Commit graph

25065 commits

Author SHA1 Message Date
Ernest Warwas
be65540a1f
suggested changes, typos fixed
suggested changes

typos
2022-03-25 14:12:52 +01:00
Ernest Warwas
598c062e53
references changed 2022-03-24 12:37:50 +01:00
Ernest Warwas
b19fde4d3a
[ADR] adr created 2022-03-24 12:29:58 +01:00
Grzegorz Sadowski
6c674b2a2a
bug #13769 [Core][Shipping] Fix estimated shipping costs (coldic3, lchrusciel)
This PR was merged into the 1.10 branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | 1.10
| Bug fix?        | yes
| New feature?    | no
| BC breaks?      | no
| Deprecations?   | no
| Related tickets | fixes https://github.com/Sylius/Sylius/issues/12554, https://github.com/Sylius/Sylius/issues/13123, related to https://github.com/Sylius/Sylius/pull/13126
| License         | MIT



Commits
-------

2863527a9d [Core][Shipping][Behat] Add estimated shipping cost scenarios
caa04093d1 [Core][Shipping] Change order processing priorities
d6dbbcdd78 [Core][Shipping] Update UPGRADE-1.10.md
9d9f8d9b18 [Core][Shipping][Behat] Update estimated shipping cost scenarios
04ab77c3ad [Core][Configuration] Add possibilty to change priorities based on configuration
225557e9c7 [Core][Configuration] Rename flag that changes priorities in order processing
12ba23573f [Core][Configuration] Fix SyliusCoreConfigurationTest
3333d077ac [Core][Configuration] Refactor test cases
9fcae9e31f [Core][Configuration] Rename flag that changes priorities in order processing
aac69ca011 [Core][Shipping] Update UPGRADE-1.10.md
d790944fe3 [Core][Configuration] Rename flag that changes priorities in order processing
2022-03-18 13:39:22 +01:00
Grzegorz Sadowski
5dc4f2b1ac
bug #13782 [Plus] Fix Sylius installation guide (lchrusciel)
This PR was merged into the 1.10 branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | 1.10
| Bug fix?        | yes
| New feature?    | no
| BC breaks?      | no
| Deprecations?   | no
| Related tickets | 
| License         | MIT

<!--
 - Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
 - Features and deprecations must be submitted against the master branch
 - Make sure that the correct base branch is set

 To be sure you are not breaking any Backward Compatibilities, check the documentation:
 https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->


Commits
-------

1bebc5c033 [Plus] Fix Sylius installation guide
2022-03-18 06:49:45 +01:00
Łukasz Chruściel
1bebc5c033
[Plus] Fix Sylius installation guide 2022-03-17 23:17:50 +01:00
Kevin Kaniaburka
d790944fe3 [Core][Configuration] Rename flag that changes priorities in order processing 2022-03-16 14:15:31 +01:00
Kevin Kaniaburka
aac69ca011 [Core][Shipping] Update UPGRADE-1.10.md 2022-03-16 14:04:47 +01:00
Grzegorz Sadowski
5b35af5744
refactor #13770 [ADR] Clean up existing ADRs mostly by updating their statuses (GSadee)
This PR was merged into the 1.10 branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | 1.10
| Bug fix?        | no
| New feature?    | no
| BC breaks?      | no
| Deprecations?   | no
| Related tickets | 
| License         | MIT

<!--
 - Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
 - Features and deprecations must be submitted against the master branch
 - Make sure that the correct base branch is set

 To be sure you are not breaking any Backward Compatibilities, check the documentation:
 https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->


Commits
-------

eea6d60c3c [ADR] Clean up existing ADRs mostly by updating their statuses
2022-03-16 13:46:35 +01:00
Grzegorz Sadowski
9fa23338b6
minor #12538 [Behat] Allow to use some useful methods on Order show page (loic425)
This PR was merged into the 1.10 branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | 1.7
| Bug fix?        | no but useful for Behat tests
| New feature?    | no
| BC breaks?      | still no bc-promise on Behat?
| Deprecations?   | no
| Related tickets |
| License         | MIT

<!--
 - Bug fixes must be submitted against the 1.7 or 1.8 branch (the lowest possible)
 - Features and deprecations must be submitted against the master branch
 - Make sure that the correct base branch is set

 To be sure you are not breaking any Backward Compatibilities, check the documentation:
 https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->

All these methods are useful when you customize the order show page.

Commits
-------

c1d5193dec [Behat] Allow to use some useful methods on Order show page
2022-03-16 13:45:59 +01:00
Kevin Kaniaburka
9fcae9e31f [Core][Configuration] Rename flag that changes priorities in order processing 2022-03-16 12:54:58 +01:00
Kevin Kaniaburka
3333d077ac [Core][Configuration] Refactor test cases 2022-03-16 12:37:05 +01:00
Kevin Kaniaburka
12ba23573f [Core][Configuration] Fix SyliusCoreConfigurationTest 2022-03-16 12:37:00 +01:00
Kevin Kaniaburka
225557e9c7 [Core][Configuration] Rename flag that changes priorities in order processing 2022-03-16 12:36:54 +01:00
Łukasz Chruściel
04ab77c3ad [Core][Configuration] Add possibilty to change priorities based on configuration 2022-03-16 12:36:45 +01:00
Kevin Kaniaburka
9d9f8d9b18 [Core][Shipping][Behat] Update estimated shipping cost scenarios 2022-03-16 12:35:32 +01:00
Grzegorz Sadowski
b5f3706e09
refactor #13736 [Maintenance] Testing with PHP 8.1 (loic425)
This PR was merged into the 1.10 branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | 1.10
| Bug fix?        | no
| New feature?    | no
| BC breaks?      | no
| Deprecations?   | no
| Related tickets | 
| License         | MIT

<!--
 - Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
 - Features and deprecations must be submitted against the master branch
 - Make sure that the correct base branch is set

 To be sure you are not breaking any Backward Compatibilities, check the documentation:
 https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->


Commits
-------

ebe88049ca Testing with PHP 8.1
f6372a737c Fix Sales data provider
48472f4da6 Bump Ocramius proxy manager version from 2.2 to 2.14
7ba8663339 Trying with friendsofphp/proxy-manager-lts
c32cf3b201 Fix Managing orders context
a2c2e4da5f Use Sylius phpspec fork
b076bb940f Do not crash on deprecations with Phpspec
b6603382e5 Use official Phpspec
417008d2e4 Use release instead of dev-main
cd8eff92ba Fix changes during rebase
2022-03-16 11:34:10 +01:00
Kevin Kaniaburka
d6dbbcdd78 [Core][Shipping] Update UPGRADE-1.10.md 2022-03-16 11:07:02 +01:00
Kevin Kaniaburka
caa04093d1 [Core][Shipping] Change order processing priorities 2022-03-16 11:07:02 +01:00
Kevin Kaniaburka
2863527a9d [Core][Shipping][Behat] Add estimated shipping cost scenarios 2022-03-16 11:07:02 +01:00
Loïc Frémont
c1d5193dec
[Behat] Allow to use some useful methods on Order show page 2022-03-16 10:38:25 +01:00
Loïc Frémont
cd8eff92ba Fix changes during rebase 2022-03-16 09:01:47 +01:00
Loïc Frémont
417008d2e4 Use release instead of dev-main 2022-03-16 08:57:34 +01:00
Loïc Frémont
b6603382e5 Use official Phpspec 2022-03-16 08:56:04 +01:00
Loïc Frémont
b076bb940f Do not crash on deprecations with Phpspec 2022-03-16 08:51:51 +01:00
Loïc Frémont
a2c2e4da5f Use Sylius phpspec fork 2022-03-16 08:51:38 +01:00
Loïc Frémont
c32cf3b201 Fix Managing orders context 2022-03-16 08:47:14 +01:00
Loïc Frémont
7ba8663339 Trying with friendsofphp/proxy-manager-lts 2022-03-16 08:46:59 +01:00
Loïc Frémont
48472f4da6 Bump Ocramius proxy manager version from 2.2 to 2.14 2022-03-16 08:46:47 +01:00
Loïc Frémont
f6372a737c Fix Sales data provider 2022-03-16 08:46:35 +01:00
Loïc Frémont
ebe88049ca Testing with PHP 8.1 2022-03-16 08:46:17 +01:00
Grzegorz Sadowski
85e6e6ccd4
refactor #13768 Bump Psalm version to 4.19 (php 8.1 support) (loic425)
This PR was merged into the 1.10 branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | 1.10
| Bug fix?        | yes
| New feature?    | no
| BC breaks?      | no
| Deprecations?   | no
| Related tickets |
| License         | MIT

<!--
 - Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
 - Features and deprecations must be submitted against the master branch
 - Make sure that the correct base branch is set

 To be sure you are not breaking any Backward Compatibilities, check the documentation:
 https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->

Apply https://github.com/Sylius/Sylius/pull/13580 fix on 1.10 branch

Commits
-------

18eb73ea2e Bump Psalm version to 4.19 (php 8.1 support)
e1e6ac687e Fix Psalm errors
2022-03-15 19:42:43 +01:00
Grzegorz Sadowski
eea6d60c3c
[ADR] Clean up existing ADRs mostly by updating their statuses 2022-03-15 14:43:18 +01:00
Loïc Frémont
e1e6ac687e Fix Psalm errors 2022-03-15 13:12:32 +01:00
Loïc Frémont
18eb73ea2e Bump Psalm version to 4.19 (php 8.1 support) 2022-03-15 09:24:32 +01:00
Łukasz Chruściel
7d40d80684
minor #13759 [Behat] Use "When" for user actions where possible (coldic3)
This PR was merged into the 1.10 branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | 1.10
| Bug fix?        | no
| New feature?    | no
| BC breaks?      | no
| Deprecations?   | no
| Related tickets | mentioned in https://github.com/Sylius/Sylius/pull/13731#discussion_r821045993
| License         | MIT

As far as "I want to..." statement is a kind of user action the step should be 'When'.

Commits
-------

984488d94b [Behat] Use "When" for user actions where possible
2022-03-14 17:18:50 +01:00
Łukasz Chruściel
591389fd27
bug #13745 [Promotion] Add validation of coupon usage limit per customer (coldic3)
This PR was merged into the 1.10 branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | 1.10
| Bug fix?        | yes
| New feature?    | no
| BC breaks?      | no
| Deprecations?   | no
| Related tickets | 
| License         | MIT

Commits
-------

5e34927dc5 [Promotion][Behat][UI] Add "per customer coupon usage below one" scenario
3f2fa19d94 [Promotion] Add validation of below one coupon usage limit per customer
d628b8ab12 [Promotion] Fix page element "per customer usage limit"
10e17737fb [Promotion][Behat] Update coupon validation feature
2022-03-14 17:01:07 +01:00
Mateusz Zalewski
73c4443605
Change application's version to v1.10.12-dev 2022-03-14 15:30:24 +01:00
Mateusz Zalewski
0d3bfa4938
Generate changelog for v1.10.11 2022-03-14 15:30:22 +01:00
Mateusz Zalewski
009cfbf754
Change application's version to v1.10.11 2022-03-14 15:29:34 +01:00
Mateusz Zalewski
8f3a08a50a
bug #13766 [Security][API] passwordResetToken nulled after password is changed (lchrusciel, ernestWarwas, GSadee, TheMilek)
This PR was merged into the 1.10 branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | 1.10
| Bug fix?        | yes
| New feature?    | no
| BC breaks?      | no
| Deprecations?   | no
| Related tickets | 
| License         | MIT

<!--
 - Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
 - Features and deprecations must be submitted against the master branch
 - Make sure that the correct base branch is set

 To be sure you are not breaking any Backward Compatibilities, check the documentation:
 https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->

Commits
-------

214f6184eb listener added to finish response with X-Frame-Options sameorigin header
60b7c81f75 suggested review changes
bd1de40d04 passwordResetToken nulled after password is changed
2022-03-14 15:27:28 +01:00
Mateusz Zalewski
4a74042cdd
Merge branch '1.9' into 1.10
* 1.9:
  Change application's version to v1.9.11-dev
  Generate changelog for v1.9.10
  Change application's version to v1.9.10
2022-03-14 15:15:45 +01:00
Mateusz Zalewski
cb824adbf6
Change application's version to v1.9.11-dev 2022-03-14 15:13:56 +01:00
Mateusz Zalewski
0aa2e0abff
Generate changelog for v1.9.10 2022-03-14 15:13:55 +01:00
Mateusz Zalewski
e2a0aa010b
Change application's version to v1.9.10 2022-03-14 15:12:22 +01:00
Mateusz Zalewski
410716251a
Merge branch '1.9' into 1.10
* 1.9:
  [Security] XSS - SVG file upload vulnerability fixed
  [PHPUnit] Move subscribers tests to main directory
  Replace str_contains with strpos method to support PHP 7
  [Behat] Extract browser element and context
  [Behat] Add scenarios for securing access to account and dashboard after logging out
  Minor fixes for specs and unit tests of cache control subscribers
  Remove type declarations for properties due to supporting PHP 7.3
  [Maintenace] Test existence of new cache headers
  [UI] Force no-store cache directives for admin and customer account section
  suggested review changes
  listener added to finish response with X-Frame-Options sameorigin header
2022-03-14 15:06:24 +01:00
Mateusz Zalewski
3da169e0c2
bug #13765 [Security] Fixes for SVG XSS, wrong cache for logged in users and clickjacking (ernestWarwas, lchrusciel, GSadee, Zales0123, Rafikooo)
This PR was merged into the 1.9 branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | 1.9
| Bug fix?        | yes
| New feature?    | no
| BC breaks?      | no
| Deprecations?   | no
| Related tickets | 
| License         | MIT

This PR aims to solve 3 issues:
1. Possibility to inject SVGs with scripts (https://rietta.com/blog/svg-xss-injection-attacks/)
2. Possibility to check admin pages with back button after logging out due to wrong cache'ing configuration
3. Clickjacking while rendering Sylius in iframe (https://portswigger.net/web-security/clickjacking)

<!--
 - Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
 - Features and deprecations must be submitted against the master branch
 - Make sure that the correct base branch is set

 To be sure you are not breaking any Backward Compatibilities, check the documentation:
 https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->


Commits
-------

0886078036 listener added to finish response with X-Frame-Options sameorigin header
c23643109c suggested review changes
67de9e8104 bug #14 [Security] Clickjacking vulnerability fixed (ernestWarwas)
4b6a77ae9e [UI] Force no-store cache directives for admin and customer account section
691b700a11 [Maintenace] Test existence of new cache headers
08d0f5a1f4 Remove type declarations for properties due to supporting PHP 7.3
94366fdfec Minor fixes for specs and unit tests of cache control subscribers
5dee3dc656 [Behat] Add scenarios for securing access to account and dashboard after logging out
d4bf36c884 [Behat] Extract browser element and context
afa04e3924 Replace str_contains with strpos method to support PHP 7
b00eb517b1 [PHPUnit] Move subscribers tests to main directory
253f66b9ab bug #11 [Security] Set cache control directives to fix security leak after logging out and using back button (lchrusciel, GSadee)
46ed54bb0b [Security] XSS - SVG file upload vulnerability fixed
6ccc2d63fb bug #12 [Security] XSS - SVG file upload vulnerability fixed (Rafikooo)
2022-03-14 15:03:56 +01:00
Kevin Kaniaburka
10e17737fb [Promotion][Behat] Update coupon validation feature
[Promotion][Behat] Fix return type
2022-03-14 09:35:24 +01:00
Kevin Kaniaburka
d628b8ab12 [Promotion] Fix page element "per customer usage limit" 2022-03-14 09:14:34 +01:00
Kevin Kaniaburka
3f2fa19d94 [Promotion] Add validation of below one coupon usage limit per customer 2022-03-14 09:14:34 +01:00