leileizhang

This commit implements a crucial **security fix** for the **MarkdownPreviewHandler** within the `previewpane` module. It **restricts external URI navigation** in the Markdown preview pane to only `http` and `https` schemes, preventing arbitrary protocol execution. This change mitigates potential vulnerabilities, such as Remote Code Execution (RCE), that could be exploited through specially crafted links in Markdown files. The fix specifically targets `MarkdownPreviewHandlerControl.cs` to enhance the overall security posture of the preview functionality.

This commit **fixes a bug** preventing `libFuzzer` from resolving the correct target class name within the **Hosts module's fuzz tests**. Previously, the `OneFuzzConfig.json` file incorrectly specified `HostsEditor.FuzzTests.FuzzTests`, leading to test failures. This **maintenance fix** updates the configuration to the correct class name, `Hosts.FuzzTests.FuzzTests`, in `src/modules/Hosts/Hosts.FuzzTests/OneFuzzConfig.json`. This ensures the **Hosts module's fuzz testing** infrastructure operates as intended, improving the reliability of automated security testing.

This commit **fixes** a critical **bug** that caused **Image Resizer** to stop working after **PowerToys upgrades on Windows 10**. The problem arose because the installer's logic prevented the old `PackageIdentityMSIX` (sparse app) from being properly uninstalled during an upgrade, leaving a defunct version on the system. The **fix** modifies the `UninstallPackageIdentityMSIX` condition within `installer/PowerToysSetupVNext/Product.wxs` to ensure the sparse app is always cleaned up during uninstallation or upgrade. This **maintenance** change restores the expected functionality of **Image Resizer** for **Windows 10 users** and improves the overall **upgrade reliability** of PowerToys.

This commit **fixes a UI bug** in the **PowerToys OOBE (Out-of-Box Experience) pages** where "Launch" or "Open" buttons remained clickable even when their corresponding PowerToys modules were disabled. The **bug fix** introduces checks within the `OnNavigatedTo` event handler for `OobeColorPicker`, `OobeEnvironmentVariables`, `OobeHosts`, `OobeRun`, `OobeRegistryPreview`, and `OobeShortcutGuide` views. This ensures that the **OOBE UI accurately reflects the enabled state of PowerToys modules**, preventing users from attempting to interact with inactive features and improving the overall consistency of the **Settings UI**.

This commit introduces a **CI pipeline optimization** to **improve the reliability and speed of the code signing process**. It modifies the `job-build-project.yml` template to **remove the `tests` folder** before the ESRP code signing step. This action drastically **reduces the number of files submitted for signing**, mitigating issues like HTTP 429 throttling, signing operation stalls, and pipeline timeouts. This **maintenance improvement** directly impacts the **build and release infrastructure**, leading to faster and more stable builds by cutting signing time by over 10 minutes.

This commit **updates the documentation** in `README.md` to clarify a critical system requirement for a specific feature. It explicitly notes that the **PowerToys extension** functionality within the **Command Palette** is exclusively available on **Windows 11**. This **documentation update** serves as a **maintenance** task, enhancing user understanding of feature compatibility and preventing potential confusion for users on unsupported operating systems.

This commit **drafts the release notes** for the upcoming **PowerToys 0.97 release**, updating the `README.md` to reflect the new version's features and download links. This is a **documentation update** that prepares the project's public-facing information for the new release. Additionally, it includes a minor **maintenance update** to the spell-check configuration, adding 'checkmarks' to the exclusion list in `.github/actions/spell-check/expect.txt`. This ensures users have access to the latest changes and download options for the new PowerToys version.

This commit **temporarily disables** the **AI Super Resolution feature** within the **Image Resizer** module. The change is implemented by wrapping the feature's initialization and detection logic in a conditional compilation block within `src/modules/imageresizer/ui/App.xaml.cs`. This **maintenance** action ensures the feature's code remains intact for future re-enabling, but it will not be available to users in the current release.

This commit **reverts** the recently added **drag-and-drop functionality** within the **Environment Variables** module. The feature is being removed due to a **WinUI 3 limitation** that prevents drag operations when the application is running with administrator privileges. This change impacts the user experience by no longer allowing reordering of environment variable values via drag-and-drop. Specifically, the UI reverts from a `ListView` to an `ItemsControl` in `EnvironmentVariablesMainPage.xaml`, and the associated drag-and-drop event handlers and related constants are removed from `EnvironmentVariablesMainPage.xaml.cs`.

This commit **improves the user experience** of the **Peek module** by implementing robust error handling for unsupported virtual folders. Previously, activating Peek in folders like Home or Recent would result in a stuck loading state or an incorrect "Search in Microsoft Store" prompt; now, users will see a clear "No files selected or this folder is not supported for preview" message. This **bug fix** prevents misleading UI behavior by hiding the `FilePreview` control and automatically closing the Peek window when the error `InfoBar` is dismissed. The changes primarily affect the **Peek UI's initialization and error display logic**, ensuring a more predictable and user-friendly interaction when the Shell API returns no selected items.

This commit provides a **maintenance fix** by **upgrading the ESRP Code Signing task** within the project's **CI/CD pipelines**. It updates the `EsrpCodeSigning` task from version 5 to version 6 in the `.pipelines/v2/templates/steps-esrp-signing.yml` template. This change is crucial as the previous version was encountering a **Node 16 End-of-Life dependency**, which was actively **blocking the application's code signing process**. By performing this upgrade, the commit resolves the signing blockage, ensuring the continued successful build and release of the application.

This commit **fixes a critical bug** in the **Image Resizer UI** that caused an `ArgumentOutOfRangeException` when `CustomSize` or `AiSize` properties were modified, preventing the feature from working correctly. The **bug fix** was implemented by changing the collection changed notification from `Replace` to `Reset` for these properties within `src/modules/imageresizer/ui/Properties/Settings.cs`. While `Reset` is less efficient, it resolves the underlying index validation issue, ensuring the **Image Resizer UI** functions reliably for users managing custom image sizes. Additionally, this commit includes a **maintenance update** to the **Image Resizer CLI**'s logging folder path and an **adjustment to related tests** to reflect the new notification behavior.

This commit significantly **improves the usability and robustness of the FancyZones CLI** by addressing several key areas. It **fixes a bug** related to GUID parsing, allowing users to pass GUIDs without braces and providing friendly error messages when PowerShell incorrectly interprets `{GUID}` as a script block, primarily affecting the `SetHotkeyCommand` and `SetLayoutCommand`. Additionally, the **command-line interface is enhanced** with the introduction of `--help` support for individual subcommands, making it easier to discover and understand specific command options. These **usability improvements** streamline interaction with the `FancyZonesCLI` module, particularly for PowerShell users, by making it more forgiving and informative.

This commit delivers a critical **security fix** for the **Peek file previewer**, resolving Local File Inclusion (LFI) and Remote Code Execution (RCE) vulnerabilities. It introduces strict resource filtering within the `BrowserControl` to block external content loading and XSS attacks, while safely re-enabling HTML rendering for local Markdown files. The previewer logic is **refactored** to dynamically apply security contexts based on file type, ensuring robust protection against malicious content. Additionally, the "Open URI" dialog receives **UI enhancements** with clearer warnings, significantly improving the security and user experience of **Peek**'s preview functionality when interacting with external links.

This commit **fixes a build failure** within the **UI tests pipeline** by updating its configuration. Specifically, the `.pipelines/v2/templates/job-build-ui-tests.yml` file is modified to use an `MSBuild` task for NuGet package restoration, replacing the problematic `NuGetCommand` task. This **maintenance update** resolves a critical issue that was preventing UI tests from building successfully. The change ensures the stability and reliability of the **CI/CD process** for UI test validation, allowing for consistent and accurate test execution.

This commit introduces a **new command-line interface (CLI) executable** (`PowerToys.ImageResizerCLI.exe`) for the **Image Resizer** module, providing a programmatic and scriptable method for image resizing. This **new capability** allows users to automate image manipulation with extensive options, including specifying dimensions, fit mode, quality, output directory, and metadata handling, directly from the command line. The implementation involves a dedicated CLI project with classes like `CliOptions`, `CliSettingsApplier`, and `ImageResizerCliExecutor`, alongside updates to the core `ResizeBatch` logic for seamless integration. This significantly enhances the **Image Resizer**'s utility by enabling advanced automation workflows and integration into other tools.

This commit **adds comprehensive localization and telemetry support** to the **FancyZones CLI**. It **enhances the user experience for international users** by ensuring all command descriptions, arguments, output, and error messages are now **localizable** through `Properties.Resources`. Concurrently, a new **telemetry event** (`FancyZonesCLICommandEvent`) is introduced to **track command execution**, providing valuable insights into CLI usage patterns. This **feature addition** impacts nearly all existing FancyZones CLI commands, making them more accessible and their usage more transparent for product improvement.

This commit significantly **refactors** the **FancyZones CLI** to utilize `System.CommandLine`, providing a more robust and extensible command-line interface. It introduces numerous **new CLI commands** for managing layouts, hotkeys, monitors, and interacting with the FancyZones editor and settings. Crucially, all **FancyZones configuration data I/O** is now centralized through `FancyZonesEditorCommon`'s new `FancyZonesDataIO` utility and `FancyZonesPaths`, ensuring consistent serialization and file paths are shared between the CLI and the FancyZones Editor. This **enhancement** improves data integrity, maintainability, and expands the programmatic control over **FancyZones** functionality.

This commit provides a **bug fix** for the **Advanced Paste** feature's AI provider settings, addressing an issue where non-endpoint-requiring providers like Google/Gemini would incorrectly persist an Azure OpenAI placeholder endpoint. It **refactors** the `AdvancedPastePage.xaml.cs` file by centralizing the logic for determining if an AI service type requires an endpoint into a new `RequiresEndpointForService` helper method. This ensures that the `endpoint-url` is explicitly cleared on save for services that do not use an endpoint, preventing stale or irrelevant data from being written to `settings.json` and improving the robustness of **Advanced Paste** AI provider configuration.

This commit provides a **bug fix** for the **Advanced Paste** module, specifically addressing an issue where selecting an item from the clipboard history would inadvertently create a duplicate entry at the top of the list. The problem stemmed from `ClipboardHistory_ItemInvoked` using `ClipboardHelper.SetTextContent()` or `ClipboardHelper.SetImageContent()`, which internally generated a new history entry. The **solution** involves updating `MainPage.xaml.cs` to utilize `Clipboard.SetHistoryItemAsContent()` instead, ensuring that existing history items are set as content without creating redundant entries. This change significantly improves the usability and integrity of the **Advanced Paste** clipboard history, allowing users to manage and delete items correctly.