Merge branch '4.6' of https://github.com/craftcms/cms into 5.0

# Conflicts:
#	.github/workflows/ci.yml
#	CHANGELOG-WIP.md
#	CHANGELOG.md
#	src/web/assets/garnish/dist/garnish.js
#	src/web/assets/garnish/dist/garnish.js.map

src/base/Field.php

@@ -380,6 +380,11 @@ protected function defineRules(): array
                 'propagateAll',
                 'propagating',
                 'ref',
+                'relatedToAssets',
+                'relatedToCategories',
+                'relatedToEntries',
+                'relatedToTags',
+                'relatedToUsers',
                 'resaving',
                 'revisionId',
                 'rgt',

src/config/GeneralConfig.php

@@ -954,6 +954,26 @@ class GeneralConfig extends BaseConfig
      */
     public string|array|null $disabledPlugins = null;
 
+    /**
+     * @var string[] Array of utility IDs that should be disabled.
+     *
+     * ::: code
+     * ```php Static Config
+     *  ->disabledUtilities([
+     *      'updates',
+     *      'find-replace',
+     *  ])
+     * ```
+     * ```shell Environment Override
+     * CRAFT_DISABLED_UTILITIES=updates,find-replace
+     * ```
+     * :::
+     *
+     * @group System
+     * @since 4.6.0
+     */
+    public array $disabledUtilities = [];
+
     /**
      * @var bool Whether front end requests should respond with `X-Robots-Tag: none` HTTP headers, indicating that pages should not be indexed,
      * and links on the page should not be followed, by web crawlers.
@@ -4129,6 +4149,33 @@ public function disabledPlugins(string|array|null $value): self
         return $this;
     }
 
+    /**
+     * Array of utility IDs that should be disabled.
+     *
+     *  ::: code
+     *  ```php Static Config
+     *   ->disabledUtilities([
+     *       'updates',
+     *       'find-replace',
+     *   ])
+     *  ```
+     *  ```shell Environment Override
+     *  CRAFT_DISABLED_UTILITIES=updates,find-replace
+     *  ```
+     *  :::
+     *
+     * @group System
+     * @param string[] $value
+     * @return self
+     * @see $disabledUtilities
+     * @since 4.6.0
+     */
+    public function disabledUtilities(array $value): self
+    {
+        $this->disabledUtilities = $value;
+        return $this;
+    }
+
     /**
      * Whether front end requests should respond with `X-Robots-Tag: none` HTTP headers, indicating that pages should not be indexed,
      * and links on the page should not be followed, by web crawlers.

src/fields/BaseRelationField.php

@@ -946,7 +946,7 @@ public function afterElementSave(ElementInterface $element, bool $isNew): void
     {
         // Skip if nothing changed, or the element is just propagating and we're not localizing relations
         if (
-            ($element->isFieldDirty($this->handle) || $this->maintainHierarchy) &&
+            ($element->duplicateOf || $element->isFieldDirty($this->handle) || $this->maintainHierarchy) &&
             (!$element->propagating || $this->localizeRelations)
         ) {
             /** @var ElementQueryInterface|ElementCollection $value */

src/helpers/Api.php

@@ -207,7 +207,7 @@ public static function processResponseHeaders(array $headers): void
         if (isset($headers['x-craft-license-info'])) {
             $oldLicenseInfo = $cache->get('licenseInfo') ?: [];
             $licenseInfo = [];
-            $allCombinedInfo = explode(',', reset($headers['x-craft-license-info']));
+            $allCombinedInfo = array_filter(explode(',', reset($headers['x-craft-license-info'])));
             foreach ($allCombinedInfo as $combinedInfo) {
                 [$handle, $combinedValues] = explode(':', $combinedInfo, 2);
                 if ($combinedValues === LicenseKeyStatus::Invalid->value) {

src/services/Security.php

@@ -40,7 +40,14 @@ class Security extends \yii\base\Security
     public function init(): void
     {
         parent::init();
+
         $this->_blowFishHashCost = Craft::$app->getConfig()->getGeneral()->blowfishHashCost;
+
+        // normalize the sensitive keywords
+        $this->sensitiveKeywords = array_map(
+            fn(string $word) => Inflector::camel2words($word, false),
+            $this->sensitiveKeywords,
+        );
     }
 
     /**

src/services/Utilities.php

@@ -96,7 +96,12 @@ public function getAllUtilityTypes(): array
         ]);
         $this->trigger(self::EVENT_REGISTER_UTILITIES, $event);
 
-        return $event->types;
+        $disabledUtilities = array_flip(Craft::$app->getConfig()->getGeneral()->disabledUtilities);
+
+        return array_values(array_filter($event->types, function(string $class) use ($disabledUtilities) {
+            /** @var string|UtilityInterface $class */
+            return !isset($disabledUtilities[$class::id()]);
+        }));
     }
 
     /**

src/web/Request.php

@@ -697,7 +697,11 @@ public function getActionSegments(): ?array
      */
     public function getIsPreview(): bool
     {
-        return $this->getQueryParam('x-craft-preview') !== null || $this->getQueryParam('x-craft-live-preview') !== null;
+        return (
+            ($this->getQueryParam('x-craft-preview') ?? $this->getQueryParam('x-craft-live-preview')) !== null &&
+            // If there's a token but it expired, they're looking at the live site
+            (!$this->getHadToken() || $this->getToken() !== null)
+        );
     }
 
     /**

src/web/assets/garnish/src/Modal.js

@@ -112,8 +112,8 @@ export default Base.extend(
 
       if (this.$container) {
         // Move it to the end of <body> so it gets the highest sub-z-index
-        this.$shade.appendTo(Garnish.$bod);
-        this.$container.appendTo(Garnish.$bod);
+        this.$shade.appendTo(Garnish.$bod).velocity('stop');
+        this.$container.appendTo(Garnish.$bod).velocity('stop');
 
         this.$container.show();
         this.updateSizeAndPosition();
@@ -190,8 +190,10 @@ export default Base.extend(
       }
 
       if (this.$container) {
-        this.$container.velocity('fadeOut', {duration: Garnish.FX_DURATION});
-        this.$shade.velocity('fadeOut', {
+        this.$container
+          .velocity('stop')
+          .velocity('fadeOut', {duration: Garnish.FX_DURATION});
+        this.$shade.velocity('stop').velocity('fadeOut', {
           duration: Garnish.FX_DURATION,
           complete: this.onFadeOut.bind(this),
         });

tests/unit/services/SecurityTest.php

@@ -7,8 +7,6 @@
 
 namespace crafttests\unit\services;
 
-use Codeception\Test\Unit;
-use Craft;
 use craft\services\Security;
 use craft\test\TestCase;
 
@@ -21,22 +19,17 @@
  */
 class SecurityTest extends TestCase
 {
-    /**
-     * @var Security
-     */
-    protected Security $security;
-
     /**
      * @dataProvider redactIfSensitiveDataProvider
      * @param mixed $expected
      * @param string $name
      * @param mixed $value
-     * @param string[] $characters
+     * @param string[] $sensitiveKeywords
      */
-    public function testRedactIfSensitive(mixed $expected, string $name, mixed $value, array $characters): void
+    public function testRedactIfSensitive(mixed $expected, string $name, mixed $value, array $sensitiveKeywords): void
     {
-        $this->security->sensitiveKeywords = $characters;
-        self::assertSame($expected, $this->security->redactIfSensitive($name, $value));
+        $security = new Security(['sensitiveKeywords' => $sensitiveKeywords]);
+        self::assertSame($expected, $security->redactIfSensitive($name, $value));
     }
 
     /**
@@ -46,41 +39,24 @@ public static function redactIfSensitiveDataProvider(): array
     {
         return [
             ['••••••••••••••••••••', 'Name', 'test stuff craft cms', []],
-            ['test stuff craft cms', 'Name', 'test stuff craft cms', ['Name']],
-
-            // Capitals. Nothing done
-            ['test stuff craft cms', 'Name', 'test stuff craft cms', ['Name', 'Raaaa']],
-            ['test stuff craft cms', 'Name Addition', 'test stuff craft cms', ['Name']],
-            ['test stuff craft cms', 'Name Addition', 'test stuff craft cms', ['Name', 'Addition']],
-
-            // Various casing
+            ['test stuff craft cms', 'Name', 'test stuff craft cms', ['Foo']],
+            ['••••••••••••••••••••', 'Name', 'test stuff craft cms', ['Name']],
+            ['••••••••••••••••••••', 'Name', 'test stuff craft cms', ['Name', 'Raaaa']],
+            ['••••••••••••••••••••', 'Name Addition', 'test stuff craft cms', ['Name']],
+            ['••••••••••••••••••••', 'Name Addition', 'test stuff craft cms', ['Name', 'Addition']],
             ['••••••••••••••••••••', 'not', 'test stuff craft cms', ['not', 'Naaah']],
             ['test stuff craft cms', 'naah', 'test stuff craft cms', ['not', 'naaah']],
-
             ['••••••••••••••••••••', 'Not', 'test stuff craft cms', ['not', 'Naaah']],
-            ['test stuff craft cms', 'not', 'test stuff craft cms', ['Not', 'Naaah']],
-
-            ['test stuff craft cms', 'not naaah', 'test stuff craft cms', ['Not', 'Naaah']],
+            ['••••••••••••••••••••', 'not', 'test stuff craft cms', ['Not', 'Naaah']],
+            ['••••••••••••••••••••', 'not naaah', 'test stuff craft cms', ['Not', 'Naaah']],
             ['••••••••••••••••••••', 'not naaah', 'test stuff craft cms', ['not', 'naaah']],
-            ['test stuff craft cms', 'name addition', 'test stuff craft cms', ['Name', 'Addition']],
-
+            ['••••••••••••••••••••', 'name addition', 'test stuff craft cms', ['Name', 'Addition']],
             ['test stuff craft cms', ' ', 'test stuff craft cms', ['   ']],
             ['test stuff craft cms', '😀', 'test stuff craft cms', ['😀😘']],
             ['test stuff craft cms', '😀 😘', 'test stuff craft cms', ['😀', '😘']],
-
             ['test stuff craft cms', '😀⛄', 'test stuff craft cms', []],
-
             ['not stuff craft cms', '', 'not stuff craft cms', ['not']],
+            ['•••••••••••••••••••', 'NOT_STUFF_CRAFT_CMS', 'not stuff craft cms', ['NOT_STUFF']],
         ];
     }
-
-    /**
-     * @inheritdoc
-     */
-    protected function _before(): void
-    {
-        parent::_before();
-
-        $this->security = Craft::$app->getSecurity();
-    }
 }