Release phpwcms v1.10.2

Merge branch 'v1.10-dev'

.gitignore

@@ -38,3 +38,15 @@ include/config.codekit3
 /include/vendor/netcarver/textile/docker/
 /include/vendor/openpsa/universalfeedcreator/.github/
 /include/vendor/openpsa/universalfeedcreator/test/
+# Required for dev only
+/include/vendor/rector
+/include/vendor/phpstan
+/include/vendor/bin/phpstan
+/include/vendor/bin/phpstan.phar
+/include/vendor/bin/rector
+/rector.php
+/include/vendor/bin
+/include/vendor/dealerdirect
+/include/vendor/phpcompatibility
+/include/vendor/phpcsstandards
+/include/vendor/squizlabs

README.md

@@ -1,15 +1,10 @@
 [![phpwcms](https://www.phpwcms.org/indeximg/phpwcms-logo.svg)](https://www.phpwcms.org)
 =========
 
-**phpwcms** is a flexible, fast, robust, customer and developer friendly
+**phpwcms** is a very flexible, fast, robust, customer and developer friendly
 but yet powerful web based content management system and cms framework running
 under PHP and MySQL/MariaDB. phpwcms is created and maintained by
-[Oliver Georgi](http://twitter.com/slackero). None of the fancy systems but working since more 
-than 20 years! Yeah!
-
-Version 1.9.38 is the legacy version of **phpwcms** (version > 1.9.36 and < 1.10).
-I will try to keep this on par as long as possible to the newest version
-of **phpwcms** v1.10+ — if you can try to upgrade existing installations.
+[Oliver Georgi](http://twitter.com/slackero).
 
 To get started, checkout [phpwcms.org](https://www.phpwcms.org) or the community driven
 [HowTo Wiki](https://wiki.phpwcms.org/) (snapshot). Most questions are yet
@@ -23,17 +18,23 @@ Stable releases can be used by cloning the repository, `git clone git://github.c
 [download the archive](https://github.com/slackero/phpwcms/releases).
 
 To start with the latest development version use `git clone -b v1.10-dev git://github.com/slackero/phpwcms.git` or
-[download the archive](https://github.com/slackero/phpwcms/archive/refs/heads/v1.10-dev.zip).
-If you have downloaded the archive instead of `git clone`, unarchive and copy the files to your web document
-root or sub folder. Link your browser to the related URL and follow the install instructions.
+[download the archive](https://github.com/slackero/phpwcms/archive/refs/heads/v1.10-php8.2-dev-mysql-timestamp.zip).
+If you have downloaded the archive instead of `git clone`, un-archive and copy the files to your web
+document root or sub folder. Link your browser to the related URL and follow the install instructions.
+
+
+Upgrade
+-------
+
+Before you upgrade your existing installation to v1.10+, please update to the latest v1.9.x release first.
+Never forget to backup your database and files before you start the upgrade process.
 
 
 Server system requirements
 --------------------------
 
-**phpwcms** version 1.9.38 requires a web server with PHP 7.4 or newer.
-and a MySQL/MariaDB database (minimum version 5.1, recommend 5.5+).
-Always check the [supported versions of PHP](https://www.php.net/supported-versions.php).
+**phpwcms** version 1.10.2 requires a web server with PHP 8.2 or newer.
+and a MySQL/MariaDB database (minimum version 5.6+ or equivalent).
 
 
 Known problems
@@ -42,22 +43,23 @@ Known problems
 Because of the project history there are several probable problems regarding the database. 
 MySQL changed the time and date related default values over the last years. Check to setup
 the related config values to connect to the database in a more compatible way. MySQL Strict
-is no good option for **phpwcms** < 1.10. But **phpwcms** has a db related
-[config setting](https://github.com/slackero/phpwcms/blob/master/include/config/dist.conf.inc.php#L25) 
-to force MySQL into a more lax mode.
+is no good option. I work on this to [solve the problems](https://github.com/slackero/phpwcms/issues/275)
+soon.
 
 
-Support an issue (bug)
-----------------------
+Bug tracker
+-----------
 
-Did you find a bug or miss something? Please create an [issue on GitHub](https://github.com/slackero/phpwcms/issues).
+Did you find a bug? Please create an **[issue here](https://github.com/slackero/phpwcms/issues)** on GitHub
+that conforms with [necolas's guidelines](https://github.com/necolas/issue-guidelines).
 
 
 Share with us
 -------------
 
-Keep up to date on announcements and more by following **phpwcms** on
-[Github](https://github.com/slackero/phpwcms).
+phpwcms is no longer active on social media. 
+Please use the [phpwcms support forum](https://forum.phpwcms.org) 
+or [Github](https://github.com/slackero/phpwcms) to share your thoughts.
 
 
 Creator
@@ -66,6 +68,7 @@ Creator
 **Oliver Georgi**
 
 - <https://github.com/slackero>
+- <https://webverbund.de>
 - <https://www.linkedin.com/in/olivergeorgi>
 - <https://twitter.com/slackero>
 

SECURITY.md

@@ -7,14 +7,15 @@ recommend to update to a current version whenever possible.
 
 On regular basis the following versions of **phpwcms** are supported:
 
-| Version   | Supported          |
-|-----------| ------------------ |
-| >= 1.9.33 | :white_check_mark: |
-| < 1.9.33  | :x:                |
+| Version      | Supported          |
+|--------------| ------------------ |
+| >= 1.10.2 | :white_check_mark: |
+| >= 1.9.38 | :white_check_mark: |
+| < 1.9.38  | :x:                |
 
 ## Reporting a Vulnerability
 
 If you find a vulnerability you can report it by email to <og@phpwcms.org>.
 
 Mostly I am ok with opening an [issue](https://github.com/slackero/phpwcms/issues)
-if the vulnerability isn't accessible in the frontend of **phpwcms**.
+if the vulnerability isn't accessible in the frontend of **phpwcms**.

composer.json

@@ -3,27 +3,39 @@
         "vendor-dir": "include/vendor",
         "preferred-install": "dist",
         "platform": {
-            "php": "7.4.0"
+            "php": "8.2.0"
         }
     },
     "require": {
-        "php": ">=7.4",
-        "algo26-matthias/idna-convert": "^v3.1.0",
+        "php": ">=8.2",
+        "algo26-matthias/idna-convert": "^v4.0.1",
         "enshrined/svg-sanitize": "^0.16.0",
-        "netcarver/textile": "v4.0.0",
+        "netcarver/textile": "v4.1.0",
         "erusev/parsedown": "^v2.0.0-beta-1",
         "erusev/parsedown-extra": "^v2.0.0-beta-1",
+        "ezyang/htmlpurifier": "^v4.17.0",
         "openpsa/universalfeedcreator": "^v1.8.5",
-        "phpmailer/phpmailer": "^v6.8.1",
-        "phpoffice/phpspreadsheet": "^1.29.0",
+        "phpmailer/phpmailer": "^v6.9.1",
+        "phpoffice/phpspreadsheet": "^1.29",
         "simplepie/simplepie": "@dev",
-        "ext-intl": "*",
         "html2text/html2text": "^4.3.1",
+        "php81_bc/strftime": "@dev",
+        "symfony/polyfill-php80": "v1.28.0",
+        "symfony/polyfill-php81": "v1.28.0",
+        "symfony/polyfill-php82": "v1.28.0",
+        "ext-intl": "*",
         "ext-gd": "*",
+        "ext-iconv": "*",
         "ext-mysqli": "*",
         "ext-mbstring": "*",
-        "symfony/polyfill-php80": "^v1.28.0",
-        "symfony/polyfill-php81": "^v1.28.0",
-        "symfony/polyfill-php82": "^v1.28.0"
+        "ext-fileinfo": "*",
+        "ext-xmlreader": "*",
+        "ext-libxml": "*",
+        "ext-dom": "*",
+        "ext-openssl": "*",
+        "ext-zip": "*",
+        "ext-ctype": "*",
+        "ext-simplexml": "*",
+        "ext-curl": "*"
     }
 }

download.php

@@ -31,7 +31,7 @@
 // try to get hash for file download
 $success    = false;
 $hash       = false;
-$countonly  = empty($_GET['countonly']) ? false : true;
+$countonly  = !empty($_GET['countonly']);
 $hash       = empty($_GET['f']) ? '' : clean_slweg($_GET['f']);
 
 if(isset($_GET['target'])) {

feeds.php

@@ -147,8 +147,8 @@
 
 }
 
-$sql .= "ar.article_aktiv=1 AND ar.article_deleted=0 AND ar.article_begin < NOW() ";
-$sql .= "AND (ar.article_end='0000-00-00 00:00:00' OR ar.article_end > NOW()) AND ar.article_nosearch=0 AND article_norss=1 AND IF(ar.article_cid=0, ";
+$sql .= "ar.article_aktiv=1 AND ar.article_deleted=0 AND (ar.article_begin IS NULL OR ar.article_begin < NOW()) ";
+$sql .= "AND (ar.article_end IS NULL OR ar.article_end > NOW()) AND ar.article_nosearch=0 AND article_norss=1 AND IF(ar.article_cid=0, ";
 $sql .= $indexpage['acat_aktiv'] && empty($indexpage['acat_regonly']) ? '1' : '0';
 $sql .= ", ac.acat_aktiv=1 AND ac.acat_trash=0 AND ac.acat_regonly=0) ";
 

filebrowser.php

@@ -539,7 +539,7 @@ function addFile(obj,text,value) {
         echo LF . ' getObjectById("addAllFilesLink").style.display = "none";';
         $confirm = str_replace('{VAL}', $current_dirname, $BL['ADD_ALL_CONFIRM']);
         if(PHPWCMS_CHARSET !== 'utf-8') {
-            $confirm = utf8_decode($confirm);
+            $confirm = mb_convert_encoding($confirm, PHPWCMS_CHARSET);
         }
         echo LF . ' if(confirm("' . $confirm . '")) tmt_winControl("self","close()");';
         echo LF . '}' . LF;
@@ -552,7 +552,7 @@ function addFile(obj,text,value) {
     $fileuploaderAllowedExtensions = '';
     if(is_string($phpwcms['allowed_upload_ext'])) {
         $fileuploaderAllowedExtensions = strtolower($phpwcms['allowed_upload_ext']);
-        if(strpos($fileuploaderAllowedExtensions, ',') !== false) {
+        if(str_contains($fileuploaderAllowedExtensions, ',')) {
             $fileuploaderAllowedExtensions = "'" . str_replace(',', "','", $fileuploaderAllowedExtensions) . "'";
         }
     } elseif(count($phpwcms['allowed_upload_ext'])) {

image_zoom.php

@@ -20,7 +20,7 @@
 if(!empty($_GET["show"]) && ($data = json_decode(base64_decode($_GET["show"]), true))) {
     $src = strip_tags($data['src']);
     $src_schema = parse_url($src);
-    if (!empty($src_schema['schema'])) {
+    if (!empty($src_schema['scheme'])) {
         $src = "img/leer.gif";
     }
     $width_height = strip_tags($data['attr']);

img/captcha.php

@@ -1,4 +1,13 @@
 <?php
+/**
+ * phpwcms content management system
+ *
+ * @author Oliver Georgi <og@phpwcms.org>
+ * @copyright Copyright (c) 2002-2024, Oliver Georgi
+ * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
+ * @link http://www.phpwcms.org
+ *
+ **/
 
 $phpwcms = array();
 require_once '../include/config/conf.inc.php';
@@ -14,7 +23,7 @@
 $spaf_char_num		= empty($_GET['length']) ? false : intval($_GET['length']);
 
 if($spaf_char_num) {
-	$spaf_obj->char_num	= $spaf_char_num > 15 ? 15 : $spaf_char_num;
+	$spaf_obj->char_num	= min($spaf_char_num, 15);
 }
 
 $spaf_obj->streamImage();

img/cmsimage.php

@@ -18,7 +18,7 @@
 
 // get segments: cmsimage.php/WIDTH[[[[xHEIGHT]xCROP]xQUALITY]xGS]/[[HASH|ID].EXT]
 // ...xGS will convert image to GrayScale
-$request_uri = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : $_SERVER['PHP_SELF'];
+$request_uri = $_SERVER['REQUEST_URI'] ?? $_SERVER['PHP_SELF'];
 
 // strip out PHPSESSNAME=...
 if(session_id() && session_name()) {
@@ -29,9 +29,9 @@
     }
 }
 
-if(strpos($request_uri, '/im/') !== false) {
+if(str_contains($request_uri, '/im/')) {
     $data = explode('/im/', $request_uri, 2);
-} elseif(strpos($request_uri, 'cmsimage.php?') === false) {
+} elseif(!str_contains($request_uri, 'cmsimage.php?')) {
     $data = explode('cmsimage.php/', $request_uri, 2);
 } else {
     $data = explode('cmsimage.php?', $request_uri, 2);
@@ -54,7 +54,7 @@
             $ext = which_ext($data[2]);
         }
 
-        if(substr($data[0], 0, 7) === 'convert') {
+        if(str_starts_with($data[0], 'convert')) {
             // get image convert function but limit to max of 5 chars
             $convert_function = substr(substr($data[0], 8), 0, 5);
 
@@ -132,7 +132,7 @@
 
             $sql   = 'SELECT f_hash, f_ext, f_svg, f_image_width, f_image_height, f_name FROM '.DB_PREPEND.'phpwcms_file WHERE ';
             $sql  .= 'f_id='.intval($hash)." AND ";
-            if(substr($phpwcms['image_library'], 0, 2) === 'gd') {
+            if(str_starts_with($phpwcms['image_library'], 'gd')) {
                 $sql .= "f_ext IN ('jpg','jpeg','png','gif','bmp', 'svg', 'webp') AND ";
             }
             $sql  .= 'f_trash=0 AND f_aktiv=1 AND '.$file_public;
@@ -163,7 +163,7 @@
 
             $sql   = 'SELECT f_hash, f_ext, f_svg, f_image_width, f_image_height, f_name FROM '.DB_PREPEND.'phpwcms_file WHERE ';
             $sql  .= 'f_hash='._dbEscape($hash)." AND ";
-            if(substr($phpwcms['image_library'], 0, 2) === 'gd') {
+            if(str_starts_with($phpwcms['image_library'], 'gd')) {
                 $sql .= "f_ext IN ('jpg', 'jpeg', 'png', 'gif', 'bmp', 'svg', 'webp') AND ";
             }
             $sql  .= 'f_trash=0 AND f_aktiv=1 AND '.$file_public;
@@ -190,7 +190,7 @@
             $attribute  = explode('x', $data[0]);
             $width      = intval($attribute[0]);
             $height     = isset($attribute[1]) ? intval($attribute[1]) : 0;
-            $crop       = isset($attribute[2]) ? $attribute[2] : 0;
+            $crop       = $attribute[2] ?? 0;
             $crop_pos   = ''; // the old behavior center,center | cc
             $grid       = 0;
             if($crop) {
@@ -224,8 +224,8 @@
                 $phpwcms['colorspace'] = 'GRAY';
             }
 
-            $value["max_width"]     = $width ? $width : '';
-            $value["max_height"]    = $height ? $height : '';
+            $value["max_width"]     = $width ?: '';
+            $value["max_height"]    = $height ?: '';
             $value['target_ext']    = $ext;
             $value['image_name']    = $hash . '.' . $ext;
             $value['thumb_name']    = md5($hash.$value["max_width"].$value["max_height"].$phpwcms['sharpen_level'].$crop.$crop_pos.$quality.$phpwcms['colorspace']);

img/random_image.php

@@ -33,7 +33,7 @@
 	if(is_dir($imgpath)) {
 		$handle = opendir( $imgpath );
 		while($file = readdir( $handle )) {
-   			if(substr($file, 0, 1) !== '.' && is_file($imgpath.$file) && preg_match('/(\.jpg|\.jpeg|\.png|\.gif)$/i', $file) )
+   			if(!str_starts_with($file, '.') && is_file($imgpath.$file) && preg_match('/(\.jpg|\.jpeg|\.png|\.gif)$/i', $file) )
 				$imgArray[] = $file;
 		}
 		closedir( $handle );

include/config/dist.conf.inc.php

@@ -13,6 +13,7 @@
 
 // database values
 $phpwcms['db_host']              = 'localhost';
+$phpwcms['db_port']              = 3306;
 $phpwcms['db_user']              = '';
 $phpwcms['db_pass']              = '';
 $phpwcms['db_table']             = '';

include/inc_act/act_export.php

@@ -15,7 +15,7 @@
 require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
 require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
 
-$action = isset($_GET['action']) ? $_GET['action'] : '';
+$action = $_GET['action'] ?? '';
 $apikey = '';
 $fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
 
@@ -101,14 +101,14 @@
 
         // First row contains column names
         foreach($export[0] as $column_title => $column) {
-            $sheet->setCellValueByColumnAndRow($column, 1, $column_title);
+            $sheet->setCellValue([$column, 1], $column_title);
         }
 
         for ($x = 1; $x < $row; $x++) {
             $current = $export[$x];
             foreach($export[0] as $column_title => $column) {
-                $column_value = isset($current[$column_title]) ? $current[$column_title] : '';
-                $sheet->setCellValueByColumnAndRow($column, $x+1, $column_value);
+                $column_value = $current[$column_title] ?? '';
+                $sheet->setCellValue([$column, $x+1], $column_value);
             }
         }
 
@@ -267,8 +267,8 @@
     $_userInfo = array();
 
     // default settings for listing selected users
-    $_userInfo['list_active'] = isset($_SESSION['list_active']) ? $_SESSION['list_active'] : 1;
-    $_userInfo['list_inactive'] = isset($_SESSION['list_inactive']) ? $_SESSION['list_inactive'] : 1;
+    $_userInfo['list_active'] = $_SESSION['list_active'] ?? 1;
+    $_userInfo['list_inactive'] = $_SESSION['list_inactive'] ?? 1;
 
     $_userInfo['where_query'] = '';
 

include/inc_act/act_file.php

@@ -91,7 +91,7 @@
 
 if(!empty($_SESSION["wcs_user_admin"])) { // If user has admin permissions
 
-    $phpwcms['trash_delete_files'] = empty($phpwcms['trash_delete_files']) ? false : true;
+    $phpwcms['trash_delete_files'] = !empty($phpwcms['trash_delete_files']);
 
     //move deleted files into final deletion directory
     if(isset($_GET['movedeletedfiles']) && intval($_GET['movedeletedfiles']) === intval($_SESSION["wcs_user_id"])) {

include/inc_act/act_formmailer.php

@@ -22,7 +22,7 @@
 $ref = $_SERVER['HTTP_REFERER'];
 $ref = str_replace('http://', '', $ref);
 $ref = str_replace('https://', '', $ref);
-if( strpos($ref, $url) === false) {
+if(!str_contains($ref, $url)) {
 	headerRedirect($phpwcms["site"].$phpwcms["root"]);
 }
 

include/inc_act/act_frontendsetup.php

@@ -36,7 +36,7 @@
 				$default = _dbGet('phpwcms_template', 'template_id, template_default', 'template_trash=0 AND template_default=1', '', '', 1);
 				_dbUpdate(
 					'phpwcms_articlecat',
-					array('acat_template' => isset($default[0]['template_id']) ? $default[0]['template_id'] : 0),
+					array('acat_template' => $default[0]['template_id'] ?? 0),
 					'acat_trash=0 AND acat_template='.$id
 				);
 			}