Merge branch '4.x' into bugfix/18552-slidepicker-and-non-standard-values

brandonkelly · brandonkelly · commit 6ea3258354e6 · 2026-03-16T11:31:33.000-07:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Release Notes for Craft CMS 4
 
+## Unreleased
+
+- Fixed an error that could occur after running the `utils/fix-field-layout-uids` command. ([#18516](https://github.com/craftcms/cms/issues/18516))
+
 ## 4.17.10 - 2026-03-11
 
 - Fixed an error that occurred when loading some control panel resources on environments with `craft\web\AssetManager::$cacheSourcePaths` disabled. ([#18536](https://github.com/craftcms/cms/issues/18536))
@@ -29,13 +33,12 @@
 - The `PDO::MYSQL_ATTR_MULTI_STATEMENTS` attribute is now set to `false` by default for database connections.
 - Fixed a bug where `searchindex` and `searchindexqueue` rows weren’t being deleted when an element was deleted for a site. ([#18394](https://github.com/craftcms/cms/issues/18394))
 - Fixed a bug where multi-select condition rules weren’t applying their “has a value” and “is empty” operators correctly. ([#18470](https://github.com/craftcms/cms/pull/18470))
-- Fixed a [low-severity](https://github.com/craftcms/cms/security/policy#severity--remediation) path traversal vulnerability. (GHSA-472v-j2g4-g9h2)
 
 ## 4.17.6 - 2026-02-18
 
 - Added `craft\serviceokens::getRemainingTokenUsages()`.
 - Added `craft\web\Request::getTokenRoute()`.
-- Fixed a [high-severity](https://github.com/craftcms/cms/security/policy#severity--remediation) permission escalation vulnerability. (GHSA-cc7p-2j3x-x7xf)
+- Fixed a [high-severity](https://github.com/craftcms/cms/security/policy#severity--remediation) permission escalation vulnerability. ([GHSA-cc7p-2j3x-x7xf](https://github.com/craftcms/cms/security/advisories/GHSA-cc7p-2j3x-x7xf))
 
 ## 4.17.5 - 2026-02-17
 
@@ -44,8 +47,8 @@
 - Added `craft\web\Request::wants()`.
 - Fixed a bug where the control panel requests could trigger an infinite browser redirect loop. ([#18420](https://github.com/craftcms/cms/issues/18420))
 - Fixed a bug where 404 responses could be set to an image based on the `brokenImagePath` config setting for Chrome. ([#18438](https://github.com/craftcms/cms/issues/18438))
-- Fixed a [moderate-severity](https://github.com/craftcms/cms/security/policy#severity--remediation) RCE vulnerability. (GHSA-4484-8v2f-5748)
-- Fixed a [low-severity](https://github.com/craftcms/cms/security/policy#severity--remediation) path traversal vulnerability. (GHSA-472v-j2g4-g9h2)
+- Fixed a [moderate-severity](https://github.com/craftcms/cms/security/policy#severity--remediation) RCE vulnerability. ([GHSA-4484-8v2f-5748](https://github.com/craftcms/cms/security/advisories/GHSA-4484-8v2f-5748))
+- Fixed a [low-severity](https://github.com/craftcms/cms/security/policy#severity--remediation) path traversal vulnerability. ([GHSA-472v-j2g4-g9h2](https://github.com/craftcms/cms/security/advisories/GHSA-472v-j2g4-g9h2))
 
 ## 4.17.4 - 2026-02-11
 
diff --git a/composer.lock b/composer.lock
diff --git a/src/console/controllers/utils/FixFieldLayoutUidsController.php b/src/console/controllers/utils/FixFieldLayoutUidsController.php
@@ -10,7 +10,9 @@
 use Craft;
 use craft\console\Controller;
 use craft\helpers\Console;
+use craft\helpers\ProjectConfig;
 use craft\helpers\StringHelper;
+use craft\services\ProjectConfig as ProjectConfigService;
 use yii\console\ExitCode;
 
 /**
@@ -53,6 +55,10 @@ private function _fixUids(array $config, int &$count, string $path = '', array &
     {
         if (is_array($config['fieldLayouts'] ?? null)) {
             $modified = false;
+            $packed = isset($config['fieldLayouts'][ProjectConfigService::ASSOC_KEY]);
+            if ($packed) {
+                $config['fieldLayouts'] = ProjectConfig::unpackAssociativeArray($config['fieldLayouts']);
+            }
             foreach ($config['fieldLayouts'] as $fieldLayoutUid => &$fieldLayoutConfig) {
                 $this->topLevelUids[$fieldLayoutUid][] = $path;
                 if (is_array($fieldLayoutConfig)) {
@@ -61,16 +67,26 @@ private function _fixUids(array $config, int &$count, string $path = '', array &
                 }
             }
             if ($modified) {
+                if ($packed) {
+                    $config['fieldLayouts'] = ProjectConfig::packAssociativeArray($config['fieldLayouts']);
+                }
                 Craft::$app->getProjectConfig()->set($path, $config);
             }
             return;
         }
 
         if (is_array($config['fieldLayout'] ?? null)) {
             $modified = false;
+            $packed = isset($config['fieldLayout'][ProjectConfigService::ASSOC_KEY]);
+            if ($packed) {
+                $config['fieldLayout'] = ProjectConfig::unpackAssociativeArray($config['fieldLayout']);
+            }
             $fieldLayoutPath = sprintf('%sfieldLayout', $path ? "$path." : '');
             $this->_fixUidsInLayout($config['fieldLayout'], $count, $fieldLayoutPath, $uids, $modified);
             if ($modified) {
+                if ($packed) {
+                    $config['fieldLayout'] = ProjectConfig::packAssociativeArray($config['fieldLayout']);
+                }
                 Craft::$app->getProjectConfig()->set($path, $config);
             }
             return;
