Merge branch 'master' into develop

2025-01-17 14:18:27 +01:00 · 2020-10-02 15:56:56 +02:00 · 2020-10-02 15:56:56 +02:00 · 699d970926
commit 699d970926
parent e09e96c3ce 2515488e42
5 changed files with 18 additions and 8 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,8 +7,12 @@ HumHub Changelog
 This release also brings a [security update](https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj) of the Yii2 framework. HumHub itself and the modules provided by our offical marketplace are not affected by this bug.

 - Fix #4361: Added missing nonce attribute in inline marketplace script
+- Fix #4363: Open file modal throws permission denied for unauthenticated users in guest mode
 - Fix #4371: Word break issue in notification dropdown
+- Fix #4355: Fixed error when authclient not providing an id attribute
 - Fix #4384: Upgrade to Yii 2.0.38
+- Fix #4403: Space Picker Double HTML Encode
+- Fix #4385: Tour broken when profile start page is changed


 1.6.3 (September 9, 2020)
--- a/protected/humhub/modules/file/controllers/ViewController.php
+++ b/protected/humhub/modules/file/controllers/ViewController.php
@ -30,7 +30,7 @@ class ViewController extends \humhub\components\Controller
        return [
            'acl' => [
                'class' => AccessControl::class,
-                'guestAllowedActions' => ['view']
+                'guestAllowedActions' => ['index']
            ],
        ];
    }
--- a/protected/humhub/modules/space/widgets/SpacePickerField.php
+++ b/protected/humhub/modules/space/widgets/SpacePickerField.php
@ -52,7 +52,7 @@ class SpacePickerField extends BasePicker
     */
    protected function getItemText($item)
    {
-        return Html::encode($item->getDisplayName());
+        return $item->getDisplayName();
    }

    /**
--- a/protected/humhub/modules/user/authclient/AuthClientHelpers.php
+++ b/protected/humhub/modules/user/authclient/AuthClientHelpers.php
@ -38,12 +38,16 @@ class AuthClientHelpers
            return $authClient->getUser();
        }

+        if (isset($attributes['id'])) {
            $auth = Auth::find()->where(['source' => $authClient->getId(), 'source_id' => $attributes['id']])->one();
            if ($auth !== null) {
                return $auth->user;
            }
        }

+        return null;
+    }
+
    /**
     * Stores an authClient to an user record
     *
@ -57,7 +61,7 @@ class AuthClientHelpers
        if ($authClient instanceof interfaces\PrimaryClient) {
            $user->auth_mode = $authClient->getId();
            $user->save();
-        } else {
+        } elseif (isset($attributes['id'])) {
            $auth = Auth::findOne(['source' => $authClient->getId(), 'source_id' => $attributes['id']]);

            /**
@ -70,7 +74,7 @@ class AuthClientHelpers


            if ($auth === null) {
-                $auth = new \humhub\modules\user\models\Auth([
+                $auth = new Auth([
                    'user_id' => $user->id,
                    'source' => (string)$authClient->getId(),
                    'source_id' => (string)$attributes['id'],
@ -78,6 +82,8 @@ class AuthClientHelpers

                $auth->save();
            }
+        } else {
+            Yii::error('Could not store auth client without given ID attribute. User: ' . $user->displayName . ' (' . $user->id . ')', 'user');
        }
    }

--- a/protected/humhub/modules/user/widgets/UserPickerField.php
+++ b/protected/humhub/modules/user/widgets/UserPickerField.php
@ -95,7 +95,7 @@ class UserPickerField extends BasePicker
     */
    protected function getItemText($item)
    {
-        return Html::encode($item->displayName);
+        return $item->displayName;
    }

    /**