Merge pull request #6255 from EC-CUBE/maintenance/4.1-private

脆弱性対応（4.1）
EC-CUBE · Jul 29, 2024 · 83dfd5f · 83dfd5f
2 parents f8abedf + f1244fd
commit 83dfd5f
Show file tree

Hide file tree

Showing 23 changed files with 247 additions and 49 deletions.
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
@@ -19,7 +19,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        operating-system: [ ubuntu-18.04 ]
+        operating-system: [ ubuntu-22.04 ]
         php: [ 7.4 ]
         db: [ pgsql ]
         include:
@@ -58,7 +58,9 @@ jobs:
           php-version: ${{ matrix.php }}
 
       - name: composer install
-        run: composer install --dev --no-interaction -o --apcu-autoloader
+        run: |
+          sudo composer self-update --2.2
+          composer install --dev --no-interaction -o --apcu-autoloader
 
       - name: Setup pcov
         run: |
@@ -96,7 +98,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        operating-system: [ ubuntu-18.04 ]
+        operating-system: [ ubuntu-22.04 ]
         php: [ 7.4 ]
         db: [ pgsql ]
         group: [ admin01, admin02, admin03, front, installer ]
@@ -153,7 +155,7 @@ jobs:
 
       - name: composer install
         run: |
-          sudo composer selfupdate
+          sudo composer self-update --2.2
           composer install --dev --no-interaction -o --apcu-autoloader
       - name: Setup to EC-CUBE
         env:

diff --git a/.github/workflows/deny-test.yml b/.github/workflows/deny-test.yml
@@ -15,7 +15,7 @@ on:
 jobs:
   deploy:
     name: Deny check
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-22.04
     services:
       postgres:
         image: postgres:14
@@ -47,7 +47,9 @@ jobs:
             ${{ runner.os }}-composer-
 
       - name: Install to Composer
-        run: composer install --no-scripts --no-dev --no-interaction --optimize-autoloader
+        run: |
+          sudo composer self-update --2.2 
+          composer install --no-scripts --no-dev --no-interaction --optimize-autoloader
 
       - name: Translate to templates
         run: php bin/template_jp.php
@@ -111,6 +113,7 @@ jobs:
           echo ">>> Started chrome-driver"
           sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &
           echo ">>> Started xvfb"
+          sudo composer self-update --2.2
           composer install --no-scripts --no-interaction --optimize-autoloader
           echo "modules:
               enabled:

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -37,7 +37,9 @@ jobs:
             ${{ runner.os }}-composer-
 
       - name: Install to Composer
-        run: composer install --no-scripts --no-dev --no-interaction --optimize-autoloader
+        run: |
+          sudo composer self-update --2.2 
+          composer install --no-scripts --no-dev --no-interaction --optimize-autoloader
 
       - name: Translate to templates
         run: php bin/template_jp.php

diff --git a/.github/workflows/dockerbuild.yml b/.github/workflows/dockerbuild.yml
@@ -20,7 +20,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        operating-system: [ ubuntu-18.04 ]
+        operating-system: [ ubuntu-22.04 ]
         php: [ 7.4 ]
         db: [ pgsql ]
         group: [ admin01 ]
@@ -63,7 +63,9 @@ jobs:
           php-version: ${{ matrix.php }}
 
       - name: composer install
-        run: composer install --dev --no-interaction -o --apcu-autoloader
+        run: |
+          sudo composer self-update --2.2
+          composer install --dev --no-interaction -o --apcu-autoloader
       - name: Setup to EC-CUBE
         env:
           APP_ENV: ${{ matrix.app_env }}

diff --git a/.github/workflows/e2e-bc-test.yml b/.github/workflows/e2e-bc-test.yml
@@ -20,7 +20,7 @@ jobs:
       fail-fast: false
       matrix:
         version: [ 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5 ]
-        operating-system: [ ubuntu-18.04 ]
+        operating-system: [ ubuntu-22.04 ]
         php: [ 7.4 ]
         db: [ pgsql ]
         group: [ front ]
@@ -78,7 +78,9 @@ jobs:
           php-version: ${{ matrix.php }}
 
       - name: composer install
-        run: composer install --dev --no-interaction -o --apcu-autoloader
+        run: |
+          sudo composer self-update --2.2
+          composer install --dev --no-interaction -o --apcu-autoloader
       - name: Setup to EC-CUBE
         env:
           APP_ENV: ${{ matrix.app_env }}

diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml
@@ -19,7 +19,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        operating-system: [ ubuntu-18.04 ]
+        operating-system: [ ubuntu-22.04 ]
         php: [ 7.4 ]
         db: [ pgsql ]
         group: [ admin01, admin02, admin03, front, installer ]
@@ -75,7 +75,9 @@ jobs:
           php-version: ${{ matrix.php }}
 
       - name: composer install
-        run: composer install --dev --no-interaction -o --apcu-autoloader
+        run: |
+          sudo composer self-update --2.2
+          composer install --dev --no-interaction -o --apcu-autoloader
       - name: Setup to EC-CUBE
         env:
           APP_ENV: ${{ matrix.app_env }}
@@ -91,6 +93,9 @@ jobs:
       - name: setup-chromedriver
         uses: nanasess/setup-chromedriver@master
 
+      - name: Install fonts
+        run: sudo apt install fonts-ipafont fonts-ipaexfont
+
       - name: Run chromedriver
         run: |
           export DISPLAY=:99

diff --git a/.github/workflows/penetration-test.yml b/.github/workflows/penetration-test.yml
@@ -10,7 +10,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        operating-system: [ ubuntu-18.04 ]
+        operating-system: [ ubuntu-22.04 ]
         group:
           - 'test/front_login/contact.test.ts'
           - 'test/front_guest/contact.test.ts'

diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml
@@ -27,6 +27,8 @@ jobs:
       with:
         php-version: '7.4'
     - name: composer install
-      run: composer install --dev --no-interaction -o --apcu-autoloader
+      run: |
+        sudo composer self-update --2.2
+        composer install --dev --no-interaction -o --apcu-autoloader
     - name: PHPStan
       run: vendor/bin/phpstan analyze src/ --error-format=github
diff --git a/.github/workflows/plugin-test.yml b/.github/workflows/plugin-test.yml
@@ -19,7 +19,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        operating-system: [ ubuntu-18.04 ]
+        operating-system: [ ubuntu-22.04 ]
         php: [ 7.4 ]
         db: [ pgsql, mysql ]
         method:
@@ -83,7 +83,9 @@ jobs:
           php-version: ${{ matrix.php }}
 
       - name: composer install
-        run: composer install --dev --no-interaction -o --apcu-autoloader
+        run: |
+          sudo composer self-update --2.2
+          composer install --dev --no-interaction -o --apcu-autoloader
 
       - name: Setup to EC-CUBE
         env:
@@ -163,7 +165,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        operating-system: [ ubuntu-18.04 ]
+        operating-system: [ ubuntu-22.04 ]
         php: [ 7.4 ]
         db: [ pgsql, mysql ]
         method:
@@ -225,7 +227,9 @@ jobs:
           php-version: ${{ matrix.php }}
 
       - name: Install to Composer
-        run: composer install --dev --no-interaction -o --apcu-autoloader
+        run: |
+          sudo composer self-update --2.2
+          composer install --dev --no-interaction -o --apcu-autoloader
 
       - name: Setup to EC-CUBE
         env:
@@ -305,7 +309,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        operating-system: [ ubuntu-18.04 ]
+        operating-system: [ ubuntu-22.04 ]
         php: [ 7.4 ]
         db: [ pgsql, mysql ]
         method:
@@ -367,7 +371,9 @@ jobs:
           php-version: ${{ matrix.php }}
 
       - name: Install to Composer
-        run: composer install --dev --no-interaction -o --apcu-autoloader
+        run: |
+          sudo composer self-update --2.2
+          composer install --dev --no-interaction -o --apcu-autoloader
 
       - name: Setup to EC-CUBE
         env:
@@ -447,7 +453,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        operating-system: [ ubuntu-18.04 ]
+        operating-system: [ ubuntu-22.04 ]
         php: [ 7.4 ]
         db: [ pgsql, mysql ]
         method:
@@ -512,7 +518,9 @@ jobs:
           php-version: ${{ matrix.php }}
 
       - name: Install to Composer
-        run: composer install --dev --no-interaction -o --apcu-autoloader
+        run: |
+          sudo composer self-update --2.2
+          composer install --dev --no-interaction -o --apcu-autoloader
 
       - name: Setup to EC-CUBE
         env:

diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml
@@ -19,7 +19,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        operating-system: [ ubuntu-18.04 ]
+        operating-system: [ ubuntu-22.04 ]
         php: [ '7.3', '7.4' ]
         db: [ mysql, pgsql, sqlite3 ]
         include:
@@ -72,7 +72,9 @@ jobs:
           php-version: ${{ matrix.php }}
 
       - name: composer install
-        run: composer install --dev --no-interaction -o --apcu-autoloader
+        run: |
+          sudo composer self-update --2.2
+          composer install --dev --no-interaction -o --apcu-autoloader
 
       - name: Setup EC-CUBE
         env:

diff --git a/.github/workflows/vaddy-1.yml b/.github/workflows/vaddy-1.yml
@@ -6,7 +6,7 @@ on:
 jobs:
   vaddy:
     name: VAddy
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-22.04
     strategy:
       matrix:
         include:

diff --git a/.github/workflows/vaddy-2.yml b/.github/workflows/vaddy-2.yml
@@ -6,7 +6,7 @@ on:
 jobs:
   vaddy:
     name: VAddy
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-22.04
     strategy:
       matrix:
         include:

diff --git a/Dockerfile b/Dockerfile
@@ -73,7 +73,7 @@ RUN curl -sS https://getcomposer.org/installer \
   && mv composer.phar /usr/bin/composer
 
 # 全体コピー前にcomposer installを先行完了させる(docker cache利用によるリビルド速度向上)
-
+RUN composer self-update --2.2
 RUN composer config -g repos.packagist composer https://packagist.jp
 COPY composer.json ${APACHE_DOCUMENT_ROOT}/composer.json
 COPY composer.lock ${APACHE_DOCUMENT_ROOT}/composer.lock

diff --git a/codeception/_envs/github_action.yml b/codeception/_envs/github_action.yml
@@ -8,6 +8,7 @@ modules:
                 chromeOptions:
                     prefs:
                         download.default_directory: '%GITHUB_WORKSPACE%/codeception/_support/_downloads'
+            wait: 30
         MailCatcher:
             url: '127.0.0.1'
-            port: 1080
+            port: 1080
diff --git a/codeception/acceptance/EA07BasicinfoCest.php b/codeception/acceptance/EA07BasicinfoCest.php
@@ -166,16 +166,22 @@ public function basicinfo_支払方法削除(AcceptanceTester $I)
         // 削除用の支払い方法の登録
         PaymentManagePage::go($I)
             ->新規入力();
+
+        $I->wait(10);
+
         PaymentEditPage::at($I)
             ->入力_支払方法('dummy payment')
             ->登録();
 
+        $I->wait(10);
         // 削除
         $page = PaymentManagePage::go($I);
         $before = $page->一覧_件数取得();
         $page->一覧_削除(1);
         $I->see('削除しました', PaymentEditPage::$登録完了メッセージ);
 
+        $I->wait(10);
+
         $after = PaymentManagePage::go($I)->一覧_件数取得();
         $I->assertEquals($before - 1, $after);
     }

diff --git a/codeception/acceptance/EA08SysteminfoCest.php b/codeception/acceptance/EA08SysteminfoCest.php
@@ -318,16 +318,22 @@ public function systeminfo_セキュリティ管理SSL(AcceptanceTester $I)
         $I->amOnUrl($httpBaseUrl);
         $I->assertRegExp('/^http:\/\//', $I->executeJS('return location.href'), 'httpsにリダイレクトされない');
 
+        $I->wait(10);
+
         $config = Fixtures::get('config');
         $httpsBaseUrl = str_replace('http://', 'https://', $httpBaseUrl);
         $I->amOnUrl($httpsBaseUrl.$config['eccube_admin_route'].'/setting/system/security');
         $I->checkOption(['id' => 'admin_security_force_ssl']);
         $I->click('#page_admin_setting_system_security form div.c-contentsArea__cols > div.c-conversionArea > div > div > div:nth-child(2) > div > div > button');
 
+        $I->wait(10);
+
         // httpでアクセスしたらhttpsにリダイレクトされる
         $I->amOnUrl($httpBaseUrl);
         $I->assertRegExp('/^https:\/\//', $I->executeJS('return location.href'), 'httpsにリダイレクトされる');
 
+        $I->wait(10);
+
         // 後続テストのために戻しておく
         $I->amOnUrl($httpsBaseUrl.$config['eccube_admin_route'].'/setting/system/security');
         $I->uncheckOption(['id' => 'admin_security_force_ssl']);

diff --git a/codeception/acceptance/EF02ProductCest.php b/codeception/acceptance/EF02ProductCest.php
@@ -49,10 +49,15 @@ public function product_商品一覧ソート(AcceptanceTester $I)
         // TOPページ>商品一覧（ヘッダーのいずれかのカテゴリを選択）へ遷移
         $topPage->カテゴリ選択(['新入荷']);
 
+        $I->wait(10);
+
         // 各商品のサムネイルが表示される デフォルトは価格順
         $products = $I->grabMultiple(['xpath' => "//*[@class='ec-shelfGrid__item']/a/p[2]"]);
         $pPos = 0;
         $fPos = 0;
+
+        $I->wait(10);
+
         foreach ($products as $key => $product) {
             if ($product == 'チェリーアイスサンド') {
                 $pPos = $key;
@@ -68,10 +73,14 @@ public function product_商品一覧ソート(AcceptanceTester $I)
             ->表示件数設定(40)
             ->表示順設定('価格が高い順');
 
+        $I->wait(10);
         // 変更されたソート条件に従い、商品がソートされる
         $products = $I->grabMultiple(['xpath' => "//*[@class='ec-shelfGrid__item']/a/p[2]"]);
         $pPos = 0;
         $fPos = 0;
+
+        $I->wait(10);
+
         foreach ($products as $key => $product) {
             if ($product == 'チェリーアイスサンド') {
                 $pPos = $key;

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "eccube",
-  "version": "4.1.2-p3",
+  "version": "4.1.2-p4",
   "description": "EC-CUBE EC open platform.",
   "main": "index.js",
   "directories": {