Skip to content
This repository has been archived by the owner on Jan 5, 2023. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #72 from flatCore/develop
Merge Develop Branch
  • Loading branch information
patkon committed Oct 13, 2021
2 parents 547ba7c + 40ea2c5 commit 1d02596
Show file tree
Hide file tree
Showing 165 changed files with 4,280 additions and 4,664 deletions.
6 changes: 5 additions & 1 deletion .gitignore
Expand Up @@ -30,11 +30,15 @@ release-notes.html

# styles, except default #
/styles/**/*
!/styles/default/*
/styles/default/.DS_Store

!/styles/default/*
!/styles/default/**/*
!/styles/default/php/*

!index.html

config_database.php

/content/SQLite/.DS_Store
acp/theme/config.codekit3
7 changes: 6 additions & 1 deletion .htaccess
Expand Up @@ -6,4 +6,9 @@ RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?query=$1 [L,QSA]

</IfModule>
</IfModule>

<FilesMatch "\.(pdf|doc|docx|xls|xlsx|xlsm)$" >
ForceType application/octet-stream
Header add Content-Disposition "attachment"
</FilesMatch>
7 changes: 6 additions & 1 deletion _htaccess
Expand Up @@ -6,4 +6,9 @@ RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?query=$1 [L,QSA]

</IfModule>
</IfModule>

<FilesMatch "\.(pdf|doc|docx|xls|xlsx|xlsm)$" >
ForceType application/octet-stream
Header add Content-Disposition "attachment"
</FilesMatch>
3 changes: 2 additions & 1 deletion acp/acp.php
Expand Up @@ -982,12 +982,13 @@ function expandHelpSidebar(){
$('.page-info-btn').click(function(){

var pageid = $(this).data('id');
var csrf_token = $(this).data('token');

// AJAX request
$.ajax({
url: 'core/pages.info.php',
type: 'post',
data: {pageid: pageid},
data: {pageid: pageid, csrf_token: csrf_token},
success: function(response){
// Add response in Modal body
$('#pageInfoModal .modal-body').html(response);
Expand Down
7 changes: 6 additions & 1 deletion acp/core/access.php
Expand Up @@ -96,12 +96,17 @@ function fc_start_user_session($ud) {
die('Error: CSRF Token is invalid');
}

/* stop all $_POST actions if csrf token is empty or invalid */

if(sizeof($_POST)>1) {
if(!empty($_POST)) {
if(empty($_POST['csrf_token'])) {
die('Error: CSRF Token is empty');
}
if($_POST['csrf_token'] !== $_SESSION['token']) {
die('Error: CSRF Token is invalid');
}
}

$hidden_csrf_token = '<input type="hidden" name="csrf_token" value="'.$_SESSION['token'].'">';

?>
38 changes: 23 additions & 15 deletions acp/core/dashboard.top.php
Expand Up @@ -3,15 +3,12 @@
//prohibit unauthorized access
require 'core/access.php';

if(isset($_GET['a'])) {

if($_GET['a'] == 'delete_cache') {
fc_delete_smarty_cache('all');
}
if($_GET['a'] == 'update_index') {
fc_update_bulk_page_index();
}

if(isset($_POST['delete_cache'])) {
fc_delete_smarty_cache('all');
}

if(isset($_POST['update_index'])) {
fc_update_bulk_page_index();
}


Expand Down Expand Up @@ -64,15 +61,22 @@
if($user_result[$i]['user_class'] == "deleted"){
$user_nick = "<strike>$user_nick</strike>";
}
$user_latest5 .= '<a href="acp.php?tn=user&sub=edit&edituser='.$user_id.'" class="list-group-item list-group-item-ghost list-group-item-action flex-column align-items-start">';

$user_latest5 .= '<div class="list-group-item list-group-item-ghost list-group-item-action flex-column align-items-start">';
$user_latest5 .= '<div class="d-flex w-100 justify-content-between">';

$user_latest5 .= '<div>';
$user_latest5 .= '<h6 class="mb-0">'.$user_nick.'</h6>';
$user_latest5 .= '<small>'.$user_name.'</small>';
$user_latest5 .= '</div>';
$user_latest5 .= '<small>'.$user_registerdate.'</small>';
$user_latest5 .= '</div>';
$user_latest5 .= '</a>';
$user_latest5 .= '<form class="inline" action="?tn=user&sub=edit" method="POST">';
$user_latest5 .= '<button name="edituser" value='.$user_id.'" class="btn btn-fc btn-sm">'.$icon['edit'].'</button>';
$user_latest5 .= $hidden_csrf_token;
$user_latest5 .= '</form>';

$user_latest5 .= '</div>';
$user_latest5 .= '</div>';
}

}
Expand Down Expand Up @@ -126,6 +130,7 @@
$top5pages .= '</div>';
$top5pages .= '<form class="inline" action="?tn=pages&sub=edit" method="POST">';
$top5pages .= '<button class="btn btn-fc btn-sm" name="editpage" value="'.$allPages[$i]['page_id'].'">'.$icon['edit'].'</button>';
$top5pages .= $hidden_csrf_token;
$top5pages .= '</form>';
$top5pages .= '</div>';

Expand Down Expand Up @@ -172,6 +177,7 @@
$top5posts .= '</div>';
$top5posts .= '<form class="inline" action="?tn=posts&sub=edit" method="POST">';
$top5posts .= '<button class="btn btn-fc btn-sm" name="post_id" value="'.$allPosts[$i]['post_id'].'">'.$icon['edit'].'</button>';
$top5posts .= $hidden_csrf_token;
$top5posts .= '</form>';
$top5posts .= '</div>';

Expand Down Expand Up @@ -210,6 +216,7 @@
$top5comments .= '</div>';
$top5comments .= '<form class="inline" action="?tn=comments&sub=list#comid'.$allComments[$i]['comment_id'].'" method="POST">';
$top5comments .= '<button class="btn btn-fc btn-sm" name="editid" value="'.$allComments[$i]['comment_id'].'">'.$icon['edit'].'</button>';
$top5comments .= $hidden_csrf_token;
$top5comments .= '</form>';
$top5comments .= '</div>';
$top5comments .= '</div>';
Expand Down Expand Up @@ -286,12 +293,13 @@

$btn_page_overview = '<a href="acp.php?tn=pages" class="btn btn-fc btn-sm w-100">'.$icon['sitemap'].'</a>';
$btn_new_page = '<a href="acp.php?tn=pages&sub=new" class="btn btn-fc btn-sm w-100">'.$icon['plus'].' '.$lang['new'].'</a>';
$btn_update_index = '<a href="acp.php?tn=dashboard&a=update_index" class="btn btn-fc btn-sm w-100">'.$icon['sync_alt'].' Index</a>';
$btn_delete_cache = '<a href="acp.php?tn=dashboard&a=delete_cache" class="btn btn-fc btn-sm w-100">'.$icon['trash_alt'].' Cache</a>';

$btn_update_index = '<form action="?tn=dashboard" method="POST" class="d-inline"><button name="update_index" class="btn btn-fc btn-sm w-100 text-nowrap">'.$icon['sync_alt'].' Index</button>'.$hidden_csrf_token.'</form>';
$btn_delete_cache = '<form action="?tn=dashboard" method="POST"><button name="delete_cache" class="btn btn-fc btn-sm w-100 text-nowrap">'.$icon['trash_alt'].' Cache</button>'.$hidden_csrf_token.'</form>';

$btn_post_overview = '<a href="acp.php?tn=posts" class="btn btn-fc btn-sm w-100">'.$lang['tn_posts'].'</a>';
$btn_new_post = '<a href="acp.php?tn=posts&sub=edit" class="btn btn-fc btn-sm w-100">'.$icon['plus'].' '.$lang['new'].'</a>';
$btn_comments_overview = '<a href="acp.php?tn=comments" class="btn btn-fc btn-sm w-100">'.$lang['tn_comments'].'</a>';
$btn_comments_overview = '<a href="acp.php?tn=reactions" class="btn btn-fc btn-sm w-100">'.$lang['tn_comments'].'</a>';

$btn_user_overview = '<a href="acp.php?tn=user" class="btn btn-fc btn-sm w-100">'.$lang['list_user'].'</a>';
$btn_new_user = '<a href="acp.php?tn=user&sub=new" class="btn btn-fc btn-sm w-100">'.$icon['plus'].' '.$lang['new_user'].'</a>';
Expand Down
7 changes: 5 additions & 2 deletions acp/core/files.browser.php
Expand Up @@ -130,8 +130,9 @@
}
$select_dir .= '</optgroup>';
$select_dir .= '</select>';
$select_dir .= '</div>';
$select_dir .= '</div>';
$select_dir .= '</div>';
$select_dir .= '</div>';
$select_dir .= $hidden_csrf_token;
$select_dir .= '</form>';


Expand Down Expand Up @@ -612,6 +613,7 @@ function delete_folder($dir) {
echo '<form class="inline pull-right" action="acp.php?tn=filebrowser&sub=browse&selected_folder='.dirname($disk).'" method="POST">';
echo '<input type="submit" value="'.$lang['delete_folder'].'" class="btn btn-danger" onclick="return confirm(\''.$lang['confirm_delete_folder'].'\')">';
echo '<input type="hidden" name="delete_folder" value="'.$disk.'">';
echo $hidden_csrf_token;
echo '</form>';
echo '</div>';
}
Expand Down Expand Up @@ -794,6 +796,7 @@ function delete_folder($dir) {
echo '<div class="btn-group d-flex" role="group">';
echo '<button class="btn btn-sm btn-fc w-100" type="submit" name="rebuild" value="database">Database '.$icon['wrench'].'</button>';
echo '<button class="btn btn-sm btn-fc w-100" type="submit" name="clear_tmb">Thumbnails '.$icon['trash_alt'].'</button>';
echo $hidden_csrf_token;
echo '</div>';
echo '</form>';

Expand Down
9 changes: 5 additions & 4 deletions acp/core/files.edit.php
Expand Up @@ -8,6 +8,7 @@
$set_lang = $languagePack;
if(isset($_REQUEST['set_lang'])) {
$set_lang = $_REQUEST['set_lang'];
unset($media_data);
}

$form_tpl = file_get_contents('templates/media-edit-form.tpl');
Expand Down Expand Up @@ -36,7 +37,7 @@


if(isset($_POST['save'])) {
$savedMedia = fc_write_media_data($_POST['realpath'],$_POST['title'],$_POST['notes'],$_POST['keywords'],$_POST['text'],$_POST['url'],$_POST['alt'],$set_lang,$_POST['credit'],$_POST['priority'],$_POST['license'],time(),$filesize,$_POST['version'],$_POST['media_labels']);
$savedMedia = fc_write_media_data($_POST['realpath'],$_POST['title'],$_POST['notes'],$_POST['keywords'],$_POST['text'],$_POST['url'],$_POST['alt'],$_POST['set_lang'],$_POST['credit'],$_POST['priority'],$_POST['license'],time(),$filesize,$_POST['version'],$_POST['media_labels']);
if($savedMedia == 'success') {
$message = '<div class="alert alert-success alert-auto-close">'.$lang['db_changed'].'</div>';
} else {
Expand All @@ -54,8 +55,8 @@
echo '</div>';

$arr_lang = get_all_languages();
$langSwitch = '<form action="?tn=filebrowser&sub=edit">';
$langSwitch .= '<div class="btn-group" role="group">';

$langSwitch = '<div class="btn-group" role="group">';
foreach($arr_lang as $langs) {
$btn_status = '';
if($langs['lang_sign'] == "$set_lang") { $btn_status = 'active'; }
Expand All @@ -64,7 +65,7 @@
$langSwitch .= '</div>';
$langSwitch .= '<input type="hidden" name="file" value="'.$media_filename.'">';
$langSwitch .= '<input type="hidden" name="folder" value="'.$_REQUEST['folder'].'">';
$langSwitch .= '</form>';


$media_data = fc_get_media_data($realpath,$set_lang);

Expand Down
101 changes: 50 additions & 51 deletions acp/core/files.upload-script.php
Expand Up @@ -20,16 +20,13 @@
$db_type = 'mysql';

$database = new Medoo([

'database_type' => 'mysql',
'database_name' => "$database_name",
'server' => "$database_host",
'type' => 'mysql',
'database' => "$database_name",
'host' => "$database_host",
'username' => "$database_user",
'password' => "$database_psw",

'charset' => 'utf8',
'port' => $database_port,

'prefix' => DB_PREFIX
]);

Expand All @@ -51,8 +48,8 @@
define("CONTENT_DB", "$fc_db_content");

$db_content = new Medoo([
'database_type' => 'sqlite',
'database_file' => CONTENT_DB
'type' => 'sqlite',
'database' => CONTENT_DB
]);
}

Expand Down Expand Up @@ -164,51 +161,53 @@
}
}

/* upload files to /upload/plugins/ */
if($_REQUEST['upload_type'] == 'plugin') {
if(array_key_exists('file',$_FILES) && $_FILES['file']['error'] == 0 ){
$tmp_name = $_FILES["file"]["tmp_name"];
$org_name = $_FILES["file"]["name"];
$suffix = strtolower(substr(strrchr($org_name,'.'),1));
$prefix = basename($org_name,".$suffix");
$files_name = clean_filename($prefix,$suffix);
if(!is_dir('../../upload/plugins')) {
mkdir("../../upload/plugins", 0777, true);
}
$target = "../../upload/plugins/$files_name";
@move_uploaded_file($tmp_name, $target);
if($fc_upload_addons === true) {
/* upload files to /upload/plugins/ */
if($_REQUEST['upload_type'] == 'plugin') {
if(array_key_exists('file',$_FILES) && $_FILES['file']['error'] == 0 ){
$tmp_name = $_FILES["file"]["tmp_name"];
$org_name = $_FILES["file"]["name"];
$suffix = strtolower(substr(strrchr($org_name,'.'),1));
$prefix = basename($org_name,".$suffix");
$files_name = clean_filename($prefix,$suffix);
if(!is_dir('../../upload/plugins')) {
mkdir("../../upload/plugins", 0777, true);
}
$target = "../../upload/plugins/$files_name";
@move_uploaded_file($tmp_name, $target);
}
}
}

/* upload files to /upload/themes/ */
if($_REQUEST['upload_type'] == 'theme') {
if(array_key_exists('file',$_FILES) && $_FILES['file']['error'] == 0 ){
$tmp_name = $_FILES["file"]["tmp_name"];
$org_name = $_FILES["file"]["name"];
$suffix = strtolower(substr(strrchr($org_name,'.'),1));
$prefix = basename($org_name,".$suffix");
$files_name = clean_filename($prefix,$suffix);
if(!is_dir('../../upload/themes')) {
mkdir("../../upload/themes", 0777, true);
}
$target = "../../upload/themes/$files_name";
@move_uploaded_file($tmp_name, $target);
/* upload files to /upload/themes/ */
if($_REQUEST['upload_type'] == 'theme') {
if(array_key_exists('file',$_FILES) && $_FILES['file']['error'] == 0 ){
$tmp_name = $_FILES["file"]["tmp_name"];
$org_name = $_FILES["file"]["name"];
$suffix = strtolower(substr(strrchr($org_name,'.'),1));
$prefix = basename($org_name,".$suffix");
$files_name = clean_filename($prefix,$suffix);
if(!is_dir('../../upload/themes')) {
mkdir("../../upload/themes", 0777, true);
}
$target = "../../upload/themes/$files_name";
@move_uploaded_file($tmp_name, $target);
}
}
}

/* upload files to /upload/modules/ */
if($_REQUEST['upload_type'] == 'module') {
if(array_key_exists('file',$_FILES) && $_FILES['file']['error'] == 0 ){
$tmp_name = $_FILES["file"]["tmp_name"];
$org_name = $_FILES["file"]["name"];
$suffix = strtolower(substr(strrchr($org_name,'.'),1));
$prefix = basename($org_name,".$suffix");
$files_name = clean_filename($prefix,$suffix);
if(!is_dir('../../upload/modules')) {
mkdir("../../upload/modules", 0777, true);
}
$target = "../../upload/modules/$files_name";
@move_uploaded_file($tmp_name, $target);
/* upload files to /upload/modules/ */
if($_REQUEST['upload_type'] == 'module') {
if(array_key_exists('file',$_FILES) && $_FILES['file']['error'] == 0 ){
$tmp_name = $_FILES["file"]["tmp_name"];
$org_name = $_FILES["file"]["name"];
$suffix = strtolower(substr(strrchr($org_name,'.'),1));
$prefix = basename($org_name,".$suffix");
$files_name = clean_filename($prefix,$suffix);
if(!is_dir('../../upload/modules')) {
mkdir("../../upload/modules", 0777, true);
}
$target = "../../upload/modules/$files_name";
@move_uploaded_file($tmp_name, $target);
}
}
}

Expand Down

0 comments on commit 1d02596

Please sign in to comment.