Merge branch '5.x' into feature/asset-container-validation

CHANGELOG.md

@@ -1,5 +1,14 @@
 # Release Notes
 
+## 5.6.2 (2024-05-30)
+
+### What's fixed
+- Prevent user registration form saving `password_confirmation` [#10228](https://github.com/statamic/cms/issues/10228) by @ryanmitchell
+- Fix needing to deselect an asset to reselect when using max_files 1 [#10225](https://github.com/statamic/cms/issues/10225) by @jackmcdade
+- Allow long bard/replicator set names to wrap [#10223](https://github.com/statamic/cms/issues/10223) by @jackmcdade
+- Fix Code fieldtype not removing the overflow hidden style on body when closing Fullscreen Mode [#10221](https://github.com/statamic/cms/issues/10221) by @jackmcdade
+
+
 ## 5.6.1 (2024-05-29)
 
 ### What's fixed

resources/css/dark.css

@@ -1,7 +1,7 @@
 .prose {
     @apply dark:text-dark-150;
 
-    :where(h2), :where(h3) {
+    :where(h2), :where(h3), :where(strong) {
         &:not(:where([class~=not-prose] *)) {
             @apply dark:text-dark-100;
         }

resources/js/components/assets/Browser/Browser.vue

@@ -628,7 +628,9 @@ export default {
             const i = this.selectedAssets.indexOf(id);
             this.$refs.browser.focus()
 
-            if (i != -1) {
+            if (this.maxFiles === 1) {
+                this.selectedAssets = [id];
+            } else if (i != -1) {
                 this.selectedAssets.splice(i, 1);
             } else if (! this.reachedSelectionLimit) {
                 if ($event.shiftKey && this.lastItemClicked !== null) {

resources/js/components/terms/PublishForm.vue

@@ -112,20 +112,20 @@
 
                                 <div :class="{ 'hi': !shouldShowSidebar }">
 
-                                    <div class="p-4 flex items-center -mx-2" v-if="showLivePreviewButton || showVisitUrlButton">
+                                    <div class="p-3 flex items-center space-x-2" v-if="showLivePreviewButton || showVisitUrlButton">
                                         <button
-                                            class="flex items-center justify-center btn-flat w-full mx-2 px-2"
+                                            class="flex items-center justify-center btn w-full"
                                             v-if="showLivePreviewButton"
                                             @click="openLivePreview">
-                                            <svg-icon name="light/synchronize" class="h-4 w-4 rtl:ml-2 ltr:mr-2" />
+                                            <svg-icon name="light/synchronize" class="h-4 w-4 rtl:ml-2 ltr:mr-2 shrink-0" />
                                             <span>{{ __('Live Preview') }}</span>
                                         </button>
                                         <a
-                                            class="flex items-center justify-center btn-flat w-full mx-2 px-2"
+                                            class="flex items-center justify-center btn w-full"
                                             v-if="showVisitUrlButton"
                                             :href="permalink"
                                             target="_blank">
-                                            <svg-icon name="light/external-link" class="w-4 h-4 rtl:ml-2 ltr:mr-2" />
+                                            <svg-icon name="light/external-link" class="w-4 h-4 rtl:ml-2 ltr:mr-2 shrink-0" />
                                             <span>{{ __('Visit URL') }}</span>
                                         </a>
                                     </div>

resources/lang/da/moment.php

@@ -0,0 +1,18 @@
+<?php
+
+return [
+    'relativeTime.future' => 'om %s',
+    'relativeTime.past' => '%s siden',
+    'relativeTime.s' => 'få sekunder siden',
+    'relativeTime.ss' => '%d sekunder',
+    'relativeTime.m' => 'et minut',
+    'relativeTime.mm' => '%d minutter',
+    'relativeTime.h' => 'en time',
+    'relativeTime.hh' => '%d timer',
+    'relativeTime.d' => 'en dag',
+    'relativeTime.dd' => '%d dage',
+    'relativeTime.M' => 'en måned',
+    'relativeTime.MM' => '%d måneder',
+    'relativeTime.y' => 'et år',
+    'relativeTime.yy' => '%d år',
+];

src/Http/Requests/UserRegisterRequest.php

@@ -52,7 +52,7 @@ public function processedValues()
     {
         return $this->blueprintFields->process()->values()
             ->only(array_keys($this->submittedValues))
-            ->except(['email', 'groups', 'roles', 'super']);
+            ->except(['email', 'groups', 'roles', 'super', 'password_confirmation']);
     }
 
     public function validator()

src/Support/Html.php

@@ -219,20 +219,18 @@ public static function obfuscate($value)
     {
         $safe = '';
 
-        foreach (str_split($value) as $letter) {
-            if (ord($letter) > 128) {
-                return $letter;
-            }
+        foreach (mb_str_split($value) as $letter) {
+            $ordValue = mb_ord($letter);
 
             // To properly obfuscate the value, we will randomly convert each letter to
             // its entity or hexadecimal representation, keeping a bot from sniffing
             // the randomly obfuscated letters out of the string on the responses.
             switch (rand(1, 3)) {
                 case 1:
-                    $safe .= '&#'.ord($letter).';';
+                    $safe .= '&#'.$ordValue.';';
                     break;
                 case 2:
-                    $safe .= '&#x'.dechex(ord($letter)).';';
+                    $safe .= '&#x'.dechex($ordValue).';';
                     break;
                 case 3:
                     $safe .= $letter;

tests/Modifiers/ObfuscateTest.php

@@ -7,11 +7,35 @@
 
 class ObfuscateTest extends TestCase
 {
-    /** @test */
-    public function it_obfuscates_a_string(): void
+    /**
+     * @test
+     *
+     * @dataProvider seedProvider
+     */
+    public function it_obfuscates_strings($seed, $value, $expected)
     {
-        $modified = $this->modify('A');
-        $this->assertTrue(in_array($modified, ['A', 'A', 'A']));
+        mt_srand($seed); // make rand predictable for testing.
+
+        $this->assertEquals($expected, $this->modify($value));
+
+        srand(); // reset to not affect other tests.
+    }
+
+    public static function seedProvider()
+    {
+        return [
+            'A, case 1' => [1, 'A', 'A'],
+            'A, case 2' => [2, 'A', 'A'],
+            'A, case 3' => [5, 'A', 'A'],
+
+            'é, case 1' => [1, 'é', 'é'],
+            'é, case 2' => [2, 'é', 'é'],
+            'é, case 3' => [5, 'é', 'é'],
+
+            '🐘, case 1' => [1, '🐘', '🐘'],
+            '🐘, case 2' => [2, '🐘', '🐘'],
+            '🐘, case 3' => [5, '🐘', '🐘'],
+        ];
     }
 
     private function modify($value)

tests/Modifiers/RandomTest.php

@@ -24,10 +24,12 @@ public function it_returns_one_random_item($input): void
 
     public static function inputsProvider()
     {
+        $range = range(1, 5000);
+
         return [
-            'array' => [range('a', 'z')],
-            'collection' => [collect(range('a', 'z'))],
-            'query builder' => [Mockery::mock(Builder::class)->shouldReceive('get')->andReturn(collect(range('a', 'z')))->getMock()],
+            'array' => [$range],
+            'collection' => [collect($range)],
+            'query builder' => [Mockery::mock(Builder::class)->shouldReceive('get')->andReturn(collect($range))->getMock()],
         ];
     }
 

tests/Tags/User/RegisterFormTest.php

@@ -4,7 +4,9 @@
 
 use Statamic\Facades\Blueprint;
 use Statamic\Facades\Parse;
+use Statamic\Facades\Role;
 use Statamic\Facades\User;
+use Statamic\Facades\UserGroup;
 use Statamic\Statamic;
 use Tests\NormalizesHtml;
 use Tests\PreventSavingStacheItemsToDisk;
@@ -339,6 +341,35 @@ public function it_will_use_redirect_query_param_off_url()
         $this->assertStringContainsString($expectedErrorRedirect, $output);
     }
 
+    /** @test */
+    public function it_ensures_some_fields_arent_saved()
+    {
+        UserGroup::make('client')->title('Client')->save();
+        Role::make('admin')->title('Admin')->save();
+
+        $this->assertNull(User::findByEmail('[email protected]'));
+        $this->assertFalse(auth()->check());
+
+        $this
+            ->post('/!/auth/register', [
+                'email' => '[email protected]',
+                'password' => 'chewbacca',
+                'password_confirmation' => 'chewbacca',
+                'groups' => ['client'],
+                'roles' => ['admin'],
+                'super' => true,
+            ])
+            ->assertSessionHasNoErrors()
+            ->assertLocation('/');
+
+        $user = User::findByEmail('[email protected]');
+
+        $this->assertEquals($user->groups()->count(), 0);
+        $this->assertEquals($user->roles()->count(), 0);
+        $this->assertNull($user->get('super'));
+        $this->assertNull($user->get('password_confirmation'));
+    }
+
     private function useCustomBlueprint()
     {
         $blueprint = Blueprint::make()->setContents([