diff --git a/CHANGELOG.md b/CHANGELOG.md index 1dfede56..30e57f58 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +# v1.8.6 +## 07/13/2018 + +1. [](#bugfix) + * Force `html` for markdown preview [grav#2066](https://github.com/getgrav/grav/issues/2066) + * Add missing `authorizeTask()` checks in controller [#1483](https://github.com/getgrav/grav/issues/1483) + * Add support for `force_ssl` to admin URLs [#1479](https://github.com/getgrav/grav-plugin-admin/issues/1479) + # v1.8.5 ## 06/20/2018 diff --git a/admin.php b/admin.php index 6be371c3..2dcfaf0f 100644 --- a/admin.php +++ b/admin.php @@ -317,6 +317,16 @@ class AdminPlugin extends Plugin */ public function onPagesInitialized() { + $config = $this->config; + + // Force SSL with redirect if required + if ($config->get('system.force_ssl')) { + if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on') { + $url = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; + $this->grav->redirect($url); + } + } + $this->session = $this->grav['session']; // Set original route for the home page. diff --git a/blueprints.yaml b/blueprints.yaml index a060baf4..ed2b2290 100644 --- a/blueprints.yaml +++ b/blueprints.yaml @@ -1,5 +1,5 @@ name: Admin Panel -version: 1.8.5 +version: 1.8.6 description: Adds an advanced administration panel to manage your site icon: empire author: diff --git a/classes/admincontroller.php b/classes/admincontroller.php index 300f6b75..fcd0256b 100644 --- a/classes/admincontroller.php +++ b/classes/admincontroller.php @@ -876,6 +876,10 @@ class AdminController extends AdminBaseController protected function taskGetNewsFeed() { + if (!$this->authorizeTask('dashboard', ['admin.login', 'admin.super'])) { + return false; + } + $cache = $this->grav['cache']; if ($this->post['refresh'] === 'true') { @@ -924,6 +928,10 @@ class AdminController extends AdminBaseController */ protected function taskGetUpdates() { + if (!$this->authorizeTask('dashboard', ['admin.login', 'admin.super'])) { + return false; + } + $data = $this->post; $flush = (isset($data['flush']) && $data['flush'] == true) ? true : false; @@ -970,6 +978,10 @@ class AdminController extends AdminBaseController */ protected function taskGetNotifications() { + if (!$this->authorizeTask('dashboard', ['admin.login', 'admin.super'])) { + return false; + } + $cache = $this->grav['cache']; if (!(bool)$this->grav['config']->get('system.cache.enabled') || !$notifications = $cache->fetch('notifications')) { //No notifications cache (first time) @@ -1009,6 +1021,10 @@ class AdminController extends AdminBaseController */ protected function taskProcessNotifications() { + if (!$this->authorizeTask('notifications', ['admin.login', 'admin.super'])) { + return false; + } + $cache = $this->grav['cache']; $data = $this->post; @@ -1217,6 +1233,15 @@ class AdminController extends AdminBaseController $package_name = isset($data['package_name']) ? $data['package_name'] : ''; $current_version = isset($data['current_version']) ? $data['current_version'] : ''; + if (!$this->authorizeTask('install ' . $type, ['admin.' . $type, 'admin.super'])) { + $json_response = [ + 'status' => 'error', + 'message' => $this->admin->translate('PLUGIN_ADMIN.INSUFFICIENT_PERMISSIONS_FOR_TASK') + ]; + echo json_encode($json_response); + exit; + } + $url = "https://getgrav.org/download/{$type}s/$slug/$current_version"; $result = Gpm::directInstall($url); @@ -1845,9 +1870,9 @@ class AdminController extends AdminBaseController */ protected function taskProcessMarkdown() { - /*if (!$this->authorizeTask('process markdown', ['admin.pages', 'admin.super'])) { + if (!$this->authorizeTask('process markdown', ['admin.pages', 'admin.super'])) { return; - }*/ + } try { $page = $this->admin->page(true); @@ -1863,6 +1888,7 @@ class AdminController extends AdminBaseController $this->preparePage($page, true); $page->header(); + $page->templateFormat('html'); // Add theme template paths to Twig loader $template_paths = $this->grav['locator']->findResources('theme://templates'); @@ -2173,6 +2199,10 @@ class AdminController extends AdminBaseController */ protected function taskSwitchlanguage() { + if (!$this->authorizeTask('switch language', ['admin.pages', 'admin.super'])) { + return false; + } + $data = (array)$this->data; if (isset($data['lang'])) { @@ -2198,6 +2228,56 @@ class AdminController extends AdminBaseController $this->setRedirect('/' . $language . $admin_route . '/' . $redirect); } + /** + * Handle direct install. + */ + protected function taskDirectInstall() + { + if (!$this->authorizeTask('install', ['admin.super'])) { + return false; + } + + $file_path = isset($this->data['file_path']) ? $this->data['file_path'] : null ; + + if (isset($_FILES['uploaded_file'])) { + + // Check $_FILES['file']['error'] value. + switch ($_FILES['uploaded_file']['error']) { + case UPLOAD_ERR_OK: + break; + case UPLOAD_ERR_NO_FILE: + $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.NO_FILES_SENT'), 'error'); + return false; + case UPLOAD_ERR_INI_SIZE: + case UPLOAD_ERR_FORM_SIZE: + $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.EXCEEDED_FILESIZE_LIMIT'), 'error'); + return false; + case UPLOAD_ERR_NO_TMP_DIR: + $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.UPLOAD_ERR_NO_TMP_DIR'), 'error'); + return false; + default: + $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.UNKNOWN_ERRORS'), 'error'); + return false; + } + + $file_path = $_FILES['uploaded_file']['tmp_name']; + } + + + $result = Gpm::directInstall($file_path); + + if ($result === true) { + $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INSTALLATION_SUCCESSFUL'), 'info'); + } else { + $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INSTALLATION_FAILED') . ': ' . $result, + 'error'); + } + + $this->setRedirect('/tools'); + + return true; + } + /** * Save the current page in a different language. Automatically switches to that language. * @@ -2269,49 +2349,5 @@ class AdminController extends AdminBaseController return $filename . '.md'; } - /** - * Handle direct install. - */ - protected function taskDirectInstall() - { - $file_path = isset($this->data['file_path']) ? $this->data['file_path'] : null ; - if (isset($_FILES['uploaded_file'])) { - - // Check $_FILES['file']['error'] value. - switch ($_FILES['uploaded_file']['error']) { - case UPLOAD_ERR_OK: - break; - case UPLOAD_ERR_NO_FILE: - $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.NO_FILES_SENT'), 'error'); - return false; - case UPLOAD_ERR_INI_SIZE: - case UPLOAD_ERR_FORM_SIZE: - $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.EXCEEDED_FILESIZE_LIMIT'), 'error'); - return false; - case UPLOAD_ERR_NO_TMP_DIR: - $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.UPLOAD_ERR_NO_TMP_DIR'), 'error'); - return false; - default: - $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.UNKNOWN_ERRORS'), 'error'); - return false; - } - - $file_path = $_FILES['uploaded_file']['tmp_name']; - } - - - $result = Gpm::directInstall($file_path); - - if ($result === true) { - $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INSTALLATION_SUCCESSFUL'), 'info'); - } else { - $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INSTALLATION_FAILED') . ': ' . $result, - 'error'); - } - - $this->setRedirect('/tools'); - - return true; - } } diff --git a/languages/en.yaml b/languages/en.yaml index 0d89de41..59d6a178 100644 --- a/languages/en.yaml +++ b/languages/en.yaml @@ -392,6 +392,10 @@ PLUGIN_ADMIN: DISPLAY_ERRORS_HELP: "Display full backtrace-style error page" LOG_ERRORS: "Log errors" LOG_ERRORS_HELP: "Log errors to /logs folder" + LOG_HANDLER: "Log handler" + LOG_HANDLER_HELP: "Where to output the logs" + SYSLOG_FACILITY: "Syslog facility" + SYSLOG_FACILITY_HELP: "Syslog facility for output" DEBUGGER: "Debugger" DEBUGGER_HELP: "Enable Grav debugger and following settings" DEBUG_TWIG: "Debug Twig"