From a8ed9070e7773f3147a33dbee7d45ce24bd8959d Mon Sep 17 00:00:00 2001 From: vincent-peugnet Date: Mon, 21 Jan 2019 14:30:08 +0100 Subject: security htaccess, render class of link --- .gitignore | 1 + .htaccess | 4 ++++ app/class/art2.php | 2 +- app/class/modelrender.php | 8 ++++---- app/class/routes.php | 3 ++- fonts/README.md | 2 ++ 6 files changed, 14 insertions(+), 6 deletions(-) create mode 100644 fonts/README.md diff --git a/.gitignore b/.gitignore index 8f38ba2..caf0c5b 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ media/* vendor/* config.json error_log +!README.md diff --git a/.htaccess b/.htaccess index 7ded04e..270be92 100644 --- a/.htaccess +++ b/.htaccess @@ -1,3 +1,7 @@ RewriteEngine on +# everything that does not contain asssets|media|fonts +RewriteCond %{REQUEST_URI} !^(.*)/(assets|media|fonts)/ [OR] +# or that isn't a file RewriteCond %{REQUEST_FILENAME} !-f +# is redirect to index RewriteRule . index.php [L] \ No newline at end of file diff --git a/app/class/art2.php b/app/class/art2.php index a7e94f3..7354e8c 100644 --- a/app/class/art2.php +++ b/app/class/art2.php @@ -304,7 +304,7 @@ class Art2 if ($type == 'string') { if ($this->secure == 0) $secure = 'public'; if ($this->secure == 1) $secure = 'private'; - if ($this->secure == 2) $secure = 'not published'; + if ($this->secure == 2) $secure = 'not_published'; return $secure; } else { return $this->secure; diff --git a/app/class/modelrender.php b/app/class/modelrender.php index 88d1e10..367dac8 100644 --- a/app/class/modelrender.php +++ b/app/class/modelrender.php @@ -279,10 +279,10 @@ class Modelrender extends Modelart function ($matches) use ($rend, &$linkfrom) { $matchart = $rend->get($matches[1]); if (!$matchart) { - $link = 'href="' . $rend->uart($matches[1]) . '"" title="' . Config::existnot() . '" class="internal"' . $this->internallinkblank; + $link = 'href="' . $rend->uart($matches[1]) . '"" title="' . Config::existnot() . '" class="internal existnot"' . $this->internallinkblank; } else { $linkfrom[] = $matchart->id(); - $link = 'href="' . $rend->uart($matches[1]) . $matches[2] . '" title="' . $matchart->description() . '" class="internal"' . $this->internallinkblank; + $link = 'href="' . $rend->uart($matches[1]) . $matches[2] . '" title="' . $matchart->description() . '" class="internal exist '. $matchart->secure('string') .'"' . $this->internallinkblank; } return $link; }, @@ -301,10 +301,10 @@ class Modelrender extends Modelart function ($matches) use ($rend, &$linkfrom) { $matchart = $rend->get($matches[1]); if (!$matchart) { - return 'internallinkblank .' >' . $matches[1] . ''; + return 'internallinkblank .' >' . $matches[1] . ''; } else { $linkfrom[] = $matchart->id(); - return 'internallinkblank .' >' . $matchart->title() . ''; + return 'internallinkblank .' >' . $matchart->title() . ''; } }, $text diff --git a/app/class/routes.php b/app/class/routes.php index 2ccc269..db57b77 100644 --- a/app/class/routes.php +++ b/app/class/routes.php @@ -29,6 +29,7 @@ class Routes ['GET', '/!user', 'Controlleruser#desktop', 'user'], ['POST', '/!user/add', 'Controlleruser#add', 'useradd'], ['POST', '/!user/update', 'Controlleruser#update', 'userupdate'], + ['POST', '/!user/pref', 'Controlleruser#pref', 'userpref'], ['GET', '/!info', 'Controllerinfo#desktop', 'info'], ['GET', '/!timeline', 'Controllertimeline#desktop', 'timeline'], ['POST', '/!timeline/add', 'Controllertimeline#add', 'timelineadd'], @@ -42,7 +43,7 @@ class Routes ['POST', '/[cid:art]/edit', 'Controllerart#update', 'artupdate'], ['GET', '/[cid:art]/delete', 'Controllerart#confirmdelete', 'artconfirmdelete'], ['POST', '/[cid:art]/delete', 'Controllerart#delete', 'artdelete'], - //['GET', '/[cid:art]/[*]', 'Controllerart#artdirect', 'artread/etoile'], + ['GET', '/[cid:art]/[*]', 'Controllerart#artdirect', 'artread/etoile'], ]); $match = $router->match(); diff --git a/fonts/README.md b/fonts/README.md new file mode 100644 index 0000000..cdfc91d --- /dev/null +++ b/fonts/README.md @@ -0,0 +1,2 @@ +# Font directory + -- cgit v1.2.3