From 1b24fbdfdecf943e7b6999ff6374935a03726a7c Mon Sep 17 00:00:00 2001 From: Iwona Just Date: Tue, 19 Nov 2024 11:42:17 +0000 Subject: [PATCH 1/4] check if options passed to resave/all are supported by subcommands --- src/console/controllers/ResaveController.php | 78 ++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/src/console/controllers/ResaveController.php b/src/console/controllers/ResaveController.php index 2f8c69f6d60..18365a03dec 100644 --- a/src/console/controllers/ResaveController.php +++ b/src/console/controllers/ResaveController.php @@ -373,9 +373,47 @@ public function actionAll(): int array_push($actions, ...array_keys($this->actions())); $params = $this->getPassedOptionValues(); + $actionsToSkip = []; + // check if all actions support all the params + foreach ($actions as $key => $id) { + if (!$this->doesActionSupportsAllOptions($id, $params)) { + $actionsToSkip[] = $id; + unset($actions[$key]); + } + } + + $proceed = true; + // ask for confirmation + if ($this->interactive && !empty($actionsToSkip)) { + $this->output('Following commands, don’t support all the provided parameters:', Console::FG_YELLOW); + foreach ($actionsToSkip as $id) { + $invalidParams = array_map( + fn($param) => '--' . StringHelper::toKebabCase($param), + $this->getUnsupportedParams($id, $params) + ); + $count = count($invalidParams); + $invalidParams = implode(', ', $invalidParams); + Console::indent(); + $this->output( + $this->markdownToAnsi( + "- `resave/$id` action doesn’t support `$invalidParams` option" . ($count > 1 ? 's.' : '.') + ) + ); + Console::outdent(); + } + $this->output(); + $proceed = $this->confirm('Do you want to run all other actions?'); + } + + if (!$proceed) { + return ExitCode::OK; + } + + // run the actions which support all the params foreach ($actions as $id) { try { + $this->output(); $this->do("Running `resave/$id`", function() use ($id, $params) { $this->output(); Console::indent(); @@ -805,4 +843,44 @@ private function _resaveElements(ElementQueryInterface $query): int $this->output(); return $fail ? ExitCode::UNSPECIFIED_ERROR : ExitCode::OK; } + + /** + * Returns whether all options passed to an action are supported. + * Used by resave/all command. + * + * @param string $actionId + * @param array $params + * @return bool + */ + private function doesActionSupportsAllOptions(string $actionId, array $params): bool + { + $options = $this->options($actionId); + foreach ($params as $param => $value) { + if (!in_array($param, $options)) { + return false; + } + } + + return true; + } + + /** + * Returns an array of options that are not supported by the action. + * + * @param string $actionId + * @param array $params + * @return array + */ + private function getUnsupportedParams(string $actionId, array $params): array + { + $unsupportedParams = []; + $options = $this->options($actionId); + foreach ($params as $param => $value) { + if (!in_array($param, $options)) { + $unsupportedParams[] = $param; + } + } + + return $unsupportedParams; + } } From 499eed1e30896c7f2cab46f5280138714508da04 Mon Sep 17 00:00:00 2001 From: Iwona Just Date: Tue, 19 Nov 2024 11:51:30 +0000 Subject: [PATCH 2/4] consistent wording --- src/console/controllers/ResaveController.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/console/controllers/ResaveController.php b/src/console/controllers/ResaveController.php index 18365a03dec..6d188c51c3d 100644 --- a/src/console/controllers/ResaveController.php +++ b/src/console/controllers/ResaveController.php @@ -386,11 +386,11 @@ public function actionAll(): int $proceed = true; // ask for confirmation if ($this->interactive && !empty($actionsToSkip)) { - $this->output('Following commands, don’t support all the provided parameters:', Console::FG_YELLOW); + $this->output('Following commands, don’t support all the provided options:', Console::FG_YELLOW); foreach ($actionsToSkip as $id) { $invalidParams = array_map( fn($param) => '--' . StringHelper::toKebabCase($param), - $this->getUnsupportedParams($id, $params) + $this->getUnsupportedOptions($id, $params) ); $count = count($invalidParams); $invalidParams = implode(', ', $invalidParams); @@ -871,7 +871,7 @@ private function doesActionSupportsAllOptions(string $actionId, array $params): * @param array $params * @return array */ - private function getUnsupportedParams(string $actionId, array $params): array + private function getUnsupportedOptions(string $actionId, array $params): array { $unsupportedParams = []; $options = $this->options($actionId); From 400c740eb41bde9283f531b5d03a708e8553c194 Mon Sep 17 00:00:00 2001 From: brandonkelly Date: Tue, 19 Nov 2024 08:51:25 -0800 Subject: [PATCH 3/4] CLI output cleanup --- src/console/controllers/ResaveController.php | 32 ++++++++------------ 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/src/console/controllers/ResaveController.php b/src/console/controllers/ResaveController.php index 6d188c51c3d..a41c9fc6cd4 100644 --- a/src/console/controllers/ResaveController.php +++ b/src/console/controllers/ResaveController.php @@ -23,6 +23,7 @@ use craft\events\MultiElementActionEvent; use craft\helpers\Console; use craft\helpers\ElementHelper; +use craft\helpers\Inflector; use craft\helpers\Queue; use craft\helpers\StringHelper; use craft\models\CategoryGroup; @@ -383,31 +384,24 @@ public function actionAll(): int } } - $proceed = true; // ask for confirmation if ($this->interactive && !empty($actionsToSkip)) { - $this->output('Following commands, don’t support all the provided options:', Console::FG_YELLOW); + $this->output('The following commands don’t support the provided options, and will be skipped:', Console::FG_YELLOW); foreach ($actionsToSkip as $id) { $invalidParams = array_map( - fn($param) => '--' . StringHelper::toKebabCase($param), + fn($param) => sprintf('`--%s`', StringHelper::toKebabCase($param)), $this->getUnsupportedOptions($id, $params) ); - $count = count($invalidParams); - $invalidParams = implode(', ', $invalidParams); - Console::indent(); - $this->output( - $this->markdownToAnsi( - "- `resave/$id` action doesn’t support `$invalidParams` option" . ($count > 1 ? 's.' : '.') - ) - ); - Console::outdent(); + $this->output(' ' . $this->markdownToAnsi(sprintf( + '- `resave/%s` doesn’t support %s', + $id, + Inflector::sentence($invalidParams) + ))); + } + Console::outdent(); + if (!$this->confirm('Continue?', true)) { + return ExitCode::OK; } - $this->output(); - $proceed = $this->confirm('Do you want to run all other actions?'); - } - - if (!$proceed) { - return ExitCode::OK; } // run the actions which support all the params @@ -415,7 +409,6 @@ public function actionAll(): int try { $this->output(); $this->do("Running `resave/$id`", function() use ($id, $params) { - $this->output(); Console::indent(); try { $this->runAction($id, $params); @@ -840,7 +833,6 @@ private function _resaveElements(ElementQueryInterface $query): int $label = isset($this->propagateTo) ? 'propagating' : 'resaving'; $this->output("Done $label $elementsText.", Console::FG_YELLOW); - $this->output(); return $fail ? ExitCode::UNSPECIFIED_ERROR : ExitCode::OK; } From 862109e1f8cc077e50af1ee3adaf340632673b67 Mon Sep 17 00:00:00 2001 From: brandonkelly Date: Tue, 19 Nov 2024 08:51:46 -0800 Subject: [PATCH 4/4] Release note [ci skip] --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index eedc9d1840e..9bcaf1a4844 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - Fixed an error that could occur if an invalid folder ID was passed to `craft\services\Assets::deleteFoldersByIds()`. ([#16147](https://github.com/craftcms/cms/pull/16147)) - Fixed a SQL error that occurred when creating a new Single section. ([#16145](https://github.com/craftcms/cms/issues/16145)) +- Fixed an error that occurred when running the `resave/all` command, if any of the options passed weren’t supported by other `resave/*` commands. ([#16148](https://github.com/craftcms/cms/pull/16148)) - Fixed an RCE vulnerability. ## 5.5.1.1 - 2024-11-18