */ public function iChooseMainTaxon(TaxonInterface $taxon) { @@ -821,8 +821,8 @@ public function iAttachImageWithType($path, $type = null) /** * @When I associate as :productAssociationType the :productName product - * @When I should be able to associate as :productAssociationType the :productName product * @When I associate as :productAssociationType the :firstProductName and :secondProductName products + * @Then I should be able to associate as :productAssociationType the :productName product */ public function iAssociateProductsAsProductAssociation( ProductAssociationTypeInterface $productAssociationType, diff --git a/src/Sylius/Behat/Context/Ui/Admin/ManagingTaxonsContext.php b/src/Sylius/Behat/Context/Ui/Admin/ManagingTaxonsContext.php index 5ae3bb21100..3a31e7fda2e 100644 --- a/src/Sylius/Behat/Context/Ui/Admin/ManagingTaxonsContext.php +++ b/src/Sylius/Behat/Context/Ui/Admin/ManagingTaxonsContext.php @@ -136,7 +136,7 @@ public function iDescribeItAs($description, $language) /** * @Given /^I set its (parent taxon to "[^"]+")$/ * @Given /^I change its (parent taxon to "[^"]+")$/ - * @Given /^I should be able to change its (parent taxon to "[^"]+")$/ + * @Then /^I should be able to change its (parent taxon to "[^"]+")$/ */ public function iChangeItsParentTaxonTo(TaxonInterface $taxon) { From 3b82e93256911f6d908c736d4b747f737d3a0c92 Mon Sep 17 00:00:00 2001 From: Grzegorz Sadowski Date: Fri, 10 May 2024 09:45:26 +0200 Subject: [PATCH 17/23] [Behat] Minor scenarios improvements --- ... => preventing_xss_attack_while_adding_new_product.feature} | 3 +-- ...re => preventing_xss_attack_while_adding_new_taxon.feature} | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) rename features/product/managing_products/{preventing_xss_attack_while_adding_a_new_product.feature => preventing_xss_attack_while_adding_new_product.feature} (92%) rename features/taxonomy/managing_taxons/{preventing_xss_attack_while_adding_a_new_taxon.feature => preventing_xss_attack_while_adding_new_taxon.feature} (89%) diff --git a/features/product/managing_products/preventing_xss_attack_while_adding_a_new_product.feature b/features/product/managing_products/preventing_xss_attack_while_adding_new_product.feature similarity index 92% rename from features/product/managing_products/preventing_xss_attack_while_adding_a_new_product.feature rename to features/product/managing_products/preventing_xss_attack_while_adding_new_product.feature index 7820b56c223..8ab868842a6 100644 --- a/features/product/managing_products/preventing_xss_attack_while_adding_a_new_product.feature +++ b/features/product/managing_products/preventing_xss_attack_while_adding_new_product.feature @@ -1,5 +1,5 @@ @managing_products -Feature: Preventing a potential XSS attack while adding new product +Feature: Preventing a potential XSS attack while adding a new product In order to keep my information safe As an Administrator I want to be protected against the potential XSS attacks @@ -19,4 +19,3 @@ Feature: Preventing a potential XSS attack while adding new product Scenario: Preventing a potential XSS attack while choosing main taxon for a new product When I want to create a new simple product Then I should be able to choose main taxon "No XSS" - diff --git a/features/taxonomy/managing_taxons/preventing_xss_attack_while_adding_a_new_taxon.feature b/features/taxonomy/managing_taxons/preventing_xss_attack_while_adding_new_taxon.feature similarity index 89% rename from features/taxonomy/managing_taxons/preventing_xss_attack_while_adding_a_new_taxon.feature rename to features/taxonomy/managing_taxons/preventing_xss_attack_while_adding_new_taxon.feature index f3327f47328..72f507aad82 100644 --- a/features/taxonomy/managing_taxons/preventing_xss_attack_while_adding_a_new_taxon.feature +++ b/features/taxonomy/managing_taxons/preventing_xss_attack_while_adding_new_taxon.feature @@ -1,5 +1,5 @@ @managing_taxons -Feature: Preventing a potential XSS attack while adding new taxon +Feature: Preventing a potential XSS attack while adding a new taxon In order to keep my information safe As an Administrator I want to be protected against the potential XSS attacks From d29310a2d8ea7a8651902747d388db7f426e7e7f Mon Sep 17 00:00:00 2001 From: Grzegorz Sadowski Date: Fri, 10 May 2024 10:34:39 +0200 Subject: [PATCH 18/23] Change application's version to v1.12.16 --- composer.json | 2 +- src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index f8ae48357c9..bea8972b6dc 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "sylius/sylius", "type": "library", - "version": "v1.12.16-dev", + "version": "v1.12.16", "description": "E-Commerce platform for PHP, based on Symfony framework.", "homepage": "https://sylius.com", "license": "MIT", diff --git a/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php b/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php index 211005815c0..4c3831d656d 100644 --- a/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php +++ b/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php @@ -40,7 +40,7 @@ final class SyliusCoreBundle extends AbstractResourceBundle { - public const VERSION = '1.12.16-DEV'; + public const VERSION = '1.12.16'; public const VERSION_ID = '11216'; @@ -50,7 +50,7 @@ final class SyliusCoreBundle extends AbstractResourceBundle public const RELEASE_VERSION = '16'; - public const EXTRA_VERSION = 'DEV'; + public const EXTRA_VERSION = ''; public function getSupportedDrivers(): array { From 90d580fc19ee56d53cf6d312233ee4c664109756 Mon Sep 17 00:00:00 2001 From: Grzegorz Sadowski Date: Fri, 10 May 2024 10:39:33 +0200 Subject: [PATCH 19/23] Generate changelog for v1.12.16 --- CHANGELOG-1.12.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG-1.12.md b/CHANGELOG-1.12.md index b36d150a847..d5adaa2dcd0 100644 --- a/CHANGELOG-1.12.md +++ b/CHANGELOG-1.12.md @@ -1,5 +1,14 @@ # CHANGELOG FOR `1.12.X` +## v1.12.16 (2024-05-10) + +#### Details + +- [#16190](https://github.com/Sylius/Sylius/issues/16190) Fix products grid ([@kulczy](https://github.com/kulczy)) +- [#16196](https://github.com/Sylius/Sylius/issues/16196) Fix product review validation's notInRangeMessage ([@mpysiak](https://github.com/mpysiak)) +- [#16241](https://github.com/Sylius/Sylius/issues/16241) [Security] Fixes for potential XSS in the Checkout, Address Book and Admin Panel ([@GSadee](https://github.com/GSadee)) +- [#16232](https://github.com/Sylius/Sylius/issues/16232) [Maintenance] Update docker docs ([@Wojdylak](https://github.com/Wojdylak)) + ## v1.12.15 (2024-04-23) #### Details From 56c8725ca705ac9f9b0615158e2739eee9a3016c Mon Sep 17 00:00:00 2001 From: Grzegorz Sadowski Date: Fri, 10 May 2024 10:40:08 +0200 Subject: [PATCH 20/23] Change application's version to v1.12.17-dev --- composer.json | 2 +- src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/composer.json b/composer.json index bea8972b6dc..75cfdc9cbc2 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "sylius/sylius", "type": "library", - "version": "v1.12.16", + "version": "v1.12.17-dev", "description": "E-Commerce platform for PHP, based on Symfony framework.", "homepage": "https://sylius.com", "license": "MIT", diff --git a/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php b/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php index 4c3831d656d..083afead7f4 100644 --- a/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php +++ b/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php @@ -40,17 +40,17 @@ final class SyliusCoreBundle extends AbstractResourceBundle { - public const VERSION = '1.12.16'; + public const VERSION = '1.12.17-DEV'; - public const VERSION_ID = '11216'; + public const VERSION_ID = '11217'; public const MAJOR_VERSION = '1'; public const MINOR_VERSION = '12'; - public const RELEASE_VERSION = '16'; + public const RELEASE_VERSION = '17'; - public const EXTRA_VERSION = ''; + public const EXTRA_VERSION = 'DEV'; public function getSupportedDrivers(): array { From 22bc3d9e31a293ec6cb142edfee7125a03df286c Mon Sep 17 00:00:00 2001 From: Grzegorz Sadowski Date: Fri, 10 May 2024 10:45:56 +0200 Subject: [PATCH 21/23] Change application's version to v1.13.1 --- composer.json | 2 +- src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index e1b915190f0..a56f255e4f0 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "sylius/sylius", "type": "library", - "version": "v1.13.1-dev", + "version": "v1.13.1", "description": "E-Commerce platform for PHP, based on Symfony framework.", "homepage": "https://sylius.com", "license": "MIT", diff --git a/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php b/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php index c2ed1ac24e2..ebcc58e656a 100644 --- a/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php +++ b/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php @@ -43,7 +43,7 @@ final class SyliusCoreBundle extends AbstractResourceBundle { - public const VERSION = '1.13.1-DEV'; + public const VERSION = '1.13.1'; public const VERSION_ID = '11301'; @@ -53,7 +53,7 @@ final class SyliusCoreBundle extends AbstractResourceBundle public const RELEASE_VERSION = '1'; - public const EXTRA_VERSION = 'DEV'; + public const EXTRA_VERSION = ''; public function getSupportedDrivers(): array { From f14bca0af488fdc98682ced03336b5d4ab030774 Mon Sep 17 00:00:00 2001 From: Grzegorz Sadowski Date: Fri, 10 May 2024 10:47:15 +0200 Subject: [PATCH 22/23] Generate changelog for v1.13.1 --- CHANGELOG-1.13.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG-1.13.md b/CHANGELOG-1.13.md index 4c9c1d43a4d..56cef2adc83 100644 --- a/CHANGELOG-1.13.md +++ b/CHANGELOG-1.13.md @@ -1,5 +1,16 @@ # CHANGELOG FOR `1.13.X` +## v1.13.1 (2024-05-10) + +#### Details + +- [#16176](https://github.com/Sylius/Sylius/issues/16176) [Maintenance][AbstractStateMachine] Add Sylius logo to readme ([@Wojdylak](https://github.com/Wojdylak)) +- [#16190](https://github.com/Sylius/Sylius/issues/16190) Fix products grid ([@kulczy](https://github.com/kulczy)) +- [#16196](https://github.com/Sylius/Sylius/issues/16196) Fix product review validation's notInRangeMessage ([@mpysiak](https://github.com/mpysiak)) +- [#16241](https://github.com/Sylius/Sylius/issues/16241) [Security] Fixes for potential XSS in the Checkout, Address Book and Admin Panel ([@GSadee](https://github.com/GSadee)) +- [#16232](https://github.com/Sylius/Sylius/issues/16232) [Maintenance] Update docker docs ([@Wojdylak](https://github.com/Wojdylak)) +- [#16233](https://github.com/Sylius/Sylius/issues/16233) Add wider support for deprecation contract ([@Jibbarth](https://github.com/Jibbarth)) + ## v1.13.0 (2024-04-23) #### Details From 4244cfc6713e86e2509f321d8fcc33662d3b6b5c Mon Sep 17 00:00:00 2001 From: Grzegorz Sadowski Date: Fri, 10 May 2024 10:47:39 +0200 Subject: [PATCH 23/23] Change application's version to v1.13.2-dev --- composer.json | 2 +- src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/composer.json b/composer.json index a56f255e4f0..f643fb26041 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "sylius/sylius", "type": "library", - "version": "v1.13.1", + "version": "v1.13.2-dev", "description": "E-Commerce platform for PHP, based on Symfony framework.", "homepage": "https://sylius.com", "license": "MIT", diff --git a/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php b/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php index ebcc58e656a..68d241c4a8c 100644 --- a/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php +++ b/src/Sylius/Bundle/CoreBundle/SyliusCoreBundle.php @@ -43,17 +43,17 @@ final class SyliusCoreBundle extends AbstractResourceBundle { - public const VERSION = '1.13.1'; + public const VERSION = '1.13.2-DEV'; - public const VERSION_ID = '11301'; + public const VERSION_ID = '11302'; public const MAJOR_VERSION = '1'; public const MINOR_VERSION = '13'; - public const RELEASE_VERSION = '1'; + public const RELEASE_VERSION = '2'; - public const EXTRA_VERSION = ''; + public const EXTRA_VERSION = 'DEV'; public function getSupportedDrivers(): array {