Merge branch '4.0' into 'main'

Author: thorsten

phpmyfaq/assets/templates/default/ucp.twig

@@ -253,6 +253,7 @@
         </div>
       </form>
 
+      {% if webauthnSupportEnabled %}
       <!-- Passkey -->
       <div class="card shadow mb-4">
         <div class="card-header py-3">
@@ -290,6 +291,7 @@
           </form>
         </div>
       </div>
+      {% endif %}
 
 
     </div>

phpmyfaq/attachment.php

@@ -26,6 +26,7 @@
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Loader\PhpFileLoader;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\StreamedResponse;
 
 if (!defined('IS_VALID_PHPMYFAQ')) {
     http_response_code(400);
@@ -113,11 +114,27 @@
     $attachment && $attachment->getRecordId() > 0 && ($faqConfig->get('records.allowDownloadsForGuests') ||
         (($groupPermission || ($groupPermission && $userPermission)) && isset($permission['dlattachment'])))
 ) {
-    try {
+    $response = new StreamedResponse(function () use ($attachment) {
         $attachment->rawOut();
-    } catch (AttachmentException|ErrorException $e) {
-        $attachmentErrors[] = $e->getMessage();
+    });
+
+    $response->headers->set('Content-Type', $attachment->getMimeType());
+    $response->headers->set('Content-Length', $attachment->getFilesize());
+
+    if ($attachment->getMimeType() === 'application/pdf') {
+        $response->headers->set(
+            'Content-Disposition',
+            'inline; filename="' . rawurlencode($attachment->getFilename()) . '"'
+        );
+    } else {
+        $response->headers->set(
+            'Content-Disposition',
+            'attachment; filename="' . rawurlencode($attachment->getFilename()) . '"'
+        );
     }
+
+    $response->headers->set('Content-MD5', $attachment->getRealHash());
+    $response->send();
 } else {
     $attachmentErrors[] = Translation::get('msgAttachmentInvalid');
 }

phpmyfaq/src/phpMyFAQ/Attachment/AbstractAttachment.php

@@ -96,14 +96,14 @@ abstract class AbstractAttachment
     /**
      * Constructor.
      *
-     * @param mixed $id attachment id
+     * @param mixed $attachmentId attachment id
      */
-    public function __construct(mixed $id = null)
+    public function __construct(mixed $attachmentId = null)
     {
         $this->db = Database::getInstance();
 
-        if (null !== $id) {
-            $this->id = $id;
+        if (null !== $attachmentId) {
+            $this->id = $attachmentId;
             $this->getMeta();
         }
     }
@@ -173,7 +173,7 @@ public function setKey(?string $key, bool $default = true): void
         $this->key = $key;
         $this->encrypted = null !== $key;
         // Not default means the key was set explicitly
-        // for this attachment, so lets hash it
+        // for this attachment, so let's hash it
         if (!$this->encrypted) {
             return;
         }
@@ -204,9 +204,9 @@ public function getId(): int
     /**
      * Sets attachment id.
      */
-    public function setId(int $id): void
+    public function setId(int $attachmentId): void
     {
-        $this->id = $id;
+        $this->id = $attachmentId;
     }
 
     /**
@@ -220,11 +220,11 @@ public function getRecordId(): int
     /**
      * Set record id.
      *
-     * @param int $id record id
+     * @param int $recordId record id
      */
-    public function setRecordId(int $id): void
+    public function setRecordId(int $recordId): void
     {
-        $this->recordId = $id;
+        $this->recordId = $recordId;
     }
 
     /**
@@ -268,34 +268,33 @@ public function saveMeta(): int
         return $this->id;
     }
 
-    /**
-     * Returns filename.
-     */
     public function getFilename(): string
     {
         return $this->filename;
     }
 
-    /**
-     * Returns the MIME type
-     */
     public function getMimeType(): string
     {
         return $this->mimeType;
     }
 
+    public function getFilesize(): int
+    {
+        return $this->filesize;
+    }
+
+    public function getRealHash(): string
+    {
+        return $this->realHash;
+    }
+
     /**
      * Update several meta things after it was saved.
      */
     protected function postUpdateMeta(): void
     {
         $sql = sprintf(
-            "
-            UPDATE
-                %sfaqattachment
-            SET virtual_hash = '%s',
-                mime_type = '%s'
-            WHERE id = %d",
+            "UPDATE %sfaqattachment SET virtual_hash = '%s', mime_type = '%s' WHERE id = %d",
             Database::getTablePrefix(),
             $this->db->escape($this->virtualHash),
             $this->readMimeType(),
@@ -320,14 +319,11 @@ protected function readMimeType(): string
     /**
      * Generate hash based on current conditions.
      *
-     * @return string
-     *
+     * @return string|null NOTE The way a file is saved in the filesystem
      * NOTE The way a file is saved in the filesystem
      * is based on md5 hash. If the file is unencrypted,
-     * it's md5 hash is used directly, otherwise a
+     *  it md5 hash is used directly, otherwise a
      * hash based on several tokens gets generated.
-     *
-     * @return string|null
      * @throws AttachmentException
      */
     protected function mkVirtualHash(): ?string

phpmyfaq/src/phpMyFAQ/Attachment/AttachmentInterface.php

@@ -28,30 +28,27 @@ interface AttachmentInterface
      * Save current attachment to the appropriate storage.
      *
      * @param string $filePath full path to the attachment file
-     *
      * @return bool
      */
-    public function save($filePath);
+    public function save(string $filePath): bool;
 
     /**
      * Delete attachment.
      *
      * @return bool
      */
-    public function delete();
+    public function delete(): bool;
 
     /**
      * Retrieve file contents into a variable.
      *
      * @return string
      */
-    public function get();
+    public function get(): string;
 
     /**
      * Output current file to stdout.
      *
-     * @param bool   $headers     if headers must be sent
-     * @param string $disposition disposition type (ignored if $headers false)
      */
-    public function rawOut($headers = true, $disposition = 'attachment');
+    public function rawOut(): void;
 }

phpmyfaq/src/phpMyFAQ/Attachment/File.php

@@ -87,8 +87,7 @@ public function isStorageOk(): bool
      * Save current attachment to the appropriate storage.
      * The filepath given will be processed and moved to the appropriate location.
      *
-     * @param string      $filePath full path to the attachment file
-     * @param string|null $filename filename to force
+     * @param string $filePath full path to the attachment file
      * @throws FileException|AttachmentException
      * @todo rollback if something went wrong
      */
@@ -159,22 +158,11 @@ public function get(): string
     /**
      * Output current file to stdout.
      *
-     * @param bool   $headers if headers must be sent
-     * @param string $disposition disposition type (ignored if $headers false)
      * @throws AttachmentException
      */
-    public function rawOut($headers = true, $disposition = 'attachment'): void
+    public function rawOut(): void
     {
         $file = $this->getFile();
-
-        if ($headers) {
-            $disposition = 'attachment' == $disposition ? 'attachment' : 'inline';
-            header('Content-Type: ' . $this->mimeType);
-            header('Content-Length: ' . $this->filesize);
-            header(sprintf('Content-Disposition: %s; filename="', $disposition) . rawurlencode($this->filename) . '"');
-            header('Content-MD5: ' . $this->realHash);
-        }
-
         while (!$file->eof()) {
             echo $file->getChunk();
         }

phpmyfaq/src/phpMyFAQ/Controller/AbstractController.php

@@ -72,6 +72,7 @@ public function __construct()
         $this->container = $this->createContainer();
         $this->configuration = $this->container->get('phpmyfaq.configuration');
         $this->currentUser = $this->container->get('phpmyfaq.user.current_user');
+        TwigWrapper::setTemplateSetName($this->configuration->get('layout.templateSet'));
         $this->isSecured();
     }
 

phpmyfaq/ucp.php

@@ -102,7 +102,8 @@
         'ad_gen_no' => Translation::get('ad_gen_no'),
         'msgConfirmTwofactorConfig' => Translation::get('msgConfirmTwofactorConfig'),
         'csrfTokenRemoveTwofactor' => Token::getInstance($container->get('session'))->getTokenString('remove-twofactor'),
-        'msgGravatarNotConnected' => Translation::get('msgGravatarNotConnected')
+        'msgGravatarNotConnected' => Translation::get('msgGravatarNotConnected'),
+        'webauthnSupportEnabled' => $faqConfig->get('security.enableWebAuthnSupport')
     ];
 
     return $templateVars;