Skip to content

Commit

Permalink
Fix https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76/
Browse files Browse the repository at this point in the history
  • Loading branch information
@JC5
JC5 committed Aug 20, 2021
1 parent 14cdce1 commit 06d319c
Show file tree
Hide file tree
Showing 4 changed files with 125 additions and 64 deletions.
86 changes: 49 additions & 37 deletions app/Http/Controllers/CurrencyController.php
View file
Expand Up @@ -21,6 +21,7 @@
declare(strict_types=1);

namespace FireflyIII\Http\Controllers;

use FireflyIII\Exceptions\FireflyException;
use FireflyIII\Http\Requests\CurrencyFormRequest;
use FireflyIII\Models\TransactionCurrency;
Expand All @@ -41,7 +42,7 @@
class CurrencyController extends Controller
{
protected CurrencyRepositoryInterface $repository;
protected UserRepositoryInterface $userRepository;
protected UserRepositoryInterface $userRepository;

/**
* CurrencyController constructor.
Expand All @@ -54,7 +55,7 @@ public function __construct()

$this->middleware(
function ($request, $next) {
app('view')->share('title', (string) trans('firefly.currencies'));
app('view')->share('title', (string)trans('firefly.currencies'));
app('view')->share('mainTitleIcon', 'fa-usd');
$this->repository = app(CurrencyRepositoryInterface::class);
$this->userRepository = app(UserRepositoryInterface::class);
Expand All @@ -63,6 +64,7 @@ function ($request, $next) {
}
);
}

/**
* Create a currency.
*
Expand All @@ -75,13 +77,13 @@ public function create(Request $request)
/** @var User $user */
$user = auth()->user();
if (!$this->userRepository->hasRole($user, 'owner')) {
$request->session()->flash('error', (string) trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));

return redirect(route('currencies.index'));
}

$subTitleIcon = 'fa-plus';
$subTitle = (string) trans('firefly.create_currency');
$subTitle = (string)trans('firefly.create_currency');

// put previous url in session if not redirect from store (not "create another").
if (true !== session('currencies.create.fromStore')) {
Expand All @@ -102,15 +104,23 @@ public function create(Request $request)
*
* @return RedirectResponse|Redirector
*/
public function defaultCurrency(Request $request, TransactionCurrency $currency)
public function defaultCurrency(Request $request)
{
app('preferences')->set('currencyPreference', $currency->code);
app('preferences')->mark();

Log::channel('audit')->info(sprintf('Make %s the default currency.', $currency->code));

$this->repository->enable($currency);
$request->session()->flash('success', (string) trans('firefly.new_default_currency', ['name' => $currency->name]));
$currencyId = (int)$request->get('id');
if ($currencyId > 0) {
// valid currency?
$currency = $this->repository->find($currencyId);
if (null !== $currency) {
app('preferences')->set('currencyPreference', $currency->code);
app('preferences')->mark();
Log::channel('audit')->info(sprintf('Make %s the default currency.', $currency->code));

$this->repository->enable($currency);
$request->session()->flash('success', (string)trans('firefly.new_default_currency', ['name' => $currency->name]));

return redirect(route('currencies.index'));
}
}

return redirect(route('currencies.index'));
}
Expand All @@ -129,7 +139,7 @@ public function delete(Request $request, TransactionCurrency $currency)
$user = auth()->user();
if (!$this->userRepository->hasRole($user, 'owner')) {

$request->session()->flash('error', (string) trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
Log::channel('audit')->info(sprintf('Tried to visit page to delete currency %s but is not site owner.', $currency->code));

return redirect(route('currencies.index'));
Expand All @@ -138,7 +148,7 @@ public function delete(Request $request, TransactionCurrency $currency)

if ($this->repository->currencyInUse($currency)) {
$location = $this->repository->currencyInUseAt($currency);
$message = (string) trans(sprintf('firefly.cannot_disable_currency_%s', $location), ['name' => e($currency->name)]);
$message = (string)trans(sprintf('firefly.cannot_disable_currency_%s', $location), ['name' => e($currency->name)]);
$request->session()->flash('error', $message);
Log::channel('audit')->info(sprintf('Tried to visit page to delete currency %s but currency is in use.', $currency->code));

Expand All @@ -147,7 +157,7 @@ public function delete(Request $request, TransactionCurrency $currency)

// put previous url in session
$this->rememberPreviousUri('currencies.delete.uri');
$subTitle = (string) trans('form.delete_currency', ['name' => $currency->name]);
$subTitle = (string)trans('form.delete_currency', ['name' => $currency->name]);
Log::channel('audit')->info(sprintf('Visit page to delete currency %s.', $currency->code));

return prefixView('currencies.delete', compact('currency', 'subTitle'));
Expand All @@ -167,22 +177,22 @@ public function destroy(Request $request, TransactionCurrency $currency)
$user = auth()->user();
if (!$this->userRepository->hasRole($user, 'owner')) {

$request->session()->flash('error', (string) trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
Log::channel('audit')->info(sprintf('Tried to delete currency %s but is not site owner.', $currency->code));

return redirect(route('currencies.index'));

}

if ($this->repository->currencyInUse($currency)) {
$request->session()->flash('error', (string) trans('firefly.cannot_delete_currency', ['name' => e($currency->name)]));
$request->session()->flash('error', (string)trans('firefly.cannot_delete_currency', ['name' => e($currency->name)]));
Log::channel('audit')->info(sprintf('Tried to delete currency %s but is in use.', $currency->code));

return redirect(route('currencies.index'));
}

if ($this->repository->isFallbackCurrency($currency)) {
$request->session()->flash('error', (string) trans('firefly.cannot_delete_fallback_currency', ['name' => e($currency->name)]));
$request->session()->flash('error', (string)trans('firefly.cannot_delete_fallback_currency', ['name' => e($currency->name)]));
Log::channel('audit')->info(sprintf('Tried to delete currency %s but is FALLBACK.', $currency->code));

return redirect(route('currencies.index'));
Expand All @@ -191,7 +201,7 @@ public function destroy(Request $request, TransactionCurrency $currency)
Log::channel('audit')->info(sprintf('Deleted currency %s.', $currency->code));
$this->repository->destroy($currency);

$request->session()->flash('success', (string) trans('firefly.deleted_currency', ['name' => $currency->name]));
$request->session()->flash('success', (string)trans('firefly.deleted_currency', ['name' => $currency->name]));

return redirect($this->getPreviousUri('currencies.delete.uri'));
}
Expand All @@ -200,8 +210,8 @@ public function destroy(Request $request, TransactionCurrency $currency)
* @param Request $request
* @param TransactionCurrency $currency
*
* @throws FireflyException
* @return RedirectResponse|Redirector
* @throws FireflyException
*/
public function disableCurrency(Request $request, TransactionCurrency $currency)
{
Expand All @@ -211,7 +221,7 @@ public function disableCurrency(Request $request, TransactionCurrency $currency)
$user = auth()->user();
if (!$this->userRepository->hasRole($user, 'owner')) {

$request->session()->flash('error', (string) trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
Log::channel('audit')->info(sprintf('Tried to disable currency %s but is not site owner.', $currency->code));

return redirect(route('currencies.index'));
Expand All @@ -221,7 +231,7 @@ public function disableCurrency(Request $request, TransactionCurrency $currency)
if ($this->repository->currencyInUse($currency)) {

$location = $this->repository->currencyInUseAt($currency);
$message = (string) trans(sprintf('firefly.cannot_disable_currency_%s', $location), ['name' => e($currency->name)]);
$message = (string)trans(sprintf('firefly.cannot_disable_currency_%s', $location), ['name' => e($currency->name)]);

$request->session()->flash('error', $message);
Log::channel('audit')->info(sprintf('Tried to disable currency %s but is in use.', $currency->code));
Expand All @@ -245,10 +255,10 @@ public function disableCurrency(Request $request, TransactionCurrency $currency)
}

if ('EUR' === $currency->code) {
session()->flash('warning', (string) trans('firefly.disable_EUR_side_effects'));
session()->flash('warning', (string)trans('firefly.disable_EUR_side_effects'));
}

session()->flash('success', (string) trans('firefly.currency_is_now_disabled', ['name' => $currency->name]));
session()->flash('success', (string)trans('firefly.currency_is_now_disabled', ['name' => $currency->name]));

return redirect(route('currencies.index'));
}
Expand All @@ -267,21 +277,21 @@ public function edit(Request $request, TransactionCurrency $currency)
$user = auth()->user();
if (!$this->userRepository->hasRole($user, 'owner')) {

$request->session()->flash('error', (string) trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
Log::channel('audit')->info(sprintf('Tried to edit currency %s but is not owner.', $currency->code));

return redirect(route('currencies.index'));

}

$subTitleIcon = 'fa-pencil';
$subTitle = (string) trans('breadcrumbs.edit_currency', ['name' => $currency->name]);
$subTitle = (string)trans('breadcrumbs.edit_currency', ['name' => $currency->name]);
$currency->symbol = htmlentities($currency->symbol);

// code to handle active-checkboxes
$hasOldInput = null !== $request->old('_token');
$preFilled = [
'enabled' => $hasOldInput ? (bool) $request->old('enabled') : $currency->enabled,
'enabled' => $hasOldInput ? (bool)$request->old('enabled') : $currency->enabled,
];

$request->session()->flash('preFilled', $preFilled);
Expand All @@ -306,7 +316,7 @@ public function enableCurrency(TransactionCurrency $currency)
app('preferences')->mark();

$this->repository->enable($currency);
session()->flash('success', (string) trans('firefly.currency_is_now_enabled', ['name' => $currency->name]));
session()->flash('success', (string)trans('firefly.currency_is_now_enabled', ['name' => $currency->name]));
Log::channel('audit')->info(sprintf('Enabled currency %s.', $currency->code));

return redirect(route('currencies.index'));
Expand All @@ -323,8 +333,8 @@ public function index(Request $request)
{
/** @var User $user */
$user = auth()->user();
$page = 0 === (int) $request->get('page') ? 1 : (int) $request->get('page');
$pageSize = (int) app('preferences')->get('listPageSize', 50)->data;
$page = 0 === (int)$request->get('page') ? 1 : (int)$request->get('page');
$pageSize = (int)app('preferences')->get('listPageSize', 50)->data;
$collection = $this->repository->getAll();
$total = $collection->count();
$collection = $collection->slice(($page - 1) * $pageSize, $pageSize);
Expand All @@ -334,12 +344,13 @@ public function index(Request $request)
$defaultCurrency = $this->repository->getCurrencyByPreference(app('preferences')->get('currencyPreference', config('firefly.default_currency', 'EUR')));
$isOwner = true;
if (!$this->userRepository->hasRole($user, 'owner')) {
$request->session()->flash('info', (string) trans('firefly.ask_site_owner', ['owner' => config('firefly.site_owner')]));
$request->session()->flash('info', (string)trans('firefly.ask_site_owner', ['owner' => config('firefly.site_owner')]));
$isOwner = false;
}

return prefixView('currencies.index', compact('currencies', 'defaultCurrency', 'isOwner'));
}

/**
* Store new currency.
*
Expand Down Expand Up @@ -367,15 +378,15 @@ public function store(CurrencyFormRequest $request)
} catch (FireflyException $e) {
Log::error($e->getMessage());
Log::channel('audit')->info('Could not store (POST) currency without admin rights.', $data);
$request->session()->flash('error', (string) trans('firefly.could_not_store_currency'));
$request->session()->flash('error', (string)trans('firefly.could_not_store_currency'));
$currency = null;
}
$redirect = redirect($this->getPreviousUri('currencies.create.uri'));

if (null !== $currency) {
$request->session()->flash('success', (string) trans('firefly.created_currency', ['name' => $currency->name]));
$request->session()->flash('success', (string)trans('firefly.created_currency', ['name' => $currency->name]));
Log::channel('audit')->info('Created (POST) currency.', $data);
if (1 === (int) $request->get('create_another')) {
if (1 === (int)$request->get('create_another')) {

$request->session()->put('currencies.create.fromStore', true);

Expand All @@ -386,6 +397,7 @@ public function store(CurrencyFormRequest $request)

return $redirect;
}

/**
* Updates a currency.
*
Expand All @@ -405,18 +417,18 @@ public function update(CurrencyFormRequest $request, TransactionCurrency $curren
}
if (!$this->userRepository->hasRole($user, 'owner')) {

$request->session()->flash('error', (string) trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
Log::channel('audit')->info('Tried to update (POST) currency without admin rights.', $data);

return redirect(route('currencies.index'));

}
$currency = $this->repository->update($currency, $data);
Log::channel('audit')->info('Updated (POST) currency.', $data);
$request->session()->flash('success', (string) trans('firefly.updated_currency', ['name' => $currency->name]));
$request->session()->flash('success', (string)trans('firefly.updated_currency', ['name' => $currency->name]));
app('preferences')->mark();

if (1 === (int) $request->get('return_to_edit')) {
if (1 === (int)$request->get('return_to_edit')) {

$request->session()->put('currencies.edit.fromUpdate', true);

Expand Down
43 changes: 43 additions & 0 deletions public/v1/js/ff/currencies/index.js
View file
@@ -0,0 +1,43 @@
/*
* index.js
* Copyright (c) 2019 james@firefly-iii.org
*
* This file is part of Firefly III (https://github.com/firefly-iii).
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/

/**
*
*/
$(function () {
"use strict";
$('.make_default').on('click', setDefaultCurrency);

});

function setDefaultCurrency(e) {
var button = $(e.currentTarget);
var currencyId = parseInt(button.data('id'));

$.post(makeDefaultUrl, {
_token: token,
id: currencyId
}).done(function (data) {
// lame but it works
location.reload();
}).fail(function () {
console.error('I failed :(');
});
}

0 comments on commit 06d319c

Please sign in to comment.