Merge branch '4.1' into 'main'

Author: thorsten

.docker/nginx/default.conf

@@ -71,6 +71,20 @@ server {
     # Symfony renders the styled 404 page. Do not intercept upstream PHP errors.
     fastcgi_intercept_errors off;
 
+    # Service Worker - no caching, proper headers
+    location = /sw.js {
+        add_header Content-Type "application/javascript; charset=utf-8";
+        add_header Service-Worker-Allowed "/";
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        add_header X-Content-Type-Options "nosniff";
+        try_files $uri =404;
+    }
+
+    # Update pages - rewrite before try_files can hit the PHP handler
+    location ^~ /update {
+        rewrite ^                                                    /index.php last;
+    }
+
     location / {
         index index.php;
         try_files $uri $uri/ @rewriteapp;
@@ -207,6 +221,20 @@ server {
     # Symfony renders the styled 404 page. Do not intercept upstream PHP errors.
     fastcgi_intercept_errors off;
 
+    # Service Worker - no caching, proper headers
+    location = /sw.js {
+        add_header Content-Type "application/javascript; charset=utf-8";
+        add_header Service-Worker-Allowed "/";
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        add_header X-Content-Type-Options "nosniff";
+        try_files $uri =404;
+    }
+
+    # Update pages - rewrite before try_files can hit the PHP handler
+    location ^~ /update {
+        rewrite ^                                                    /index.php last;
+    }
+
     location / {
         index index.php;
         try_files $uri $uri/ @rewriteapp;

CHANGELOG.md

@@ -42,6 +42,7 @@ This is a log of major user-visible changes in each phpMyFAQ release.
 
 ### phpMyFAQ v4.1.2 – unreleased
 
+- updated third party dependencies (Thorsten)
 - fixed bugs (Thorsten)
 
 ### phpMyFAQ v4.1.1 - 2026-03-31

docs/installation.md

@@ -659,6 +659,8 @@ your-domain.com {
     rewrite /setup /setup/index.php
     rewrite /admin /admin/index.php
     rewrite /api/* /api/index.php
+    rewrite /update /index.php
+    rewrite /update/* /index.php
     
     # Security headers
     header {

nginx.conf

@@ -86,6 +86,11 @@ server {
         try_files $uri =404;
     }
 
+    # Update pages - rewrite before try_files can hit the PHP handler
+    location ^~ /update {
+        rewrite ^                                                    /index.php last;
+    }
+
     location / {
         index index.php;
         try_files $uri $uri/ @rewriteapp;
@@ -106,10 +111,6 @@ server {
         # Setup pages
         rewrite ^/setup/                                             /setup/index.php last;
 
-        # Update page - route directly to index.php (handled by Symfony router)
-        rewrite ^/update$                                            /index.php last;
-        rewrite ^/update/                                            /index.php last;
-
         # Front controller: route all other requests to index.php (Symfony Router)
         rewrite ^                                                    /index.php last;
     }

phpmyfaq/assets/src/configuration/update.test.ts

@@ -136,7 +136,7 @@ describe('handleUpdateInformation', () => {
 
     await handleUpdateInformation();
 
-    expect(fetch).toHaveBeenCalledWith('../api/setup/check', {
+    expect(fetch).toHaveBeenCalledWith('/api/setup/check', {
       method: 'POST',
       headers: {
         Accept: 'application/json, text/plain, */*',
@@ -218,14 +218,15 @@ describe('handleUpdateInformation', () => {
 
     global.fetch = vi.fn().mockResolvedValue({
       ok: false,
+      status: 404,
       headers: { get: () => 'text/html' },
       text: () => Promise.resolve('Not Found'),
     });
 
     await handleUpdateInformation();
 
     const result = document.getElementById('phpmyfaq-update-check-result');
-    expect(result?.innerText).toContain('The requested resource was not found');
+    expect(result?.innerText).toContain('The server returned an error (HTTP 404)');
     expect(result?.innerText).toContain('RewriteBase');
   });
 
@@ -280,7 +281,7 @@ describe('handleConfigBackup', () => {
 
   it('should do nothing when URL does not match step 2', async () => {
     Object.defineProperty(window, 'location', {
-      value: { href: 'http://localhost/update?step=1' },
+      value: { href: 'http://localhost/update?step=1', pathname: '/update' },
       writable: true,
     });
 
@@ -293,7 +294,7 @@ describe('handleConfigBackup', () => {
 
   it('should do nothing when installed version input is missing', async () => {
     Object.defineProperty(window, 'location', {
-      value: { href: 'http://localhost/update?step=2' },
+      value: { href: 'http://localhost/update?step=2', pathname: '/update' },
       writable: true,
     });
 
@@ -307,7 +308,7 @@ describe('handleConfigBackup', () => {
 
   it('should call backup API on step 2', async () => {
     Object.defineProperty(window, 'location', {
-      value: { href: 'http://localhost/update?step=2' },
+      value: { href: 'http://localhost/update?step=2', pathname: '/update' },
       writable: true,
     });
 
@@ -320,7 +321,7 @@ describe('handleConfigBackup', () => {
 
     await handleConfigBackup();
 
-    expect(fetch).toHaveBeenCalledWith('../api/setup/backup', {
+    expect(fetch).toHaveBeenCalledWith('/api/setup/backup', {
       method: 'POST',
       headers: {
         Accept: 'application/json, text/plain, */*',
@@ -332,7 +333,7 @@ describe('handleConfigBackup', () => {
 
   it('should log error on failed backup response', async () => {
     Object.defineProperty(window, 'location', {
-      value: { href: 'http://localhost/update?step=2' },
+      value: { href: 'http://localhost/update?step=2', pathname: '/update' },
       writable: true,
     });
 
@@ -351,7 +352,7 @@ describe('handleConfigBackup', () => {
 
   it('should log error on network failure', async () => {
     Object.defineProperty(window, 'location', {
-      value: { href: 'http://localhost/update?step=2' },
+      value: { href: 'http://localhost/update?step=2', pathname: '/update' },
       writable: true,
     });
 
@@ -375,7 +376,7 @@ describe('handleDatabaseUpdate', () => {
 
   it('should do nothing when URL does not match step 3', async () => {
     Object.defineProperty(window, 'location', {
-      value: { href: 'http://localhost/update?step=1' },
+      value: { href: 'http://localhost/update?step=1', pathname: '/update' },
       writable: true,
     });
 
@@ -388,7 +389,7 @@ describe('handleDatabaseUpdate', () => {
 
   it('should do nothing when installed version input is missing', async () => {
     Object.defineProperty(window, 'location', {
-      value: { href: 'http://localhost/update?step=3' },
+      value: { href: 'http://localhost/update?step=3', pathname: '/update' },
       writable: true,
     });
 
@@ -402,7 +403,7 @@ describe('handleDatabaseUpdate', () => {
 
   it('should show success on successful database update', async () => {
     Object.defineProperty(window, 'location', {
-      value: { href: 'http://localhost/update?step=3' },
+      value: { href: 'http://localhost/update?step=3', pathname: '/update' },
       writable: true,
     });
 
@@ -419,7 +420,7 @@ describe('handleDatabaseUpdate', () => {
 
     await handleDatabaseUpdate();
 
-    expect(fetch).toHaveBeenCalledWith('../api/setup/update-database', {
+    expect(fetch).toHaveBeenCalledWith('/api/setup/update-database', {
       method: 'POST',
       headers: {
         Accept: 'application/json, text/plain, */*',
@@ -440,7 +441,7 @@ describe('handleDatabaseUpdate', () => {
 
   it('should show error on failed database update response', async () => {
     Object.defineProperty(window, 'location', {
-      value: { href: 'http://localhost/update?step=3' },
+      value: { href: 'http://localhost/update?step=3', pathname: '/update' },
       writable: true,
     });
 
@@ -471,7 +472,7 @@ describe('handleDatabaseUpdate', () => {
 
   it('should show error alert on network failure', async () => {
     Object.defineProperty(window, 'location', {
-      value: { href: 'http://localhost/update?step=3' },
+      value: { href: 'http://localhost/update?step=3', pathname: '/update' },
       writable: true,
     });
 
@@ -494,7 +495,7 @@ describe('handleDatabaseUpdate', () => {
 
   it('should work with URL ending in /update/?step=3', async () => {
     Object.defineProperty(window, 'location', {
-      value: { href: 'http://localhost/update/?step=3' },
+      value: { href: 'http://localhost/update/?step=3', pathname: '/update/' },
       writable: true,
     });
 

phpmyfaq/assets/src/configuration/update.ts

@@ -13,6 +13,26 @@
  * @since     2023-10-22
  */
 
+const getBasePath = (): string => {
+  const path = window.location.pathname;
+  let basePath: string;
+  if (path.endsWith('/update/index.php')) {
+    basePath = path.slice(0, -'/update/index.php'.length);
+  } else if (path.endsWith('/update/')) {
+    basePath = path.slice(0, -'/update/'.length);
+  } else if (path.endsWith('/update')) {
+    basePath = path.slice(0, -'/update'.length);
+  } else {
+    basePath = path;
+  }
+
+  if (!basePath.endsWith('/')) {
+    basePath += '/';
+  }
+
+  return basePath;
+};
+
 export const handleUpdateNextStepButton = (): void => {
   const nextStepButton = document.getElementById('phpmyfaq-update-next-step-button') as HTMLButtonElement | null;
   const nextStep = document.getElementById('phpmyfaq-update-next-step') as HTMLInputElement | null;
@@ -36,8 +56,10 @@ export const handleUpdateInformation = async (): Promise<void> => {
 
     if (!installedVersion) return;
 
+    const basePath = getBasePath();
+
     try {
-      const response = await fetch('../api/setup/check', {
+      const response = await fetch(`${basePath}api/setup/check`, {
         method: 'POST',
         headers: {
           Accept: 'application/json, text/plain, */*',
@@ -53,12 +75,15 @@ export const handleUpdateInformation = async (): Promise<void> => {
           const errorMessage = await response.json();
           errorText = errorMessage.message || errorMessage.error || 'Update check failed';
         } else {
-          errorText = await response.text();
-          if (!errorText || errorText === 'Not Found') {
+          const rawText = await response.text();
+          if (!rawText || rawText === 'Not Found' || rawText.trimStart().startsWith('<')) {
             errorText =
-              'The requested resource was not found on the server. ' +
-              'Please check your server configuration, if you use Apache, the RewriteBase in your .htaccess ' +
-              'configuration. If you use nginx, please check your nginx rewrite configuration.';
+              'The server returned an error (HTTP ' +
+              response.status +
+              '). Please check your server configuration: if you use Apache, verify the RewriteBase in your ' +
+              '.htaccess matches your installation path. If you use nginx, check your rewrite configuration.';
+          } else {
+            errorText = rawText;
           }
         }
         const alert = document.getElementById('phpmyfaq-update-check-alert') as HTMLElement | null;
@@ -102,8 +127,10 @@ export const handleConfigBackup = async (): Promise<void> => {
 
     if (!installedVersion) return;
 
+    const basePath = getBasePath();
+
     try {
-      const response = await fetch('../api/setup/backup', {
+      const response = await fetch(`${basePath}api/setup/backup`, {
         method: 'POST',
         headers: {
           Accept: 'application/json, text/plain, */*',
@@ -131,8 +158,10 @@ export const handleDatabaseUpdate = async (): Promise<void> => {
 
     if (!installedVersion) return;
 
+    const basePath = getBasePath();
+
     try {
-      const response = await fetch('../api/setup/update-database', {
+      const response = await fetch(`${basePath}api/setup/update-database`, {
         method: 'POST',
         headers: {
           Accept: 'application/json, text/plain, */*',

phpmyfaq/assets/templates/setup/update.twig

@@ -54,14 +54,14 @@
             <span class="stepIndicator">Database updates</span>
           </div>
 
-          {{ include('@setup/update/step' ~ currentStep ~ '.twig') }}
-
           {% if checkBasicError %}
-            <div class="alert alert-danger my-5" role="alert">
+            <div class="alert alert-danger my-3" role="alert">
               {{ checkBasicError | raw }}
             </div>
           {% endif %}
 
+          {{ include('@setup/update/step' ~ currentStep ~ '.twig') }}
+
         </div>
         </section>
     </main>

phpmyfaq/src/phpMyFAQ/EventListener/RouterListener.php

@@ -55,7 +55,8 @@ public function onKernelRequest(RequestEvent $event): void
 
         $urlMatcher = new UrlMatcher($this->routes, $requestContext);
         try {
-            $parameters = $urlMatcher->match($request->getPathInfo());
+            $pathInfo = $this->normalizePath($request->getPathInfo());
+            $parameters = $urlMatcher->match($pathInfo);
         } catch (ResourceNotFoundException $exception) {
             throw new NotFoundHttpException($exception->getMessage(), $exception);
         } catch (MethodNotAllowedException $exception) {
@@ -68,4 +69,22 @@ public function onKernelRequest(RequestEvent $event): void
 
         $request->attributes->add($parameters);
     }
+
+    /**
+     * Normalizes the path by removing trailing slashes and /index.php suffix.
+     */
+    private function normalizePath(string $path): string
+    {
+        // Strip /index.php suffix (e.g. /update/index.php → /update)
+        if (str_ends_with($path, '/index.php')) {
+            $path = substr($path, 0, -10);
+        }
+
+        // Remove trailing slash, but keep root path as /
+        if ($path !== '/' && str_ends_with($path, '/')) {
+            $path = rtrim($path, '/');
+        }
+
+        return $path === '' ? '/' : $path;
+    }
 }