From 004db7c05620e68c5c64f12278500401146b0d1f Mon Sep 17 00:00:00 2001 From: joyqi Date: Sat, 2 Apr 2022 16:41:37 +0800 Subject: [PATCH 01/32] Move language build trigger from workflows/dev to workflows/release. --- .github/workflows/Typecho-dev-Ci.yml | 7 ------- .github/workflows/Typecho-release-Ci.yml | 6 ++++++ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/Typecho-dev-Ci.yml b/.github/workflows/Typecho-dev-Ci.yml index 9469ba3e..d24765f4 100644 --- a/.github/workflows/Typecho-dev-Ci.yml +++ b/.github/workflows/Typecho-dev-Ci.yml @@ -55,10 +55,3 @@ jobs: asset_name: typecho.zip asset_content_type: application/zip max_releases: 1 - - name: Trigger build - run: | - curl -XPOST -H "Authorization: token ${{ secrets.WORKFLOW_TOKEN }}" \ - -H "Accept: application/vnd.github.everest-preview+json" \ - -H "Content-Type: application/json" \ - https://api.github.com/repos/typecho/languages/actions/workflows/update.yml/dispatches --data '{"ref": "master"}' - diff --git a/.github/workflows/Typecho-release-Ci.yml b/.github/workflows/Typecho-release-Ci.yml index f91cd23a..7a2f65fb 100644 --- a/.github/workflows/Typecho-release-Ci.yml +++ b/.github/workflows/Typecho-release-Ci.yml @@ -37,3 +37,9 @@ jobs: asset_path: ./typecho.zip asset_name: typecho.zip asset_content_type: application/zip + - name: Trigger langs build + run: | + curl -XPOST -H "Authorization: token ${{ secrets.WORKFLOW_TOKEN }}" \ + -H "Accept: application/vnd.github.everest-preview+json" \ + -H "Content-Type: application/json" \ + https://api.github.com/repos/typecho/languages/actions/workflows/update.yml/dispatches --data '{"ref": "master"}' \ No newline at end of file From 7ebfe82de12e15a23c2f93ab32c59e9f6de0b6d3 Mon Sep 17 00:00:00 2001 From: joyqi Date: Sat, 2 Apr 2022 18:10:28 +0800 Subject: [PATCH 02/32] fix #1361 --- admin/common-js.php | 14 ++++++++++++++ admin/css/style.css | 2 +- admin/src/scss/_header.scss | 2 +- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/admin/common-js.php b/admin/common-js.php index fad1cd04..02a8c7a8 100644 --- a/admin/common-js.php +++ b/admin/common-js.php @@ -91,6 +91,7 @@ $('#typecho-nav-list ul.root').each(function () { const ul = $(this), nav = ul.parent(); + let focused = false; ul.on('click touchend', '.parent a', function (e) { nav.removeClass('noexpanded').addClass('expanded'); @@ -102,6 +103,19 @@ nav.removeClass('expanded').addClass('noexpanded'); return false; })); + + $('a', ul).focus(function () { + ul.addClass('expanded'); + focused = true; + }).blur(function () { + focused = false; + + setTimeout(function () { + if (!focused) { + ul.removeClass('expanded'); + } + }); + }); }); if ($('.typecho-login').length == 0) { diff --git a/admin/css/style.css b/admin/css/style.css index 6f42823a..3ac26345 100644 --- a/admin/css/style.css +++ b/admin/css/style.css @@ -170,7 +170,7 @@ select { border: 1px solid #CCC; height: 28px; } .typecho-head-nav #typecho-nav-list > ul.focus .parent a { font-weight: bold; } -.typecho-head-nav #typecho-nav-list > ul.root:hover .child { display: block; } +.typecho-head-nav #typecho-nav-list > ul.root:hover .child, .typecho-head-nav #typecho-nav-list > ul.root.expanded .child { display: block; } .typecho-head-nav .operate { float: right; } diff --git a/admin/src/scss/_header.scss b/admin/src/scss/_header.scss index d66ed72b..ab59273a 100644 --- a/admin/src/scss/_header.scss +++ b/admin/src/scss/_header.scss @@ -100,7 +100,7 @@ $color-nav-child-focus: #6DA1BB; font-weight: bold; } - &.root:hover .child { + &.root:hover .child, &.root.expanded .child { display: block; } } From c78f7fda683caa195961bb0cfde7bfec1fce4914 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B2=88=E5=94=81?= <52o@qq52o.cn> Date: Sat, 2 Apr 2022 21:27:31 +0800 Subject: [PATCH 03/32] Fix pgsql reset id error (#1369) --- var/Widget/Backup.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/var/Widget/Backup.php b/var/Widget/Backup.php index b7179537..33dc1c21 100644 --- a/var/Widget/Backup.php +++ b/var/Widget/Backup.php @@ -189,7 +189,12 @@ class Backup extends BaseOptions implements ActionInterface if (!empty($_FILES)) { $file = array_pop($_FILES); - if (0 == $file['error'] && is_uploaded_file($file['tmp_name'])) { + if(UPLOAD_ERR_NO_FILE == $file['error']) { + Notice::alloc()->set(_t('没有选择任何备份文件'), 'error'); + $this->response->goBack(); + } + + if (UPLOAD_ERR_OK == $file['error'] && is_uploaded_file($file['tmp_name'])) { $path = $file['tmp_name']; } else { Notice::alloc()->set(_t('备份文件上传失败'), 'error'); @@ -270,7 +275,7 @@ class Backup extends BaseOptions implements ActionInterface } // 针对PGSQL重置计数 - if (false !== strpos($this->db->getVersion(), 'pgsql')) { + if (false !== strpos(strtolower($this->db->getAdapterName()), 'pgsql')) { foreach ($this->lastIds as $table => $id) { $seq = $this->db->getPrefix() . $table . '_seq'; $this->db->query('ALTER SEQUENCE ' . $seq . ' RESTART WITH ' . ($id + 1)); From 34e5bf28616f69ab5594cf7aa52773cbee94a237 Mon Sep 17 00:00:00 2001 From: joyqi Date: Mon, 4 Apr 2022 00:01:33 +0800 Subject: [PATCH 04/32] fix #1375 --- var/Typecho/Common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/var/Typecho/Common.php b/var/Typecho/Common.php index 07557dca..b66e5481 100644 --- a/var/Typecho/Common.php +++ b/var/Typecho/Common.php @@ -482,7 +482,7 @@ EOF; */ public static function filterSearchQuery(?string $query): string { - return isset($query) ? str_replace('-', ' ', self::slugName($query)) : ''; + return isset($query) ? str_replace('-', ' ', self::slugName($query) ?? '') : ''; } /** From 61606a90695843831fd880c4ca4e032609cccedf Mon Sep 17 00:00:00 2001 From: joyqi Date: Tue, 5 Apr 2022 22:53:39 +0800 Subject: [PATCH 05/32] fix #1380 --- var/Typecho/Common.php | 3 ++- var/Widget/Options.php | 2 +- var/Widget/Options/General.php | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/var/Typecho/Common.php b/var/Typecho/Common.php index b66e5481..7dcddc73 100644 --- a/var/Typecho/Common.php +++ b/var/Typecho/Common.php @@ -1359,7 +1359,8 @@ EOF; 'ice' => 'x-conference/x-cooltalk', 'vrm' => 'x-world/x-vrml', 'rar' => 'application/x-rar-compressed', - 'cab' => 'application/vnd.ms-cab-compressed' + 'cab' => 'application/vnd.ms-cab-compressed', + 'webp' => 'image/webp' ]; $part = explode('.', $fileName); diff --git a/var/Widget/Options.php b/var/Widget/Options.php index f520d5f4..941d3312 100644 --- a/var/Widget/Options.php +++ b/var/Widget/Options.php @@ -671,7 +671,7 @@ class Options extends Base $attachmentTypes = str_replace( ['@image@', '@media@', '@doc@'], [ - 'gif,jpg,jpeg,png,tiff,bmp', 'mp3,mp4,mov,wmv,wma,rmvb,rm,avi,flv,ogg,oga,ogv', + 'gif,jpg,jpeg,png,tiff,bmp,webp', 'mp3,mp4,mov,wmv,wma,rmvb,rm,avi,flv,ogg,oga,ogv', 'txt,doc,docx,xls,xlsx,ppt,pptx,zip,rar,pdf' ], $this->attachmentTypes diff --git a/var/Widget/Options/General.php b/var/Widget/Options/General.php index 8fad3f24..0b8fde9a 100644 --- a/var/Widget/Options/General.php +++ b/var/Widget/Options/General.php @@ -272,7 +272,7 @@ class General extends Options implements ActionInterface } $attachmentTypesOptions = [ - '@image@' => _t('图片文件') . ' (gif jpg jpeg png tiff bmp)', + '@image@' => _t('图片文件') . ' (gif jpg jpeg png tiff bmp webp)', '@media@' => _t('多媒体文件') . ' (mp3 mp4 mov wmv wma rmvb rm avi flv ogg oga ogv)', '@doc@' => _t('常用档案文件') . ' (txt doc docx xls xlsx ppt pptx zip rar pdf)', '@other@' => _t( From 3b03e0267b9e5464ac5c324300914f0cac4692d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B2=88=E5=94=81?= <52o@qq52o.cn> Date: Thu, 7 Apr 2022 11:26:02 +0800 Subject: [PATCH 06/32] Update admin welcome tip (#1389) --- admin/welcome.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/admin/welcome.php b/admin/welcome.php index 6c26136a..3aed8d24 100644 --- a/admin/welcome.php +++ b/admin/welcome.php @@ -16,9 +16,9 @@ include 'menu.php';
    • pass('contributor', true)): ?>
    • -
    • +
  • pass('administrator', true) ? _e('查看我的站点') : _e('查看 "%s" 网站', $options->title); ?>
    • -
    • +
  • title); ?>

    • From 997aa607ac529f9390f572e092649403cc9a88b2 Mon Sep 17 00:00:00 2001 From: joyqi Date: Thu, 7 Apr 2022 11:28:28 +0800 Subject: [PATCH 07/32] fix words --- admin/welcome.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/admin/welcome.php b/admin/welcome.php index 3aed8d24..e971b841 100644 --- a/admin/welcome.php +++ b/admin/welcome.php @@ -16,9 +16,9 @@ include 'menu.php';
    • pass('contributor', true)): ?>
    • -
  • pass('administrator', true) ? _e('查看我的站点') : _e('查看 "%s" 网站', $options->title); ?>
    • +
  • pass('administrator', true) ? _e('查看我的站点') : _e('查看网站'); ?>
    • -
  • title); ?>
    • +

    • From 3512fd41bf0ae23e033d86354a35e413802c960c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B2=88=E5=94=81?= <52o@qq52o.cn> Date: Thu, 14 Apr 2022 15:49:04 +0800 Subject: [PATCH 08/32] Enhancement of Typecho\Cookie (#1399) --- var/Typecho/Cookie.php | 36 ++++++++++++++++++++++++++++++++++-- var/Typecho/Response.php | 12 ++++++++---- var/Widget/Init.php | 5 ++++- 3 files changed, 46 insertions(+), 7 deletions(-) diff --git a/var/Typecho/Cookie.php b/var/Typecho/Cookie.php index 948b7a68..010b9dbf 100644 --- a/var/Typecho/Cookie.php +++ b/var/Typecho/Cookie.php @@ -27,6 +27,24 @@ class Cookie */ private static $path = '/'; + /** + * @var string + * @access private + */ + private static $domain = ''; + + /** + * @var bool + * @access private + */ + private static $secure = false; + + /** + * @var bool + * @access private + */ + private static $httponly = false; + /** * 获取前缀 * @@ -51,6 +69,7 @@ class Cookie self::$prefix = md5($url); $parsed = parse_url($url); + self::$domain = $parsed['host']; /** 在路径后面强制加上斜杠 */ self::$path = empty($parsed['path']) ? '/' : Common::url(null, $parsed['path']); } @@ -66,6 +85,19 @@ class Cookie return self::$path; } + /** + * 设置额外的选项 + * + * @param array $options + * @return void + */ + public static function setOptions(array $options) + { + self::$domain = $options['domain'] ?: self::$domain; + self::$secure = $options['secure'] ? (bool) $options['secure'] : false; + self::$httponly = $options['httponly'] ? (bool) $options['httponly'] : false; + } + /** * 获取指定的COOKIE值 * @@ -91,7 +123,7 @@ class Cookie { $key = self::$prefix . $key; $_COOKIE[$key] = $value; - Response::getInstance()->setCookie($key, $value, $expire, self::$path); + Response::getInstance()->setCookie($key, $value, $expire, self::$path, self::$domain, self::$secure, self::$httponly); } /** @@ -106,7 +138,7 @@ class Cookie return; } - Response::getInstance()->setCookie($key, '', -1, self::$path); + Response::getInstance()->setCookie($key, '', -1, self::$path, self::$domain, self::$secure, self::$httponly); unset($_COOKIE[$key]); } } diff --git a/var/Typecho/Response.php b/var/Typecho/Response.php index fa11d565..c9255153 100644 --- a/var/Typecho/Response.php +++ b/var/Typecho/Response.php @@ -200,7 +200,7 @@ class Response // set cookie foreach ($this->cookies as $cookie) { - [$key, $value, $timeout, $path, $domain] = $cookie; + [$key, $value, $timeout, $path, $domain, $secure, $httponly] = $cookie; if ($timeout > 0) { $now = time(); @@ -209,7 +209,7 @@ class Response $timeout = 1; } - setrawcookie($key, rawurlencode($value), $timeout, $path, $domain ?? ''); + setrawcookie($key, rawurlencode($value), $timeout, $path, $domain, $secure, $httponly); } } @@ -275,6 +275,8 @@ class Response * @param integer $timeout 过期时间,默认为0,表示随会话时间结束 * @param string $path 路径信息 * @param string|null $domain 域名信息 + * @param bool $secure 是否仅可通过安全的 HTTPS 连接传给客户端 + * @param bool $httponly 是否仅可通过 HTTP 协议访问 * @return $this */ public function setCookie( @@ -282,10 +284,12 @@ class Response $value, int $timeout = 0, string $path = '/', - string $domain = null + string $domain = '', + bool $secure = false, + bool $httponly = false ): Response { if (!$this->sandbox) { - $this->cookies[] = [$key, $value, $timeout, $path, $domain]; + $this->cookies[] = [$key, $value, $timeout, $path, $domain, $secure, $httponly]; } return $this; diff --git a/var/Widget/Init.php b/var/Widget/Init.php index 1ee76187..6f81b0d2 100644 --- a/var/Widget/Init.php +++ b/var/Widget/Init.php @@ -93,7 +93,10 @@ class Init extends Widget } /** cookie初始化 */ - Cookie::setPrefix($options->rootUrl); + Cookie::setPrefix($options->rootUrl); + if (defined('__TYPECHO_COOKIE_OPTIONS__')) { + Cookie::setOptions(__TYPECHO_COOKIE_OPTIONS__); + } /** 初始化路由器 */ Router::setRoutes($options->routingTable); From 9fd02529b16304ced224842fd8b788af59f7fdb9 Mon Sep 17 00:00:00 2001 From: Valpha <35476904+Valpha@users.noreply.github.com> Date: Fri, 15 Apr 2022 13:50:13 +0800 Subject: [PATCH 09/32] Update write-js.php (#1400) Add 'allow-same-origin' into sandbox's attrs to fix that the article preview page does not match the real page. --- admin/write-js.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin/write-js.php b/admin/write-js.php index d2ee78b7..de6e7071 100644 --- a/admin/write-js.php +++ b/admin/write-js.php @@ -281,7 +281,7 @@ $(document).ready(function() { var frame = $('') .attr('src', './preview.php?cid=' + cid) - .attr('sandbox', 'allow-scripts') + .attr('sandbox', 'allow-same-origin allow-scripts') .appendTo(document.body); frame.load(function () { From 0fbb1aaea558403e1a97012ad7cec3bc3ee021c6 Mon Sep 17 00:00:00 2001 From: jrotty Date: Fri, 15 Apr 2022 13:51:06 +0800 Subject: [PATCH 10/32] =?UTF-8?q?=E6=A8=A1=E6=9D=BF=E7=BC=A9=E7=95=A5?= =?UTF-8?q?=E5=9B=BE=E6=94=AF=E6=8C=81=E8=AF=86=E5=88=ABwebp=E5=9B=BE?= =?UTF-8?q?=E7=89=87=E5=90=8E=E7=BC=80=20(#1403)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 模板缩略图支持识别webp图片后缀 * Update Contents.php Co-authored-by: 沈唁 <52o@qq52o.cn> --- var/Widget/Base/Contents.php | 2 +- var/Widget/Themes/Rows.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/var/Widget/Base/Contents.php b/var/Widget/Base/Contents.php index 43b40501..184827aa 100644 --- a/var/Widget/Base/Contents.php +++ b/var/Widget/Base/Contents.php @@ -554,7 +554,7 @@ class Contents extends Base implements QueryInterface //增加数据信息 $value['attachment'] = new Config($content); - $value['attachment']->isImage = in_array($content['type'], ['jpg', 'jpeg', 'gif', 'png', 'tiff', 'bmp']); + $value['attachment']->isImage = in_array($content['type'], ['jpg', 'jpeg', 'gif', 'png', 'tiff', 'bmp', 'webp']); $value['attachment']->url = Upload::attachmentHandle($value); if ($value['attachment']->isImage) { diff --git a/var/Widget/Themes/Rows.php b/var/Widget/Themes/Rows.php index 5a5b1ef3..5fdbdf82 100644 --- a/var/Widget/Themes/Rows.php +++ b/var/Widget/Themes/Rows.php @@ -45,7 +45,7 @@ class Rows extends Widget } $screen = array_filter(glob($theme . '/*'), function ($path) { - return preg_match("/screenshot\.(jpg|png|gif|bmp|jpeg)$/i", $path); + return preg_match("/screenshot\.(jpg|png|gif|bmp|jpeg|webp)$/i", $path); }); if ($screen) { From f8a9d95e43cf4ae73e9c38309029cdaaf9ab30d2 Mon Sep 17 00:00:00 2001 From: jrotty Date: Sat, 23 Apr 2022 18:00:02 +0800 Subject: [PATCH 11/32] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E6=B3=A8=E9=87=8A=20(#?= =?UTF-8?q?1411)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 修正注释 * 修正注释 --- var/Widget/Stat.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/var/Widget/Stat.php b/var/Widget/Stat.php index db2c7a0b..2fa16cad 100644 --- a/var/Widget/Stat.php +++ b/var/Widget/Stat.php @@ -238,7 +238,7 @@ class Stat extends Base } /** - * 获取当前用户显示的评论数目 + * 获取当前用户待审核的评论数目 * * @return integer */ @@ -251,7 +251,7 @@ class Stat extends Base } /** - * 获取当前用户显示的评论数目 + * 获取当前用户垃圾评论数目 * * @return integer */ @@ -289,7 +289,7 @@ class Stat extends Base } /** - * 获取当前文章显示的评论数目 + * 获取当前文章待审核的评论数目 * * @return integer */ @@ -302,7 +302,7 @@ class Stat extends Base } /** - * 获取当前文章显示的评论数目 + * 获取当前文章垃圾评论数目 * * @return integer */ From f31e6daf7b3a2fdfaf670f59b188f4adda7ac68f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B2=88=E5=94=81?= <52o@qq52o.cn> Date: Tue, 26 Apr 2022 10:29:26 +0800 Subject: [PATCH 12/32] Fix notice not clear (#1416) --- admin/common-js.php | 11 ++++++----- var/Typecho/Cookie.php | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/admin/common-js.php b/admin/common-js.php index 02a8c7a8..592eb4df 100644 --- a/admin/common-js.php +++ b/admin/common-js.php @@ -13,7 +13,9 @@ noticeType : $.cookie(prefix + '__typecho_notice_type'), highlight : $.cookie(prefix + '__typecho_notice_highlight') }, - path = ''; + path = '', + domain = '', + secure = ; if (!!cookies.notice && 'success|notice|error'.indexOf(cookies.noticeType) >= 0) { var head = $('.typecho-head-nav'), @@ -63,14 +65,13 @@ }); }); - - $.cookie(prefix + '__typecho_notice', null, {path : path}); - $.cookie(prefix + '__typecho_notice_type', null, {path : path}); + $.cookie(prefix + '__typecho_notice', null, {path : path, domain: domain, secure: secure}); + $.cookie(prefix + '__typecho_notice_type', null, {path : path, domain: domain, secure: secure}); } if (cookies.highlight) { $('#' + cookies.highlight).effect('highlight', 1000); - $.cookie(prefix + '__typecho_notice_highlight', null, {path : path}); + $.cookie(prefix + '__typecho_notice_highlight', null, {path : path, domain: domain, secure: secure}); } })(); diff --git a/var/Typecho/Cookie.php b/var/Typecho/Cookie.php index 010b9dbf..ad23a612 100644 --- a/var/Typecho/Cookie.php +++ b/var/Typecho/Cookie.php @@ -85,6 +85,24 @@ class Cookie return self::$path; } + /** + * @access public + * @return string + */ + public static function getDomain(): string + { + return self::$domain; + } + + /** + * @access public + * @return bool + */ + public static function getSecure(): bool + { + return self::$secure ?: false; + } + /** * 设置额外的选项 * From 437d296af5de9145215789809af8878ce4a33616 Mon Sep 17 00:00:00 2001 From: jrotty Date: Fri, 29 Apr 2022 10:53:05 +0800 Subject: [PATCH 13/32] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=AE=A1=E7=90=86?= =?UTF-8?q?=E5=91=98=E8=BF=9B=E5=85=A5=E5=85=B6=E4=BB=96=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E6=96=87=E7=AB=A0=E5=88=97=E8=A1=A8=E6=97=B6=E6=98=BE=E7=A4=BA?= =?UTF-8?q?=E6=89=80=E6=9C=89=E6=96=87=E7=AB=A0=E7=9A=84bug=20(#1415)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 修复管理员进入其他用户文章列表时显示所有文章的bug bug描述:当管理员在文章管理页面,点击所有查看所有文章后,再通过这个页面进入作者文章管理页面时,仍会显示所有文章而不是当前作者的文章 * Update manage-users.php * Fix missing manage-posts Co-authored-by: sy-records <52o@qq52o.cn> --- admin/manage-posts.php | 2 +- admin/manage-users.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/admin/manage-posts.php b/admin/manage-posts.php index 21326eb3..17bbc89a 100644 --- a/admin/manage-posts.php +++ b/admin/manage-posts.php @@ -172,7 +172,7 @@ $isAllPosts = ('on' == $request->get('__typecho_all_posts') || 'on' == \Typecho\ author(); ?> + href="adminUrl('manage-posts.php?__typecho_all_posts=off&uid=' . $posts->author->uid); ?>">author(); ?> categories; $length = count($categories); ?> diff --git a/admin/manage-users.php b/admin/manage-users.php index c4b8186b..2c89818f 100644 --- a/admin/manage-users.php +++ b/admin/manage-users.php @@ -64,7 +64,7 @@ $users = \Widget\Users\Admin::alloc(); postsNum(); ?> From 02937dc51ce706097a6dd183dccc874f0a7defc9 Mon Sep 17 00:00:00 2001 From: MBRjun Duplicate <55020690+MBRjun@users.noreply.github.com> Date: Wed, 4 May 2022 09:31:59 +0800 Subject: [PATCH 14/32] Fix QUIC/https Mixed Content (#1423) --- var/Typecho/Request.php | 1 + 1 file changed, 1 insertion(+) diff --git a/var/Typecho/Request.php b/var/Typecho/Request.php index 9d641e62..c42c10a5 100644 --- a/var/Typecho/Request.php +++ b/var/Typecho/Request.php @@ -430,6 +430,7 @@ class Request public function isSecure(): bool { return (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && !strcasecmp('https', $_SERVER['HTTP_X_FORWARDED_PROTO'])) + || (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && !strcasecmp('quic', $_SERVER['HTTP_X_FORWARDED_PROTO'])) || (!empty($_SERVER['HTTP_X_FORWARDED_PORT']) && 443 == $_SERVER['HTTP_X_FORWARDED_PORT']) || (!empty($_SERVER['HTTPS']) && 'off' != strtolower($_SERVER['HTTPS'])) || (!empty($_SERVER['SERVER_PORT']) && 443 == $_SERVER['SERVER_PORT']) From ac33000ad00bab326d6cd6e99dafdff6b19118d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B2=88=E5=94=81?= <52o@qq52o.cn> Date: Sat, 7 May 2022 16:33:00 +0800 Subject: [PATCH 15/32] Add admin/footer.php begin plugin (#1426) --- admin/footer.php | 1 + 1 file changed, 1 insertion(+) diff --git a/admin/footer.php b/admin/footer.php index 5909bc0a..92bc366b 100644 --- a/admin/footer.php +++ b/admin/footer.php @@ -1,4 +1,5 @@ +begin(); ?> Date: Fri, 13 May 2022 00:26:10 +0800 Subject: [PATCH 16/32] Fix missing change themeUrl (#1431) * Fix missing change themeUrl * Use options themeUrl method --- var/Widget/Themes/Edit.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/var/Widget/Themes/Edit.php b/var/Widget/Themes/Edit.php index 5b1cb1a4..a41b62b9 100644 --- a/var/Widget/Themes/Edit.php +++ b/var/Widget/Themes/Edit.php @@ -46,6 +46,8 @@ class Edit extends Options implements ActionInterface $this->update(['value' => 'recent'], $this->db->sql()->where('name = ?', 'frontPage')); } + $this->options->themeUrl = rtrim($this->options->themeUrl('', $theme), '/'); + $configFile = $this->options->themeFile($theme, 'functions.php'); if (file_exists($configFile)) { From 05e20c0ae5bcd401aba6f0762e87e0464da25913 Mon Sep 17 00:00:00 2001 From: joyqi Date: Fri, 13 May 2022 00:46:12 +0800 Subject: [PATCH 17/32] Fix themeUrl format --- var/Widget/Options.php | 19 +++++++++---------- var/Widget/Themes/Edit.php | 2 +- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/var/Widget/Options.php b/var/Widget/Options.php index 941d3312..585e55f8 100644 --- a/var/Widget/Options.php +++ b/var/Widget/Options.php @@ -261,18 +261,18 @@ class Options extends Base * * @param string|null $path 子路径 * @param string|null $theme 模版名称 - * @return string + * @return string | void */ - public function themeUrl(?string $path = null, ?string $theme = null): string + public function themeUrl(?string $path, ?string $theme) { - if (empty($theme)) { + if (!isset($theme)) { echo Common::url($path, $this->themeUrl); + } else { + $url = defined('__TYPECHO_THEME_URL__') ? __TYPECHO_THEME_URL__ : + Common::url(__TYPECHO_THEME_DIR__ . '/' . $theme, $this->siteUrl); + + return isset($path) ? Common::url($path, $url) : $url; } - - $url = defined('__TYPECHO_THEME_URL__') ? __TYPECHO_THEME_URL__ : - Common::url(__TYPECHO_THEME_DIR__ . '/' . $theme, $this->siteUrl); - - return Common::url($path, $url); } /** @@ -482,8 +482,7 @@ class Options extends Base */ protected function ___themeUrl(): string { - return defined('__TYPECHO_THEME_URL__') ? __TYPECHO_THEME_URL__ : - Common::url(__TYPECHO_THEME_DIR__ . '/' . $this->theme, $this->siteUrl); + return $this->themeUrl(null, $this->theme); } /** diff --git a/var/Widget/Themes/Edit.php b/var/Widget/Themes/Edit.php index a41b62b9..90aefdb4 100644 --- a/var/Widget/Themes/Edit.php +++ b/var/Widget/Themes/Edit.php @@ -46,7 +46,7 @@ class Edit extends Options implements ActionInterface $this->update(['value' => 'recent'], $this->db->sql()->where('name = ?', 'frontPage')); } - $this->options->themeUrl = rtrim($this->options->themeUrl('', $theme), '/'); + $this->options->themeUrl = $this->options->themeUrl(null, $theme); $configFile = $this->options->themeFile($theme, 'functions.php'); From 3119c05e2c529a3e66ef37c88fc4002b3344d9df Mon Sep 17 00:00:00 2001 From: joyqi Date: Tue, 17 May 2022 10:24:56 +0800 Subject: [PATCH 18/32] fix #1441, fix #1442 --- var/Widget/Options.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/var/Widget/Options.php b/var/Widget/Options.php index 585e55f8..acd53a14 100644 --- a/var/Widget/Options.php +++ b/var/Widget/Options.php @@ -263,7 +263,7 @@ class Options extends Base * @param string|null $theme 模版名称 * @return string | void */ - public function themeUrl(?string $path, ?string $theme) + public function themeUrl(?string $path = null, ?string $theme = null) { if (!isset($theme)) { echo Common::url($path, $this->themeUrl); From 59a5c8d14d4a767f587cc4d231df77388f8f295c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B2=88=E5=94=81?= <52o@qq52o.cn> Date: Mon, 23 May 2022 10:44:59 +0800 Subject: [PATCH 19/32] Fix category creation error when using xmlrpc (#1443) * Fix category creation error when using xmlrpc * Add use Typecho\Request --- var/Typecho/Widget/Helper/Form.php | 9 +++++---- var/Widget/XmlRpc.php | 8 ++++++-- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/var/Typecho/Widget/Helper/Form.php b/var/Typecho/Widget/Helper/Form.php index 2b06ab6d..d91dd820 100644 --- a/var/Typecho/Widget/Helper/Form.php +++ b/var/Typecho/Widget/Helper/Form.php @@ -3,6 +3,7 @@ namespace Typecho\Widget\Helper; use Typecho\Cookie; +use Typecho\Request; use Typecho\Validate; use Typecho\Widget\Helper\Form\Element; @@ -131,10 +132,10 @@ class Form extends Layout public function getAllRequest(): array { $result = []; - $source = (self::POST_METHOD == $this->getAttribute('method')) ? $_POST : $_GET; + $request = Request::getInstance(); foreach ($this->inputs as $name => $input) { - $result[$name] = $source[$name] ?? null; + $result[$name] = $request->get($name, null); } return $result; } @@ -204,10 +205,10 @@ class Form extends Layout public function getParams(array $params): array { $result = []; - $source = (self::POST_METHOD == $this->getAttribute('method')) ? $_POST : $_GET; + $request = Request::getInstance(); foreach ($params as $param) { - $result[$param] = $source[$param] ?? null; + $result[$param] = $request->get($param, null); } return $result; diff --git a/var/Widget/XmlRpc.php b/var/Widget/XmlRpc.php index 3bd06b18..10e99491 100644 --- a/var/Widget/XmlRpc.php +++ b/var/Widget/XmlRpc.php @@ -463,7 +463,6 @@ class XmlRpc extends Contents implements ActionInterface, Hook */ public function wpNewCategory(int $blogId, string $userName, string $password, array $category): int { - /** 开始接受数据 */ $input['name'] = $category['name']; $input['slug'] = Common::slugName(empty($category['slug']) ? $category['name'] : $category['slug']); @@ -474,6 +473,11 @@ class XmlRpc extends Contents implements ActionInterface, Hook $categoryWidget = CategoryEdit::alloc(null, $input, function (CategoryEdit $category) { $category->insertCategory(); }); + + if (!$categoryWidget->have()) { + throw new Exception(_t('分类不存在'), 404); + } + return $categoryWidget->mid; } @@ -1833,7 +1837,7 @@ EOF; 'wp.suggestCategories' => [$this, 'wpSuggestCategories'], 'wp.uploadFile' => [$this, 'mwNewMediaObject'], - /** New Wordpress API since 2.9.2 */ + /** New WordPress API since 2.9.2 */ 'wp.getUsersBlogs' => [$this, 'wpGetUsersBlogs'], 'wp.getTags' => [$this, 'wpGetTags'], 'wp.deleteCategory' => [$this, 'wpDeleteCategory'], From 88c3bfe13fea7de60334502dd3efee33cb5ea14a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B2=88=E5=94=81?= <52o@qq52o.cn> Date: Mon, 30 May 2022 11:11:44 +0800 Subject: [PATCH 20/32] Fix #1449 (#1450) --- var/Widget/Archive.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/var/Widget/Archive.php b/var/Widget/Archive.php index 6f70b23e..920a86e4 100644 --- a/var/Widget/Archive.php +++ b/var/Widget/Archive.php @@ -1054,8 +1054,8 @@ class Archive extends Contents { $rules = []; $allows = [ - 'description' => htmlspecialchars($this->description), - 'keywords' => htmlspecialchars($this->keywords), + 'description' => htmlspecialchars($this->description ?? ''), + 'keywords' => htmlspecialchars($this->keywords ?? ''), 'generator' => $this->options->generator, 'template' => $this->options->theme, 'pingback' => $this->options->xmlRpcUrl, @@ -1320,7 +1320,7 @@ class Archive extends Contents */ public function keywords(string $split = ',', string $default = '') { - echo empty($this->keywords) ? $default : str_replace(',', $split, htmlspecialchars($this->keywords)); + echo empty($this->keywords) ? $default : str_replace(',', $split, htmlspecialchars($this->keywords ?? '')); } /** From 1d0e253281573ca424a218c430868d1dbc629fdb Mon Sep 17 00:00:00 2001 From: joyqi Date: Wed, 1 Jun 2022 23:50:36 +0800 Subject: [PATCH 21/32] Fix page draft publish --- var/Widget/Contents/Post/Edit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/var/Widget/Contents/Post/Edit.php b/var/Widget/Contents/Post/Edit.php index 9ececbe9..fa8c1e5d 100644 --- a/var/Widget/Contents/Post/Edit.php +++ b/var/Widget/Contents/Post/Edit.php @@ -405,7 +405,7 @@ class Edit extends Contents implements ActionInterface $realId = 0; /** 是否是从草稿状态发布 */ - $isDraftToPublish = ('post_draft' == $this->type); + $isDraftToPublish = ('post_draft' == $this->type || 'page_draft' == $this->type); $isBeforePublish = ('publish' == $this->status); $isAfterPublish = ('publish' == $contents['status']); From 7f7b24d28fe2b703fbdb6162c7161aad454d3a7e Mon Sep 17 00:00:00 2001 From: Kane Date: Tue, 7 Jun 2022 18:08:24 +0800 Subject: [PATCH 22/32] Minor update (#1451) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update - 更新 Windows 和 Linux 系统中文本编辑器样式问题(为代码块中添加中文后备字体修正样式) * Update - 缩略图支持识别 avif 图片(具体可参考https://en.wikipedia.org/wiki/AVIF ) --- admin/css/style.css | 4 ++-- var/Widget/Base/Contents.php | 2 +- var/Widget/Themes/Rows.php | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/admin/css/style.css b/admin/css/style.css index 3ac26345..0db7d36b 100644 --- a/admin/css/style.css +++ b/admin/css/style.css @@ -4,13 +4,13 @@ /** Typecho 全局样式 */ html { height: 100%; } -body { font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; background: #F6F6F3; color: #444; font-size: 87.5%; line-height: 1.5; } +body { font-family: 'Helvetica Neue', Helvetica, Arial, -apple-system, system-ui, sans-serif; background: #F6F6F3; color: #444; font-size: 87.5%; line-height: 1.5; } a { color: #467B96; text-decoration: none; } a:hover { color: #499BC3; text-decoration: underline; } -code, pre, .mono { font-family: Menlo, Monaco, Consolas, "Courier New", monospace; } +code, pre, .mono { font-family: 'SF Mono', Menlo, Monaco, Consolas, 'Courier New', -apple-system, system-ui, monospace; } .p { margin: 1em 0; } diff --git a/var/Widget/Base/Contents.php b/var/Widget/Base/Contents.php index 184827aa..8a7aba6e 100644 --- a/var/Widget/Base/Contents.php +++ b/var/Widget/Base/Contents.php @@ -554,7 +554,7 @@ class Contents extends Base implements QueryInterface //增加数据信息 $value['attachment'] = new Config($content); - $value['attachment']->isImage = in_array($content['type'], ['jpg', 'jpeg', 'gif', 'png', 'tiff', 'bmp', 'webp']); + $value['attachment']->isImage = in_array($content['type'], ['jpg', 'jpeg', 'gif', 'png', 'tiff', 'bmp', 'webp', 'avif']); $value['attachment']->url = Upload::attachmentHandle($value); if ($value['attachment']->isImage) { diff --git a/var/Widget/Themes/Rows.php b/var/Widget/Themes/Rows.php index 5fdbdf82..8662422f 100644 --- a/var/Widget/Themes/Rows.php +++ b/var/Widget/Themes/Rows.php @@ -45,7 +45,7 @@ class Rows extends Widget } $screen = array_filter(glob($theme . '/*'), function ($path) { - return preg_match("/screenshot\.(jpg|png|gif|bmp|jpeg|webp)$/i", $path); + return preg_match("/screenshot\.(jpg|png|gif|bmp|jpeg|webp|avif)$/i", $path); }); if ($screen) { From 4095850140c408622a07eca9674232cad0112f55 Mon Sep 17 00:00:00 2001 From: Kane Date: Tue, 14 Jun 2022 18:57:07 +0800 Subject: [PATCH 23/32] Minor update (#1460) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 后台上传设置增加 avif 类型 - 后台 Avatar 头像支持原生懒加载 --- var/Widget/Base/Comments.php | 2 +- var/Widget/Options/General.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/var/Widget/Base/Comments.php b/var/Widget/Base/Comments.php index 05a52701..2a4d0fac 100644 --- a/var/Widget/Base/Comments.php +++ b/var/Widget/Base/Comments.php @@ -289,7 +289,7 @@ class Comments extends Base implements QueryInterface Comments::pluginHandle()->trigger($plugged)->gravatar($size, $rating, $default, $this); if (!$plugged) { $url = Common::gravatarUrl($this->mail, $size, $rating, $default, $this->request->isSecure()); - echo '' . + echo '<img class='; } } diff --git a/var/Widget/Options/General.php b/var/Widget/Options/General.php index 0b8fde9a..52c7971a 100644 --- a/var/Widget/Options/General.php +++ b/var/Widget/Options/General.php @@ -272,7 +272,7 @@ class General extends Options implements ActionInterface } $attachmentTypesOptions = [ - '@image@' => _t('图片文件') . ' (gif jpg jpeg png tiff bmp webp)', + '@image@' => _t('图片文件') . ' (gif jpg jpeg png tiff bmp webp avif)', '@media@' => _t('多媒体文件') . ' (mp3 mp4 mov wmv wma rmvb rm avi flv ogg oga ogv)', '@doc@' => _t('常用档案文件') . ' (txt doc docx xls xlsx ppt pptx zip rar pdf)', '@other@' => _t( From c03ee2c8befb4c0a4c303d37c35d38dd58d2e8ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B2=88=E5=94=81?= <52o@qq52o.cn> Date: Tue, 21 Jun 2022 13:59:53 +0800 Subject: [PATCH 24/32] Fix the error of getting request parameters (#1464) --- var/Typecho/Widget/Helper/Form.php | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/var/Typecho/Widget/Helper/Form.php b/var/Typecho/Widget/Helper/Form.php index d91dd820..4c1b49b3 100644 --- a/var/Typecho/Widget/Helper/Form.php +++ b/var/Typecho/Widget/Helper/Form.php @@ -131,13 +131,7 @@ class Form extends Layout */ public function getAllRequest(): array { - $result = []; - $request = Request::getInstance(); - - foreach ($this->inputs as $name => $input) { - $result[$name] = $request->get($name, null); - } - return $result; + return $this->getParams(array_keys($this->inputs)); } /** @@ -208,7 +202,7 @@ class Form extends Layout $request = Request::getInstance(); foreach ($params as $param) { - $result[$param] = $request->get($param, null); + $result[$param] = $request->get($param, is_array($this->getInput($param)->value) ? [] : null); } return $result; From f07b57fe20472bcc11808e16dd11ee6d61280370 Mon Sep 17 00:00:00 2001 From: Ryan Lieu Date: Fri, 15 Jul 2022 11:19:18 +0800 Subject: [PATCH 25/32] Fix multiple calls returning the same object (#1478) --- var/Utils/Helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/var/Utils/Helper.php b/var/Utils/Helper.php index 1558d033..ca66db3b 100644 --- a/var/Utils/Helper.php +++ b/var/Utils/Helper.php @@ -59,7 +59,7 @@ class Helper $key = $keys[$table]; $db = Db::get(); - $widget = Widget::widget($className); + $widget = Widget::widget($className . '@' . $pkId); $db->fetchRow( $widget->select()->where("{$key} = ?", $pkId)->limit(1), From d15fc144633c2fed75fca348d8402f656e28efce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B2=88=E5=94=81?= <52o@qq52o.cn> Date: Wed, 20 Jul 2022 00:20:25 +0800 Subject: [PATCH 26/32] Fix use SQLite error of windows install (#1471) --- install.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/install.php b/install.php index 7b3b5e46..c1786f77 100644 --- a/install.php +++ b/install.php @@ -1022,7 +1022,12 @@ function install_step_2_perform() $error = (new \Typecho\Validate()) ->addRule('dbFile', 'required', _t('确认您的配置')) ->addRule('dbFile', function (string $path) { - return !!preg_match("/^(\/[._a-z0-9-]+)*[a-z0-9]+\.[a-z0-9]{2,}$/i", $path); + $pattern = "/^(\/[._a-z0-9-]+)*[a-z0-9]+\.[a-z0-9]{2,}$/i"; + if (strstr(PHP_OS, 'WIN')) + { + $pattern = "/(\/[._a-z0-9-]+)*[a-z0-9]+\.[a-z0-9]{2,}$/i"; + } + return !!preg_match($pattern, $path); }, _t('确认您的配置')) ->run($config); break; From 2014be4cd368cc68f590398a876392fd7c9282d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B2=88=E5=94=81?= <52o@qq52o.cn> Date: Mon, 1 Aug 2022 14:56:22 +0800 Subject: [PATCH 27/32] Adjust style of edit comments (#1483) * Adjust style of edit comments Fix #1481 * update * update --- admin/src/scss/style.scss | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/admin/src/scss/style.scss b/admin/src/scss/style.scss index b99b754a..343743be 100644 --- a/admin/src/scss/style.scss +++ b/admin/src/scss/style.scss @@ -504,6 +504,14 @@ a.operate-reply { max-width: 100%; } +@media (max-width: $screen-phone - 1px) { + .comment-edit { + display: flex; + flex-direction: column; + width: 90vw; + } + .comment-edit td:first-child { display: none; } +} /** * 评论回复 From 17d9dcfa1707982e97ad16ee3433c96ce3e6e0fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B2=88=E5=94=81?= <52o@qq52o.cn> Date: Mon, 15 Aug 2022 07:24:43 +0800 Subject: [PATCH 28/32] Fix comments feed jump error (#1491) --- var/Widget/Archive.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/var/Widget/Archive.php b/var/Widget/Archive.php index 920a86e4..27116a40 100644 --- a/var/Widget/Archive.php +++ b/var/Widget/Archive.php @@ -269,6 +269,9 @@ class Archive extends Contents if ('/comments/' == $feedQuery || '/comments' == $feedQuery) { /** 专为feed使用的hack */ $parameter->type = 'comments'; + $this->options->feedUrl = $this->options->commentsFeedUrl; + $this->options->feedRssUrl = $this->options->commentsFeedRssUrl; + $this->options->feedAtomUrl = $this->options->commentsFeedAtomUrl; } else { $matched = Router::match($this->request->feed, 'pageSize=10&isFeed=1'); if ($matched instanceof Archive) { From e05ebe442ee92e6dd1147eca0a03956148739846 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B2=88=E5=94=81?= <52o@qq52o.cn> Date: Thu, 22 Sep 2022 10:25:18 +0800 Subject: [PATCH 29/32] Fix #1495 (#1496) Argument 1 passed to Utils\AutoP::parse() must be of the type string, null given --- var/Widget/Base/Contents.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/var/Widget/Base/Contents.php b/var/Widget/Base/Contents.php index 8a7aba6e..e454b1d1 100644 --- a/var/Widget/Base/Contents.php +++ b/var/Widget/Base/Contents.php @@ -928,7 +928,7 @@ class Contents extends Base implements QueryInterface { $html = Contents::pluginHandle()->trigger($parsed)->autoP($text); - if (!$parsed) { + if (!$parsed && $text) { static $parser; if (empty($parser)) { From f0bf9d770db251b3866896bef68565779e6fb422 Mon Sep 17 00:00:00 2001 From: joyqi Date: Tue, 25 Oct 2022 14:53:09 +0800 Subject: [PATCH 30/32] update readme --- CONTRIBUTING.md | 37 +++++++++++++++++++++++++++++++++++++ README.md | 33 ++++++++++++++++++++++----------- 2 files changed, 59 insertions(+), 11 deletions(-) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..1d0ebc06 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,37 @@ +Contributing to Typecho +======================= + +Thanks for considering contributing to Typecho! There are many ways to contribute to Typecho, and we appreciate all of them. + +## Reporting Bugs + +If you find a bug in the source code, you can help us by [submitting an issue](https://github.com/typecho/typecho/issues) +to our [GitHub Repository](https://github.com/typecho/typecho). Even better, you can submit a Pull Request with a fix. + +## Contributing Code + +If you would like to contribute code to Typecho, please read the following guidelines: + +* [Code of Conduct](CODE_OF_CONDUCT.md) +* [Contributing Guide](CONTRIBUTING.md) +* [Coding Style Guide](CODING_STYLE.md) + +## Translations + +Please see [TRANSLATION](https://github.com/typecho/languages) for details. + +## Plugin Development + +Please see [Plugin Development](http://docs.typecho.org/plugins) for details. + +## Theme Development + +Please see [Theme Development](http://docs.typecho.org/themes) for details. + +## Community + +* [Telegram Channel](https://t.me/typechodev) +* [Homepage](http://typecho.org/) +* [Documents](http://docs.typecho.org/) +* [Community](http://forum.typecho.org/) +* [Download](http://typecho.org/download) \ No newline at end of file diff --git a/README.md b/README.md index 570190b2..648508a5 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,30 @@ Typecho Blogging Platform ========================= -Typecho is a PHP Blogging Platform. Simple and Powerful. +Typecho is a PHP-based blog software and is designed to be the most powerful blog engine in the world. +Typecho is released under the GNU General Public License 2.0. -#### Telegram Channel -https://t.me/typechodev +## Main Features -#### Homepage -http://typecho.org/ +* Multiple databases support (MySQL, SQLite, PostgreSQL) +* Markdown Support +* Plugin Support +* Theme Support +* Custom Fields +* Custom Pages -#### Documents -http://docs.typecho.org/ +## Requirements -#### Community -http://forum.typecho.org/ +* PHP 7.2.0 or higher +* Database (MySQL, SQLite, PostgreSQL) + * MySQL 5.5.3 or higher + * SQLite 3.7.11 or higher + * PostgreSQL 9.1 or higher -#### Download -http://typecho.org/download +## Screenshots + +![Typecho](https://typecho.org/usr/themes/bluecode/img/screenshot/st1.png) + +## Contributing + +Please see [CONTRIBUTING](CONTRIBUTING.md) for details. From 8437eac420d059731eabbbeb2534eddc817120d2 Mon Sep 17 00:00:00 2001 From: Zero King Date: Sat, 29 Oct 2022 23:54:13 +0800 Subject: [PATCH 31/32] Fix unsafe use of jQuery .html() (#1382) --- admin/manage-comments.php | 17 +++++++++++------ admin/media.php | 2 +- admin/table-js.php | 1 + 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/admin/manage-comments.php b/admin/manage-comments.php index b8ede5f3..6db11059 100644 --- a/admin/manage-comments.php +++ b/admin/manage-comments.php @@ -279,10 +279,12 @@ $(document).ready(function () { form.submit(function () { var t = $(this), tr = t.parents('tr'), reply = $('
    ').insertAfter($('.comment-content', tr)); - - reply.html('

    ' + textarea.val() + '

    '); + + var html = DOMPurify.sanitize(textarea.val(), {USE_PROFILES: {html: true}}); + reply.html('

    ' + html + '

    '); $.post(t.attr('action'), t.serialize(), function (o) { - reply.html(o.comment.content) + var html = DOMPurify.sanitize(o.comment.content, {USE_PROFILES: {html: true}}); + reply.html(html) .effect('highlight'); }, 'json'); @@ -340,7 +342,7 @@ $(document).ready(function () { } }); - var html = '' + var unsafeHTML = '' + (comment.url ? '' + comment.author + '' : comment.author) + '' + ('comment' != comment.type ? '' : '') @@ -348,13 +350,16 @@ $(document).ready(function () { + comment.mail + '' : '') + (comment.ip ? '
    ' + comment.ip + '' : ''); + var html = DOMPurify.sanitize(unsafeHTML, {USE_PROFILES: {html: true}}); + var content = DOMPurify.sanitize(comment.text, {USE_PROFILES: {html: true}}); $('.comment-meta', oldTr).html(html) .effect('highlight'); - $('.comment-content', oldTr).html('

    ' + comment.text + '

    '); + $('.comment-content', oldTr).html('

    ' + content + '

    '); oldTr.data('comment', comment); $.post(t.attr('action'), comment, function (o) { - $('.comment-content', oldTr).html(o.comment.content) + var content = DOMPurify.sanitize(o.comment.content, {USE_PROFILES: {html: true}}); + $('.comment-content', oldTr).html('

    ' + content + '

    ') .effect('highlight'); }, 'json'); diff --git a/admin/media.php b/admin/media.php index 714ae87f..28783445 100644 --- a/admin/media.php +++ b/admin/media.php @@ -138,7 +138,7 @@ include 'common-js.php'; img.get(0).src = 'attachment->url(); ?>?' + Math.random(); } - $('#' + id).html(''.replace('%s', data.title)) + $('#' + id).text(''.replace('%s', data.title)) .effect('highlight', 1000, function () { $(this).remove(); $('#file-list').remove(); diff --git a/admin/table-js.php b/admin/table-js.php index 13ac1c33..53c28924 100644 --- a/admin/table-js.php +++ b/admin/table-js.php @@ -1,4 +1,5 @@ +