Updating the GitHub repo with the latest changes from the 9.5 branch.

This release is a bugfix release; with fixes for the page caching system, some fixes for
quality of life features when for logging in as an admin, and some miscellaneous fixes in
admin mode.

Security related fixes
----------------------

We're removed the "Tree Explorer" tool from Organizer, as this was no longer supported and
the code contained a XSS vulnerability.

Fixes in visitor mode
---------------------

 * Fixed a bug with the page caching system, where if you have a document download plugin
   in a nest, which links to a document that's still a first draft, it would crash in
   visitor mode with a PHP fatal error.

Fixes for logging in as an admin
--------------------------------

 * Fixed a bug where the admin login screen would not correctly redirect an administrator
   back to the content item they were previously on, if the page they were previously on
   was served from the page cache.
 * Fixed a bug where the admin login screen would not correctly redirect an administrator
   back to the content item they were previously on, if the administrator had just clicked
   the "AUTHENTICATE" button in the email with their 2FA code.

Fixes in admin mode
-------------------

 * Fixed a bug where the "Save and Next" button for content items was not working for
   content items that did not already have a draft created.

package.json

@@ -34,5 +34,5 @@
 		"wow.js": "^1.2.2",
 		"zxcvbn": "^4.4.2"
 	},
-	"version": "9.5.60437"
+	"version": "9.5.60602"
 }

zenario/admin/db_updates/latest_revision_no.inc.php

@@ -39,6 +39,6 @@
 define('ZENARIO_MINOR_VERSION', '5');
 define('ZENARIO_CHANGELOG_URL', 'https://zenar.io/zenario-95');
 define('ZENARIO_IS_BUILD', true);
-define('ZENARIO_REVISION', '60437');
+define('ZENARIO_REVISION', '60602');
 
 define('TINYMCE_DIR', 'zenario/libs/manually_maintained/lgpl/tinymce_4_7_3.1/');

zenario/autoload/plugin.php

@@ -950,6 +950,12 @@ public static function postSlot($slotName, $showPlaceholderMethod, $useOb = true
 						$setFiles = [];
 						foreach ($eggsToCache as $slotNameNestId => &$cacheVars) {
 							$slot = \ze::$slotContents[$slotNameNestId];
+							$eggInstance = $slot->class();
+
+							//Don't try and check the cache for a nested plugin that refused to load.
+							if (is_null($eggInstance)) {
+								continue;
+							}
 
 							//Loop through this slot and any child slots, coming up with the rules as to when we should clear the cache
 							//For nests with child slots, we should combine the rules
@@ -964,7 +970,7 @@ public static function postSlot($slotName, $showPlaceholderMethod, $useOb = true
 								}
 							}
 
-							$cacheVars['c'] = $slot->class()->zAPIGetCachableVars();
+							$cacheVars['c'] = $eggInstance->zAPIGetCachableVars();
 
 							$temps[$slotNameNestId] = $slot->trimVarsBeforeCaching();
 							$cacheVars['s'] = $slot;

zenario/autoload/welcome.php

@@ -4615,8 +4615,10 @@ public static function congratulationsAJAX(&$source, &$tags, &$fields, &$values,
 	//Formerly "redirectAdmin()"
 	public static function redirectAdmin($getRequest, $forceAliasInAdminMode = false, $continueTo = 'default') {
 
+		//If the visitor's original request was from a content item, try to use that as the destination.
 		$cID = $cType = $redirectNeeded = $aliasInURL = $langIdInURL = false;
-		if (!empty($getRequest)) {
+		if (!empty($getRequest)
+		 && !(empty($getRequest['cID']) && empty($getRequest['cType']) && empty($getRequest['langId']))) {
 			\ze\content::resolveFromRequest($cID, $cType, $redirectNeeded, $aliasInURL, $langIdInURL, $getRequest, $getRequest, []);
 		}
 

zenario/basicheader.inc.php

@@ -517,7 +517,7 @@ public static function cacheFriendlyCookieVar($var) {
 			|| substr($var, 0, 4) == '_ga_'
 			|| substr($var, 0, 9) == 'PHPSESSID'
 			|| substr($var, 0, 11) == 'can_cache__'
-			|| in_array($var, ['cookies_accepted', '_ga', '_gat', 'is_returning']);
+			|| in_array($var, ['cookies_accepted', '_ga', '_gat', '_fbp', '_clck', '_uetvid', 'is_returning', 'COOKIE_LAST_ADMIN_USER', 'COOKIE_LAST_ADMIN_CAPTCHA_COMPLETED', 'ZENARIO_ADMIN_LOGIN_LINK']);
 	}
 
 	//Returns true if a $_SESSION variable does not affect caching (or is already covered by another existing category)

zenario/includes/index.pre_load.inc.php

@@ -206,6 +206,18 @@ function zenarioPageCacheLogStats($stats) {
 
 													zenarioPageCacheLogStats(['hits', 'total']);
 													touch($chPath. 'accessed');
+
+
+													//Try and record the destCID and destCType as we would a normal page view
+													if ($tagId = file_get_contents($chPath. 'tag_id')) {
+														$tag = explode('_', $tagId, 2);
+														if (isset($tag[1])) {
+															if ($cID = (int) $tag[1]) {
+																$_SESSION['destCID'] = $cID;
+																$_SESSION['destCType'] = $tag[0];
+															}
+														}
+													}
 
 
 													//If there are cached images on this page, mark that they've been accessed

zenario/js/admin_box_toolkit.js

@@ -1214,7 +1214,7 @@ methods.showConfirm = function(saveAndContinue, createAnother, saveAndNext) {
 		}
 
 		var buttons =
-			'<input type="button" class="submit_selected" value="' + thus.tuix.confirm.button_message + '" onclick="' + thus.globalName + '.save(true, ' + engToBoolean(saveAndContinue) + ', ' + engToBoolean(createAnother) + ');"/>' +
+			'<input type="button" class="submit_selected" value="' + thus.tuix.confirm.button_message + '" onclick="' + thus.globalName + '.save(true, ' + engToBoolean(saveAndContinue) + ', ' + engToBoolean(createAnother) + ', ' + engToBoolean(saveAndNext) + ');"/>' +
 			'<input type="button" class="submit" value="' + (thus.tuix.confirm.cancel_button_message || zenarioA.phrase.cancel) + '"/>';
 
 		zenarioA.floatingBox(message, buttons, thus.tuix.confirm.message_type || 'none');