Overview
Comment: | Make sure access to skeletons is possible, but only via Skeleton class |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | dev | 1.1.0-alpha7 |
Files: | files | file ages | folders |
SHA3-256: |
f0156b82a12ecdc06e2f7c49cf6fb688 |
User & Date: | bohwaz on 2021-03-19 21:01:06 |
Other Links: | branch diff | manifest | tags |
Context
2021-03-19
| ||
22:36 | Make sure that skeletons can be downloaded, it's a funky security case, but hey it's easier like that check-in: c7df5f56e6 user: bohwaz tags: dev, 1.1.0-alpha7 | |
21:01 | Make sure access to skeletons is possible, but only via Skeleton class check-in: f0156b82a1 user: bohwaz tags: dev, 1.1.0-alpha7 | |
2021-03-17
| ||
20:42 | Fix issue where there was recursion in wiki_pages tree! check-in: 262ad12fe6 user: bohwaz tags: dev, 1.1.0-alpha7 | |
Changes
Modified src/include/lib/Garradin/Entities/Files/File.php from [75845bac02] to [d0135082fc].
︙ | ︙ | |||
540 541 542 543 544 545 546 547 548 549 550 551 552 553 | public function serve(?Session $session = null, bool $download = false): void { if (!$this->checkReadAccess($session)) { header('HTTP/1.1 403 Forbidden', true, 403); throw new UserException('Vous n\'avez pas accès à ce fichier.'); return; } $path = Files::callStorage('getFullPath', $this); $content = null === $path ? Files::callStorage('fetch', $this) : null; $this->_serve($path, $content, $download); } | > > > > > > | 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 | public function serve(?Session $session = null, bool $download = false): void { if (!$this->checkReadAccess($session)) { header('HTTP/1.1 403 Forbidden', true, 403); throw new UserException('Vous n\'avez pas accès à ce fichier.'); return; } // Only simple files can be served, not directories if ($this->type != self::TYPE_FILE) { header('HTTP/1.1 404 Not Found', true, 404); throw new UserException('Page non trouvée'); } $path = Files::callStorage('getFullPath', $this); $content = null === $path ? Files::callStorage('fetch', $this) : null; $this->_serve($path, $content, $download); } |
︙ | ︙ | |||
604 605 606 607 608 609 610 | * @param string $path Chemin vers le fichier local * @param string $type Type MIME du fichier * @param string $name Nom du fichier avec extension * @param integer $size Taille du fichier en octets (facultatif) */ protected function _serve(?string $path, ?string $content, bool $download = false): void { | < < < < < | 610 611 612 613 614 615 616 617 618 619 620 621 622 623 | * @param string $path Chemin vers le fichier local * @param string $type Type MIME du fichier * @param string $name Nom du fichier avec extension * @param integer $size Taille du fichier en octets (facultatif) */ protected function _serve(?string $path, ?string $content, bool $download = false): void { if ($this->isPublic()) { Utils::HTTPCache(md5($this->path . $this->size . $this->modified->getTimestamp()), $this->modified->getTimestamp()); } else { // Disable browser cache header('Pragma: private'); header('Expires: -1'); |
︙ | ︙ | |||
717 718 719 720 721 722 723 | $context = $this->context(); $ref = strtok(substr($this->path, strpos($this->path, '/')), '/'); if (null === $session || !$session->isLogged()) { return false; } | < < < | | 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 | $context = $this->context(); $ref = strtok(substr($this->path, strpos($this->path, '/')), '/'); if (null === $session || !$session->isLogged()) { return false; } if ($context == self::CONTEXT_TRANSACTION && $session->canAccess($session::SECTION_ACCOUNTING, $session::ACCESS_READ)) { return true; } // The user can access his own profile files else if ($context == self::CONTEXT_USER && $ref == $session->getUser()->id) { return true; } // Only users able to manage users can see their profile files |
︙ | ︙ | |||
824 825 826 827 828 829 830 | return sha1($this->path); } public function isPublic(): bool { $context = $this->context(); | | | 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 | return sha1($this->path); } public function isPublic(): bool { $context = $this->context(); if ($context == self::CONTEXT_SKELETON || $context == self::CONTEXT_CONFIG || $context == self::CONTEXT_WEB) { return true; } return false; } public function getEditor(): ?string |
︙ | ︙ |
Modified src/include/lib/Garradin/Web/Web.php from [06fb7879ee] to [229d91f1c5].
︙ | ︙ | |||
135 136 137 138 139 140 141 142 143 144 145 146 147 148 | Utils::redirect(ADMIN_URL); } $page = null; if ($uri == '') { $skel = 'index.html'; } elseif ($page = self::get($uri)) { $skel = $page->template(); $page = $page->asTemplateArray(); } else { // Trying to see if a custom template with this name exists | > > > | 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 | Utils::redirect(ADMIN_URL); } $page = null; if ($uri == '') { $skel = 'index.html'; } elseif (substr($uri, 0, strlen(File::CONTEXT_SKELETON)) == File::CONTEXT_SKELETON) { $skel = '404.html'; } elseif ($page = self::get($uri)) { $skel = $page->template(); $page = $page->asTemplateArray(); } else { // Trying to see if a custom template with this name exists |
︙ | ︙ |