phpbench pulled in doctrine/annotations which has a security advisory.
The bench script and its only benchmark file are unused in CI.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Initialize $isUpgrade=false in Install.php action() to prevent undefined variable
- Assign $this->lockedDatabase in Upgrade.php before calling parent::action()
- Remove stack trace exposure from buildErrorDetails() in Http Install action
- Suppress raw exception messages for 500+ errors in Error handler
- Remove sessionSecret from progress details to prevent credential leak
- Hash name/email in analytics payload to avoid sending raw PII
- Validate and default dbService in compose.phtml to prevent invalid output
- Fix host normalization in progress.js redirect URL builder
- Release global lock on early return for existing installation conflict
- Consolidate duplicate database host/port assignment blocks
- Add @runInSeparateProcess to testRouteRegistration to prevent global state leak
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: sanitize branch names for valid domain generation
Branch names containing invalid domain characters (like '/') were being
used directly when creating VCS preview domains, resulting in invalid
domains like 'branch-abc/test.appwrite.network'. This adds a Domain
helper class that sanitizes branch names by replacing invalid characters
with hyphens before generating domains.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: use Text constants for branch name sanitization
Replace regex with explicit character validation using Utopia Text
constants for better readability and maintainability.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* Move to transformation adapter
* lint
* tiny
* fix test
* ut
* use Filter
* lint
* more lint
* simplify
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Move type check before assignment to prevent TypeError when non-string
value (like array) is passed to Origin::isValid(). The property
\$this->origin is typed as string, so assigning an array before
the is_string() check caused the error.
- Upgrade utopia-php/cli from 0.15 to 0.22
- Upgrade utopia-php/analytics from 0.10 to 0.15
- Upgrade utopia-php/orchestration from 0.9 to 0.19
- Use dev branches for utopia-php/framework and utopia-php/platform
- Remove utopia-php/swoole dependency (merged into framework)
- Migrate Utopia\CLI\Console to Utopia\Console across all files
- Migrate Utopia\Http to Utopia\Http\Http namespace
- Migrate Utopia\Swoole\Files to Utopia\Http\Files (now instance-based)
- Convert static CLI::setResource() calls to instance-based Dependency API
- Fix StatsResources task named parameter mismatch
- Fix OR precheck bug: skip attribute existence check when OR conditions
exist, since OR can match with partial attributes present
- Remove dead code in app/realtime.php (unused $names and $channels variables)
- Add tests for OR queries with missing attributes in one branch
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
RuntimeQuery::filter() now returns null when the query doesn't match,
instead of an empty array. This distinguishes between "no match" and
"match with empty payload", fixing the issue where subscriptions with
empty payloads weren't being delivered.
Updated Realtime::getSubscribers() to check for null instead of using
!empty(), and updated all tests to expect null for non-matches.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add missing isSelectAll() method to RuntimeQuery class
- Update RuntimeQueryTest to use compile() before filter() since filter()
expects pre-compiled query arrays, not Query objects
- Remove incorrect break statement in Realtime::getSubscribers() that was
stopping iteration after the first matching channel, causing subscribers
to not be found for subsequent channels
- Use local variable $subscriptionsByChannel to avoid unused variable warning
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Jake Barnby
loks0n
Hemachandar
Chirag Aggarwal
Matej Bačo
ArnabChatterjee20k
ArnabChatterjee20k