Merge branch 'release/1.7.33'

CHANGELOG.md

@@ -1,3 +1,13 @@
+# v1.7.33
+## 04/25/2022
+
+1. [](#improved)
+    * When saving yaml and markdown, create also a cached version of the file and recompile it in opcache
+2. [](#bugfix)
+    * Fixed missing changes in **yaml** & **markdown** files if saved multiple times during the same second because of a caching issue
+    * Fixed XSS check not detecting onX events without quotes
+    * Fixed default collection ordering in pages admin
+
 # v1.7.32
 ## 03/28/2022
 

system/defines.php

@@ -9,7 +9,7 @@
 
 // Some standard defines
 define('GRAV', true);
-define('GRAV_VERSION', '1.7.32');
+define('GRAV_VERSION', '1.7.33');
 define('GRAV_SCHEMA', '1.7.0_2020-11-20_1');
 define('GRAV_TESTING', false);
 

system/src/Grav/Common/File/CompiledFile.php

@@ -10,6 +10,8 @@
 namespace Grav\Common\File;
 
 use Exception;
+use Grav\Common\Debugger;
+use Grav\Common\Grav;
 use Grav\Common\Utils;
 use RocketTheme\Toolbox\File\PhpFile;
 use RuntimeException;
@@ -32,9 +34,10 @@ trait CompiledFile
     public function content($var = null)
     {
         try {
+            $filename = $this->filename;
             // If nothing has been loaded, attempt to get pre-compiled version of the file first.
             if ($var === null && $this->raw === null && $this->content === null) {
-                $key = md5($this->filename);
+                $key = md5($filename);
                 $file = PhpFile::instance(CACHE_DIR . "compiled/files/{$key}{$this->extension}.php");
 
                 $modified = $this->modified();
@@ -48,39 +51,49 @@ public function content($var = null)
 
                 $class = get_class($this);
 
+                $size = filesize($filename);
                 $cache = $file->exists() ? $file->content() : null;
 
                 // Load real file if cache isn't up to date (or is invalid).
                 if (!isset($cache['@class'])
                     || $cache['@class'] !== $class
                     || $cache['modified'] !== $modified
-                    || $cache['filename'] !== $this->filename
+                    || ($cache['size'] ?? null) !== $size
+                    || $cache['filename'] !== $filename
                 ) {
                     // Attempt to lock the file for writing.
                     try {
-                        $file->lock(false);
+                        $locked = $file->lock(false);
                     } catch (Exception $e) {
-                        // Another process has locked the file; we will check this in a bit.
+                        $locked = false;
+
+                        /** @var Debugger $debugger */
+                        $debugger = Grav::instance()['debugger'];
+                        $debugger->addMessage(sprintf('%s(): Cannot obtain a lock for compiling cache file for %s: %s', __METHOD__, $this->filename, $e->getMessage()), 'warning');
                     }
 
                     // Decode RAW file into compiled array.
                     $data = (array)$this->decode($this->raw());
                     $cache = [
                         '@class' => $class,
-                        'filename' => $this->filename,
+                        'filename' => $filename,
                         'modified' => $modified,
+                        'size' => $size,
                         'data' => $data
                     ];
 
                     // If compiled file wasn't already locked by another process, save it.
-                    if ($file->locked() !== false) {
+                    if ($locked) {
                         $file->save($cache);
                         $file->unlock();
 
                         // Compile cached file into bytecode cache
-                        if (function_exists('opcache_invalidate')) {
+                        if (function_exists('opcache_invalidate') && filter_var(ini_get('opcache.enable'), \FILTER_VALIDATE_BOOLEAN)) {
+                            $lockName = $file->filename();
+
                             // Silence error if function exists, but is restricted.
-                            @opcache_invalidate($file->filename(), true);
+                            @opcache_invalidate($lockName, true);
+                            @opcache_compile_file($lockName);
                         }
                     }
                 }
@@ -89,12 +102,64 @@ public function content($var = null)
                 $this->content = $cache['data'];
             }
         } catch (Exception $e) {
-            throw new RuntimeException(sprintf('Failed to read %s: %s', Utils::basename($this->filename), $e->getMessage()), 500, $e);
+            throw new RuntimeException(sprintf('Failed to read %s: %s', Utils::basename($filename), $e->getMessage()), 500, $e);
         }
 
         return parent::content($var);
     }
 
+    /**
+     * Save file.
+     *
+     * @param  mixed  $data  Optional data to be saved, usually array.
+     * @return void
+     * @throws RuntimeException
+     */
+    public function save($data = null)
+    {
+        // Make sure that the cache file is always up to date!
+        $key = md5($this->filename);
+        $file = PhpFile::instance(CACHE_DIR . "compiled/files/{$key}{$this->extension}.php");
+        try {
+            $locked = $file->lock();
+        } catch (Exception $e) {
+            $locked = false;
+
+            /** @var Debugger $debugger */
+            $debugger = Grav::instance()['debugger'];
+            $debugger->addMessage(sprintf('%s(): Cannot obtain a lock for compiling cache file for %s: %s', __METHOD__, $this->filename, $e->getMessage()), 'warning');
+        }
+
+        parent::save($data);
+
+        if ($locked) {
+            $modified = $this->modified();
+            $filename = $this->filename;
+            $class = get_class($this);
+            $size = filesize($filename);
+
+            // Decode data into compiled array.
+            $cache = [
+                '@class' => $class,
+                'filename' => $filename,
+                'modified' => $modified,
+                'size' => $size,
+                'data' => $data
+            ];
+
+            $file->save($cache);
+            $file->unlock();
+
+            // Compile cached file into bytecode cache
+            if (function_exists('opcache_invalidate') && filter_var(ini_get('opcache.enable'), \FILTER_VALIDATE_BOOLEAN)) {
+                $lockName = $file->filename();
+                // Silence error if function exists, but is restricted.
+                @opcache_invalidate($lockName, true);
+                @opcache_compile_file($lockName);
+            }
+        }
+    }
+
     /**
      * Serialize file.
      *

system/src/Grav/Common/Flex/Types/Pages/PageIndex.php

@@ -612,7 +612,7 @@ protected function getLevelListingRecurse(array $options): array
             /** @var Header $header */
             $header = $page->header();
 
-            if (!$field && $header->get('admin.children_display_order') === 'collection' && ($orderby = $header->get('content.order.by'))) {
+            if (!$field && $header->get('admin.children_display_order', 'collection') === 'collection' && ($orderby = $header->get('content.order.by'))) {
                 // Use custom sorting by page header.
                 $sortby = $orderby;
                 $order = $header->get('content.order.dir', $order);

system/src/Grav/Common/Security.php

@@ -219,7 +219,8 @@ public static function detectXss($string, array $options = null): ?string
         $string = html_entity_decode($string, ENT_NOQUOTES | ENT_HTML5, 'UTF-8');
 
         // Strip whitespace characters
-        $string = preg_replace('!\s!u', '', $string);
+        $string = preg_replace('!\s!u', ' ', $string);
+        $stripped = preg_replace('!\s!u', '', $string);
 
         // Set the patterns we'll test against
         $patterns = [
@@ -242,7 +243,7 @@ public static function detectXss($string, array $options = null): ?string
         // Iterate over rules and return label if fail
         foreach ($patterns as $name => $regex) {
             if (!empty($enabled_rules[$name])) {
-                if (preg_match($regex, $string) || preg_match($regex, $orig)) {
+                if (preg_match($regex, $string) || preg_match($regex, $stripped) || preg_match($regex, $orig)) {
                     return $name;
                 }
             }

system/src/Grav/Framework/Cache/CacheTrait.php

@@ -157,9 +157,6 @@ public function getMultiple($keys, $default = null)
         $this->validateKeys($keys);
         $keys = array_unique($keys);
         $keys = array_combine($keys, $keys);
-        if (empty($keys)) {
-            return [];
-        }
 
         $list = $this->doGetMultiple($keys, $this->miss);
 

system/src/Grav/Framework/Flex/FlexDirectory.php

@@ -171,7 +171,7 @@ public function getConfig(string $name = null, $default = null)
     }
 
     /**
-     * @param string|string[]|null
+     * @param string|string[]|null $properties
      * @return array
      */
     public function getSearchProperties($properties = null): array
@@ -192,7 +192,7 @@ public function getSearchProperties($properties = null): array
 
         return $properties;
     }
-    
+
     /**
      * @param array|null $options
      * @return array