Merge branch '3.0'

* 3.0: (33 commits) Fixed padding for lists on startpage, remove RC status 3.0.0-RC.2 Updated dependencies Fixed save voting, closes #1628 Avoid showing disabled comments, closes #1627 Fixed possible issue Fixed typo in sprintf() Fix Travis build on PHP 7.4 and some cleanups Aligned dependencies Preparing a second RC Cleanup Added missing HTTP status codes Added missing check if form is populated Fixed some HTML attributes Fixed updating URL of instance Wording Fixed counter of inactive FAQs, closes #1489 Code improvements Fixed minor issues then posting a question Fixed comments for news, closes #1623 ...
thorsten · Jan 25, 2020 · b1ebaad · b1ebaad
2 parents 54c63dc + 1165a15
commit b1ebaad
Show file tree

Hide file tree

Showing 66 changed files with 1,449 additions and 1,359 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -6,7 +6,7 @@ php:
   - '7.4'
 
 sudo: required
-dist: trusty
+dist: xenial
 group: edge
 
 env:

diff --git a/CHANGELOG b/CHANGELOG
@@ -5,7 +5,7 @@ CHANGELOG
 
 This is a log of major user-visible changes in each phpMyFAQ release.
 
-Version 3.0.0 - 2020-01-
+Version 3.0.0 - 2020-02-12
 - changed PHP requirement to PHP 7.2+ (Thorsten)
 - added PHP namespaces (Thorsten)
 - added Docker support (Adrien Estanove)

diff --git a/composer.json b/composer.json
@@ -39,7 +39,13 @@
     "monolog/monolog": "~1.",
     "abraham/twitteroauth": "^0.7.4",
     "myclabs/deep-copy": "~1.0",
-    "ext-json": "*"
+    "ext-curl": "*",
+    "ext-fileinfo": "*",
+    "ext-filter": "*",
+    "ext-gd": "*",
+    "ext-json": "*",
+    "ext-xml": "*",
+    "ext-zip": "*"
   },
   "require-dev": {
     "phpunit/phpunit": "8.*",

diff --git a/composer.lock b/composer.lock
diff --git a/phpmyfaq/nginx.conf → nginx.conf b/phpmyfaq/nginx.conf → nginx.conf
@@ -116,8 +116,10 @@ server {
             # * http://[...]/tags/<ID>/<HEADER>.htm
             rewrite tags/([0-9]+)/([^\/]+).htm(l?)$ /index.php?action=search&tagging_id=$1 last;
 
-            # rest/json API
+
+            # REST/JSON API v1
             # * http://[...]/api/<ACTION>/<LANGUAGE CODE>/<...>
+            # @deprecated These APIs will be removed in phpMyFAQ 3.1
             rewrite api/getVersion /api.php?action=getVersion last;
             rewrite api/getApiVersion /api.php?action=getApiVersion last;
             rewrite api/getCount /api.php?action=getCount last;
@@ -136,7 +138,28 @@ server {
             rewrite api/getPopularSearches/([a-z\-]+) /api.php?action=getPopularSearches&lang=$1 last;
             rewrite api/getPopularTags /api.php?action=getPopularTags last;
             rewrite api/getFAQsByTag/([a-z\-]+)/([0-9]+) /api.php?action=getFAQsByTag&lang=$1&tagId=$2 last;
-            rewrite api/login /api.php?action=login [L,QSA]
+            rewrite api/login /api.php?action=login last;
+
+            # REST API v2.0
+            # * http://[...]/api/v2.0/<ACTION>
+            rewrite api/v2.0/version                       /api.php?action=version last;
+            rewrite api/v2.0/language                      /api.php?action=language last;
+            rewrite api/v2.0/categories                    /api.php?action=categories last;
+            rewrite api/v2.0/searches/popular              /api.php?action=searches&filter=popular last;
+            rewrite api/v2.0/search                        /api.php?action=search last;
+            rewrite api/v2.0/tags                          /api.php?action=tags last;
+            rewrite api/v2.0/open-questions                /api.php?action=open-questions last;
+            rewrite api/v2.0/comments/([0-9]+)             /api.php?action=comments&recordId=$1 last;
+            rewrite api/v2.0/attachments/([0-9]+)          /api.php?action=attachments&recordId=$1 last;
+            rewrite api/v2.0/news                          /api.php?action=news last;
+            rewrite api/v2.0/login                         /api.php?action=login last;
+            rewrite api/v2.0/faqs/([0-9]+)                 /api.php?action=faqs&categoryId=$1 last;
+            rewrite api/v2.0/faqs/popular                  /api.php?action=faqs&filter=popular last;
+            rewrite api/v2.0/faqs/latest                   /api.php?action=faqs&filter=latest last;
+            rewrite api/v2.0/faqs/sticky                   /api.php?action=faqs&filter=sticky last;
+            rewrite api/v2.0/faqs/tags/([0-9]+)            /api.php?action=faqs&tagId=$1 last;
+            rewrite api/v2.0/faqs                          /api.php?action=faqs last;
+            rewrite api/v2.0/faq/([0-9]+)/([0-9]+)         /api.php?action=faq&categoryId=$1&recordId=$2 last;
 
             break;
         }

diff --git a/package.json b/package.json
@@ -55,8 +55,8 @@
   },
   "husky": {
     "hooks": {
-      "pre-commit": "composer lint && composer test && pretty-quick --staged",
-      "pre-push": "composer lint && composer test && pretty-quick --staged"
+      "pre-commit": "composer lint && composer validate && composer test && pretty-quick --staged",
+      "pre-push": "composer lint && composer validate && composer test && pretty-quick --staged"
     }
   }
 }
diff --git a/phpmyfaq/.htaccess b/phpmyfaq/.htaccess
@@ -169,9 +169,6 @@ RewriteRule api/v2.0/faqs/tags/([0-9]+)            api.php?action=faqs&tagId=$1
 RewriteRule api/v2.0/faqs                          api.php?action=faqs [L,QSA]
 RewriteRule api/v2.0/faq/([0-9]+)/([0-9]+)         api.php?action=faq&categoryId=$1&recordId=$2 [L,QSA]
 
-# not implemented yet
-#RewriteRule api/v2.0/faq/([0-9]+)/([0-9]+)         api.php?action=faq&categoryId=$1&recordId=$2&filter=pdf [L,QSA]
-
 # REST API v2.1 - not implemented yet
 # * http://[...]/api/v2.1/<ACTION>
 RewriteRule api/v2.1/register                      api.php?action=register [L,QSA]
diff --git a/phpmyfaq/admin/ajax.attachment.php b/phpmyfaq/admin/ajax.attachment.php
@@ -56,7 +56,7 @@
         case 'upload':
 
             if (!isset($_FILES['filesToUpload'])) {
-                $http->sendStatus(400);
+                $http->setStatus(400);
                 return;
             }
 
@@ -86,7 +86,7 @@
                         'faqLanguage' => $recordLang
                     ];
                 } else {
-                    $http->sendStatus(400);
+                    $http->setStatus(400);
                     $http->sendJsonWithHeaders('The image is too large.');
                     return;
                 }

diff --git a/phpmyfaq/admin/ajax.autosave.php b/phpmyfaq/admin/ajax.autosave.php
@@ -46,12 +46,13 @@
     $dateStart = Filter::filterInput(INPUT_POST, 'dateStart', FILTER_SANITIZE_STRING);
     $dateEnd = Filter::filterInput(INPUT_POST, 'dateEnd', FILTER_SANITIZE_STRING);
     $question = Filter::filterInput(INPUT_POST, 'question', FILTER_SANITIZE_STRING);
-    $categories = Filter::filterInputArray(INPUT_POST, array(
-        'rubrik' => array(
+    $categories = Filter::filterInputArray(INPUT_POST, [
+        'rubrik' => [
             'filter' => FILTER_VALIDATE_INT,
             'flags' => FILTER_REQUIRE_ARRAY,
-        )
-    ));
+        ]
+    ]
+    );
     $record_lang = Filter::filterInput(INPUT_POST, 'lang', FILTER_SANITIZE_STRING);
     $tags = Filter::filterInput(INPUT_POST, 'tags', FILTER_SANITIZE_STRING);
     $active = Filter::filterInput(INPUT_POST, 'active', FILTER_SANITIZE_STRING);
@@ -83,7 +84,7 @@
             $categories['rubrik'] = [];
         }
 
-        $recordData = array(
+        $recordData = [
             'id' => $record_id,
             'lang' => $record_lang,
             'revision_id' => $revision_id,
@@ -95,12 +96,12 @@
             'author' => $author,
             'email' => $email,
             'comment' => (!is_null($comment) ? 'y' : 'n'),
-            'date' => empty($date) ? date('YmdHis') : str_replace(array('-', ':', ' '), '', $date),
+            'date' => empty($date) ? date('YmdHis') : str_replace(['-', ':', ' '], '', $date),
             'dateStart' => (empty($dateStart) ? '00000000000000' : str_replace('-', '', $dateStart) . '000000'),
             'dateEnd' => (empty($dateEnd) ? '99991231235959' : str_replace('-', '', $dateEnd) . '235959'),
             'linkState' => '',
             'linkDateCheck' => 0,
-        );
+        ];
 
         if ('saveentry' == $do || $record_id) {
             /* Create a revision anyway, it's autosaving */
@@ -132,7 +133,7 @@
             $faq->addPermission('user', $record_id, $restricted_users);
             $category->deletePermission('user', $categories['rubrik']);
             $category->addPermission('user', $categories['rubrik'], $restricted_users);
-            if ($faqConfig->get('security.permLevel') != 'basic') {
+            if ($faqConfig->get('security.permLevel') !== 'basic') {
                 $faq->deletePermission('group', $record_id);
                 $faq->addPermission('group', $record_id, $restricted_groups);
                 $category->deletePermission('group', $categories['rubrik']);
@@ -158,7 +159,7 @@
                 $faq->addPermission('user', $record_id, $restricted_users);
                 $category->addPermission('user', $categories['rubrik'], $restricted_users);
 
-                if ($faqConfig->get('security.permLevel') != 'basic') {
+                if ($faqConfig->get('security.permLevel') !== 'basic') {
                     $faq->addPermission('group', $record_id, $restricted_groups);
                     $category->addPermission('group', $categories['rubrik'], $restricted_groups);
                 }
@@ -174,6 +175,6 @@
         $http->sendJsonWithHeaders($out);
     }
 } else {
-    $http->sendStatus(401);
+    $http->setStatus(401);
     $http->sendJsonWithHeaders(['msg' => 'Missing article rights']);
 }
diff --git a/phpmyfaq/admin/ajax.comment.php b/phpmyfaq/admin/ajax.comment.php
@@ -58,6 +58,6 @@
 
     $http->sendWithHeaders($success);
 } else {
-    $http->sendStatus(401);
+    $http->setStatus(401);
     $http->sendWithHeaders(false);
 }
diff --git a/phpmyfaq/admin/ajax.config.php b/phpmyfaq/admin/ajax.config.php
@@ -17,15 +17,15 @@
  */
 
 use phpMyFAQ\Database;
+use phpMyFAQ\Entity\MetaEntity as MetaEntity;
 use phpMyFAQ\Filter;
 use phpMyFAQ\Helper\HttpHelper;
 use phpMyFAQ\Instance;
 use phpMyFAQ\Instance\Client;
 use phpMyFAQ\Instance\Setup;
-use phpMyFAQ\Stopwords;
 use phpMyFAQ\Language;
 use phpMyFAQ\Meta;
-use phpMyFAQ\Entity\MetaEntity as MetaEntity;
+use phpMyFAQ\Stopwords;
 use phpMyFAQ\User;
 
 if (!defined('IS_VALID_PHPMYFAQ')) {
@@ -44,9 +44,9 @@
 $stopwords = new Stopwords($faqConfig);
 
 switch ($ajaxAction) {
-
     case 'add_instance':
         if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) {
+            $http->setStatus(400);
             $http->sendJsonWithHeaders(['error' => $PMF_LANG['err_NotAuth']]);
             exit(1);
         }
@@ -58,8 +58,14 @@
         $admin = Filter::filterInput(INPUT_GET, 'admin', FILTER_SANITIZE_STRING);
         $password = Filter::filterInput(INPUT_GET, 'password', FILTER_SANITIZE_STRING);
 
+        if (empty($url) || empty($instance) || empty($comment) || empty($email) || empty($admin) || empty($password)) {
+            $http->setStatus(400);
+            $http->sendJsonWithHeaders(['error' => 'Cannot create instance.']);
+            exit(1);
+        }
+
         $data = [
-            'url' => 'http://'.$url.'.'.$_SERVER['SERVER_NAME'],
+            'url' => 'http://' . $url . '.' . $_SERVER['SERVER_NAME'],
             'instance' => $instance,
             'comment' => $comment,
         ];
@@ -74,11 +80,14 @@
         $hostname = $urlParts['host'];
 
         if ($faqInstanceClient->createClientFolder($hostname)) {
-            $clientDir = PMF_ROOT_DIR.'/multisite/'.$hostname;
+            $clientDir = PMF_ROOT_DIR . '/multisite/' . $hostname;
             $clientSetup = new Setup();
             $clientSetup->setRootDir($clientDir);
 
-            $faqInstanceClient->copyConstantsFile($clientDir.'/constants.php');
+            try {
+                $faqInstanceClient->copyConstantsFile($clientDir . '/constants.php');
+            } catch (\phpMyFAQ\Exception $e) {
+            }
 
             $dbSetup = [
                 'dbServer' => $DB['server'],
@@ -90,7 +99,7 @@
             ];
             $clientSetup->createDatabaseFile($dbSetup, '');
 
-            $faqInstanceClient->setClientUrl('http://'.$hostname);
+            $faqInstanceClient->setClientUrl('http://' . $hostname);
             $faqInstanceClient->createClientTables($dbSetup['dbPrefix']);
 
             Database::setTablePrefix($dbSetup['dbPrefix']);
@@ -111,26 +120,32 @@
             Database::setTablePrefix($DB['prefix']);
         } else {
             $faqInstance->removeInstance($instanceId);
+            $http->setStatus(400);
             $payload = ['error' => 'Cannot create instance.'];
         }
         if (0 !== $instanceId) {
+            $http->setStatus(200);
             $payload = ['added' => $instanceId, 'url' => $data['url']];
         } else {
+            $http->setStatus(400);
             $payload = ['error' => $instanceId];
         }
         $http->sendJsonWithHeaders($payload);
         break;
 
     case 'delete_instance':
         if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) {
+            $http->setStatus(400);
             $http->sendJsonWithHeaders(['error' => $PMF_LANG['err_NotAuth']]);
             exit(1);
         }
         if (null !== $instanceId) {
             $faqInstance = new Instance($faqConfig);
             if (1 !== $instanceId && $faqInstance->removeInstance($instanceId)) {
+                $http->setStatus(200);
                 $payload = ['deleted' => $instanceId];
             } else {
+                $http->setStatus(400);
                 $payload = ['error' => $instanceId];
             }
             $http->sendJsonWithHeaders($payload);
@@ -141,8 +156,10 @@
         if (null !== $instanceId) {
             $faqInstance = new Instance($faqConfig);
             if ($faqInstance->removeInstance($instanceId)) {
+                $http->setStatus(200);
                 $payload = ['deleted' => $instanceId];
             } else {
+                $http->setStatus(400);
                 $payload = ['error' => $instanceId];
             }
             $http->sendJsonWithHeaders($payload);