Merge branch '5.5'

author Tim Düsterhus <duesterhus@woltlab.com>

Wed, 29 Jun 2022 10:16:02 +0000 (12:16 +0200)

committer Tim Düsterhus <duesterhus@woltlab.com>

Wed, 29 Jun 2022 10:16:02 +0000 (12:16 +0200)
author Tim Düsterhus <duesterhus@woltlab.com>
Wed, 29 Jun 2022 10:16:02 +0000 (12:16 +0200)
committer Tim Düsterhus <duesterhus@woltlab.com>
Wed, 29 Jun 2022 10:16:02 +0000 (12:16 +0200)
diff --cc wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js
Simple merge
diff --cc wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php

index 8585adc050818cbe96b44591ead85c208934beca,118f3559a1a34744509225e21e7b8c220427f73a..f077eb9562988bf88693c45ee60687d1f33d6869
--- 1/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php
--- 2/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php
+++ b/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php
@@@ -141,8 -152,20 +152,17 @@@ class PackageUpdateServer extends Datab
           return \current($pluginStoreServer);
       }
   
+     /**
+      * Restricts the available sources to official package
+      * servers when a secure download is requested.
+      */
+     final public static function enableSecureMode(): void
+     {
+         self::$secureMode = true;
+     }
+ 
       /**
- -     * Returns true if the given server url is valid.
- -     *
- -     * @param string $serverURL
- -     * @return  bool
+ +     * @deprecated 5.6 This method was only used in PackageUpdateServerAddForm.
        */
       public static function isValidServerURL($serverURL)
       {
diff --cc wcfsetup/install/files/lib/system/request/ControllerMap.class.php

index 60b10516d377f00d1135905714caba6767d73a70,de01cb4297d3610f83a409583cae20c04148d214..032b6f6f1e92c90f06b40482ac498ef9a9e5831d
--- 1/wcfsetup/install/files/lib/system/request/ControllerMap.class.php
--- 2/wcfsetup/install/files/lib/system/request/ControllerMap.class.php
+++ b/wcfsetup/install/files/lib/system/request/ControllerMap.class.php
@@@ -342,12 -433,22 +342,14 @@@ final class ControllerMap extends Singl
       {
           $className = $application . '\\' . ($isAcpRequest ? 'acp\\' : '') . $pageType . '\\' . $controller . \ucfirst($pageType);
           if (!\class_exists($className)) {
- -            // avoid CORS by allowing action classes invoked form every application domain
- -            if ($pageType === 'action' && $application !== 'wcf') {
- -                $className = 'wcf\\' . ($isAcpRequest ? 'acp\\' : '') . $pageType . '\\' . $controller . \ucfirst($pageType);
- -                if (!\class_exists($className)) {
- -                    return null;
- -                }
- -            } else {
- -                return null;
- -            }
+ +            return null;
           }
   
-         // check for abstract classes
+         // Verify that the class can be instantiated. This excludes
+         // abstract classes, interfaces, classes with a private constructor
+         // and more.
           $reflectionClass = new \ReflectionClass($className);
-         if ($reflectionClass->isAbstract()) {
+         if (!$reflectionClass->isInstantiable()) {
               return null;
           }
author	Tim Düsterhus <duesterhus@woltlab.com>
	Wed, 29 Jun 2022 10:16:02 +0000 (12:16 +0200)
committer	Tim Düsterhus <duesterhus@woltlab.com>
	Wed, 29 Jun 2022 10:16:02 +0000 (12:16 +0200)
		1	2
wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js	patch \|	diff1 \|	diff2 \|	blob \| history
wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php	patch \|	diff1 \|	diff2 \|	blob \| history
wcfsetup/install/files/lib/system/request/ControllerMap.class.php	patch \|	diff1 \|	diff2 \|	blob \| history