From dc20116a7d768be19497decf4583b1041b7ce311 Mon Sep 17 00:00:00 2001 From: Korvin Szanto Date: Thu, 1 Dec 2016 11:22:51 -0800 Subject: [PATCH 01/10] Generate secure random strings from the identifier service --- .../src/Utility/Service/Identifier.php | 133 ++++++++++-------- 1 file changed, 78 insertions(+), 55 deletions(-) diff --git a/web/concrete/src/Utility/Service/Identifier.php b/web/concrete/src/Utility/Service/Identifier.php index e639b11f8d2..a5e8620f631 100644 --- a/web/concrete/src/Utility/Service/Identifier.php +++ b/web/concrete/src/Utility/Service/Identifier.php @@ -1,9 +1,14 @@ * @copyright Copyright (c) 2003-2008 Concrete5. (http://www.concrete5.org) * @license http://www.concrete5.org/license/ MIT License @@ -11,76 +16,94 @@ /** * A helper that allows the creation of unique strings, for use when creating hashes, identifiers. - * @package Helpers + * + * \@package Helpers * @subpackage Validation + * * @author Andrew Embler * @copyright Copyright (c) 2003-2008 Concrete5. (http://www.concrete5.org) * @license http://www.concrete5.org/license/ MIT License */ +class Identifier +{ -class Identifier { - - private $letters = 'abcefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890'; - - - /** - * Like generate() below, but simply appends an ever increasing number to what you provide - * until it comes back as not found - */ - public function generateFromBase($string, $table, $key) { - $foundRecord = false; - $db = Loader::db(); - $i = ''; + /** + * Like generate() below, but simply appends an ever increasing number to what you provide + * until it comes back as not found. + */ + public function generateFromBase($string, $table, $key) + { + $foundRecord = false; + $db = Application::make(Connection::class); + $i = ''; $_string = ''; - while ($foundRecord == false) { - $_string = $string . $i; - $cnt = $db->GetOne("select count(" . $key . ") as total from " . $table . " where " . $key . " = ?", array($_string)); - if ($cnt < 1) { - $foundRecord = true; - } else { - if ($i == '') { - $i = 0; - } - $i++; - } - } - return $_string; - } + while ($foundRecord == false) { + $_string = $string . $i; + $cnt = $db->GetOne("select count(" . $key . ") as total from " . $table . " where " . $key . " = ?", + array($_string)); + if ($cnt < 1) { + $foundRecord = true; + } else { + if ($i == '') { + $i = 0; + } + ++$i; + } + } + + return $_string; + } /** * Generates a unique identifier for an item in a database table. Used, among other places, in generating - * User hashes for email validation + * User hashes for email validation. + * * @param string $table * @param string $key * @param int $length * @param bool $lowercase + * * @return string */ - public function generate($table, $key, $length = 12, $lowercase = false) { - $foundHash = false; - $db = Loader::db(); - while ($foundHash == false) { - $string = $this->getString($length); - if ($lowercase) { - $string = strtolower($string); - } - $cnt = $db->GetOne("select count(" . $key . ") as total from " . $table . " where " . $key . " = ?", array($string)); - if ($cnt < 1) { - $foundHash = true; - } - } - return $string; - } + public function generate($table, $key, $length = 12, $lowercase = false) + { + $foundHash = false; + $db = Application::make(Connection::class); + while ($foundHash == false) { + $string = $this->getString($length); + if ($lowercase) { + $string = strtolower($string); + } + $cnt = $db->GetOne("select count(" . $key . ") as total from " . $table . " where " . $key . " = ?", + array($string)); + if ($cnt < 1) { + $foundHash = true; + } + } + + return $string; + } - public function getString($length = 12) { - $str = str_repeat($this->letters, 10); - $hash = substr(str_shuffle($str), 0, $length); - return $hash; - } + /** + * Generate a cryptographically secure random string + * @param int $length + * @return string + */ + public function getString($length = 12) + { + if (function_exists('random_bytes')) { + $bytes = random_bytes($length / 2); + } else { + $hash = new PasswordHash(8, false); + $bytes = $hash->get_random_bytes($length / 2); + } - public function deleteKey($table, $keyCol, $uHash){ - $db = Loader::db(); - $db->Execute("DELETE FROM ".$table." WHERE ".$keyCol."=?", array($uHash) ); - } + return bin2hex($bytes); + } + public function deleteKey($table, $keyCol, $uHash) + { + $db = Application::make(Connection::class); + $db->Execute("DELETE FROM " . $table . " WHERE " . $keyCol . "=?", array($uHash)); + } } From 56f0193327db69a9afab482f6d00ef91532146af Mon Sep 17 00:00:00 2001 From: Korvin Szanto Date: Thu, 1 Dec 2016 12:19:42 -0800 Subject: [PATCH 02/10] Define cParentID and appease test gods --- web/concrete/src/Page/Page.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/web/concrete/src/Page/Page.php b/web/concrete/src/Page/Page.php index 73e643921cc..4e29255d31f 100644 --- a/web/concrete/src/Page/Page.php +++ b/web/concrete/src/Page/Page.php @@ -48,6 +48,9 @@ class Page extends Collection implements \Concrete\Core\Permission\ObjectInterfa protected $blocksAliasedFromMasterCollection = null; protected $cIsSystemPage = false; protected $cPointerOriginalID = null; + + public $cParentID; + /** * @param string $path /path/to/page * @param string $version ACTIVE or RECENT From 51b273f89f1389e2c589a45b61c1c09ed6f025f1 Mon Sep 17 00:00:00 2001 From: Andrew Embler Date: Thu, 1 Dec 2016 12:28:01 -0800 Subject: [PATCH 03/10] adding in info object for updates --- .../dashboard/system/environment/info.php | 110 +----- web/concrete/src/System/Info.php | 347 ++++++++++++++++++ .../src/Updater/ApplicationUpdate.php | 3 + 3 files changed, 362 insertions(+), 98 deletions(-) create mode 100644 web/concrete/src/System/Info.php diff --git a/web/concrete/controllers/single_page/dashboard/system/environment/info.php b/web/concrete/controllers/single_page/dashboard/system/environment/info.php index 726c1263574..ddc1c82eced 100644 --- a/web/concrete/controllers/single_page/dashboard/system/environment/info.php +++ b/web/concrete/controllers/single_page/dashboard/system/environment/info.php @@ -12,114 +12,28 @@ class Info extends DashboardPageController { public function get_environment_info() { - $activeLocale = Localization::activeLocale(); - if ($activeLocale != 'en_US') { - Localization::changeLocale('en_US'); - } - $maxExecutionTime = ini_get('max_execution_time'); - set_time_limit(5); + $info = $this->app->make('\Concrete\Core\System\Info'); + /* @var \Concrete\Core\System\Info $info */ - $environmentMessage = "# concrete5 Version\n"; - $environmentMessage .= "Core Version - " . \Config::get('concrete.version') . "\n"; - $environmentMessage .= "Version Installed - " . \Config::get('concrete.version_installed') . "\n"; - $environmentMessage .= "Database Version - " . \Config::get('concrete.version_db') . "\n\n"; + echo "# concrete5 Version\n".$info->getCoreVersions()."\n\n"; - $environmentMessage .= "# concrete5 Packages\n"; - $pla = PackageList::get(); - $pl = $pla->getPackages(); - $packages = array(); - foreach ($pl as $p) { - if ($p->isPackageInstalled()) { - $packages[] = $p->getPackageName() . ' (' . $p->getPackageVersion() . ')'; - } - } - if (count($packages) > 0) { - natcasesort($packages); - $environmentMessage .= implode(', ', $packages); - $environmentMessage .= ".\n"; - } else { - $environmentMessage .= "None\n"; - } - $environmentMessage .= "\n"; + echo "# concrete5 Packages\n".($info->getPackages() ?: 'None')."\n\n"; - // overrides - $environmentMessage .= "# concrete5 Overrides\n"; - $env = Environment::get(); - $overrides = $env->getOverrideList(); + echo "# concrete5 Overrides\n".($info->getOverrides() ?: 'None')."\n\n"; - if (count($overrides) > 0) { - $environmentMessage .= implode(', ', $overrides); - $environmentMessage .= "\n"; - } else { - $environmentMessage .= "None\n"; - } - $environmentMessage .= "\n"; + echo "# concrete5 Cache Settings\n".$info->getCache()."\n\n"; - print $environmentMessage; + echo "# Server Software\n".$info->getServerSoftware()."\n\n"; - // cache - $environmentMessage = "# concrete5 Cache Settings\n"; - $environmentMessage .= sprintf("Block Cache - %s\n", Config::get('concrete.cache.blocks') ? 'On' : 'Off'); - $environmentMessage .= sprintf("Overrides Cache - %s\n", Config::get('concrete.cache.overrides') ? 'On' : 'Off'); - $environmentMessage .= sprintf("Full Page Caching - %s\n", (Config::get('concrete.cache.pages') == 'blocks' ? 'On - If blocks on the particular page allow it.' : (Config::get('concrete.cache.pages') == 'all' ? 'On - In all cases.' : 'Off'))); - if (Config::get('concrete.cache.full_page_lifetime')) { - $environmentMessage .= sprintf("Full Page Cache Lifetime - %s\n", (Config::get('concrete.cache.full_page_lifetime') == 'default' ? sprintf('Every %s (default setting).', Core::make('helper/date')->describeInterval(Config::get('concrete.cache.lifetime'))) : (Config::get('concrete.cache.full_page_lifetime') == 'forever' ? 'Only when manually removed or the cache is cleared.' : sprintf('Every %s minutes.', Config::get('concrete.cache.full_page_lifetime_value'))))); - } - $environmentMessage .= "\n"; - print $environmentMessage; + echo "# Server API\n".$info->getServerAPI()."\n\n"; - $environmentMessage = "# Server Software\n" . $_SERVER['SERVER_SOFTWARE'] . "\n\n"; - $environmentMessage .= "# Server API\n" . php_sapi_name() . "\n\n"; - $environmentMessage .= "# PHP Version\n" . PHP_VERSION . "\n\n"; - $environmentMessage .= "# PHP Extensions\n"; - if (function_exists('get_loaded_extensions')) { - $gle = @get_loaded_extensions(); - natcasesort($gle); - $environmentMessage .= implode(', ', $gle); - $environmentMessage .= ".\n"; - } else { - $environmentMessage .= "Unable to determine\n"; - } + echo "# PHP Version\n".$info->getPhpVersion()."\n\n"; - print $environmentMessage; + echo "# PHP Extensions\n".($info->getPhpExtensions() === false ? 'Unable to determine' : $info->getPhpExtensions())."\n\n"; - ob_start(); - phpinfo(); - $section = 'phpinfo'; - $phpinfo = array($section => array()); - if (preg_match_all('#(?:

(?:)?(.*?)(?:)?

)|(?:(.*?)\s*(?:(.*?)\s*(?:(.*?)\s*)?)?)#s', ob_get_clean(), $matches, PREG_SET_ORDER)) { - foreach ($matches as $match) { - if (strlen($match[1])) { - $section = $match[1]; - $phpinfo[$section] = array(); - } elseif (isset($match[3])) { - $phpinfo[$section][$match[2]] = isset($match[4]) ? array($match[3], $match[4]) : $match[3]; - } else { - $phpinfo[$section][] = $match[2]; - } - } - } - $environmentMessage = "\n# PHP Settings\n"; - $environmentMessage .= "max_execution_time - $maxExecutionTime\n"; - foreach ($phpinfo as $name => $section) { - foreach ($section as $key => $val) { - if (preg_match('/.*max_execution_time*/', $key)) { - continue; - } - if (!preg_match('/.*limit.*/', $key) && !preg_match('/.*safe.*/', $key) && !preg_match('/.*max.*/', $key)) { - continue; - } - if (is_array($val)) { - $environmentMessage .= "$key - $val[0]\n"; - } elseif (is_string($key)) { - $environmentMessage .= "$key - $val\n"; - } else { - $environmentMessage .= "$val\n"; - } - } - } + echo "# PHP Settings\n".$info->getPhpSettings(); - print $environmentMessage; exit; } + } diff --git a/web/concrete/src/System/Info.php b/web/concrete/src/System/Info.php new file mode 100644 index 00000000000..1246c331852 --- /dev/null +++ b/web/concrete/src/System/Info.php @@ -0,0 +1,347 @@ +make('config'); + $maxExecutionTime = ini_get('max_execution_time'); + @set_time_limit(5); + + $this->installed = (bool) $app->isInstalled(); + + $this->webRootDirectory = DIR_BASE; + + $this->coreRootDirectory = DIR_BASE_CORE; + + $versions = ['Core Version - '.$config->get('concrete.version')]; + if ($this->installed) { + $versions[] = 'Version Installed - '.$config->get('concrete.version_installed'); + } + $versions[] = 'Database Version - '.$config->get('concrete.version_db'); + $this->coreVersions = implode("\n", $versions); + + $packages = []; + if ($this->installed) { + foreach (PackageList::get()->getPackages() as $p) { + if ($p->isPackageInstalled()) { + $packages[] = $p->getPackageName() . ' (' . $p->getPackageVersion() . ')'; + } + } + } + natcasesort($packages); + $this->packages = implode(', ', $packages); + + $overrides = Environment::get()->getOverrideList(); + if (empty($overrides)) { + $this->overrides = ''; + } else { + $this->overrides = implode(', ', $overrides); + } + + $cache = [ + sprintf('Block Cache - %s', $config->get('concrete.cache.blocks') ? 'On' : 'Off'), + sprintf('Overrides Cache - %s', $config->get('concrete.cache.overrides') ? 'On' : 'Off'), + sprintf('Full Page Caching - %s', + $config->get('concrete.cache.pages') == 'blocks' ? + 'On - If blocks on the particular page allow it.' + : + ( + $config->get('concrete.cache.pages') == 'all' ? + 'On - In all cases.' + : + 'Off' + ) + ), + ]; + if ($config->get('concrete.cache.full_page_lifetime')) { + $cache[] = sprintf("Full Page Cache Lifetime - %s", + $config->get('concrete.cache.full_page_lifetime') == 'default' ? + sprintf('Every %s (default setting).', $app->make('helper/date')->describeInterval($config->get('concrete.cache.lifetime'))) + : + ( + $config->get('concrete.cache.full_page_lifetime') == 'forever' ? + 'Only when manually removed or the cache is cleared.' + : + sprintf('Every %s minutes.', $config->get('concrete.cache.full_page_lifetime_value')) + ) + ); + } + $this->cache = implode("\n", $cache); + + $this->serverSoftware = \Request::getInstance()->server->get('SERVER_SOFTWARE', ''); + + $this->serverAPI = PHP_SAPI; + + $this->phpVersion = PHP_VERSION; + + if (function_exists('get_loaded_extensions')) { + $extensions = @get_loaded_extensions(); + } else { + $extensions = false; + } + if (is_array($extensions)) { + natcasesort($extensions); + $this->phpExtensions = implode(', ', $extensions); + } else { + $this->phpExtensions = false; + } + + ob_start(); + phpinfo(); + $buffer = ob_get_clean(); + $phpinfo = []; + if ($app->isRunThroughCommandLineInterface()) { + $section = null; + foreach (preg_split('/[\r\n]+/', $buffer) as $line) { + $chunks = array_map('trim', explode('=>', $line)); + switch (count($chunks)) { + case 1: + if ($chunks[0] === '') { + continue; + } + $section = $chunks[0]; + break; + case 2: + if ($section !== null) { + $phpinfo[$section][$chunks[0]] = $chunks[1]; + } + break; + default: + if ($section !== null) { + $phpinfo[$section][$chunks[0]] = [$chunks[1], $chunks[2]]; + } + break; + } + } + } else { + $section = 'phpinfo'; + $phpinfo[$section] = []; + if (preg_match_all('#(?:

(?:)?(.*?)(?:)?

)|(?:(.*?)\s*(?:(.*?)\s*(?:(.*?)\s*)?)?)#s', $buffer, $matches, PREG_SET_ORDER)) { + foreach ($matches as $match) { + if ($match[1] !== null && $match[1] !== '') { + $section = $match[1]; + $phpinfo[$section] = []; + } elseif (isset($match[3])) { + $phpinfo[$section][$match[2]] = isset($match[4]) ? [$match[3], $match[4]] : $match[3]; + } else { + $phpinfo[$section][] = $match[2]; + } + } + } + } + $phpSettings = [ + "max_execution_time - $maxExecutionTime", + ]; + foreach ($phpinfo as $name => $section) { + foreach ($section as $key => $val) { + if (preg_match('/.*max_execution_time*/', $key)) { + continue; + } + if (strpos($key, 'limit') === false && strpos($key, 'safe') === false && strpos($key, 'max') === false) { + continue; + } + if (is_array($val)) { + $phpSettings[] = "$key - {$val[0]}"; + } elseif (is_string($key)) { + $phpSettings[] = "$key - $val"; + } else { + $phpSettings[] = $val; + } + } + } + $this->phpSettings = implode("\n", $phpSettings); + if ($currentLocale != 'en_US') { + Localization::changeLocale($currentLocale); + } + } catch (\Exception $x) { + if ($currentLocale != 'en_US') { + Localization::changeLocale($currentLocale); + } + throw $x; + } + } + + /** + * @return bool + */ + public function isInstalled() + { + return $this->installed; + } + + /** + * @return string + */ + public function getWebRootDirectory() + { + return $this->webRootDirectory; + } + + /** + * @return string + */ + public function getCoreRootDirectory() + { + return $this->coreRootDirectory; + } + + /** + * @return string + */ + public function getCoreVersions() + { + return $this->coreVersions; + } + + /** + * @return string + */ + public function getPackages() + { + return $this->packages; + } + + /** + * @return string + */ + public function getOverrides() + { + return $this->overrides; + } + + /** + * @return string + */ + public function getCache() + { + return $this->cache; + } + + /** + * @return string + */ + public function getServerSoftware() + { + return $this->serverSoftware; + } + + /** + * @return string + */ + public function getServerAPI() + { + return $this->serverAPI; + } + + /** + * @return string + */ + public function getPhpVersion() + { + return $this->phpVersion; + } + + /** + * @var string|false + */ + protected $phpExtensions; + + /** + * @return string|false + */ + public function getPhpExtensions() + { + return $this->phpExtensions; + } + + /** + * @var string + */ + protected $phpSettings; + + /** + * @return string + */ + public function getPhpSettings() + { + return $this->phpSettings; + } + + public function getJSONOBject() + { + $o = new \stdClass(); + $o->phpSettings = $this->phpSettings; + $o->phpExtensions = $this->phpExtensions; + $o->phpVersion = $this->phpVersion; + $o->serverAPI = $this->serverAPI; + $o->serverSoftware = $this->serverSoftware; + $o->cache = $this->cache; + $o->overrides = $this->overrides; + $o->packages = $this->packages; + $o->coreVersions = $this->coreVersions; + return $o; + } +} diff --git a/web/concrete/src/Updater/ApplicationUpdate.php b/web/concrete/src/Updater/ApplicationUpdate.php index 592ef0190bb..f83f5c3cd61 100644 --- a/web/concrete/src/Updater/ApplicationUpdate.php +++ b/web/concrete/src/Updater/ApplicationUpdate.php @@ -153,6 +153,9 @@ public function getDiagnosticObject() } $overrides = id(Environment::get())->getOverrideList(); $request->getPost()->set('overrides', $overrides); + $info = \Core::make('\Concrete\Core\System\Info'); + $info = $info->getJSONOBject(); + $request->getPost()->set('environment', json_encode($info)); $client = new Client(); $client->setMethod('POST'); From c81db01f61ad4dcb260aebd205f6d1ba0d7047df Mon Sep 17 00:00:00 2001 From: Andrew Embler Date: Thu, 1 Dec 2016 12:43:17 -0800 Subject: [PATCH 04/10] upping version number --- web/concrete/config/concrete.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/concrete/config/concrete.php b/web/concrete/config/concrete.php index be9c166f716..6c9cd2d571c 100644 --- a/web/concrete/config/concrete.php +++ b/web/concrete/config/concrete.php @@ -7,8 +7,8 @@ * * @var string */ - 'version' => '5.7.5.10b1', - 'version_installed' => '5.7.5.10b1', + 'version' => '5.7.5.10', + 'version_installed' => '5.7.5.10', 'version_db' => '20160615000000', // the key of the latest database migration /** From 9ccb8fe71e951f71422854cd249fdbb314d46216 Mon Sep 17 00:00:00 2001 From: Andrew Embler Date: Thu, 1 Dec 2016 13:03:27 -0800 Subject: [PATCH 05/10] updates to changelog and download --- CHANGELOG.md | 6 ++++++ build/tasks/build-release/download.js | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 471aa9f90f2..fcb3ed2af65 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +# 5.7.5.10 + +* Minor bug fixes +* Fixed insecure use of non-random str_shuffle when creating user tokens +* Improvements to update process for version 8. + # 5.7.5.9 ## New Features diff --git a/build/tasks/build-release/download.js b/build/tasks/build-release/download.js index 9061ee8214e..a7b87d0ec75 100644 --- a/build/tasks/build-release/download.js +++ b/build/tasks/build-release/download.js @@ -1,5 +1,5 @@ module.exports = function(grunt, config, parameters, done) { - var zipUrl = parameters.releaseSourceZip || 'https://github.com/concrete5/concrete5/archive/5.7.x.zip'; + var zipUrl = parameters.releaseSourceZip || 'https://github.com/concrete5/concrete5/archive/release/5.7.5.10.zip'; var workFolder = parameters.releaseWorkFolder || './release'; function endForError(e) { process.stderr.write(e.message || e); From b0c4326e9ee3e8684c77e0122dbe2a4bc9278699 Mon Sep 17 00:00:00 2001 From: Michele Locati Date: Tue, 6 Dec 2016 15:05:29 +0100 Subject: [PATCH 06/10] Avoid the ::class construct We're still on PHP 5.3 for the 5.7 series --- web/concrete/src/Utility/Service/Identifier.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/web/concrete/src/Utility/Service/Identifier.php b/web/concrete/src/Utility/Service/Identifier.php index a5e8620f631..fa8c9a741fa 100644 --- a/web/concrete/src/Utility/Service/Identifier.php +++ b/web/concrete/src/Utility/Service/Identifier.php @@ -1,7 +1,6 @@ getString($length); if ($lowercase) { @@ -103,7 +102,7 @@ public function getString($length = 12) public function deleteKey($table, $keyCol, $uHash) { - $db = Application::make(Connection::class); + $db = Application::make('Concrete\Core\Database\Connection\Connection'); $db->Execute("DELETE FROM " . $table . " WHERE " . $keyCol . "=?", array($uHash)); } } From e3b0e8bee7e56ca192b682b5feb25e492b2421bb Mon Sep 17 00:00:00 2001 From: Andrew Embler Date: Tue, 6 Dec 2016 07:17:34 -0800 Subject: [PATCH 07/10] Revert "Fix #4658 for v5.7" This reverts commit 000d07aae71f6b72de6c0fef656475393928938c. --- web/concrete/src/Block/BlockController.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/web/concrete/src/Block/BlockController.php b/web/concrete/src/Block/BlockController.php index 489ee37a0b1..e04f2dcd9ad 100644 --- a/web/concrete/src/Block/BlockController.php +++ b/web/concrete/src/Block/BlockController.php @@ -480,11 +480,7 @@ public function isValidControllerTask($method, $parameters = array()) // how do we get <= 1? If it's 1, that means that the method has one fewer param. That's ok because // certain older blocks don't know that the last param ought to be a $bID. If they're equal it's zero // which is best. and if they're greater that's ok too. - // Now let's see if the action is for this block instance - $bID = array_pop($parameters); - if ((is_string($bID) || is_int($bID)) && $bID == $this->bID) { - return true; - } + return true; } } From 9a89f1fbf5120567d237598fded04711c5ac5538 Mon Sep 17 00:00:00 2001 From: Andrew Embler Date: Wed, 7 Dec 2016 09:32:00 -0800 Subject: [PATCH 08/10] Backporting page controller tweaks --- .../Controller/DashboardPageController.php | 4 ++++ .../src/Page/Controller/PageController.php | 21 ++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/web/concrete/src/Page/Controller/DashboardPageController.php b/web/concrete/src/Page/Controller/DashboardPageController.php index 829078ae55f..d181f615d4e 100644 --- a/web/concrete/src/Page/Controller/DashboardPageController.php +++ b/web/concrete/src/Page/Controller/DashboardPageController.php @@ -11,6 +11,10 @@ class DashboardPageController extends PageController /** @var Error */ protected $error; + protected $restrictedMethods = array( + 'enableNativeMobile' + ); + /** @var Token */ public $token; protected $helpers = array('form'); diff --git a/web/concrete/src/Page/Controller/PageController.php b/web/concrete/src/Page/Controller/PageController.php index 9f0d5257f55..6cf1a03cc1a 100644 --- a/web/concrete/src/Page/Controller/PageController.php +++ b/web/concrete/src/Page/Controller/PageController.php @@ -20,6 +20,12 @@ class PageController extends Controller protected $passThruBlocks = array(); protected $parameters = array(); + /** + * array of method names that can't be called through the url + * @var array + */ + protected $restrictedMethods = array(); + public function supportsPageCache() { return $this->supportsPageCache; @@ -166,11 +172,24 @@ public function setupRequestActionAndParameters(Request $request) } $foundTask = false; + $restrictedControllers = array( + 'Concrete\Core\Controller\Controller', + 'Concrete\Core\Controller\AbstractController', + 'Concrete\Core\Page\Controller\PageController' + + ); try { $r = new \ReflectionMethod(get_class($this), $method); $cl = $r->getDeclaringClass(); if (is_object($cl)) { - if ($cl->getName() != 'Concrete\Core\Controller\Controller' && strpos($method, 'on_') !== 0 && strpos($method, '__') !== 0 && $r->isPublic()) { + if ( + !in_array($cl->getName(), $restrictedControllers) + && strpos($method, 'on_') !== 0 + && strpos($method, '__') !== 0 + && $r->isPublic() + && !$r->isConstructor() + && (is_array($this->restrictedMethods) && !in_array($method, $this->restrictedMethods)) + ) { $foundTask = true; } } From fa95977a3f4630a5ae564787da222bd2a7b921a2 Mon Sep 17 00:00:00 2001 From: Andrew Embler Date: Wed, 7 Dec 2016 14:05:41 -0800 Subject: [PATCH 09/10] updating build --- build/tasks/build-release/download.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/tasks/build-release/download.js b/build/tasks/build-release/download.js index a7b87d0ec75..9dc12d559bd 100644 --- a/build/tasks/build-release/download.js +++ b/build/tasks/build-release/download.js @@ -1,5 +1,5 @@ module.exports = function(grunt, config, parameters, done) { - var zipUrl = parameters.releaseSourceZip || 'https://github.com/concrete5/concrete5/archive/release/5.7.5.10.zip'; + var zipUrl = parameters.releaseSourceZip || 'https://github.com/concrete5/concrete5/archive/release/5.7.5.11.zip'; var workFolder = parameters.releaseWorkFolder || './release'; function endForError(e) { process.stderr.write(e.message || e); From 745f3aeec57ca0a48c4387bca2d6262a2bfba486 Mon Sep 17 00:00:00 2001 From: Andrew Embler Date: Wed, 7 Dec 2016 14:13:21 -0800 Subject: [PATCH 10/10] upping version number --- web/concrete/config/concrete.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/concrete/config/concrete.php b/web/concrete/config/concrete.php index 6c9cd2d571c..88e3118b71f 100644 --- a/web/concrete/config/concrete.php +++ b/web/concrete/config/concrete.php @@ -7,8 +7,8 @@ * * @var string */ - 'version' => '5.7.5.10', - 'version_installed' => '5.7.5.10', + 'version' => '5.7.5.11', + 'version_installed' => '5.7.5.11', 'version_db' => '20160615000000', // the key of the latest database migration /**