mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-07-31 18:30:20 +02:00
Code Issues Releases Wiki Activity

Merge branch 'dev'

Browse Source
This commit is contained in:
Awilum
2016-04-05 22:50:07 +03:00
parent 9181877d2d 16a0014c2b
commit 78e7b83fbe
6 changed files with 43 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.htaccess
View File

@@ -59,5 +59,10 @@ AddDefaultCharset UTF-8
Satisfy All
</FilesMatch>
# Allow read files.
<Files robots.txt>
Allow from all
</Files>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes

8
CHANGELOG.md
View File

@@ -1,3 +1,11 @@
Monstra 3.0.4, 2016-04-05
------------------------
- Fixed User Security by adding a check that compares POST id with SESSION
id for none admin edits
- Fixed ability to read robots.txt
- Stylesheet: Changed minified URIs to eliminate query strings
Monstra 3.0.3, 2016-01-29
------------------------
- Improved Monstra Security

2
engine/Monstra.php
View File

@@ -31,7 +31,7 @@ class Monstra
/**
* The version of Monstra
*/
const VERSION = '3.0.3';
const VERSION = '3.0.4';
/**

4
engine/Plugin/Javascript.php
View File

@@ -59,7 +59,7 @@ class Javascript
public static function load()
{
$backend_site_js_path = MINIFY . DS . 'backend_site.minify.js';
$frontend_site_js_path = MINIFY . DS . 'frontend_site.minify.js';
$frontend_site_js_path = MINIFY . DS . 'frontend_site.minify.'.Option::get('javascript_version').'.js';
// Load javascripts
if (count(Javascript::$javascripts) > 0) {
@@ -122,7 +122,7 @@ class Javascript
if (BACKEND) {
echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/backend_site.minify.js?'.Option::get('javascript_version').'"></script>';
} else {
echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.js?'.Option::get('javascript_version').'"></script>'."\n";
echo '<script type="text/javascript" src="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.'.Option::get('javascript_version').'.js"></script>'."\n";
}
}
}

4
engine/Plugin/Stylesheet.php
View File

@@ -59,7 +59,7 @@ class Stylesheet
public static function load()
{
$backend_site_css_path = MINIFY . DS . 'backend_site.minify.css';
$frontend_site_css_path = MINIFY . DS . 'frontend_site.minify.css';
$frontend_site_css_path = MINIFY . DS . 'frontend_site.minify.'.Option::get('styles_version').'.css';
// Load stylesheets
if (count(Stylesheet::$stylesheets) > 0) {
@@ -124,7 +124,7 @@ class Stylesheet
if (BACKEND) {
echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/backend_site.minify.css?'.Option::get('styles_version').'" type="text/css" />';
} else {
echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.css?'.Option::get('styles_version').'" type="text/css" />'."\n";
echo '<link rel="stylesheet" href="'.Option::get('siteurl').'/tmp/minify/frontend_site.minify.'.Option::get('styles_version').'.css" type="text/css" />'."\n";
}
}
}

5
plugins/box/users/users.plugin.php
View File

@@ -229,6 +229,9 @@ class Users extends Frontend
// Check csrf
if (Security::check(Request::post('csrf'))) {
// Check for POST data manipulation
if( ((int) Session::get('user_id') == (int) Request::post('user_id')) or (in_array(Session::get('user_role'), array('admin'))) ) {
if (Security::safeName(Request::post('login')) != '') {
if (Users::$users->update(Request::post('user_id'),
array('login' => Security::safeName(Request::post('login')),
@@ -249,6 +252,8 @@ class Users extends Frontend
}
} else { }
} else { die('Monstra says: This is not your profile...'); }
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
}