backported selected fixes from 3.0 to 2.0.14

CHANGELOG-2.0.md

@@ -8,6 +8,16 @@ CHANGELOG - ZIKULA 2.0.x
     - Use constant time comparison in UriSigner (CVE-2019-18887).
     - Prevent argument injection in a MimeTypeGuesser (CVE-2019-18888).
 
+ - Fixes:
+    - Improved setting meta data for start page settings (#3929, #3932).
+    - Clear cache after changing active authentication methods (#3936).
+    - Prevent exception caused by modification of uninitialised extensions.
+    - Fixed invalid reference to "use compression" option in general settings form.
+    - Escape `groups` table name since it became a reserved word in MySQL 8.
+    - Improved input value checks for `yesNo` Twig filter.
+    - Dynamically determine available locales from locale api in custom locale form type.
+    - Increased amount of letters for top level domains in email address validation pattern (#3980).
+
  - Vendor updates:
     - components/bootstrap updated from 3.4.0 to 3.4.1
     - components/jquery updated from 3.3.1 to 3.4.1

src/lib/Zikula/Bundle/CoreBundle/Controller/MainController.php

@@ -63,7 +63,12 @@ public function homeAction(Request $request)
         $attributes['_controller'] = $controller;
         $subRequest = $request->duplicate(null, null, $attributes);
         list($moduleName) = explode(':', $controller);
+
+        $subRequest->attributes->set('_zkBundle', $moduleName);
         $subRequest->attributes->set('_zkModule', $moduleName);
+        // fix for #3929, #3932
+        $request->attributes->set('_zkBundle', $moduleName);
+        $request->attributes->set('_zkModule', $moduleName);
 
         return $this->kernel
             ->handle($subRequest, HttpKernelInterface::SUB_REQUEST);

src/lib/Zikula/Bundle/CoreBundle/Twig/Extension/CoreExtension.php

@@ -97,7 +97,7 @@ public function languageName($code)
      */
     public function yesNo($string)
     {
-        if ('0' != $string && '1' != $string) {
+        if (null !== $string && !in_array($string, ['', '0', '1'], true)) {
             return $string;
         }
 

src/lib/Zikula/Bundle/FormExtensionBundle/Form/Type/LocaleType.php

@@ -14,38 +14,49 @@
 use Symfony\Component\Form\AbstractType;
 use Symfony\Component\Form\Extension\Core\Type\ChoiceType;
 use Symfony\Component\OptionsResolver\OptionsResolver;
-use Zikula\Common\Translator\IdentityTranslator;
+use Zikula\Common\Translator\TranslatorInterface;
+use Zikula\Common\Translator\TranslatorTrait;
+use Zikula\SettingsModule\Api\ApiInterface\LocaleApiInterface;
 
 /**
  * Locale form type.
  */
 class LocaleType extends AbstractType
 {
+    use TranslatorTrait;
+
     /**
-     * {@inheritdoc}
+     * @var LocaleApiInterface
      */
+    protected $localeApi;
+
+    public function __construct(TranslatorInterface $translator, LocaleApiInterface $localeApi)
+    {
+        $this->setTranslator($translator);
+        $this->localeApi = $localeApi;
+    }
+
+    public function setTranslator(TranslatorInterface $translator): void
+    {
+        $this->translator = $translator;
+    }
+
     public function configureDefaultOptions(OptionsResolver $resolver)
     {
         $resolver->setDefaults([
-            'choices' => ['English' => 'en'],
+            'choices' => $this->localeApi->getSupportedLocaleNames(),
             'label' => 'Locale',
             'required' => false,
-            'placeholder' => 'All',
-            'translator' => new IdentityTranslator()
+            'placeholder' => $this->__('All'),
+            'attr' => ['class' => 'locale-switcher-block']
         ]);
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getBlockPrefix()
     {
         return 'zikula_locale';
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getParent()
     {
         return ChoiceType::class;

src/lib/Zikula/Bundle/FormExtensionBundle/Resources/config/services.yml

@@ -1,6 +1,9 @@
 services:
     zikula.form.type.locale:
         class: Zikula\Bundle\FormExtensionBundle\Form\Type\LocaleType
+        arguments:
+            - "@translator.default"
+            - "@zikula_settings_module.locale_api"
         tags:
             - { name: form.type, alias: zikula_locale }
 

src/system/ExtensionsModule/Menu/ActionsMenu.php

@@ -104,7 +104,7 @@ public function adminExtensionsMenu(FactoryInterface $factory, array $options)
                 break;
         }
 
-        if (Constant::STATE_INVALID != $extension->getState()) {
+        if (!in_array($extension->getState(), [Constant::STATE_UNINITIALISED, Constant::STATE_INVALID])) {
             $menu->addChild($this->__f('Edit %s', ['%s' => $extension->getDisplayname()]), [
                 'route' => 'zikulaextensionsmodule_module_modify',
                 'routeParameters' => ['id' => $extension->getId()],

src/system/ExtensionsModule/Resources/views/ExtensionsInterface/header.html.twig

@@ -6,7 +6,7 @@
 {% endif %}
 {% if menufirst %}{{ moduleLinks(type) }}{% endif %}
 <div class="{% if type == 'user' %}z-modtitle clearfix{% else %}z-admin-content-modtitle{% endif %}">
-    {% if image %}<img src="{{ image }}" alt="{{ title }}" class="z-floatleft" />{% endif %}
+    {% if image %}<img src="{{ image }}" alt="{{ title }}" class="pull-left" />{% endif %}
     {% if title %}<h2>{{ title }}</h2>{% endif %}
 </div>
 {% if not menufirst %}{{ moduleLinks(type) }}{% endif %}

src/system/GroupsModule/Entity/GroupEntity.php

@@ -20,7 +20,7 @@
  * Group entity class.
  *
  * @ORM\Entity(repositoryClass="Zikula\GroupsModule\Entity\Repository\GroupRepository")
- * @ORM\Table(name="groups")
+ * @ORM\Table(name="`groups`")
  */
 class GroupEntity extends EntityAccess
 {

src/system/SettingsModule/Form/Type/MainSettingsType.php

@@ -109,7 +109,7 @@ function($submittedPageTitle) {
                 'required' => false,
                 'help' => $this->translator->__('Separate with & for example:') . ' <code>foo=2&bar=5</code>'
             ])
-            ->add('useCompression', CheckboxType::class, [
+            ->add('UseCompression', CheckboxType::class, [
                 'label' => $this->translator->__('Activate compression'),
                 'required' => false
             ])

src/system/SettingsModule/Resources/views/Settings/main.html.twig

@@ -70,7 +70,7 @@
         </fieldset>
         <fieldset>
             <legend>{{ __('General settings') }}</legend>
-            {{ form_row(form.useCompression) }}
+            {{ form_row(form.UseCompression) }}
             {% if zlibEnabled is defined and not zlibEnabled %}
             <div class="col-sm-offset-3 col-sm-9">
                 <p class="alert alert-warning">{{ __('Notice: The PHP Zlib extension is not enabled on your host. This setting will not do anything in this case.') }}</p>

src/system/SettingsModule/SettingsModuleInstaller.php

@@ -132,7 +132,7 @@ public function upgrade($oldversion)
                 $newStargArgs = str_replace(',', '&', $this->getSystemVar('startargs')); // replace comma with `&`
                 $this->setSystemVar('startargs', $newStargArgs);
             case '2.9.11':
-                $this->setSystemVar('useCompression', (bool)$this->getSystemVar('useCompression'));
+                $this->setSystemVar('UseCompression', (bool)$this->getSystemVar('UseCompression'));
             case '2.9.12': // ship with Core-1.4.4
                 // reconfigure TZ settings
                 $this->setGuestTimeZone();

src/system/UsersModule/Constant.php

@@ -253,7 +253,8 @@ class Constant
 
         /**
          * The PCRE regular expression fragment used to validate e-mail address domains.
+         * Note the last part's allowed length is indeed 64 characters (based on RFC 1034), see #3980 for more information.
          */
-        const EMAIL_DOMAIN_VALIDATION_PATTERN = '(?:[^\\s\\000-\\037\\177\\(\\)<>@,;:\\\\"\\[\\]]\\.?)+\\.[a-z]{2,6}';
+        const EMAIL_DOMAIN_VALIDATION_PATTERN = '(?:[^\\s\\000-\\037\\177\\(\\)<>@,;:\\\\"\\[\\]]\\.?)+\\.[a-z]{2,64}';
     }
 }

src/system/UsersModule/Controller/ConfigController.php

@@ -102,12 +102,17 @@ public function authenticationMethodsAction(Request $request)
             if ($form->get('save')->isClicked()) {
                 $data = $form->getData();
                 if (!in_array(true, $data['authenticationMethodsStatus'])) {
-                    $data['authenticationMethodsStatus']['native_uname'] = true; // do not allow all methods to be inactive.
+                    // do not allow all methods to be inactive.
+                    $data['authenticationMethodsStatus']['native_uname'] = true;
                     $this->addFlash('info', $this->__f('All methods cannot be inactive. At least one methods must be enabled. (%m has been enabled).', ['%m' => $allMethods['native_uname']->getDisplayName()]));
                 }
                 $this->get('zikula_extensions_module.api.variable')->set(VariableApi::CONFIG, 'authenticationMethodsStatus', $data['authenticationMethodsStatus']);
                 $this->addFlash('status', $this->__('Done! Configuration updated.'));
 
+                // clear cache to reflect the updated state (#3936)
+                $this->get('zikula.cache_clearer')->clear('symfony');
+                $this->get('zikula.cache_clearer')->clear('twig');
+
                 return $this->redirectToRoute('zikulausersmodule_config_authenticationmethods');
             }
             if ($form->get('cancel')->isClicked()) {