Merge pull request #3 from dignajar/master

New pull request

bl-kernel/admin/themes/default/index.php

@@ -108,7 +108,7 @@ $(document).ready(function() {
 				<a href="<?php echo HTML_PATH_ADMIN_ROOT.'new-page' ?>"><?php $L->p('New page') ?></a>
 			</li>
 
-			<li class="uk-nav-header">Manage</li>
+			<li class="uk-nav-header"><?php $L->p('Manage') ?></li>
 			<li <?php echo ($layout['view']=='manage-posts')?'class="uk-active"':'' ?>>
 				<a href="<?php echo HTML_PATH_ADMIN_ROOT.'manage-posts' ?>"><?php $L->p('Posts') ?></a>
 			</li>
@@ -119,7 +119,7 @@ $(document).ready(function() {
 				<a href="<?php echo HTML_PATH_ADMIN_ROOT.'users' ?>"><?php $L->p('Users') ?></a>
 			</li>
 
-			<li class="uk-nav-header">Settings</li>
+			<li class="uk-nav-header"><?php $L->p('Settings') ?></li>
 			<li <?php echo ($layout['view']=='settings-general')?'class="uk-active"':'' ?>>
 				<a href="<?php echo HTML_PATH_ADMIN_ROOT.'settings-general' ?>"><?php $L->p('General') ?></a>
 			</li>

bl-kernel/admin/views/add-user.php

@@ -57,4 +57,4 @@ HTML::formOpen(array('id'=>'add-user-form', 'class'=>'uk-form-horizontal'));
 		</div>
 	</div>';
 
-HTML::formClose();
+HTML::formClose();

bl-kernel/admin/views/edit-user.php

@@ -118,7 +118,7 @@ if($Login->role()==='admin') {
 
 	HTML::formInputText(array(
 		'name'=>'status',
-		'label'=>$L->g('Current status'),
+		'label'=>$L->g('сurrent status'),
 		'value'=>$_User->enabled()?$L->g('Enabled'):$L->g('Disabled'),
 		'class'=>'uk-width-1-2 uk-form-medium',
 		'disabled'=>true,

bl-kernel/admin/views/manage-pages.php

@@ -2,6 +2,8 @@
 
 HTML::title(array('title'=>$L->g('Manage pages'), 'icon'=>'folder'));
 
+echo '<a href="'.HTML_PATH_ADMIN_ROOT.'new-page"><i class="uk-icon-plus"></i> '.$L->g('Add a new page').'</a>';
+
 echo '
 <table class="uk-table uk-table-striped">
 <thead>

bl-kernel/admin/views/manage-posts.php

@@ -2,6 +2,8 @@
 
 HTML::title(array('title'=>$L->g('Manage posts'), 'icon'=>'folder'));
 
+echo '<a href="'.HTML_PATH_ADMIN_ROOT.'new-post"><i class="uk-icon-plus"></i> '.$L->g('Add a new post').'</a>';
+
 echo '
 <table class="uk-table uk-table-striped">
 <thead>

bl-kernel/ajax/delete-file.php

@@ -26,6 +26,9 @@ if( Sanitize::pathFile(PATH_UPLOADS.$filename) ) {
 	exit;
 }
 
-echo json_encode( array('status'=>0, 'msg'=>'The file does not exist.') );
+exit(json_encode(array(
+	'status'=>0,
+	'msg'=>'The file does not exist.'
+)));
 
 ?>

bl-kernel/ajax/slug.php

@@ -21,6 +21,9 @@ elseif( $_POST['type']==='post' ) {
 	$slug = $dbPosts->generateKey($text, $key);
 }
 
-echo json_encode( array('status'=>1, 'slug'=>$slug) );
+exit(json_encode(array(
+	'status'=>1,
+	'slug'=>$slug
+)));
 
 ?>

bl-kernel/ajax/uploader.php

@@ -18,6 +18,15 @@ $filename = pathinfo($filename, PATHINFO_FILENAME);
 $filename = Text::replace(' ', '', $filename);
 $filename = Text::replace('_', '', $filename);
 
+// Check extension
+$validExtension = array('tiff', 'gif', 'png', 'jpg', 'jpeg', 'bmp');
+if( !in_array($fileExtension, $validExtension) ) {
+	exit(json_encode(array(
+		'status'=>1,
+		'msg'=>'Invalid extension file.'
+	)));
+}
+
 // Generate the next filename if the filename already exist.
 $tmpName = $filename.'.'.$fileExtension;
 if( file_exists(PATH_UPLOADS.$tmpName) )
@@ -47,7 +56,7 @@ if($type=='profilePicture')
 else {
 	// Generate the thumbnail
 	$Image = new Image();
-	
+
 	//Handling all other formats than svg
 	if (strcasecmp($fileExtension, 'svg') != 0) {
 		$Image->setImage(PATH_TMP.'original'.'.'.$fileExtension, THUMBNAILS_WIDTH, THUMBNAILS_HEIGHT, 'crop');
@@ -56,7 +65,7 @@ else {
 
 	// Move the original to the upload folder.
 	rename(PATH_TMP.'original'.'.'.$fileExtension, PATH_UPLOADS.$tmpName);
-	
+
 	//If it is a svg file, just save a copy in thumbnail-folder
 	if (strcasecmp($fileExtension, 'svg') == 0) {
 		symlink(PATH_UPLOADS.$tmpName, PATH_UPLOADS_THUMBNAILS.$tmpName);
@@ -73,4 +82,4 @@ exit(json_encode(array(
 	'filename'=>$tmpName
 )));
 
-?>
+?>

bl-kernel/boot/admin.php

@@ -30,6 +30,9 @@ if( $layout['slug']==='ajax' )
 	// Check if the user is loggued.
 	if($Login->isLogged())
 	{
+		// Rules: Security check CSRF
+		include(PATH_RULES.'99.security.php');
+
 		// Load the ajax file.
 		if( Sanitize::pathFile(PATH_AJAX, $layout['parameters'].'.php') ) {
 			include(PATH_AJAX.$layout['parameters'].'.php');

bl-kernel/boot/init.php

@@ -1,10 +1,10 @@
 <?php defined('BLUDIT') or die('Bludit CMS.');
 
 // Bludit version
-define('BLUDIT_VERSION',	'1.5');
+define('BLUDIT_VERSION',	'1.5-beta1');
 define('BLUDIT_CODENAME',	'');
-define('BLUDIT_RELEASE_DATE',	'2016-07-16');
-define('BLUDIT_BUILD',		'20160716');
+define('BLUDIT_RELEASE_DATE',	'2016-09-25');
+define('BLUDIT_BUILD',		'20160925');
 
 // Debug mode
 define('DEBUG_MODE', TRUE);

bl-kernel/boot/rules/71.pages.php

@@ -7,13 +7,24 @@
 // Array with all pages.
 $pages = array();
 
+// Array with all published pages, order by position.
 $pagesPublished = array();
 
 // Array with all pages, order by parent.
+// array = {
+//	NO_PARENT_CHAR => array(), all pages parents
+//	PageParent1 => array(), all children of the parent1
+//	...         => array(), all children of the parent...
+//	PageParent9 => array(), all children of the parent9
+// }
 $pagesParents = array(NO_PARENT_CHAR=>array());
 
+// Array with all published pages, ordery by parent.
 $pagesParentsPublished = array();
 
+// Array with all published parent pages
+$parents = array();
+
 // ============================================================================
 // Main
 // ============================================================================

bl-kernel/dbtags.class.php

@@ -18,6 +18,15 @@ class dbTags extends dbJSON
 		parent::__construct(PATH_DATABASES.'tags.php');
 	}
 
+	public function getTag($slug) {
+
+		if( isset($this->db['postsIndex'][$slug]['name']) ) {
+			return $this->db['postsIndex'][$slug]['name'];
+		}
+
+		return '';
+	}
+
 	// Returns an array with all tags names
 	public function getAll()
 	{

bl-kernel/functions.php

@@ -183,6 +183,7 @@ function buildAllPages()
 	global $pagesParentsPublished;
 	global $pagesPublished;
 	global $dbPages;
+	global $parents;
 
 	// Get the page list
 	$list = $dbPages->getDB();
@@ -236,5 +237,7 @@ function buildAllPages()
 		}
 	}
 
+	$parents = $pagesParentsPublished[NO_PARENT_CHAR];
+
 	return $pages;
 }

bl-kernel/helpers/text.class.php

@@ -41,6 +41,16 @@ class Text {
 		'п'=>'p', 'р'=>'r', 'с'=>'s', 'т'=>'t', 'у'=>'u', 'ф'=>'f', 'х'=>'h', 'ц'=>'c',
 		'ч'=>'ch', 'ш'=>'sh', 'щ'=>'sh', 'ъ'=>'', 'ы'=>'y', 'ь'=>'', 'э'=>'e', 'ю'=>'yu',
 		'я'=>'ya',
+		// Bulgarian
+		'А'=>'A', 'Б'=>'B', 'В'=>'V', 'Г'=>'G', 'Д'=>'D', 'Е'=>'E', 'Ж'=>'Zh', 'З'=>'Z',
+		'И'=>'I', 'Й'=>'J', 'К'=>'K', 'Л'=>'L', 'М'=>'M', 'Н'=>'N', 'О'=>'O', 'П'=>'P',
+		'Р'=>'R', 'С'=>'S', 'Т'=>'T', 'У'=>'U', 'Ф'=>'F', 'Х'=>'H', 'Ц'=>'C', 'Ч'=>'Ch',
+		'Ш'=>'Sh', 'Щ'=>'Sh', 'Ъ'=>'',	'Ь'=>'J','Ю'=>'Yu','Я'=>'Ya',		
+		'а'=>'a', 'б'=>'b', 'в'=>'v', 'г'=>'g', 'д'=>'d', 'е'=>'e', 'ж'=>'zh','з'=>'z',
+		'и'=>'i', 'й'=>'j', 'к'=>'k', 'л'=>'l', 'м'=>'m', 'н'=>'n', 'о'=>'o','п'=>'p',
+		'р'=>'r', 'с'=>'s', 'т'=>'t', 'у'=>'u', 'ф'=>'f', 'х'=>'h', 'ц'=>'c', 'ч'=>'ch',
+		'ш'=>'sh', 'щ'=>'sh', 'ъ'=>'', 'ь'=>'j', 'ю'=>'yu', 'я'=>'ya',
+		
 		// Ukrainian
 		'Є'=>'Ye', 'І'=>'I', 'Ї'=>'Yi', 'Ґ'=>'G',
 		'є'=>'ye', 'і'=>'i', 'ї'=>'yi', 'ґ'=>'g',

bl-kernel/helpers/theme.class.php

@@ -59,6 +59,7 @@ class Theme {
 		global $Url;
 		global $Post, $Page;
 		global $Site;
+		global $dbTags;
 
 		$tmp = $title;
 
@@ -70,6 +71,10 @@ class Theme {
 			elseif( $Url->whereAmI()=='page' ) {
 				$tmp = $Page->title().' - '.$Site->title();
 			}
+			elseif( $Url->whereAmI()=='tag' ) {
+				$tag = $dbTags->getTag($Url->slug());
+				$tmp = $tag.' - '.$Site->title();
+			}
 			else {
 				$tmp = $Site->title();
 			}

bl-kernel/js/bludit-cover-image.js

@@ -56,7 +56,7 @@ $(document).ready(function() {
 		type: "json",
 		action: HTML_PATH_ADMIN_ROOT+"ajax/uploader",
 		allow : "*.(jpg|jpeg|gif|png)",
-		params: {"type":"cover-image"},
+		params: {"tokenCSRF":tokenCSRF, "type":"cover-image"},
 
 		loadstart: function() {
 			$("#cover-image-progressbar").find(".uk-progress-bar").css("width", "0%").text("0%");

bl-kernel/js/bludit-images-v8.js

@@ -31,7 +31,7 @@ $(document).ready(function() {
 		type: "json",
 		action: HTML_PATH_ADMIN_ROOT+"ajax/uploader",
 		allow : "*.(jpg|jpeg|gif|png)",
-		params: {"type":"bludit-images-v8"},
+		params: {"tokenCSRF":tokenCSRF, "type":"bludit-images-v8"},
 
 		loadstart: function() {
 			$("#bludit-images-v8-progressbar").find(".uk-progress-bar").css("width", "0%").text("0%");

bl-kernel/js/bludit-menu-v8.js

@@ -126,7 +126,7 @@ $(document).ready(function() {
 
 		ajaxRequest = $.ajax({
 			type: "POST",
-			data:{ filename: filenameSelected },
+			data:{ tokenCSRF: tokenCSRF, filename: filenameSelected },
 			url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/delete-file' ?>"
 		});
 

bl-kernel/js/functions.php

@@ -9,6 +9,8 @@ echo 'var HTML_PATH_UPLOADS = "'.HTML_PATH_UPLOADS.'";'.PHP_EOL;
 echo 'var HTML_PATH_UPLOADS_THUMBNAILS = "'.HTML_PATH_UPLOADS_THUMBNAILS.'";'.PHP_EOL;
 echo 'var NO_PARENT_CHAR = "'.NO_PARENT_CHAR.'";'.PHP_EOL;
 
+echo 'var tokenCSRF = "'.$Security->getTokenCSRF().'";'.PHP_EOL;
+
 echo '</script>';
 
 ?>
@@ -40,7 +42,7 @@ function checkSlug(type, text, parentPage, key, writeResponse)
     {
         ajaxRequest = $.ajax({
             type: "POST",
-            data:{ type: "page", text: text, parent: parentPage, key: key },
+            data:{ tokenCSRF: tokenCSRF, type: "page", text: text, parent: parentPage, key: key},
             url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/slug' ?>"
         });
     }
@@ -48,7 +50,7 @@ function checkSlug(type, text, parentPage, key, writeResponse)
     {
         ajaxRequest = $.ajax({
             type: "POST",
-            data:{ type: "post", text: text, key: key },
+            data:{ tokenCSRF: tokenCSRF, type: "post", text: text, key: key },
             url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/slug' ?>"
         });
     }
@@ -71,4 +73,4 @@ function checkSlug(type, text, parentPage, key, writeResponse)
     });
 }
 
-</script>
+</script>

bl-kernel/user.class.php

@@ -92,6 +92,10 @@ class User
 	{
 		$filename = $this->getField('username').'.png';
 
+		if( !file_exists(PATH_UPLOADS_PROFILES.$filename) ) {
+			return '#';
+		}
+
 		if($absolute) {
 			return HTML_PATH_UPLOADS_PROFILES.$filename;
 		}

bl-languages/bg_BG.json

@@ -42,7 +42,7 @@
 	"profile": "Профил",
 	"email": "Имейл адрес",
 	"settings": "Настройки",
-	"general": "Общи настройки:",
+	"general": "Общи настройки",
 	"advanced": "Разширени настройки",
 	"regional": "Регионални настройки",
 	"about": "Относно",
@@ -165,8 +165,8 @@
 	"publish": "Публикувай",
 	"please-check-your-theme-configuration": "Моля, проверете конфигурацията на вашата тема.",
 	"plugin-label": "Заглавие на компонент",
-	"enabled": "Разреши",
-	"disabled": "Забрани",
+	"enabled": "Активeн",
+	"disabled": "Неактивен",
 	"cli-mode": "Режим CLI",
 	"command-line-mode": "Режим на команден ред",
 	"enable-the-command-line-mode-if-you-add-edit": "Смени с режим на командния ред, ако добавяте, променяте или изтривате постове и страници от файловата система",
@@ -236,6 +236,14 @@
 	"social-networks-links": "Социални мрежи:",
 
 	"email-access-code": "Имейл код за достъп",
-	"current-format": "Текущ формат"
+	"current-format": "Текущ формат",
+	
+	"welcome": "Добре дошли!",
+
+	"to-enable-the-user-you-have-to-set-a-new-password": "За да се активира на ново потребителя трябва да му зададете нова парола .",
+	"do-you-want-to-disable-the-user": "Искате ли да деактивирате този потребител?",
+	"сurrent-status" : "Статус",
+	"disable-the-user" : "Деактивиране на потребителя"
+	
 }
 

bl-languages/en_US.json

@@ -243,5 +243,9 @@
 	"welcome": "Welcome",
 
 	"to-enable-the-user-you-have-to-set-a-new-password": "To enable the user you have to set a new password.",
-	"do-you-want-to-disable-the-user": "Do you want to disable the user ?"
+	"do-you-want-to-disable-the-user": "Do you want to disable the user ?",
+	"сurrent-status" : "Status",
+	"disable-the-user" : "Disable the user",
+	"add-a-new-page": "Add a new page",
+	"add-a-new-post": "Add a new post"
 }

bl-languages/ru_RU.json

@@ -240,5 +240,8 @@
 	"email-access-code": "Проверочный код email",
  	"current-format": "Текущий формат",
  	
- 	"welcome": "Добро пожаловать"
+ 	"welcome": "Добро пожаловать",
+ 	
+ 	"to-enable-the-user-you-have-to-set-a-new-password": "Чтобы включить пользователя, необходимо установить новый пароль.",
+	"do-you-want-to-disable-the-user": "Вы хотите отключить пользователя?"
 }

bl-plugins/api/plugin.php

@@ -7,10 +7,10 @@ class pluginAPI extends Plugin {
 		global $Security;
 
 		// This key is used for request such as get the list of all posts and pages
-		$authKey = md5($Security->key1().time().DOMAIN_BASE);
+		$authKey = md5($Security->key1().time().DOMAIN);
 
 		$this->dbFields = array(
-			'ping'=>0,		// 0 = false, 1 = true
+			'ping'=>1,		// 0 = false, 1 = true
 			'authKey'=>$authKey,	// Private key
 			'showAllAmount'=>15	// Amount of posts and pages for return
 		);
@@ -60,6 +60,13 @@ class pluginAPI extends Plugin {
 		$this->ping();
 	}
 
+	public function install($position=0)
+	{
+		parent::install($position);
+
+		$this->ping();
+	}
+
 	private function ping()
 	{
 		if($this->getDbField('ping')) {
@@ -67,8 +74,34 @@ class pluginAPI extends Plugin {
 			// Get the authentication key
 			$authKey = $this->getDbField('authKey');
 
-			// Just a request HTTP with the website URL
-			Log::set( file_get_contents('https://www.bludit.com/api.php?authKey='.$authKey) );
+			$url = 'https://api.bludit.com/ping?authKey='.$authKey.'&url='.DOMAIN;
+
+			// Check if curl is installed
+			if( function_exists('curl_version') ) {
+
+                                $ch = curl_init();
+                                curl_setopt($ch, CURLOPT_URL, $url);
+                                curl_setopt($ch, CURLOPT_HEADER, false);
+                                curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+				$out = curl_exec($ch);
+
+				if($out === false) {
+					Log::set('Plugin API : '.'Curl error: '.curl_error($ch));
+				}
+
+				curl_close($ch);
+			}
+			else {
+				$options = array(
+					"ssl"=>array(
+						"verify_peer"=>false,
+						"verify_peer_name"=>false
+					)
+				);
+
+				$stream = stream_context_create($options);
+				$out = file_get_contents($url, false, $stream);
+			}
 		}
 	}
 

bl-themes/log/index.php

@@ -13,9 +13,8 @@
 			<nav class="links">
 				<ul>
 				<?php
-					$parents = $pagesParentsPublished[NO_PARENT_CHAR];
-					foreach($parents as $Parent) {
-						echo '<li><a href="'.$Parent->permalink().'">'.$Parent->title().'</a></li>';
+					foreach($parents as $page) {
+						echo '<li><a href="'.$page->permalink().'">'.$page->title().'</a></li>';
 					}
 				?>
 				</ul>
@@ -34,12 +33,11 @@
 			<section>
 				<ul class="links">
 				<?php
-					$parents = $pagesParents[NO_PARENT_CHAR];
-					foreach($parents as $Parent) {
+					foreach($parents as $page) {
 						echo '<li>';
-						echo '<a href="'.$Parent->permalink().'">
-							<h3>'.$Parent->title().'</h3>
-							<p>'.$Parent->description().'</p>
+						echo '<a href="'.$page->permalink().'">
+							<h3>'.$page->title().'</h3>
+							<p>'.$page->description().'</p>
 						</a>';
 						echo '</li>';
 					}
@@ -56,41 +54,45 @@
 
 		</section>
 
+		<!-- Main -->
 		<div id="main">
-
-			<?php
-			    if( ($Url->whereAmI()=='home') || ($Url->whereAmI()=='tag') || ($Url->whereAmI()=='blog') )
-			    {
-			        include(THEME_DIR_PHP.'home.php');
-			    }
-			    elseif($Url->whereAmI()=='post')
-			    {
-			        include(THEME_DIR_PHP.'post.php');
-			    }
-			    elseif($Url->whereAmI()=='page')
-			    {
-			        include(THEME_DIR_PHP.'page.php');
-			    }
-			?>
-
+		<?php
+			if( ($Url->whereAmI()=='home') || ($Url->whereAmI()=='tag') || ($Url->whereAmI()=='blog') ) {
+				include(THEME_DIR_PHP.'home.php');
+			}
+			elseif($Url->whereAmI()=='post') {
+				include(THEME_DIR_PHP.'post.php');
+			}
+			elseif($Url->whereAmI()=='page') {
+				include(THEME_DIR_PHP.'page.php');
+			}
+		?>
 		</div>
 
 		<!-- Sidebar -->
 		<section id="sidebar">
-		<?php include(THEME_DIR_PHP.'sidebar.php') ?>
+		<?php
+			include(THEME_DIR_PHP.'sidebar.php');
+		?>
 		</section>
 
 	</div>
 
 	<!-- Scripts -->
-	<?php Theme::jquery() ?>
+	<?php
+		// Local jQuery
+		Theme::jquery();
+	?>
+
 	<script src="<?php echo HTML_PATH_THEME ?>assets/js/skel.min.js"></script>
 	<script src="<?php echo HTML_PATH_THEME ?>assets/js/util.js"></script>
 	<!--[if lte IE 8]><script src="<?php echo HTML_PATH_THEME ?>assets/js/ie/respond.min.js"></script><![endif]-->
 	<script src="<?php echo HTML_PATH_THEME ?>assets/js/main.js"></script>
 
-	<!-- Plugins Site Body End -->
-	<?php Theme::plugins('siteBodyEnd') ?>
+	<?php
+		// Plugins, site body end
+		Theme::plugins('siteBodyEnd');
+	?>
 
 </body>
 </html>