5.1.7 (2019-02-10)¶
Overview of merged pull requests¶
TASK: Avoid code migration error if source file does not exist¶
This avoids errors like fatal: bad source, source=Packages/Sites/Acme.AcmeCom/Resources/Private/Fusion/Root.ts2, destination=Packages/Sites/Acme.AcmeCom/Resources/Private/Fusion/Root.fusion during core:migrate.
- Packages:
Flow
BUGIFX: Correctly check for TaggableBackendInterface¶
The is_a only checks for parents but not for implemented interfaces. is_sublcass_of should be used instead to check if the $backendClassName implements the interface
- Packages:
Cache
Flow
TASK: Use proper dummy hash in PersistedUsernamePasswordProvider¶
This replaces the dummy hash used to prevent timing based attacks by a valid hash for a random password that was never actually stored somewhere.
This avoids problems with PHP’s encryption methods. With the previous hash, the hashing was sometimes not applied properly and the method returns early so that the time-based information disclosure vulnerability still exists.
- Packages:
Flow
BUGFIX: Support “/” in file upload fields¶
Adds support for file uploads with “/”s in their names. Adds a Request::calculateFieldPathsAsArray method returning the paths as arrays instead of “/”-separated strings (later “/”-split again). Keeps the calculateFieldPaths method returning the paths as strings for backwards-compatibility.
Fixes #1467
- Packages:
Flow