Merge branch '4.x' into pr/7617

statamic · Feb 24, 2024 · e39db24 · e39db24
2 parents b54cb0a + 63bbdb4
commit e39db24
Show file tree

Hide file tree

Showing 781 changed files with 11,697 additions and 2,071 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -45,8 +45,8 @@ body:
       label: Antlers Parser
       description: If using 3.3+, which Antlers Parser are you using?
       options:
-        - regex (default)
-        - runtime (new)
+        - Runtime (default)
+        - Regex (legacy)
     validations:
       required: false
   - type: textarea

diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,15 @@
+First of all, thank _you_ 🫵 for taking the time to contribute to Statamic, we really appreciate it! 💜
+
+Please take 30 seconds to read the following so we can be as efficient as possible when reviewing and considering merging PRs:
+
+1️⃣ Is this your first PR? If so, please read our [contribution guide](https://statamic.dev/contribution-guide) first.
+
+2️⃣ Please make sure to create a new branch for your PR.
+
+3️⃣ Typically you should target the branch of the most current release, e.g. `4.x`, unless your PR includes a breaking change, in which case you should target the `master` branch for the next major release.
+
+4️⃣ We _really_ appreciate it if your PR includes tests. This makes it much easier for us to review, merge, and release. A PR with tests is usually reviewed and merged 5x-10x faster.
+
+5️⃣ If your PR introduce a new feature, adds to an existing one, or changes current behavior, please **open an issue for it in the [statamic/docs](https://github.com/statamic/docs/issues) repo referencing your PR**. A simple "Goes along with statamic/cms#9000" is enough. Otherwise it's really easy to forget and no will ever become aware of your ✨ sparkling ✨ invention if it's not documented.
+
+6️⃣ Remove this placeholder text and replace it with a description of what this PR is doing.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -40,7 +40,7 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v36
+        uses: tj-actions/changed-files@v42
         with:
           files: |
             config
@@ -58,7 +58,9 @@ jobs:
       - name: Determine whether tests should run
         id: should-run-tests
         if: steps.changed-files.outputs.any_modified == 'true' || github.event_name == 'schedule'
-        run: echo "result=true" >> $GITHUB_OUTPUT
+        run: |
+          echo "result=true" >> $GITHUB_OUTPUT
+          echo "result=true" >> $env:GITHUB_OUTPUT
 
       - name: Update apt sources
         if: steps.should-run-tests.outputs.result == 'true' && matrix.os == 'ubuntu-latest'
@@ -108,16 +110,19 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v36
+        uses: tj-actions/changed-files@v42
         with:
           files: |
             **.{js,vue,ts}
             package.json
+            .github/workflows/tests.yml
 
       - name: Determine whether tests should run
         id: should-run-tests
         if: steps.changed-files.outputs.any_modified == 'true' || github.event_name == 'schedule'
-        run: echo "result=true" >> $GITHUB_OUTPUT
+        run: |
+          echo "result=true" >> $GITHUB_OUTPUT
+          echo "result=true" >> $env:GITHUB_OUTPUT
 
       - name: Install required npm version
         if: steps.should-run-tests.outputs.result == 'true'

diff --git a/.gitignore b/.gitignore
@@ -4,6 +4,7 @@
 node_modules
 .DS_Store
 .phpunit.result.cache
+.phpunit.cache
 .php-cs-fixer.cache
 tests/Fakes/Composer/Package/test-package/composer.json
 resources/dist

diff --git a/CHANGELOG.md b/CHANGELOG.md
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -83,6 +83,8 @@ We welcome new translations and updates! Please follow [these instructions](http
 
 Pull requests should clearly describe the problem and solution. Include the relevant issue number if there is one. If the pull request fixes a bug, it should include a new test case that demonstrates the issue, if possible.
 
+Creating a pull request that introduces a new feature or changes current behavior? Please open an issue referencing your PR in the [statamic/docs](https://github.com/statamic/docs/issues) repo. No need to write the docs yourself. We'll take care of that for you. Any hints or bullet points are appreciated though!
+
 PR titles should include the major version number they're targeted at — e.g. [4.x] or [3.x].
 
 <br>

diff --git a/SECURITY.md b/SECURITY.md
@@ -11,7 +11,7 @@ While working to identify potential security vulnerabilities in Statamic, we ask
 ## Scope
 We are only interested in vulnerabilities that affect Statamic itself, tested against **your own local installation** of the software, running the latest version. You can install a local copy of Statamic by following these [installation instructions](https://statamic.dev/installing). Do not test against any Statamic installation that you don’t own, including [statamic.com](https:/statamic.com) or [statamic.dev](https://statamic.dev).
 
-### Qualifying Vulnerabilities
+### Potentially Qualifying Vulnerabilities
 
 - [Cross-Site Scripting (XSS)](https://en.wikipedia.org/wiki/Cross-site_scripting)
 - [Cross-Site Request Forgery (CSRF)](https://en.wikipedia.org/wiki/Cross-site_request_forgery)
@@ -22,19 +22,19 @@ We are only interested in vulnerabilities that affect Statamic itself, tested ag
 
 ### Non-Qualifying Vulnerabilities
 
+- XSS vectors or bugs that rely on an unlikely user interaction (i.e. a privileged user attacking themselves or their own site)
 - Reports from automated tools or scanners
 - Theoretical attacks without actual proof of exploitability
 - Attacks that can be guarded against by following our security recommendations.
 - Server configuration issues outside of Statamic’s control
 - [Denial of Service](https://en.wikipedia.org/wiki/Denial-of-service_attack) attacks
-- [Brute force attacks](https://en.wikipedia.org/wiki/Brute-force_attack) (e.g. on password or
+- [Brute force attacks](https://en.wikipedia.org/wiki/Brute-force_attack) (e.g. on password or email address)
 - Username or email address enumeration
-- Social engineering of Wilderborn staff or users of Statamic installations
+- Social engineering of Statamic staff or users of Statamic installations
 - Physical attacks against Statamic installations
 - Attacks involving physical access to a user’s device, or involving a device or network that is already seriously compromised (e.g. [man-in-the-middle attacks](https://en.wikipedia.org/wiki/Man-in-the-middle_attack))
 - Attacks that are the result of a 3rd party Statamic addon should be reported to the addon’s author
 - Attacks that are the result of a 3rd party library should be reported to the library maintainers
-- Bugs that rely on an unlikely user interaction (i.e. the user effectively attacking themselves)
 - Disclosure of tools or libraries used by Statamic and/or their versions
 - Issues that are the result of a user doing something silly (like sharing their password publicly)
 - Missing security headers which do not lead directly to a vulnerability via proof of concept

diff --git a/composer.json b/composer.json
@@ -37,12 +37,13 @@
         "wilderborn/partyline": "^1.0"
     },
     "require-dev": {
+        "doctrine/dbal": "^3.6",
         "fakerphp/faker": "~1.10",
         "google/cloud-translate": "^1.6",
         "laravel/pint": "^1.0",
         "mockery/mockery": "^1.3.3",
         "orchestra/testbench": "^7.0 || ^8.0",
-        "phpunit/phpunit": "^9.0"
+        "phpunit/phpunit": "^9.0 || ^10.0"
     },
     "config": {
         "optimize-autoloader": true,

diff --git a/config/assets.php b/config/assets.php
@@ -198,4 +198,16 @@
 
     'lowercase' => true,
 
+    /*
+    |--------------------------------------------------------------------------
+    | Additional Uploadable Extensions
+    |--------------------------------------------------------------------------
+    |
+    | Statamic will only allow uploads of certain approved file extensions.
+    | If you need to allow more file extensions, you may add them here.
+    |
+    */
+
+    'additional_uploadable_extensions' => [],
+
 ];
diff --git a/config/editions.php b/config/editions.php
@@ -2,7 +2,7 @@
 
 return [
 
-    'pro' => false,
+    'pro' => env('STATAMIC_PRO_ENABLED', false),
 
     'addons' => [
         //

diff --git a/config/system.php b/config/system.php
@@ -108,7 +108,7 @@
     */
 
     'php_memory_limit' => '-1',
-    'php_max_execution_time' => '-1',
+    'php_max_execution_time' => '0',
     'ajax_timeout' => '600000',
     'pcre_backtrack_limit' => '-1',
 

diff --git a/config/users.php b/config/users.php
@@ -131,7 +131,9 @@
     'tables' => [
         'users' => 'users',
         'role_user' => 'role_user',
+        'roles' => false,
         'group_user' => 'group_user',
+        'groups' => false,
     ],
 
     /*
-Original file line number
+Diff line change
@@ Expand Up @@
     Pull requests should clearly describe the problem and solution. Include the relevant issue number if there is one. If the pull request fixes a bug, it should include a new test case that demonstrates the issue, if possible.
+    Creating a pull request that introduces a new feature or changes current behavior? Please open an issue referencing your PR in the [statamic/docs](https://github.com/statamic/docs/issues) repo. No need to write the docs yourself. We'll take care of that for you. Any hints or bullet points are appreciated though!
     PR titles should include the major version number they're targeted at — e.g. [4.x] or [3.x].
     <br>
@@ Expand Down @@