diff --git a/CHANGELOG.md b/CHANGELOG.md index 8770a65e40..fae6502e95 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,7 +13,7 @@ This is a log of major user-visible changes in each phpMyFAQ release. - removed Webpack, now using Vite v6 (Thorsten) - migrated from Jest to vitest (Thorsten) -### phpMyFAQ v4.0.0-RC.4 - 2024-11-09 +### phpMyFAQ v4.0.0 - 2024-12-06 - changed PHP requirement to PHP 8.2 or later (Thorsten) - changed rewrite rules for Apache and nginx as mandatory requirement (Thorsten) @@ -54,6 +54,7 @@ This is a log of major user-visible changes in each phpMyFAQ release. - updated to PHPUnit v11 (Thorsten) - updated Polish translation (Zięba Bogusław Chaffinch) - updated French translation +- fixed security vulnerability (Thorsten) ### phpMyFAQ v3.2.10 - 2024-11-09 diff --git a/docs/development.md b/docs/development.md index 8f18e900aa..b72ac79963 100644 --- a/docs/development.md +++ b/docs/development.md @@ -22,8 +22,8 @@ template file. ### 6.1.2 DEBUG mode -If you want to see possible errors or the log of the SQL queries, you can enable the hidden DEBUG mode. To do so, please -set the following code in src/Bootstrap.php: +If you want to see possible errors, you can enable the hidden DEBUG mode. +To do so, please set the following code in src/Bootstrap.php: `const DEBUG = true;` diff --git a/docs/index.md b/docs/index.md index e95be388c6..d2d3c119b4 100644 --- a/docs/index.md +++ b/docs/index.md @@ -46,8 +46,7 @@ This documentation is licensed under a [Creative Commons License](http://creativ If you should run into any problems using phpMyFAQ, check out our support forums at [forum.phpmyfaq.de](https://forum.phpmyfaq.de/). -You can also use our BlueSky account [@phpmyfaq.bsky.social](https://bsky.app/profile/phpmyfaq.bsky.social) -to ask us short question. +You can also use our Bluesky account [@phpmyfaq.de](https://bsky.app/profile/phpmyfaq.de) to ask us short question. There is no free support by phone or email, please refrain from calling or mailing us. The phpMyFAQ team offers the following paid services: diff --git a/docs/update.md b/docs/update.md index e993864e9b..289c490fbc 100644 --- a/docs/update.md +++ b/docs/update.md @@ -132,6 +132,11 @@ Then go to the "phpMyFAQ Update" page in the configuration section click through 5. Install downloaded package: first, it creates a backup of your current installation, then it copies the downloaded files into your installation and in the end, the database is updated +Note: +The online update feature is experimental and might not work in all environments. +For example, if you're running phpMyFAQ in a subdirectory, the online update will break your RewriteBase path in the +.htaccess file. + ## Modifying templates for phpMyFAQ 4.1 We recommend you take a look at the main [Bootstrap documentation](https://getbootstrap.com/). diff --git a/phpmyfaq/admin/assets/src/configuration/upgrade.js b/phpmyfaq/admin/assets/src/configuration/upgrade.js index 3d87a7c031..a0ef6a0c75 100644 --- a/phpmyfaq/admin/assets/src/configuration/upgrade.js +++ b/phpmyfaq/admin/assets/src/configuration/upgrade.js @@ -261,7 +261,6 @@ const installPackage = async () => { progressBarInstallation.style.width = '100%'; progressBarInstallation.innerText = '100%'; progressBarInstallation.classList.remove('progress-bar-animated'); - card.classList.add('text-bg-success'); return; } else { progressBarInstallation.style.width = JSON.parse(JSON.stringify(decodedValue)).progress; diff --git a/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php b/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php index 4868086fc1..788010e507 100644 --- a/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php +++ b/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php @@ -62,7 +62,7 @@ class Mysqli implements DatabaseDriver */ public function connect( string $host, - string $user, + #[\SensitiveParameter] string $user, #[SensitiveParameter] string $password, string $database = '', int|null $port = null diff --git a/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php b/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php index c4dabb10fa..97acec522e 100644 --- a/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php +++ b/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php @@ -48,7 +48,7 @@ class Pgsql implements DatabaseDriver /** * The connection resource. */ - private Connection|null $conn = null; + private Connection|bool $conn = false; /** * Connects to the database. @@ -61,8 +61,8 @@ class Pgsql implements DatabaseDriver */ public function connect( string $host, - string $user, - string $password, + #[\SensitiveParameter] string $user, + #[\SensitiveParameter] string $password, string $database = '', int|null $port = null ): ?bool { @@ -75,10 +75,18 @@ public function connect( $password ); - $this->conn = pg_connect($connectionString); + try { + $this->conn = pg_connect($connectionString); - if ($database === '' || !$this->conn) { - Database::errorPage(pg_last_error($this->conn)); + if ($this->conn === false) { + throw new Exception('No PostgreSQL connection opened yet'); + } + + if ($database === '') { + throw new Exception('Database name is empty'); + } + } catch (Exception $e) { + Database::errorPage($e->getMessage()); die(); } diff --git a/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php b/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php index 84ef73c264..285a4116c4 100644 --- a/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php +++ b/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php @@ -65,7 +65,7 @@ class Sqlite3 implements DatabaseDriver public function connect( string $host, string $user, - string $password, + #[\SensitiveParameter] string $password, string $database = '', int|null $port = null ): ?bool { diff --git a/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php b/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php index 3454e5d2fe..36d2354d98 100644 --- a/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php +++ b/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php @@ -57,8 +57,8 @@ class Sqlsrv implements DatabaseDriver */ public function connect( string $host, - string $user, - string $password, + #[\SensitiveParameter] string $user, + #[\SensitiveParameter] string $password, string $database = '', int|null $port = null ): ?bool {