mirror of
https://github.com/getgrav/grav-plugin-admin.git
synced 2025-10-28 08:46:45 +01:00
Made path handling unicode-safe, use new Utils::basename() and Utils::pathinfo() everywhere
This commit is contained in:
Matias Griese
@@ -1,3 +1,9 @@
|
|||||||
|
# v1.10.29
|
||||||
|
## mm/dd/2022
|
||||||
|
|
||||||
|
3. [](#improved)
|
||||||
|
* Made path handling unicode-safe, use new `Utils::basename()` and `Utils::pathinfo()` everywhere
|
||||||
|
|
||||||
# v1.10.28
|
# v1.10.28
|
||||||
## 01/24/2022
|
## 01/24/2022
|
||||||
|
|
||||||
|
|||||||
10
admin.php
10
admin.php
@@ -480,7 +480,7 @@ class AdminPlugin extends Plugin
|
|||||||
Admin::DEBUG && Admin::addDebugMessage("Admin page: {$this->template}");
|
Admin::DEBUG && Admin::addDebugMessage("Admin page: {$this->template}");
|
||||||
|
|
||||||
$page->init(new \SplFileInfo(__DIR__ . "/pages/admin/{$this->template}.md"));
|
$page->init(new \SplFileInfo(__DIR__ . "/pages/admin/{$this->template}.md"));
|
||||||
$page->slug(basename($this->template));
|
$page->slug(Utils::basename($this->template));
|
||||||
|
|
||||||
return $page;
|
return $page;
|
||||||
}
|
}
|
||||||
@@ -501,7 +501,7 @@ class AdminPlugin extends Plugin
|
|||||||
Admin::DEBUG && Admin::addDebugMessage("Admin page: plugin {$plugin->name}/{$this->template}");
|
Admin::DEBUG && Admin::addDebugMessage("Admin page: plugin {$plugin->name}/{$this->template}");
|
||||||
|
|
||||||
$page->init(new \SplFileInfo($path));
|
$page->init(new \SplFileInfo($path));
|
||||||
$page->slug(basename($this->template));
|
$page->slug(Utils::basename($this->template));
|
||||||
|
|
||||||
return $page;
|
return $page;
|
||||||
}
|
}
|
||||||
@@ -525,7 +525,7 @@ class AdminPlugin extends Plugin
|
|||||||
$error_file = $this->grav['locator']->findResource('plugins://admin/pages/admin/error.md');
|
$error_file = $this->grav['locator']->findResource('plugins://admin/pages/admin/error.md');
|
||||||
$page = new Page();
|
$page = new Page();
|
||||||
$page->init(new \SplFileInfo($error_file));
|
$page->init(new \SplFileInfo($error_file));
|
||||||
$page->slug(basename($this->route));
|
$page->slug(Utils::basename($this->route));
|
||||||
$page->routable(true);
|
$page->routable(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -537,7 +537,7 @@ class AdminPlugin extends Plugin
|
|||||||
$login_file = $this->grav['locator']->findResource('plugins://admin/pages/admin/login.md');
|
$login_file = $this->grav['locator']->findResource('plugins://admin/pages/admin/login.md');
|
||||||
$page = new Page();
|
$page = new Page();
|
||||||
$page->init(new \SplFileInfo($login_file));
|
$page->init(new \SplFileInfo($login_file));
|
||||||
$page->slug(basename($this->route));
|
$page->slug(Utils::basename($this->route));
|
||||||
unset($this->grav['page']);
|
unset($this->grav['page']);
|
||||||
$this->grav['page'] = $page;
|
$this->grav['page'] = $page;
|
||||||
}
|
}
|
||||||
@@ -1304,7 +1304,7 @@ class AdminPlugin extends Plugin
|
|||||||
$options = [];
|
$options = [];
|
||||||
$theme_files = glob(__dir__ . '/themes/grav/css/codemirror/themes/*.css');
|
$theme_files = glob(__dir__ . '/themes/grav/css/codemirror/themes/*.css');
|
||||||
foreach ($theme_files as $theme_file) {
|
foreach ($theme_files as $theme_file) {
|
||||||
$theme = basename(basename($theme_file, '.css'));
|
$theme = Utils::basename(Utils::basename($theme_file, '.css'));
|
||||||
$options[$theme] = Inflector::titleize($theme);
|
$options[$theme] = Inflector::titleize($theme);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -980,7 +980,7 @@ class Admin
|
|||||||
$obj->file = $file;
|
$obj->file = $file;
|
||||||
$obj->page = $pages->get(dirname($obj->path));
|
$obj->page = $pages->get(dirname($obj->path));
|
||||||
|
|
||||||
$fileInfo = pathinfo($obj->title);
|
$fileInfo = Utils::pathinfo($obj->title);
|
||||||
$filename = str_replace(['@3x', '@2x'], '', $fileInfo['filename']);
|
$filename = str_replace(['@3x', '@2x'], '', $fileInfo['filename']);
|
||||||
if (isset($fileInfo['extension'])) {
|
if (isset($fileInfo['extension'])) {
|
||||||
$filename .= '.' . $fileInfo['extension'];
|
$filename .= '.' . $fileInfo['extension'];
|
||||||
@@ -1979,7 +1979,7 @@ class Admin
|
|||||||
$page = $path ? $pages->find($path, true) : $pages->root();
|
$page = $path ? $pages->find($path, true) : $pages->root();
|
||||||
|
|
||||||
if (!$page) {
|
if (!$page) {
|
||||||
$slug = basename($path);
|
$slug = Utils::basename($path);
|
||||||
|
|
||||||
if ($slug === '') {
|
if ($slug === '') {
|
||||||
return null;
|
return null;
|
||||||
|
|||||||
@@ -374,7 +374,7 @@ class AdminBaseController
|
|||||||
// since php removes it from the upload location
|
// since php removes it from the upload location
|
||||||
$tmp_dir = Admin::getTempDir();
|
$tmp_dir = Admin::getTempDir();
|
||||||
$tmp_file = $upload->file->tmp_name;
|
$tmp_file = $upload->file->tmp_name;
|
||||||
$tmp = $tmp_dir . '/uploaded-files/' . basename($tmp_file);
|
$tmp = $tmp_dir . '/uploaded-files/' . Utils::basename($tmp_file);
|
||||||
|
|
||||||
Folder::create(dirname($tmp));
|
Folder::create(dirname($tmp));
|
||||||
if (!move_uploaded_file($tmp_file, $tmp)) {
|
if (!move_uploaded_file($tmp_file, $tmp)) {
|
||||||
@@ -423,7 +423,7 @@ class AdminBaseController
|
|||||||
|
|
||||||
// Generate random name if required
|
// Generate random name if required
|
||||||
if ($settings->random_name) { // TODO: document
|
if ($settings->random_name) { // TODO: document
|
||||||
$extension = pathinfo($upload->file->name, PATHINFO_EXTENSION);
|
$extension = Utils::pathinfo($upload->file->name, PATHINFO_EXTENSION);
|
||||||
$upload->file->name = Utils::generateRandomString(15) . '.' . $extension;
|
$upload->file->name = Utils::generateRandomString(15) . '.' . $extension;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -929,7 +929,7 @@ class AdminBaseController
|
|||||||
$type = $uri->param('type');
|
$type = $uri->param('type');
|
||||||
$field = $uri->param('field');
|
$field = $uri->param('field');
|
||||||
|
|
||||||
$filename = basename($this->post['filename'] ?? '');
|
$filename = Utils::basename($this->post['filename'] ?? '');
|
||||||
if ($filename === '') {
|
if ($filename === '') {
|
||||||
$this->admin->json_response = [
|
$this->admin->json_response = [
|
||||||
'status' => 'error',
|
'status' => 'error',
|
||||||
@@ -1068,7 +1068,7 @@ class AdminBaseController
|
|||||||
if ($file->exists()) {
|
if ($file->exists()) {
|
||||||
$resultRemoveMedia = $file->delete();
|
$resultRemoveMedia = $file->delete();
|
||||||
|
|
||||||
$fileParts = pathinfo($filename);
|
$fileParts = Utils::pathinfo($filename);
|
||||||
|
|
||||||
foreach (scandir($fileParts['dirname']) as $file) {
|
foreach (scandir($fileParts['dirname']) as $file) {
|
||||||
$regex_pattern = '/' . preg_quote($fileParts['filename'], '/') . "@\d+x\." . $fileParts['extension'] . "(?:\.meta\.yaml)?$|" . preg_quote($fileParts['basename'], '/') . "\.meta\.yaml$/";
|
$regex_pattern = '/' . preg_quote($fileParts['filename'], '/') . "@\d+x\." . $fileParts['extension'] . "(?:\.meta\.yaml)?$|" . preg_quote($fileParts['basename'], '/') . "\.meta\.yaml$/";
|
||||||
|
|||||||
@@ -521,7 +521,7 @@ class AdminController extends AdminBaseController
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
if ($download) {
|
if ($download) {
|
||||||
$filename = basename(base64_decode(urldecode($download)));
|
$filename = Utils::basename(base64_decode(urldecode($download)));
|
||||||
$file = $this->grav['locator']->findResource("backup://{$filename}", true);
|
$file = $this->grav['locator']->findResource("backup://{$filename}", true);
|
||||||
if (!$file || !Utils::endsWith($filename, '.zip', false)) {
|
if (!$file || !Utils::endsWith($filename, '.zip', false)) {
|
||||||
header('HTTP/1.1 401 Unauthorized');
|
header('HTTP/1.1 401 Unauthorized');
|
||||||
@@ -584,7 +584,7 @@ class AdminController extends AdminBaseController
|
|||||||
$backup = $this->grav['uri']->param('backup', null);
|
$backup = $this->grav['uri']->param('backup', null);
|
||||||
|
|
||||||
if (null !== $backup) {
|
if (null !== $backup) {
|
||||||
$filename = basename(base64_decode(urldecode($backup)));
|
$filename = Utils::basename(base64_decode(urldecode($backup)));
|
||||||
$file = $this->grav['locator']->findResource("backup://{$filename}", true);
|
$file = $this->grav['locator']->findResource("backup://{$filename}", true);
|
||||||
|
|
||||||
if ($file && Utils::endsWith($filename, '.zip', false)) {
|
if ($file && Utils::endsWith($filename, '.zip', false)) {
|
||||||
@@ -2244,7 +2244,7 @@ class AdminController extends AdminBaseController
|
|||||||
|
|
||||||
|
|
||||||
// Check extension
|
// Check extension
|
||||||
$extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
|
$extension = strtolower(Utils::pathinfo($filename, PATHINFO_EXTENSION));
|
||||||
|
|
||||||
// If not a supported type, return
|
// If not a supported type, return
|
||||||
if (!$extension || !$config->get("media.types.{$extension}")) {
|
if (!$extension || !$config->get("media.types.{$extension}")) {
|
||||||
@@ -2293,7 +2293,7 @@ class AdminController extends AdminBaseController
|
|||||||
|
|
||||||
// Add metadata if needed
|
// Add metadata if needed
|
||||||
$include_metadata = Grav::instance()['config']->get('system.media.auto_metadata_exif', false);
|
$include_metadata = Grav::instance()['config']->get('system.media.auto_metadata_exif', false);
|
||||||
$basename = str_replace(['@3x', '@2x'], '', pathinfo($filename, PATHINFO_BASENAME));
|
$basename = str_replace(['@3x', '@2x'], '', Utils::pathinfo($filename, PATHINFO_BASENAME));
|
||||||
|
|
||||||
$metadata = [];
|
$metadata = [];
|
||||||
|
|
||||||
@@ -2423,7 +2423,7 @@ class AdminController extends AdminBaseController
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$filename = !empty($this->post['filename']) ? basename($this->post['filename']) : null;
|
$filename = !empty($this->post['filename']) ? Utils::basename($this->post['filename']) : null;
|
||||||
|
|
||||||
// Handle bad filenames.
|
// Handle bad filenames.
|
||||||
if (!$filename || !Utils::checkFilename($filename)) {
|
if (!$filename || !Utils::checkFilename($filename)) {
|
||||||
@@ -2442,7 +2442,7 @@ class AdminController extends AdminBaseController
|
|||||||
if ($locator->isStream($targetPath)) {
|
if ($locator->isStream($targetPath)) {
|
||||||
$targetPath = $locator->findResource($targetPath, true, true);
|
$targetPath = $locator->findResource($targetPath, true, true);
|
||||||
}
|
}
|
||||||
$fileParts = pathinfo($filename);
|
$fileParts = Utils::pathinfo($filename);
|
||||||
|
|
||||||
$found = false;
|
$found = false;
|
||||||
|
|
||||||
@@ -2626,7 +2626,7 @@ class AdminController extends AdminBaseController
|
|||||||
$payload = [
|
$payload = [
|
||||||
'name' => $file_page ? $file_page->title() : $fileName,
|
'name' => $file_page ? $file_page->title() : $fileName,
|
||||||
'value' => $file_page ? $file_page->rawRoute() : $file_path,
|
'value' => $file_page ? $file_page->rawRoute() : $file_path,
|
||||||
'item-key' => basename($file_page ? $file_page->route() : $file_path),
|
'item-key' => Utils::basename($file_page ? $file_page->route() : $file_path),
|
||||||
'filename' => $fileName,
|
'filename' => $fileName,
|
||||||
'extension' => $type === 'dir' ? '' : $fileInfo->getExtension(),
|
'extension' => $type === 'dir' ? '' : $fileInfo->getExtension(),
|
||||||
'type' => $type,
|
'type' => $type,
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ use Grav\Common\Page\Pages;
|
|||||||
use Grav\Common\Uri;
|
use Grav\Common\Uri;
|
||||||
use Grav\Common\User\Interfaces\UserCollectionInterface;
|
use Grav\Common\User\Interfaces\UserCollectionInterface;
|
||||||
use Grav\Common\User\Interfaces\UserInterface;
|
use Grav\Common\User\Interfaces\UserInterface;
|
||||||
|
use Grav\Common\Utils;
|
||||||
use Grav\Framework\RequestHandler\Exception\PageExpiredException;
|
use Grav\Framework\RequestHandler\Exception\PageExpiredException;
|
||||||
use Grav\Framework\RequestHandler\Exception\RequestException;
|
use Grav\Framework\RequestHandler\Exception\RequestException;
|
||||||
use Grav\Plugin\Admin\Admin;
|
use Grav\Plugin\Admin\Admin;
|
||||||
@@ -111,7 +112,7 @@ class LoginController extends AdminController
|
|||||||
{
|
{
|
||||||
$uri = (string)$this->getRequest()->getUri();
|
$uri = (string)$this->getRequest()->getUri();
|
||||||
|
|
||||||
$ext = pathinfo($uri, PATHINFO_EXTENSION);
|
$ext = Utils::pathinfo($uri, PATHINFO_EXTENSION);
|
||||||
$accept = $this->getAccept(['application/json', 'text/html']);
|
$accept = $this->getAccept(['application/json', 'text/html']);
|
||||||
if ($ext === 'json' || $accept === 'application/json') {
|
if ($ext === 'json' || $accept === 'application/json') {
|
||||||
return $this->createErrorResponse(new RequestException($this->getRequest(), $this->translate('PLUGIN_ADMIN.LOGGED_OUT'), 401));
|
return $this->createErrorResponse(new RequestException($this->getRequest(), $this->translate('PLUGIN_ADMIN.LOGGED_OUT'), 401));
|
||||||
|
|||||||
@@ -316,7 +316,7 @@ class Gpm
|
|||||||
|
|
||||||
$bad_chars = array_merge(array_map('chr', range(0, 31)), ['<', '>', ':', '"', '/', '\\', '|', '?', '*']);
|
$bad_chars = array_merge(array_map('chr', range(0, 31)), ['<', '>', ':', '"', '/', '\\', '|', '?', '*']);
|
||||||
|
|
||||||
$filename = $package->slug . str_replace($bad_chars, '', basename($package->zipball_url));
|
$filename = $package->slug . str_replace($bad_chars, '', \Grav\Common\Utils::basename($package->zipball_url));
|
||||||
$filename = preg_replace('/[\\\\\/:"*?&<>|]+/m', '-', $filename);
|
$filename = preg_replace('/[\\\\\/:"*?&<>|]+/m', '-', $filename);
|
||||||
|
|
||||||
file_put_contents($tmp_dir . DS . $filename . '.zip', $contents);
|
file_put_contents($tmp_dir . DS . $filename . '.zip', $contents);
|
||||||
|
|||||||
Reference in New Issue
Block a user