5.2.3 (2019-02-10)

Overview of merged pull requests

TASK: Avoid code migration error if source file does not exist

This avoids errors like fatal: bad source, source=Packages/Sites/Acme.AcmeCom/Resources/Private/Fusion/Root.ts2, destination=Packages/Sites/Acme.AcmeCom/Resources/Private/Fusion/Root.fusion during core:migrate.

  • Packages: Flow

BUGIFX: Correctly check for TaggableBackendInterface

The is_a only checks for parents but not for implemented interfaces. is_sublcass_of should be used instead to check if the $backendClassName implements the interface

  • Packages: Cache Flow

TASK: Use proper dummy hash in PersistedUsernamePasswordProvider

This replaces the dummy hash used to prevent timing based attacks by a valid hash for a random password that was never actually stored somewhere.

This avoids problems with PHP’s encryption methods. With the previous hash, the hashing was sometimes not applied properly and the method returns early so that the time-based information disclosure vulnerability still exists.

  • Packages: Flow

BUGFIX: Support “/” in file upload fields

Adds support for file uploads with “/”s in their names. Adds a Request::calculateFieldPathsAsArray method returning the paths as arrays instead of “/”-separated strings (later “/”-split again). Keeps the calculateFieldPaths method returning the paths as strings for backwards-compatibility.

Fixes #1467

  • Packages: Flow

BUGFIX: Verify the existence of the `repositories` section in the composer manifest before searching for local packages path

In older setups that did not have a repositories section in the composer-maifest package:create tried to foreach over a null-value which lead to an php-error. This change checks that the repositories is actually an array before iterating.

  • Packages: Flow