mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-08-02 11:20:52 +02:00
Code Issues Releases Wiki Activity

Merge branch 'dev'

Browse Source
This commit is contained in:
Awilum
2016-04-05 22:50:07 +03:00
parent 9181877d2d 16a0014c2b
commit 78e7b83fbe
6 changed files with 43 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.htaccess
View File

@@ -59,5 +59,10 @@ AddDefaultCharset UTF-8
Satisfy All Satisfy All
</FilesMatch> </FilesMatch>
# Allow read files.
<Files robots.txt>
Allow from all
</Files>
# Don't show directory listings for URLs which map to a directory. # Don't show directory listings for URLs which map to a directory.
Options -Indexes Options -Indexes

8
CHANGELOG.md
View File

@@ -1,3 +1,11 @@
Monstra 3.0.4, 2016-04-05
------------------------
- Fixed User Security by adding a check that compares POST id with SESSION
id for none admin edits
- Fixed ability to read robots.txt
- Stylesheet: Changed minified URIs to eliminate query strings
Monstra 3.0.3, 2016-01-29 Monstra 3.0.3, 2016-01-29
------------------------ ------------------------
- Improved Monstra Security - Improved Monstra Security

2
engine/Monstra.php
View File

@@ -31,7 +31,7 @@ class Monstra
/** /**
* The version of Monstra * The version of Monstra
*/ */
const VERSION = '3.0.3'; const VERSION = '3.0.4';
/** /**

4
engine/Plugin/Javascript.php
View File

@@ -59,7 +59,7 @@ class Javascript
public static function load() public static function load()
{ {
$backend_site_js_path = MINIFY . DS . 'backend_site.minify.js'; $backend_site_js_path = MINIFY . DS . 'backend_site.minify.js';
$frontend_site_js_path = MINIFY . DS . 'frontend_site.minify.js'; $frontend_site_js_path = MINIFY . DS . 'frontend_site.minify.'.Option::get('javascript_version').'.js';
// Load javascripts // Load javascripts
if (count(Javascript::$javascripts) > 0) { if (count(Javascript::$javascripts) > 0) {
@@ -122,7 +122,7 @@ class Javascript
if (BACKEND) { if (BACKEND) {
echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/backend_site.minify.js?'.Option::get('javascript_version').'"></script>'; echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/backend_site.minify.js?'.Option::get('javascript_version').'"></script>';
} else { } else {
echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.js?'.Option::get('javascript_version').'"></script>'."\n"; echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.'.Option::get('javascript_version').'.js"></script>'."\n";
} }
} }
} }

4
engine/Plugin/Stylesheet.php
View File

@@ -59,7 +59,7 @@ class Stylesheet
public static function load() public static function load()
{ {
$backend_site_css_path = MINIFY . DS . 'backend_site.minify.css'; $backend_site_css_path = MINIFY . DS . 'backend_site.minify.css';
$frontend_site_css_path = MINIFY . DS . 'frontend_site.minify.css'; $frontend_site_css_path = MINIFY . DS . 'frontend_site.minify.'.Option::get('styles_version').'.css';
// Load stylesheets // Load stylesheets
if (count(Stylesheet::$stylesheets) > 0) { if (count(Stylesheet::$stylesheets) > 0) {
@@ -124,7 +124,7 @@ class Stylesheet
if (BACKEND) { if (BACKEND) {
echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/backend_site.minify.css?'.Option::get('styles_version').'" type="text/css" />'; echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/backend_site.minify.css?'.Option::get('styles_version').'" type="text/css" />';
} else { } else {
echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.css?'.Option::get('styles_version').'" type="text/css" />'."\n"; echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.'.Option::get('styles_version').'.css" type="text/css" />'."\n";
} }
} }
} }

5
plugins/box/users/users.plugin.php
View File

@@ -229,6 +229,9 @@ class Users extends Frontend
// Check csrf // Check csrf
if (Security::check(Request::post('csrf'))) { if (Security::check(Request::post('csrf'))) {
// Check for POST data manipulation
if( ((int) Session::get('user_id') == (int) Request::post('user_id')) or (in_array(Session::get('user_role'), array('admin'))) ) {
if (Security::safeName(Request::post('login')) != '') { if (Security::safeName(Request::post('login')) != '') {
if (Users::$users->update(Request::post('user_id'), if (Users::$users->update(Request::post('user_id'),
array('login' => Security::safeName(Request::post('login')), array('login' => Security::safeName(Request::post('login')),
@@ -249,6 +252,8 @@ class Users extends Frontend
} }
} else { } } else { }
} else { die('Monstra says: This is not your profile...'); }
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
} }