Merge remote-tracking branch 'refs/remotes/origin/hotfixes' into stable

# Conflicts: # admin/inc/configuration.php
GetSimpleCMS · Jun 6, 2016 · 8259359 · 8259359
2 parents 7e6880b + 3ba7dc6
commit 8259359
Show file tree

Hide file tree

Showing 31 changed files with 1,117 additions and 401 deletions.
diff --git a/admin/inc/basic.php b/admin/inc/basic.php
@@ -37,8 +37,8 @@ function clean_url($text)  {
  * @param string $text
  * @return string
  */
-function clean_img_name($text)  { 
-	$text = strip_tags(lowercase($text)); 
+function clean_img_name($text)  {
+	$text = getDef('GSUPLOADSLC',true) ? strip_tags(lowercase($text)) : strip_tags($text);
 	$code_entities_match = array(' ?',' ','--','&quot;','!','#','$','%','^','&','*','(',')','+','{','}','|',':','"','<','>','?','[',']','\\',';',"'",',','/','*','+','~','`','='); 
 	$code_entities_replace = array('','-','-','','','','','','','','','','','','','','','','','','','','','',''); 
 	$text = str_replace($code_entities_match, $code_entities_replace, $text); 
@@ -315,7 +315,7 @@ function XMLsave($xml, $file) {
 	$success = file_put_contents($file, $data); // LOCK_EX ?
 	
 	// debugLog('XMLsave: ' . $file . ' ' . get_execution_time());	
-
+	if(getDef('GSDOCHMOD') === false) return $success;
 	if (defined('GSCHMOD')) {
 		return $success && chmod($file, GSCHMOD);
 	} else {

diff --git a/admin/inc/common.php b/admin/inc/common.php
@@ -90,6 +90,10 @@ function debugLog($txt = '') {
 	}
 }
 
+// definition defaults
+
+if(!defined('GSUPLOADSLC'))	define('GSUPLOADSLC',true);
+
 if(!defined('GSNOFRAME')) define('GSNOFRAME',true);
 if(!defined('GSNOFRAMEDEFAULT')) define('GSNOFRAMEDEFAULT','SAMEORIGIN');
 
@@ -220,7 +224,7 @@ function debugLog($txt = '') {
  * @uses $EDOPTIONS js obj param strings, comma delimited
  */
 
-// if(!defined('GSCKETSTAMP')) define('GSCKETSTAMP',get_gs_version()); // ckeditor asset querystring for cache control
+if(!defined('GSCKETSTAMP')) define('GSCKETSTAMP',get_gs_version()); // ckeditor asset querystring for cache control
 if (defined('GSEDITORHEIGHT')) { $EDHEIGHT = GSEDITORHEIGHT .'px'; } else {	$EDHEIGHT = '500px'; }
 if (defined('GSEDITORLANG'))   { $EDLANG = GSEDITORLANG; } else {	$EDLANG = i18n_r('CKEDITOR_LANG'); }
 if (defined('GSEDITORTOOL') and !isset($EDTOOL)) { $EDTOOL = GSEDITORTOOL; }

diff --git a/admin/inc/configuration.php b/admin/inc/configuration.php
@@ -7,7 +7,7 @@
  */
 
 $site_full_name     = 'GetSimple';
-$site_version_no    = '3.3.9';
+$site_version_no    = '3.3.10';
 $name_url_clean     = lowercase(str_replace(' ','-',$site_full_name));
 $ver_no_clean       = str_replace('.','',$site_version_no);
 $site_link_back_url = 'http://get-simple.info/';

diff --git a/admin/inc/security_functions.php b/admin/inc/security_functions.php
@@ -248,6 +248,13 @@ function server_is_apache() {
  * @return string         return filtered string
  */
 function var_out($var,$filter = "special"){
+
+	// php 5.2 shim
+	if(!defined('FILTER_SANITIZE_FULL_SPECIAL_CHARS')){
+		define('FILTER_SANITIZE_FULL_SPECIAL_CHARS',522);
+		if($filter == "full") return htmlspecialchars($var, ENT_QUOTES);
+	}
+
 	if(function_exists( "filter_var") ){
 		$aryFilter = array(
 			"string"  => FILTER_SANITIZE_STRING,

diff --git a/admin/install.php b/admin/install.php
@@ -110,7 +110,7 @@
 	} else {
 		$saltval = generate_salt();
 	}
-	$xml = new SimpleXMLExtended('<item></item>');
+	$xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>');	
 	$note = $xml->addChild('apikey');
 	$note->addCData($saltval);
 	if(! XMLsave($xml, $api_file) ){

diff --git a/admin/settings.php b/admin/settings.php
@@ -116,12 +116,12 @@
 	# check to see if passwords are changing
 	if(isset($_POST['sitepwd'])) { $pwd1 = $_POST['sitepwd']; }
 	if(isset($_POST['sitepwd_confirm'])) { $pwd2 = $_POST['sitepwd_confirm']; }
-	if ($pwd1 != $pwd2)	{
+	if ($pwd1 != $pwd2 && $pwd2 != '')	{
 		#passwords do not match 
 		$error = i18n_r('PASSWORD_NO_MATCH');
 	} else {
 		# password cannot be null
-		if ( $pwd1 != '' ) { 
+		if ( $pwd1 != '' && $pwd2 != '') { 
 			$PASSWD = passhash($pwd1); 
 		}	
 
@@ -131,7 +131,7 @@
 		# create user xml file
 		createBak($file, GSUSERSPATH, GSBACKUSERSPATH);
 		if (file_exists(GSUSERSPATH . _id($USR).'.xml.reset')) { unlink(GSUSERSPATH . _id($USR).'.xml.reset'); }	
-		$xml = new SimpleXMLElement('<item></item>');
+		$xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>');		
 		$xml->addChild('USR', $USR);
 		$xml->addChild('NAME', var_out($NAME));
 		$xml->addChild('PWD', $PASSWD);
@@ -148,7 +148,7 @@
 
 		# create website xml file
 		createBak($wfile, GSDATAOTHERPATH, GSBACKUPSPATH.'other/');
-		$xmls = new SimpleXMLExtended('<item></item>');
+		$xmls = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>');
 		$note = $xmls->addChild('SITENAME');
 		$note->addCData($SITENAME);
 		$note = $xmls->addChild('SITEURL');
@@ -211,7 +211,7 @@
 		<h3><?php i18n('WEBSITE_SETTINGS');?></h3>
 
 		<div class="leftsec">
-			<p><label for="sitename" ><?php i18n('LABEL_WEBSITE');?>:</label><input class="text" id="sitename" name="sitename" type="text" value="<?php if(isset($SITENAME1)) { echo stripslashes($SITENAME1); } else { echo stripslashes($SITENAME); } ?>" /></p>
+			<p><label for="sitenameinput" ><?php i18n('LABEL_WEBSITE');?>:</label><input class="text" id="sitenameinput" name="sitename" type="text" value="<?php if(isset($SITENAME1)) { echo stripslashes($SITENAME1); } else { echo stripslashes($SITENAME); } ?>" /></p>
 		</div>
 		<div class="rightsec">
 			<p><label for="siteurl" ><?php i18n('LABEL_BASEURL');?>:</label><input class="text" id="siteurl" name="siteurl" type="url" value="<?php if(isset($SITEURL1)) { echo $SITEURL1; } else { echo $SITEURL; } ?>" /></p>

diff --git a/admin/setup.php b/admin/setup.php
@@ -78,7 +78,7 @@
 
 		# create new website.xml file
 		$file = 'website.xml';
-		$xmls = new SimpleXMLExtended('<item></item>');
+		$xmls = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>');		
 		$note = $xmls->addChild('SITENAME');
 		$note->addCData($SITENAME);
 		$note = $xmls->addChild('SITEURL');

diff --git a/admin/template/js/ckeditor/CHANGES.md b/admin/template/js/ckeditor/CHANGES.md
@@ -1,21 +1,48 @@
 CKEditor 4 Changelog
 ====================
 
+## CKEditor 4.5.9
+
+Fixed Issues:
+
+* [#10685](http://dev.ckeditor.com/ticket/10685): Fixed: Unreadable toolbar icons after updating to the new editor version. Fixed with [6876179](https://github.com/ckeditor/ckeditor-dev/commit/6876179db4ee97e786b07b8fd72e6b4120732185) in [ckeditor-dev](https://github.com/ckeditor/ckeditor-dev) and [6c9189f4](https://github.com/ckeditor/ckeditor-presets/commit/6c9189f46392d2c126854fe8889b820b8c76d291) in [ckeditor-presets](https://github.com/ckeditor/ckeditor-presets).
+* [#14573](https://dev.ckeditor.com/ticket/14573): Fixed: Missing [Widget](http://ckeditor.com/addon/widget) drag handler CSS when there are multiple editor instances.
+* [#14620](https://dev.ckeditor.com/ticket/14620): Fixed: Setting both the `min-height` style for the `<body>` element and the `height` style for the `<html>` element breaks the [Auto Grow](http://ckeditor.com/addon/autogrow) plugin.
+* [#14538](http://dev.ckeditor.com/ticket/14538): Fixed: Keyboard focus goes into an embedded `<iframe>` element.
+* [#14602](http://dev.ckeditor.com/ticket/14602): Fixed: The [`dom.element.removeAttribute()`](http://docs.ckeditor.com/#!/api/CKEDITOR.dom.element-method-removeAttribute) method does not remove all attributes if no parameter is given.
+* [#8679](http://dev.ckeditor.com/ticket/8679): Fixed: Better focus indication and ability to style the selected color in the [color picker dialog](http://ckeditor.com/addon/colordialog).
+* [#11697](http://dev.ckeditor.com/ticket/11697): Fixed: Content is replaced ignoring the letter case setting in the [Find and Replace](http://ckeditor.com/addon/find) dialog window.
+* [#13886](http://dev.ckeditor.com/ticket/13886): Fixed: Invalid handling of the [`CKEDITOR.style`](http://docs.ckeditor.com/#!/api/CKEDITOR.style) instance with the `styles` property by [`CKEDITOR.filter`](http://docs.ckeditor.com/#!/api/CKEDITOR.filter).
+* [#14535](http://dev.ckeditor.com/ticket/14535): Fixed: CSS syntax corrections. Thanks to [mdjdenormandie](https://github.com/mdjdenormandie)!
+* [#14312](http://dev.ckeditor.com/ticket/14312): [IE] Fixed: Artifact is visible after pasting any text.
+
+## CKEditor 4.5.8
+
+New Features:
+
+* [#12440](http://dev.ckeditor.com/ticket/12440): Added the [`config.colorButton_enableAutomatic`](http://docs.ckeditor.com/#!/api/CKEDITOR.config-cfg-colorButton_enableAutomatic) option to allow hiding the "Automatic" option in the [color picker](http://ckeditor.com/addon/colorbutton).
+
+Fixed Issues:
+
+* [#10448](http://dev.ckeditor.com/ticket/10448): Fixed: Lack of scrollbar in the [right-to-left text direction](http://ckeditor.com/addon/bidi).
+* [#12707](http://dev.ckeditor.com/ticket/12707): Fixed: The order of table elements does not comply with the HTML specification.
+* [#13756](http://dev.ckeditor.com/ticket/13756): [Edge] Fixed: Context menus are cut-off.
+
 ## CKEditor 4.5.7
 
 New Features:
 
-* [#14327](http://dev.ckeditor.com/ticket/14327): Added Swiss German localization.
+* [#14327](http://dev.ckeditor.com/ticket/14327): Added Swiss German localization. Thanks to [Miro Grenda](https://twitter.com/mirogrenda)!
 
-Other Changes:
+Fixed Issues:
 
 * [#13816](http://dev.ckeditor.com/ticket/13816): Introduced a new strategy for Filling Character handling to avoid changes in DOM. This fixes the following issues:
 	* [#12727](http://dev.ckeditor.com/ticket/12727): [Blink] `IndexSizeError` when using the [Div Editing Area](http://ckeditor.com/addon/divarea) and [Content Templates](http://ckeditor.com/addon/templates) plugins.
 	* [#13377](http://dev.ckeditor.com/ticket/13377): [Widget](http://ckeditor.com/addon/widget) plugin issue when typing in Korean.
 	* [#13389](http://dev.ckeditor.com/ticket/13389): [Blink] [`editor.getData()`](http://docs.ckeditor.com/#!/api/CKEDITOR.editor-method-getData) fails when the cursor is next to an `<hr>` tag.
 	* [#13513](http://dev.ckeditor.com/ticket/13513): [Blink, WebKit] [Div Editing Area](http://ckeditor.com/addon/divarea) and [`editor.getData()`](http://docs.ckeditor.com/#!/api/CKEDITOR.editor-method-getData) throw an error when an image is the only data in the editor.
-* [#13884](http://dev.ckeditor.com/ticket/13884): Fixed: Copy/paste table in Firefox results in just first cell being pasted.
-* [#14234](http://dev.ckeditor.com/ticket/14234): Fixed: URL input field is not marked as required in the [Embed](http://ckeditor.com/addon/embed) dialog.
+* [#13884](http://dev.ckeditor.com/ticket/13884): [Firefox] Fixed: Copying and pasting a table results in just the first cell being pasted.
+* [#14234](http://dev.ckeditor.com/ticket/14234): Fixed: URL input field is not marked as required in the [Media Embed](http://ckeditor.com/addon/embed) dialog.
 
 ## CKEditor 4.5.6
 

diff --git a/admin/template/js/ckeditor/README.md b/admin/template/js/ckeditor/README.md
@@ -1,7 +1,7 @@
 CKEditor 4
 ==========
 
-Copyright (c) 2003-2016, CKSource - Frederico Knabben. All rights reserved.  
+Copyright (c) 2003-2015, CKSource - Frederico Knabben. All rights reserved.
 http://ckeditor.com - See LICENSE.md for license information.
 
 CKEditor is a text editor to be used inside web pages. It's not a replacement