Merge branch '4.0' into 'main'

Author: thorsten

phpmyfaq/assets/src/search/question.js

@@ -47,6 +47,10 @@ export const handleQuestion = () => {
           message.insertAdjacentElement('afterend', addElement('div', { classList: '', innerHTML: resultMessage }));
           // Add hidden input
           form.insertAdjacentElement('afterbegin', addElement('input', { type: 'hidden', name: 'save', value: 1 }));
+          form.insertAdjacentElement(
+            'afterbegin',
+            addElement('input', { type: 'hidden', name: 'store', value: 'now' })
+          );
         }
 
         // Final result

phpmyfaq/assets/templates/default/ask.twig

@@ -31,25 +31,27 @@
     <input type="hidden" name="lang" id="lang" value="{{ lang }}">
 
     <div class="row mb-2">
-      <label class="col-sm-3 col-form-label" for="name">{{ id3_label }}:
-        <span style="color: red"> *</span></label>
+      <label class="col-sm-3 col-form-label" for="name">
+        {{ id3_label }}*:
+      </label>
       <div class="col-sm-9">
         <input type="text" class="form-control" name="name" id="name" value="{{ defaultContentName }}" required>
       </div>
     </div>
 
     <div class="row mb-2">
-      <label class="col-sm-3 col-form-label" for="email">{{ id4_label }}:
-        <span style="color: red"> *</span></label>
+      <label class="col-sm-3 col-form-label" for="email">
+        {{ id4_label }}*:
+      </label>
       <div class="col-sm-9">
         <input type="email" class="form-control" name="email" id="email" value="{{ defaultContentMail }}" required>
       </div>
     </div>
 
     {% if id5_label is defined %}
     <div class="row mb-2">
-      <label class="col-sm-3 col-form-label" for="category">{{ id5_label }}:
-      {% if id5_required == 'required' %}<span style="color: red"> *</span>{% endif %}
+      <label class="col-sm-3 col-form-label" for="category">
+        {{ id5_label }}{% if id5_required == 'required' %}*{% endif %}:
       </label>
       <div class="col-sm-9">
         <select name="category" class="form-select" id="category" {{ id5_required }}>
@@ -60,8 +62,9 @@
     {% endif %}
 
     <div class="row mb-2">
-      <label class="col-sm-3 col-form-label" for="question">{{ id6_label }}:
-        <span style="color: red"> *</span></label>
+      <label class="col-sm-3 col-form-label" for="question">
+        {{ id6_label }}*:
+      </label>
       <div class="col-sm-9">
         <textarea class="form-control" cols="45" rows="5" name="question" id="question" required></textarea>
       </div>

phpmyfaq/src/phpMyFAQ/Configuration.php

@@ -517,7 +517,7 @@ public function replaceMainReferenceUrl(string $oldUrl, string $newUrl): bool
      */
     public function getAllowedMediaHosts(): array
     {
-        return explode(',', $this->get('records.allowedMediaHosts'));
+        return explode(',', trim($this->get('records.allowedMediaHosts')));
     }
 
     public function getCustomCss(): string

phpmyfaq/src/phpMyFAQ/Controller/Frontend/QuestionController.php

@@ -46,9 +46,7 @@ class QuestionController extends AbstractController
      */
     public function create(Request $request): JsonResponse
     {
-        $user = CurrentUser::getCurrentUser($this->configuration);
-
-        if (!$this->isAddingQuestionsAllowed($user)) {
+        if (!$this->isAddingQuestionsAllowed()) {
             return $this->json(['error' => Translation::get('ad_msg_noauth')], Response::HTTP_FORBIDDEN);
         }
 
@@ -69,14 +67,15 @@ public function create(Request $request): JsonResponse
         $selectedCategory = isset($data->category) ? Filter::filterVar($data->category, FILTER_VALIDATE_INT) : false;
         $userQuestion = trim(strip_tags((string) $data->question));
         $save = Filter::filterVar($data->save ?? 0, FILTER_VALIDATE_INT);
+        $storeNow = Filter::filterVar($data->store ?? 'not', FILTER_SANITIZE_SPECIAL_CHARS);
 
         // If smart answering is disabled, save the question immediately
         if (false === $this->configuration->get('main.enableSmartAnswering')) {
             $save = true;
         }
 
-        // Validate captcha
-        if (!$this->captchaCodeIsValid($request)) {
+        // Validate captcha if we can store the question after displaying the smart answer
+        if ($storeNow !== 'now' && !$this->captchaCodeIsValid($request)) {
             return $this->json(['error' => Translation::get('msgCaptcha')], Response::HTTP_BAD_REQUEST);
         }
 
@@ -108,7 +107,7 @@ public function create(Request $request): JsonResponse
                 $faqSearch->setCategoryId((int) $selectedCategory);
 
                 $faqPermission = new Permission($this->configuration);
-                $faqSearchResult = new SearchResultSet($user, $faqPermission, $this->configuration);
+                $faqSearchResult = new SearchResultSet($this->currentUser, $faqPermission, $this->configuration);
 
                 $searchResult = array_merge(...array_map(
                     fn($word) => $faqSearch->search($word, false),
@@ -134,16 +133,16 @@ public function create(Request $request): JsonResponse
         }
     }
 
-    private function isAddingQuestionsAllowed(CurrentUser $user): bool
+    /**
+     * @throws \Exception
+     */
+    private function isAddingQuestionsAllowed(): bool
     {
-        if (
-            !$this->configuration->get('records.allowQuestionsForGuests') &&
-            !$this->configuration->get('main.enableAskQuestions') &&
-            !$user->perm->hasPermission($user->getUserId(), PermissionType::QUESTION_ADD->value)
-        ) {
-            return false;
-        }
-
-        return true;
+        return $this->configuration->get('records.allowQuestionsForGuests') ||
+            $this->configuration->get('main.enableAskQuestions') ||
+            $this->currentUser->perm->hasPermission(
+                $this->currentUser->getUserId(),
+                PermissionType::QUESTION_ADD->value
+            );
     }
 }

phpmyfaq/src/phpMyFAQ/Faq/Permission.php

@@ -139,23 +139,39 @@ public function createPermissionArray(): array
                 'restricted_user' => [-1],
             ];
         } else {
-            $permissions += [
-                'restricted_user' => [
-                    Filter::filterVar($data->restricted_users, FILTER_VALIDATE_INT),
-                ],
-            ];
+            if (is_string($data->restricted_users)) {
+                $permissions += [
+                    'restricted_user' => [
+                        Filter::filterVar(array($data->restricted_users), FILTER_VALIDATE_INT),
+                    ],
+                ];
+            } else {
+                $permissions += [
+                    'restricted_user' => [
+                        Filter::filterVar($data->restricted_users, FILTER_VALIDATE_INT),
+                    ],
+                ];
+            }
         }
 
         if ('all' === Filter::filterVar($data->grouppermission, FILTER_SANITIZE_SPECIAL_CHARS)) {
             $permissions += [
                 'restricted_groups' => [-1],
             ];
         } else {
-            $permissions += [
-                'restricted_groups' => [
-                    Filter::filterArray($data->{'restricted_groups'}, FILTER_VALIDATE_INT),
-                ]
-            ];
+            if (is_string($data->restricted_groups)) {
+                $permissions += [
+                    'restricted_groups' => [
+                        Filter::filterVar(array($data->restricted_groups), FILTER_VALIDATE_INT),
+                    ]
+                ];
+            } else {
+                $permissions += [
+                    'restricted_groups' => [
+                        Filter::filterArray($data->restricted_groups, FILTER_VALIDATE_INT),
+                    ]
+                ];
+            }
         }
 
         return $permissions;

phpmyfaq/src/phpMyFAQ/Instance/Database/Mysqli.php

@@ -208,7 +208,7 @@ class Mysqli extends Database implements Driver
             form_id INT(1) NOT NULL,
             input_id INT(11) NOT NULL,
             input_type VARCHAR(1000) NOT NULL,
-            input_label VARCHAR(100) NOT NULL,
+            input_label VARCHAR(500) NOT NULL,
             input_active INT(1) NOT NULL,
             input_required INT(1) NOT NULL,
             input_lang VARCHAR(11) NOT NULL)',

phpmyfaq/src/phpMyFAQ/Instance/Database/Pgsql.php

@@ -208,7 +208,7 @@ class Pgsql extends Database implements Driver
             form_id INTEGER NOT NULL,
             input_id INTEGER NOT NULL,
             input_type VARCHAR(1000) NOT NULL,
-            input_label VARCHAR(100) NOT NULL,
+            input_label VARCHAR(500) NOT NULL,
             input_active INTEGER NOT NULL,
             input_required INTEGER NOT NULL,
             input_lang VARCHAR(11) NOT NULL)',

phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlite3.php

@@ -204,7 +204,7 @@ class Sqlite3 extends Database implements Driver
             form_id INTEGER NOT NULL,
             input_id INTEGER NOT NULL,
             input_type VARCHAR(1000) NOT NULL,
-            input_label VARCHAR(100) NOT NULL,
+            input_label VARCHAR(500) NOT NULL,
             input_active INTEGER NOT NULL,
             input_required INTEGER NOT NULL,
             input_lang VARCHAR(11) NOT NULL)',

phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlsrv.php

@@ -204,7 +204,7 @@ class Sqlsrv extends Database implements Driver
             form_id INTEGER NOT NULL,
             input_id INTEGER NOT NULL,
             input_type NVARCHAR(1000) NOT NULL,
-            input_label NVARCHAR(100) NOT NULL,
+            input_label NVARCHAR(500) NOT NULL,
             input_active INTEGER NOT NULL,
             input_required INTEGER NOT NULL,
             input_lang NVARCHAR(11) NOT NULL)',

phpmyfaq/src/phpMyFAQ/Setup/Update.php

@@ -165,6 +165,7 @@ public function applyUpdates(): bool
         $this->applyUpdates400Alpha2();
         $this->applyUpdates400Alpha3();
         $this->applyUpdates400Beta2();
+        $this->applyUpdates405();
 
         // 4.1 updates
         $this->applyUpdates410Alpha();
@@ -863,6 +864,90 @@ private function applyUpdates400Beta2(): void
         }
     }
 
+    private function applyUpdates405(): void
+    {
+        if (version_compare($this->version, '4.0.5', '<')) {
+            // Delete old permissions
+            $this->queries[] = sprintf(
+                'DELETE FROM %sfaqright WHERE name = \'view_sections\'',
+                Database::getTablePrefix()
+            );
+            $this->queries[] = sprintf(
+                'DELETE FROM %sfaqright WHERE name = \'add_section\'',
+                Database::getTablePrefix()
+            );
+            $this->queries[] = sprintf(
+                'DELETE FROM %sfaqright WHERE name = \'edit_section\'',
+                Database::getTablePrefix()
+            );
+            $this->queries[] = sprintf(
+                'DELETE FROM %sfaqright WHERE name = \'delete_section\'',
+                Database::getTablePrefix()
+            );
+            $this->queries[] = sprintf(
+                'DELETE FROM %sfaqright WHERE name = \'delete_section\'',
+                Database::getTablePrefix()
+            );
+
+            // Update faqforms table
+            switch (Database::getType()) {
+                case 'mysqli':
+                    $this->queries[] = sprintf(
+                        'ALTER TABLE %sfaqforms CHANGE input_label input_label VARCHAR(500) NOT NULL',
+                        Database::getTablePrefix()
+                    );
+                    break;
+                case 'pgsql':
+                    $this->queries[] = sprintf(
+                        'ALTER TABLE %sfaqforms ALTER COLUMN input_label TYPE VARCHAR(500)',
+                        Database::getTablePrefix()
+                    );
+                    $this->queries[] = sprintf(
+                        'ALTER TABLE %sfaqforms ALTER COLUMN input_label SET NOT NULL',
+                        Database::getTablePrefix()
+                    );
+                    break;
+                case 'sqlite3':
+                    $this->queries[] = sprintf(
+                        'ALTER TABLE %sfaqforms RENAME TO %sfaqforms_old',
+                        Database::getTablePrefix(),
+                        Database::getTablePrefix()
+                    );
+                    $this->queries[] = sprintf(
+                        'CREATE TABLE %sfaqforms (
+                            form_id INTEGER NOT NULL,
+                            input_id INTEGER NOT NULL,
+                            input_type VARCHAR(1000) NOT NULL,
+                            input_label VARCHAR(500) NOT NULL,
+                            input_active INTEGER NOT NULL,
+                            input_required INTEGER NOT NULL,
+                            input_lang VARCHAR(11) NOT NULL
+                        )',
+                        Database::getTablePrefix()
+                    );
+                    $this->queries[] = sprintf(
+                        'INSERT INTO %sfaqforms 
+                            SELECT 
+                                form_id, input_id, input_type, input_label, input_active, input_required, input_lang 
+                            FROM %sfaqforms_old',
+                        Database::getTablePrefix(),
+                        Database::getTablePrefix()
+                    );
+                    $this->queries[] = sprintf(
+                        'DROP TABLE %sfaqforms_old;',
+                        Database::getTablePrefix()
+                    );
+                    break;
+                case 'sqlsrv':
+                    $this->queries[] = sprintf(
+                        'ALTER TABLE %sfaqforms ALTER COLUMN input_label NVARCHAR(500) NOT NULL',
+                        Database::getTablePrefix()
+                    );
+                    break;
+            }
+        }
+    }
+
     private function applyUpdates410Alpha(): void
     {
         if (version_compare($this->version, '4.1.0-alpha', '<')) {