mirror of
https://github.com/typemill/typemill.git
synced 2025-08-06 22:26:32 +02:00
Version 1.2.10: Formatting Options for Visual Editor
This commit is contained in:
@@ -19,7 +19,7 @@ class FormController extends Controller
|
||||
reset($params);
|
||||
$pluginName = key($params);
|
||||
$referer = $request->getHeader('HTTP_REFERER');
|
||||
|
||||
|
||||
# simple bot check with honeypot
|
||||
if(isset($params[$pluginName]['personal-mail']))
|
||||
{
|
||||
@@ -31,6 +31,35 @@ class FormController extends Controller
|
||||
unset($params[$pluginName]['personal-mail']);
|
||||
}
|
||||
|
||||
#recaptcha check
|
||||
if(isset($params['g-recaptcha-response']))
|
||||
{
|
||||
$recaptchaApi = 'https://www.google.com/recaptcha/api/siteverify';
|
||||
$settings = $this->c->get('settings');
|
||||
$secret = isset($settings['plugins'][$pluginName]['recaptcha_secretkey']) ? $settings['plugins'][$pluginName]['recaptcha_secretkey'] : false;
|
||||
$recaptchaRequest = ['secret' => $secret, 'response' => $params['g-recaptcha-response']];
|
||||
|
||||
# use key 'http' even if you send the request to https://...
|
||||
$options = array(
|
||||
'http' => array(
|
||||
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
|
||||
'method' => 'POST',
|
||||
'content' => http_build_query($recaptchaRequest),
|
||||
'timeout' => 5
|
||||
)
|
||||
);
|
||||
|
||||
$context = stream_context_create($options);
|
||||
$result = file_get_contents($recaptchaApi, false, $context);
|
||||
$result = json_decode($result);
|
||||
|
||||
if ($result === FALSE || $result->success === FALSE)
|
||||
{
|
||||
$this->c->flash->addMessage('publicform', 'bot');
|
||||
return $response->withRedirect($referer[0]);
|
||||
}
|
||||
}
|
||||
|
||||
if(isset($params[$pluginName]))
|
||||
{
|
||||
# validate the user-input
|
||||
|
@@ -30,6 +30,17 @@ class SettingsController extends Controller
|
||||
{
|
||||
if($request->isPost())
|
||||
{
|
||||
$referer = $request->getHeader('HTTP_REFERER');
|
||||
$uri = $request->getUri();
|
||||
$base_url = $uri->getBaseUrl();
|
||||
|
||||
# security, users should not be able to fake post with settings from other typemill pages.
|
||||
if(!isset($referer[0]) OR $referer[0] !== $base_url . '/tm/settings' )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'illegal referer');
|
||||
return $response->withRedirect($this->c->router->pathFor('settings.show'));
|
||||
}
|
||||
|
||||
$settings = \Typemill\Settings::getUserSettings();
|
||||
$params = $request->getParams();
|
||||
$newSettings = isset($params['settings']) ? $params['settings'] : false;
|
||||
@@ -47,16 +58,16 @@ class SettingsController extends Controller
|
||||
'editor' => $newSettings['editor'],
|
||||
);
|
||||
|
||||
$copyright = $this->getCopyright();
|
||||
$copyright = $this->getCopyright();
|
||||
|
||||
$validate->settings($newSettings, $copyright, 'settings');
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'Wrong Input');
|
||||
return $response->withRedirect($this->c->router->pathFor('settings.show'));
|
||||
return $response->withRedirect($this->c->router->pathFor('settings.show'));
|
||||
}
|
||||
|
||||
|
||||
if(isset($_SESSION['errors']))
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'Please correct the errors');
|
||||
@@ -133,7 +144,7 @@ class SettingsController extends Controller
|
||||
|
||||
/* iterate through the plugins in the stored user settings */
|
||||
foreach($userSettings['plugins'] as $pluginName => $pluginUserSettings)
|
||||
{
|
||||
{
|
||||
/* add plugin to plugin Data, if active, set it first */
|
||||
/* if plugin is active, list it first */
|
||||
if($userSettings['plugins'][$pluginName]['active'] == true)
|
||||
@@ -170,11 +181,19 @@ class SettingsController extends Controller
|
||||
/* if the plugin defines forms and fields, so that the user can edit the plugin settings in the frontend */
|
||||
if(isset($pluginOriginalSettings['forms']['fields']))
|
||||
{
|
||||
# if the plugin defines frontend fields
|
||||
if(isset($pluginOriginalSettings['public']))
|
||||
{
|
||||
$pluginOriginalSettings['forms']['fields']['recaptcha'] = ['type' => 'checkbox', 'label' => 'Google Recaptcha', 'checkboxlabel' => 'Activate Recaptcha' ];
|
||||
$pluginOriginalSettings['forms']['fields']['recaptcha_webkey'] = ['type' => 'text', 'label' => 'Recaptcha Website Key', 'help' => 'Add the recaptcha website key here. You can get the key from the recaptcha website.', 'description' => 'The website key is mandatory if you activate the recaptcha field'];
|
||||
$pluginOriginalSettings['forms']['fields']['recaptcha_secretkey'] = ['type' => 'text', 'label' => 'Recaptcha Secret Key', 'help' => 'Add the recaptcha secret key here. You can get the key from the recaptcha website.', 'description' => 'The secret key is mandatory if you activate the recaptcha field'];
|
||||
}
|
||||
|
||||
/* get all the fields and prefill them with the dafault-data, the user-data or old input data */
|
||||
$fields = $fieldsModel->getFields($userSettings, 'plugins', $pluginName, $pluginOriginalSettings);
|
||||
|
||||
/* overwrite original plugin form definitions with enhanced form objects */
|
||||
$plugins[$pluginName]['forms']['fields'] = $fields;
|
||||
$plugins[$pluginName]['forms']['fields'] = $fields;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -192,7 +211,18 @@ class SettingsController extends Controller
|
||||
public function saveThemes($request, $response, $args)
|
||||
{
|
||||
if($request->isPost())
|
||||
{
|
||||
{
|
||||
$referer = $request->getHeader('HTTP_REFERER');
|
||||
$uri = $request->getUri();
|
||||
$base_url = $uri->getBaseUrl();
|
||||
|
||||
# security, users should not be able to fake post with settings from other typemill pages.
|
||||
if(!isset($referer[0]) OR $referer[0] !== $base_url . '/tm/themes' )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'illegal referer');
|
||||
return $response->withRedirect($this->c->router->pathFor('themes.show'));
|
||||
}
|
||||
|
||||
$userSettings = \Typemill\Settings::getUserSettings();
|
||||
$params = $request->getParams();
|
||||
$themeName = isset($params['theme']) ? $params['theme'] : false;
|
||||
@@ -231,11 +261,22 @@ class SettingsController extends Controller
|
||||
return $response->withRedirect($this->c->router->pathFor('themes.show'));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public function savePlugins($request, $response, $args)
|
||||
{
|
||||
if($request->isPost())
|
||||
{
|
||||
$referer = $request->getHeader('HTTP_REFERER');
|
||||
$uri = $request->getUri();
|
||||
$base_url = $uri->getBaseUrl();
|
||||
|
||||
# security, users should not be able to fake post with settings from other typemill pages.
|
||||
if(!isset($referer[0]) OR $referer[0] !== $base_url . '/tm/plugins' )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'illegal referer');
|
||||
return $response->withRedirect($this->c->router->pathFor('plugins.show'));
|
||||
}
|
||||
|
||||
$userSettings = \Typemill\Settings::getUserSettings();
|
||||
$pluginSettings = array();
|
||||
$userInput = $request->getParams();
|
||||
@@ -307,6 +348,14 @@ class SettingsController extends Controller
|
||||
$originalFields[$fieldName] = $fieldValue;
|
||||
}
|
||||
}
|
||||
|
||||
# if the plugin defines frontend fields
|
||||
if(isset($originalSettings['public']))
|
||||
{
|
||||
$originalFields['recaptcha'] = ['type' => 'checkbox', 'label' => 'Google Recaptcha', 'checkboxlabel' => 'Activate Recaptcha' ];
|
||||
$originalFields['recaptcha_webkey'] = ['type' => 'text', 'label' => 'Recaptcha Website Key', 'help' => 'Add the recaptcha website key here. You can get the key from the recaptcha website.', 'description' => 'The website key is mandatory if you activate the recaptcha field'];
|
||||
$originalFields['recaptcha_secretkey'] = ['type' => 'text', 'label' => 'Recaptcha Secret Key', 'help' => 'Add the recaptcha secret key here. You can get the key from the recaptcha website.', 'description' => 'The secret key is mandatory if you activate the recaptcha field'];
|
||||
}
|
||||
|
||||
/* take the user input data and iterate over all fields and values */
|
||||
foreach($userInput as $fieldName => $fieldValue)
|
||||
@@ -386,6 +435,17 @@ class SettingsController extends Controller
|
||||
{
|
||||
if($request->isPost())
|
||||
{
|
||||
$referer = $request->getHeader('HTTP_REFERER');
|
||||
$uri = $request->getUri();
|
||||
$base_url = $uri->getBaseUrl();
|
||||
|
||||
# security, users should not be able to fake post with settings from other typemill pages.
|
||||
if(!isset($referer[0]) OR $referer[0] !== $base_url . '/tm/user/new' )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'illegal referer');
|
||||
return $response->withRedirect($this->c->router->pathFor('user.new'));
|
||||
}
|
||||
|
||||
$params = $request->getParams();
|
||||
$user = new User();
|
||||
$userroles = $user->getUserroles();
|
||||
@@ -409,7 +469,18 @@ class SettingsController extends Controller
|
||||
public function updateUser($request, $response, $args)
|
||||
{
|
||||
if($request->isPost())
|
||||
{
|
||||
{
|
||||
$referer = $request->getHeader('HTTP_REFERER');
|
||||
$uri = $request->getUri();
|
||||
$base_url = $uri->getBaseUrl();
|
||||
|
||||
# security, users should not be able to fake post with settings from other typemill pages.
|
||||
if(!isset($referer[0]) OR strpos($referer[0], $base_url . '/tm/user/') === false )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'illegal referer');
|
||||
return $response->withRedirect($this->c->router->pathFor('user.list'));
|
||||
}
|
||||
|
||||
$params = $request->getParams();
|
||||
$user = new User();
|
||||
$userroles = $user->getUserroles();
|
||||
@@ -456,6 +527,17 @@ class SettingsController extends Controller
|
||||
{
|
||||
if($request->isPost())
|
||||
{
|
||||
$referer = $request->getHeader('HTTP_REFERER');
|
||||
$uri = $request->getUri();
|
||||
$base_url = $uri->getBaseUrl();
|
||||
|
||||
# security, users should not be able to fake post with settings from other typemill pages.
|
||||
if(!isset($referer[0]) OR strpos($referer[0], $base_url . '/tm/user/') === false )
|
||||
{
|
||||
$this->c->flash->addMessage('error', 'illegal referer');
|
||||
return $response->withRedirect($this->c->router->pathFor('user.list'));
|
||||
}
|
||||
|
||||
$params = $request->getParams();
|
||||
$validate = new Validation();
|
||||
$user = new User();
|
||||
|
Reference in New Issue
Block a user