mirror of
https://github.com/monstra-cms/monstra.git
synced 2025-07-09 23:56:26 +02:00
Merge branch 'dev'
This commit is contained in:
Awilum
@ -59,5 +59,10 @@ AddDefaultCharset UTF-8
|
||||
Satisfy All
|
||||
</FilesMatch>
|
||||
|
||||
# Allow read files.
|
||||
<Files robots.txt>
|
||||
Allow from all
|
||||
</Files>
|
||||
|
||||
# Don't show directory listings for URLs which map to a directory.
|
||||
Options -Indexes
|
||||
|
||||
@ -1,3 +1,11 @@
|
||||
Monstra 3.0.4, 2016-04-05
|
||||
------------------------
|
||||
- Fixed User Security by adding a check that compares POST id with SESSION
|
||||
id for none admin edits
|
||||
- Fixed ability to read robots.txt
|
||||
- Stylesheet: Changed minified URIs to eliminate query strings
|
||||
|
||||
|
||||
Monstra 3.0.3, 2016-01-29
|
||||
------------------------
|
||||
- Improved Monstra Security
|
||||
|
||||
@ -31,7 +31,7 @@ class Monstra
|
||||
/**
|
||||
* The version of Monstra
|
||||
*/
|
||||
const VERSION = '3.0.3';
|
||||
const VERSION = '3.0.4';
|
||||
|
||||
|
||||
/**
|
||||
|
||||
@ -59,7 +59,7 @@ class Javascript
|
||||
public static function load()
|
||||
{
|
||||
$backend_site_js_path = MINIFY . DS . 'backend_site.minify.js';
|
||||
$frontend_site_js_path = MINIFY . DS . 'frontend_site.minify.js';
|
||||
$frontend_site_js_path = MINIFY . DS . 'frontend_site.minify.'.Option::get('javascript_version').'.js';
|
||||
|
||||
// Load javascripts
|
||||
if (count(Javascript::$javascripts) > 0) {
|
||||
@ -122,7 +122,7 @@ class Javascript
|
||||
if (BACKEND) {
|
||||
echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/backend_site.minify.js?'.Option::get('javascript_version').'"></script>';
|
||||
} else {
|
||||
echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.js?'.Option::get('javascript_version').'"></script>'."\n";
|
||||
echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.'.Option::get('javascript_version').'.js"></script>'."\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -59,7 +59,7 @@ class Stylesheet
|
||||
public static function load()
|
||||
{
|
||||
$backend_site_css_path = MINIFY . DS . 'backend_site.minify.css';
|
||||
$frontend_site_css_path = MINIFY . DS . 'frontend_site.minify.css';
|
||||
$frontend_site_css_path = MINIFY . DS . 'frontend_site.minify.'.Option::get('styles_version').'.css';
|
||||
|
||||
// Load stylesheets
|
||||
if (count(Stylesheet::$stylesheets) > 0) {
|
||||
@ -124,7 +124,7 @@ class Stylesheet
|
||||
if (BACKEND) {
|
||||
echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/backend_site.minify.css?'.Option::get('styles_version').'" type="text/css" />';
|
||||
} else {
|
||||
echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.css?'.Option::get('styles_version').'" type="text/css" />'."\n";
|
||||
echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.'.Option::get('styles_version').'.css" type="text/css" />'."\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -228,27 +228,32 @@ class Users extends Frontend
|
||||
|
||||
// Check csrf
|
||||
if (Security::check(Request::post('csrf'))) {
|
||||
|
||||
if (Security::safeName(Request::post('login')) != '') {
|
||||
if (Users::$users->update(Request::post('user_id'),
|
||||
array('login' => Security::safeName(Request::post('login')),
|
||||
'firstname' => Request::post('firstname'),
|
||||
'lastname' => Request::post('lastname'),
|
||||
'email' => Request::post('email'),
|
||||
'skype' => Request::post('skype'),
|
||||
'about_me' => Request::post('about_me'),
|
||||
'twitter' => Request::post('twitter')))) {
|
||||
|
||||
// Change password
|
||||
if (trim(Request::post('new_password')) != '') {
|
||||
Users::$users->update(Request::post('user_id'), array('password' => Security::encryptPassword(trim(Request::post('new_password')))));
|
||||
|
||||
// Check for POST data manipulation
|
||||
if( ((int) Session::get('user_id') == (int) Request::post('user_id')) or (in_array(Session::get('user_role'), array('admin'))) ) {
|
||||
|
||||
if (Security::safeName(Request::post('login')) != '') {
|
||||
if (Users::$users->update(Request::post('user_id'),
|
||||
array('login' => Security::safeName(Request::post('login')),
|
||||
'firstname' => Request::post('firstname'),
|
||||
'lastname' => Request::post('lastname'),
|
||||
'email' => Request::post('email'),
|
||||
'skype' => Request::post('skype'),
|
||||
'about_me' => Request::post('about_me'),
|
||||
'twitter' => Request::post('twitter')))) {
|
||||
|
||||
// Change password
|
||||
if (trim(Request::post('new_password')) != '') {
|
||||
Users::$users->update(Request::post('user_id'), array('password' => Security::encryptPassword(trim(Request::post('new_password')))));
|
||||
}
|
||||
|
||||
Notification::set('success', __('Your changes have been saved.', 'users'));
|
||||
Request::redirect(Site::url().'/users/'.$user['id']);
|
||||
}
|
||||
|
||||
Notification::set('success', __('Your changes have been saved.', 'users'));
|
||||
Request::redirect(Site::url().'/users/'.$user['id']);
|
||||
}
|
||||
} else { }
|
||||
|
||||
} else { }
|
||||
|
||||
} else { die('Monstra says: This is not your profile...'); }
|
||||
|
||||
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user