5.3.24 (2021-04-04)

Overview of merged pull requests

BUGFIX: Anonymize authorization header in rendered request headers

This prevents credential information leakage into logs and generally when using RequestInformationHelper to render request headers. Using Headers class directly will still disclose Authorization header values though, so take care if you use that.

Related to #2360

  • Packages: Flow

BUGFIX: Allow Doctrine object manager to appear as different class names

The Doctrine object manager used to be Doctrine\Common but got moved to Doctrine\Persistence. Both are intrefaces.

Doctrine provides a compatibility layer implemented as class_alias().

There are situations where legacy code calls for Doctrine\Common, the PHP feature of class_alias mapps to Doctrine\Persistence and Flow does not know about it.

  • Packages: Flow

TASK: Avoid opening database connection if nothing to persist

Also, this avoids calling calculateChangeset() twice for requests that only want allowed objects to be persisted.

  • Resolves: #1893
  • Packages: Flow

TASK: Mark all migrations as applied after behat setup

See https://github.com/neos/neos-development-collection/pull/3311#issuecomment-803560353

Note that the Flow migrations somehow weren’t affected for some reason, but still this is the correct way to go about a doctrine:create (and mabye that command should itself mark all migrations applied).

  • Packages: github

BUGFIX: Outdated class name in @covers annotation

This fixes running tests with code coverage.

  • Packages: Flow

BUGFIX: Ignore ProxyClass in code coverage of phpunit

Add the @codeCoverageIgnore annotation to proxy class to ignore it in the coverage report.

  • Packages: Flow

Apply fixes from StyleCI

This pull request applies code style fixes from an analysis carried out by StyleCI.

For more information, click here.

  • Packages: Flow

Apply fixes from StyleCI

This pull request applies code style fixes from an analysis carried out by StyleCI.

For more information, click here.

  • Packages: Flow

BUGFIX: WithAddedHeader does not overwrite existing header

Previously the PSR-7 forward compatibility method withAddedHeader() would overwrite existing headers and was hence the same as withHeader(). This change fixes that by correctly setting the $overwrite argument in the delegate method.

See https://github.com/neos/flow-development-collection/pull/2361#discussion_r588867079

BUGFIX: Fix ResourceTypeConverter for “data” import

Fix the ResourceTypeConverter so that you can also import resources via base64.

What I did If one wanted to convert a base64 file via “data”, this did not work.

How I did it I changed the default value from “resource” to “null” so that the condition fits again.

How to verify it Convert a resource based on an array with “data” and “filename”.

Checklist

  • [x] Code follows the PSR-2 coding style
  • [x] Tests have been created, run and adjusted as needed
  • [x] The PR is created against the lowest maintained branch
  • Packages: Flow

BUGFIX: Authentication tests don’t depend on test running within a second

This prevents the tests from failing occasionally because the test starts directly before the current second switches.

  • Packages: Flow

BUGFIX: Check for valid session identifier before accessing the cache

Currently it is possible to change the cookie value of Neos_Flow_Session (TYPO3_Flow_Session) to an invalid cache identifier. This leads to an InvalidArgumentException and an error code 500. This pull requests checks the validity of the session identifier before attempting to access the metaDataCache.

Retargeted follow-up to #1132 Thanks @Torsten85 and sorry for being late with accepting this

  • Packages: Flow

BUGFIX: Don’t validate transient properties during persistence

See https://github.com/neos/flow-development-collection/pull/1538#issuecomment-524485959

A better version of #1734 that will really only ignore transient properties during persistence validation and nowhere else.

  • Packages: Flow

Apply fixes from StyleCI

This pull request applies code style fixes from an analysis carried out by StyleCI.

For more information, click here.

  • Packages: Flow

BUGFIX: `Array.filter` fails with empty callback

According to the documentation and method signature the callback argument in the Array.filter Eel method is optional.

Also the underlying php function array_filter supports beeing called without a callback. In which case it filters empty values which is really handy in places. However due to the passed flag ARRAY_FILTER_USE_BOTH this leads to an error.

The code adjusts the call to array_filter to only pass callback and ARRAY_FILTER_USE_BOTH if the filter is not null and adds a testcase for an empty filter.

  • Resolves: #2401 2401
  • Packages: Flow

Apply fixes from StyleCI

This pull request applies code style fixes from an analysis carried out by StyleCI.

For more information, click here.

  • Packages: Flow