This commit is contained in:
David Blake 2019-03-14 21:21:33 +00:00
commit 210098b914
29 changed files with 105 additions and 77 deletions

1
.gitignore vendored
View File

@ -12,7 +12,6 @@ bl-plugins/yandex-metrica/
bl-plugins/domain-migrator/
bl-plugins/tail-writer/
bl-kernel/bludit.pro.php
bl-kernel/admin/themes/gris/*
bl-kernel/admin/themes/gris
bl-themes/docs
bl-themes/docsx

View File

@ -252,6 +252,8 @@ class Plugin {
return true;
}
// Returns TRUE if the plugin is installed
// This function just check if the database of the plugin is created
public function installed()
{
return file_exists($this->filenameDb);
@ -271,13 +273,13 @@ class Plugin {
public function post()
{
$args = $_POST;
foreach ($this->dbFields as $key=>$value) {
if (isset($args[$key])) {
$value = Sanitize::html( $args[$key] );
if ($value==='false') { $value = false; }
elseif ($value==='true') { $value = true; }
settype($value, gettype($this->dbFields[$key]));
$this->db[$key] = $value;
foreach ($this->dbFields as $field=>$value) {
if (isset($args[$field])) {
$finalValue = Sanitize::html( $args[$field] );
if ($finalValue==='false') { $finalValue = false; }
elseif ($finalValue==='true') { $finalValue = true; }
settype($finalValue, gettype($value));
$this->db[$field] = $finalValue;
}
}
return $this->save();

View File

@ -2,7 +2,7 @@
<ul class="nav flex-column pt-4">
<li class="nav-item mb-4" style="margin-left: -4px;">
<img src="<?php echo HTML_PATH_ADMIN_THEME ?>img/logo.svg" width="20" height="20" alt="bludit-logo"><span class="ml-2 align-middle"><?php echo (defined('BLUDIT_PRO'))?'BLUDIT PRO':'BLUDIT' ?></span>
<img src="<?php echo HTML_PATH_CORE_IMG ?>logo.svg" width="20" height="20" alt="bludit-logo"><span class="ml-2 align-middle"><?php echo (defined('BLUDIT_PRO'))?'BLUDIT PRO':'BLUDIT' ?></span>
</li>
<li class="nav-item">

View File

@ -8,7 +8,7 @@
<meta name="generator" content="Bludit">
<!-- Favicon -->
<link rel="shortcut icon" type="image/x-icon" href="<?php echo DOMAIN_ADMIN_THEME.'img/favicon.png?version='.BLUDIT_VERSION ?>">
<link rel="shortcut icon" type="image/x-icon" href="<?php echo HTML_PATH_CORE_IMG.'favicon.png?version='.BLUDIT_VERSION ?>">
<!-- CSS -->
<?php

View File

@ -7,7 +7,7 @@
<meta name="robots" content="noindex,nofollow">
<!-- Favicon -->
<link rel="shortcut icon" type="image/x-icon" href="<?php echo HTML_PATH_ADMIN_THEME.'img/favicon.png?version='.BLUDIT_VERSION ?>">
<link rel="shortcut icon" type="image/x-icon" href="<?php echo HTML_PATH_CORE_IMG.'favicon.png?version='.BLUDIT_VERSION ?>">
<!-- CSS -->
<?php

@ -1 +1 @@
Subproject commit f616042ccc0eaa37dab6a0c3ad67bb022574952b
Subproject commit 2f331dd640db048102b1f5478f231ecfdb5fa131

View File

@ -141,7 +141,7 @@ echo Bootstrap::formOpen(array(
?>
<label class="mt-4 mb-2 pb-2 border-bottom text-uppercase w-100"><?php $L->p('Cover Image') ?></label>
<div>
<img id="jscoverImagePreview" class="mx-auto d-block w-100" alt="Cover image preview" src="<?php echo (empty($coverImage) ? HTML_PATH_ADMIN_THEME_IMG.'default.svg' : $page->coverImage() ) ?>" />
<img id="jscoverImagePreview" class="mx-auto d-block w-100" alt="Cover image preview" src="<?php echo (empty($coverImage) ? HTML_PATH_CORE_IMG.'default.svg' : $page->coverImage() ) ?>" />
</div>
<div class="mt-2 text-center">
<button type="button" id="jsbuttonSelectCoverImage" class="btn btn-primary btn-sm"><?php echo $L->g('Select cover image') ?></button>
@ -159,7 +159,7 @@ echo Bootstrap::formOpen(array(
$("#jsbuttonRemoveCoverImage").on("click", function() {
$("#jscoverImage").val('');
$("#jscoverImagePreview").attr('src', HTML_PATH_ADMIN_THEME_IMG+'default.svg');
$("#jscoverImagePreview").attr('src', HTML_PATH_CORE_IMG+'default.svg');
});
});
</script>

View File

@ -105,7 +105,7 @@
<label class="custom-file-label" for="jsprofilePictureInputFile"><?php $L->p('Choose images to upload'); ?></label>
</div>
<div>
<img id="jsprofilePicturePreview" class="img-fluid img-thumbnail" alt="Profile picture preview" src="<?php echo (Sanitize::pathFile(PATH_UPLOADS_PROFILES.$user->username().'.png')?DOMAIN_UPLOADS_PROFILES.$user->username().'.png?version='.time():HTML_PATH_ADMIN_THEME_IMG.'default.svg') ?>" />
<img id="jsprofilePicturePreview" class="img-fluid img-thumbnail" alt="Profile picture preview" src="<?php echo (Sanitize::pathFile(PATH_UPLOADS_PROFILES.$user->username().'.png')?DOMAIN_UPLOADS_PROFILES.$user->username().'.png?version='.time():HTML_PATH_CORE_IMG.'default.svg') ?>" />
</div>
<script>
$("#jsprofilePictureInputFile").on("change", function() {

View File

@ -118,7 +118,7 @@ echo Bootstrap::formOpen(array(
<!-- Cover Image -->
<label class="mt-4 mb-2 pb-2 border-bottom text-uppercase w-100"><?php $L->p('Cover Image') ?></label>
<div>
<img id="jscoverImagePreview" class="mx-auto d-block w-100" alt="Cover image preview" src="<?php echo HTML_PATH_ADMIN_THEME_IMG ?>default.svg" />
<img id="jscoverImagePreview" class="mx-auto d-block w-100" alt="Cover image preview" src="<?php echo HTML_PATH_CORE_IMG ?>default.svg" />
</div>
<div class="mt-2 text-center">
<button type="button" id="jsbuttonSelectCoverImage" class="btn btn-primary btn-sm"><?php echo $L->g('Select cover image') ?></button>
@ -136,7 +136,7 @@ echo Bootstrap::formOpen(array(
$("#jsbuttonRemoveCoverImage").on("click", function() {
$("#jscoverImage").val('');
$("#jscoverImagePreview").attr('src', HTML_PATH_ADMIN_THEME_IMG+'default.svg');
$("#jscoverImagePreview").attr('src', HTML_PATH_CORE_IMG+'default.svg');
});
});
</script>

View File

@ -179,6 +179,17 @@
'placeholder'=>'https://'
));
echo Bootstrap::formTitle(array('title'=>$L->g('Page content')));
echo Bootstrap::formSelect(array(
'name'=>'markdownParser',
'label'=>$L->g('Markdown parser'),
'options'=>array('true'=>$L->g('Enabled'), 'false'=>$L->g('Disabled')),
'selected'=>($site->markdownParser()?'true':'false'),
'class'=>'',
'tip'=>$L->g('Enable the markdown parser for the content of the page.')
));
echo Bootstrap::formTitle(array('title'=>$L->g('URL Filters')));
echo Bootstrap::formInputText(array(
@ -514,7 +525,7 @@
<label class="custom-file-label" for="jssiteLogoInputFile"><?php $L->p('Choose images to upload'); ?></label>
</div>
<div>
<img id="jssiteLogoPreview" class="img-fluid img-thumbnail" alt="Site logo preview" src="<?php echo ($site->logo()?DOMAIN_UPLOADS.$site->logo(false).'?version='.time():HTML_PATH_ADMIN_THEME_IMG.'default.svg') ?>" />
<img id="jssiteLogoPreview" class="img-fluid img-thumbnail" alt="Site logo preview" src="<?php echo ($site->logo()?DOMAIN_UPLOADS.$site->logo(false).'?version='.time():HTML_PATH_CORE_IMG.'default.svg') ?>" />
</div>
<script>
$("#jssiteLogoInputFile").on("change", function() {

View File

@ -30,7 +30,7 @@ foreach ($list as $username) {
try {
$user = new User($username);
echo '<tr>';
echo '<td><img class="profilePicture mr-1" alt="" src="'.(Sanitize::pathFile(PATH_UPLOADS_PROFILES.$user->username().'.png')?DOMAIN_UPLOADS_PROFILES.$user->username().'.png':HTML_PATH_ADMIN_THEME_IMG.'default.svg').'" /><a href="'.HTML_PATH_ADMIN_ROOT.'edit-user/'.$username.'">'.$username.'</a></td>';
echo '<td><img class="profilePicture mr-1" alt="" src="'.(Sanitize::pathFile(PATH_UPLOADS_PROFILES.$user->username().'.png')?DOMAIN_UPLOADS_PROFILES.$user->username().'.png':HTML_PATH_CORE_IMG.'default.svg').'" /><a href="'.HTML_PATH_ADMIN_ROOT.'edit-user/'.$username.'">'.$username.'</a></td>';
echo '<td class="d-none d-lg-table-cell">'.$user->nickname().'</td>';
echo '<td>'.$user->email().'</td>';
echo '<td>'.($user->enabled()?'<b>'.$L->g('Enabled').'</b>':$L->g('Disabled')).'</td>';

View File

@ -10,7 +10,7 @@ $filename = isset($_POST['filename']) ? $_POST['filename'] : false;
$uuid = empty($_POST['uuid']) ? false : $_POST['uuid'];
// ----------------------------------------------------------------------------
if ($filename==false) {
if ($filename===false) {
ajaxResponse(1, 'The filename is empty.');
}

View File

@ -16,12 +16,27 @@ if (!isset($_FILES['profilePictureInputFile'])) {
}
// File extension
$fileExtension = pathinfo($_FILES['profilePictureInputFile']['name'], PATHINFO_EXTENSION);
$allowedExtensions = array('gif', 'png', 'jpg', 'jpeg', 'svg');
$fileExtension = pathinfo($_FILES['profilePictureInputFile']['name'], PATHINFO_EXTENSION);
if (!in_array($fileExtension, $allowedExtensions) ) {
$message = 'File type is not supported. Allowed types: '.implode(', ',$allowedExtensions);
Log::set($message, LOG_TYPE_ERROR);
ajaxResponse(1, $message);
}
// Tmp filename
$tmpFilename = $username.'.'.$fileExtension;
// Final filename
$filename = $username.'.png';
// Check path traversal
if (Text::stringContains($username, DS, false)) {
$message = 'Path traversal detected.';
Log::set($message, LOG_TYPE_ERROR);
ajaxResponse(1, $message);
}
// Move from temporary directory to uploads folder
rename($_FILES['profilePictureInputFile']['tmp_name'], PATH_TMP.$tmpFilename);

View File

@ -61,11 +61,6 @@ define('DB_SYSLOG', PATH_DATABASES.'syslog.php');
define('DB_USERS', PATH_DATABASES.'users.php');
define('DB_SECURITY', PATH_DATABASES.'security.php');
// JSON pretty print
if (!defined('JSON_PRETTY_PRINT')) {
define('JSON_PRETTY_PRINT', 128);
}
// User environment variables
include(PATH_KERNEL.'boot'.DS.'variables.php');
@ -168,9 +163,9 @@ define('HTML_PATH_ADMIN_ROOT', HTML_PATH_ROOT.ADMIN_URI_FILTER.'/');
define('HTML_PATH_ADMIN_THEME', HTML_PATH_ROOT.'bl-kernel/admin/themes/'.$site->adminTheme().'/');
define('HTML_PATH_ADMIN_THEME_JS', HTML_PATH_ADMIN_THEME.'js/');
define('HTML_PATH_ADMIN_THEME_CSS', HTML_PATH_ADMIN_THEME.'css/');
define('HTML_PATH_ADMIN_THEME_IMG', HTML_PATH_ADMIN_THEME.'img/');
define('HTML_PATH_CORE_JS', HTML_PATH_ROOT.'bl-kernel/js/');
define('HTML_PATH_CORE_CSS', HTML_PATH_ROOT.'bl-kernel/css/');
define('HTML_PATH_CORE_IMG', HTML_PATH_ROOT.'bl-kernel/img/');
define('HTML_PATH_CONTENT', HTML_PATH_ROOT.'bl-content/');
define('HTML_PATH_UPLOADS', HTML_PATH_ROOT.'bl-content/uploads/');
define('HTML_PATH_UPLOADS_PAGES', HTML_PATH_UPLOADS.'pages/');
@ -208,6 +203,9 @@ define('IMAGE_RESTRICT', $site->imageRestrict());
// TRUE to convert relatives images to absoultes, FALSE No changes apply
define('IMAGE_RELATIVE_TO_ABSOLUTE', $site->imageRelativeToAbsolute());
// TRUE if the markdown parser is enabled
define('MARKDOWN_PARSER', $site->markdownParser());
// --- PHP paths with dependency ---
// This paths are absolutes for the OS
define('THEME_DIR', PATH_ROOT.'bl-themes'.DS.$site->theme().DS);

View File

@ -54,17 +54,16 @@ function buildPlugins()
global $L;
global $site;
// List plugins directories
$list = Filesystem::listDirectories(PATH_PLUGINS);
// Get declared clasess BEFORE load plugins clasess
$currentDeclaredClasess = get_declared_classes();
// List plugins directories
$list = Filesystem::listDirectories(PATH_PLUGINS);
// Load each plugin clasess
foreach ($list as $pluginPath) {
// Check if the directory has the plugin.php
if (file_exists($pluginPath.DS.'plugin.php')) {
include($pluginPath.DS.'plugin.php');
include_once($pluginPath.DS.'plugin.php');
}
}
@ -76,7 +75,7 @@ function buildPlugins()
// Check if the plugin is translated
$languageFilename = PATH_PLUGINS.$Plugin->directoryName().DS.'languages'.DS.$site->language().'.json';
if( !Sanitize::pathFile($languageFilename) ) {
if (!Sanitize::pathFile($languageFilename)) {
$languageFilename = PATH_PLUGINS.$Plugin->directoryName().DS.'languages'.DS.DEFAULT_LANGUAGE_FILE;
}
@ -106,6 +105,7 @@ function buildPlugins()
}
}
// Sort the plugins by the position for the site sidebar
uasort($plugins['siteSidebar'], function ($a, $b) {
return $a->position()>$b->position();
}

View File

@ -92,6 +92,9 @@ define('SESSION_GC_MAXLIFETIME', 3600);
// The value 0 means until the browser is closed
define('SESSION_COOKIE_LIFE_TIME', 0);
// Tags, type of pages included in the tag database
define('DB_TAGS_TYPES', array('published','static','sticky'));
// Alert notification dissappear in X seconds
$GLOBALS['ALERT_DISSAPEAR_IN'] = 3; // Seconds
@ -100,4 +103,3 @@ $GLOBALS['MEDIA_MANAGER_NUMBER_OF_FILES'] = 5;
// Sort the image by date
$GLOBALS['MEDIA_MANAGER_SORT_BY_DATE'] = true;

File diff suppressed because one or more lines are too long

View File

@ -30,30 +30,28 @@ class Sanitize {
public static function pathFile($path, $file=false)
{
if($file!==false){
if ($file!==false){
$fullPath = $path.$file;
}
else {
} else {
$fullPath = $path;
}
// Fix for Windows on paths. eg: $path = c:\diego/page/subpage convert to c:\diego\page\subpages
$fullPath = str_replace('/', DS, $fullPath);
if(CHECK_SYMBOLIC_LINKS) {
if (CHECK_SYMBOLIC_LINKS) {
$real = realpath($fullPath);
}
else {
} else {
$real = file_exists($fullPath)?$fullPath:false;
}
// If $real is FALSE the file does not exist.
if($real===false) {
if ($real===false) {
return false;
}
// If the $real path does not start with the systemPath then this is Path Traversal.
if(strpos($fullPath, $real)!==0) {
if (strpos($fullPath, $real)!==0) {
return false;
}

View File

Before

Width:  |  Height:  |  Size: 456 B

After

Width:  |  Height:  |  Size: 456 B

View File

Before

Width:  |  Height:  |  Size: 1.0 KiB

After

Width:  |  Height:  |  Size: 1.0 KiB

View File

Before

Width:  |  Height:  |  Size: 3.3 KiB

After

Width:  |  Height:  |  Size: 3.3 KiB

File diff suppressed because one or more lines are too long

View File

@ -3,7 +3,7 @@
echo 'var HTML_PATH_ROOT = "'.HTML_PATH_ROOT.'";'.PHP_EOL;
echo 'var HTML_PATH_ADMIN_ROOT = "'.HTML_PATH_ADMIN_ROOT.'";'.PHP_EOL;
echo 'var HTML_PATH_ADMIN_THEME = "'.HTML_PATH_ADMIN_THEME.'";'.PHP_EOL;
echo 'var HTML_PATH_ADMIN_THEME_IMG = "'.HTML_PATH_ADMIN_THEME_IMG.'";'.PHP_EOL;
echo 'var HTML_PATH_CORE_IMG = "'.HTML_PATH_CORE_IMG.'";'.PHP_EOL;
echo 'var HTML_PATH_UPLOADS = "'.HTML_PATH_UPLOADS.'";'.PHP_EOL;
echo 'var HTML_PATH_UPLOADS_THUMBNAILS = "'.HTML_PATH_UPLOADS_THUMBNAILS.'";'.PHP_EOL;
echo 'var BLUDIT_VERSION = "'.BLUDIT_VERSION.'";'.PHP_EOL;

View File

@ -105,10 +105,10 @@ class Language extends dbJSON {
}
// Add keys=>values to the current dicionary
// This method overwrite the key=>value
// This method don't overwrite the current value
public function add($array)
{
$this->db = array_merge($array, $this->db);
$this->db = array_merge($this->db, $array);
}
// Returns an array with all dictionaries

View File

@ -76,8 +76,10 @@ class Page {
$content = $this->contentRaw();
// Parse Markdown
$parsedown = new Parsedown();
$content = $parsedown->text($content);
if (MARKDOWN_PARSER) {
$parsedown = new Parsedown();
$content = $parsedown->text($content);
}
// Parse img src relative to absolute (with domain)
if (IMAGE_RELATIVE_TO_ABSOLUTE) {

View File

@ -40,10 +40,11 @@ class Site extends dbJSON {
'titleFormatTag'=> '{{tag-name}} | {{site-title}}',
'imageRestrict'=> true,
'imageRelativeToAbsolute'=> false,
'thumbnailWidth' => 400, // px
'thumbnailHeight' => 400, // px
'thumbnailQuality' => 100,
'logo'=> ''
'thumbnailWidth'=> 400, // px
'thumbnailHeight'=> 400, // px
'thumbnailQuality'=> 100,
'logo'=> '',
'markdownParser'=> true
);
function __construct()
@ -68,8 +69,9 @@ class Site extends dbJSON {
// Check values on args or set default values
foreach ($this->dbFields as $field=>$value) {
if (isset($args[$field])) {
// Sanitize if will be stored on database
$finalValue = Sanitize::html($args[$field]);
if ($finalValue==='false') { $finalValue = false; }
elseif ($finalValue==='true') { $finalValue = true; }
settype($finalValue, gettype($value));
$this->db[$field] = $finalValue;
}
@ -138,6 +140,11 @@ class Site extends dbJSON {
return $this->getField('extremeFriendly');
}
public function markdownParser()
{
return $this->getField('markdownParser');
}
public function twitter()
{
return $this->getField('twitter');
@ -168,12 +175,6 @@ class Site extends dbJSON {
return $this->getField('gitlab');
}
// DEPRECATED since v3.5
public function googlePlus()
{
return $this->getField('googlePlus');
}
public function linkedin()
{
return $this->getField('linkedin');

View File

@ -15,18 +15,18 @@ class Tags extends dbList {
public function reindex()
{
global $pages;
// Get a database with published pages
$db = $pages->getDB(false);
$db = $pages->getDB($onlyKeys=false);
$tagsIndex = array();
foreach ($db as $pageKey=>$pageFields) {
$tags = $pageFields['tags'];
foreach ($tags as $tagKey=>$tagName) {
if (isset($tagsIndex[$tagKey])) {
array_push($tagsIndex[$tagKey]['list'], $pageKey);
} else {
$tagsIndex[$tagKey]['name'] = $tagName;
$tagsIndex[$tagKey]['list'] = array($pageKey);
if (in_array($pageFields['type'], DB_TAGS_TYPES)) {
$tags = $pageFields['tags'];
foreach ($tags as $tagKey=>$tagName) {
if (isset($tagsIndex[$tagKey])) {
array_push($tagsIndex[$tagKey]['list'], $pageKey);
} else {
$tagsIndex[$tagKey]['name'] = $tagName;
$tagsIndex[$tagKey]['list'] = array($pageKey);
}
}
}
}

View File

@ -88,7 +88,7 @@ class pluginsimpleMDE extends Plugin {
addContentSimpleMDE("!['.$L->get('Image description').']("+filename+")");
}'.PHP_EOL;
$html .= '$(document).ready(function() { '.PHP_EOL;
//$html .= '$(document).ready(function() { '.PHP_EOL;
$html .= 'simplemde = new SimpleMDE({
element: document.getElementById("jseditor"),
status: false,
@ -114,7 +114,7 @@ class pluginsimpleMDE extends Plugin {
title: "'.$L->get('Pagebreak').'",
}]
});';
$html .= '}); </script>';
$html .= '</script>';
return $html;
}
}

View File

@ -583,7 +583,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
<meta name="robots" content="noindex,nofollow">
<!-- Favicon -->
<link rel="shortcut icon" type="image/x-icon" href="bl-kernel/admin/themes/booty/img/favicon.png?version=<?php echo time() ?>">
<link rel="shortcut icon" type="image/x-icon" href="bl-kernel/img/favicon.png?version=<?php echo time() ?>">
<!-- CSS -->
<link rel="stylesheet" type="text/css" href="bl-kernel/css/bootstrap.min.css?version=<?php echo time() ?>">