Skip to content

Commit

Permalink
Merge pull request #11764 from aembler/misc-fixes-110923
Browse files Browse the repository at this point in the history
Misc Fixes 11-09-23
  • Loading branch information
aembler committed Nov 9, 2023
2 parents 3802267 + 747d5bf commit 077755e
Show file tree
Hide file tree
Showing 30 changed files with 349 additions and 183 deletions.
306 changes: 227 additions & 79 deletions build/package-lock.json

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions build/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
"production": "mix --production"
},
"devDependencies": {
"@concretecms/bedrock": "^1.4.9",
"@concretecms/bedrock": "^1.4.10",
"cross-env": "^5.1.1",
"download": "~8.0.0",
"grunt": "^1.5.3",
Expand All @@ -22,7 +22,7 @@
"resolve-url-loader": "^5.0.0",
"sass": "^1.49.7",
"sass-loader": "^12.4.0",
"vue-loader": "^17.3.0",
"vue-loader": "^15.10.1",
"vue-template-compiler": "^2.7.14"
},
"dependencies": {
Expand Down
4 changes: 2 additions & 2 deletions concrete/attributes/site/controller.php
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ public function form()
}
$sites = array('' => t('** Select Site'));
foreach($this->app->make('site')->getList() as $site) {
$sites[$site->getSiteID()] = $site->getSiteName();
$sites[$site->getSiteID()] = h($site->getSiteName());
}
$form = $this->app->make('helper/form');
print $form->select($this->field('siteID'), $sites, $siteID);
Expand All @@ -66,7 +66,7 @@ public function getDisplayValue()
{
$site = $this->getValue();
if (is_object($site)) {
return $site->getSiteName();
return h($site->getSiteName());
}
}

Expand Down
2 changes: 1 addition & 1 deletion concrete/authentication/concrete/controller.php
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,7 @@ private function passwordUpgrade(?UserInfo $userInfo, ErrorList $error, bool $is
}
$mh->from($fromEmail, $fromName);
}
$mh->addParameter('siteName', tc('SiteName', $this->app->make('site')->getSite()->getSiteName()));
$mh->addParameter('siteName', h(tc('SiteName', $this->app->make('site')->getSite()->getSiteName())));
$mh->load('forgot_password');
$mh->setIsThrowOnFailure(true);
try {
Expand Down
2 changes: 1 addition & 1 deletion concrete/blocks/gallery/auto.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion concrete/blocks/page_attribute_display/controller.php
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ public function getContent()
if (is_array($content) && $content[0] instanceof \Concrete\Core\Tree\Node\Type\Topic) {
$content = str_replace(', ', "\n", $content_alt->getDisplayValue());
} elseif ($content instanceof SelectValue) {
$content = (string) $content;
$content = h((string) $content);
} else {
$content = $content_alt->getDisplayValue();
}
Expand Down
4 changes: 2 additions & 2 deletions concrete/blocks/top_navigation_bar/controller.php
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ public function getRequiredFeatures(): array
public function add()
{
$site = $this->app->make('site')->getSite();
$brandingText = $site->getSiteName();
$brandingText = h($site->getSiteName());
/** @var Detector $detector */
$detector = $this->app->make('multilingual/detector');

Expand Down Expand Up @@ -250,7 +250,7 @@ public function view()
}
if ($this->includeBrandText && !$this->brandingText) {
$site = $this->app->make('site')->getSite();
$brandingText = $site->getSiteName();
$brandingText = h($site->getSiteName());
$this->set('brandingText', $brandingText);
}
if ($this->brandingTransparentLogo) {
Expand Down
3 changes: 2 additions & 1 deletion concrete/controllers/dialog/area/layout/presets.php
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ public function view($arLayoutID)
$presets = array();
$presets['-1'] = t('** New');
foreach ($presetlist as $preset) {
$presets[$preset->getAreaLayoutPresetID()] = $preset->getAreaLayoutPresetName();
$presets[$preset->getAreaLayoutPresetID()] = h($preset->getAreaLayoutPresetName());
}

$this->set('arLayout', $arLayout);
Expand Down Expand Up @@ -64,6 +64,7 @@ public function getPresetData($cID, $arLayoutPresetID)
public function submit($arLayoutID)
{
if ($this->validateAction()) {
$existingPreset = null;
$arLayout = AreaLayout::getByID($arLayoutID);
if (!is_object($arLayout)) {
throw new Exception(t('Invalid layout object.'));
Expand Down
71 changes: 38 additions & 33 deletions concrete/controllers/dialog/event/delete.php
Original file line number Diff line number Diff line change
Expand Up @@ -38,42 +38,47 @@ public function __construct()

public function submit()
{
$event = $this->eventService->getByID($_REQUEST['eventID'], EventService::EVENT_VERSION_RECENT);
$e = \Core::make('error');
if (!$event) {
$e->add(t('Invalid event.'));
}
if (!$this->canAccess()) {
$e->add(t('Access Denied.'));
}
if ($this->validateAction()) {
$event = $this->eventService->getByID($_REQUEST['eventID'], EventService::EVENT_VERSION_RECENT);
$e = \Core::make('error');
if (!$event) {
$e->add(t('Invalid event.'));
}
if (!$this->canAccess()) {
$e->add(t('Access Denied.'));
}

$r = new EditResponse($e);
$year = date('Y');
$month = date('m');
$r->setRedirectURL(
\URL::to(
$this->preferences->getPreferredViewPath(),
'view',
$event->getCalendar()->getID(),
$year,
$month
)
);

if (!$e->has()) {
$u = $this->app->make(User::class);
$pkr = new DeleteCalendarEventRequest();
$pkr->setCalendarEventVersionID($event->getRecentVersion()->getID());
$pkr->setRequesterUserID($u->getUserID());
$response = $pkr->trigger();
if ($response instanceof Response) {
$this->flash('success', t('Event deleted successfully.'));
} else {
$this->flash('success', t('Event deletion pending. This request must be approved before the event is fully removed.'));
$r = new EditResponse($e);
$year = date('Y');
$month = date('m');
$r->setRedirectURL(
\URL::to(
$this->preferences->getPreferredViewPath(),
'view',
$event->getCalendar()->getID(),
$year,
$month
)
);

if (!$e->has()) {
$u = $this->app->make(User::class);
$pkr = new DeleteCalendarEventRequest();
$pkr->setCalendarEventVersionID($event->getRecentVersion()->getID());
$pkr->setRequesterUserID($u->getUserID());
$response = $pkr->trigger();
if ($response instanceof Response) {
$this->flash('success', t('Event deleted successfully.'));
} else {
$this->flash(
'success',
t('Event deletion pending. This request must be approved before the event is fully removed.')
);
}
}
}

$r->outputJSON();
$r->outputJSON();
}
}


Expand Down
83 changes: 46 additions & 37 deletions concrete/controllers/dialog/event/delete_occurrence.php
Original file line number Diff line number Diff line change
Expand Up @@ -40,46 +40,55 @@ public function __construct()

public function submit()
{
$occurrence = $this->eventOccurrenceService->getByID($this->request->request->get('versionOccurrenceID'));
$e = \Core::make('error');
if (!$occurrence) {
$e->add(t('Invalid occurrence.'));
}
if (!$this->canAccess()) {
$e->add(t('Access Denied.'));
}
if ($this->validateAction()) {
$occurrence = $this->eventOccurrenceService->getByID($this->request->request->get('versionOccurrenceID'));
$e = \Core::make('error');
if (!$occurrence) {
$e->add(t('Invalid occurrence.'));
}
if (!$this->canAccess()) {
$e->add(t('Access Denied.'));
}

$r = new EditResponse($e);
$year = date('Y', $occurrence->getStart());
$month = date('m', $occurrence->getStart());
$r->setRedirectURL(
\URL::to(
$this->preferences->getPreferredViewPath(),
'view',
$occurrence->getEvent()->getCalendar()->getID(),
$year,
$month
)
);

if (!$e->has()) {
$u = $this->app->make(User::class);
$eventVersion = $this->eventService->getVersionToModify($occurrence->getEvent(), $u);
$this->eventService->addEventVersion($eventVersion->getEvent(), $eventVersion->getEvent()->getCalendar(), $eventVersion);
$this->eventOccurrenceService->delete($eventVersion, $occurrence->getOccurrence());

$pkr = new ApproveCalendarEventRequest();
$pkr->setCalendarEventVersionID($eventVersion->getID());
$pkr->setRequesterUserID($u->getUserID());
$response = $pkr->trigger();
if ($response instanceof Response) {
$this->flash('success', t('Event occurrence removed.'));
} else {
$this->flash('success', t('Event occurrence removal requested. This must be approved before it is fully removed.'));
$r = new EditResponse($e);
$year = date('Y', $occurrence->getStart());
$month = date('m', $occurrence->getStart());
$r->setRedirectURL(
\URL::to(
$this->preferences->getPreferredViewPath(),
'view',
$occurrence->getEvent()->getCalendar()->getID(),
$year,
$month
)
);

if (!$e->has()) {
$u = $this->app->make(User::class);
$eventVersion = $this->eventService->getVersionToModify($occurrence->getEvent(), $u);
$this->eventService->addEventVersion(
$eventVersion->getEvent(),
$eventVersion->getEvent()->getCalendar(),
$eventVersion
);
$this->eventOccurrenceService->delete($eventVersion, $occurrence->getOccurrence());

$pkr = new ApproveCalendarEventRequest();
$pkr->setCalendarEventVersionID($eventVersion->getID());
$pkr->setRequesterUserID($u->getUserID());
$response = $pkr->trigger();
if ($response instanceof Response) {
$this->flash('success', t('Event occurrence removed.'));
} else {
$this->flash(
'success',
t('Event occurrence removal requested. This must be approved before it is fully removed.')
);
}
}
}

$r->outputJSON();
$r->outputJSON();
}
}


Expand Down
2 changes: 1 addition & 1 deletion concrete/controllers/dialog/file/delete.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ public function view($fID)

public function submit($fID)
{
if ($this->canAccess()) {
if ($this->validateAction()) {
$file = File::getByID($this->request->attributes->get('fID'));
$file->delete();

Expand Down
2 changes: 1 addition & 1 deletion concrete/controllers/dialog/logs/delete_all.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ public function submit()
/** @var EditResponse $editResponse */
$editResponse = new EditResponse();

if ($this->canAccess()) {
if ($this->validateAction()) {
/** @var Connection $db */
$db = $this->app->make(Connection::class);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -218,7 +218,7 @@ protected function setCurrentSite(?Site $site): void
$menu = null;
} else {
$breadcrumb = $this->app->make(DashboardBreadcrumbFactory::class)->getBreadcrumb($this->getPageObject());
$breadcrumb->add(new Item('', $site->getSiteName()));
$breadcrumb->add(new Item('', h($site->getSiteName())));
$this->setBreadcrumb($breadcrumb);
$menu = new Element('dashboard/system/multisite/site/menu', '', $this->getPageObject(), ['site' => $site]);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ protected function getSiteNameForPage(Page $page): string
}
$siteName = $this->getSiteNameForLocale($locale);
} else {
$siteName = $this->app->make('site')->getSite()->getSiteName();
$siteName = h($this->app->make('site')->getSite()->getSiteName());
}

return $siteName;
Expand Down
2 changes: 1 addition & 1 deletion concrete/controllers/single_page/register.php
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ public function do_register()
'display');
}
$mh->addParameter('attribs', $attribValues);
$mh->addParameter('siteName', tc('SiteName', \Core::make('site')->getSite()->getSiteName()));
$mh->addParameter('siteName', h(tc('SiteName', \Core::make('site')->getSite()->getSiteName())));

if ($config->get('concrete.email.register_notification.address')) {
if ($config->get('concrete.email.register_notification.name')) {
Expand Down
2 changes: 1 addition & 1 deletion concrete/elements/header_required.php
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@
}
$seo->addTitleSegmentBefore($pageTitle);
}
$seo->setSiteName(tc('SiteName', $site->getSiteName()));
$seo->setSiteName(h(tc('SiteName', $site->getSiteName())));
$seo->setTitleFormat($appConfig->get('concrete.seo.title_format'));
$seo->setTitleSegmentSeparator($appConfig->get('concrete.seo.title_segment_separator'));
$pageTitle = $seo->getTitle();
Expand Down
4 changes: 2 additions & 2 deletions concrete/js/cms.js

Large diffs are not rendered by default.

5 changes: 4 additions & 1 deletion concrete/single_pages/dashboard/reports/logs.php
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,10 @@ class="btn btn-secondary dropdown-toggle dropdown-toggle-split"

<?php foreach ($item->getColumns() as $column) { ?>
<?php /** @var ItemColumn $column */ ?>
<td>
<td <?php if ($column->getColumn() instanceof
\Concrete\Core\Logging\Search\ColumnSet\Column\MessageColumn) { ?>
class="text-break"
<?php } ?>>
<?php echo $column->getColumnValue(); ?>
</td>
<?php } ?>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@
<?php foreach ($sites as $site) { ?>
<tr>
<td>
<?php echo $site->getSiteName() ?>
<?php echo h($site->getSiteName()); ?>
</td>

<td style="white-space: nowrap" class="text-center">
Expand Down
2 changes: 1 addition & 1 deletion concrete/single_pages/login.php
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
$site = app('site')->getSite() ?? null;
$siteName = '';
if ($site) {
$siteName = $site->getSiteName();
$siteName = h($site->getSiteName());
}

?>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ public function __construct(Site $site)

public function getEntryGroupLabel()
{
return $this->site->getSiteName();
return h($this->site->getSiteName());
}

public function getEntryGroupIdentifier()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ public function __construct(Site $site)

public function getLabel()
{
return $this->site->getSiteName();
return h($this->site->getSiteName());
}

public function getSiteTreeID()
Expand Down
2 changes: 1 addition & 1 deletion concrete/src/Entity/Attribute/Value/Value/SiteValue.php
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ public function getValue()
public function __toString()
{
if (is_object($this->site)) {
return (string) $this->site->getSiteName();
return (string) h($this->site->getSiteName());
}
return '';
}
Expand Down
2 changes: 1 addition & 1 deletion concrete/src/Entity/Site/SiteTree.php
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ public function getSiteType()

public function getDisplayName()
{
return $this->getLocale()->getSite()->getSiteName();
return h($this->getLocale()->getSite()->getSiteName());
}

}
2 changes: 1 addition & 1 deletion concrete/src/Form/Service/Widget/SiteSelector.php
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ public function selectSite($fieldName, $siteID = false, $includeCurrent = false,
foreach(\Core::make('site')->getList() as $site) {
$sp = new \Permissions($site);
if ($sp->canViewSiteInSelector()) {
$sites .= '<option ' . ($site->getSiteID() == $siteID ? 'selected' : '') . ' value="' . $site->getSiteID() . '">' . $site->getSiteName() . '</option>';
$sites .= '<option ' . ($site->getSiteID() == $siteID ? 'selected' : '') . ' value="' . $site->getSiteID() . '">' . h($site->getSiteName()) . '</option>';
}
}

Expand Down
Loading

0 comments on commit 077755e

Please sign in to comment.