Merge branch '6.0' into 6.1

* 6.0: [CookieBundle] Add missing view data provider service [AllBundles] Escape user input to avoid xss issues [AllBundles] Upgrade phpstan to stable release [UtilitiesBundle] Fix deprecated urltransationnamingstrategy (#3036)
Kunstmaan · Nov 22, 2021 · d69a1e3 · d69a1e3
2 parents a0c8a3e + c6cca67
commit d69a1e3
Show file tree

Hide file tree

Showing 14 changed files with 74 additions and 66 deletions.
diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
@@ -13,7 +13,7 @@ jobs:
 
             -   uses: shivammathur/setup-php@v2
                 with:
-                    php-version: 7.4
+                    php-version: 8.0
                     coverage: none
 
             -   name: Install Composer Dependencies

diff --git a/UPGRADE-5.10.md b/UPGRADE-5.10.md
@@ -32,6 +32,8 @@ Together with the CSRF token some of those routes will only be available to post
 * `Kunstmaan\MediaBundle\Controller\FolderController::deleteAction`
 * `Kunstmaan\MediaBundle\Controller\MediaController::deleteAction`
 
+* We have updated the `\Kunstmaan\UtilitiesBundle\Helper\UrlTransactionNamingStrategy` class to be compatible with `ekino/newrelic-bundle` 2.0. If you use this class upgrade the newrelic bundle in your project.
+
 AdminBundle
 ------------
 

diff --git a/composer.json b/composer.json
@@ -81,14 +81,14 @@
     "require-dev": {
         "symfony/error-handler": "^4.4|^5.3",
         "fakerphp/faker": "^1.15",
-        "ekino/newrelic-bundle": "^1.4",
+        "ekino/newrelic-bundle": "^2.3",
         "matthiasnoback/symfony-config-test": "^4.0",
         "matthiasnoback/symfony-dependency-injection-test": "^4.1",
         "symfony/phpunit-bridge": "^5.3",
         "phpunit/phpunit": "^8.5|^9.5",
         "friendsofphp/php-cs-fixer": "^2.13",
-        "phpstan/phpstan": "^0.12.18",
-        "phpstan/phpstan-doctrine": "^0.12.10"
+        "phpstan/phpstan": "^1.1",
+        "phpstan/phpstan-doctrine": "^1.0"
     },
     "replace": {
         "kunstmaan/admin-bundle": "self.version",

diff --git a/phpstan.neon b/phpstan.neon
@@ -8,7 +8,7 @@ parameters:
     scanDirectories:
         - .build/stubs
 
-    excludes_analyse:
+    excludePaths:
         - src/Kunstmaan/*/Tests/*
         - src/Kunstmaan/*/vendor/*
         - src/Kunstmaan/BehatBundle

diff --git a/src/Kunstmaan/AdminBundle/Helper/FormWidgets/Tabs/TabPane.php b/src/Kunstmaan/AdminBundle/Helper/FormWidgets/Tabs/TabPane.php
@@ -116,7 +116,7 @@ private function generateIdentifier(TabInterface $tab): string
     public function addTab(TabInterface $tab, $position = null)
     {
         $identifier = $tab->getIdentifier();
-        if (!$identifier || empty($identifier)) {
+        if (empty($identifier)) {
             $tab->setIdentifier($this->generateIdentifier($tab));
         }
 

diff --git a/src/Kunstmaan/AdminBundle/Resources/ui/js/_slug-chooser.js b/src/Kunstmaan/AdminBundle/Resources/ui/js/_slug-chooser.js
@@ -47,7 +47,8 @@ kunstmaanbundles.slugChooser = (function(window, undefined) {
             return;
         }
 
-        $preview.find('span').html(updatedUrl);
+        // Use jquery .text to escape user input value to avoid potential xss
+        $preview.find('span').text(updatedUrl);
         $preview.show();
     };
 

diff --git a/src/Kunstmaan/AdminListBundle/Controller/AbstractAdminListController.php b/src/Kunstmaan/AdminListBundle/Controller/AbstractAdminListController.php
@@ -109,7 +109,7 @@ protected function doAddAction(AbstractAdminListConfigurator $configurator, $typ
 
         /* @var EntityManager $em */
         $em = $this->getEntityManager();
-        $entityName = isset($type) ? $type : $configurator->getRepositoryName();
+        $entityName = $type ?? $configurator->getRepositoryName();
 
         $classMetaData = $em->getClassMetadata($entityName);
         // Creates a new instance of the mapped class, without invoking the constructor.

diff --git a/src/Kunstmaan/CookieBundle/Resources/config/services.yml b/src/Kunstmaan/CookieBundle/Resources/config/services.yml
@@ -1,49 +1,53 @@
 services:
-  Kunstmaan\CookieBundle\EventSubscriber\CookieBarEventSubscriber:
-      tags:
-        - { name: kernel.event_subscriber }
-      arguments:
-        - '@twig'
-        - '@kunstmaan_admin.adminroute.helper'
-        - '@kunstmaan.legal_cookie_helper'
-
-  Kunstmaan\CookieBundle\Helper\LegalCookieHelper:
-      arguments: ['@doctrine.orm.entity_manager', '%kunstmaan_admin.admin_firewall_name%']
-
-  kunstmaan.legal_cookie_helper: '@Kunstmaan\CookieBundle\Helper\LegalCookieHelper'
-
-  Kunstmaan\CookieBundle\Twig\CookieTwigExtension:
-      arguments: ['@doctrine.orm.entity_manager', '@kunstmaan.legal_cookie_helper', '@kunstmaan_admin.domain_configuration']
-      tags:
-          -  { name: 'twig.extension' }
-
-  Kunstmaan\CookieBundle\Helper\Menu\CookieMenuAdaptor:
-      tags:
-        -  { name: 'kunstmaan_admin.menu.adaptor' }
-
-  Kunstmaan\CookieBundle\Controller\LegalController:
-      arguments: ['@kunstmaan.legal_cookie_helper', '@doctrine.orm.entity_manager']
-      calls:
-          -   method: setContainer
-              arguments: [ ] # Container service locator will be injected filled by the services from subscribed services
-      tags: [ 'controller.service_arguments', 'container.service_subscriber' ]
-
-  Kunstmaan\CookieBundle\Controller\CookieAdminListController:
-    arguments: ['@kunstmaan_admin.domain_configuration']
-    calls:
-        -   method: setContainer
-            arguments: [ ] # Container service locator will be injected filled by the services from subscribed services
-    tags: ['controller.service_arguments', 'container.service_subscriber']
-
-  Kunstmaan\CookieBundle\Controller\CookieTypeAdminListController:
-    calls:
-        -   method: setContainer
-            arguments: [ ] # Container service locator will be injected filled by the services from subscribed services
-    tags: ['controller.service_arguments', 'container.service_subscriber']
-
-  Kunstmaan\CookieBundle\Command\GenerateLegalCommand:
-      arguments:
-        - '@filesystem'
-        - '@doctrine'
-      tags:
-        - { name: console.command }
+    Kunstmaan\CookieBundle\EventSubscriber\CookieBarEventSubscriber:
+        tags:
+            - { name: kernel.event_subscriber }
+        arguments:
+            - '@twig'
+            - '@kunstmaan_admin.adminroute.helper'
+            - '@kunstmaan.legal_cookie_helper'
+
+    Kunstmaan\CookieBundle\Helper\LegalCookieHelper:
+        arguments: [ '@doctrine.orm.entity_manager', '%kunstmaan_admin.admin_firewall_name%' ]
+
+    kunstmaan.legal_cookie_helper: '@Kunstmaan\CookieBundle\Helper\LegalCookieHelper'
+
+    Kunstmaan\CookieBundle\Twig\CookieTwigExtension:
+        arguments: [ '@doctrine.orm.entity_manager', '@kunstmaan.legal_cookie_helper', '@kunstmaan_admin.domain_configuration' ]
+        tags:
+            - { name: 'twig.extension' }
+
+    Kunstmaan\CookieBundle\Helper\Menu\CookieMenuAdaptor:
+        tags:
+            - { name: 'kunstmaan_admin.menu.adaptor' }
+
+    Kunstmaan\CookieBundle\Controller\LegalController:
+        arguments: [ '@kunstmaan.legal_cookie_helper', '@doctrine.orm.entity_manager' ]
+        calls:
+            -   method: setContainer
+                arguments: [ ] # Container service locator will be injected filled by the services from subscribed services
+        tags: [ 'controller.service_arguments', 'container.service_subscriber' ]
+
+    Kunstmaan\CookieBundle\Controller\CookieAdminListController:
+        arguments: [ '@kunstmaan_admin.domain_configuration' ]
+        calls:
+            -   method: setContainer
+                arguments: [ ] # Container service locator will be injected filled by the services from subscribed services
+        tags: [ 'controller.service_arguments', 'container.service_subscriber' ]
+
+    Kunstmaan\CookieBundle\Controller\CookieTypeAdminListController:
+        calls:
+            -   method: setContainer
+                arguments: [ ] # Container service locator will be injected filled by the services from subscribed services
+        tags: [ 'controller.service_arguments', 'container.service_subscriber' ]
+
+    Kunstmaan\CookieBundle\Command\GenerateLegalCommand:
+        arguments:
+            - '@filesystem'
+            - '@doctrine'
+        tags:
+            - { name: console.command }
+
+    Kunstmaan\CookieBundle\ViewDataProvider\LegalPageViewDataProvider:
+        arguments: [ '@request_stack', '@kunstmaan.legal_cookie_helper' ]
+        tags: [ 'kunstmaan.node.page_view_data_provider' ]
diff --git a/src/Kunstmaan/DashboardBundle/Widget/DashboardWidget.php b/src/Kunstmaan/DashboardBundle/Widget/DashboardWidget.php
@@ -31,7 +31,7 @@ public function resolvedController()
         $methodAnnotations = $annotationReader->getMethodAnnotations($reflectionMethod);
         foreach ($methodAnnotations as $annotation) {
             if ($annotation instanceof Route) {
-                if (empty($annotation)) {
+                if (null === $annotation->getName()) {
                     throw new \Exception('The name is not configured in the annotation');
                 }
 

diff --git a/src/Kunstmaan/MediaBundle/Form/Type/IdToMediaTransformer.php b/src/Kunstmaan/MediaBundle/Form/Type/IdToMediaTransformer.php
@@ -44,7 +44,7 @@ public function __construct(ObjectManager $objectManager, CurrentValueContainer
      */
     public function transform($entity)
     {
-        if (empty($entity)) {
+        if (null === $entity) {
             return '';
         }
         if (!\is_object($entity)) {

diff --git a/src/Kunstmaan/PagePartBundle/Repository/PagePartRefRepository.php b/src/Kunstmaan/PagePartBundle/Repository/PagePartRefRepository.php
@@ -185,9 +185,9 @@ public function hasPageParts(HasPagePartsInterface $page, $context = 'main')
     }
 
     /**
-     * @param int    $id             The id
-     * @param string $context        The context
-     * @param int    $sequenceNumber The sequence number
+     * @param int         $id             The id
+     * @param string|null $context        The context
+     * @param int         $sequenceNumber The sequence number
      *
      * @return PagePartInterface
      */

diff --git a/src/Kunstmaan/SeoBundle/Resources/views/SeoTwigExtension/metadata.html.twig b/src/Kunstmaan/SeoBundle/Resources/views/SeoTwigExtension/metadata.html.twig
@@ -110,5 +110,5 @@
 {% endif %}
 
 {% if seo.getExtraMetadata() %}
-    {{ seo.getExtraMetadata() | raw }}
+    {{ seo.getExtraMetadata()|escape('html')|raw }}
 {% endif %}
diff --git a/src/Kunstmaan/UtilitiesBundle/Helper/UrlTransactionNamingStrategy.php b/src/Kunstmaan/UtilitiesBundle/Helper/UrlTransactionNamingStrategy.php
@@ -2,13 +2,14 @@
 
 namespace Kunstmaan\UtilitiesBundle\Helper;
 
-use Ekino\Bundle\NewRelicBundle\TransactionNamingStrategy\TransactionNamingStrategyInterface;
+use Ekino\NewRelicBundle\TransactionNamingStrategy\TransactionNamingStrategyInterface;
 use Symfony\Component\HttpFoundation\Request;
 
 class UrlTransactionNamingStrategy implements TransactionNamingStrategyInterface
 {
-    public function getTransactionName(Request $request)
+    public function getTransactionName(Request $request): string
     {
         return $request->getPathInfo();
     }
 }
+
diff --git a/src/Kunstmaan/UtilitiesBundle/composer.json b/src/Kunstmaan/UtilitiesBundle/composer.json
@@ -36,10 +36,10 @@
         "matthiasnoback/symfony-dependency-injection-test": "^4.1",
         "symfony/phpunit-bridge": "^5.3",
         "phpunit/phpunit": "^8.5",
-        "ekino/newrelic-bundle": "^1.4"
+        "ekino/newrelic-bundle": "^2.3"
     },
     "suggest": {
-        "ekino/newrelic-bundle": "To use the UrlTransactionNamingStrategy"
+        "ekino/newrelic-bundle": "Require ^2.0 to use the UrlTransactionNamingStrategy"
     },
     "autoload": {
         "psr-4": { "Kunstmaan\\UtilitiesBundle\\": "" }