CHANGELOG.md

@@ -1,5 +1,20 @@
 # Contao core bundle change log
 
+### 4.3.8 (2017-04-24)
+
+ * Inline small images in protected folders in the file manager (see #636).
+ * Correctly encode the URL in the DataContainer::switchToEdit() method (see #762).
+ * Fix the parent view drag and drop in Firefox (see #666).
+ * Correctly display the search results in the extended tree view (see #739).
+ * Update the Punycode library to version 2 (see #748).
+ * Fix the "delete file" button for non-admin users (see #764).
+ * Prevent endless loops in the book navigation module (see contao/core#8665).
+ * Limit the maximum size of dimensionless SVGs in the back end (see contao/core#8684).
+ * Correctly support 64 character template names everywhere (see contao/core#6819).
+ * Remove the UTF-8 BOM when combining files (see contao/core#8689).
+ * Correctly move folders with an "@" in their name (see contao/core#8674).
+ * Correctly redirect to the last page visited upon login (see contao/core#8632).
+
 ### 4.3.7 (2017-03-23)
 
  * Check the database connection in the WebsiteRootsConfigProvider class.

README.md

@@ -52,7 +52,7 @@ ContaoCoreBundle:
     resource: "@ContaoCoreBundle/Resources/config/routing.yml"
 ```
 
-Add the following entries to your `app/config/security.yml` file:
+Replace the content of your `app/config/security.yml` file with the following:
 
 ```yml
 imports:

composer.json

@@ -36,11 +36,11 @@
         "oyejorge/less.php": "^1.7",
         "patchwork/utf8": "^1.2",
         "phpspec/php-diff": "^1.0",
+        "phpunit/php-token-stream": "^1.4",
         "psr/log": "^1.0",
         "simplepie/simplepie": "^1.3",
-        "swiftmailer/swiftmailer": "^5.4.5",
         "tecnickcom/tcpdf": "^6.0",
-        "true/punycode": "^1.0",
+        "true/punycode": "^2.0",
         "twig/twig": "^1.20",
         "contao/image": "^0.3.1",
         "contao/imagine-svg": "^0.1.2",
@@ -86,7 +86,8 @@
         "contao/core": "*",
         "contao/manager-plugin": "<2.0 || >=3.0",
         "doctrine/orm": "<2.4",
-        "doctrine/doctrine-migrations-bundle": "<1.1"
+        "doctrine/doctrine-migrations-bundle": "<1.1",
+        "swiftmailer/swiftmailer": "<5.4.5"
     },
     "autoload": {
         "psr-4": {

src/Config/Dumper/CombinedFileDumper.php

@@ -10,6 +10,7 @@
 
 namespace Contao\CoreBundle\Config\Dumper;
 
+use Contao\CoreBundle\Config\Loader\PhpFileLoader;
 use Symfony\Component\Config\Loader\LoaderInterface;
 use Symfony\Component\Filesystem\Filesystem;
 
@@ -83,19 +84,11 @@ public function setHeader($header)
      */
     public function dump($files, $cacheFile, array $options = [])
     {
-        $type = isset($options['type']) ? $options['type'] : null;
         $buffer = $this->header;
+        $type = $this->addNamespace ? PhpFileLoader::NAMESPACED : null;
 
         foreach ((array) $files as $file) {
-            if ($this->addNamespace) {
-                $buffer .= "\nnamespace {";
-            }
-
             $buffer .= $this->loader->load($file, $type);
-
-            if ($this->addNamespace) {
-                $buffer .= "\n}\n";
-            }
         }
 
         $this->filesystem->dumpFile($this->cacheDir.'/'.$cacheFile, $buffer);

src/Config/Loader/PhpFileLoader.php

@@ -17,9 +17,12 @@
  *
  * @author Andreas Schempp <https://github.com/aschempp>
  * @author Leo Feyer <https://github.com/leofeyer>
+ * @author Yanick Witschi <https://github.com/Toflar>
  */
 class PhpFileLoader extends Loader
 {
+    const NAMESPACED = 'namespaced';
+
     /**
      * Reads the contents of a PHP file stripping the opening and closing PHP tags.
      *
@@ -30,29 +33,15 @@ class PhpFileLoader extends Loader
      */
     public function load($file, $type = null)
     {
-        $code = rtrim(file_get_contents($file));
+        list($code, $namespace) = $this->parseFile($file);
 
-        // Opening tag
-        if (0 === strncmp($code, '<?php', 5)) {
-            $code = substr($code, 5);
-        }
+        $code = $this->stripLegacyCheck($code);
 
-        // Access check
-        $code = str_replace(
-            [
-                " if (!defined('TL_ROOT')) die('You cannot access this file directly!');",
-                " if (!defined('TL_ROOT')) die('You can not access this file directly!');",
-            ],
-            '',
-            $code
-        );
-
-        // Closing tag
-        if (substr($code, -2) === '?>') {
-            $code = substr($code, 0, -2);
+        if (false !== $namespace && self::NAMESPACED === $type) {
+            $code = sprintf("\nnamespace %s {%s}\n", $namespace, $code);
         }
 
-        return rtrim($code)."\n";
+        return $code;
     }
 
     /**
@@ -62,4 +51,95 @@ public function supports($resource, $type = null)
     {
         return 'php' === pathinfo($resource, PATHINFO_EXTENSION);
     }
+
+    /**
+     * Parses a file and returns the code and namespace.
+     *
+     * @param string $file
+     *
+     * @return array
+     */
+    private function parseFile($file)
+    {
+        $code = '';
+        $namespace = '';
+        $buffer = false;
+        $stream = new \PHP_Token_Stream($file);
+
+        foreach ($stream as $token) {
+            switch (true) {
+                case $token instanceof \PHP_Token_OPEN_TAG:
+                case $token instanceof \PHP_Token_CLOSE_TAG:
+                    // remove
+                    break;
+
+                case false !== $buffer:
+                    $buffer .= $token;
+
+                    if (';' === (string) $token) {
+                        $code .= $this->handleDeclare($buffer);
+                        $buffer = false;
+                    }
+                    break;
+
+                case $token instanceof \PHP_Token_NAMESPACE:
+                    if ('{' === $token->getName()) {
+                        $namespace = false;
+                        $code .= $token;
+                    } else {
+                        $namespace = $token->getName();
+                        $stream->seek($token->getEndTokenId());
+                    }
+                    break;
+
+                case $token instanceof \PHP_Token_DECLARE:
+                    $buffer = (string) $token;
+                    break;
+
+                default:
+                    $code .= $token;
+            }
+        }
+
+        return [$code, $namespace];
+    }
+
+    /**
+     * Handles the declare() statement.
+     *
+     * @param string $code
+     *
+     * @return string
+     */
+    private function handleDeclare($code)
+    {
+        $code = preg_replace('/(,\s*)?strict_types\s*=\s*1(\s*,)?/', '', $code);
+
+        if (preg_match('/declare\(\s*\)/', $code)) {
+            return '';
+        }
+
+        return str_replace(' ', '', $code);
+    }
+
+    /**
+     * Strips the legacy check from the code.
+     *
+     * @param string $code
+     *
+     * @return string
+     */
+    private function stripLegacyCheck($code)
+    {
+        $code = str_replace(
+            [
+                "if (!defined('TL_ROOT')) die('You cannot access this file directly!');",
+                "if (!defined('TL_ROOT')) die('You can not access this file directly!');",
+            ],
+            '',
+            $code
+        );
+
+        return "\n".trim($code)."\n";
+    }
 }

src/Cors/WebsiteRootsConfigProvider.php

@@ -41,16 +41,11 @@ public function __construct(Connection $connection)
      */
     public function getOptions(Request $request)
     {
-        if (!$request->headers->has('Origin')
-            || '' === $request->headers->get('Origin')
-            || !$this->connection->isConnected()
-            || !$this->connection->getSchemaManager()->tablesExist(['tl_page'])
-        ) {
+        if (!$this->hasOrigin($request) || !$this->canRunDbQuery()) {
             return [];
         }
 
-        $stmt = $this->connection->prepare('SELECT id FROM tl_page WHERE type=:type AND dns=:dns');
-        $stmt->bindValue('type', 'root');
+        $stmt = $this->connection->prepare("SELECT id FROM tl_page WHERE type='root' AND dns=:dns");
         $stmt->bindValue('dns', preg_replace('@^https?://@', '', $request->headers->get('origin')));
         $stmt->execute();
 
@@ -64,4 +59,26 @@ public function getOptions(Request $request)
             'allow_headers' => ['x-requested-with'],
         ];
     }
+
+    /**
+     * Checks if the request has an Origin header.
+     *
+     * @param Request $request
+     *
+     * @return bool
+     */
+    private function hasOrigin(Request $request)
+    {
+        return $request->headers->has('Origin') && '' !== $request->headers->get('Origin');
+    }
+
+    /**
+     * Checks if the database connection and the table exist.
+     *
+     * @return bool
+     */
+    private function canRunDbQuery()
+    {
+        return $this->connection->isConnected() && $this->connection->getSchemaManager()->tablesExist(['tl_page']);
+    }
 }

src/EventListener/CommandSchedulerListener.php

@@ -70,6 +70,7 @@ private function canRunController()
 
         return $config->isComplete()
             && !$config->get('disableCron')
+            && $this->connection->isConnected()
             && $this->connection->getSchemaManager()->tablesExist(['tl_cron'])
         ;
     }

src/EventListener/PrettyErrorScreenListener.php

@@ -180,6 +180,8 @@ private function renderErrorScreenByType($type, GetResponseForExceptionEvent $ev
      */
     private function getResponseFromPageHandler($type)
     {
+        $this->framework->initialize();
+
         $type = 'error_'.$type;
 
         if (!isset($GLOBALS['TL_PTY'][$type]) || !class_exists($GLOBALS['TL_PTY'][$type])) {

src/Image/ImageFactoryInterface.php

@@ -24,7 +24,7 @@ interface ImageFactoryInterface
     /**
      * Creates an Image object.
      *
-     * @param string|ImageInterface                       $path       The path to the source image or an Image object
+     * @param string|ImageInterface                       $path       The absolute path to the source image or an Image object
      * @param int|array|ResizeConfigurationInterface|null $size       An image size ID, an array with width, height and
      *                                                                resize mode or a ResizeConfiguration object
      * @param string|null                                 $targetPath

src/Resources/contao/classes/DataContainer.php

@@ -646,7 +646,7 @@ protected function switchToEdit($id)
 
 		$strUrl = TL_SCRIPT . '?' . implode('&', $arrKeys);
 
-		return $strUrl . (!empty($arrKeys) ? '&' : '') . (\Input::get('table') ? 'table='.\Input::get('table').'&' : '').'act=edit&id='.$id;
+		return $strUrl . (!empty($arrKeys) ? '&' : '') . (\Input::get('table') ? 'table='.\Input::get('table').'&' : '').'act=edit&id='.rawurlencode($id);
 	}
 
 

src/Resources/contao/classes/FrontendTemplate.php

@@ -173,7 +173,7 @@ public function section($key, $template=null)
 		if ($template === null)
 		{
 			$template = 'block_section';
-			
+
 			foreach ($this->positions as $position)
 			{
 				if (isset($position[$key]['template']))
@@ -366,7 +366,7 @@ private function setCacheHeaders(Response $response)
 		/** @var $objPage \PageModel */
 		global $objPage;
 
-		if ($objPage->cache === false && $objPage->clientCache === false)
+		if (($objPage->cache === false || $objPage->cache === 0) && ($objPage->clientCache === false || $objPage->clientCache === 0))
 		{
 			return $response->setPrivate();
 		}

src/Resources/contao/classes/Versions.php

@@ -194,7 +194,7 @@ public function create()
 		}
 		elseif (!empty($objRecord->headline))
 		{
-			$chunks = deserialize($objRecord->headline);
+			$chunks = \StringUtil::deserialize($objRecord->headline);
 
 			if (is_array($chunks) && isset($chunks['value']))
 			{

src/Resources/contao/config/constants.php

@@ -10,7 +10,7 @@
 
 // Core version
 define('VERSION', '4.3');
-define('BUILD', '7');
+define('BUILD', '8');
 define('LONG_TERM_SUPPORT', false);
 
 // Link constants

src/Resources/contao/dca/tl_files.php

@@ -369,10 +369,12 @@ public function checkPermission()
 
 				case 'delete':
 					$strFile = Input::get('id', true);
+
 					if (is_dir(TL_ROOT . '/' . $strFile))
 					{
-						$files = scan(TL_ROOT . '/' . $strFile);
-						if (!empty($files) && !$canDeleteRecursive)
+						$finder = Symfony\Component\Finder\Finder::create()->in(TL_ROOT . '/' . $strFile);
+
+						if ($finder->count() > 0 && !$canDeleteRecursive)
 						{
 							throw new Contao\CoreBundle\Exception\AccessDeniedException('No permission to delete folder "' . $strFile . '" recursively.');
 						}
@@ -567,9 +569,18 @@ public function cutFile($row, $href, $label, $title, $icon, $attributes)
 	 */
 	public function deleteFile($row, $href, $label, $title, $icon, $attributes)
 	{
-		if (is_dir(TL_ROOT . '/' . $row['id']) && count(scan(TL_ROOT . '/' . $row['id'])) > 0)
+		if (is_dir(TL_ROOT . '/' . $row['id']))
 		{
-			return $this->User->hasAccess('f4', 'fop') ? '<a href="'.$this->addToUrl($href.'&amp;id='.$row['id']).'" title="'.StringUtil::specialchars($title).'"'.$attributes.'>'.Image::getHtml($icon, $label).'</a> ' : Image::getHtml(preg_replace('/\.svg$/i', '_.svg', $icon)).' ';
+			$finder = Symfony\Component\Finder\Finder::create()->in(TL_ROOT . '/' . $row['id']);
+
+			if ($finder->count() > 0)
+			{
+				return $this->User->hasAccess('f4', 'fop') ? '<a href="'.$this->addToUrl($href.'&amp;id='.$row['id']).'" title="'.StringUtil::specialchars($title).'"'.$attributes.'>'.Image::getHtml($icon, $label).'</a> ' : Image::getHtml(preg_replace('/\.svg$/i', '_.svg', $icon)).' ';
+			}
+			else
+			{
+				return $this->User->hasAccess('f3', 'fop') ? '<a href="'.$this->addToUrl($href.'&amp;id='.$row['id']).'" title="'.StringUtil::specialchars($title).'"'.$attributes.'>'.Image::getHtml($icon, $label).'</a> ' : Image::getHtml(preg_replace('/\.svg$/i', '_.svg', $icon)).' ';
+			}
 		}
 		else
 		{

src/Resources/contao/dca/tl_module.php

@@ -610,7 +610,7 @@
 			'inputType'               => 'select',
 			'options_callback'        => array('tl_module', 'getRssTemplates'),
 			'eval'                    => array('tl_class'=>'w50'),
-			'sql'                     => "varchar(32) NOT NULL default ''"
+			'sql'                     => "varchar(64) NOT NULL default ''"
 		),
 		'numberOfItems' => array
 		(

src/Resources/contao/dca/tl_templates.php

@@ -138,7 +138,7 @@
 			(
 				array('tl_templates', 'addFileLocation')
 			),
-			'eval'                    => array('mandatory'=>true, 'maxlength'=>32, 'spaceToUnderscore'=>true)
+			'eval'                    => array('mandatory'=>true, 'maxlength'=>64, 'spaceToUnderscore'=>true)
 		)
 	)
 );