5.2.7 (2019-09-02)

Overview of merged pull requests

BUGFIX: Handle configuration value “false” for trusted proxies

This fixes the case when a configured environment variable (like the default FLOW_HTTP_TRUSTEDPROXIES) is not set, in which case the value will be false.

  • Packages: Flow

BUGFIX: Make ScriptsMock::buildSubprocessCommand signature match parent

This prevents a Warning notice in Unit Tests.

Related to #1731

  • Packages: Flow

TASK: Include TYPO3Fluid for reflection

This is needed to be able to generate a XSD schema for the TYPO3 Fluid default ViewHelpers.

Depends on #1638

  • Packages: Flow

BUGFIX: Allow a single ‘*’ entry in trustedProxies

This makes the setting Neos.Flow.http.trustedProxies.proxies behave equal for a setting of “*” or [“*”] or - “*”.

  • Packages: Flow

TASK: Fix ScriptTest invoking dummy commands

Also, the static class does not need to be mocked with PHPUnit, as PHPUnit can not stub static methods anyway.

  • Packages: Flow

BUGFIX: Do not join select property paths to embedded objects

Instead of assuming that every property path with a dot is a path to an other entity check if the property path is a mapped field which is also true for embedded object properties.

Resolves #989

What I did We’ll i suppose i fixed it :sweat_smile:

How I did it I searched the existing class schema for hints about embedded properties and found it in the entityManager. When the path exists in the fieldMappings it is a field embedded in the object’s table. Since we’re using doctrine in this kind of query anyway i think we’re safe to go whit this solution.

How to verify it The description of the original bug should be suffice.

Checklist

  • Packages: Flow

FEATURE: Allow rebasing PR via comment

Just type /rebase in the comment and this workflow will attempt a rebase.

Uses https://github.com/cirrus-actions/rebase

  • Packages: github

TASK: Use var_dump return parameter

What I did When digging through the code I found this instance of capturing the output of \Neos\Flow\var_dump using ob_get_contents when \Neos\Flow\var_dump has a $return parameter itself.

How I did it Using the $return parameter of \Neos\Flow\var_dump

  • Packages: Flow FluidAdaptor

BUGFIX: Avoid unsupported operand types error

Under some circumstances, the session metadata cache might iterate a non-array value and the following logging attempt failing with an unsupported operand type error for the + array concatenation. This change works around this error, by checking the $sessionInfo to be of type array and assigning a wrapper array otherwise.

  • Packages: Flow

TASK: Make array indexing difference more visible

Previously, if an array was expected but a non numerically indexed array (i.e. a “dictionary”) was given, the error message would output expected: type=array found: type=array, which is totally confusing.

See https://github.com/neos/flow-development-collection/pull/1637

  • Packages: Schema

BUGFIX: Authentication: Only intercept GET requests

Adjusts the Dispatcher so that it only intercepts GET requests in order to prevent unwanted side effects when redirecting to an unsafe request.

Fixes: #1694

  • Packages: Flow

BUGFIX: Respect Neos.Flow.http.baseUri path in UriBuilder

If Neos.Flow.http.baseUri contains a path, it was not respected during uri building.

See: #1185 Resolves: #1215

What I did Add path of Neos.Flow.http.baseUri to ResolveContext’s uriPathPrefix.

How to verify it Configure Neos.Flow.http.baseUri to be an absolute URI with path, build URI to any Controller.

  • Packages: Flow

BUGFIX: Allow using Flow with PHP wrappers

<!– Thanks for your contribution, we appreciate it!

Please read through our pull request guidelines, there are some interesting things there: https://discuss.neos.io/t/creating-a-pull-request/506

And one more thing… Don’t forget about the tests! –>

What I did

Add support for using a fallback to verify whether the PHP_BINARY for the currently configured PHP binary file matches the one being used currently.

The current logic only resolves the symlink, which may not always work, e.g. what if the php binary is being executed through a wrapper like this?

#!/bin/sh . /path/to/setenv.sh exec /path/to/php.bin “$@”

(Where php.bin is the binary file and setenv.sh a script with sets environment variables - Wrappers like these are heavily used in Bitnami installations.)

How I did it

Before Flow compares which PHP binary is being used (and which it is supposedly configured to use), we run a PHP exec to print PHP_BINARY.

Then, we store the result and if no errors were thrown, use this as the detected PHP binary path to compare with. If any errors were detected (via the “exec” exit code), we use the original logic that resolves any symlink it’s pointing to.

If it matches the existing one, it means everything went great, if not an error will be thrown like before.

How to verify it

  • A correct PHP wrapper pointing to the PHP binary (e.g. php.bin) is allowed for being used for CLI subrequests (method ensureCLISubrequestsUseCurrentlyRunningPhpBinary).
  • An invalid PHP wrapper fails when being used for CLI subrequests (method ensureCLISubrequestsUseCurrentlyRunningPhpBinary).

Checklist

  • [x] Code follows the PSR-2 coding style - Checked
  • [x] Tests have been created, run and adjusted as needed - Couldn’t find any tests for this part
  • [x] The PR is created against the [lowest maintained branch](https://www.neos.io/features/release-roadmap.html) - Using 4.3 branch
  • Packages: Flow

TASK: Update documentation about AbstractConditionViewHelper.

I tried to create a custom IfViewHelper by extending the AbstractConditionViewHelper and noticed that it was still mentioning to overwrite the render function. However the render function is not called but rather the evaluateCondition function must be overwritten. I’ve basically taken the documentation from the Neos docs and copied it here and made some adjustments.

Let me know if this is ok or not (but current state of the documentation is not correct so it should be changed).

Fluid 2.6 introduced another change to the AbstractConditionViewHelper that can be found here: https://github.com/TYPO3/Fluid/commit/a67b31f9e6ecb015d0f47892fce46cf64110fd15

With Fluid 3.0 the evaluateCondition function won’t be used anymore - should be kept in mind.

Thanks, David

  • Packages: Flow

BUGFIX: Omit sessionless tokens from session

Without this fix, all security tokens – including those which are implementations of SessionlessTokenInterface – are serialized and added to the current session. This is a problem for sessionless tokens, which need to be updated on every request on not just once per session.

Fixes: #1666 Related: #1614

  • Packages: Flow

BUGFIX: Omit sessionless tokens from session

Without this fix, all security tokens ? including those which are implementations of SessionlessTokenInterface ? are serialized and added to the current session. This is a problem for sessionless tokens, which need to be updated on every request on not just once per session.

Backport of #1662 Fixes: #1666

  • Packages: Flow

TASK: Loosen typo3 fluid dependency

This allows to install any version of TYPO3 Fluid >= 2.1.3, < 2.5.0 instead of the previously limiting to ~2.1.3 Since Flow 5.0+ requires TYPO3 Fluid 2.5.x, this is consistent.

  • Packages: FluidAdaptor

TASK: Safelist branches for travis builds

This prevents builds from running doubly on branches created on this repository for PRs, e.g. through the StyleCI bot or by github inline PRs.

See https://docs.travis-ci.com/user/customizing-the-build/#safelisting-or-blocklisting-branches

  • Packages: Flow

Apply fixes from StyleCI

This pull request applies code style fixes from an analysis carried out by [StyleCI](https://github.styleci.io).

For more information, click [here](https://github.styleci.io/analyses/8nBJyO).

  • Packages: Flow FluidAdaptor