Merge branch 'master' into feature/router-request-types

This commit is contained in:
Giuseppe Criscione 2018-08-01 15:22:36 +02:00
commit 070543060c
15 changed files with 83 additions and 67 deletions

View File

@ -1,44 +1,34 @@
admin.panel: Administration Panel
admin.manage: Manage
admin.panel: Administration Panel
admin.view-site: View Site
cache.clear: Clear Cache
cache.cleared: Cache cleared
dashboard.dashboard: Dashboard
dashboard.last-modified-pages: Last Edited Pages
dashboard.statistics: Statistics
dashboard.online-users: Online users
dashboard.quick-actions: Quick Actions
dashboard.statistics: Statistics
dashboard.welcome: Welcome
date.months.long: ['January', 'February', 'March', 'April', 'May', 'June', 'July' ,'August', 'September', 'October', 'November', 'December']
date.months.short: ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec']
date.today: Today
date.weekdays.short: ['Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat']
language.name: English
register.register: Register New User
register.create-user: Formwork Admin is installed but no users were found. Please register a user now.
login.attempt.failed: Login attempt failed! Try again.
login.suspicious-request-detected: A suspicious request has been detected, and for security reasons you have been logged out. Please log in again.
login.logged-out: You have been logged out
login.login: Login
login.logout: Logout
login.password: Password
login.suspicious-request-detected: A suspicious request has been detected, and for security reasons you have been logged out. Please log in again.
login.username: Username
password-reset.password-reset: Password Reset
password-reset.email: E-mail Address
password-reset.new-password: New Password
password-reset.confirm-new-password: Confirm New Password
password-reset.reset: Reset
password-reset.email-sent: An email has been sent to %s with instructions to reset your password.
password-reset.invalid-link: The password reset link is either expired or invalid. Please try again.
password-reset.passwords-not-matching: The new password and the confirmation password do not match. Please try again.
password-reset.password-changed: The password has been changed. Please log in with your new credentials.
modal.action.cancel: Cancel
modal.action.continue: Continue
modal.action.delete: Delete
modal.action.save: Save
modal.action.upload-file: Upload a File
modal.images.title: Select an Image
modal.images.no-images: There are no images here
modal.images.no-images.upload: Please upload some images
modal.images.title: Select an Image
options.info: Info
options.options: Options
options.site: Site
@ -66,8 +56,8 @@ pages.files.upload-label: '<strong>Click</strong> to choose a file to upload or
pages.new-page: New Page
pages.new-page.parent: Parent Page
pages.new-page.title: Title
pages.new-page.uri: Page URI
pages.new-page.uri-suggestion: letters, numbers and dashes only
pages.new-page.uri: Page URI
pages.not-published: Not published
pages.not-routable: Non routable
pages.options: Options
@ -76,8 +66,8 @@ pages.page.cannot-create: Cannot create page
pages.page.cannot-create.already-exists: Cannot create page, a page with the same uri already exists
pages.page.cannot-create.invalid-parent: Cannot create page, invalid parent page
pages.page.cannot-create.var-missing: 'Cannot create page, missing %s variable'
pages.page.cannot-delete: 'Cannot delete page, %s'
pages.page.cannot-delete-file: 'Cannot delete file, %s'
pages.page.cannot-delete: 'Cannot delete page, %s'
pages.page.cannot-delete.not-deletable: Cannot delete page, the page is not deletable
pages.page.cannot-edit.page-missing: Cannot edit page, page not found
pages.page.cannot-edit.var-missing: 'Cannot edit page, missing variable %s'
@ -85,20 +75,31 @@ pages.page.cannot-move: 'Cannot move page'
pages.page.created: Page created!
pages.page.deleted: Page deleted
pages.page.edited: Page edited
pages.page.moved: Page moved!
pages.page.file-deleted: File deleted
pages.page.moved: Page moved!
pages.page.not-found: Page not found
pages.pages: Pages
pages.pages.collapse-all: Collapse All
pages.pages.expand-all: Expand All
pages.pages.search: Search Pages...
pages.preview: Preview
pages.preview-file: Preview
pages.preview: Preview
pages.publish: Publish
pages.save: Save
pages.status.not-published: Not Published
pages.status.not-routable: Not Routable
pages.status.published: Published
password-reset.confirm-new-password: Confirm New Password
password-reset.email-sent: An email has been sent to %s with instructions to reset your password.
password-reset.email: E-mail Address
password-reset.invalid-link: The password reset link is either expired or invalid. Please try again.
password-reset.new-password: New Password
password-reset.password-changed: The password has been changed. Please log in with your new credentials.
password-reset.password-reset: Password Reset
password-reset.passwords-not-matching: The new password and the confirmation password do not match. Please try again.
password-reset.reset: Reset
register.create-user: Formwork Admin is installed but no users were found. Please register a user now.
register.register: Register New User
uploader.erorr.cannot-write: Failed to write file to disk
uploader.error: Cannot upload file. %s.
uploader.error.file-name: Invalid file name
@ -125,8 +126,8 @@ users.new-user: New User
users.new-user.password-suggestion: at least 8 characters
users.new-user.username-suggestion: between 3-20 letters, digits and dashes
users.options: Options
users.user: User
users.user-profile: '%s User Profile'
users.user: User
users.user.cannot-create.already-exists: Cannot create user, a user with the same name already exists
users.user.cannot-create.var-missing: 'Cannot create user, missing %s variable'
users.user.cannot-delete.logged: Cannot delete user, the user is logged

View File

@ -1,44 +1,34 @@
admin.panel: Pannello di Amministrazione
admin.manage: Gestione
admin.panel: Pannello di Amministrazione
admin.view-site: Visualizza sito
cache.clear: Svuota cache
cache.cleared: Cache svuotata
dashboard.dashboard: Riepilogo
dashboard.last-modified-pages: Ultime pagine modificate
dashboard.statistics: Statistiche
dashboard.online-users: Utenti collegati
dashboard.quick-actions: Azioni rapide
dashboard.statistics: Statistiche
dashboard.welcome: Benvenuto/a
date.months.long: ['Gennaio', 'Febbraio', 'Marzo', 'Aprile', 'Maggio', 'Giugno', 'Luglio' ,'Agosto', 'Settembre', 'Ottobre', 'Novembre', 'Dicembre']
date.months.short: ['Gen', 'Feb', 'Mar', 'Apr', 'Mag', 'Giu', 'Lug', 'Ago', 'Set', 'Ott', 'Nov', 'Dic']
date.today: Oggi
date.weekdays.short: ['Dom', 'Lun', 'Mar', 'Mer', 'Gio', 'Ven', 'Sab']
language.name: Italiano
register.register: Registra nuovo utente
register.create-user: Formwork Admin è installato ma non è stato trovato alcun utente. Registrane uno ora.
login.attempt.failed: Tentativo di accesso fallito! Riprova.
login.suspicious-request-detected: È stata rilevata una richiesta sospetta e per ragioni di sicurezza si è usciti dalla sessione. Effettua nuovamente laccesso.
login.logged-out: Sei stato disconnesso
login.login: Accedi
login.logout: Esci
login.password: Password
login.suspicious-request-detected: È stata rilevata una richiesta sospetta e per ragioni di sicurezza si è usciti dalla sessione. Effettua nuovamente laccesso.
login.username: Nome utente
password-reset.password-reset: Reimposta password
password-reset.email: Indirizzo e-mail
password-reset.new-password: Nuova password
password-reset.confirm-new-password: Conferma password
password-reset.reset: Reimposta
password-reset.email-sent: Une-mail è stata inviata allindirizzo %s con le istruzioni per reimpostare la password.
password-reset.invalid-link: Il link per reimpostare la password è scaduto o non valido. Riprova.
password-reset.passwords-not-matching: La nuova password e la password di conferma non corrispondono. Riprova.
password-reset.password-changed: La password è stata cambiata. Accedi ora con le nuove credenziali.
modal.action.cancel: Annulla
modal.action.continue: Continua
modal.action.delete: Elimina
modal.action.save: Salva
modal.action.upload-file: Carica file
modal.images.title: Seleziona immagine
modal.images.no-images: Qui non ci sono immagini
modal.images.no-images.upload: Carica qualche immagine
modal.images.title: Seleziona immagine
options.info: Informazioni
options.options: Impostazioni
options.site: Sito
@ -66,8 +56,8 @@ pages.files.upload-label: '<strong>Fai click</strong> per selezionare un file da
pages.new-page: Nuova pagina
pages.new-page.parent: Pagina superiore
pages.new-page.title: Titolo
pages.new-page.uri: URI pagina
pages.new-page.uri-suggestion: solo lettere, numeri e trattini
pages.new-page.uri: URI pagina
pages.not-published: Non pubblicata
pages.not-routable: Non raggiungibile
pages.options: Opzioni
@ -76,8 +66,8 @@ pages.page.cannot-create: Impossibile creare la pagina
pages.page.cannot-create.already-exists: Impossibile creare la pagina, una pagina con lo stesso indirizzo esiste già
pages.page.cannot-create.invalid-parent: Impossibile creare la pagina, la pagina superiore specificata non è valida
pages.page.cannot-create.var-missing: 'Impossibile creare la pagina, manca la variabile %s'
pages.page.cannot-delete: 'Impossibile eliminare la pagina, %s'
pages.page.cannot-delete-file: Impossibile eliminare il file
pages.page.cannot-delete: 'Impossibile eliminare la pagina, %s'
pages.page.cannot-delete.not-deletable: Impossibile eliminare la pagina, la pagina non è eliminabile
pages.page.cannot-edit.page-missing: Impossibile modificare la pagina, pagina non trovata
pages.page.cannot-edit.var-missing: 'Impossibile modificare la pagina, manca la variabile %s'
@ -85,20 +75,31 @@ pages.page.cannot-move: 'Impossibile spostare la pagina'
pages.page.created: Pagina creata!
pages.page.deleted: Pagina eliminata
pages.page.edited: Pagina modificata!
pages.page.moved: Pagina spostata!
pages.page.file-deleted: File eliminato
pages.page.moved: Pagina spostata!
pages.page.not-found: Pagina non trovata
pages.pages: Pagine
pages.pages.collapse-all: Riduci tutte
pages.pages.expand-all: Espandi tutte
pages.pages.search: Cerca pagine...
pages.preview: Anteprima
pages.preview-file: Anteprima
pages.preview: Anteprima
pages.publish: Pubblica
pages.save: Salva
pages.status.not-published: Non pubblicato
pages.status.not-routable: Non raggiungibile
pages.status.published: Pubblicato
password-reset.confirm-new-password: Conferma password
password-reset.email-sent: Une-mail è stata inviata allindirizzo %s con le istruzioni per reimpostare la password.
password-reset.email: Indirizzo e-mail
password-reset.invalid-link: Il link per reimpostare la password è scaduto o non valido. Riprova.
password-reset.new-password: Nuova password
password-reset.password-changed: La password è stata cambiata. Accedi ora con le nuove credenziali.
password-reset.password-reset: Reimposta password
password-reset.passwords-not-matching: La nuova password e la password di conferma non corrispondono. Riprova.
password-reset.reset: Reimposta
register.create-user: Formwork Admin è installato ma non è stato trovato alcun utente. Registrane uno ora.
register.register: Registra nuovo utente
uploader.erorr.cannot-write: Impossibile salvare il file sul disco
uploader.error: 'Impossibile caricare il file. %s.'
uploader.error.file-name: Nome del file non valido
@ -125,8 +126,8 @@ users.new-user: Nuovo utente
users.new-user.password-suggestion: almeno 8 caratteri
users.new-user.username-suggestion: 'da 3 a 20 lettere, numeri, - e _'
users.options: Opzioni
users.user: Utente
users.user-profile: Profilo utente %s
users.user: Utente
users.user.cannot-create.already-exists: Impossibile creare lutente, un utente con lo stesso nome esiste già
users.user.cannot-create.var-missing: 'Impossibile creare lutente, manca la variabile %s'
users.user.cannot-delete.logged: Impossibile eliminare lutente, lutente è connesso

View File

@ -160,7 +160,6 @@ class Admin
);
$this->router->add(
array('GET', 'POST'),
'/dashboard/',
array(new Controllers\Dashboard(), 'run')
);
@ -239,7 +238,7 @@ class Admin
);
$this->router->add(
array('GET', 'POST'),
'POST',
'/cache/clear/',
array(new Controllers\Cache(), 'clear')
);

View File

@ -3,6 +3,7 @@
namespace Formwork\Admin\Controllers;
use Formwork\Admin\Admin;
use Formwork\Admin\Fields\Field;
use Formwork\Admin\Fields\Fields;
use Formwork\Admin\Utils\Language;
use Formwork\Admin\Utils\Notification;
@ -11,6 +12,7 @@ use Formwork\Core\Formwork;
use Formwork\Utils\FileSystem;
use Formwork\Utils\HTTPRequest;
use Formwork\Utils\Uri;
use InvalidArgumentException;
abstract class AbstractController
{
@ -94,19 +96,25 @@ abstract class AbstractController
return Formwork::instance()->option($option);
}
protected function escape($string)
{
return htmlspecialchars($string, ENT_COMPAT | ENT_SUBSTITUTE);
}
protected function field($field, $render = true)
{
if (!($field instanceof Field)) {
throw new InvalidArgumentException(__METHOD__ . ' accepts only instances of Formwork\Admin\Fields\Field');
}
return $this->view('fields.' . $field->type(), array('field' => $field), $render);
}
protected function fields($fields, $render = true)
protected function fields(Fields $fields, $render = true)
{
$output = '';
if ($fields instanceof Fields) {
foreach ($fields as $field) {
$output .= $this->field($field, false);
}
}
if ($render) {
echo $output;
} else {

View File

@ -34,11 +34,13 @@ class Authentication extends AbstractController
$users = Admin::instance()->users();
$postData = HTTPRequest::postData();
foreach (array('username', 'password') as $var) {
if (!isset($_POST[$var])) {
if (!isset($postData[$var])) {
return $this->error();
}
$this->$var = $_POST[$var];
$this->$var = $postData[$var];
}
if ($users->has($this->username) && $users->get($this->username)->authenticate($this->password)) {
@ -57,6 +59,7 @@ class Authentication extends AbstractController
{
CSRFToken::destroy();
Session::remove('FORMWORK_USERNAME');
$this->notify($this->label('login.logged-out'), 'success');
$this->redirect('/', 302, true);
}

View File

@ -90,7 +90,7 @@ class Field extends DataSetter
if (!is_callable($callback)) {
throw new LogicException('Invalid import callback');
}
$this->data[$key] = call_user_func($callback);
$this->data[$key] = $callback();
}
}

View File

@ -2,6 +2,7 @@
namespace Formwork\Admin\Security;
use Formwork\Utils\HTTPRequest;
use Formwork\Admin\Utils\Session;
use RuntimeException;
@ -24,7 +25,8 @@ class CSRFToken
public static function validate($token = null)
{
if (is_null($token)) {
$valid = isset($_POST['csrf-token']) && $_POST['csrf-token'] === static::get();
$postData = HTTPRequest::postData();
$valid = isset($postData['csrf-token']) && $postData['csrf-token'] === static::get();
} else {
$valid = $token === static::get();
}

View File

@ -2,6 +2,8 @@
namespace Formwork\Admin\Utils;
use Formwork\Utils\FileSystem;
class Registry
{
protected $storage = array();
@ -11,8 +13,8 @@ class Registry
public function __construct($filename)
{
$this->filename = $filename;
if (file_exists($this->filename)) {
$this->storage = (array) json_decode(file_get_contents($filename), true);
if (FileSystem::exists($this->filename)) {
$this->storage = (array) json_decode(FileSystem::read($filename), true);
}
}
@ -43,7 +45,7 @@ class Registry
public function save()
{
file_put_contents($this->filename, json_encode($this->storage));
FileSystem::write($this->filename, json_encode($this->storage));
}
public function toArray()

View File

@ -37,8 +37,8 @@
<img src="<?= $this->user()->avatar()->uri() ?>" alt="">
</div>
<div class="admin-user-details">
<div class="admin-user-fullname"><?= $this->user()->fullname() ?></div>
<div class="admin-user-username"><?= $this->user()->username() ?></div>
<div class="admin-user-fullname"><?= $this->escape($this->user()->fullname()) ?></div>
<div class="admin-user-username"><?= $this->escape($this->user()->username()) ?></div>
</div>
</div>
</a>

View File

@ -13,7 +13,7 @@
<div class="col-m-7-12">
<div class="component">
<h3 class="caption"><?= $this->label('dashboard.statistics') ?></h3>
<div class="ct-chart" data-chart-data="<?= htmlspecialchars(json_encode($statistics)); ?>"></div>
<div class="ct-chart" data-chart-data="<?= $this->escape(json_encode($statistics)); ?>"></div>
</div>
</div>
</div>

View File

@ -4,7 +4,7 @@
<div class="col-l-3-4">
<div class="component">
<h3 class="caption"><?= $this->label('pages.content') ?></h3>
<input class="title-input" id="title" type="text" name="title" tabindex="1" value="<?= htmlspecialchars($page->title()) ?>" required autocomplete="off">
<input class="title-input" id="title" type="text" name="title" tabindex="1" value="<?= $this->escape($page->title()) ?>" required autocomplete="off">
<div class="page-info">
<div class="page-uri">
<a <?php if ($page->published() && $page->routable()): ?>href="<?= $this->pageUri($page) ?>"<?php endif; ?> target="_blank"><?= $page->slug() ?></a>
@ -21,7 +21,7 @@
<button class="toolbar-button" tabindex="-1" data-command="image" title="<?= $this->label('pages.editor.image') ?>" type="button"><span class="i-image"></span></button>
<button class="toolbar-button" tabindex="-1" data-command="summary" title="<?= $this->label('pages.editor.summary') ?>" type="button"><span class="i-read-more-alt"></span></button>
</div>
<textarea tabindex="2" class="editor-textarea" id="content" name="content" autocomplete="off"><?= htmlspecialchars($page->rawContent()) ?></textarea>
<textarea tabindex="2" class="editor-textarea" id="content" name="content" autocomplete="off"><?= $this->escape($page->rawContent()) ?></textarea>
<input type="hidden" name="csrf-token" value="<?= $csrfToken ?>">
<button class="button-accent button-save button-right" type="submit" tabindex="4" data-command="save"><i class="i-check"></i> <?= $this->label('pages.save') ?></button>
<button class="button-link button-right" tabindex="-1" type="button" data-modal="deletePageModal" data-modal-action="<?= $this->uri('/pages/' . trim($page->slug(), '/') . '/delete/') ?>" title="<?= $this->label('pages.delete-page') ?>" <?php if (!$page->isDeletable()): ?> disabled<?php endif; ?>><i class="i-trash"></i></button>

View File

@ -15,7 +15,7 @@
<?php
endif;
?>
<a href="<?= $this->uri('/pages/' . trim($page->slug(), '/') . '/edit/') ?>" title="<?= htmlspecialchars($page->title()) ?>"><?= $page->title() ?></a>
<a href="<?= $this->uri('/pages/' . trim($page->slug(), '/') . '/edit/') ?>" title="<?= $this->escape($page->title()) ?>"><?= $this->escape($page->title()) ?></a>
</div>
<div class="page-uri">
<a <?php if ($routable): ?>href="<?= $this->pageUri($page) ?>"<?php endif; ?> target="_blank"><?= $page->slug() ?></a>

View File

@ -8,10 +8,10 @@
?>
<div class="users-item">
<div class="users-item-cell user-username">
<a href="<?= $this->uri('/users/' . $user->username() . '/profile/') ?>"><?= $user->username() ?></a>
<a href="<?= $this->uri('/users/' . $user->username() . '/profile/') ?>"><?= $this->escape($user->username()) ?></a>
</div>
<div class="users-item-cell user-fullname"><?= $user->fullname() ?></div>
<div class="users-item-cell user-email" data-overflow-tooltip="true"><?= $user->email() ?></div>
<div class="users-item-cell user-fullname"><?= $this->escape($user->fullname()) ?></div>
<div class="users-item-cell user-email" data-overflow-tooltip="true"><?= $this->escape($user->email()) ?></div>
<div class="users-item-cell user-last-access" data-overflow-tooltip="true"><?= is_null($user->lastAccess()) ? '&infin;' : date($this->option('date.format') . ' ' . $this->option('date.hour_format'), $user->lastAccess()) ?></div>
<div class="users-item-cell user-actions">
<?php

View File

@ -5,9 +5,9 @@
<img src="<?= $user->avatar()->uri() ?>" style="width: 150px; border-radius: 50%;">
</div>
<div style="display:table-cell; vertical-align: middle; padding: 0.5rem;">
<h3><?= $user->fullname() ?></h3>
<?= $user->username() ?><br>
<a href="mailto:<?= $user->email() ?>"><?= $user->email() ?></a><br>
<h3><?= $this->escape($user->fullname()) ?></h3>
<?= $this->escape($user->username()) ?><br>
<a href="mailto:<?= $user->email() ?>"><?= $this->escape($user->email()) ?></a><br>
<?= $this->label('user.last-access') ?>: <?= is_null($user->lastAccess()) ? '&infin;' : date($this->option('date.format') . ' ' . $this->option('date.hour_format'), $user->lastAccess()) ?>
</div>
</div>

View File

@ -108,7 +108,7 @@ class Router
foreach ($this->routes as $route) {
if (HTTPRequest::type() == $route['type'] && HTTPRequest::method() == $route['method'] && $this->match($route['route'])) {
$this->dispatched = true;
return call_user_func($route['callback'], $this->params);
return $route['callback']($this->params);
}
}
}