Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'flatpressblog:master' into master

Browse Source
This commit is contained in:
Fraenkiman 2022-12-29 22:16:49 +01:00 committed by GitHub
commit 8ac157cc1b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 166 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -53,7 +53,7 @@
- Possible XSS in setup prevented ([#176](https://github.com/flatpressblog/flatpress/issues/176)) - Possible XSS in setup prevented ([#176](https://github.com/flatpressblog/flatpress/issues/176))
- Possible XSS in Media Manager plugin prevented ([#177](https://github.com/flatpressblog/flatpress/issues/177)) - Possible XSS in Media Manager plugin prevented ([#177](https://github.com/flatpressblog/flatpress/issues/177))
- Possible path traversal in Media Manager plugin prevented ([#179](https://github.com/flatpressblog/flatpress/issues/179)) - Possible path traversal in Media Manager plugin prevented ([#179](https://github.com/flatpressblog/flatpress/issues/179))
- Possible XSS in Admin Area prevented ([#180](https://github.com/flatpressblog/flatpress/issues/180)) - Possible XSSs in Admin Area prevented ([#180](https://github.com/flatpressblog/flatpress/issues/180), [#183](https://github.com/flatpressblog/flatpress/issues/183))
# 2021-06-19: [FlatPress 1.2.1](https://github.com/flatpressblog/flatpress/releases/tag/1.2.1) # 2021-06-19: [FlatPress 1.2.1](https://github.com/flatpressblog/flatpress/releases/tag/1.2.1)
## Bugfixes ## Bugfixes

1
CONTRIBUTORS.md
View File

@ -38,3 +38,4 @@ FlatPress utilizes the following free frameworks and libraries. Thanks to their
## Other contributions ## Other contributions
- [Julian Rademacher](https://moortaube.de/) generously donated his Twitter account [@FlatPress](https://twitter.com/FlatPress). Also thanks for your useful pull requests! - [Julian Rademacher](https://moortaube.de/) generously donated his Twitter account [@FlatPress](https://twitter.com/FlatPress). Also thanks for your useful pull requests!
- [Fraenkiman](https://github.com/Fraenkiman) tests FlatPress to its very core and creates a metric ton of very helpful [issues](https://github.com/flatpressblog/flatpress/issues). - [Fraenkiman](https://github.com/Fraenkiman) tests FlatPress to its very core and creates a metric ton of very helpful [issues](https://github.com/flatpressblog/flatpress/issues).
- And last but not least: A big shout out to all the security researchers voluntarily reporting possible vulnerabilities in the FlatPress code on platforms like https://huntr.dev, or by opening [issues](https://github.com/flatpressblog/flatpress/issues). You make FlatPress a lot more secure for everyone!

178
admin/panels/config/admin.config.php
View File

@ -1,35 +1,106 @@
<?php <?php
class admin_config extends AdminPanel { class admin_config extends AdminPanel {
var $panelname = 'config';
}
class admin_config_default extends AdminPanelActionValidated { var $panelname = 'config';
}
class admin_config_default extends AdminPanelActionValidated {
var $validators = array( var $validators = array(
// not needed anymore ! // not needed anymore !
// array('blog_root', 'blog_root', 'notEmpty', false, false, 'trim'), // array('blog_root', 'blog_root', 'notEmpty', false, false, 'trim'),
array('www', 'www', 'notEmpty', false, false, 'trim'), array(
'www',
'www',
'notEmpty',
false,
false,
'trim'
),
// ... // ...
array('title', 'title', 'notEmpty', false, false, 'trim'), array(
//array('subtitle', 'subtitle', 'notEmpty', false, false, 'trim'), 'title',
//array('blogfooter', 'blogfooter', 'notEmpty', false, false, 'trim'), 'title',
array('email', 'email', 'isEmail', false, false, 'trim'), 'notEmpty',
array('maxentries', 'maxentries', 'isInt', false, false, 'trim'), false,
false,
array('timeoffset', 'timeoffset', 'isNumber', false, false, 'trim'), 'trim'
array('timeformat', 'timeformat', 'notEmpty', false, false, 'trim'), ),
array('dateformat', 'dateformat', 'notEmpty', false, false, 'trim'), // array('subtitle', 'subtitle', 'notEmpty', false, false, 'trim'),
array('dateformatshort', 'dateformatshort', 'notEmpty', false, false, 'trim'), // array('blogfooter', 'blogfooter', 'notEmpty', false, false, 'trim'),
array(
array('lang', 'lang', 'notEmpty', false, false, 'trim'), 'email',
array('charset', 'charset', 'notEmpty', false, false, 'trim'), 'email',
'isEmail',
false,
false,
'trim'
),
array(
'maxentries',
'maxentries',
'isInt',
false,
false,
'trim'
),
array(
'timeoffset',
'timeoffset',
'isNumber',
false,
false,
'trim'
),
array(
'timeformat',
'timeformat',
'notEmpty',
false,
false,
'trim'
),
array(
'dateformat',
'dateformat',
'notEmpty',
false,
false,
'trim'
),
array(
'dateformatshort',
'dateformatshort',
'notEmpty',
false,
false,
'trim'
),
array(
'lang',
'lang',
'notEmpty',
false,
false,
'trim'
),
array(
'charset',
'charset',
'notEmpty',
false,
false,
'trim'
)
); );
var $events = array('save'); var $events = array(
'save'
);
function setup() { function setup() {
$this->smarty->assign('themes', theme_list()); $this->smarty->assign('themes', theme_list());
@ -37,62 +108,52 @@
$static_list = array(); $static_list = array();
foreach(static_getlist() as $id) { foreach (static_getlist() as $id) {
$static_list[$id] = static_parse($id); $static_list [$id] = static_parse($id);
} }
$this->smarty->assign('static_list', $static_list); $this->smarty->assign('static_list', $static_list);
} }
function onsave() { function onsave() {
global $fp_config; global $fp_config;
$l = explode(',',$_POST['lang']); $l = explode(',', $_POST ['lang']);
$fp_config['general'] = array( $fp_config ['general'] = array(
//'BLOG_ROOT' => $_POST['blog_root'], // 'BLOG_ROOT' => $_POST['blog_root'],
'www' => $_POST['www'], 'www' => $_POST ['www'],
'title' => html_entity_decode(stripslashes($_POST['title'])), 'title' => wp_specialchars(stripslashes($_POST ['title'])),
'subtitle' => html_entity_decode(stripslashes($_POST['subtitle'])), 'subtitle' => wp_specialchars(stripslashes($_POST ['subtitle'])),
'footer' => html_entity_decode(stripslashes($_POST['blogfooter'])), 'footer' => wp_specialchars(stripslashes($_POST ['blogfooter'])),
'author' => $_POST['author'], 'author' => $_POST ['author'],
'email' => $_POST['email'], 'email' => $_POST ['email'],
'startpage' => ($_POST['startpage'] == ':NULL:')? null : $_POST['startpage'], 'startpage' => ($_POST ['startpage'] == ':NULL:') ? null : $_POST ['startpage'],
'maxentries' => $_POST['maxentries'], 'maxentries' => $_POST ['maxentries'],
// 'voting' => $_POST['voting'], // 'voting' => $_POST['voting'],
'notify' => isset($_POST['notify']), 'notify' => isset($_POST ['notify']),
/* preserve the following */ /* preserve the following */
'theme' => $fp_config['general']['theme'], 'theme' => $fp_config ['general'] ['theme'],
'style' => @$fp_config['general']['style'], 'style' => @$fp_config ['general'] ['style'],
'blogid' => $fp_config['general']['blogid'], 'blogid' => $fp_config ['general'] ['blogid'],
'charset'=> 'utf-8', 'charset' => 'utf-8'
); );
$fp_config['locale'] = array( $fp_config ['locale'] = array(
'timeoffset' => $_POST['timeoffset'], 'timeoffset' => $_POST ['timeoffset'],
'timeformat' => $_POST['timeformat'], 'timeformat' => $_POST ['timeformat'],
'dateformat' => $_POST['dateformat'], 'dateformat' => $_POST ['dateformat'],
'dateformatshort' => $_POST['dateformatshort'], 'dateformatshort' => $_POST ['dateformatshort'],
'charset' => $_POST['charset'], 'charset' => $_POST ['charset'],
'lang' => $_POST['lang'] 'lang' => $_POST ['lang']
); );
// 'LANG' => $l[0], // 'LANG' => $l[0],
// 'CHARSET'=> $l[1], // 'CHARSET'=> $l[1],
$success = config_save() ? 1 : -1;
$success = config_save()? 1: -1;
$this->smarty->assign('success', $success); $this->smarty->assign('success', $success);
return 1; return 1;
} }
function onerror() { function onerror() {
@ -102,14 +163,11 @@
function cleartplcache() { function cleartplcache() {
// if theme was switched, clear tpl cache // if theme was switched, clear tpl cache
$tpl = new tpl_deleter(); $tpl = new tpl_deleter();
$tpl->getList(); $tpl->getList();
} }
} }
?> ?>