Merge branch 'hotfixes' into stable

Conflicts: admin/inc/configuration.php
GetSimpleCMS · Aug 22, 2015 · 48831a1 · 48831a1
2 parents 0685b8f + 39bda3d
commit 48831a1
Show file tree

Hide file tree

Showing 13 changed files with 101 additions and 36 deletions.
diff --git a/admin/backup-edit.php b/admin/backup-edit.php
@@ -101,7 +101,7 @@
 			 <a href="backup-edit.php?p=restore&amp;id=<?php echo var_out($id); ?>&amp;nonce=<?php echo get_nonce("restore", "backup-edit.php"); ?>" 
 			 	accesskey="<?php echo find_accesskey(i18n_r('ASK_RESTORE'));?>" ><?php i18n('ASK_RESTORE');?></a> 
 			 <a href="backup-edit.php?p=delete&amp;id=<?php echo var_out($id); ?>&amp;nonce=<?php echo get_nonce("delete", "backup-edit.php"); ?>" 
-			 	title="<?php i18n('DELETEPAGE_TITLE'); ?>: <?php echo $title; ?>?" 
+			 	title="<?php i18n('DELETEPAGE_TITLE'); ?>: <?php echo var_out($title); ?>?" 
 			 	id="delback" 
 			 	accesskey="<?php echo find_accesskey(i18n_r('ASK_DELETE'));?>" 
 			 	class="delconfirm noajax" ><?php i18n('ASK_DELETE');?></a>

diff --git a/admin/backups.php b/admin/backups.php
@@ -77,12 +77,12 @@
 
 		if ($page['title'] == '' ) { $page['title'] = '[No Title] &nbsp;&raquo;&nbsp; <em>'. $page['url'] .'</em>'; }
 
-		$table .= '<td class="pagetitle"><a title="'.i18n_r('VIEWPAGE_TITLE').' '. cl($page['title']) .'" href="backup-edit.php?p=view&amp;id='. $page['url'] .'">'. cl($page['title']) .'</a></td>';
+		$table .= '<td class="pagetitle"><a title="'.i18n_r('VIEWPAGE_TITLE').' '. var_out($page['title']) .'" href="backup-edit.php?p=view&amp;id='. $page['url'] .'">'. cl($page['title']) .'</a></td>';
 		$table .= '<td style="width:80px;text-align:right;" ><span>'. shtDate($page['date']) .'</span></td>';
-		$table .= '<td class="delete" ><a class="delconfirm" title="'.i18n_r('DELETEPAGE_TITLE').' '. cl($page['title']) .'?" href="backup-edit.php?p=delete&amp;id='. $page['url'] .'&amp;nonce='.get_nonce("delete", "backup-edit.php").'">&times;</a></td>';
+		$table .= '<td class="delete" ><a class="delconfirm" title="'.i18n_r('DELETEPAGE_TITLE').' '. var_out($page['title']) .'?" href="backup-edit.php?p=delete&amp;id='. $page['url'] .'&amp;nonce='.get_nonce("delete", "backup-edit.php").'">&times;</a></td>';
 		$table .= '</tr>';
 	}
-}	
+}
 
 get_template('header', cl($SITENAME).' &raquo; '.i18n_r('BAK_MANAGEMENT')); 
 

diff --git a/admin/inc/basic.php b/admin/inc/basic.php
@@ -305,9 +305,16 @@ function getXML($file) {
  */
 function XMLsave($xml, $file) {
 	# get_execution_time(true);
-	if(!is_object($xml)) return false;
-	$success = @$xml->asXML($file) === TRUE;
-	# debugLog('XMLsave: ' . $file . ' ' . get_execution_time());	
+	if(!is_object($xml)){
+		debugLog(__FUNCTION__ . ' failed to save xml');
+		return false;
+	}	
+	$data = @$xml->asXML();
+	if(getDef('GSFORMATXML',true)) $data = formatXmlString($data); // format xml if config setting says so
+	$data = exec_filter('xmlsave',$data); // @filter xmlsave executed before writing string to file
+	$success = file_put_contents($file, $data); // LOCK_EX ?
+	
+	// debugLog('XMLsave: ' . $file . ' ' . get_execution_time());	
 
 	if (defined('GSCHMOD')) {
 		return $success && chmod($file, GSCHMOD);
@@ -1015,7 +1022,7 @@ function validate_url($u) {
  * @param string $xml
  * @return string
  */
-function formatXmlString($xml) {  
+function formatXmlString_legacy($xml) {  
 
   // add marker linefeeds to aid the pretty-tokeniser (adds a linefeed between all tag-end boundaries)
   $xml = preg_replace('/(>)(<)(\/*)/', "$1\n$2$3", $xml);
@@ -1055,6 +1062,25 @@ function formatXmlString($xml) {
   return $result;
 }
 
+/**
+   * formats the xml output readable, accepts simplexmlobject or string
+   * @param mixed  $data instance of SimpleXmlObject or string
+   * @return string of indented xml-elements
+   */
+  function formatXmlString($data){
+
+	if(gettype($data) === 'object') $data = $data->asXML();
+
+    //Format XML to save indented tree rather than one line
+  	$dom = new DOMDocument('1.0');
+  	$dom->preserveWhiteSpace = false;
+  	$dom->formatOutput = true;
+  	$dom->loadXML($data);
+
+  	$ret = $dom->saveXML();
+  	return $ret;
+  }
+
 /**
  * Check Server Protocol
  * 
@@ -1333,7 +1359,10 @@ function header_xframeoptions($value = null){
 
 /**
  * strip non printing white space from string
- * eg. strip_whitespace("Line   1\n\tLine 2\r\t\tLine 3  \r\n\t\t\tLine 4\n  ");
+ * replaces various newlines and tab chars with replacement character
+ * then cleans up multiple replacement characters
+ * 
+ * eg. strip_whitespace("Line   1\n\tLine 2\r\t\tLine 3  \r\n\t\t\tLine 4\n  "," ");
  * @since 3.3.6
  * @param  str $str     input string
  * @param  string $replace replacement character

diff --git a/admin/inc/caching_functions.php b/admin/inc/caching_functions.php
@@ -91,6 +91,7 @@ function echoPageField($page,$field){
 function returnPageContent($page, $field='content', $raw = false, $nofilter = false){   
 	$thisfile = file_get_contents(GSDATAPAGESPATH.$page.'.xml');
 	$data = simplexml_load_string($thisfile);
+	if(!$data) return;
 	$content = $data->$field;
 	if(!$raw) $content = stripslashes(htmlspecialchars_decode($content, ENT_QUOTES));
 	if ($field=='content' and !$nofilter){
@@ -117,7 +118,7 @@ function returnPageField($page,$field){
 	if ($field=="content"){
 	  $ret=returnPageContent($page); 
 	} else {
-		if (array_key_exists($field, $pagesArray[(string)$page])){
+		if (isset($pagesArray[(string)$page]) && array_key_exists($field, $pagesArray[(string)$page])){
 	  		$ret=strip_decode(@$pagesArray[(string)$page][(string)$field]);
 		} else {
 			$ret = returnPageContent($page,$field);
@@ -272,7 +273,7 @@ function create_pagesxml($flag){
   }
 
   $count=0;
-  $xml = @new SimpleXMLExtended('<channel></channel>');
+  $xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><channel></channel>');  
   if (count($filenames) != 0) {
     foreach ($filenames as $file) {
       if ($file == "." || $file == ".." || is_dir(GSDATAPAGESPATH.$file) || $file == ".htaccess"  ) {
@@ -320,7 +321,7 @@ function create_pagesxml($flag){
 
     // sanity check in case the filter does not come back properly or returns null
     if($xml){ 
-    	$success = $xml->asXML($filem);
+    	$success = XMLsave($xml,$filem);
   	}	
   	// debugLog("create_pagesxml saved: ". $success);
   	exec_action('pagecache-aftersave');

diff --git a/admin/inc/common.php b/admin/inc/common.php
@@ -90,8 +90,10 @@ function debugLog($txt = '') {
 	}
 }
 
-// Add X-Frame-Options to HTTP header, so that page can only be shown in an iframe of the same site.
 if(!defined('GSNOFRAME')) define('GSNOFRAME',true);
+if(!defined('GSNOFRAMEDEFAULT')) define('GSNOFRAMEDEFAULT','SAMEORIGIN');
+
+// Add X-Frame-Options to HTTP header, so that page can only be shown in an iframe of the same site.
 if(getDef('GSNOFRAME') !== false){
 	if(getDef('GSNOFRAME') === GSBOTH) header_xframeoptions();
 	else if((getDef('GSNOFRAME') === true || getDef('GSNOFRAME') === GSBACK) && !is_frontend()) header_xframeoptions();

diff --git a/admin/inc/configuration.php b/admin/inc/configuration.php
@@ -7,7 +7,7 @@
  */
 
 $site_full_name     = 'GetSimple';
-$site_version_no    = '3.3.6';
+$site_version_no    = '3.3.7';
 $name_url_clean     = lowercase(str_replace(' ','-',$site_full_name));
 $ver_no_clean       = str_replace('.','',$site_version_no);
 $site_link_back_url = 'http://get-simple.info/';
@@ -23,6 +23,7 @@
 
 $api_url            = 'http://get-simple.info/api/start/v3.php';
 # $api_timeout        = 800; // time in ms defaults to 500
+# $debugApi           = true;
 
 if (isset($_GET['redirect'])){
 	$cookie_redirect = $_GET['redirect'];

diff --git a/admin/inc/plugin_functions.php b/admin/inc/plugin_functions.php
@@ -108,7 +108,7 @@
 	require_once(GSPLUGINPATH . $file);
   } else {
 	if(!is_frontend() and get_filename_id() == 'plugins'){
-	  $apiback = get_api_details('plugin', $file);
+	  $apiback = get_api_details('plugin', $file, getDef('GSNOPLUGINCHECK',true));
 	  $response = json_decode($apiback);
 	  if ($response and $response->status == 'successful') {
 		register_plugin( pathinfo_filename($file), $file, 'disabled', $response->owner, '', i18n_r('PLUGIN_DISABLED'), '', '');

diff --git a/admin/inc/template_functions.php b/admin/inc/template_functions.php
@@ -811,7 +811,7 @@ function get_pages_menu($parent, $menu,$level) {
 			$menu .= '<a title="'.i18n_r('VIEWPAGE_TITLE').': '. var_out($page['title']) .'" target="_blank" href="'. find_url($page['url'],$page['parent']) .'">#</a>';
 			$menu .= '</td>';
 			if ($page['url'] != 'index' ) {
-				$menu .= '<td class="delete" ><a class="delconfirm" href="deletefile.php?id='. $page['url'] .'&amp;nonce='.get_nonce("delete", "deletefile.php").'" title="'.i18n_r('DELETEPAGE_TITLE').': '. cl($page['title']) .'" >&times;</a></td>';
+				$menu .= '<td class="delete" ><a class="delconfirm" href="deletefile.php?id='. $page['url'] .'&amp;nonce='.get_nonce("delete", "deletefile.php").'" title="'.i18n_r('DELETEPAGE_TITLE').': '. var_out($page['title']) .'" >&times;</a></td>';
 			} else {
 				$menu .= '<td class="delete" ></td>';
 			}
@@ -884,15 +884,20 @@ function get_pages_menu_dropdown($parentitem, $menu,$level) {
  *
  * @param string $type, default is 'core'
  * @param array $args, default is empty
+ * @param  bool $cached force cached check only, do not use curl
  * 
  * @returns string
  */
 
-function get_api_details($type='core', $args=null) {
+function get_api_details($type='core', $args=null, $cached = false) {
 	GLOBAL $debugApi,$nocache,$nocurl;
 
 	include(GSADMININCPATH.'configuration.php');
 
+	if($cached){
+		debug_api_details("API REQEUSTS DISABLED, using cache files only");
+	}
+
 	# core api details
 	if ($type=='core') {
 		# core version request, return status 0-outdated,1-current,2-bleedingedge
@@ -921,15 +926,24 @@ function get_api_details($type='core', $args=null) {
 	$cachefile = md5($fetch_this_api).'.txt';
 	$cacheExpire = 39600; // 11 minutes
 
-	if(!$nocache) debug_api_details('cache check for ' . $fetch_this_api.' ' .$cachefile);
+	if(!$nocache || $cached) debug_api_details('cache file check - ' . $fetch_this_api.' ' .$cachefile);
 	else debug_api_details('cache check: disabled');
 
 	$cacheAge = file_exists(GSCACHEPATH.$cachefile) ? filemtime(GSCACHEPATH.$cachefile) : '';
 
+
+	// api disabled and no cache file exists
+	if($cached && empty($cacheAge)){
+		debug_api_details('cache file does not exist - ' . GSCACHEPATH.$cachefile);
+		debug_api_details();
+		return '{"status":-1}';
+	}
+
 	if (!$nocache && !empty($cacheAge) && (time() - $cacheExpire) < $cacheAge ) {
+		debug_api_details('cache file time - ' . $cacheAge . ' (' . (time() - $cacheAge) . ')' );
 		# grab the api request from the cache
 		$data = file_get_contents(GSCACHEPATH.$cachefile);
-		debug_api_details('returning api cache ' . GSCACHEPATH.$cachefile);
+		debug_api_details('returning cache file - ' . GSCACHEPATH.$cachefile);
 	} else {	
 		# make the api call
 		if (function_exists('curl_init') && function_exists('curl_exec') && !$nocurl) {
@@ -998,7 +1012,8 @@ function get_api_details($type='core', $args=null) {
 			$data = @file_get_contents($fetch_this_api,false,$context);	
 			debug_api_details("fopen data: " .$data);		
 		} else {
-			debug_api_details("No api methods available");						
+			debug_api_details("No api methods available");
+			debug_api_details();						
 			return;
 		}	
 
@@ -1019,14 +1034,17 @@ function get_api_details($type='core', $args=null) {
 
 		file_put_contents(GSCACHEPATH.$cachefile, $data);
 		chmod(GSCACHEPATH.$cachefile, 0644);
+		debug_api_details();		
 		return $data;
 	}
+	debug_api_details();	
 	return $data;
 }
 
-function debug_api_details($msg,$prefix = "API: "){
+function debug_api_details($msg = null ,$prefix = "API: "){
 	GLOBAL $debugApi;
 	if(!$debugApi) return;
+	if(!isset($msg)) $msg = str_repeat('-',80);
 	debugLog($prefix.$msg);
 }
 

diff --git a/admin/plugins.php b/admin/plugins.php
@@ -48,7 +48,7 @@
 			$cls_Disabled = 'hidden';
 			$trclass='disabled';
 		}
-		$api_data = json_decode(get_api_details('plugin', $fi));
+		$api_data = json_decode(get_api_details('plugin', $fi, getDef('GSNOPLUGINCHECK',true)));
 		$updatelink = null;
 		if (is_object($api_data) && $api_data->status == 'successful') {
 			if ($api_data->version > $plugin_info[$pathName]['version']) {				

diff --git a/admin/settings.php b/admin/settings.php
@@ -79,8 +79,8 @@
 		$SITEURL = tsl($_POST['siteurl']); 
 	}
 	if(isset($_POST['permalink'])) { 
-		$PERMALINK = var_out(trim($_POST['permalink'])); 
-	}	
+		$PERMALINK = trim($_POST['permalink']); 
+	}
 	if(isset($_POST['template'])) { 
 		$TEMPLATE = $_POST['template']; 
 	}
@@ -95,10 +95,10 @@
 		$USR = strtolower($_POST['user']); 
 	}
  	if(isset($_POST['name'])) { 
-		$NAME = var_out($_POST['name']); 
+		$NAME = $_POST['name']; 
 	} 
 	if(isset($_POST['email'])) { 
-		$EMAIL = var_out($_POST['email'],'email'); 
+		$EMAIL = $_POST['email']; 
 	} 
 	if(isset($_POST['timezone'])) { 
 		$TIMEZONE = var_out($_POST['timezone']); 
@@ -133,9 +133,9 @@
 		if (file_exists(GSUSERSPATH . _id($USR).'.xml.reset')) { unlink(GSUSERSPATH . _id($USR).'.xml.reset'); }	
 		$xml = new SimpleXMLElement('<item></item>');
 		$xml->addChild('USR', $USR);
-		$xml->addChild('NAME', $NAME);
+		$xml->addChild('NAME', var_out($NAME));
 		$xml->addChild('PWD', $PASSWD);
-		$xml->addChild('EMAIL', $EMAIL);
+		$xml->addChild('EMAIL', var_out($EMAIL,'email'));
 		$xml->addChild('HTMLEDITOR', $HTMLEDITOR);
 		$xml->addChild('TIMEZONE', $TIMEZONE);
 		$xml->addChild('LANG', $LANG);
@@ -156,7 +156,7 @@
 		$note = $xmls->addChild('TEMPLATE');
 		$note->addCData($TEMPLATE);
 		$xmls->addChild('PRETTYURLS', $PRETTYURLS);
-		$xmls->addChild('PERMALINK', $PERMALINK);
+		$xmls->addChild('PERMALINK', var_out($PERMALINK));
 
 		exec_action('settings-website');
 
@@ -222,7 +222,7 @@
 		<p class="inline" ><input name="prettyurls" id="prettyurls" type="checkbox" value="1" <?php echo $prettychck; ?>  /> &nbsp;<label for="prettyurls" ><?php i18n('USE_FANCY_URLS');?></label></p>
 
 		<div class="leftsec">
-			<p><label for="permalink"  class="clearfix"><?php i18n('PERMALINK');?>: <span class="right"><a href="http://get-simple.info/docs/pretty_urls" target="_blank" ><?php i18n('MORE');?></a></span></label><input class="text" name="permalink" id="permalink" type="text" placeholder="%parent%/%slug%/" value="<?php if(isset($PERMALINK)) { echo $PERMALINK; } ?>" /></p>
+			<p><label for="permalink"  class="clearfix"><?php i18n('PERMALINK');?>: <span class="right"><a href="http://get-simple.info/docs/pretty_urls" target="_blank" ><?php i18n('MORE');?></a></span></label><input class="text" name="permalink" id="permalink" type="text" placeholder="%parent%/%slug%/" value="<?php if(isset($PERMALINK)) { echo var_out($PERMALINK); } ?>" /></p>
 		<a id="flushcache" class="button" href="?flushcache"><?php i18n('FLUSHCACHE'); ?></a>
 		</div>
 		<div class="clear"></div>
@@ -237,7 +237,7 @@
 			<p><label for="user" ><?php i18n('LABEL_USERNAME');?>:</label><input class="text" id="user" name="user" type="text" readonly value="<?php if(isset($USR1)) { echo $USR1; } else { echo $USR; } ?>" /></p>
 		</div>
 		<div class="rightsec">
-			<p><label for="email" ><?php i18n('LABEL_EMAIL');?>:</label><input class="text" id="email" name="email" type="email" value="<?php if(isset($EMAIL1)) { echo $EMAIL1; } else { echo $EMAIL; } ?>" /></p>
+			<p><label for="email" ><?php i18n('LABEL_EMAIL');?>:</label><input class="text" id="email" name="email" type="email" value="<?php if(isset($EMAIL1)) { echo $EMAIL1; } else { echo var_out($EMAIL,'email'); } ?>" /></p>
 			<?php if (! check_email_address($EMAIL)) {
 				echo '<p style="margin:-15px 0 20px 0;color:#D94136;font-size:11px;" >'.i18n_r('WARN_EMAILINVALID').'</p>';
 			}?>
@@ -246,7 +246,7 @@
 		<div class="leftsec">
 			<p><label for="name" ><?php i18n('LABEL_DISPNAME');?>:</label>
 			<span style="margin:0px 0 5px 0;font-size:12px;color:#999;" ><?php i18n('DISPLAY_NAME');?></span>			
-			<input class="text" id="name" name="name" type="text" value="<?php if(isset($NAME1)) { echo $NAME1; } else { echo $NAME; } ?>" /></p>
+			<input class="text" id="name" name="name" type="text" value="<?php if(isset($NAME1)) { echo $NAME1; } else { echo var_out($NAME); } ?>" /></p>
 		</div>		
 		<div class="clear"></div>		
 		<div class="leftsec">

diff --git a/admin/template/css.php b/admin/template/css.php
@@ -838,6 +838,13 @@
 	 -o-tab-size:4; 
 }
 
+form input.text:disabled,
+form select.text:disabled,
+form textarea.text:disabled {
+	color: #808080;
+	background: #eeeeee;
+}
+
 form input[readonly], form select[readonly], form textarea[readonly] {
 	background: #eeeeee;
 	border: 1px solid #999;
@@ -1660,8 +1667,10 @@
 		-moz-border-radius: 4px;
 	display: block;
 	font-weight: bold;
-	color: #AFC5CF;
-	background: #182227;
+	/*color: #AFC5CF;*/
+	/*background: #182227;*/
+	color: <?php echo $primary_6; ?>;
+	background: <?php echo $primary_1; ?>;	
 	text-shadow: 1px 1px 0px #0E1316;
 	transition: all .3s ease-in-out;
 		-webkit-transition: all .3s ease-in-out;

diff --git a/data/uploads/.htaccess b/data/uploads/.htaccess
@@ -24,8 +24,10 @@
 </IfModule>
 
 # Deny access to all script files
-<FilesMatch "(?i)\.((php[0-9]?)|(ph[0-9]?)|phtm|phtml|pl|py|jsp|asp|htm|shtml|sh|cgi|)$">
-    ForceType text/plain
+# <FilesMatch "(?i)\.((php[0-9]?)|(ph[0-9]?)|phtm|phtml|pl|py|jsp|asp|htm|shtml|sh|cgi|)$">
+# 500 error apache 1.3, case insensitive, so we have ot use this nonesense
+<FilesMatch "\.(([pP][hH][pP][0-9]?)|([pP][hH][0-9]?)|[pP][hH][tT][mM]|[pP][hH][tT][mM][lL]|[pP][lL]|[pP][yY]|[jJ][sS][pP]|[aA][sS][pP]|[hH][tT][mM]|[sS][hH][tT][mM][lL]|[sS][hH]|[cC][gG][iI])$"> 
+	ForceType text/plain
 	Deny from all
 	Require all denied
 </FilesMatch>

diff --git a/temp.gsconfig.php b/temp.gsconfig.php
@@ -121,4 +121,7 @@
 # define('GSNOFRAME',GSBOTH); # prevent in frames ALWAYS
 #define('GSNOFRAME',false);  # prevent in frames NEVER
 
+# GS can format its xml files before saving them if you require human readable source for them
+# define('GSFORMATXML',true);
+
 ?>