Auto update migrations

actions/HeaderAction.php

@@ -29,7 +29,7 @@ public function run()
                 $output .= '<b><a href="'.$this->wiki->Href(
                     '',
                     'GererMisesAJour',
-                    ['upgrade' =>  THEME_PAR_DEFAUT ]
+                    ['action' => 'upgrade', 'package' => THEME_PAR_DEFAUT]
                 )
                     .'" title="'.$text.'">'.$text.'</a></b></div>';
                 return $output ; // because an admin can see all website without theme

docker/entrypoint.sh

@@ -5,4 +5,5 @@ source /home/yeswiki/.nvm/nvm.sh
 nvm use 20
 corepack enable
 yarn install
+./yeswicli migrate
 php-fpm

docs/fr/admin.md

@@ -43,9 +43,9 @@ Vous pouvez voir ici la version du wiki et s'il s'agit de la toute dernière.
 Si vous êtes identifié.e comme administrateurice vous pouvez faire les mises à jour, une procédure de sauvegarde sera lancée
 
 Astuces :
- - mettre à jour YesWiki mais aussi les thèmes et les tools (extensions)
- - une mise à jour se fait en plusieurs étapes : il est nécessaire de cliquer sur "Finaliser la mise à jour (lancer les actions de post-installation)" puis sur "Mettre à jour les pages de gestion"
- - n'hésitez pas à **mettre à jour les pages de gestion**
+
+- mettre à jour YesWiki mais aussi les thèmes et les tools (extensions)
+- n'hésitez pas à **mettre à jour les pages de gestion**
 
 **Sauvegardes**
 

includes/YesWikiInit.php

@@ -220,7 +220,6 @@ public function getConfig($wakkaConfig = array())
             'default_write_acl' => '*',
             'default_read_acl' => '*',
             'default_comment_acl' => 'comments-closed',
-            'default_comment_acl_updated' => false,
             'comments_activated' => true,
             'comments_handler' => 'yeswiki',
             'preview_before_save' => false,

includes/YesWikiMigration.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace YesWiki\Core;
+
+use YesWiki\Core\Service\DbService;
+use YesWiki\Wiki;
+
+abstract class YesWikiMigration
+{
+    protected $wiki;
+    protected $dbService;
+
+    public function setWiki(Wiki $wiki): void
+    {
+        $this->wiki = $wiki;
+    }
+
+    public function setDbService(DbService $dbService): void
+    {
+        $this->dbService = $dbService;
+    }
+
+    /**
+     * give service from name
+     * @param string $className
+     * @return mixed
+     */
+    protected function getService(string $className)
+    {
+        return $this->wiki->services->get($className);
+    }
+}

includes/commands/ArchiveCommand.php

@@ -11,9 +11,6 @@
 
 class ArchiveCommand extends Command
 {
-    // the name of the command (the part after "bin/console")
-    protected static $defaultName = 'core:archive';
-
     protected $archiveService;
     protected $wiki;
 
@@ -27,13 +24,14 @@ public function __construct(Wiki &$wiki)
     protected function configure()
     {
         $this
-            // the short description shown while running "php bin/console list"
+            ->setName('core:archive')
+            // the short description shown while running "./yeswicli list"
             ->setDescription('Create archive of the YesWiki.')
 
             // the full command description shown when running the command with
             // the "--help" option
-            ->setHelp("Create archive of the YesWiki.\n".
-                "To save only the database use '--database-only'\n".
+            ->setHelp("Create archive of the YesWiki.\n" .
+                "To save only the database use '--database-only'\n" .
                 "To save only the files use '--files-only'\n")
 
             ->addOption('database-only', 'd', InputOption::VALUE_NONE, 'Save only the database of the YesWiki')
@@ -82,4 +80,4 @@ private function prepareFileList($list): array
         }
         return $list;
     }
-}
+}

includes/commands/DbCommand.php

@@ -14,9 +14,6 @@
 
 class DbCommand extends Command
 {
-    // the name of the command (the part after "php includes/commands/console")
-    protected static $defaultName = 'core:exportdb';
-
     protected $consoleService;
     protected $params;
     protected $wiki;
@@ -32,12 +29,13 @@ public function __construct(Wiki &$wiki)
     protected function configure()
     {
         $this
-            // the short description shown while running "php includes/commands/console list"
+            ->setName('core:exportdb')
+            // the short description shown while running "./yeswicli list"
             ->setDescription('Manage database of the YesWiki.')
 
             // the full command description shown when running the command with
             // the "--help" option
-            ->setHelp("Manage database of the YesWiki.\n".
+            ->setHelp("Manage database of the YesWiki.\n" .
                 "To test use '--test'\n")
 
             ->addOption('test', 't', InputOption::VALUE_NONE, 'Test the connection to mysqldump (return OK/NOK)')
@@ -80,7 +78,7 @@ private function getDbParams(): array
             list($hostname, $port) = explode(':', $hostname);
         }
         if (!empty($port) && strval(intval($port)) == strval($port)) {
-            $hostArg = ["--host=$hostname","--port=$port"];
+            $hostArg = ["--host=$hostname", "--port=$port"];
         } else {
             $hostArg = ["--host=$hostname"];
         }
@@ -96,7 +94,7 @@ private function getDbParams(): array
 
         $password = $this->params->get('mysql_password');
         $this->assertParamIsString('mysql_password', $password);
-        return compact(['hostArg','databasename','tablePrefix','username','password']);
+        return compact(['hostArg', 'databasename', 'tablePrefix', 'username', 'password']);
     }
 
     /**
@@ -109,7 +107,7 @@ private function getDbParams(): array
      */
     private function export(OutputInterface $output, string $filepath): int
     {
-        $realFilePath = realpath(dirname($filepath)).DIRECTORY_SEPARATOR.basename($filepath);
+        $realFilePath = realpath(dirname($filepath)) . DIRECTORY_SEPARATOR . basename($filepath);
         extract($this->getDbParams());
         try {
             $results = $this->consoleService->findAndStartExecutableSync(
@@ -216,15 +214,15 @@ private function getErr($results): string
 
     private function getExtaDirs(): array
     {
-        return '\\' === DIRECTORY_SEPARATOR ? ["c:\\xampp\\mysql\\bin\\"] : ["/usr/bin/","/usr/local/bin/"];
+        return '\\' === DIRECTORY_SEPARATOR ? ["c:\\xampp\\mysql\\bin\\"] : ["/usr/bin/", "/usr/local/bin/"];
     }
 
     /**
-    * assert param is a not empty string
-    * @param string $name
-    * @param mixed $param
-    * @throws Exception
-    */
+     * assert param is a not empty string
+     * @param string $name
+     * @param mixed $param
+     * @throws Exception
+     */
     protected function assertParamIsNotEmptyString(string $name, $param)
     {
         if (empty($param)) {
@@ -245,4 +243,4 @@ protected function assertParamIsString(string $name, $param)
             throw new Exception("'$name' should be a string in 'wakka.config.php'");
         }
     }
-}
+}

includes/commands/TestConsoleServiceCommand.php

@@ -11,9 +11,6 @@
 
 class TestConsoleServiceCommand extends Command
 {
-    // the name of the command (the part after "bin/console")
-    protected static $defaultName = 'core:testconsoleservice';
-
     protected $wiki;
 
     public function __construct(Wiki &$wiki)
@@ -25,7 +22,8 @@ public function __construct(Wiki &$wiki)
     protected function configure()
     {
         $this
-            // the short description shown while running "php bin/console list"
+            ->setName('core:testconsoleservice')
+            // the short description shown while running "./yeswicli list"
             ->setDescription('Offer tests for ConsoleService.')
 
             // the full command description shown when running the command with
@@ -64,7 +62,7 @@ protected function execute(InputInterface $input, OutputInterface $output)
             exit();
         } else {
             $consoleService = $this->wiki->services->get(ConsoleService::class);
-            $consoleService->startConsoleAsync('core:testconsoleservice', ["-f",$file,"-t",$childtext,"-w",$wait]);
+            $consoleService->startConsoleAsync('core:testconsoleservice', ["-f", $file, "-t", $childtext, "-w", $wait]);
             $this->writeToFile("cache/$file", $text);
             exit();
         }
@@ -75,4 +73,4 @@ private function writeToFile(string $file, string $content)
     {
         file_put_contents($file, $content, FILE_APPEND);
     }
-}
+}

includes/controllers/ApiController.php

@@ -28,6 +28,7 @@
 use YesWiki\Core\Service\ReactionManager;
 use YesWiki\Core\Service\TripleStore;
 use YesWiki\Core\YesWikiController;
+use YesWiki\Security\Controller\SecurityController;
 
 class ApiController extends YesWikiController
 {
@@ -39,34 +40,34 @@ public function getDocumentation()
         $output = '<h1>YesWiki API</h1>';
 
         $urlUser = $this->wiki->Href('', 'api/users');
-        $output .= '<h2>'._t('USERS').'</h2>'."\n".
-            '<p><code>GET '.$urlUser.'</code></p>';
+        $output .= '<h2>' . _t('USERS') . '</h2>' . "\n" .
+            '<p><code>GET ' . $urlUser . '</code></p>';
 
         $urlGroup = $this->wiki->Href('', 'api/groups');
-        $output .= '<h2>'._t('GROUPS').'</h2>'."\n".
-            '<p><code>GET '.$urlGroup.'</code></p>';
+        $output .= '<h2>' . _t('GROUPS') . '</h2>' . "\n" .
+            '<p><code>GET ' . $urlGroup . '</code></p>';
 
         $urlPages = $this->wiki->Href('', 'api/pages');
-        $output .= '<h2>'._t('PAGES').'</h2>'."\n".
-            '<p><code>GET '.$urlPages.'</code></p>';
+        $output .= '<h2>' . _t('PAGES') . '</h2>' . "\n" .
+            '<p><code>GET ' . $urlPages . '</code></p>';
         $urlPagesComments = $this->wiki->Href('', 'api/pages/{pageTag}/comments');
-        $output .= '<p><code>GET '.$urlPagesComments.'</code></p>';
+        $output .= '<p><code>GET ' . $urlPagesComments . '</code></p>';
 
         $urlComments = $this->wiki->Href('', 'api/comments');
-        $output .= '<h2>'._t('COMMENTS').'</h2>'."\n".
-            '<p><code>GET '.$urlComments.'</code></p>';
+        $output .= '<h2>' . _t('COMMENTS') . '</h2>' . "\n" .
+            '<p><code>GET ' . $urlComments . '</code></p>';
 
         $urlTriples = $this->wiki->Href('', 'api/triples/{resource}', ['property' => 'http://outils-reseaux.org/_vocabulary/type', 'user' => 'username'], false);
-        $output .= '<h2>'._t('TRIPLES').'</h2>'."\n".
-            '<p><code>GET '.$urlTriples.'</code></p>';
+        $output .= '<h2>' . _t('TRIPLES') . '</h2>' . "\n" .
+            '<p><code>GET ' . $urlTriples . '</code></p>';
 
         $urlArchives = $this->wiki->Href('', 'api/archives');
-        $output .= '<h2>'._t('ARCHIVES').'</h2>'."\n".
-            '<p>'._t('ONLY_FOR_ADMINS').'</p>'.
-            '<p><code>GET '.$urlArchives.'</code></p>'.
-            '<p><code>GET '.$urlArchives.'/{id}</code></p>'.
-            '<p><code>POST '.$urlArchives.'</code></p>'.
-            '<p><code>POST '.$urlArchives.'/{id}</code></p>';
+        $output .= '<h2>' . _t('ARCHIVES') . '</h2>' . "\n" .
+            '<p>' . _t('ONLY_FOR_ADMINS') . '</p>' .
+            '<p><code>GET ' . $urlArchives . '</code></p>' .
+            '<p><code>GET ' . $urlArchives . '/{id}</code></p>' .
+            '<p><code>POST ' . $urlArchives . '</code></p>' .
+            '<p><code>POST ' . $urlArchives . '/{id}</code></p>';
 
         // TODO use annotations to document the API endpoints
         $extensions = $this->wiki->extensions;
@@ -86,7 +87,7 @@ public function getDocumentation()
                 }
             }
             if (empty($response)) {
-                $func = 'documentation'.ucfirst(strtolower($extension));
+                $func = 'documentation' . ucfirst(strtolower($extension));
                 if (function_exists($func)) {
                     $output .= $func();
                 }
@@ -95,7 +96,7 @@ public function getDocumentation()
             }
         }
 
-        $output = $this->wiki->Header().'<div class="api-container">'.$output.'</div>'.$this->wiki->Footer();
+        $output = $this->wiki->Header() . '<div class="api-container">' . $output . '</div>' . $this->wiki->Footer();
 
         return new Response($output);
     }
@@ -553,7 +554,7 @@ public function addReactionFromUser()
                                 // test if limits wherer put
                                 if (!empty($params['maxreaction']) && count($userReactions) >= $params['maxreaction']) {
                                     return new ApiResponse(
-                                        ['error' => 'Seulement '.$params['maxreaction'].' réaction(s) possible(s). Vous pouvez désélectionner une de vos réactions pour changer.'],
+                                        ['error' => 'Seulement ' . $params['maxreaction'] . ' réaction(s) possible(s). Vous pouvez désélectionner une de vos réactions pour changer.'],
                                         Response::HTTP_UNAUTHORIZED
                                     );
                                 } else {
@@ -581,7 +582,7 @@ public function addReactionFromUser()
                             }
                         }
                         return new ApiResponse(
-                            ['error' => "'".strval($_POST['reactionid']) . "' n'est pas une réaction déclarée sur la page '".strval($_POST['pagetag'])."'"],
+                            ['error' => "'" . strval($_POST['reactionid']) . "' n'est pas une réaction déclarée sur la page '" . strval($_POST['pagetag']) . "'"],
                             Response::HTTP_INTERNAL_SERVER_ERROR
                         );
                     } else {
@@ -801,14 +802,11 @@ private function extractTriplesParams(string $method, $resource): array
                 Response::HTTP_BAD_REQUEST
             );
         } else {
-            $property = filter_input($method, 'property', FILTER_UNSAFE_RAW);
-            $property = in_array($property, [false,null], true) ? "" : htmlspecialchars(strip_tags($property));
+            $property = $this->getService(SecurityController::class)->filterInput($method, 'property', FILTER_SANITIZE_STRING);
             if (empty($property)) {
                 $property = null;
             }
-
-            $username = filter_input($method, 'user', FILTER_UNSAFE_RAW);
-            $username = in_array($username, [false,null], true) ? "" : htmlspecialchars(strip_tags($username));
+            $username = $this->getService(SecurityController::class)->filterInput($method, 'user', FILTER_SANITIZE_STRING);
             if (empty($username)) {
                 if (!$this->wiki->UserIsAdmin()) {
                     $username = $this->getService(AuthController::class)->getLoggedUser()['name'];

includes/controllers/ArchiveController.php

@@ -7,6 +7,7 @@
 use YesWiki\Core\ApiResponse;
 use YesWiki\Core\Service\ArchiveService;
 use YesWiki\Core\YesWikiController;
+use YesWiki\Security\Service\SecurityController;
 
 class ArchiveController extends YesWikiController
 {
@@ -26,7 +27,7 @@ public function getArchive(string $id)
         $filePath = $this->archiveService->getFilePath($id);
         if (empty($filePath)) {
             return new ApiResponse(
-                ['error' => "Not existing file ".htmlspecialchars($id)],
+                ['error' => "Not existing file " . htmlspecialchars($id)],
                 Response::HTTP_BAD_REQUEST
             );
         } else {
@@ -63,8 +64,7 @@ public function getArchive(string $id)
 
     public function manageArchiveAction(?string $id = null)
     {
-        $action = filter_input(INPUT_POST, 'action', FILTER_UNSAFE_RAW);
-        $action = in_array($action, [false,null], true) ? "" : htmlspecialchars(strip_tags($action));
+        $action = $this->getService(SecurityController::class)->filterInput(INPUT_POST, 'action', FILTER_SANITIZE_STRING);
         switch ($action) {
             case 'delete':
                 if (!empty($id)) {

includes/controllers/CsrfTokenController.php

@@ -7,6 +7,7 @@
 use Symfony\Component\Security\Csrf\CsrfToken;
 use Symfony\Component\Security\Csrf\CsrfTokenManager;
 use YesWiki\Core\YesWikiController;
+use YesWiki\Security\Controller\SecurityController;
 
 class CsrfTokenController extends YesWikiController
 {
@@ -37,13 +38,10 @@ public function checkToken(string $name, string $inputType, string $inputKey, bo
         }
         switch ($inputType) {
             case 'GET':
-                $inputToken = filter_input(INPUT_GET, $inputKey, FILTER_UNSAFE_RAW);
-                $inputToken = in_array($inputToken, [false,null], true) ? $inputToken : htmlspecialchars(strip_tags($inputToken));
+                $inputToken = $this->getService(SecurityController::class)->filterInput(INPUT_GET, $inputKey, FILTER_SANITIZE_STRING);
                 break;
-
             case 'POST':
-                $inputToken = filter_input(INPUT_POST, $inputKey, FILTER_UNSAFE_RAW);
-                $inputToken = in_array($inputToken, [false,null], true) ? $inputToken : htmlspecialchars(strip_tags($inputToken));
+                $inputToken = $this->getService(SecurityController::class)->filterInput(INPUT_POST, $inputKey, FILTER_SANITIZE_STRING);
                 break;
 
             default:

includes/migrations/0000000000000_DemoMigration.php

@@ -0,0 +1,12 @@
+<?php
+use YesWiki\Core\YesWikiMigration;
+
+class DemoMigration extends YesWikiMigration
+{
+    public function run()
+    {
+        // your code goes here
+        // $this->dbService is available
+        // $this->wiki is also available, so you can get other services if needed
+    }
+}