From 36df32236cc8c2e63d92e3c22f2d964b66f88503 Mon Sep 17 00:00:00 2001 From: Fraenkiman Date: Thu, 31 Aug 2023 23:59:53 +0200 Subject: [PATCH 1/8] Update main.lib.php - Username can only contain letters, numbers and 1 underscore. --- setup/lib/main.lib.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/setup/lib/main.lib.php b/setup/lib/main.lib.php index 712c38f..9ed4639 100644 --- a/setup/lib/main.lib.php +++ b/setup/lib/main.lib.php @@ -110,6 +110,10 @@ function validate() { if (($fppwd) != ($fppwd2)) { $err [] = "Passwords did not match"; } + if (!(preg_match('/^[a-zA-Z0-9]+_?[a-zA-Z0-9]+$/D', $fpuser) || preg_match('/^[a-zA-Z0-9]+_?[a-zA-Z0-9]+$/D', $fpuser))) { + $err [] = $fpuser . " is not a valid username. + Username can only contain letters, numbers and 1 underscore."; + } if (!(preg_match('!@.*@|\.\.|\,|\;!', $email) || preg_match('!^.+\@(\[?)[a-zA-Z0-9\.\-]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$!', $email))) { $err [] = $email . " is not a valid email address"; } From 759a459e011623a2339638875ff959dea6d839a7 Mon Sep 17 00:00:00 2001 From: Fraenkiman Date: Fri, 1 Sep 2023 00:45:06 +0200 Subject: [PATCH 2/8] Update main.lib.php --- setup/lib/main.lib.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/setup/lib/main.lib.php b/setup/lib/main.lib.php index 9ed4639..91b5c62 100644 --- a/setup/lib/main.lib.php +++ b/setup/lib/main.lib.php @@ -104,16 +104,16 @@ function validate() { $err [] = $fpuser . " is not a valid username. Username must be alphanumeric and should not contain spaces."; } + if (!(preg_match('/^[a-zA-Z0-9]+_?[a-zA-Z0-9]+$/D', $fpuser) || preg_match('/^[a-zA-Z0-9]+_?[a-zA-Z0-9]+$/D', $fpuser))) { + $err [] = $fpuser . " is not a valid username. + Username can only contain letters, numbers and 1 underscore."; + } if (strlen(trim(($fppwd))) < 6) { $err [] = "Password must contain at least 6 non-space characters"; } if (($fppwd) != ($fppwd2)) { $err [] = "Passwords did not match"; } - if (!(preg_match('/^[a-zA-Z0-9]+_?[a-zA-Z0-9]+$/D', $fpuser) || preg_match('/^[a-zA-Z0-9]+_?[a-zA-Z0-9]+$/D', $fpuser))) { - $err [] = $fpuser . " is not a valid username. - Username can only contain letters, numbers and 1 underscore."; - } if (!(preg_match('!@.*@|\.\.|\,|\;!', $email) || preg_match('!^.+\@(\[?)[a-zA-Z0-9\.\-]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$!', $email))) { $err [] = $email . " is not a valid email address"; } From 326f5aa163b092f4b2a5475d4ee1cd9adffc0a01 Mon Sep 17 00:00:00 2001 From: Fraenkiman Date: Fri, 1 Sep 2023 23:09:33 +0200 Subject: [PATCH 3/8] - Error messages now multilingual - Error messages are now supported in multiple languages --- setup/lang/lang.cs-cz.php | 21 ++++++++++++++++++++- setup/lang/lang.de-de.php | 19 +++++++++++++++++++ setup/lang/lang.it-it.php | 19 +++++++++++++++++++ setup/lang/lang.ja-jp.php | 19 +++++++++++++++++++ setup/lang/lang.nl-nl.php | 19 +++++++++++++++++++ setup/lang/lang.pt-br.php | 21 ++++++++++++++++++++- setup/lib/main.lib.php | 29 ++++++++++++++--------------- 7 files changed, 130 insertions(+), 17 deletions(-) diff --git a/setup/lang/lang.cs-cz.php b/setup/lang/lang.cs-cz.php index d3ad742..f10117b 100644 --- a/setup/lang/lang.cs-cz.php +++ b/setup/lang/lang.cs-cz.php @@ -1,6 +1,6 @@ 'Setup je uzamčen', @@ -17,6 +17,25 @@ $lang ['locked'] = array( ' ); +$lang ['err'] = array( + 'setuprun1' => 'Instalace probíhá.', + + 'setuprun2' => 'Nastavení je spuštěno: Pokud jste správce, můžete odstranit ', + 'setuprun3' => ' restartovat.', + 'writeerror' => 'Chyba při psaní', + + 'fpuser1' => ' není platný uživatel. + Uživatelské jméno musí být alfanumerické a nesmí obsahovat žádné mezery.', + 'fpuser2' => ' není platný uživatel. + Uživatelské jméno může obsahovat pouze písmena, číslice a 1 podtržítko.', + 'fppwd' => 'Heslo musí obsahovat alespoň 6 znaků a žádné mezery.', + 'fppwd2' => 'Hesla se neshodují.', + 'email' => ' není platná e-mailová adresa.', + 'www' => ' není platná adresa URL.', + 'error' => '

Chyba! + Při zpracování formuláře došlo k následujícím chybám:

    ' +); + $lang ['step1'] = array( 'head' => 'Vítejte ve FlatPressu!', 'descr' => 'Děkujeme, že jste si vybrali FlatPress. diff --git a/setup/lang/lang.de-de.php b/setup/lang/lang.de-de.php index 3b307dd..d56ff8e 100644 --- a/setup/lang/lang.de-de.php +++ b/setup/lang/lang.de-de.php @@ -16,6 +16,25 @@ $lang ['locked'] = array(
' ); +$lang ['err'] = array( + 'setuprun1' => 'Die Installation läuft.', + + 'setuprun2' => 'Die Installation läuft bereits: Wenn du der Administrator bist, kannst du ', + 'setuprun3' => ' löschen, um neu zu starten.', + 'writeerror' => 'Fehler beim Schreiben', + + 'fpuser1' => ' ist kein gültiger Benutzer. + Der Benutzername muss alphanumerisch sein und darf keine Leerzeichen enthalten.', + 'fpuser2' => ' ist kein gültiger Benutzer. + Der Benutzername darf nur Buchstaben, Zahlen und 1 Unterstrich enthalten.', + 'fppwd' => 'Das Passwort muss mindestens 6 Zeichen darf keine Leerzeichen enthalten.', + 'fppwd2' => 'Die Passwörter stimmen nicht überein.', + 'email' => ' ist keine gültige E-Mail Adresse.', + 'www' => ' ist keine gültige URL.', + 'error' => '

Fehler! + Bei der Bearbeitung des Formulars sind die folgenden Fehler aufgetreten:

    ' +); + $lang ['step1'] = array( 'head' => 'Willkommen bei FlatPress!', 'descr' => 'Danke, dass du dich für FlatPress entschieden hast. diff --git a/setup/lang/lang.it-it.php b/setup/lang/lang.it-it.php index ac42942..d8b5de5 100644 --- a/setup/lang/lang.it-it.php +++ b/setup/lang/lang.it-it.php @@ -17,6 +17,25 @@ $lang ['locked'] = array(
' ); +$lang ['err'] = array( + 'setuprun1' => 'L\'installazione è in corso.', + + 'setuprun2' => 'L\'installazione è già in corso: se siete l\'amministratore, potete cancellare ', + 'setuprun3' => ' per riavviare.', + 'writeerror' => 'Errore di scrittura', + + 'fpuser1' => ' non è un utente valido. + Il nome utente deve essere alfanumerico e non deve contenere spazi.', + 'fpuser2' => ' non è un utente valido. + Il nome utente può contenere solo lettere, numeri e 1 trattino basso.', + 'fppwd' => 'La password deve contenere almeno 6 caratteri e nessuno spazio.', + 'fppwd2' => 'Le password non corrispondono.', + 'email' => ' non è un indirizzo e-mail valido.', + 'www' => ' non è un URL valido.', + 'error' => '

Errore! + Durante l\'elaborazione del modulo si sono verificati i seguenti errori:

    ' +); + $lang ['step1'] = array( 'head' => 'Benvenuto in FlatPress!', 'descr' => 'Grazie per aver scelto FlatPress. diff --git a/setup/lang/lang.ja-jp.php b/setup/lang/lang.ja-jp.php index ba0c502..60648d1 100644 --- a/setup/lang/lang.ja-jp.php +++ b/setup/lang/lang.ja-jp.php @@ -17,6 +17,25 @@ $lang ['locked'] = array(
' ); +$lang ['err'] = array( + 'setuprun1' => 'インストールは実行中です。', + + 'setuprun2' => 'インストールがすでに実行されています: 管理者であれば、 ', + 'setuprun3' => ' を削除して再起動できます。', + 'writeerror' => '書き込みエラー', + + 'fpuser1' => ' は有効なユーザーではありません。 + ユーザー名は英数字でなければならず、スペースを含んではならない。', + 'fpuser2' => ' は有効なユーザーではありません。 + ユーザー名にはアルファベット、数字、アンダースコア1文字のみを使用することができます。', + 'fppwd' => 'パスワードは6文字以上で、スペースは使用しないでください。', + 'fppwd2' => 'パスワードが一致しない。', + 'email' => ' は有効なメールアドレスではありません。', + 'www' => ' は有効なURLではありません。', + 'error' => '

エラー! + フォームの処理中に以下のエラーが発生しました:

    ' +); + $lang ['step1'] = array( 'head' => 'ようこそFlatPressへ', 'descr' => 'FlatPressを選んでくださり, 感謝申し上げます! diff --git a/setup/lang/lang.nl-nl.php b/setup/lang/lang.nl-nl.php index 41b5733..b3b7fb2 100644 --- a/setup/lang/lang.nl-nl.php +++ b/setup/lang/lang.nl-nl.php @@ -17,6 +17,25 @@ $lang ['locked'] = array(
' ); +$lang ['err'] = array( + 'setuprun1' => 'De installatie wordt uitgevoerd.', + + 'setuprun2' => 'De installatie loopt al: Als je de beheerder bent, kun je ', + 'setuprun3' => ' verwijderen om opnieuw te starten.', + 'writeerror' => 'Fout in schrijven', + + 'fpuser1' => ' is geen geldige gebruiker. + De gebruikersnaam moet alfanumeriek zijn en mag geen spaties bevatten.', + 'fpuser2' => ' is geen geldige gebruiker. + De gebruikersnaam mag alleen letters, cijfers en 1 underscore bevatten.', + 'fppwd' => 'Het wachtwoord moet minstens 6 tekens en geen spaties bevatten.', + 'fppwd2' => 'De wachtwoorden komen niet overeen.', + 'email' => ' is geen geldig e-mailadres.', + 'www' => ' is geen geldige URL.', + 'error' => '

Fout! + De volgende fouten zijn opgetreden tijdens het verwerken van het formulier:

    ' +); + $lang ['step1'] = array( 'head' => 'Welkom bij FlatPress!', 'descr' => 'Bedankt dat je gekozen hebt voor FlatPress. diff --git a/setup/lang/lang.pt-br.php b/setup/lang/lang.pt-br.php index 0ac7131..d0c8c03 100644 --- a/setup/lang/lang.pt-br.php +++ b/setup/lang/lang.pt-br.php @@ -1,6 +1,6 @@ %s.
' ); +$lang ['err'] = array( + 'setuprun1' => 'A instalação está sendo executada.', + + 'setuprun2' => 'A instalação já está em execução: se você for o administrador, poderá excluir ', + 'setuprun3' => ' para reiniciar.', + 'writeerror' => 'Erro de escrita', + + 'fpuser1' => ' não é um usuário válido. + O nome de usuário deve ser alfanumérico e não deve conter espaços.', + 'fpuser2' => ' não é um usuário válido. + O nome de usuário só pode conter letras, números e um sublinhado.', + 'fppwd' => 'A senha deve conter pelo menos 6 caracteres e nenhum espaço.', + 'fppwd2' => 'As senhas não correspondem.', + 'email' => ' não é um endereço de e-mail válido.', + 'www' => ' não é um URL válido.', + 'error' => '

Erro! + Os seguintes erros ocorreram durante o processamento do formulário:

    ' +); + $lang ['step1'] = array( 'head' => 'Bem-vindo ao FlatPress!', 'descr' => 'Obrigado por escolher o FlatPress. diff --git a/setup/lib/main.lib.php b/setup/lib/main.lib.php index 91b5c62..1f0caae 100644 --- a/setup/lib/main.lib.php +++ b/setup/lib/main.lib.php @@ -2,7 +2,7 @@ $err = array(); function print_done_fail($label, $bool) { - echo "
  • ", $label . ' DONE' : 'red;">FAILED') . '
    ', "
    • \n"; + echo "
  • ", $label . ' DONE' : 'red;">FAILED') . '
    ', "
    • \n"; } function config_exist() { @@ -35,7 +35,7 @@ function setupid() { } function getstep(&$id) { - global $err; + global $err, $lang; $STEPS = array( 'locked', @@ -54,7 +54,7 @@ function getstep(&$id) { $setupid = setupid(); if (!$setupid) - die('Setup is running'); + die($lang ['err'] ['setuprun1']); if (!file_exists(SETUPTEMP_FILE)) { if (empty($_POST)) @@ -64,7 +64,7 @@ function getstep(&$id) { } else { $x = explode(',', io_load_file(SETUPTEMP_FILE)); if ($x [0] != $setupid) - die('Setup is running: if you are the owner, you can delete ' . SETUPTEMP_FILE . ' to restart'); + die($lang ['err'] ['setuprun2'] . SETUPTEMP_FILE . $lang ['err'] ['setuprun3']); $i = intval($x [1]); } @@ -83,7 +83,7 @@ function getstep(&$id) { io_write_file(LOCKFILE, "locked"); } else { if ($i > 0 && !@io_write_file(SETUPTEMP_FILE, "$setupid,$i")) { - $err [] = 'Write error'; + $err [] = $lang ['err'] ['writeerror']; } } } @@ -95,30 +95,29 @@ function getstep(&$id) { } function validate() { + global $lang; $fpuser = strip_tags($_POST ['fpuser']); $fppwd = $_POST ['fppwd']; $fppwd2 = $_POST ['fppwd2']; $email = strip_tags($_POST ['email']); $www = strip_tags($_POST ['www']); if (!ctype_alnum($fpuser)) { - $err [] = $fpuser . " is not a valid username. - Username must be alphanumeric and should not contain spaces."; + $err [] = $fpuser . $lang ['err'] ['fpuser1']; } if (!(preg_match('/^[a-zA-Z0-9]+_?[a-zA-Z0-9]+$/D', $fpuser) || preg_match('/^[a-zA-Z0-9]+_?[a-zA-Z0-9]+$/D', $fpuser))) { - $err [] = $fpuser . " is not a valid username. - Username can only contain letters, numbers and 1 underscore."; + $err [] = $fpuser . $lang ['err'] ['fpuser2']; } if (strlen(trim(($fppwd))) < 6) { - $err [] = "Password must contain at least 6 non-space characters"; + $err [] = $lang ['err'] ['fppwd']; } if (($fppwd) != ($fppwd2)) { - $err [] = "Passwords did not match"; + $err [] = $lang ['err'] ['fppwd2']; } if (!(preg_match('!@.*@|\.\.|\,|\;!', $email) || preg_match('!^.+\@(\[?)[a-zA-Z0-9\.\-]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$!', $email))) { - $err [] = $email . " is not a valid email address"; + $err [] = $email . $lang ['err'] ['email']; } if (!(preg_match('!^http(s)?://[\w-]+\.[\w-]+(\S+)?$!i', $www) || preg_match('!^http(s)?://localhost!', $www))) - $err [] = $www . " is not a valid URL"; + $err [] = $www . $lang ['err'] ['www']; if ($www && $www [strlen($www) - 1] != '/') { $www .= '/'; } @@ -149,9 +148,9 @@ function validate() { function print_err() { global $err; + global $lang; if (isset($err)) { - echo "

    Error! - The following errors have been encountered processing the form:

      "; + echo $lang ['err'] ['www']; foreach ($err as $val) { echo "
    • $val
      • "; } From 9c8478d4de2f49ccc17429a659894e57d58439cf Mon Sep 17 00:00:00 2001 From: Fraenkiman Date: Sat, 2 Sep 2023 00:57:36 +0200 Subject: [PATCH 4/8] Update lang.de-de.php --- setup/lang/lang.de-de.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/lang/lang.de-de.php b/setup/lang/lang.de-de.php index d56ff8e..e331b6e 100644 --- a/setup/lang/lang.de-de.php +++ b/setup/lang/lang.de-de.php @@ -27,7 +27,7 @@ $lang ['err'] = array( Der Benutzername muss alphanumerisch sein und darf keine Leerzeichen enthalten.', 'fpuser2' => ' ist kein gültiger Benutzer. Der Benutzername darf nur Buchstaben, Zahlen und 1 Unterstrich enthalten.', - 'fppwd' => 'Das Passwort muss mindestens 6 Zeichen darf keine Leerzeichen enthalten.', + 'fppwd' => 'Das Passwort muss mindestens 6 Zeichen und darf keine Leerzeichen enthalten.', 'fppwd2' => 'Die Passwörter stimmen nicht überein.', 'email' => ' ist keine gültige E-Mail Adresse.', 'www' => ' ist keine gültige URL.', From 66ff2f76f11856aa40ffc634534b657d8ce3a67d Mon Sep 17 00:00:00 2001 From: Fraenkiman Date: Sat, 30 Sep 2023 21:33:55 +0200 Subject: [PATCH 5/8] Update main.lib.php --- setup/lib/main.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/lib/main.lib.php b/setup/lib/main.lib.php index 1f0caae..62f8295 100644 --- a/setup/lib/main.lib.php +++ b/setup/lib/main.lib.php @@ -104,7 +104,7 @@ function validate() { if (!ctype_alnum($fpuser)) { $err [] = $fpuser . $lang ['err'] ['fpuser1']; } - if (!(preg_match('/^[a-zA-Z0-9]+_?[a-zA-Z0-9]+$/D', $fpuser) || preg_match('/^[a-zA-Z0-9]+_?[a-zA-Z0-9]+$/D', $fpuser))) { + if (!(preg_match('/^[a-zA-Z0-9]+_?[a-zA-Z0-9]+$/D', $fpuser)) { $err [] = $fpuser . $lang ['err'] ['fpuser2']; } if (strlen(trim(($fppwd))) < 6) { From 828408382b9c9288385153a3b621940015ff1fc6 Mon Sep 17 00:00:00 2001 From: Fraenkiman Date: Sun, 1 Oct 2023 22:42:45 +0200 Subject: [PATCH 6/8] Duplicate name check removed Duplicate name check removed --- setup/lib/main.lib.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/setup/lib/main.lib.php b/setup/lib/main.lib.php index 62f8295..5701916 100644 --- a/setup/lib/main.lib.php +++ b/setup/lib/main.lib.php @@ -101,10 +101,7 @@ function validate() { $fppwd2 = $_POST ['fppwd2']; $email = strip_tags($_POST ['email']); $www = strip_tags($_POST ['www']); - if (!ctype_alnum($fpuser)) { - $err [] = $fpuser . $lang ['err'] ['fpuser1']; - } - if (!(preg_match('/^[a-zA-Z0-9]+_?[a-zA-Z0-9]+$/D', $fpuser)) { + if (!(preg_match('/^[\w]+$/u', $fpuser))) { $err [] = $fpuser . $lang ['err'] ['fpuser2']; } if (strlen(trim(($fppwd))) < 6) { From e1988062f6466b6a5f138f1cc7eb1ac41c1d00d7 Mon Sep 17 00:00:00 2001 From: Fraenkiman Date: Mon, 2 Oct 2023 01:13:45 +0200 Subject: [PATCH 7/8] fix css fix css --- setup/lib/main.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/lib/main.lib.php b/setup/lib/main.lib.php index 5701916..3d5ddf7 100644 --- a/setup/lib/main.lib.php +++ b/setup/lib/main.lib.php @@ -2,7 +2,7 @@ $err = array(); function print_done_fail($label, $bool) { - echo "
    • ", $label . ' DONE' : 'red;">FAILED') . '
      ', "
      • \n"; + echo "
    • ", $label . ' DONE' : 'red;">FAILED') . '
      ', "
      • \n"; } function config_exist() { From 367ec99f32c86ed30625f2da5dee7431e74183f0 Mon Sep 17 00:00:00 2001 From: Fraenkiman Date: Mon, 2 Oct 2023 15:41:33 +0200 Subject: [PATCH 8/8] Update CHANGELOG.md --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 454cad8..cca9706 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -48,7 +48,7 @@ - German translation for Comment Center plugin added ([#148](https://github.com/flatpressblog/flatpress/issues/148)) - Fixed not-yet-translated phrases in Blog view and Admin Area ([#171](https://github.com/flatpressblog/flatpress/issues/171)) - Contact form: Admin notification mail is now localized ([#205](https://github.com/flatpressblog/flatpress/issues/205)) -- Setup tries to determine local language automatically ([#197](https://github.com/flatpressblog/flatpress/issues/197), [#216](https://github.com/flatpressblog/flatpress/issues/216)) +- Setup tries to determine local language automatically ([#197](https://github.com/flatpressblog/flatpress/issues/197), [#216](https://github.com/flatpressblog/flatpress/issues/216), [#262](https://github.com/flatpressblog/flatpress/issues/262)) ## Bugfixes - Plugin management page: Removed empty warning messages box @@ -70,6 +70,7 @@ - Possible XSSs in Admin Area prevented ([#180](https://github.com/flatpressblog/flatpress/issues/180), [#183](https://github.com/flatpressblog/flatpress/issues/183), [#187](https://github.com/flatpressblog/flatpress/issues/187)) - Possible XSS in comments prevented ([#186](https://github.com/flatpressblog/flatpress/issues/186)) - Possible CSRFs in Admin Area prevented ([#64](https://github.com/flatpressblog/flatpress/issues/64)) +- Possible XSS in FlatPress Installer prevented ([#220](https://github.com/flatpressblog/flatpress/issues/220)) # 2021-06-19: [FlatPress 1.2.1](https://github.com/flatpressblog/flatpress/releases/tag/1.2.1) ## Bugfixes