Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/master' into responsiveadmin

Browse Source
This commit is contained in:
azett 2021-11-01 12:37:38 +01:00
commit 213642324c
13 changed files with 179 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -1,4 +1,4 @@
# 2021-xx-xx: FlatPress 1.2.1 # 2021-06-19: [FlatPress 1.2.1](https://github.com/flatpressblog/flatpress/releases/tag/1.2.1)
## Bugfixes ## Bugfixes
- BOM in French language files lead to blank page in admin area (see [#82](https://github.com/flatpressblog/flatpress/issues/82)) - BOM in French language files lead to blank page in admin area (see [#82](https://github.com/flatpressblog/flatpress/issues/82))
## Translations ## Translations

2
CONTRIBUTORS.md
View File

@ -6,7 +6,7 @@ If you think someone's missing here, please let us know.
## The team ## The team
FlatPress was initially developed by [Edoardo Vacchi (NoWhereMan)](https://github.com/evacchi "github.com/evacchi"). Edoardo was supported by [Hydra](http://hydra.clans.it/ "hydra.clans.it"), [drudo](https://drudotec.wordpress.com/ "drudotec.wordpress.com"), giulio, [alcor](http://alcor.altervista.org/ "alcor.altervista.org"), and [Tychondriax](http://tychondriax.altervista.org/blog/ "tychondriax.altervista.org").<br> FlatPress was initially developed by [Edoardo Vacchi (NoWhereMan)](https://github.com/evacchi "github.com/evacchi"). Edoardo was supported by [Hydra](http://hydra.clans.it/ "hydra.clans.it"), [drudo](https://drudotec.wordpress.com/ "drudotec.wordpress.com"), giulio, [alcor](http://alcor.altervista.org/ "alcor.altervista.org"), and [Tychondriax](http://tychondriax.altervista.org/blog/ "tychondriax.altervista.org").<br>
<br> <br>
Since 2018, FlatPress is taken care of by [Arvid Zimmermann](https://arvidzimmermann.de "arvidzimmermann.de"). Since 2018, FlatPress is taken care of by [Arvid Zimmermann](https://github.com/azett "github.com/azett").
## Coding ## Coding
- Piero VDFN introduced the plugins Comment Center, jQuery, and LightBox2. - Piero VDFN introduced the plugins Comment Center, jQuery, and LightBox2.

30
README.md
View File

@ -1,15 +1,41 @@
<a href="https://github.com/flatpressblog/flatpress/releases" title="See releases"><img alt="See releases" src="https://img.shields.io/github/release/flatpressblog/flatpress.svg?label=Latest%20release&style=plastic"></a> <a href="./LICENSE.md" title="License"><img alt="License" src="https://img.shields.io/github/license/flatpressblog/flatpress.svg?style=plastic"></a><br> [![Home page](https://img.shields.io/badge/Home%20page-🏠-555?style=plastic)](https://www.flatpress.org "Home page")
[[flatpress.org](https://www.flatpress.org/)] [[Support forum](https://forum.flatpress.org/)] [[Wiki](https://wiki.flatpress.org/)] [[GitHub](https://github.com/flatpressblog/flatpress)] [<a rel="me" href="https://fosstodon.org/@flatpress">Mastodon</a>] [[Twitter](https://www.twitter.com/FlatPress)] [[Changelog](./CHANGELOG.md)] [[Contributors](./CONTRIBUTORS.md)] [![Support forum](https://img.shields.io/badge/Support%20forum-💬-555?style=plastic)](https://forum.flatpress.org "Support forum")
[![Wiki](https://img.shields.io/badge/Wiki-📖-555?style=plastic)](https://wiki.flatpress.org "Wiki")
[![Mastodon](https://img.shields.io/badge/Mastodon-🐘-555?style=plastic)](https://fosstodon.org/@flatpress "FlatPress@Mastodon")
[![Twitter](https://img.shields.io/badge/Twitter-🐦-555?style=plastic)](https://twitter.com/FlatPress "FlatPress@Twitter")
[![Change log](https://img.shields.io/badge/Change%20log-📜-555?style=plastic)](./CHANGELOG.md "Change log")
[![Security policy](https://img.shields.io/badge/Security%20policy-⚡-555?style=plastic)](./SECURITY.md "Security policy")
[![Contributors](https://img.shields.io/badge/Contributors-😎-555?style=plastic)](./CONTRIBUTORS.md "Contributors")
[![Releases](https://img.shields.io/github/release/flatpressblog/flatpress.svg?label=Latest%20release&style=plastic)](https://github.com/flatpressblog/flatpress/releases "See all releases")
[![License](https://img.shields.io/github/license/flatpressblog/flatpress.svg?style=plastic)](./LICENSE.md "License")
[![Open issues](https://img.shields.io/github/issues-raw/flatpressblog/flatpress?style=plastic)](https://github.com/flatpressblog/flatpress/issues "See open issues")
[![Last commit](https://img.shields.io/github/last-commit/flatpressblog/flatpress?style=plastic)](https://github.com/flatpressblog/flatpress/commits/ "Last commit")
# Welcome to FlatPress! # Welcome to FlatPress!
FlatPress is a lightweight, easy-to-set-up blogging engine. Plain and simple, just PHP. No database needed! FlatPress is a lightweight, easy-to-set-up blogging engine. Plain and simple, just PHP. No database needed!
## Features
- Independent, standard-compliant blog software
- Works on files, __no database__
- Easy to setup, easy to backup
- Powerful __plugin system__ with widget support
- Easy to customize with __themes__, powered by [Smarty](http://www.smarty.net/)
- __Comments__ function with spam protection
- __Free software__ under [GNU GPLv2](LICENSE.md)
## Getting started ## Getting started
Installing and running FlatPress is really easy: Installing and running FlatPress is really easy:
- [Download FlatPress](https://www.flatpress.org/download), unzip, upload - [Download FlatPress](https://www.flatpress.org/download), unzip, upload
- Browse to your web server, run simple FlatPress installer - Browse to your web server, run simple FlatPress installer
- Enjoy blogging with FlatPress! - Enjoy blogging with FlatPress!
## Help and support
Visit our [wiki](https://wiki.flatpress.org) to learn everything about blogging with FlatPress, how to work with themes and plugins and where to find them. The wiki also has the [general FAQ](https://wiki.flatpress.org/doc:faq) and the [tech FAQ](https://wiki.flatpress.org/doc:techfaq).
Ask your questions, show off your FlatPress blog and meet fellow FlatPressers at the [support forum](https://forum.flatpress.org).
## Requirements ## Requirements
FlatPress runs on any web server (e.g. Apache or IIS) with PHP 5.6 or higher. Since all data is stored in files, no database is needed. FlatPress runs on any web server (e.g. Apache or IIS) with PHP 5.6 or higher. Since all data is stored in files, no database is needed.

5
SECURITY.md Normal file
View File

@ -0,0 +1,5 @@
# Security Policy
Thank you for your efforts on the security of the FlatPress software. Feel free to report any vulnerability you stumble upon!
## Reporting a vulnerability
Please report security issues to `hello@flatpress.org`, it's as simple as that. Thanks!

3
defaults.php
View File

@ -120,10 +120,9 @@ if (isset($_SERVER ['HTTPS'])) {
} }
$serverport = "false"; $serverport = "false";
// Unterstützung für Apache und IIS // Unterstützung für Apache und IIS
ini_set('session.cookie_secure', 1);
if (isset($_SERVER ['HTTPS']) && ($_SERVER ['HTTPS'] == '1' || strtolower($_SERVER ['HTTPS']) == 'on')) { if (isset($_SERVER ['HTTPS']) && ($_SERVER ['HTTPS'] == '1' || strtolower($_SERVER ['HTTPS']) == 'on')) {
$serverport = "https://"; $serverport = "https://";
// Uses a secure connection (HTTPS) if possible
ini_set('session.cookie_secure', 1);
} else { } else {
$serverport = "http://"; $serverport = "http://";
} }

37
fp-includes/core/core.cookie.php
View File

@ -1,7 +1,6 @@
<?php <?php
function cookie_setup() { function cookie_setup() {
global $fp_config; global $fp_config;
// md5(BLOG_BASEURL); // md5(BLOG_BASEURL);
@ -22,20 +21,25 @@ if ( !defined('SITECOOKIEPATH') )
define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL)); define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL));
if (!defined('COOKIE_DOMAIN')) if (!defined('COOKIE_DOMAIN'))
define('COOKIE_DOMAIN', false); define('COOKIE_DOMAIN', false);
if (!defined('COOKIE_SECURE'))
define('COOKIE_SECURE', true);
} }
if (!function_exists('wp_get_cookie_login')) : if (!function_exists('wp_get_cookie_login')) :
function wp_get_cookie_login() { function wp_get_cookie_login() {
if (empty($_COOKIE [USER_COOKIE]) || empty($_COOKIE [PASS_COOKIE])) if (empty($_COOKIE [USER_COOKIE]) || empty($_COOKIE [PASS_COOKIE]))
return false; return false;
return array('login' => $_COOKIE[USER_COOKIE], 'password' => $_COOKIE[PASS_COOKIE]); return array(
'login' => $_COOKIE [USER_COOKIE],
'password' => $_COOKIE [PASS_COOKIE]
);
} }
endif; endif;
function cookie_set($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) { function cookie_set($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
if (!$already_md5) if (!$already_md5)
$password = md5(md5($password)); // Double hash the password in the cookie. $password = md5(md5($password)); // Double hash the password in the cookie.
@ -58,24 +62,24 @@ function cookie_set($username, $password, $already_md5 = false, $home = '', $sit
else else
$expire = 0; $expire = 0;
setcookie(USER_COOKIE, $username, $expire, $cookiepath, COOKIE_DOMAIN); setcookie(USER_COOKIE, $username, $expire, $cookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(PASS_COOKIE, $password, $expire, $cookiepath, COOKIE_DOMAIN); setcookie(PASS_COOKIE, $password, $expire, $cookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
if ($cookiepath != $sitecookiepath) { if ($cookiepath != $sitecookiepath) {
setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN); setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN); setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
} }
} }
function cookie_clear() { function cookie_clear() {
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
} }
if (!function_exists('wp_login')) : if (!function_exists('wp_login')) :
function wp_login($username, $password, $already_md5 = false) { function wp_login($username, $password, $already_md5 = false) {
global $wpdb, $error; global $wpdb, $error;
@ -110,6 +114,7 @@ function wp_login($username, $password, $already_md5 = false) {
endif; endif;
if (!function_exists('is_user_logged_in')) : if (!function_exists('is_user_logged_in')) :
function is_user_logged_in() { function is_user_logged_in() {
$user = wp_get_current_user(); $user = wp_get_current_user();
@ -121,11 +126,10 @@ function is_user_logged_in() {
endif; endif;
if (!function_exists('auth_redirect')) : if (!function_exists('auth_redirect')) :
function auth_redirect() { function auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page // Checks if a user is logged in, if not redirects them to the login page
if ( (!empty($_COOKIE[USER_COOKIE]) && if ((!empty($_COOKIE [USER_COOKIE]) && !wp_login($_COOKIE [USER_COOKIE], $_COOKIE [PASS_COOKIE], true)) || (empty($_COOKIE [USER_COOKIE]))) {
!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true)) ||
(empty($_COOKIE[USER_COOKIE])) ) {
nocache_headers(); nocache_headers();
wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER ['REQUEST_URI'])); wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER ['REQUEST_URI']));
@ -134,5 +138,4 @@ function auth_redirect() {
} }
endif; endif;
?> ?>

11
fp-includes/core/core.session.php
View File

@ -1,23 +1,19 @@
<?php <?php
function sess_setup() { function sess_setup() {
if (SESSION_PATH != '') if (SESSION_PATH != '')
session_save_path(SESSION_PATH); session_save_path(SESSION_PATH);
session_name(SESS_COOKIE); session_name(SESS_COOKIE);
setcookie(SESS_COOKIE, '', 0, '', COOKIE_DOMAIN, COOKIE_SECURE);
session_start(); session_start();
} }
function sess_add($key, $val) { function sess_add($key, $val) {
$_SESSION [$key] = $val; $_SESSION [$key] = $val;
} }
function sess_remove($key) { function sess_remove($key) {
if (isset($_SESSION [$key])) { if (isset($_SESSION [$key])) {
$oldval = $_SESSION [$key]; $oldval = $_SESSION [$key];
@ -29,13 +25,14 @@
function sess_get($key) { function sess_get($key) {
if (isset($_SESSION [$key])) if (isset($_SESSION [$key]))
return $_SESSION [$key]; return $_SESSION [$key];
else return false; else
return false;
} }
function sess_close() { function sess_close() {
unset($_SESSION); unset($_SESSION);
if (isset($_COOKIE [session_name()])) { if (isset($_COOKIE [session_name()])) {
setcookie(session_name(), '', time()-42000, '/'); setcookie(session_name(), '', time() - 42000, '/', COOKIE_SECURE);
session_set_cookie_params(-42000); session_set_cookie_params(-42000);
} }
session_destroy(); session_destroy();

2
fp-includes/core/core.system.php
View File

@ -68,7 +68,7 @@ function system_hashsalt_save($force = false) {
return true; return true;
} }
define('SYSTEM_VER', '1.2'); define('SYSTEM_VER', '1.2.1');
function system_ver() { function system_ver() {
return 'fp-' . SYSTEM_VER; return 'fp-' . SYSTEM_VER;

8
fp-includes/core/core.users.php
View File

@ -64,8 +64,8 @@ function user_login($userid, $pwd, $params = null) {
if ($loggedin) { if ($loggedin) {
// session_regenerate_id(); // session_regenerate_id();
$expire = time() + 31536000; $expire = time() + 31536000;
setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
} }
return $loggedin; return $loggedin;
@ -76,8 +76,8 @@ function user_logout() {
if (user_loggedin()) { if (user_loggedin()) {
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
} }
$loggedin = false; $loggedin = false;

16
fp-includes/core/core.wp-pluggable-funcs.php
View File

@ -290,12 +290,12 @@ if (!function_exists('wp_setcookie')) :
$cookiehash = md5($siteurl); $cookiehash = md5($siteurl);
} }
setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath); setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath, COOKIE_SECURE);
setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath); setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath, COOKIE_SECURE);
if ($cookiepath != $sitecookiepath) { if ($cookiepath != $sitecookiepath) {
setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath); setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath, COOKIE_SECURE);
setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath); setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath, COOKIE_SECURE);
} }
} }
endif; endif;
@ -303,10 +303,10 @@ endif;
if (!function_exists('wp_clearcookie')) : if (!function_exists('wp_clearcookie')) :
function wp_clearcookie() { function wp_clearcookie() {
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH); setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, COOKIE_SECURE);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH); setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, COOKIE_SECURE);
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH); setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_SECURE);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH); setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_SECURE);
} }
endif; endif;

4
fp-plugins/commentcenter/tpls/editpol.tpl
View File

@ -52,7 +52,11 @@
<!-- That isn't the real id but... --> <!-- That isn't the real id but... -->
<fieldset id="admin-entry-categories"> <fieldset id="admin-entry-categories">
<legend>{$plang.categories}</legend> <legend>{$plang.categories}</legend>
{if isset($policy.categories)}
{list_categories type=form selected=$policy.categories} {list_categories type=form selected=$policy.categories}
{else}
{list_categories type=form}
{/if}
</fieldset> </fieldset>
<fieldset> <fieldset>

2
fp-plugins/commentcenter/tpls/listcomments.tpl
View File

@ -25,7 +25,7 @@
{/if} {/if}
</td> </td>
<td>{if isset($comm.url)}<a href="{$comm.url|wp_specialchars}">{$comm.name|wp_specialchars}</a>{else}{$comm.name|wp_specialchars}{/if}</td> <td>{if isset($comm.url)}<a href="{$comm.url|wp_specialchars}">{$comm.name|wp_specialchars}</a>{else}{$comm.name|wp_specialchars}{/if}</td>
<td><a href="mailto:{$comm.email|wp_specialchars}">{$comm.email|wp_specialchars}</a></td> <td>{if isset($comm.email)}<a href="mailto:{$comm.email|wp_specialchars}">{$comm.email|wp_specialchars}</a>{else} {/if}</td>
{* a bit hackish: {$comm.ip-adress} would lead to $this->_tpl_vars['comm']['ip']-$this->_tpl_vars['ddress']; *} {* a bit hackish: {$comm.ip-adress} would lead to $this->_tpl_vars['comm']['ip']-$this->_tpl_vars['ddress']; *}
{assign var=ipadress value="ip-address"} {assign var=ipadress value="ip-address"}
<td>{$comm.$ipadress}</td> <td>{$comm.$ipadress}</td>

4
fp-plugins/lastcomments/plugin.lastcomments.php
View File

@ -35,14 +35,12 @@ function plugin_lastcomments_widget() {
if ($count = count($list)) { if ($count = count($list)) {
while ($arr = array_pop($list)) { while ($arr = array_pop($list)) {
theme_comments_filters($arr, $id);
$q = new FPDB_Query(array( $q = new FPDB_Query(array(
'id' => $arr ['entry'] 'id' => $arr ['entry']
), null); ), null);
// first element of the array is dropped, as it is the ID, which // first element of the array is dropped, as it is the ID, which
// we already know // we already know
@list (, $entry) = $q->getEntry($query); @list (, $entry) = $q->getEntry();
if (!$entry) { if (!$entry) {
$count--; $count--;