From 7d460a5797b46cd5f6b8da9a1f7f2be4ed43cc97 Mon Sep 17 00:00:00 2001 From: brandonkelly Date: Tue, 14 Jan 2025 08:42:03 -0800 Subject: [PATCH 1/5] Use Db::each() --- src/services/Assets.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/services/Assets.php b/src/services/Assets.php index c51b7490960..56c919bd1f2 100644 --- a/src/services/Assets.php +++ b/src/services/Assets.php @@ -334,7 +334,7 @@ public function deleteFoldersByIds(int|array $folderIds, bool $deleteDir = true) $assetQuery = Asset::find()->folderId($allFolderIds); $elementService = Craft::$app->getElements(); - foreach ($assetQuery->each() as $asset) { + foreach (Db::each($assetQuery) as $asset) { /** @var Asset $asset */ $asset->keepFileOnDelete = !$deleteDir; $elementService->deleteElement($asset, true); From 0b32fe398cbbc6d98029589950ccec4c4d282ea8 Mon Sep 17 00:00:00 2001 From: brandonkelly Date: Tue, 14 Jan 2025 08:59:05 -0800 Subject: [PATCH 2/5] Improve securityKey docs [ci skip] --- src/config/GeneralConfig.php | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/config/GeneralConfig.php b/src/config/GeneralConfig.php index aa3ba660514..5635867e214 100644 --- a/src/config/GeneralConfig.php +++ b/src/config/GeneralConfig.php @@ -2642,12 +2642,23 @@ class GeneralConfig extends BaseConfig /** * @var string A private, random, cryptographically-secure key that is used for hashing and encrypting data in [[\craft\services\Security]]. * - * This value should be the same across all environments. If this key ever changes, any data that was encrypted with it will be inaccessible. + * ::: warning + * **Do not** share this key publicly. If exposed, it could lead to a compromised system. + * ::: + * + * In the event that the key is compromised, a new secure key can be generated with the command: + * + * ```sh + * php craft setup/security-key + * ``` + * + * Note that if the key changes, any data that is encrypted with it (e.g. user session cookies) will be inaccessible. * * ```php Static Config * ->securityKey('2cf24dba5...') * ``` * + * @see https://craftcms.com/knowledge-base/securing-craft * @group Security */ public string $securityKey = ''; @@ -6164,7 +6175,17 @@ public function sanitizeSvgUploads(bool $value = true): self /** * A private, random, cryptographically-secure key that is used for hashing and encrypting data in [[\craft\services\Security]]. * - * This value should be the same across all environments. If this key ever changes, any data that was encrypted with it will be inaccessible. + * ::: warning + * **Do not** share this key publicly. If exposed, it could lead to a compromised system. + * ::: + * + * In the event that the key is compromised, a new secure key can be generated with the command: + * + * ```sh + * php craft setup/security-key + * ``` + * + * Note that if the key changes, any data that is encrypted with it (e.g. user session cookies) will be inaccessible. * * ```php * ->securityKey('2cf24dba5...') @@ -6174,6 +6195,7 @@ public function sanitizeSvgUploads(bool $value = true): self * @param string $value * @return self * @see $securityKey + * @see https://craftcms.com/knowledge-base/securing-craft * @since 4.2.0 */ public function securityKey(string $value): self From 9a859d9b6416a4d484ae414083607669b2af77d1 Mon Sep 17 00:00:00 2001 From: brandonkelly Date: Tue, 14 Jan 2025 11:19:38 -0800 Subject: [PATCH 3/5] Fixed #16430 --- CHANGELOG.md | 1 + src/helpers/Search.php | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6150b4b88e0..9e7cba42788 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## Unreleased - Fixed a bug where the control panel could display a notice about the Craft CMS license belonging to a different domain, even when accessing the control panel from the correct domain. ([#16396](https://github.com/craftcms/cms/issues/16396)) +- Fixed a bug where Unicode special characters weren’t getting stripped out of search keywords. ([#16430](https://github.com/craftcms/cms/issues/16430)) ## 4.13.9 - 2025-01-06 diff --git a/src/helpers/Search.php b/src/helpers/Search.php index 8be33b65c5b..941046a5d00 100644 --- a/src/helpers/Search.php +++ b/src/helpers/Search.php @@ -39,6 +39,10 @@ public static function normalizeKeywords(array|string $str, array $ignore = [], // Convert non-breaking spaces entities to regular ones $str = str_replace([' ', ' ', ' '], ' ', $str); + // Get rid of Unicode special characters + // (see https://github.com/craftcms/cms/issues/16430) + $str = preg_replace('/[\x{80}-\x{10FFFF}]/u', '', $str); + // Get rid of entities $str = preg_replace('/&#?[a-z0-9]{2,8};/i', '', $str); From 6ad4e8c4fe162c5f1030c14189e93c42a3d830d1 Mon Sep 17 00:00:00 2001 From: brandonkelly Date: Tue, 14 Jan 2025 11:29:43 -0800 Subject: [PATCH 4/5] Fixed #16431 --- CHANGELOG.md | 1 + src/gql/ElementQueryConditionBuilder.php | 2 ++ 2 files changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e7cba42788..d91b6f0ea90 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - Fixed a bug where the control panel could display a notice about the Craft CMS license belonging to a different domain, even when accessing the control panel from the correct domain. ([#16396](https://github.com/craftcms/cms/issues/16396)) - Fixed a bug where Unicode special characters weren’t getting stripped out of search keywords. ([#16430](https://github.com/craftcms/cms/issues/16430)) +- Fixed an error that could occur when setting `relatedTo*` GraphQL arguments to `null`. ([#16431](https://github.com/craftcms/cms/issues/16431)) ## 4.13.9 - 2025-01-06 diff --git a/src/gql/ElementQueryConditionBuilder.php b/src/gql/ElementQueryConditionBuilder.php index 2d84cdea5ce..23be84e8ec5 100644 --- a/src/gql/ElementQueryConditionBuilder.php +++ b/src/gql/ElementQueryConditionBuilder.php @@ -221,6 +221,8 @@ private function _extractArgumentValue(Node $argumentNode): mixed $extractedValue[$fieldNode->name->value] = $this->_extractArgumentValue($fieldNode); } return $extractedValue; + case 'NullValue': + return null; default: return $argumentNodeValue->value; } From a93bea8c93b57d270d76838af3c3688d65bb954f Mon Sep 17 00:00:00 2001 From: brandonkelly Date: Tue, 14 Jan 2025 11:56:59 -0800 Subject: [PATCH 5/5] Fix tests --- src/helpers/Search.php | 8 ++++---- tests/unit/helpers/SearchHelperTest.php | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/helpers/Search.php b/src/helpers/Search.php index 941046a5d00..af67113d24f 100644 --- a/src/helpers/Search.php +++ b/src/helpers/Search.php @@ -39,10 +39,6 @@ public static function normalizeKeywords(array|string $str, array $ignore = [], // Convert non-breaking spaces entities to regular ones $str = str_replace([' ', ' ', ' '], ' ', $str); - // Get rid of Unicode special characters - // (see https://github.com/craftcms/cms/issues/16430) - $str = preg_replace('/[\x{80}-\x{10FFFF}]/u', '', $str); - // Get rid of entities $str = preg_replace('/&#?[a-z0-9]{2,8};/i', '', $str); @@ -70,6 +66,10 @@ public static function normalizeKeywords(array|string $str, array $ignore = [], } } + // Get rid of Unicode special characters + // (see https://github.com/craftcms/cms/issues/16430) + $str = preg_replace('/[\x{80}-\x{10FFFF}]/u', '', $str); + // Strip out new lines and superfluous spaces return trim(preg_replace(['/[\n\r]+/u', '/\s{2,}/u'], ' ', $str)); } diff --git a/tests/unit/helpers/SearchHelperTest.php b/tests/unit/helpers/SearchHelperTest.php index 684ea3be9f8..e88e924682e 100644 --- a/tests/unit/helpers/SearchHelperTest.php +++ b/tests/unit/helpers/SearchHelperTest.php @@ -49,7 +49,7 @@ public function normalizeKeywordsDataProviders(): array ['', ' aa;'], ['test test', 'TEST TEST'], ['', ['♠', '♣', '♥', '♦']], - ['♠ ♣ ♥ ♦', ['♠', '♣', '♥', '♦'], [], false], + ['', ['♠', '♣', '♥', '♦'], [], false], ['test', 'test '], ['', 'test', ['test']], ['test', 'test👍'],