Skip to content

8.4 upgrade#100

Merged
msaperst merged 39 commits into
developfrom
8.4-upgrade
Oct 15, 2025
Merged

8.4 upgrade#100
msaperst merged 39 commits into
developfrom
8.4-upgrade

Conversation

@msaperst
Copy link
Copy Markdown
Owner

@msaperst msaperst commented Oct 8, 2025
edited
Loading

Trying to upgrade everything to 8.4, including getting more tests and pipeline runs passing

github-advanced-security[bot]
github-advanced-security AI found potential problems Oct 14, 2025
View reviewed changes
Comment thread public/api/make-thumbs.php
}

system(dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . "bin/make-thumbs.sh {$album->getId()} $markup {$album->getLocation()} > /dev/null 2>&1 &");
system(dirname(__DIR__, 2) . DIRECTORY_SEPARATOR . "bin/make-thumbs.sh {$album->getId()} $markup {$album->getLocation()} > /dev/null 2>&1 &");

Check failure

Code scanning / SonarCloud

OS commands should not be vulnerable to command injection attacks

<!--SONAR_ISSUE_KEY:AZnFRG60SCrOO-T7UNUT-->Change this code to not construct the OS command from user-controlled data. <p>See more on <a href="https://sonarcloud.io/project/issues?id=msaperst_saperstone-studios&issues=AZnFRG60SCrOO-T7UNUT&open=AZnFRG60SCrOO-T7UNUT&pullRequest=100">SonarQube Cloud</a></p>
github-advanced-security[bot]
github-advanced-security AI found potential problems Oct 14, 2025
View reviewed changes
Comment thread src/elements/Blog.php
if (isset($params['preview']) && isset($params['preview']['img']) && $params['preview']['img'] != '') {
//setup our new image
copy(dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . 'public' . DIRECTORY_SEPARATOR . 'blog' . DIRECTORY_SEPARATOR . $this->preview, $this->directory . DIRECTORY_SEPARATOR . "preview_image-{$this->id}.jpg");
copy(dirname(__DIR__, 2) . DIRECTORY_SEPARATOR . 'public' . DIRECTORY_SEPARATOR . 'blog' . DIRECTORY_SEPARATOR . $this->preview, $this->directory . DIRECTORY_SEPARATOR . "preview_image-{$this->id}.jpg");

Check failure

Code scanning / SonarCloud

I/O function calls should not be vulnerable to path injection attacks

<!--SONAR_ISSUE_KEY:AZnFRHLLSCrOO-T7UNfz-->Change this code to not construct the path from user-controlled data. <p>See more on <a href="https://sonarcloud.io/project/issues?id=msaperst_saperstone-studios&issues=AZnFRHLLSCrOO-T7UNfz&open=AZnFRHLLSCrOO-T7UNfz&pullRequest=100">SonarQube Cloud</a></p>
github-advanced-security[bot]
github-advanced-security AI found potential problems Oct 15, 2025
View reviewed changes
Comment thread public/blog/category.php

<!-- Script to Activate the Gallery -->
<script>
var postsFull = new PostsFull( <?php echo $postCount; ?>, <?php echo "[" . implode(",", $categories) . "]"; ?> );

Check failure

Code scanning / SonarCloud

Endpoints should not be vulnerable to reflected cross-site scripting (XSS) attacks

<!--SONAR_ISSUE_KEY:AZnl0MZ0T6P56idoSo0b-->Change this code to not reflect unsanitized user-controlled data. <p>See more on <a href="https://sonarcloud.io/project/issues?id=msaperst_saperstone-studios&issues=AZnl0MZ0T6P56idoSo0b&open=AZnl0MZ0T6P56idoSo0b&pullRequest=100">SonarQube Cloud</a></p>
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Oct 15, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
44 Security Hotspots
17.1% Coverage on New Code (required ≥ 80%)
13.7% Duplication on New Code (required ≤ 3%)
E Security Rating on New Code (required ≥ A)
D Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

@msaperst
Copy link
Copy Markdown
Owner Author

msaperst commented Oct 15, 2025

Closes #54 and #76

@msaperst msaperst merged commit 56c981e into develop Oct 15, 2025
7 of 15 checks passed
@msaperst msaperst deleted the 8.4-upgrade branch October 15, 2025 22:50
This was referenced Oct 15, 2025
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@msaperst @github-advanced-security