mirror of
https://github.com/monstra-cms/monstra.git
synced 2025-08-02 11:20:52 +02:00
Merge branch 'dev'
This commit is contained in:
Awilum
@@ -59,5 +59,10 @@ AddDefaultCharset UTF-8
|
|||||||
Satisfy All
|
Satisfy All
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
|
||||||
|
# Allow read files.
|
||||||
|
<Files robots.txt>
|
||||||
|
Allow from all
|
||||||
|
</Files>
|
||||||
|
|
||||||
# Don't show directory listings for URLs which map to a directory.
|
# Don't show directory listings for URLs which map to a directory.
|
||||||
Options -Indexes
|
Options -Indexes
|
||||||
|
|||||||
@@ -1,3 +1,11 @@
|
|||||||
|
Monstra 3.0.4, 2016-04-05
|
||||||
|
------------------------
|
||||||
|
- Fixed User Security by adding a check that compares POST id with SESSION
|
||||||
|
id for none admin edits
|
||||||
|
- Fixed ability to read robots.txt
|
||||||
|
- Stylesheet: Changed minified URIs to eliminate query strings
|
||||||
|
|
||||||
|
|
||||||
Monstra 3.0.3, 2016-01-29
|
Monstra 3.0.3, 2016-01-29
|
||||||
------------------------
|
------------------------
|
||||||
- Improved Monstra Security
|
- Improved Monstra Security
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ class Monstra
|
|||||||
/**
|
/**
|
||||||
* The version of Monstra
|
* The version of Monstra
|
||||||
*/
|
*/
|
||||||
const VERSION = '3.0.3';
|
const VERSION = '3.0.4';
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -59,7 +59,7 @@ class Javascript
|
|||||||
public static function load()
|
public static function load()
|
||||||
{
|
{
|
||||||
$backend_site_js_path = MINIFY . DS . 'backend_site.minify.js';
|
$backend_site_js_path = MINIFY . DS . 'backend_site.minify.js';
|
||||||
$frontend_site_js_path = MINIFY . DS . 'frontend_site.minify.js';
|
$frontend_site_js_path = MINIFY . DS . 'frontend_site.minify.'.Option::get('javascript_version').'.js';
|
||||||
|
|
||||||
// Load javascripts
|
// Load javascripts
|
||||||
if (count(Javascript::$javascripts) > 0) {
|
if (count(Javascript::$javascripts) > 0) {
|
||||||
@@ -122,7 +122,7 @@ class Javascript
|
|||||||
if (BACKEND) {
|
if (BACKEND) {
|
||||||
echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/backend_site.minify.js?'.Option::get('javascript_version').'"></script>';
|
echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/backend_site.minify.js?'.Option::get('javascript_version').'"></script>';
|
||||||
} else {
|
} else {
|
||||||
echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.js?'.Option::get('javascript_version').'"></script>'."\n";
|
echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.'.Option::get('javascript_version').'.js"></script>'."\n";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -59,7 +59,7 @@ class Stylesheet
|
|||||||
public static function load()
|
public static function load()
|
||||||
{
|
{
|
||||||
$backend_site_css_path = MINIFY . DS . 'backend_site.minify.css';
|
$backend_site_css_path = MINIFY . DS . 'backend_site.minify.css';
|
||||||
$frontend_site_css_path = MINIFY . DS . 'frontend_site.minify.css';
|
$frontend_site_css_path = MINIFY . DS . 'frontend_site.minify.'.Option::get('styles_version').'.css';
|
||||||
|
|
||||||
// Load stylesheets
|
// Load stylesheets
|
||||||
if (count(Stylesheet::$stylesheets) > 0) {
|
if (count(Stylesheet::$stylesheets) > 0) {
|
||||||
@@ -124,7 +124,7 @@ class Stylesheet
|
|||||||
if (BACKEND) {
|
if (BACKEND) {
|
||||||
echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/backend_site.minify.css?'.Option::get('styles_version').'" type="text/css" />';
|
echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/backend_site.minify.css?'.Option::get('styles_version').'" type="text/css" />';
|
||||||
} else {
|
} else {
|
||||||
echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.css?'.Option::get('styles_version').'" type="text/css" />'."\n";
|
echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.'.Option::get('styles_version').'.css" type="text/css" />'."\n";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -228,27 +228,32 @@ class Users extends Frontend
|
|||||||
|
|
||||||
// Check csrf
|
// Check csrf
|
||||||
if (Security::check(Request::post('csrf'))) {
|
if (Security::check(Request::post('csrf'))) {
|
||||||
|
|
||||||
if (Security::safeName(Request::post('login')) != '') {
|
// Check for POST data manipulation
|
||||||
if (Users::$users->update(Request::post('user_id'),
|
if( ((int) Session::get('user_id') == (int) Request::post('user_id')) or (in_array(Session::get('user_role'), array('admin'))) ) {
|
||||||
array('login' => Security::safeName(Request::post('login')),
|
|
||||||
'firstname' => Request::post('firstname'),
|
if (Security::safeName(Request::post('login')) != '') {
|
||||||
'lastname' => Request::post('lastname'),
|
if (Users::$users->update(Request::post('user_id'),
|
||||||
'email' => Request::post('email'),
|
array('login' => Security::safeName(Request::post('login')),
|
||||||
'skype' => Request::post('skype'),
|
'firstname' => Request::post('firstname'),
|
||||||
'about_me' => Request::post('about_me'),
|
'lastname' => Request::post('lastname'),
|
||||||
'twitter' => Request::post('twitter')))) {
|
'email' => Request::post('email'),
|
||||||
|
'skype' => Request::post('skype'),
|
||||||
// Change password
|
'about_me' => Request::post('about_me'),
|
||||||
if (trim(Request::post('new_password')) != '') {
|
'twitter' => Request::post('twitter')))) {
|
||||||
Users::$users->update(Request::post('user_id'), array('password' => Security::encryptPassword(trim(Request::post('new_password')))));
|
|
||||||
|
// Change password
|
||||||
|
if (trim(Request::post('new_password')) != '') {
|
||||||
|
Users::$users->update(Request::post('user_id'), array('password' => Security::encryptPassword(trim(Request::post('new_password')))));
|
||||||
|
}
|
||||||
|
|
||||||
|
Notification::set('success', __('Your changes have been saved.', 'users'));
|
||||||
|
Request::redirect(Site::url().'/users/'.$user['id']);
|
||||||
}
|
}
|
||||||
|
} else { }
|
||||||
Notification::set('success', __('Your changes have been saved.', 'users'));
|
|
||||||
Request::redirect(Site::url().'/users/'.$user['id']);
|
} else { die('Monstra says: This is not your profile...'); }
|
||||||
}
|
|
||||||
} else { }
|
|
||||||
|
|
||||||
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user