mirror of
https://github.com/typemill/typemill.git
synced 2025-08-07 14:46:29 +02:00
Version 1.4.6: Change content, CSRF-notification, fix blox editor, alert for raw editor, cyanine optimizations
This commit is contained in:
trendschau
@@ -76,6 +76,12 @@ class AuthController extends Controller
|
||||
|
||||
public function login(Request $request, Response $response)
|
||||
{
|
||||
if( ( null !== $request->getattribute('csrf_result') ) OR ( $request->getattribute('csrf_result') === false ) )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'The form has a timeout, please try again.');
|
||||
return $response->withRedirect($this->c->router->pathFor('auth.show'));
|
||||
}
|
||||
|
||||
/* log user attemps to authenticate */
|
||||
$yaml = new WriteYaml();
|
||||
$logins = $yaml->getYaml('settings/users', '.logins');
|
||||
|
||||
@@ -325,7 +325,6 @@ class BlockApiController extends ContentController
|
||||
{
|
||||
return $response->withJson(['errors' => ['message' => 'Could not write to file. Please check if the file is writable']], 404);
|
||||
}
|
||||
|
||||
|
||||
/* parse markdown-file to content-array, if title parse title. */
|
||||
if($this->params['block_id'] == 0)
|
||||
|
||||
@@ -14,12 +14,19 @@ class FormController extends Controller
|
||||
public function savePublicForm($request, $response, $args)
|
||||
{
|
||||
if($request->isPost())
|
||||
{
|
||||
{
|
||||
$params = $request->getParams();
|
||||
reset($params);
|
||||
$pluginName = key($params);
|
||||
$referer = $request->getHeader('HTTP_REFERER');
|
||||
|
||||
# check csrf protection
|
||||
if($request->getattribute('csrf_result') === false )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'The form has a timeout. Please try again.');
|
||||
return $response->withRedirect($referer[0]);
|
||||
}
|
||||
|
||||
# simple bot check with honeypot
|
||||
if(isset($params[$pluginName]['personal-mail']))
|
||||
{
|
||||
|
||||
@@ -67,7 +67,14 @@ class SettingsController extends Controller
|
||||
public function saveSettings($request, $response, $args)
|
||||
{
|
||||
if($request->isPost())
|
||||
{
|
||||
{
|
||||
|
||||
if( $request->getattribute('csrf_result') === false )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'The form has a timeout, please try again.');
|
||||
return $response->withRedirect($this->c->router->pathFor('settings.show'));
|
||||
}
|
||||
|
||||
$settings = \Typemill\Settings::getUserSettings();
|
||||
$defaultSettings = \Typemill\Settings::getDefaultSettings();
|
||||
$params = $request->getParams();
|
||||
@@ -378,7 +385,13 @@ class SettingsController extends Controller
|
||||
public function saveThemes($request, $response, $args)
|
||||
{
|
||||
if($request->isPost())
|
||||
{
|
||||
{
|
||||
if( $request->getattribute('csrf_result') === false )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'The form has a timeout, please try again.');
|
||||
return $response->withRedirect($this->c->router->pathFor('themes.show'));
|
||||
}
|
||||
|
||||
$userSettings = \Typemill\Settings::getUserSettings();
|
||||
$params = $request->getParams();
|
||||
$themeName = isset($params['theme']) ? $params['theme'] : false;
|
||||
@@ -465,6 +478,13 @@ class SettingsController extends Controller
|
||||
{
|
||||
if($request->isPost())
|
||||
{
|
||||
|
||||
if( $request->getattribute('csrf_result') === false )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'The form has a timeout, please try again.');
|
||||
return $response->withRedirect($this->c->router->pathFor('plugins.show'));
|
||||
}
|
||||
|
||||
$userSettings = \Typemill\Settings::getUserSettings();
|
||||
$pluginSettings = array();
|
||||
$userInput = $request->getParams();
|
||||
@@ -764,6 +784,12 @@ class SettingsController extends Controller
|
||||
{
|
||||
if($request->isPost())
|
||||
{
|
||||
if( $request->getattribute('csrf_result') === false )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'The form has a timeout, please try again.');
|
||||
return $response->withRedirect($this->c->router->pathFor('user.new'));
|
||||
}
|
||||
|
||||
$params = $request->getParams();
|
||||
$user = new User();
|
||||
$validate = new Validation();
|
||||
@@ -793,6 +819,12 @@ class SettingsController extends Controller
|
||||
|
||||
if($request->isPost())
|
||||
{
|
||||
if( $request->getattribute('csrf_result') === false )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'The form has a timeout, please try again.');
|
||||
return $response->withRedirect($this->c->router->pathFor('user.account'));
|
||||
}
|
||||
|
||||
$params = $request->getParams();
|
||||
$userdata = $params['user'];
|
||||
$user = new User();
|
||||
@@ -886,7 +918,13 @@ class SettingsController extends Controller
|
||||
public function deleteUser($request, $response, $args)
|
||||
{
|
||||
if($request->isPost())
|
||||
{
|
||||
{
|
||||
if( $request->getattribute('csrf_result') === false )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'The form has a timeout, please try again.');
|
||||
return $response->withRedirect($this->c->router->pathFor('user.account'));
|
||||
}
|
||||
|
||||
$params = $request->getParams();
|
||||
$validate = new Validation();
|
||||
$user = new User();
|
||||
|
||||
@@ -62,6 +62,12 @@ class SetupController extends Controller
|
||||
{
|
||||
if($request->isPost())
|
||||
{
|
||||
if( $request->getattribute('csrf_result') === false )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'The form has a timeout, please try again.');
|
||||
return $response->withRedirect($this->c->router->pathFor('setup.welcome'));
|
||||
}
|
||||
|
||||
$params = $request->getParams();
|
||||
$validate = new Validation();
|
||||
$user = new User();
|
||||
|
||||
Reference in New Issue
Block a user