Merge branch '3.2' into 'main'

CHANGELOG.md

@@ -37,6 +37,8 @@ This is a log of major user-visible changes in each phpMyFAQ release.
 - updated bundled dependencies (Thorsten)
 - fixed minor bugs (Thorsten)
 
+### phpMyFAQ v3.2.6 - unreleased
+
 ### phpMyFAQ v3.2.5 - 2024-02-05
 
 - fixed multiple security vulnerabilities (Thorsten)

phpmyfaq/admin/user.php

@@ -598,6 +598,11 @@ class="form-check-input permission">
                     <td class="text-center">
                         <i class="fa <?= $user->getUserData('is_visible') ? 'bi-person-fill' : 'bi-person' ?>"></i>
                     </td>
+                    <td>
+                        <a href="mailto:<?= Strings::htmlentities($user->getUserData('email')) ?>">
+                            <?= Strings::htmlentities($user->getUserData('email')) ?>
+                        </a>
+                    </td>
 
                     <td>
                         <a href="?action=user&amp;user_id=<?= $user->getUserData('user_id') ?>"

phpmyfaq/news.php

@@ -24,6 +24,7 @@
 use phpMyFAQ\Entity\CommentType;
 use phpMyFAQ\Filter;
 use phpMyFAQ\Glossary;
+use phpMyFAQ\Helper\FaqHelper;
 use phpMyFAQ\News;
 use phpMyFAQ\Session\Token;
 use phpMyFAQ\Strings;
@@ -65,6 +66,9 @@
 $newsContent = $oGlossary->insertItemsIntoContent($newsContent ?? '');
 $newsHeader = $oGlossary->insertItemsIntoContent($newsHeader ?? '');
 
+$helper = new FaqHelper($faqConfig);
+$newsContent = $helper->cleanUpContent($newsContent);
+
 // Add an information link if existing
 if (strlen((string) $news['link']) > 0) {
     $newsContent .= sprintf(

phpmyfaq/src/phpMyFAQ/Attachment/File.php

@@ -107,7 +107,7 @@ public function save($filePath, $filename = null): bool
             $targetFile = $this->buildFilePath();
 
             if (null !== $this->id && $this->createSubDirs($targetFile)) {
-                // Doing this check we're sure not to unnecessary
+                // Doing this check, we're sure not to unnecessarily
                 // overwrite existing unencrypted file duplicates.
                 if (!$this->linkedRecords()) {
                     $vanillaFile = new VanillaFile($filePath);

phpmyfaq/src/phpMyFAQ/Category/CategoryImage.php

@@ -98,18 +98,19 @@ private function getFileExtension(string $mimeType): string
         $mapping = [
             'image/gif' => 'gif',
             'image/jpeg' => 'jpg',
-            'image/png' => 'png'
+            'image/png' => 'png',
+            'image/webp' => 'webp',
         ];
 
-        return $mapping[$mimeType] ?? '';
+        return $mapping[$mimeType] ?? 'png';
     }
 
     /**
      * Checks for valid image MIME types, returns true if valid
      */
     private function isValidMimeType(string $file): bool
     {
-        $types = ['image/jpeg','image/gif','image/png'];
+        $types = ['image/jpeg','image/gif','image/png', 'image/webp'];
         $type = mime_content_type($file);
 
         return in_array($type, $types);

phpmyfaq/src/phpMyFAQ/Controller/Administration/ConfigurationTabController.php

@@ -46,8 +46,6 @@ public function list(Request $request): Response
     {
         $this->userHasPermission(PermissionType::CONFIGURATION_EDIT);
 
-        $configuration = Configuration::getConfigurationInstance();
-
         $mode = $request->get('mode');
 
         $configurationList = Translation::getConfigurationItems($mode);
@@ -57,7 +55,7 @@ public function list(Request $request): Response
             [
                 'mode' => $mode,
                 'configurationList' => $configurationList,
-                'configurationData' => $configuration->getAll(),
+                'configurationData' => $this->configuration->getAll(),
                 'specialCases' => [
                     'ldapSupport' => extension_loaded('ldap'),
                     'useSslForLogins' => Request::createFromGlobals()->isSecure(),
@@ -76,12 +74,9 @@ public function save(Request $request): JsonResponse
     {
         $this->userHasPermission(PermissionType::CONFIGURATION_EDIT);
 
-        $configuration = Configuration::getConfigurationInstance();
-        $jsonResponse = new JsonResponse();
-
         $csrfToken = $request->get('pmf-csrf-token');
         $configurationData = $request->get('edit');
-        $oldConfigurationData = $configuration->getAll();
+        $oldConfigurationData = $this->configuration->getAll();
 
         if (!Token::getInstance()->verifyToken('configuration', $csrfToken)) {
             return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED);
@@ -106,6 +101,14 @@ public function save(Request $request): JsonResponse
                 unset($configurationData['main.currentVersion']); // don't update the version number
             }
 
+            if (isset($configurationData['records.attachmentsPath'])) {
+                $configurationData['records.attachmentsPath'] = str_replace(
+                    '../',
+                    '',
+                    $configurationData['records.attachmentsPath']
+                );
+            }
+
             if (
                 isset($configurationData['main.referenceURL']) &&
                 is_null(Filter::filterVar($configurationData['main.referenceURL'], FILTER_VALIDATE_URL))
@@ -140,7 +143,7 @@ public function save(Request $request): JsonResponse
                 }
             }
 
-            $configuration->update($newConfigValues);
+            $this->configuration->update($newConfigValues);
 
             return $this->json(['success' => Translation::get('ad_config_saved')], Response::HTTP_OK);
         }
@@ -154,7 +157,6 @@ public function translations(): Response
     {
         $this->userIsAuthenticated();
 
-        $configuration = Configuration::getConfigurationInstance();
         $response = new Response();
 
         $languages = LanguageHelper::getAvailableLanguages();
@@ -163,7 +165,7 @@ public function translations(): Response
                 str_replace(
                     [ 'language_', '.php', ],
                     '',
-                    (string) $configuration->get('main.language')
+                    (string) $this->configuration->get('main.language')
                 ),
                 false,
                 true

phpmyfaq/src/phpMyFAQ/Faq.php

@@ -950,13 +950,13 @@ public function create(FaqEntity $faqEntity): int
             $this->configuration->getDb()->escape($faqEntity->getQuestion()),
             $this->configuration->getDb()->escape($faqEntity->getAnswer()),
             $this->configuration->getDb()->escape($faqEntity->getAuthor()),
-            $faqEntity->getEmail(),
+            $this->configuration->getDb()->escape($faqEntity->getEmail()),
             $faqEntity->isComment() ? 'y' : 'n',
             $faqEntity->getUpdatedDate()->format('YmdHis'),
             '00000000000000',
             '99991231235959',
             date('Y-m-d H:i:s'),
-            $faqEntity->getNotes()
+            $this->configuration->getDb()->escape($faqEntity->getNotes())
         );
 
         $this->configuration->getDb()->query($query);
@@ -1017,14 +1017,14 @@ public function update(FaqEntity $faqEntity): bool
             $this->configuration->getDb()->escape($faqEntity->getQuestion()),
             $this->configuration->getDb()->escape($faqEntity->getAnswer()),
             $this->configuration->getDb()->escape($faqEntity->getAuthor()),
-            $faqEntity->getEmail(),
+            $this->configuration->getDb()->escape($faqEntity->getEmail()),
             $faqEntity->isComment() ? 'y' : 'n',
             $faqEntity->getUpdatedDate()->format('YmdHis'),
             $faqEntity->getValidFrom()->format('YmdHis'),
             $faqEntity->getValidTo()->format('YmdHis'),
-            $faqEntity->getNotes(),
+            $this->configuration->getDb()->escape($faqEntity->getNotes()),
             $faqEntity->getId(),
-            $faqEntity->getLanguage()
+            $this->configuration->getDb()->escape($faqEntity->getLanguage())
         );
 
         return (bool) $this->configuration->getDb()->query($query);