From 62196c11771316ac109b562e0ec72402936cb90c Mon Sep 17 00:00:00 2001
From: dignajar <dignajar@gmail.com>
Date: Mon, 7 Sep 2015 21:51:48 -0300
Subject: [PATCH] Updates

---
 admin/controllers/login.php          |  3 ++
 admin/themes/default/css/default.css |  6 ++-
 admin/views/add-user.php             | 59 +++++++++++++++-------------
 admin/views/configure-plugin.php     | 15 +++----
 admin/views/edit-page.php            |  3 +-
 admin/views/edit-post.php            |  3 +-
 admin/views/edit-user.php            |  4 +-
 admin/views/login.php                | 23 ++++++-----
 admin/views/manage-pages.php         |  2 +-
 admin/views/manage-posts.php         |  2 +-
 admin/views/new-page.php             |  6 ++-
 admin/views/new-post.php             |  4 +-
 admin/views/plugins.php              |  2 +-
 admin/views/settings.php             | 11 +++++-
 admin/views/themes.php               |  2 +-
 admin/views/users.php                |  2 +-
 kernel/boot/admin.php                |  4 ++
 kernel/boot/rules/70.posts.php       |  3 +-
 kernel/boot/rules/80.plugins.php     |  2 +-
 kernel/boot/rules/99.security.php    | 41 +++++++++++++++++++
 kernel/boot/site.php                 |  3 ++
 kernel/dbposts.class.php             |  9 +++--
 kernel/dbsite.class.php              |  2 +-
 kernel/dbtags.class.php              |  3 +-
 kernel/helpers/session.class.php     | 47 +++++++++++-----------
 kernel/helpers/text.class.php        |  2 +-
 kernel/post.class.php                | 13 +++++-
 kernel/security.class.php            | 36 +++++++++++++++++
 kernel/url.class.php                 | 10 ++++-
 languages/en_US.json                 |  3 +-
 plugins/pages/plugin.php             |  8 +++-
 plugins/simplemde/plugin.php         |  2 +-
 plugins/tags/plugin.php              |  2 +-
 33 files changed, 240 insertions(+), 97 deletions(-)
 create mode 100644 kernel/boot/rules/99.security.php

diff --git a/admin/controllers/login.php b/admin/controllers/login.php
index d9ee03fe..a7aca352 100644
--- a/admin/controllers/login.php
+++ b/admin/controllers/login.php
@@ -22,6 +22,9 @@ function checkPost($args)
 	// Verify User sanitize the input
 	if( $Login->verifyUser($_POST['username'], $_POST['password']) )
 	{
+		// Renew the token. This token will be the same inside the session for multiple forms.
+		$Security->generateToken();
+
 		Redirect::page('admin', 'dashboard');
 		return true;
 	}
diff --git a/admin/themes/default/css/default.css b/admin/themes/default/css/default.css
index f3dd8459..c7626bc6 100644
--- a/admin/themes/default/css/default.css
+++ b/admin/themes/default/css/default.css
@@ -32,7 +32,7 @@ span.label {
 /* ----------- HEAD ----------- */
 #head {
     overflow: auto;
-    border-top: 10px #f1f1f1 solid;
+    border-top: 10px #eee solid;
     border-bottom: 1px solid #f1f1f1;
     padding: 10px 0;
 }
@@ -105,6 +105,10 @@ h2.title {
     font-weight: normal;
 }
 
+h2.title i.fa {
+    margin-right: 8px;
+}
+
 /* ----------- TABLE ----------- */
 table {
     background-color: #fff;
diff --git a/admin/views/add-user.php b/admin/views/add-user.php
index b2dcedd2..c7bb96be 100644
--- a/admin/views/add-user.php
+++ b/admin/views/add-user.php
@@ -1,38 +1,41 @@
-<h2 class="title"><i class="fa fa-user-plus"></i> <?php $Language->p('Add a new user') ?></h2>
+<h2 class="title"><i class="fa fa-user-plus"></i><?php $Language->p('Add a new user') ?></h2>
 
 <?php makeNavbar('users'); ?>
 
 <form method="post" action="" class="forms" autocomplete="off">
-    <label>
-        <?php $Language->p('Username') ?>
-        <input type="text" name="username" class="width-50" value="<?php echo (isset($_POST['username'])?$_POST['username']:'') ?>">
-    </label>
 
-    <label>
-        <?php $Language->p('Password') ?>
-        <input type="password" name="password" class="width-50">
-    </label>
+	<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
 
-    <label>
-        <?php $Language->p('Confirm Password') ?>
-        <input type="password" name="confirm-password" class="width-50">
-    </label>
+	<label>
+	<?php $Language->p('Username') ?>
+	<input type="text" name="username" class="width-50" value="<?php echo (isset($_POST['username'])?$_POST['username']:'') ?>">
+	</label>
 
-    <label for="country">
-        <?php $Language->p('Role') ?>
-        <select name="role" class="width-50">
-            <option value="editor"><?php $Language->p('Editor') ?></option>
-            <option value="admin"><?php $Language->p('Administrator') ?></option>
-        </select>
-        <div class="forms-desc"><?php $Language->p('you-can-choose-the-users-privilege') ?></div>
-    </label>
+	<label>
+	<?php $Language->p('Password') ?>
+	<input type="password" name="password" class="width-50">
+	</label>
 
-    <label>
-        Email
-        <input type="text" name="email" class="width-50" value="<?php echo (isset($_POST['email'])?$_POST['email']:'') ?>">
-        <div class="forms-desc"><?php $Language->p('email-will-not-be-publicly-displayed') ?></div>
-    </label>
+	<label>
+	<?php $Language->p('Confirm Password') ?>
+	<input type="password" name="confirm-password" class="width-50">
+	</label>
 
-    <input type="submit" class="btn btn-blue" value="<?php $Language->p('Add') ?>" name="add-user">
-    <a href="<?php echo HTML_PATH_ADMIN_ROOT.'users' ?>" class="btn"><?php $Language->p('Cancel') ?></a>
+	<label for="country">
+	<?php $Language->p('Role') ?>
+	<select name="role" class="width-50">
+	<option value="editor"><?php $Language->p('Editor') ?></option>
+	<option value="admin"><?php $Language->p('Administrator') ?></option>
+	</select>
+	<div class="forms-desc"><?php $Language->p('you-can-choose-the-users-privilege') ?></div>
+	</label>
+
+	<label>
+	Email
+	<input type="text" name="email" class="width-50" value="<?php echo (isset($_POST['email'])?$_POST['email']:'') ?>">
+	<div class="forms-desc"><?php $Language->p('email-will-not-be-publicly-displayed') ?></div>
+	</label>
+
+	<input type="submit" class="btn btn-blue" value="<?php $Language->p('Add') ?>" name="add-user">
+	<a href="<?php echo HTML_PATH_ADMIN_ROOT.'users' ?>" class="btn"><?php $Language->p('Cancel') ?></a>
 </form>
\ No newline at end of file
diff --git a/admin/views/configure-plugin.php b/admin/views/configure-plugin.php
index 92743329..87bce405 100644
--- a/admin/views/configure-plugin.php
+++ b/admin/views/configure-plugin.php
@@ -2,14 +2,15 @@
 
 <form id="jsformplugin" method="post" action="" class="forms">
 
-    <input type="hidden" id="jskey" name="key" value="">
+	<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
+	<input type="hidden" id="jskey" name="key" value="">
 
-    <?php
-        echo $_Plugin->form();
-    ?>
+	<?php
+		echo $_Plugin->form();
+	?>
 
-    <div>
-    <button class="btn btn-blue" name="publish"><?php echo $Language->p('Save') ?></button>
-    </div>
+	<div>
+	<button class="btn btn-blue" name="publish"><?php echo $Language->p('Save') ?></button>
+	</div>
 
 </form>
\ No newline at end of file
diff --git a/admin/views/edit-page.php b/admin/views/edit-page.php
index 3f733924..30f57e5f 100644
--- a/admin/views/edit-page.php
+++ b/admin/views/edit-page.php
@@ -1,7 +1,8 @@
-<h2 class="title"><i class="fa fa-pencil"></i> <?php $Language->p('Edit page') ?></h2>
+<h2 class="title"><i class="fa fa-pencil"></i><?php $Language->p('Edit page') ?></h2>
 
 <form id="jsform" method="post" action="" class="forms">
 
+    <input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
     <input type="hidden" id="jskey" name="key" value="<?php echo $_Page->key() ?>">
 
     <label>
diff --git a/admin/views/edit-post.php b/admin/views/edit-post.php
index 99899da1..b8f2ff7e 100644
--- a/admin/views/edit-post.php
+++ b/admin/views/edit-post.php
@@ -1,7 +1,8 @@
-<h2 class="title"><i class="fa fa-pencil"></i> <?php $Language->p('Edit post') ?></h2>
+<h2 class="title"><i class="fa fa-pencil"></i><?php $Language->p('Edit post') ?></h2>
 
 <form method="post" action="" class="forms">
 
+	<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
 	<input type="hidden" id="jskey" name="key" value="<?php echo $_Post->key() ?>">
 
 	<label>
diff --git a/admin/views/edit-user.php b/admin/views/edit-user.php
index e72c79c6..c9dfbba4 100644
--- a/admin/views/edit-user.php
+++ b/admin/views/edit-user.php
@@ -1,4 +1,4 @@
-<h2 class="title"><i class="fa fa-user"></i> <?php $Language->p('Edit user') ?></h2>
+<h2 class="title"><i class="fa fa-user"></i><?php $Language->p('Edit user') ?></h2>
 
 <nav class="navbar nav-pills sublinks" data-tools="tabs" data-active="#profile">
     <ul>
@@ -18,6 +18,8 @@
 
 <div id="profile">
 <form method="post" action="" class="forms">
+
+    <input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
     <input type="hidden" name="edit-user" value="true">
     <input type="hidden" name="username" value="<?php echo $_user['username'] ?>">
 
diff --git a/admin/views/login.php b/admin/views/login.php
index f94592db..bbf376a6 100644
--- a/admin/views/login.php
+++ b/admin/views/login.php
@@ -1,13 +1,18 @@
 <h2 class="title"><?php $Language->p('Login') ?></h2>
 
 <form method="post" action="<?php echo HTML_PATH_ADMIN_ROOT.'login' ?>" class="forms" autocomplete="off">
-    <label>
-        <input type="text" name="username" placeholder="<?php $Language->p('Username') ?>" class="width-100" autocomplete="off">
-    </label>
-    <label>
-        <input type="password" name="password" placeholder="<?php $Language->p('Password') ?>" class="width-100" autocomplete="off">
-    </label>
-    <p>
-        <button class="btn btn-blue width-100"><?php $Language->p('Login') ?></button>
-    </p>
+
+	<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
+
+	<label>
+		<input type="text" name="username" placeholder="<?php $Language->p('Username') ?>" class="width-100" autocomplete="off">
+	</label>
+
+	<label>
+		<input type="password" name="password" placeholder="<?php $Language->p('Password') ?>" class="width-100" autocomplete="off">
+	</label>
+
+	<p>
+		<button class="btn btn-blue width-100"><?php $Language->p('Login') ?></button>
+	</p>
 </form>
\ No newline at end of file
diff --git a/admin/views/manage-pages.php b/admin/views/manage-pages.php
index e2370ee1..7baea676 100644
--- a/admin/views/manage-pages.php
+++ b/admin/views/manage-pages.php
@@ -1,4 +1,4 @@
-<h2 class="title"><i class="fa fa-file-text-o"></i> <?php $Language->p('Manage pages') ?></h2>
+<h2 class="title"><i class="fa fa-file-text-o"></i><?php $Language->p('Manage pages') ?></h2>
 
 <?php makeNavbar('manage'); ?>
 
diff --git a/admin/views/manage-posts.php b/admin/views/manage-posts.php
index 107d112a..349621cd 100755
--- a/admin/views/manage-posts.php
+++ b/admin/views/manage-posts.php
@@ -1,4 +1,4 @@
-<h2 class="title"><i class="fa fa-file-text-o"></i> <?php $Language->p('Manage posts') ?></h2>
+<h2 class="title"><i class="fa fa-file-text-o"></i><?php $Language->p('Manage posts') ?></h2>
 
 <?php makeNavbar('manage'); ?>
 
diff --git a/admin/views/new-page.php b/admin/views/new-page.php
index c8520f84..37e6013d 100644
--- a/admin/views/new-page.php
+++ b/admin/views/new-page.php
@@ -2,9 +2,11 @@
 
 <form method="post" action="" class="forms">
 
+    <input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
+
     <label>
-        <?php $Language->p('Title') ?>
-        <input id="jstitle" name="title" type="text" class="width-90">
+    <?php $Language->p('Title') ?>
+    <input id="jstitle" name="title" type="text" class="width-90">
     </label>
 
     <label class="width-90">
diff --git a/admin/views/new-post.php b/admin/views/new-post.php
index 366e62be..603b477b 100644
--- a/admin/views/new-post.php
+++ b/admin/views/new-post.php
@@ -1,7 +1,9 @@
-<h2 class="title"><i class="fa fa-pencil"></i> <?php $Language->p('New post') ?></h2>
+<h2 class="title"><i class="fa fa-pencil"></i><?php $Language->p('New post') ?></h2>
 
 <form method="post" action="" class="forms">
 
+	<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
+
 	<label>
 		<?php $Language->p('Title') ?>
 		<input id="jstitle" name="title" type="text" class="width-90">
diff --git a/admin/views/plugins.php b/admin/views/plugins.php
index 8f862ae8..ec981b09 100644
--- a/admin/views/plugins.php
+++ b/admin/views/plugins.php
@@ -1,4 +1,4 @@
-<h2 class="title"><i class="fa fa-rocket"></i> <?php $Language->p('Plugins') ?></h2>
+<h2 class="title"><i class="fa fa-rocket"></i><?php $Language->p('Plugins') ?></h2>
 
 <?php
 	foreach($plugins['all'] as $Plugin)
diff --git a/admin/views/settings.php b/admin/views/settings.php
index 7f342b0c..96200c2a 100644
--- a/admin/views/settings.php
+++ b/admin/views/settings.php
@@ -1,4 +1,4 @@
-<h2 class="title"><i class="fa fa-cogs"></i> <?php $Language->p('Settings') ?></h2>
+<h2 class="title"><i class="fa fa-cogs"></i><?php $Language->p('Settings') ?></h2>
 
 <nav class="navbar nav-pills sublinks" data-tools="tabs" data-active="#general">
     <ul>
@@ -15,6 +15,9 @@
 
 <div id="general">
 <form method="post" action="" class="forms">
+
+    <input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
+
     <label>
     <?php $Language->p('Site title') ?>
     <input type="text" name="title" class="width-50" value="<?php echo $Site->title() ?>">
@@ -50,6 +53,9 @@
 
 <div id="advanced">
 <form method="post" action="" class="forms">
+
+    <input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
+
     <label for="postsperpage">
         <?php $Language->p('Posts per page') ?>
         <select name="postsperpage" class="width-50">
@@ -112,6 +118,9 @@
 
 <div id="regional">
 <form method="post" action="" class="forms" name="form-regional">
+
+    <input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
+
     <label for="jslanguage">
         <?php $Language->p('Language') ?>
         <select id="jslanguage" name="language" class="width-50">
diff --git a/admin/views/themes.php b/admin/views/themes.php
index 88bcdbb8..a1c787aa 100644
--- a/admin/views/themes.php
+++ b/admin/views/themes.php
@@ -1,4 +1,4 @@
-<h2 class="title"><i class="fa fa-adjust"></i> <?php $Language->p('Themes') ?></h2>
+<h2 class="title"><i class="fa fa-adjust"></i><?php $Language->p('Themes') ?></h2>
 
 <?php
 	foreach($themes as $theme)
diff --git a/admin/views/users.php b/admin/views/users.php
index 315bd066..ae75d585 100644
--- a/admin/views/users.php
+++ b/admin/views/users.php
@@ -1,4 +1,4 @@
-<h2 class="title"><i class="fa fa-users"></i> <?php $Language->p('Users') ?></h2>
+<h2 class="title"><i class="fa fa-users"></i><?php $Language->p('Users') ?></h2>
 
 <?php makeNavbar('users'); ?>
 
diff --git a/kernel/boot/admin.php b/kernel/boot/admin.php
index 90b121b5..3af227b1 100644
--- a/kernel/boot/admin.php
+++ b/kernel/boot/admin.php
@@ -45,12 +45,16 @@ else
 	include(PATH_RULES.'99.header.php');
 	include(PATH_RULES.'99.paginator.php');
 	include(PATH_RULES.'99.themes.php');
+	include(PATH_RULES.'99.security.php');
 
 	if($Url->notFound() || !$Login->isLogged() || ($Url->slug()==='login') )
 	{
 		$layout['controller']	= 'login';
 		$layout['view']		= 'login';
 		$layout['template']	= 'login.php';
+
+		// Generate the token for the user not logged, when the user is loggued the token will be change.
+		$Security->generateToken();
 	}
 
 	// Plugins before admin area loaded
diff --git a/kernel/boot/rules/70.posts.php b/kernel/boot/rules/70.posts.php
index 0b08e20f..3fa0fb49 100644
--- a/kernel/boot/rules/70.posts.php
+++ b/kernel/boot/rules/70.posts.php
@@ -99,8 +99,7 @@ function buildPostsForPage($pageNumber=0, $amount=POSTS_PER_PAGE_ADMIN, $removeU
 	}
 
 	// There are not posts for the page number then set the page notfound
-	//if(empty($list) && $pageNumber>0) {
-	if(empty($list)) {
+	if(empty($list) && $pageNumber>0) {
 		$Url->setNotFound(true);
 	}
 
diff --git a/kernel/boot/rules/80.plugins.php b/kernel/boot/rules/80.plugins.php
index 81c05145..47c6f349 100644
--- a/kernel/boot/rules/80.plugins.php
+++ b/kernel/boot/rules/80.plugins.php
@@ -83,7 +83,7 @@ function build_plugins()
 		$Language->add($databaseArray);
 
 		// Push Plugin to array all plugins installed and not installed.
-		array_push($plugins['all'], $Plugin);
+		$plugins['all'][$pluginClass] = $Plugin;
 
 		// If the plugin installed
 		if($Plugin->installed())
diff --git a/kernel/boot/rules/99.security.php b/kernel/boot/rules/99.security.php
new file mode 100644
index 00000000..aada4dbd
--- /dev/null
+++ b/kernel/boot/rules/99.security.php
@@ -0,0 +1,41 @@
+<?php defined('BLUDIT') or die('Bludit CMS.');
+
+// ============================================================================
+// Variables
+// ============================================================================
+
+// ============================================================================
+// Functions
+// ============================================================================
+
+// ============================================================================
+// Main before POST
+// ============================================================================
+
+// ============================================================================
+// POST Method
+// ============================================================================
+
+if( $_SERVER['REQUEST_METHOD'] == 'POST' )
+{
+	$token = isset($_POST['token']) ? Sanitize::html($_POST['token']) : false;
+
+	if( !$Security->validateToken($token) )
+	{
+		Log::set(__METHOD__.LOG_SEP.'Error occurred when trying validate the token. Token ID: '.$token);
+
+		// Destroy the session.
+		Session::destroy();
+
+		// Redirect to login panel.
+		Redirect::page('admin', 'login');
+	}
+	else
+	{
+		unset($_POST['token']);
+	}
+}
+
+// ============================================================================
+// Main after POST
+// ============================================================================
\ No newline at end of file
diff --git a/kernel/boot/site.php b/kernel/boot/site.php
index a031f722..5228a048 100644
--- a/kernel/boot/site.php
+++ b/kernel/boot/site.php
@@ -20,6 +20,9 @@ if( Sanitize::pathFile(PATH_THEMES, $Site->theme().DS.'init.php') ) {
 if( Sanitize::pathFile(PATH_THEMES, $Site->theme().DS.'index.php') ) {
 	include(PATH_THEMES.$Site->theme().DS.'index.php');
 }
+else {
+	$Language->p('Please check your theme configuration');
+}
 
 // Plugins after site loaded
 Theme::plugins('afterSiteLoad');
\ No newline at end of file
diff --git a/kernel/dbposts.class.php b/kernel/dbposts.class.php
index 5cb0ba7d..6ff99c93 100644
--- a/kernel/dbposts.class.php
+++ b/kernel/dbposts.class.php
@@ -112,6 +112,12 @@ class dbPosts extends dbJSON
 			$args['status'] = 'scheduled';
 		}
 
+		// Tags
+		if(Text::isNotEmpty($args['tags'])) {
+			$cleanTags = array_map('trim', explode(',', $args['tags']));
+			$args['tags'] = implode(',', $cleanTags);
+		}
+
 		// Verify arguments with the database fields.
 		foreach($this->dbFields as $field=>$options)
 		{
@@ -336,9 +342,6 @@ class dbPosts extends dbJSON
 			uasort($this->db, array($this, 'sortLowToHigh'));
 		}
 
-
-		Log::set(__METHOD__.LOG_SEP.'Sorted.'.$HighToLow);
-
 		return true;
 	}
 
diff --git a/kernel/dbsite.class.php b/kernel/dbsite.class.php
index 72dc584f..ac3928f0 100644
--- a/kernel/dbsite.class.php
+++ b/kernel/dbsite.class.php
@@ -138,7 +138,7 @@ class dbSite extends dbJSON
 	// Returns the relative home link
 	public function homeLink()
 	{
-		return 	HTML_PATH_ROOT;
+		return HTML_PATH_ROOT;
 	}
 
 	// Returns the timezone.
diff --git a/kernel/dbtags.class.php b/kernel/dbtags.class.php
index c5739769..92d7b824 100644
--- a/kernel/dbtags.class.php
+++ b/kernel/dbtags.class.php
@@ -65,7 +65,8 @@ class dbTags extends dbJSON
 			foreach($explode as $tagName)
 			{
 				$tagName = trim($tagName);
-				$tagKey = Text::cleanUrl($tagName);
+				$tagKey = $tagName;
+				//$tagKey = Text::cleanUrl($tagName);
 
 				// If the tag is not empty.
 				if(Text::isNotEmpty($tagName))
diff --git a/kernel/helpers/session.class.php b/kernel/helpers/session.class.php
index fdd464ca..b61b5724 100644
--- a/kernel/helpers/session.class.php
+++ b/kernel/helpers/session.class.php
@@ -1,6 +1,6 @@
 <?php defined('BLUDIT') or die('Bludit CMS.');
 
-class Session {
+	class Session {
 
 	private static $started = false;
 
@@ -10,40 +10,41 @@ class Session {
 		//	return true;
 
 		// DEBUG: Ver un nombre con alguna llave random al momentode instalar.
-    	$session_name = 'Bludit-KEY';
+		$session_name = 'Bludit-KEY';
 
-    	// If TRUE cookie will only be sent over secure connections.
-    	$secure = false;
+		// If TRUE cookie will only be sent over secure connections.
+		$secure = false;
 
-    	// If set to TRUE then PHP will attempt to send the httponly flag when setting the session cookie.
-    	$httponly = true;
+		// If set to TRUE then PHP will attempt to send the httponly flag when setting the session cookie.
+		$httponly = true;
 
-    	// This specifies the lifetime of the cookie in seconds which is sent to the browser.
-    	// The value 0 means until the browser is closed.
-    	$cookieLifetime = 0;
+		// This specifies the lifetime of the cookie in seconds which is sent to the browser.
+		// The value 0 means until the browser is closed.
+		$cookieLifetime = 0;
 
 		// Gets current cookies params.
 		$cookieParams = session_get_cookie_params();
 
-    	session_set_cookie_params($cookieLifetime,
-        	$cookieParams["path"],
-        	$cookieParams["domain"],
-        	$secure,
-        	$httponly
-        );
+		session_set_cookie_params(
+			$cookieLifetime,
+			$cookieParams["path"],
+			$cookieParams["domain"],
+			$secure,
+			$httponly
+		);
 
-	    // Sets the session name to the one set above.
-	    session_name($session_name);
+		// Sets the session name to the one set above.
+		session_name($session_name);
 
-    	// Start session.
-    	self::$started = session_start();
+		// Start session.
+		self::$started = session_start();
 
 		// Regenerated the session, delete the old one. There are problems with AJAX.
 		//session_regenerate_id(true);
 
-    	if(!self::$started) {
-    		Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to start the session.');
-    	}
+		if(!self::$started) {
+			Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to start the session.');
+		}
 	}
 
 	public static function started()
@@ -81,4 +82,4 @@ class Session {
 
 		return false;
 	}
-}
+}
\ No newline at end of file
diff --git a/kernel/helpers/text.class.php b/kernel/helpers/text.class.php
index 42e6bc9c..d5760363 100644
--- a/kernel/helpers/text.class.php
+++ b/kernel/helpers/text.class.php
@@ -148,7 +148,7 @@ class Text {
 
 	public static function imgRel2Abs($string, $base)
 	{
-		return preg_replace('/(?!code).(src)="([^:"]*)(?:")/', "$1=\"$base$2\"", $string);
+		return preg_replace('/(src)="([^:"]*)(?:")/', "$1=\"$base$2\"", $string);
 	}
 
 	public static function pre2htmlentities($string)
diff --git a/kernel/post.class.php b/kernel/post.class.php
index ef5fb616..8083f664 100644
--- a/kernel/post.class.php
+++ b/kernel/post.class.php
@@ -111,9 +111,18 @@ class Post extends fileContent
 		return $date;
 	}
 
-	public function tags()
+	public function tags($returnsArray=false)
 	{
-		return $this->getField('tags');
+		global $Url;
+
+		$tags = $this->getField('tags');
+
+		if($returnsArray) {
+			return explode(',', $tags);
+		}
+		else {
+			return $tags;
+		}
 	}
 
 	public function slug()
diff --git a/kernel/security.class.php b/kernel/security.class.php
index 3761a1e4..062bf3f5 100644
--- a/kernel/security.class.php
+++ b/kernel/security.class.php
@@ -13,6 +13,42 @@ class Security extends dbJSON
 		parent::__construct(PATH_DATABASES.'security.php');
 	}
 
+	// ====================================================
+	// TOKEN FOR CSRF
+	// ====================================================
+
+	// Generate and save the token in Session.
+	public function generateToken()
+	{
+		$token = Text::randomText(8);
+		$token = sha1($token);
+
+		Session::set('token', $token);
+	}
+
+	// Validate the token.
+	public function validateToken($token)
+	{
+		$sessionToken = Session::get('token');
+
+		return ( !empty($sessionToken) && ($sessionToken===$token) );
+	}
+
+	// Returns the token.
+	public function getToken()
+	{
+		return Session::get('token');
+	}
+
+	public function printToken()
+	{
+		echo Session::get('token');
+	}
+
+	// ====================================================
+	// BRUTE FORCE PROTECTION
+	// ====================================================
+
 	public function isBlocked()
 	{
 		$ip = $this->getUserIp();
diff --git a/kernel/url.class.php b/kernel/url.class.php
index 21aed6ad..1071134a 100644
--- a/kernel/url.class.php
+++ b/kernel/url.class.php
@@ -100,9 +100,15 @@ class Url
 	}
 
 	// Return the filter used
-	public function filters($type)
+	public function filters($type, $trim=true)
 	{
-		return $this->filters[$type];
+		$filter = $this->filters[$type];
+
+		if($trim) {
+			$filter = trim($filter, '/');
+		}
+
+		return $filter;
 	}
 
 	// Return: home, tag, post
diff --git a/languages/en_US.json b/languages/en_US.json
index 2bbda2bc..29eac24f 100755
--- a/languages/en_US.json
+++ b/languages/en_US.json
@@ -161,5 +161,6 @@
 	"date": "Date",
 	"you-can-schedule-the-post-just-select-the-date-and-time": "You can schedule the post, just select the date and time.",
 	"scheduled": "Scheduled",
-	"publish": "Publish"
+	"publish": "Publish",
+	"please-check-your-theme-configuration": "Please check your theme configuration."
 }
diff --git a/plugins/pages/plugin.php b/plugins/pages/plugin.php
index eafa9b06..38dc19be 100755
--- a/plugins/pages/plugin.php
+++ b/plugins/pages/plugin.php
@@ -34,7 +34,13 @@ class pluginPages extends Plugin {
 		global $Site;
 
 		$html  = '<div class="plugin plugin-pages">';
-		$html .= '<h2>'.$this->getDbField('label').'</h2>';
+
+		// If the label is not empty, print it.
+		$label = $this->getDbField('label');
+		if( !empty($label) ) {
+			$html .= '<h2>'.$label.'</h2>';
+		}
+
 		$html .= '<div class="plugin-content">';
 
 		$parents = $pagesParents[NO_PARENT_CHAR];
diff --git a/plugins/simplemde/plugin.php b/plugins/simplemde/plugin.php
index d9aeaf1a..703a7fa9 100755
--- a/plugins/simplemde/plugin.php
+++ b/plugins/simplemde/plugin.php
@@ -82,7 +82,7 @@ class pluginsimpleMDE extends Plugin {
 					toolbarTips: true,
 					toolbarGuideIcon: true,
 					autofocus: false,
-					lineWrapping: false,
+					lineWrapping: true,
 					indentWithTabs: true,
 					tabSize: '.$this->getDbField('tabSize').',
 					spellChecker: false,
diff --git a/plugins/tags/plugin.php b/plugins/tags/plugin.php
index ea12d601..4aef1b5d 100755
--- a/plugins/tags/plugin.php
+++ b/plugins/tags/plugin.php
@@ -28,7 +28,7 @@ class pluginTags extends Plugin {
 		global $Url;
 
 		$db = $dbTags->db['postsIndex'];
-		$filter = trim($Url->filters('tag'), '/');
+		$filter = $Url->filters('tag');
 
 		$html  = '<div class="plugin plugin-tags">';
 		$html .= '<h2>'.$this->getDbField('label').'</h2>';