Merge branch 'main' into staabm-patch-4

.tools/bin/update-all

@@ -2,6 +2,7 @@
 
 printf "Update redaxo/src/core/vendor\n"
 composer update --ansi --no-dev -d redaxo/src/core/
+composer bump --ansi -d redaxo/src/core/
 
 rm -rf redaxo/src/core/vendor/bin/
 rm -rf redaxo/src/core/vendor/erusev/parsedown/test/
@@ -34,6 +35,7 @@ composer dumpautoload --ansi --no-dev --classmap-authoritative -d redaxo/src/cor
 
 printf "\nUpdate redaxo/src/addons/backup/vendor\n"
 composer update --ansi --no-dev -d redaxo/src/addons/backup/
+composer bump --ansi -d redaxo/src/addons/backup/
 
 rm -f redaxo/src/addons/backup/vendor/autoload.php
 rm -rf redaxo/src/addons/backup/vendor/composer/
@@ -48,6 +50,7 @@ find redaxo/src/addons/backup/vendor/splitbrain/php-archive -name "*.md" ! -name
 
 printf "\nUpdate redaxo/src/addons/be_style/vendor\n"
 composer update --ansi --no-dev -d redaxo/src/addons/be_style/
+composer bump --ansi -d redaxo/src/addons/be_style/
 
 rm -f redaxo/src/addons/be_style/vendor/autoload.php
 rm -rf redaxo/src/addons/be_style/vendor/composer/
@@ -59,6 +62,7 @@ find redaxo/src/addons/be_style/vendor/scssphp -name "*.md" ! -name "LICENSE.md"
 
 printf "\nUpdate redaxo/src/addons/debug/vendor\n"
 composer update --ansi --no-dev -d redaxo/src/addons/debug/
+composer bump --ansi -d redaxo/src/addons/debug/
 
 rm -f redaxo/src/addons/debug/vendor/autoload.php
 rm -rf redaxo/src/addons/debug/vendor/composer/
@@ -75,6 +79,7 @@ find redaxo/src/addons/debug/vendor -name "*.md" ! -name "LICENSE.md" -type f -d
 
 printf "\nUpdate redaxo/src/addons/phpmailer/vendor\n"
 composer update --ansi --no-dev -d redaxo/src/addons/phpmailer/
+composer bump --ansi -d redaxo/src/addons/phpmailer/
 
 rm -f redaxo/src/addons/phpmailer/vendor/autoload.php
 rm -rf redaxo/src/addons/phpmailer/vendor/composer/

composer.json

@@ -18,11 +18,11 @@
         "phpstan/phpstan": "1.8.2",
         "phpstan/phpstan-deprecation-rules": "1.0.0",
         "phpstan/phpstan-phpunit": "1.1.1",
-        "phpstan/phpstan-symfony": "1.2.9",
+        "phpstan/phpstan-symfony": "1.2.13",
         "phpunit/phpunit": "^9.5",
         "psalm/plugin-phpunit": "0.17.0",
         "psalm/plugin-symfony": "3.1.8",
-        "rector/rector": "0.13.10",
+        "rector/rector": "0.14.0",
         "redaxo/php-cs-fixer-config": "1.0.0",
         "redaxo/psalm-plugin": "1.0.0",
         "vimeo/psalm": "4.26.0"
@@ -31,31 +31,31 @@
         "erusev/parsedown": "1.7.4",
         "erusev/parsedown-extra": "0.8.1",
         "filp/whoops": "2.14.5",
-        "itsgoingd/clockwork": "v5.1.6",
-        "phpmailer/phpmailer": "v6.6.3",
+        "itsgoingd/clockwork": "v5.1.7",
+        "phpmailer/phpmailer": "v6.6.4",
         "psr/container": "1.1.1",
         "psr/http-message": "1.0.1",
         "psr/log": "1.1.4",
         "ramsey/collection": "1.2.2",
         "ramsey/http-range": "1.0.0",
         "scssphp/scssphp": "v1.10.5",
         "splitbrain/php-archive": "1.3.1",
-        "symfony/console": "v5.4.11",
+        "symfony/console": "v5.4.12",
         "symfony/deprecation-contracts": "v2.5.2",
-        "symfony/http-foundation": "v5.4.11",
+        "symfony/http-foundation": "v5.4.12",
         "symfony/polyfill-ctype": "*",
         "symfony/polyfill-php70": "*",
         "symfony/polyfill-php72": "*",
         "symfony/polyfill-php73": "*",
         "symfony/polyfill-php80": "v1.26.0",
         "symfony/polyfill-php81": "v1.26.0",
         "symfony/service-contracts": "v2.5.2",
-        "symfony/string": "v5.4.11",
+        "symfony/string": "v5.4.12",
         "symfony/var-dumper": "v5.4.11",
-        "symfony/yaml": "v5.4.11",
+        "symfony/yaml": "v5.4.12",
         "voku/anti-xss": "4.1.39",
         "voku/portable-ascii": "2.0.1",
-        "voku/portable-utf8": "6.0.5"
+        "voku/portable-utf8": "6.0.6"
     },
     "autoload": {
         "classmap": [

redaxo/src/addons/backup/composer.json

@@ -1,6 +1,6 @@
 {
     "require": {
-        "splitbrain/php-archive": "^1.2"
+        "splitbrain/php-archive": "^1.3.1"
     },
 
     "config": {

redaxo/src/addons/be_style/composer.json

@@ -1,6 +1,6 @@
 {
     "require": {
-        "scssphp/scssphp": "^1.5"
+        "scssphp/scssphp": "^1.10.5"
     },
 
     "config": {

redaxo/src/addons/be_style/plugins/redaxo/scss/_panels.scss

@@ -9,6 +9,10 @@
     .rex-panel-option-title {
         margin-left: ($grid-gutter-width / 2);
     }
+
+    .form-control-clear {
+        color: $color-a-dark;
+    }
 }
 .rex-slice .panel-heading > .rex-panel-options {
     float: right;
@@ -116,7 +120,12 @@
 // ----------------------------------------------------------------------------
 
 @mixin _dark-panels {
-
+    .panel-heading {
+        .form-control-clear {
+            color: $color-text-light;
+        }
+    }
+
     .panel-add,
     .panel-edit {
         @include panel-variant($color-green-1, $color-text-light, $color-green-1, $color-green-1);

redaxo/src/addons/debug/composer.json

@@ -1,6 +1,6 @@
 {
     "require": {
-        "itsgoingd/clockwork": "^5.0"
+        "itsgoingd/clockwork": "^5.1.7"
     },
 
     "config": {

redaxo/src/addons/debug/vendor/itsgoingd/clockwork/Clockwork/Clockwork.php

@@ -15,7 +15,7 @@
 class Clockwork
 {
 	// Clockwork library version
-	const VERSION = '5.1.6';
+	const VERSION = '5.1.7';
 
 	// Array of data sources, these objects collect metadata for the current application run
 	protected $dataSources = [];

redaxo/src/addons/debug/vendor/itsgoingd/clockwork/Clockwork/DataSource/XdebugDataSource.php

@@ -20,6 +20,10 @@ public function extend(Request $request)
 
 		if ($profile && ! preg_match('/\.php$/', $profile) && is_readable($profile)) {
 			$request->xdebug['profileData'] = file_get_contents($profile);
+
+			if (preg_match('/\.gz$/', $profile)) {
+				$request->xdebug['profileData'] = gzdecode($request->xdebug['profileData']);
+			}
 		}
 
 		return $request;

redaxo/src/addons/debug/vendor/itsgoingd/clockwork/Clockwork/Storage/FileStorage.php

@@ -197,6 +197,8 @@ protected function closeIndex($lock = false)
 	{
 		if ($lock) flock($this->indexHandle, LOCK_UN);
 		fclose($this->indexHandle);
+
+		$this->indexHandle = null;
 	}
 
 	// Read a line from index in the specified direction (next or previous)

redaxo/src/addons/debug/vendor/itsgoingd/clockwork/Clockwork/Support/Vanilla/Clockwork.php

@@ -1,6 +1,8 @@
 <?php namespace Clockwork\Support\Vanilla;
 
 use Clockwork\Clockwork as BaseClockwork;
+use Clockwork\Authentication\NullAuthenticator;
+use Clockwork\Authentication\SimpleAuthenticator;
 use Clockwork\DataSource\PhpDataSource;
 use Clockwork\DataSource\PsrMessageDataSource;
 use Clockwork\Helpers\Serializer;
@@ -41,6 +43,7 @@ public function __construct($config = [])
 
 		$this->clockwork->addDataSource(new PhpDataSource);
 		$this->clockwork->storage($this->makeStorage());
+		$this->clockwork->authenticator($this->makeAuthenticator());
 
 		$this->configureSerializer();
 		$this->configureShouldCollect();
@@ -153,23 +156,38 @@ public function getCookiePayload()
 	// Handle Clockwork REST api request, retrieves or updates Clockwork metadata
 	public function handleMetadata($request = null, $method = null)
 	{
+		if (! $request) $request = isset($_GET['request']) ? $_GET['request'] : '';
 		if (! $method) $method = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : 'GET';
 
+		if ($method == 'POST' && $request == 'auth') return $this->authenticate();
+
 		return $method == 'POST' ? $this->updateMetadata($request) : $this->returnMetadata($request);
 	}
 
 	// Retrieve metadata based on the passed Clockwork REST api request and send HTTP response
 	public function returnMetadata($request = null)
 	{
-		if (! $this->config['enable']) return;
+		if (! $this->config['enable']) return $this->response(null, 404);
+
+		$authenticator = $this->clockwork->authenticator();
+		$authenticated = $authenticator->check(isset($_SERVER['HTTP_X_CLOCKWORK_AUTH']) ? $_SERVER['HTTP_X_CLOCKWORK_AUTH'] : '');
+
+		if ($authenticated !== true) {
+			return $this->response([ 'message' => $authenticated, 'requires' => $authenticator->requires() ], 403);
+		}
 
 		return $this->response($this->getMetadata($request));
 	}
 
 	// Returns metadata based on the passed Clockwork REST api request
 	public function getMetadata($request = null)
 	{
-		if (! $this->config['enable']) return $this->response(null, 404);
+		if (! $this->config['enable']) return;
+
+		$authenticator = $this->clockwork->authenticator();
+		$authenticated = $authenticator->check(isset($_SERVER['HTTP_X_CLOCKWORK_AUTH']) ? $_SERVER['HTTP_X_CLOCKWORK_AUTH'] : '');
+
+		if ($authenticated !== true) return;
 
 		if (! $request) $request = isset($_GET['request']) ? $_GET['request'] : '';
 
@@ -236,6 +254,21 @@ public function updateMetadata($request = null)
 		return $this->response();
 	}
 
+	// Authanticates access to Clockwork REST api
+	public function authenticate($request = null)
+	{
+		if (! $this->config['enable']) return;
+
+		if (! $request) $request = isset($_GET['request']) ? $_GET['request'] : '';
+
+		$token = $this->clockwork->authenticator()->attempt([
+			'username' => isset($_POST['username']) ? $_POST['username'] : '',
+			'password' => isset($_POST['password']) ? $_POST['password'] : ''
+		]);
+
+		return $this->response([ 'token' => $token ], $token ? 200 : 403);
+	}
+
 	// Returns the Clockwork Web UI as a HTTP response, installs the Web UI on the first run
 	public function returnWeb()
 	{
@@ -321,6 +354,20 @@ protected function makeStorage()
 		return $storage;
 	}
 
+	// Make an authenticator implementation based on user configuration
+	protected function makeAuthenticator()
+	{
+		$authenticator = $this->config['authentication'];
+
+		if (is_string($authenticator)) {
+			return new $authenticator;
+		} elseif ($authenticator) {
+			return new SimpleAuthenticator($this->config['authentication_password']);
+		} else {
+			return new NullAuthenticator;
+		}
+	}
+
 	// Configure serializer defaults based on user configuration
 	protected function configureSerializer()
 	{

redaxo/src/addons/debug/vendor/itsgoingd/clockwork/Clockwork/Support/Vanilla/config.php

@@ -164,6 +164,22 @@
 	// Maximum lifetime of collected metadata in minutes, older requests will automatically be deleted, false to disable
 	'storage_expiration' => isset($_ENV['CLOCKWORK_STORAGE_EXPIRATION']) ? $_ENV['CLOCKWORK_STORAGE_EXPIRATION'] : 60 * 24 * 7,
 
+	/*
+	|------------------------------------------------------------------------------------------------------------------
+	| Authentication
+	|------------------------------------------------------------------------------------------------------------------
+	|
+	| Clockwork can be configured to require authentication before allowing access to the collected data. This might be
+	| useful when the application is publicly accessible. Setting to true will enable a simple authentication with a
+	| pre-configured password. You can also pass a class name of a custom implementation.
+	|
+	*/
+
+	'authentication' => isset($_ENV['CLOCKWORK_AUTHENTICATION']) ? $_ENV['CLOCKWORK_AUTHENTICATION'] : false,
+
+	// Password for the simple authentication
+	'authentication_password' => isset($_ENV['CLOCKWORK_AUTHENTICATION_PASSWORD']) ? $_ENV['CLOCKWORK_AUTHENTICATION_PASSWORD'] : 'VerySecretPassword',
+
 	/*
 	|------------------------------------------------------------------------------------------------------------------
 	| Stack traces collection

redaxo/src/addons/phpmailer/README.de.md

@@ -153,6 +153,8 @@ Meist benötigt man keinen Level über **Server-und Client-Protokoll**, es sei d
 
 Das Addon stellt ein E-Mail-Log sowie eine E-Mail-Archivierung bereit. 
 
+> Die Nutzung dieser Funktionen sollten datenschutzrechtlich vorab geklärt werden.  
+
 ### E-Mail-Log
 
 Das E-Mail-Log findet man unter `System` > `Logdateien` > `PHPMailer`. Das Logging kann in den Einstellungen des PHPMailer-Addons in 3 Stufen eingestellt werden. 
@@ -165,13 +167,14 @@ Das Log liefert Informationen zu Zeit, Absender, Empfänger, Betreff und Meldung
 
 Das Log wird in der Datei `/redaxo/data/log/mail.log` gespeichert.
 
+
 ### E-Mail-Archivierung 
 
 Bei eingeschalteter E-Mail-Archivierung werden alle E-Mails im Ordner `/redaxo/data/addons/phpmailer/mail_log` im `.eml`-Format chronologisch nach Jahr und Monat in Unterordnern vollständig archiviert. .eml-Dateien können in gängigen E-Mail-Programmen zur Betrachtung geöffnet und importiert werden. 
+Nicht versendete E-Mails erhalten das Präfix `not_sent_`. 
 
 Das Archiv kann über den CronJob "Mailer-Archiv bereinigen" regelmäßig bereinigt werden. 
 
-
 ## Extension-Point `PHPMAILER_CONFIG`
 
 Die Konfiguration kann mittels Extension-Point überschrieben und/oder ergänzt werden.