Merge branch 'v13/dev' into v13/contrib

umbraco · Sep 3, 2024 · bff2932 · bff2932
2 parents a47a177 + 34179f5
commit bff2932
Show file tree

Hide file tree

Showing 17 changed files with 180 additions and 30 deletions.
diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -12,23 +12,23 @@
   </ItemGroup>
   <!-- Microsoft packages -->
   <ItemGroup>
-    <PackageVersion Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="8.0.7" />
-    <PackageVersion Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="8.0.7" />
+    <PackageVersion Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="8.0.8" />
+    <PackageVersion Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="8.0.8" />
     <PackageVersion Include="Microsoft.CodeAnalysis.CSharp" Version="4.10.0" />
-    <PackageVersion Include="Microsoft.Data.Sqlite" Version="8.0.7" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.Sqlite" Version="8.0.7" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.7" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.7" />
+    <PackageVersion Include="Microsoft.Data.Sqlite" Version="8.0.8" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Sqlite" Version="8.0.8" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.8" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.8" />
     <PackageVersion Include="Microsoft.Extensions.Caching.Abstractions" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Configuration.Json" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="8.0.0" />
-    <PackageVersion Include="Microsoft.Extensions.FileProviders.Embedded" Version="8.0.7" />
+    <PackageVersion Include="Microsoft.Extensions.FileProviders.Embedded" Version="8.0.8" />
     <PackageVersion Include="Microsoft.Extensions.FileProviders.Physical" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Hosting.Abstractions" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Http" Version="8.0.0" />
-    <PackageVersion Include="Microsoft.Extensions.Identity.Core" Version="8.0.7" />
-    <PackageVersion Include="Microsoft.Extensions.Identity.Stores" Version="8.0.7" />
+    <PackageVersion Include="Microsoft.Extensions.Identity.Core" Version="8.0.8" />
+    <PackageVersion Include="Microsoft.Extensions.Identity.Stores" Version="8.0.8" />
     <PackageVersion Include="Microsoft.Extensions.Logging" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Options" Version="8.0.2" />
     <PackageVersion Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="8.0.0" />
@@ -47,7 +47,7 @@
     <PackageVersion Include="Dazinator.Extensions.FileProviders" Version="2.0.0" />
     <PackageVersion Include="Examine" Version="3.3.0" />
     <PackageVersion Include="Examine.Core" Version="3.3.0" />
-    <PackageVersion Include="HtmlAgilityPack" Version="1.11.62" />
+    <PackageVersion Include="HtmlAgilityPack" Version="1.11.64" />
     <PackageVersion Include="K4os.Compression.LZ4" Version="1.3.8" />
     <PackageVersion Include="MailKit" Version="4.7.1.1" />
     <PackageVersion Include="Markdown" Version="2.2.1" />
@@ -77,7 +77,7 @@
     <PackageVersion Include="SixLabors.ImageSharp.Web" Version="3.1.3" />
     <PackageVersion Include="Smidge.InMemory" Version="4.4.0" />
     <PackageVersion Include="Smidge.Nuglify" Version="4.4.0" />
-    <PackageVersion Include="Swashbuckle.AspNetCore" Version="6.7.0" />
+    <PackageVersion Include="Swashbuckle.AspNetCore" Version="6.7.1" />
   </ItemGroup>
   <!-- Transitive pinned versions (only required because our direct dependencies have vulnerable versions of transitive dependencies) -->
   <ItemGroup>
@@ -89,5 +89,7 @@
     <PackageVersion Include="System.Security.Cryptography.Xml" Version="8.0.1" />
     <!-- Both Dazinator.Extensions.FileProviders and MiniProfiler.AspNetCore.Mvc bring in a vulnerable version of System.Text.RegularExpressions -->
     <PackageVersion Include="System.Text.RegularExpressions" Version="4.3.1" />
+    <!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
+    <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.7.1" />
   </ItemGroup>
 </Project>
diff --git a/src/Umbraco.Cms.Api.Common/Umbraco.Cms.Api.Common.csproj b/src/Umbraco.Cms.Api.Common/Umbraco.Cms.Api.Common.csproj
@@ -12,6 +12,9 @@
     <PackageReference Include="Swashbuckle.AspNetCore" />
     <PackageReference Include="OpenIddict.Abstractions" />
     <PackageReference Include="OpenIddict.AspNetCore" />
+
+    <!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens"/>
   </ItemGroup>
 
   <ItemGroup>

diff --git a/src/Umbraco.Cms.Persistence.EFCore.SqlServer/Umbraco.Cms.Persistence.EFCore.SqlServer.csproj b/src/Umbraco.Cms.Persistence.EFCore.SqlServer/Umbraco.Cms.Persistence.EFCore.SqlServer.csproj
@@ -8,6 +8,9 @@
     <!-- Take top-level depedendency on Azure.Identity, because Microsoft.EntityFrameworkCore.SqlServer depends on a vulnerable version -->
     <PackageReference Include="Azure.Identity" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" />
+
+    <!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens"/>
   </ItemGroup>
 
   <ItemGroup>

diff --git a/src/Umbraco.Cms.Persistence.SqlServer/Umbraco.Cms.Persistence.SqlServer.csproj b/src/Umbraco.Cms.Persistence.SqlServer/Umbraco.Cms.Persistence.SqlServer.csproj
@@ -8,6 +8,9 @@
     <!-- Take top-level depedendency on Azure.Identity, because NPoco.SqlServer depends on a vulnerable version -->
     <PackageReference Include="Azure.Identity" />
     <PackageReference Include="NPoco.SqlServer" />
+
+    <!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens"/>
   </ItemGroup>
 
   <ItemGroup>

diff --git a/src/Umbraco.Core/PropertyEditors/Validators/RequiredValidator.cs b/src/Umbraco.Core/PropertyEditors/Validators/RequiredValidator.cs
@@ -7,7 +7,7 @@ namespace Umbraco.Cms.Core.PropertyEditors.Validators;
 /// <summary>
 ///     A validator that validates that the value is not null or empty (if it is a string)
 /// </summary>
-public sealed class RequiredValidator : IValueRequiredValidator, IManifestValueValidator
+public class RequiredValidator : IValueRequiredValidator, IManifestValueValidator
 {
     private const string ValueCannotBeNull = "Value cannot be null";
     private const string ValueCannotBeEmpty = "Value cannot be empty";
@@ -23,7 +23,7 @@ public IEnumerable<ValidationResult> Validate(object? value, string? valueType,
         ValidateRequired(value, valueType);
 
     /// <inheritdoc cref="IValueRequiredValidator.ValidateRequired" />
-    public IEnumerable<ValidationResult> ValidateRequired(object? value, string? valueType)
+    public virtual IEnumerable<ValidationResult> ValidateRequired(object? value, string? valueType)
     {
         if (value == null)
         {

diff --git a/src/Umbraco.Infrastructure/DependencyInjection/UmbracoBuilder.CoreServices.cs b/src/Umbraco.Infrastructure/DependencyInjection/UmbracoBuilder.CoreServices.cs
@@ -28,6 +28,7 @@
 using Umbraco.Cms.Core.Notifications;
 using Umbraco.Cms.Core.Packaging;
 using Umbraco.Cms.Core.PropertyEditors;
+using Umbraco.Cms.Core.PropertyEditors.Validators;
 using Umbraco.Cms.Core.PropertyEditors.ValueConverters;
 using Umbraco.Cms.Core.PublishedCache;
 using Umbraco.Cms.Core.Routing;
@@ -238,6 +239,8 @@ public static IUmbracoBuilder AddCoreInitialServices(this IUmbracoBuilder builde
 
         builder.Services.AddSingleton<IBlockEditorElementTypeCache, BlockEditorElementTypeCache>();
 
+        builder.Services.AddSingleton<IRichTextRequiredValidator, RichTextRequiredValidator>();
+
         return builder;
     }
 

diff --git a/src/Umbraco.Infrastructure/Migrations/Upgrade/V_13_3_0/AlignUpgradedDatabase.cs b/src/Umbraco.Infrastructure/Migrations/Upgrade/V_13_3_0/AlignUpgradedDatabase.cs
@@ -120,23 +120,48 @@ private void AlignContentVersionTable(ColumnInfo[] columns)
         // We need to do this to ensure we don't try to rename the constraint if it doesn't exist.
         const string tableName = "umbracoContentVersion";
         const string columnName = "VersionDate";
+        const string newColumnName = "versionDate";
+        const string expectedConstraintName = "DF_umbracoContentVersion_versionDate";
+
         ColumnInfo? versionDateColumn = columns
             .FirstOrDefault(x => x is { TableName: tableName, ColumnName: columnName });
 
-        if (versionDateColumn is null)
+        // we only want to rename the column if necessary
+        if (versionDateColumn is not null)
         {
             // The column was not found I.E. the column is correctly named
-            return;
+            RenameColumn(tableName, columnName, newColumnName, columns);
         }
 
-        RenameColumn(tableName, columnName, "versionDate", columns);
-
         // Renames the default constraint for the column,
         // apparently the content version table used to be prefixed with cms and not umbraco
         // We don't have a fluid way to rename the default constraint so we have to use raw SQL
         // This should be okay though since we are only running this migration on SQL Server
+        Sql<ISqlContext> constraintNameQuery = Database.SqlContext.Sql(@$"
+SELECT obj_Constraint.NAME AS 'constraintName'
+    FROM   sys.objects obj_table
+        JOIN sys.objects obj_Constraint
+            ON obj_table.object_id = obj_Constraint.parent_object_id
+        JOIN sys.sysconstraints constraints
+             ON constraints.constid = obj_Constraint.object_id
+        JOIN sys.columns columns
+             ON columns.object_id = obj_table.object_id
+            AND columns.column_id = constraints.colid
+    WHERE obj_table.NAME = '{tableName}'
+	AND columns.NAME = '{newColumnName}'
+	AND obj_Constraint.type = 'D'
+");
+        var currentConstraintName = Database.ExecuteScalar<string>(constraintNameQuery);
+
+
+        // only rename the constraint if necessary
+        if (currentConstraintName == expectedConstraintName)
+        {
+            return;
+        }
+
         Sql<ISqlContext> renameConstraintQuery = Database.SqlContext.Sql(
-            "EXEC sp_rename N'DF_cmsContentVersion_VersionDate', N'DF_umbracoContentVersion_versionDate', N'OBJECT'");
+            $"EXEC sp_rename N'{currentConstraintName}', N'{expectedConstraintName}', N'OBJECT'");
         Database.Execute(renameConstraintQuery);
     }
 

diff --git a/src/Umbraco.Infrastructure/PropertyEditors/RichTextPropertyEditor.cs b/src/Umbraco.Infrastructure/PropertyEditors/RichTextPropertyEditor.cs
@@ -12,6 +12,7 @@
 using Umbraco.Cms.Core.Models;
 using Umbraco.Cms.Core.Models.Blocks;
 using Umbraco.Cms.Core.Models.Editors;
+using Umbraco.Cms.Core.PropertyEditors.Validators;
 using Umbraco.Cms.Core.Security;
 using Umbraco.Cms.Core.Serialization;
 using Umbraco.Cms.Core.Services;
@@ -166,15 +167,18 @@ protected override IConfigurationEditor CreateConfigurationEditor() =>
     internal class RichTextPropertyValueEditor : BlockValuePropertyValueEditorBase
     {
         private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor;
+        private readonly ILocalizedTextService _localizedTextService;
         private readonly IHtmlSanitizer _htmlSanitizer;
         private readonly HtmlImageSourceParser _imageSourceParser;
         private readonly HtmlLocalLinkParser _localLinkParser;
         private readonly IHtmlMacroParameterParser _macroParameterParser;
         private readonly RichTextEditorPastedImages _pastedImages;
         private readonly IJsonSerializer _jsonSerializer;
         private readonly IBlockEditorElementTypeCache _elementTypeCache;
+        private readonly IRichTextRequiredValidator _richTextRequiredValidator;
         private readonly ILogger<RichTextPropertyValueEditor> _logger;
 
+        [Obsolete("Use non-obsolete constructor. This is schedules for removal in v16.")]
         public RichTextPropertyValueEditor(
             DataEditorAttribute attribute,
             PropertyEditorCollection propertyEditors,
@@ -193,21 +197,66 @@ public RichTextPropertyValueEditor(
             IBlockEditorElementTypeCache elementTypeCache,
             IPropertyValidationService propertyValidationService,
             DataValueReferenceFactoryCollection dataValueReferenceFactoryCollection)
+            : this(
+                attribute,
+                propertyEditors,
+                dataTypeReadCache,
+                logger,
+                backOfficeSecurityAccessor,
+                localizedTextService,
+                shortStringHelper,
+                imageSourceParser,
+                localLinkParser,
+                pastedImages,
+                jsonSerializer,
+                ioHelper,
+                htmlSanitizer,
+                macroParameterParser,
+                elementTypeCache,
+                propertyValidationService,
+                dataValueReferenceFactoryCollection,
+                StaticServiceProvider.Instance.GetRequiredService<IRichTextRequiredValidator>())
+        {
+
+        }
+        public RichTextPropertyValueEditor(
+            DataEditorAttribute attribute,
+            PropertyEditorCollection propertyEditors,
+            IDataTypeConfigurationCache dataTypeReadCache,
+            ILogger<RichTextPropertyValueEditor> logger,
+            IBackOfficeSecurityAccessor backOfficeSecurityAccessor,
+            ILocalizedTextService localizedTextService,
+            IShortStringHelper shortStringHelper,
+            HtmlImageSourceParser imageSourceParser,
+            HtmlLocalLinkParser localLinkParser,
+            RichTextEditorPastedImages pastedImages,
+            IJsonSerializer jsonSerializer,
+            IIOHelper ioHelper,
+            IHtmlSanitizer htmlSanitizer,
+            IHtmlMacroParameterParser macroParameterParser,
+            IBlockEditorElementTypeCache elementTypeCache,
+            IPropertyValidationService propertyValidationService,
+            DataValueReferenceFactoryCollection dataValueReferenceFactoryCollection,
+            IRichTextRequiredValidator richTextRequiredValidator)
             : base(attribute, propertyEditors, dataTypeReadCache, localizedTextService, logger, shortStringHelper, jsonSerializer, ioHelper, dataValueReferenceFactoryCollection)
         {
             _backOfficeSecurityAccessor = backOfficeSecurityAccessor;
+            _localizedTextService = localizedTextService;
             _imageSourceParser = imageSourceParser;
             _localLinkParser = localLinkParser;
             _pastedImages = pastedImages;
             _htmlSanitizer = htmlSanitizer;
             _macroParameterParser = macroParameterParser;
             _elementTypeCache = elementTypeCache;
+            _richTextRequiredValidator = richTextRequiredValidator;
             _jsonSerializer = jsonSerializer;
             _logger = logger;
 
             Validators.Add(new RichTextEditorBlockValidator(propertyValidationService, CreateBlockEditorValues(), elementTypeCache, jsonSerializer, logger));
         }
 
+        public override IValueRequiredValidator RequiredValidator => _richTextRequiredValidator;
+
         /// <inheritdoc />
         public override object? Configuration
         {

diff --git a/src/Umbraco.Infrastructure/PropertyEditors/Validators/IRichTextRequiredValidator.cs b/src/Umbraco.Infrastructure/PropertyEditors/Validators/IRichTextRequiredValidator.cs
@@ -0,0 +1,7 @@
+using Umbraco.Cms.Core.PropertyEditors;
+
+namespace Umbraco.Cms.Core.PropertyEditors.Validators;
+
+internal interface IRichTextRequiredValidator : IValueRequiredValidator
+{
+}
diff --git a/src/Umbraco.Infrastructure/PropertyEditors/Validators/RichTextRequiredValidator.cs b/src/Umbraco.Infrastructure/PropertyEditors/Validators/RichTextRequiredValidator.cs
@@ -0,0 +1,30 @@
+using System.ComponentModel.DataAnnotations;
+using Microsoft.Extensions.Logging;
+using Umbraco.Cms.Core.Serialization;
+using Umbraco.Cms.Core.Services;
+
+namespace Umbraco.Cms.Core.PropertyEditors.Validators;
+
+internal class RichTextRequiredValidator : RequiredValidator, IRichTextRequiredValidator
+{
+    private readonly IJsonSerializer _jsonSerializer;
+    private readonly ILogger<RichTextRequiredValidator> _logger;
+
+    public RichTextRequiredValidator(ILocalizedTextService textService, IJsonSerializer jsonSerializer, ILogger<RichTextRequiredValidator> logger) : base(textService)
+    {
+        _jsonSerializer = jsonSerializer;
+        _logger = logger;
+    }
+
+    public override IEnumerable<ValidationResult> ValidateRequired(object? value, string? valueType) => base.ValidateRequired(GetValue(value), valueType);
+
+    private object? GetValue(object? value)
+    {
+        if(RichTextPropertyEditorHelper.TryParseRichTextEditorValue(value, _jsonSerializer, _logger, out RichTextEditorValue? richTextEditorValue))
+        {
+            return richTextEditorValue?.Markup;
+        }
+
+        return value;
+    }
+}
diff --git a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
@@ -708,6 +708,8 @@ public async Task<IActionResult> PostLogout()
             return Ok();
         }
 
+
+
         await _signInManager.SignOutAsync();
 
         _logger.LogInformation("User {UserName} from IP address {RemoteIpAddress} has logged out",

diff --git a/src/Umbraco.Web.Common/Umbraco.Web.Common.csproj b/src/Umbraco.Web.Common/Umbraco.Web.Common.csproj
@@ -24,6 +24,8 @@
     <PackageReference Include="System.Net.Http" />
     <!-- Take top-level depedendency on System.Text.RegularExpressions, because both Dazinator.Extensions.FileProviders and MiniProfiler.AspNetCore.Mvc depend on a vulnerable version -->
     <PackageReference Include="System.Text.RegularExpressions" />
+    <!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens"/>
   </ItemGroup>
 
   <ItemGroup>

diff --git a/...raco.Web.UI.Client/src/common/directives/components/content/umbtabbedcontent.directive.js b/...raco.Web.UI.Client/src/common/directives/components/content/umbtabbedcontent.directive.js
@@ -15,7 +15,8 @@
 
             $scope.activeTabAlias = null;
             $scope.tabs = [];
-            $scope.allowUpdate = $scope.content.allowedActions.includes('A');
+            //$scope.allowUpdate = $scope.content.allowedActions.includes('A');
+            setAllowUpdate()
             $scope.allowEditInvariantFromNonDefault = Umbraco.Sys.ServerVariables.umbracoSettings.allowEditInvariantFromNonDefault;
 
             $scope.$watchCollection('content.tabs', (newValue) => {
@@ -44,6 +45,10 @@
                 }
             });
 
+            function setAllowUpdate() {
+              $scope.allowUpdate = $scope.content.allowedActions.includes('A');
+            }
+
             function onScroll(event) {
 
                 var viewFocusY = scrollableNode.scrollTop + scrollableNode.clientHeight * .5;
@@ -151,6 +156,17 @@
                 }
             });
 
+            $scope.$on("formSubmitting", function() {
+              $scope.allowUpdate = false;
+            });
+
+            $scope.$on("formSubmitted", function() {
+                setAllowUpdate();
+            });
+            $scope.$on("formSubmittedValidationFailed", function() {
+                setAllowUpdate();
+            });
+
             //ensure to unregister from all dom-events
             $scope.$on('$destroy', function () {
                 cancelScrollTween();