Merge branch 'release/4.5.7' into main

.github/ISSUE_TEMPLATE/BUG-REPORT-V5.yml

@@ -0,0 +1,60 @@
+name: Bug Report – Craft 5
+description: Report an issue or unexpected behavior pertaining to Craft 5
+title: '[5.x]: '
+labels:
+  - bug
+  - craft5
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to submit a bug report! Please fill out the fields to the best of your knowledge, so we can get to the bottom of the issue as quickly as possible.
+  - type: textarea
+    id: body
+    attributes:
+      label: What happened?
+      value: |
+        ### Description
+
+
+
+        ### Steps to reproduce
+
+        1.
+
+        ### Expected behavior
+
+
+
+        ### Actual behavior
+
+    validations:
+      required: true
+  - type: input
+    id: cmsVersion
+    attributes:
+      label: Craft CMS version
+    validations:
+      required: true
+  - type: input
+    id: phpVersion
+    attributes:
+      label: PHP version
+  - type: input
+    id: os
+    attributes:
+      label: Operating system and version
+  - type: input
+    id: db
+    attributes:
+      label: Database type and version
+  - type: input
+    id: imageDriver
+    attributes:
+      label: Image driver and version
+  - type: textarea
+    id: plugins
+    attributes:
+      label: Installed plugins and versions
+      value: |
+        -

CHANGELOG.md

@@ -1,5 +1,34 @@
 # Release Notes for Craft CMS 4
 
+## 4.5.7 - 2023-10-17
+
+- Field containers are no longer focusable unless a corresponding validation message is clicked on. ([#13782](https://github.com/craftcms/cms/issues/13782))
+- Improved element save performance.
+- Added `pgpassword` and `pwd` to the list of keywords that Craft will look for when determining whether a value is sensitive and should be redacted from logs, etc.
+- Added `craft\events\DefineCompatibleFieldTypesEvent`.
+- Added `craft\services\Fields::EVENT_DEFINE_COMPATIBLE_FIELD_TYPES`. ([#13793](https://github.com/craftcms/cms/discussions/13793))
+- Added `craft\web\assets\inputmask\InputmaskAsset`.
+- `craft\web\Request::accepts()` now supports wildcard (e.g. `application/*`). ([#13759](https://github.com/craftcms/cms/issues/13759))
+- `Craft.ElementEditor` instances are now configured with an `elementId` setting, which is kept up-to-date when a provisional draft is created. ([#13795](https://github.com/craftcms/cms/discussions/13795))
+- Added `Garnish.isPrimaryClick()`.
+- Fixed a bug where relational fields’ element selector modals weren’t always getting set to the correct site per the field’s “Relate entries from a specific site?” setting. ([#13750](https://github.com/craftcms/cms/issues/13750))
+- Fixed a bug where Dropdown fields weren’t visible when viewing revisions and other static forms. ([#13753](https://github.com/craftcms/cms/issues/13753), [craftcms/commerce#3270](https://github.com/craftcms/commerce/issues/3270))
+- Fixed a bug where the `defaultDirMode` config setting wasn’t being respected when the `storage/runtime/` and `storage/logs/` folders were created. ([#13756](https://github.com/craftcms/cms/issues/13756))
+- Fixed a bug where the “Save and continue editing” action wasn’t working on Edit User pages if they contained a Money field. ([#13760](https://github.com/craftcms/cms/issues/13760))
+- Fixed a bug where relational fields’ validation messages weren’t using the actual field name. ([#13807](https://github.com/craftcms/cms/issues/13807))
+- Fixed a bug where element editor slideouts were appearing behind element selector modals within Live Preview. ([#13798](https://github.com/craftcms/cms/issues/13798))
+- Fixed a bug where element URIs weren’t getting updated for propagated sites automatically. ([#13812](https://github.com/craftcms/cms/issues/13812))
+- Fixed a bug where dropdown input labels could overflow out of their containers. ([#13817](https://github.com/craftcms/cms/issues/13817))
+- Fixed a bug where the `transformGifs` and `transformSvgs` config settings weren’t always being respected when using `@transform` GraphQL directives. ([#13808](https://github.com/craftcms/cms/issues/13808))
+- Fixed a bug where Composer operations were sorting `require` packages differently than how Composer does it natively, when `config.sort-packages` was set to `true`. ([#13806](https://github.com/craftcms/cms/issues/13806))
+- Fixed a MySQL error that could occur when creating a Plain Text field with a high charcter limit. ([#13781](https://github.com/craftcms/cms/pull/13781))
+- Fixed a bug where entries weren’t always being treated as live for View and Preview buttons, when editing a non-primary site. ([#13746](https://github.com/craftcms/cms/issues/13746))
+- Fixed a bug where Ctrl-clicks were being treated as primary clicks in some browsers. ([#13823](https://github.com/craftcms/cms/issues/13823))
+- Fixed a bug where some language options were showing “false” hints. ([#13837](https://github.com/craftcms/cms/issues/13837))
+- Fixed a bug where Craft was tracking changes to elements when they were being resaved. ([#13761](https://github.com/craftcms/cms/issues/13761))
+- Fixed a bug where sensitive keywords weren’t getting redacted from log contexts.
+- Fixed RCE vulnerabilities.
+
 ## 4.5.6.1 - 2023-09-27
 
 - Crossdomain JavaScript resources are now loaded via a proxy action.

bootstrap/bootstrap.php

@@ -9,47 +9,68 @@
 
 use craft\helpers\App;
 use craft\helpers\ArrayHelper;
+use craft\helpers\FileHelper;
 use craft\services\Config;
 use yii\base\ErrorException;
 
 // Get the last error at the earliest opportunity, so we can catch max_input_vars errors
 // see https://stackoverflow.com/a/21601349/1688568
 $lastError = error_get_last();
 
-// Setup
+// Validate the app type
 // -----------------------------------------------------------------------------
 
-// Validate the app type
 if (!isset($appType) || ($appType !== 'web' && $appType !== 'console')) {
     throw new Exception('$appType must be set to "web" or "console".');
 }
 
-$createFolder = function($path) {
-    // Code borrowed from Io...
-    if (!is_dir($path)) {
-        $oldumask = umask(0);
-
-        if (!mkdir($path, 0755, true)) {
-            // Set a 503 response header so things like Varnish won't cache a bad page.
-            http_response_code(503);
-            exit('Tried to create a folder at ' . $path . ', but could not.' . PHP_EOL);
-        }
+// Determine the paths
+// -----------------------------------------------------------------------------
 
-        // Because setting permission with mkdir is a crapshoot.
-        chmod($path, 0755);
-        umask($oldumask);
-    }
+$findConfig = function(string $cliName, string $envName) {
+    return App::cliOption($cliName, true) ?? App::env($envName);
 };
 
-$findConfigPath = function(string $cliName, string $envName, bool $isFile = false) use ($createFolder) {
-    $path = App::cliOption($cliName, true) ?? App::env($envName);
-    if (!$path) {
-        return null;
-    }
-    if (!$isFile) {
-        $createFolder($path);
+// Set the vendor path. By default assume that it's 4 levels up from here
+$vendorPath = FileHelper::normalizePath($findConfig('--vendorPath', 'CRAFT_VENDOR_PATH') ?? dirname(__DIR__, 3));
+
+// Set the "project root" path that contains config/, storage/, etc. By default assume that it's up a level from vendor/.
+$rootPath = FileHelper::normalizePath($findConfig('--basePath', 'CRAFT_BASE_PATH') ?? dirname($vendorPath));
+
+// By default the remaining files/directories will be in the base directory
+$dotenvPath = FileHelper::normalizePath($findConfig('--dotenvPath', 'CRAFT_DOTENV_PATH') ?? "$rootPath/.env");
+$configPath = FileHelper::normalizePath($findConfig('--configPath', 'CRAFT_CONFIG_PATH') ?? "$rootPath/config");
+$contentMigrationsPath = FileHelper::normalizePath($findConfig('--contentMigrationsPath', 'CRAFT_CONTENT_MIGRATIONS_PATH') ?? "$rootPath/migrations");
+$storagePath = FileHelper::normalizePath($findConfig('--storagePath', 'CRAFT_STORAGE_PATH') ?? "$rootPath/storage");
+$templatesPath = FileHelper::normalizePath($findConfig('--templatesPath', 'CRAFT_TEMPLATES_PATH') ?? "$rootPath/templates");
+$translationsPath = FileHelper::normalizePath($findConfig('--translationsPath', 'CRAFT_TRANSLATIONS_PATH') ?? "$rootPath/translations");
+$testsPath = FileHelper::normalizePath($findConfig('--testsPath', 'CRAFT_TESTS_PATH') ?? "$rootPath/tests");
+
+// Set the environment
+// -----------------------------------------------------------------------------
+
+$environment = App::cliOption('--env', true)
+    ?? App::env('CRAFT_ENVIRONMENT')
+    ?? App::env('ENVIRONMENT')
+    ?? $_SERVER['SERVER_NAME']
+    ?? null;
+
+// Load the general config
+// -----------------------------------------------------------------------------
+
+$configService = new Config();
+$configService->env = $environment;
+$configService->configDir = $configPath;
+$configService->appDefaultsDir = dirname(__DIR__) . DIRECTORY_SEPARATOR . 'src' . DIRECTORY_SEPARATOR . 'config' . DIRECTORY_SEPARATOR . 'defaults';
+$generalConfig = $configService->getConfigFromFile('general');
+
+// Validation
+// -----------------------------------------------------------------------------
+
+$createFolder = function($path) use ($generalConfig) {
+    if (!is_dir($path)) {
+        FileHelper::createDirectory($path, $generalConfig['defaultDirMode'] ?? 0775);
     }
-    return realpath($path);
 };
 
 $ensureFolderIsReadable = function($path, $writableToo = false) {
@@ -69,31 +90,6 @@
     }
 };
 
-// Determine the paths
-// -----------------------------------------------------------------------------
-
-// Set the vendor path. By default assume that it's 4 levels up from here
-$vendorPath = $findConfigPath('--vendorPath', 'CRAFT_VENDOR_PATH') ?? dirname(__DIR__, 3);
-
-// Set the "project root" path that contains config/, storage/, etc. By default assume that it's up a level from vendor/.
-$rootPath = $findConfigPath('--basePath', 'CRAFT_BASE_PATH') ?? dirname($vendorPath);
-
-// By default the remaining files/directories will be in the base directory
-$dotenvPath = $findConfigPath('--dotenvPath', 'CRAFT_DOTENV_PATH', true) ?? "$rootPath/.env";
-$configPath = $findConfigPath('--configPath', 'CRAFT_CONFIG_PATH') ?? "$rootPath/config";
-$contentMigrationsPath = $findConfigPath('--contentMigrationsPath', 'CRAFT_CONTENT_MIGRATIONS_PATH') ?? "$rootPath/migrations";
-$storagePath = $findConfigPath('--storagePath', 'CRAFT_STORAGE_PATH') ?? "$rootPath/storage";
-$templatesPath = $findConfigPath('--templatesPath', 'CRAFT_TEMPLATES_PATH') ?? "$rootPath/templates";
-$translationsPath = $findConfigPath('--translationsPath', 'CRAFT_TRANSLATIONS_PATH') ?? "$rootPath/translations";
-$testsPath = $findConfigPath('--testsPath', 'CRAFT_TESTS_PATH') ?? "$rootPath/tests";
-
-// Set the environment
-$environment = App::cliOption('--env', true)
-    ?? App::env('CRAFT_ENVIRONMENT')
-    ?? App::env('ENVIRONMENT')
-    ?? $_SERVER['SERVER_NAME']
-    ?? null;
-
 // Validate the paths
 // -----------------------------------------------------------------------------
 
@@ -160,15 +156,6 @@
 $errorLevel = E_ALL & ~E_DEPRECATED & ~E_USER_DEPRECATED;
 error_reporting($errorLevel);
 
-// Load the general config
-// -----------------------------------------------------------------------------
-
-$configService = new Config();
-$configService->env = $environment;
-$configService->configDir = $configPath;
-$configService->appDefaultsDir = dirname(__DIR__) . DIRECTORY_SEPARATOR . 'src' . DIRECTORY_SEPARATOR . 'config' . DIRECTORY_SEPARATOR . 'defaults';
-$generalConfig = $configService->getConfigFromFile('general');
-
 // Determine if Craft is running in Dev Mode
 // -----------------------------------------------------------------------------
 

src/Craft.php

@@ -17,6 +17,7 @@
 use GuzzleHttp\Client;
 use Symfony\Component\VarDumper\Cloner\VarCloner;
 use yii\base\ExitException;
+use yii\base\InvalidConfigException;
 use yii\db\Expression;
 use yii\helpers\VarDumper;
 use yii\web\Request;
@@ -51,6 +52,10 @@ class Craft extends Yii
      */
     public static function createObject($type, array $params = [])
     {
+        if (is_array($type) && isset($type['__class']) && isset($type['class'])) {
+            throw new InvalidConfigException('`__class` and `class` cannot both be specified.');
+        }
+
         return parent::createObject($type, $params);
     }