mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-27 08:14:46 +02:00
Code Issues Releases Wiki Activity
14,375 Commits 2 Branches 22 Tags
master
Commit Graph

538 Commits

Author SHA1 Message Date
Nick Liu
dd36fbd51d Unify logic of e_user_model::checkAdminPerms() and getperms() 
Along with extensive documentation, `getperms()` is now deprecated and
its replacements now have first-class support:
* `e_user_model::checkAdminPerms()` and `getperms()` both use
  `e_userperms::simulateHasAdminPerms()`.
* `e_user_model::checkPluginAdminPerms()` and `getperms('P', …, …)`
  both use `e_userperms::simulateHasPluginAdminPerms()`.

----

Partially reverts: https://github.com/e107inc/e107/commit/44526b43

Reverts: https://github.com/e107inc/e107/commit/001799cb

Fixes: https://github.com/e107inc/e107/issues/5064
 2023-09-09 12:03:14 +02:00
camer0n
44526b435c Issue #5064 - Draft fix for user impersonation (getperms()) 2023-09-08 14:18:06 -07:00
camer0n
9aa8de4f7d Issue GHSA-92fr-7h4f-22pp 2023-08-22 13:28:10 -07:00
Nick Liu
b623868756 db_verify::getIndex(): Support index_col_name optional parts 
In the MariaDB `CREATE TABLE` [`index_definition`](https://mariadb.com/kb/en/create-table/#index-definitions),
 the `index_col_name` could have an optional length and a sort order:

```
index_definition:
    {INDEX|KEY} [index_name] [index_type] (index_col_name,...) [index_option] ...
  {{{|}}} {FULLTEXT|SPATIAL} [INDEX|KEY] [index_name] (index_col_name,...) [index_option] ...
  {{{|}}} [CONSTRAINT [symbol]] PRIMARY KEY [index_type] (index_col_name,...) [index_option] ...
  {{{|}}} [CONSTRAINT [symbol]] UNIQUE [INDEX|KEY] [index_name] [index_type] (index_col_name,...) [index_option] ...
  {{{|}}} [CONSTRAINT [symbol]] FOREIGN KEY [index_name] (index_col_name,...) reference_definition

index_col_name:
    col_name [(length)] [ASC | DESC]

index_type:
    USING {BTREE | HASH | RTREE}

index_option:
    [ KEY_BLOCK_SIZE [=] value
  {{{|}}} index_type
  {{{|}}} WITH PARSER parser_name
  {{{|}}} COMMENT 'string'
  {{{|}}} CLUSTERING={YES| NO} ]
  [ IGNORED | NOT IGNORED ]

reference_definition:
    REFERENCES tbl_name (index_col_name,...)
      [MATCH FULL | MATCH PARTIAL | MATCH SIMPLE]
      [ON DELETE reference_option]
      [ON UPDATE reference_option]

reference_option:
    RESTRICT | CASCADE | SET NULL | NO ACTION
```

`db_verify::getIndex()` didn't handle this possibility, leading to a
database validity check failure despite the index actually existing.

Fixes: https://github.com/e107inc/e107/issues/5054
 2023-08-17 17:27:26 +02:00
camer0n
4cc9d8b085 Updated vendor packages: 
hybridauth/hybridauth (v3.8.2 => v3.9.0)
ifsnop/mysqldump-php (v2.9 => v2.12)
guzzlehttp/psr7 (1.9.0 => 1.9.1)
matthiasmullie/minify (1.3.70 => 1.3.71)
phpmailer/phpmailer (v6.7.1 => v6.8.0)
 2023-06-22 09:47:35 -07:00
Cameron
c2bc635774 Fixes #5005 GET values containing arrays are no longer corrupted. 2023-06-06 15:46:50 -07:00
Cameron
c3517641e0 Fontawesome updated to 5.15.4 
Bootswatch updated to 5.2.3 in Bootstrap5 theme and fontawesome loading switched to css. (instead of js)
 2023-04-12 15:32:48 -07:00
Nick Liu
1d1f4d08e0 Add tests for news plugin category links 2023-02-20 12:13:34 +01:00
Nick Liu
432395c12e Tests: Helper\E107Base: Use more reliable check for Composer 2 format 
Issue reported in Gitter:
https://matrix.to/#/!srhnCKlMgxFeuSPXPb:gitter.im/$nGHXf-miT7JsA2U-Mgr7_SDuINfSYjuHulMgfuvPNdg?via=gitter.im

Tester reported this error:

```
In E107Base.php line 103:

  First parameter must either be an object or the name of an existing class
```
 2023-02-16 15:57:20 +01:00
Cameron
f5096ae47d Closes #4978 - {NEWS_MODIFIED} shortcode added. 2023-02-11 09:09:16 -08:00
Cameron
d320ee926e Issue #4969 Added support for FontAwesome v6 2023-02-05 13:48:50 -08:00
Cameron
3b41b8a9d1 Fix for deprecation notices when running tests on PHP 8.2. Upgraded Conception to 4.2.2 2023-01-08 08:46:17 -08:00
Nick Liu
eba3a9a367 Tests: e107EmailTest::testMsgHTML(): Enforce SMTP-style line endings 
On older PHP versions, the line ending seems to be indeterminate?

Changing the test mailer from "mail" to "smtp" should enforce CRLF
line endings instead of maybe CRLF, maybe LF.
 2022-12-29 22:21:09 +01:00
Nick Liu
43792c4505 Tests: Fix "September" behavior difference in testBuildDateLocale() 
Whether "Sep" or "Sept" is the short month name for "%h" apparently
depends on `DateTime` or ext-intl, not on whether Microsoft Windows is
used.  Or something like that.  PHP is weird…
 2022-12-29 21:55:12 +01:00
Nick Liu
9abac0970b Tests: Correct Codeception method signature in \Helper\Base::_before() 2022-12-29 16:54:11 +01:00
Cameron
bc6d371942 Closes #4924 - sendEmail() updated. 2022-12-15 22:11:05 -08:00
Cameron
5f84a8253e Vendor folder upgrades: 
- Upgrading hybridauth/hybridauth (v3.8.0 => v3.8.2)
- Upgrading guzzlehttp/psr7 (1.8.5 => 1.9.0)
- Upgrading matthiasmullie/minify (1.3.68 => 1.3.70)
- Upgrading phpmailer/phpmailer (v6.6.0 => v6.7.1)
 2022-12-15 20:46:33 -08:00
Cameron
78d4809d15 Closes #4922 - Option for plugins to extend notification routing. 2022-12-13 18:30:12 -08:00
Cameron
05b1b040c8 Closes #4922 - Option for plugins to extend notification routing. 2022-12-13 18:23:48 -08:00
Cameron
d12d3f1333 Closes #3701 Plugin builder class moved to its own file. Default plugin icons are now created if an images/ folder is not found. Simple test added for detecting PHP notices etc. Some cleanup of generated code. 2022-12-12 15:00:30 -08:00
Cameron
93a05dc777 Closes #4919 - Enhancement: plugins may now use their own custom email templates with sendEmail(); 2022-12-10 08:47:01 -08:00
Nick Liu
ae3c57a5b4 Tests: MDEV-29446 workaround: Ignore COLLATE clause in SHOW CREATE TABLE 
https://jira.mariadb.org/browse/MDEV-29446 changes the output of
`SHOW CREATE TABLE`, which MySQL and MariaDB 10.2 and older do not do.

To tolerate the new behavior, this change strips the `COLLATE` clause
from the `SHOW CREATE TABLE` output to ignore it.

Fixes: https://github.com/e107inc/e107/issues/4912
 2022-11-30 17:57:48 -06:00
Nick Liu
00b1d754b0 Login flow consistency: Do not use redirect in admin area login box 
The non-admin login flow does not perform a redirect, but the admin
login flow did. This led to an inconsistency in how the authentication
error message was passed.

Fixes: https://github.com/e107inc/e107/issues/4779
 2022-09-07 12:32:02 -05:00
Cameron
a181afcbd8 Issue #4826 Corrected static redirection. 2022-07-26 12:35:06 -07:00
Cameron
c4bcf0a663 Fixes #4826 - redirect dynamic content on static domain. 2022-07-19 16:32:33 -07:00
Cameron
8bf3481eaf Added e107::getEvent()->triggered() for manually checking if an event has already been triggered. 2022-06-07 12:33:50 -07:00
Cameron
8ec6e3a0dd Addition linkwords test. 2022-05-29 11:18:24 -07:00
Cameron
903f51561f Fixes #4766 User-audit login event data. 2022-05-10 10:21:05 -07:00
Cameron
4d6a5ea310 Fixes #4758 Admin-UI hidden field $parms were not being applied. 2022-04-19 07:15:23 -07:00
Cameron
f8b04b64d4 Fixes #4751 - Form tabs issue. Test added. 2022-04-07 13:11:56 -07:00
Cameron
93b2926227 Removed SEF Url config from Bootstrap5. Added missing prefs to default install. Moved popup tips during installation to their own icon. Adjusted acceptance test. 2022-04-07 07:15:30 -07:00
Cameron
a9b3d830ac Tweak acceptance test. 2022-04-06 19:43:01 -07:00
Cameron
dd7af9b222 Update acceptance test for BS5. 2022-04-06 19:33:03 -07:00
Cameron
02a7e08902 Fixes #4750 - News image placeholder. Adds another news-grid layout. 2022-04-06 12:09:58 -07:00
Cameron
9ed3007b71 Test fixes. 2022-04-06 08:44:45 -07:00
Cameron
196f952db8 Closes #4514 Theme developers can now set the default style, just as they would with the default layout. 2022-04-06 08:37:13 -07:00
Cameron
8df5e187b3 Fix for test. 2022-04-06 06:39:45 -07:00
Cameron
6eff4cb5f7 Closes #4748 - Bootstrap5 Theme enhancements. Bootswatch 5. 2022-04-05 19:49:08 -07:00
Cameron
45372f285c Fixes #4747 - wysiwyg editor value retention. 2022-04-05 09:56:25 -07:00
Cameron
55980a29a8 Generated PHPDoc for all classes in e107_handlers where one was missing. toNumber() updated to always return int or float. 2022-04-04 10:54:24 -07:00
Cameron
e801b02dee Closes #4744 - Media-Manager default set to Grid. New CSS grid added. Extra tests added for toGlyph(). Added wildcard mime-type filters in Media-Manager. 2022-04-02 09:34:06 -07:00
Cameron
025ff07aab Fixes #4737 Removal of type="text/javascript" and type="text/css" 2022-03-31 08:24:34 -07:00
Cameron
f922456a8f Fixes #4706 'quote' bbcode in TinyMce and fixes fatal error under PHP 8.1 (LAN_WROTE) 2022-03-29 13:59:25 -07:00
Cameron
8f2776bc46 Linkwords: Ignore commented HTML code during processing. 2022-03-15 13:47:46 -07:00
Cameron
a459057d68 Possible fix for failing tests. 2022-03-12 12:01:20 -08:00
Cameron
748fd4b9b6 Fixes #4700 - linkwords inconsistencies. 2022-03-12 11:50:27 -08:00
Cameron
4032c2954f Issue #3778 - page/e_sitelink cleanup and optimization. Test added. Fixed bookNav() which should only return book links. 2022-03-11 18:01:56 -08:00
Nick Liu
169efa09b9 e_parse::toAttributes(): New API to concatenate HTML attributes 
`e_parse::toAttributes()` is an expansion of the formerly private method
`e_form::attributes()`. Now, all client code can use
`e_parse::toAttributes()` to make it easy to concatenate variable-length
HTML attributes. Values are guaranteed to be encoded so that they cannot
escape an HTML attribute value.

All client code usages are encouraged to build HTML tags with this new
method to prevent cross-site scripting (XSS) attacks and prevent
breaking the HTML validity due to improperly escaped HTML attributes.

This new method is an extension to `e_parse::toAttribute()`, which
escaped one single HTML attribute value.
 2022-02-06 16:49:56 +01:00
Cameron
56bb8200a1 Corrected PHP 8.1 warnings. 2022-01-13 11:31:20 -08:00
Nick Liu
3f59b3bc14 Suppress uncaught Hybridauth exceptions in e_user_provider 
And add a check for those exceptions in
`social_ui::generateSocialLoginSection()`

Fixes: #4192
 2021-12-28 12:04:28 +01:00