From 86d342a63537372d9d0a069d48a51af1f083e9d8 Mon Sep 17 00:00:00 2001
From: Jim Graham <jim@pixelsandstrings.com>
Date: Wed, 20 Sep 2023 12:49:35 -0400
Subject: [PATCH 1/3] Add new reserved keys for Contexts

Adds "root" to already protected set of keys ("mgr" and "web")
---
 core/lexicon/en/context.inc.php               |  1 +
 .../Revolution/Processors/Context/Create.php  | 21 +++++++++++++------
 core/src/Revolution/modContext.php            |  7 +++++++
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/core/lexicon/en/context.inc.php b/core/lexicon/en/context.inc.php
index 405adb938f3..7352df973c2 100644
--- a/core/lexicon/en/context.inc.php
+++ b/core/lexicon/en/context.inc.php
@@ -18,6 +18,7 @@
 $_lang['context_err_ns'] = 'Context not specified.';
 $_lang['context_err_ns_key'] = 'Please specify a valid key for the Context.';
 $_lang['context_err_remove'] = 'An error occurred while trying to delete the Context.';
+$_lang['context_err_reserved'] = 'The Context key you chose is reserved for system use only. Please specify a different key.';
 $_lang['context_err_save'] = 'An error occurred while saving the Context.';
 $_lang['context_id'] = 'Ctx ID';
 $_lang['context_key'] = 'Context Key';
diff --git a/core/src/Revolution/Processors/Context/Create.php b/core/src/Revolution/Processors/Context/Create.php
index ab3c691f5bb..e117dc9af81 100644
--- a/core/src/Revolution/Processors/Context/Create.php
+++ b/core/src/Revolution/Processors/Context/Create.php
@@ -1,4 +1,5 @@
 <?php
+
 /*
  * This file is part of the MODX Revolution package.
  *
@@ -10,7 +11,6 @@
 
 namespace MODX\Revolution\Processors\Context;
 
-
 use MODX\Revolution\modAccessContext;
 use MODX\Revolution\modAccessPolicy;
 use MODX\Revolution\modContext;
@@ -35,15 +35,24 @@ class Create extends CreateProcessor
     public function beforeSave()
     {
         $key = $this->getProperty('key');
-        if (empty($key)) {
-            $this->addFieldError('key', $this->modx->lexicon('context_err_ns_key'));
+
+        switch (true) {
+            case empty($key):
+                $this->addFieldError('key', $this->modx->lexicon('context_err_ns_key'));
+                break;
+            case in_array($key, $this->classKey::RESERVED_KEYS):
+                $this->addFieldError('key', $this->modx->lexicon('context_err_reserved'));
+                break;
+            case $this->alreadyExists($key):
+                $this->addFieldError('key', $this->modx->lexicon('context_err_ae'));
+            // no default
         }
-        if ($this->alreadyExists($key)) {
-            $this->addFieldError('key', $this->modx->lexicon('context_err_ae'));
+        if ($this->hasErrors()) {
+            return false;
         }
         $this->object->set('key', $key);
 
-        return !$this->hasErrors();
+        return true;
     }
 
     /**
diff --git a/core/src/Revolution/modContext.php b/core/src/Revolution/modContext.php
index a4c03e61cb9..a86ca5c44e9 100644
--- a/core/src/Revolution/modContext.php
+++ b/core/src/Revolution/modContext.php
@@ -23,6 +23,13 @@
  */
 class modContext extends modAccessibleObject
 {
+    /**
+     * A set of Context keys that are restricted to system use only
+     *
+     *  @var array RESERVED_KEYS
+     */
+    public const RESERVED_KEYS = ['mgr', 'web', 'root'];
+
     /**
      * An array of configuration options for this context
      *

From f761630417f343774287032ef413a98948efde18 Mon Sep 17 00:00:00 2001
From: Jim Graham <jim@pixelsandstrings.com>
Date: Wed, 20 Sep 2023 12:54:48 -0400
Subject: [PATCH 2/3] Update GetList.php

Use new base class constant in canRemove conditional instead of hard-coded inline array
---
 core/src/Revolution/Processors/Context/GetList.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/Revolution/Processors/Context/GetList.php b/core/src/Revolution/Processors/Context/GetList.php
index 1fbc0c97249..56aafadbe55 100644
--- a/core/src/Revolution/Processors/Context/GetList.php
+++ b/core/src/Revolution/Processors/Context/GetList.php
@@ -163,7 +163,7 @@ public function prepareRow(xPDOObject $object)
         if ($this->canEdit) {
             $contextArray['perm'][] = 'pedit';
         }
-        if (!in_array($object->get('key'), ['mgr', 'web']) && $this->canRemove) {
+        if (!in_array($object->get('key'), $this->classKey::RESERVED_KEYS) && $this->canRemove) {
             $contextArray['perm'][] = 'premove';
         }
 

From 4f58af1d805babd4052bfb121118d3e80017c19e Mon Sep 17 00:00:00 2001
From: Jim Graham <jim@pixelsandstrings.com>
Date: Sat, 10 Feb 2024 22:25:02 -0500
Subject: [PATCH 3/3] Update Create.php

Ensure reserved key comparison is not case sensitive
---
 core/src/Revolution/Processors/Context/Create.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/Revolution/Processors/Context/Create.php b/core/src/Revolution/Processors/Context/Create.php
index e117dc9af81..a368d0df17f 100644
--- a/core/src/Revolution/Processors/Context/Create.php
+++ b/core/src/Revolution/Processors/Context/Create.php
@@ -40,7 +40,7 @@ public function beforeSave()
             case empty($key):
                 $this->addFieldError('key', $this->modx->lexicon('context_err_ns_key'));
                 break;
-            case in_array($key, $this->classKey::RESERVED_KEYS):
+            case in_array(strtolower($key), $this->classKey::RESERVED_KEYS):
                 $this->addFieldError('key', $this->modx->lexicon('context_err_reserved'));
                 break;
             case $this->alreadyExists($key):