mirror of
https://github.com/flarum/core.git
synced 2025-08-23 16:43:21 +02:00
Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
8149397850 | ||
|
1ced907e52 | ||
|
|
17c5a40740 | ||
|
|
440bed81b8 | ||
|
|
eeb8fe1443 | ||
|
11b1ab5932 | ||
|
|
6f34c43dc1 | ||
|
8ced9eef45 | ||
|
|
8af52153e4 | ||
|
|
2c5e5f13dd | ||
|
|
1bbfea4aa3 | ||
|
|
16f3ae9d1e |
10
CHANGELOG.md
10
CHANGELOG.md
@@ -1,5 +1,15 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## [1.0.2](https://github.com/flarum/core/compare/v1.0.1...v1.0.2)
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
- Critical XSS vulnerability
|
||||||
|
|
||||||
|
## [1.0.1](https://github.com/flarum/core/compare/v1.0.0...v1.0.1)
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
- Installation fails on environments without proc_* functions enabled or mysql client binary (https://github.com/flarum/core/issues/2890)
|
||||||
|
|
||||||
## [1.0.0](https://github.com/flarum/core/compare/v0.1.0-beta.16...v1.0.0)
|
## [1.0.0](https://github.com/flarum/core/compare/v0.1.0-beta.16...v1.0.0)
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|||||||
2
js/dist/admin.js
generated
vendored
2
js/dist/admin.js
generated
vendored
File diff suppressed because one or more lines are too long
2
js/dist/admin.js.map
generated
vendored
2
js/dist/admin.js.map
generated
vendored
File diff suppressed because one or more lines are too long
2
js/dist/forum.js
generated
vendored
2
js/dist/forum.js
generated
vendored
File diff suppressed because one or more lines are too long
2
js/dist/forum.js.map
generated
vendored
2
js/dist/forum.js.map
generated
vendored
File diff suppressed because one or more lines are too long
12
js/package-lock.json
generated
12
js/package-lock.json
generated
@@ -7552,9 +7552,9 @@
|
|||||||
"integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
|
"integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
|
||||||
},
|
},
|
||||||
"node_modules/ws": {
|
"node_modules/ws": {
|
||||||
"version": "7.4.5",
|
"version": "7.4.6",
|
||||||
"resolved": "https://registry.npmjs.org/ws/-/ws-7.4.5.tgz",
|
"resolved": "https://registry.npmjs.org/ws/-/ws-7.4.6.tgz",
|
||||||
"integrity": "sha512-xzyu3hFvomRfXKH8vOFMU3OguG6oOvhXMo3xsGy3xWExqaM2dxBbVxuD99O7m3ZUFMvvscsZDqxfgMaRr/Nr1g==",
|
"integrity": "sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A==",
|
||||||
"dev": true,
|
"dev": true,
|
||||||
"engines": {
|
"engines": {
|
||||||
"node": ">=8.3.0"
|
"node": ">=8.3.0"
|
||||||
@@ -13723,9 +13723,9 @@
|
|||||||
"integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
|
"integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
|
||||||
},
|
},
|
||||||
"ws": {
|
"ws": {
|
||||||
"version": "7.4.5",
|
"version": "7.4.6",
|
||||||
"resolved": "https://registry.npmjs.org/ws/-/ws-7.4.5.tgz",
|
"resolved": "https://registry.npmjs.org/ws/-/ws-7.4.6.tgz",
|
||||||
"integrity": "sha512-xzyu3hFvomRfXKH8vOFMU3OguG6oOvhXMo3xsGy3xWExqaM2dxBbVxuD99O7m3ZUFMvvscsZDqxfgMaRr/Nr1g==",
|
"integrity": "sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A==",
|
||||||
"dev": true,
|
"dev": true,
|
||||||
"requires": {}
|
"requires": {}
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -48,12 +48,23 @@ export default class Translator {
|
|||||||
// future there should be a hook here to inspect the user and change the
|
// future there should be a hook here to inspect the user and change the
|
||||||
// translation key. This will allow a gender property to determine which
|
// translation key. This will allow a gender property to determine which
|
||||||
// translation key is used.
|
// translation key is used.
|
||||||
|
|
||||||
if ('user' in parameters) {
|
if ('user' in parameters) {
|
||||||
const user = extract(parameters, 'user');
|
const user = extract(parameters, 'user');
|
||||||
|
|
||||||
if (!parameters.username) parameters.username = username(user);
|
if (!parameters.username) parameters.username = username(user);
|
||||||
}
|
}
|
||||||
return parameters;
|
|
||||||
|
const escapedParameters: TranslatorParameters = {};
|
||||||
|
|
||||||
|
for (const param in parameters) {
|
||||||
|
const paramValue = parameters[param];
|
||||||
|
|
||||||
|
if (typeof paramValue === 'string') escapedParameters[param] = <>{parameters[param]}</>;
|
||||||
|
else escapedParameters[param] = parameters[param];
|
||||||
|
}
|
||||||
|
|
||||||
|
return escapedParameters;
|
||||||
}
|
}
|
||||||
|
|
||||||
trans(id: string, parameters: TranslatorParameters = {}) {
|
trans(id: string, parameters: TranslatorParameters = {}) {
|
||||||
@@ -13,8 +13,6 @@ use Exception;
|
|||||||
use Flarum\Extension\Extension;
|
use Flarum\Extension\Extension;
|
||||||
use Illuminate\Database\ConnectionInterface;
|
use Illuminate\Database\ConnectionInterface;
|
||||||
use Illuminate\Database\MySqlConnection;
|
use Illuminate\Database\MySqlConnection;
|
||||||
use Illuminate\Database\Schema\Builder;
|
|
||||||
use Illuminate\Database\Schema\SchemaState;
|
|
||||||
use Illuminate\Filesystem\Filesystem;
|
use Illuminate\Filesystem\Filesystem;
|
||||||
use InvalidArgumentException;
|
use InvalidArgumentException;
|
||||||
use Symfony\Component\Console\Output\OutputInterface;
|
use Symfony\Component\Console\Output\OutputInterface;
|
||||||
@@ -38,31 +36,16 @@ class Migrator
|
|||||||
*/
|
*/
|
||||||
protected $files;
|
protected $files;
|
||||||
|
|
||||||
/**
|
|
||||||
* The database schema builder instance.
|
|
||||||
*
|
|
||||||
* @var Builder
|
|
||||||
*/
|
|
||||||
protected $schemaBuilder;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The DB table prefix.
|
|
||||||
*/
|
|
||||||
protected $tablePrefix;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The database schema builder instance.
|
|
||||||
*
|
|
||||||
* @var SchemaState
|
|
||||||
*/
|
|
||||||
protected $schemaState;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The output interface implementation.
|
* The output interface implementation.
|
||||||
*
|
*
|
||||||
* @var OutputInterface
|
* @var OutputInterface
|
||||||
*/
|
*/
|
||||||
protected $output;
|
protected $output;
|
||||||
|
/**
|
||||||
|
* @var ConnectionInterface|MySqlConnection
|
||||||
|
*/
|
||||||
|
protected $connection;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a new migrator instance.
|
* Create a new migrator instance.
|
||||||
@@ -83,9 +66,7 @@ class Migrator
|
|||||||
throw new InvalidArgumentException('Only MySQL connections are supported');
|
throw new InvalidArgumentException('Only MySQL connections are supported');
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->tablePrefix = $connection->getTablePrefix();
|
$this->connection = $connection;
|
||||||
$this->schemaBuilder = $connection->getSchemaBuilder();
|
|
||||||
$this->schemaState = $connection->getSchemaState();
|
|
||||||
|
|
||||||
// Workaround for https://github.com/laravel/framework/issues/1186
|
// Workaround for https://github.com/laravel/framework/issues/1186
|
||||||
$connection->getDoctrineSchemaManager()->getDatabasePlatform()->registerDoctrineTypeMapping('enum', 'string');
|
$connection->getDoctrineSchemaManager()->getDatabasePlatform()->registerDoctrineTypeMapping('enum', 'string');
|
||||||
@@ -218,7 +199,7 @@ class Migrator
|
|||||||
protected function runClosureMigration($migration, $direction = 'up')
|
protected function runClosureMigration($migration, $direction = 'up')
|
||||||
{
|
{
|
||||||
if (is_array($migration) && array_key_exists($direction, $migration)) {
|
if (is_array($migration) && array_key_exists($direction, $migration)) {
|
||||||
call_user_func($migration[$direction], $this->schemaBuilder);
|
call_user_func($migration[$direction], $this->connection->getSchemaBuilder());
|
||||||
} else {
|
} else {
|
||||||
throw new Exception('Migration file should contain an array with up/down.');
|
throw new Exception('Migration file should contain an array with up/down.');
|
||||||
}
|
}
|
||||||
@@ -275,27 +256,31 @@ class Migrator
|
|||||||
{
|
{
|
||||||
$schemaPath = "$path/install.dump";
|
$schemaPath = "$path/install.dump";
|
||||||
|
|
||||||
// If we can't create a tmp file, fall back to the vendor directory.
|
|
||||||
$schemaWithPrefixes = tempnam(sys_get_temp_dir(), 'install');
|
|
||||||
if (! $schemaWithPrefixes) {
|
|
||||||
$schemaWithPrefixes = "$path/install_dump.dump.tmp";
|
|
||||||
}
|
|
||||||
|
|
||||||
$currDumpFile = file_get_contents($schemaPath);
|
|
||||||
|
|
||||||
file_put_contents($schemaWithPrefixes, str_replace('db_prefix_', $this->tablePrefix, $currDumpFile));
|
|
||||||
|
|
||||||
$this->note('<info>Loading stored database schema:</info>');
|
|
||||||
$startTime = microtime(true);
|
$startTime = microtime(true);
|
||||||
|
|
||||||
$this->schemaState->handleOutputUsing(function ($type, $buffer) {
|
$dump = file_get_contents($schemaPath);
|
||||||
$this->output->write($buffer);
|
|
||||||
})->load($schemaWithPrefixes);
|
$this->connection->getSchemaBuilder()->disableForeignKeyConstraints();
|
||||||
|
|
||||||
|
foreach (explode(';', $dump) as $statement) {
|
||||||
|
$statement = trim($statement);
|
||||||
|
|
||||||
|
if (empty($statement) || substr($statement, 0, 2) === '/*') {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
$statement = str_replace(
|
||||||
|
'db_prefix_',
|
||||||
|
$this->connection->getTablePrefix(),
|
||||||
|
$statement
|
||||||
|
);
|
||||||
|
$this->connection->statement($statement);
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->connection->getSchemaBuilder()->enableForeignKeyConstraints();
|
||||||
|
|
||||||
$runTime = number_format((microtime(true) - $startTime) * 1000, 2);
|
$runTime = number_format((microtime(true) - $startTime) * 1000, 2);
|
||||||
$this->note('<info>Loaded stored database schema.</info> ('.$runTime.'ms)');
|
$this->note('<info>Loaded stored database schema.</info> ('.$runTime.'ms)');
|
||||||
|
|
||||||
unlink($schemaWithPrefixes);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ class Application
|
|||||||
*
|
*
|
||||||
* @var string
|
* @var string
|
||||||
*/
|
*/
|
||||||
const VERSION = '1.0.0';
|
const VERSION = '1.0.2';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The IoC container for the Flarum application.
|
* The IoC container for the Flarum application.
|
||||||
|
|||||||
Reference in New Issue
Block a user