From a1ee94ce61d90e9424f48bb2cb1f56e8016edf75 Mon Sep 17 00:00:00 2001 From: Guy Sartorelli Date: Thu, 10 Nov 2022 01:56:21 +0000 Subject: [PATCH 1/4] Update translations --- composer.json | 5 +---- lang/eo.yml | 3 ++- lang/nl.yml | 3 ++- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/composer.json b/composer.json index 77e0854b..7caa3808 100644 --- a/composer.json +++ b/composer.json @@ -34,9 +34,6 @@ } }, "extra": { - "branch-alias": { - "dev-master": "2.x-dev" - }, "expose": [ "client/javascript", "client/css" @@ -44,4 +41,4 @@ }, "minimum-stability": "dev", "prefer-stable": true -} +} \ No newline at end of file diff --git a/lang/eo.yml b/lang/eo.yml index 0af29444..051be19d 100644 --- a/lang/eo.yml +++ b/lang/eo.yml @@ -53,11 +53,12 @@ eo: one: 'Unu subreteja domajno' other: '{count} subretejaj domajnoj' PROTOCOL_AUTOMATIC: Aŭtomata - PROTOCOL_DESCRIPTION: 'Marki ĉi tion kiel la aprioran domajnon por ĉi tiu subretejo' + PROTOCOL_DESCRIPTION: 'Kiam generante ligilojn al ĉi tiu subretejo, uzu la elektitan protokolon.' PROTOCOL_HTTP: 'http://' PROTOCOL_HTTPS: 'https://' Protocol: Protokolo SINGULARNAME: 'Subreteja domajno' + ISPRIMARY_DESCRIPTION: 'Marki ĉi tion kiel la aprioran domajnon por ĉi tiu subretejo' SilverStripe\Subsites\Pages\SubsitesVirtualPage: DESCRIPTION: 'Vidigas la enhavon de paĝo en alia subretejo' OverrideNote: 'Anstataŭigas hereditan valoron el la fonto' diff --git a/lang/nl.yml b/lang/nl.yml index a49f085a..ca82dc4d 100644 --- a/lang/nl.yml +++ b/lang/nl.yml @@ -53,11 +53,12 @@ nl: one: 'Een subsite domein' other: '{count} subsite domeinen' PROTOCOL_AUTOMATIC: Automatisch - PROTOCOL_DESCRIPTION: 'Markeer als standaard domein voor deze subsite' + PROTOCOL_DESCRIPTION: 'Wordt gebruikt bij het genereren van links naar deze subsite.
''Automatisch'' houdt in dat het huidige protocol gebruikt zal worden.' PROTOCOL_HTTP: 'http://' PROTOCOL_HTTPS: 'https://' Protocol: Protocol SINGULARNAME: 'Subsite Domein' + ISPRIMARY_DESCRIPTION: 'Dit is de standaard domeinnaam voor deze subsite' SilverStripe\Subsites\Pages\SubsitesVirtualPage: DESCRIPTION: 'Toon de inhoud van een pagina op een andere subsite' OverrideNote: 'Overschrijft de overgenomen tekst van de gelinkte pagina' From 5f489b1df93d1424f24555ee199a2bd801f08eeb Mon Sep 17 00:00:00 2001 From: Steve Boyd Date: Wed, 14 Dec 2022 10:43:53 +1300 Subject: [PATCH 2/4] FIX Do not show copy to subsite buttons in history viewer --- src/Extensions/SiteTreeSubsites.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Extensions/SiteTreeSubsites.php b/src/Extensions/SiteTreeSubsites.php index 58ca33d6..d76de68f 100644 --- a/src/Extensions/SiteTreeSubsites.php +++ b/src/Extensions/SiteTreeSubsites.php @@ -29,6 +29,7 @@ use SilverStripe\Subsites\Service\ThemeResolver; use SilverStripe\Subsites\State\SubsiteState; use SilverStripe\View\SSViewer; +use SilverStripe\VersionedAdmin\Controllers\HistoryViewerController; /** * Extension for the SiteTree object to add subsites support @@ -117,10 +118,12 @@ public function updateCMSFields(FieldList $fields) $subsitesMap = new Map(ArrayList::create()); } + $viewingPageHistory = Controller::has_curr() && Controller::curr() instanceof HistoryViewerController; + // Master page edit field (only allowed from default subsite to avoid inconsistent relationships) $isDefaultSubsite = $this->owner->SubsiteID == 0 || $this->owner->Subsite()->DefaultSite; - if ($isDefaultSubsite && $subsitesMap->count()) { + if ($isDefaultSubsite && $subsitesMap->count() && !$viewingPageHistory) { $fields->addFieldToTab( 'Root.Main', ToggleCompositeField::create( From 73f3d15bfb90ba779dd5498fcc5ae4ab292d6272 Mon Sep 17 00:00:00 2001 From: Steve Boyd Date: Thu, 10 Nov 2022 15:25:53 +1300 Subject: [PATCH 3/4] [CVE-2022-42949] Subsite file permissions --- src/Extensions/FileSubsites.php | 6 ++-- tests/php/FileSubsitesTest.php | 61 +++++++++++++++++++++++++++++++++ tests/php/SubsiteTest.yml | 26 ++++++++++++++ 3 files changed, 90 insertions(+), 3 deletions(-) diff --git a/src/Extensions/FileSubsites.php b/src/Extensions/FileSubsites.php index 85defa94..39a7a96a 100644 --- a/src/Extensions/FileSubsites.php +++ b/src/Extensions/FileSubsites.php @@ -116,9 +116,9 @@ public function canEdit($member = null) } // Check the CMS_ACCESS_SecurityAdmin privileges on the subsite that owns this group - $subsiteID = SubsiteState::singleton()->getSubsiteId(); - if ($subsiteID && $subsiteID == $this->owner->SubsiteID) { - return true; + $currentSubsiteID = SubsiteState::singleton()->getSubsiteId(); + if ($currentSubsiteID && $currentSubsiteID !== $this->owner->SubsiteID) { + return false; } return SubsiteState::singleton()->withState(function (SubsiteState $newState) use ($member) { diff --git a/tests/php/FileSubsitesTest.php b/tests/php/FileSubsitesTest.php index 3aa6a6c1..60f40c23 100644 --- a/tests/php/FileSubsitesTest.php +++ b/tests/php/FileSubsitesTest.php @@ -8,6 +8,7 @@ use SilverStripe\Forms\FieldList; use SilverStripe\Subsites\Extensions\FileSubsites; use SilverStripe\Subsites\Model\Subsite; +use SilverStripe\Security\Member; class FileSubsitesTest extends BaseSubsiteTest { @@ -65,4 +66,64 @@ public function testWritingSubsiteID() $file->onAfterUpload(); $this->assertEquals($folder->SubsiteID, $file->SubsiteID); } + + /** + * @dataProvider provideTestCanEdit + */ + public function testCanEdit( + string $fileKey, + string $memberKey, + string $currentSubsiteKey, + bool $expected + ): void { + $file = $this->objFromFixture(File::class, $fileKey); + $subsiteID = ($currentSubsiteKey === 'mainsite') + ? 0 : $this->objFromFixture(Subsite::class, $currentSubsiteKey)->ID; + $member = $this->objFromFixture(Member::class, $memberKey); + Subsite::changeSubsite($subsiteID); + $this->assertSame($expected, $file->canEdit($member)); + } + + public function provideTestCanEdit(): array + { + $ret = []; + $data = [ + // file + 'subsite1file' => [ + // member - has permissions to edit the file + 'filetestyes' => [ + // current subite => expected canEdit() + 'subsite1' => true, + 'subsite2' => false, + 'mainsite' => true + ], + // member - does not have permissions to edit the file + 'filetestno' => [ + 'subsite1' => false, + 'subsite2' => false, + 'mainsite' => false + ], + ], + 'mainsitefile' => [ + 'filetestyes' => [ + 'subsite1' => true, + 'subsite2' => true, + 'mainsite' => true + ], + 'filetestno' => [ + 'subsite1' => false, + 'subsite2' => false, + 'mainsite' => false + ], + ] + ]; + foreach (array_keys($data) as $fileKey) { + foreach (array_keys($data[$fileKey]) as $memberKey) { + foreach ($data[$fileKey][$memberKey] as $currentSubsiteKey => $expected) { + $ret[] = [$fileKey, $memberKey, $currentSubsiteKey, $expected]; + } + } + } + return $ret; + } } diff --git a/tests/php/SubsiteTest.yml b/tests/php/SubsiteTest.yml index 3096781e..cc262485 100644 --- a/tests/php/SubsiteTest.yml +++ b/tests/php/SubsiteTest.yml @@ -159,6 +159,10 @@ SilverStripe\Security\Group: Code: subsite1_group_via_role AccessAllSubsites: 1 Roles: =>SilverStripe\Security\PermissionRole.role1 + filetest: + Title: filetest + Code: filetest + AccessAllSubsites: 1 SilverStripe\Security\Permission: admin: Code: ADMIN @@ -193,6 +197,9 @@ SilverStripe\Security\Permission: adminsubsite1: Code: ADMIN GroupID: =>SilverStripe\Security\Group.subsite1admins + filetest: + Code: CMS_ACCESS_CMSMain + GroupID: =>SilverStripe\Security\Group.filetest SilverStripe\Security\Member: admin: @@ -222,7 +229,26 @@ SilverStripe\Security\Member: subsite1member2: Email: subsite1member2@test.com Groups: =>SilverStripe\Security\Group.subsite1_group_via_role + filetestyes: + Email: filetestyes@test.com + Groups: =>SilverStripe\Security\Group.filetest + filetestno: + Email: filetestno@test.com SilverStripe\SiteConfig\SiteConfig: config: CanCreateTopLevelType: LoggedInUsers + +SilverStripe\Assets\File: + subsite1file: + Name: subsitefile.pdf + Title: subsitefile + SubsiteID: =>SilverStripe\Subsites\Model\Subsite.subsite1 + CanEditType: OnlyTheseUsers + EditorGroups: =>SilverStripe\Security\Group.filetest + mainsitefile: + Name: mainsitefile.pdf + Title: mainsitefile + SubsiteID: 0 + CanEditType: OnlyTheseUsers + EditorGroups: =>SilverStripe\Security\Group.filetest From 30b1f09af4f379bca31e4c65f3112723556a08b5 Mon Sep 17 00:00:00 2001 From: Steve Boyd Date: Thu, 26 Jan 2023 10:39:07 +1300 Subject: [PATCH 4/4] API Deprecate passing multiple IDs --- src/State/SubsiteState.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/State/SubsiteState.php b/src/State/SubsiteState.php index 8bd5b0c7..641a5676 100644 --- a/src/State/SubsiteState.php +++ b/src/State/SubsiteState.php @@ -5,6 +5,7 @@ use SilverStripe\Core\Injector\Injectable; use SilverStripe\Core\Injector\Injector; use SilverStripe\Core\Resettable; +use SilverStripe\Dev\Deprecation; /** * SubsiteState provides static access to the current state for subsite related data during a request @@ -48,6 +49,9 @@ public function getSubsiteId() */ public function setSubsiteId($id) { + if (!ctype_digit((string) $id) && !is_null($id)) { + Deprecation::notice('2.8.0', 'Passing multiple IDs is deprecated, only pass a single ID instead.'); + } if (is_null($this->originalSubsiteId)) { $this->originalSubsiteId = (int) $id; }