Fixed typo (references #697)

(cherry picked from commit 30908f5ba9)

changelog/57_2.6.2_2020-04-03.md

@@ -0,0 +1 @@
+Security fix (see [#696](https://github.com/grocy/grocy/issues/696))

changelog/58_UNRELEASED_2020-xx-xx.md

@@ -0,0 +1,28 @@
+### New feature: Price history per store
+- Define stores under master data
+- New product option to set the default store
+- Track on purchase/inventory in which store you bought the product (gets prefilled by the last store you purchased the product, or the default store of the product if you never bought it)
+- => The price history chart on the product card shows a line per store
+- (Thanks @immae and @kriddles)
+
+### Stock improvements
+- When creating a new product, the "QU id stock" is now preset by the "QU id purchase" (because most of the time that's most probably the same) (thanks @Mik-)
+
+### Recipe fixes
+- Fixed a PHP notice on the recipes page when there are no recipes (thanks @mrunkel)
+
+### Calendar fixes
+- Fixed that the "Share/Integrate calendar (iCal)" button did not work (thanks @tsia)
+
+### API improvements
+- The endpoint `/stock/products/{productId}/locations` now also returns the current stock amount of the product in that loctation (new field/property `amount`) (thanks @Forceu)
+
+### General & other improvements
+- New `config.php` setting `FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_FIELD_NUMBER_PAD` which activates the number pad for best-before-date fields on (supported) mobile browsers (useful because of [shorthands](https://github.com/grocy/grocy#input-shorthands-for-date-fields)) (defaults to `true`) (thanks @Mik-)
+- Enhancements for the camera barcode scanner (thanks @Mik-)
+  - The light button only displayed when the device has a flash light
+  - New `config.php` setting `FEATURE_FLAG_AUTO_TORCH_ON_WITH_CAMERA` to always enable the flash light automatically
+  - Various display/CSS improvements
+- Prerequisites (PHP extensions, critical files/folders) will now be checked and properly reported if there are problems (thanks @Forceu)
+- Improved the the overview pages on mobile devices (main column was hidden) (thanks @Mik-)
+- Optimized the handling of settings provided by `data/settingoverrides` files (thanks @dacto)

middleware/SessionAuthMiddleware.php

@@ -4,6 +4,7 @@ namespace Grocy\Middleware;
 
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
+use Psr\Http\Message\ResponseFactoryInterface;
 use Psr\Http\Message\ResponseInterface as Response;
 use Slim\Routing\RouteContext;
 
@@ -12,13 +13,15 @@ use Grocy\Services\LocalizationService;
 
 class SessionAuthMiddleware extends BaseMiddleware
 {
-	public function __construct(\DI\Container $container, string $sessionCookieName)
+	public function __construct(\DI\Container $container, string $sessionCookieName, ResponseFactoryInterface $responseFactory)
 	{
 		parent::__construct($container);
 		$this->SessionCookieName = $sessionCookieName;
+		$this->ResponseFactory = $responseFactory;
 	}
 
 	protected $SessionCookieName;
+	protected $ResponseFactory;
 
 	public function __invoke(Request $request, RequestHandler $handler): Response
 	{
@@ -44,8 +47,8 @@ class SessionAuthMiddleware extends BaseMiddleware
 			if ((!isset($_COOKIE[$this->SessionCookieName]) || !$sessionService->IsValidSession($_COOKIE[$this->SessionCookieName])) && $routeName !== 'login')
 			{
 				define('GROCY_AUTHENTICATED', false);
-				$response = $handler->handle($request);
+				$response = $this->ResponseFactory->createResponse();
-				$response = $response->withHeader('Location', $this->AppContainer->get('UrlManager')->ConstructUrl('/login'));
+				return $response->withHeader('Location', $this->AppContainer->get('UrlManager')->ConstructUrl('/login'));
 			}
 			else
 			{

routes.php

@@ -125,7 +125,7 @@ $app->group('', function(RouteCollectorProxy $group)
 	$group->get('/api', '\Grocy\Controllers\OpenApiController:DocumentationUi');
 	$group->get('/manageapikeys', '\Grocy\Controllers\OpenApiController:ApiKeysList');
 	$group->get('/manageapikeys/new', '\Grocy\Controllers\OpenApiController:CreateNewApiKey');
-})->add(new SessionAuthMiddleware($container, $container->get('LoginControllerInstance')->GetSessionCookieName()));
+})->add(new SessionAuthMiddleware($container, $container->get('LoginControllerInstance')->GetSessionCookieName(), $app->getResponseFactory()));
 
 $app->group('/api', function(RouteCollectorProxy $group)
 {

version.json

@@ -1,4 +1,4 @@
 {
-	"Version": "2.6.1",
+	"Version": "2.6.2",
-	"ReleaseDate": "2020-03-06"
+	"ReleaseDate": "2020-04-03"
 }