From cdcef1822e8b261b82ca1dd9c35fe97694f30ad0 Mon Sep 17 00:00:00 2001
From: merdan <merdan.m@gmail.com>
Date: Fri, 2 Sep 2022 03:05:18 +0000
Subject: [PATCH] feat: added rss

---
 composer.json                                 |  5 ++-
 .../behaviors/ImportExportController.php      |  8 +++-
 .../controllers/users/config_filter.yaml      |  4 +-
 modules/system/classes/UpdateManager.php      | 40 ++++++++++++++++++-
 .../reportwidgets/status/partials/_widget.htm |  2 +
 modules/system/twig/SecurityPolicy.php        |  3 ++
 themes/birzha/pages/rss.htm                   | 10 +++++
 themes/birzha/partials/footer.htm             |  8 ++--
 8 files changed, 69 insertions(+), 11 deletions(-)
 create mode 100644 themes/birzha/pages/rss.htm

diff --git a/composer.json b/composer.json
index 3e1033cee..8a7c5d91b 100644
--- a/composer.json
+++ b/composer.json
@@ -70,7 +70,10 @@
         ]
     },
     "config": {
-        "preferred-install": "dist"
+        "preferred-install": "dist",
+        "allow-plugins": {
+            "composer/installers": true
+        }
     },
     "minimum-stability": "dev",
     "prefer-stable": true
diff --git a/modules/backend/behaviors/ImportExportController.php b/modules/backend/behaviors/ImportExportController.php
index 0af1497ac..4fb497f8b 100644
--- a/modules/backend/behaviors/ImportExportController.php
+++ b/modules/backend/behaviors/ImportExportController.php
@@ -15,6 +15,7 @@ use League\Csv\EscapeFormula as CsvEscapeFormula;
 use ApplicationException;
 use SplTempFileObject;
 use Exception;
+use League\Csv\Statement;
 
 /**
  * Adds features for importing and exporting data.
@@ -250,10 +251,13 @@ class ImportExportController extends ControllerBehavior
         $reader = $this->createCsvReader($path);
 
         if (post('first_row_titles')) {
-            $reader->setOffset(1);
+            $reader->setHeaderOffset(1);
         }
 
-        $result = $reader->setLimit(50)->fetchColumn((int) $columnId);
+        $result = (new Statement())
+            ->limit(50)
+            ->process($reader)
+            ->fetchColumn((int) $columnId);
         $data = iterator_to_array($result, false);
 
         /*
diff --git a/modules/backend/controllers/users/config_filter.yaml b/modules/backend/controllers/users/config_filter.yaml
index d9660cc48..08ebb3f56 100644
--- a/modules/backend/controllers/users/config_filter.yaml
+++ b/modules/backend/controllers/users/config_filter.yaml
@@ -8,8 +8,8 @@ scopes:
         label: backend::lang.user.superuser
         type: switch
         conditions:
-            - is_superuser = 0
-            - is_superuser = 1
+            - is_superuser = false
+            - is_superuser = true
 
     login_date:
         label: backend::lang.user.last_login
diff --git a/modules/system/classes/UpdateManager.php b/modules/system/classes/UpdateManager.php
index 537522564..b73f40358 100644
--- a/modules/system/classes/UpdateManager.php
+++ b/modules/system/classes/UpdateManager.php
@@ -8,6 +8,7 @@ use Http;
 use Cache;
 use Schema;
 use Config;
+use Request;
 use ApplicationException;
 use Cms\Classes\ThemeManager;
 use System\Models\Parameter;
@@ -885,6 +886,10 @@ class UpdateManager
             throw new ApplicationException(Lang::get('system::lang.server.response_invalid'));
         }
 
+        if (!$this->validateServerSignature($resultData, $result->headers['Rest-Sign'] ?? '')) {
+            throw new ApplicationException(Lang::get('system::lang.server.response_invalid') . ' (Bad signature)');
+        }
+
         return $resultData;
     }
 
@@ -963,12 +968,13 @@ class UpdateManager
      */
     protected function applyHttpAttributes($http, $postData)
     {
-        $postData['protocol_version'] = '1.2';
-        $postData['client'] = 'october';
+        $postData['protocol_version'] = '1.3';
+        $postData['client'] = 'October CMS';
 
         $postData['server'] = base64_encode(json_encode([
             'php'   => PHP_VERSION,
             'url'   => Url::to('/'),
+            'ip'    => Request::ip(),
             'since' => PluginVersion::orderBy('created_at')->value('created_at')
         ]));
 
@@ -1070,4 +1076,34 @@ class UpdateManager
             }
         }
     }
+
+    /**
+     * validateServerSignature checks the server has provided a valid signature
+     *
+     * @return bool
+     */
+    protected function validateServerSignature($data, $signature)
+    {
+        if (!$signature) {
+            return false;
+        }
+
+        $signature = base64_decode($signature);
+
+        $pubKey = '-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+KwvTXqC8Mz9vV4KIvX
+3y+aZusrlg26jdbNVUuhXNFbt1VisjJydHW2+WGsiEHSy2s61ZAV2dICR6f3huSw
+jY/MH9j23Oo/u61CBpvIS3Q8uC+TLtJl4/F9eqlnzocfMoKe8NmcBbUR3TKQoIok
+xbSMl6jiE2k5TJdzhHUxjZRIeeLDLMKYX6xt37LdhuM8zO6sXQmCGg4J6LmHTJph
+96H11gBvcFSFJSmIiDykJOELZl/aVcY1g3YgpL0mw5Bw1VTmKaRdz1eBi9DmKrKX
+UijG4gD8eLRV/FS/sZCFNR/evbQXvTBxO0TOIVi85PlQEcMl4SBj0CoTyNbcAGtz
+4wIDAQAB
+-----END PUBLIC KEY-----';
+
+        $pubKey = Config::get('system.update_gateway_key', $pubKey);
+
+        $data = base64_encode(json_encode($data));
+
+        return openssl_verify($data, $signature, $pubKey) === 1;
+    }
 }
diff --git a/modules/system/reportwidgets/status/partials/_widget.htm b/modules/system/reportwidgets/status/partials/_widget.htm
index 855e103e3..814606e3a 100644
--- a/modules/system/reportwidgets/status/partials/_widget.htm
+++ b/modules/system/reportwidgets/status/partials/_widget.htm
@@ -4,6 +4,7 @@
     <?php if (!isset($error)): ?>
         <div class="control-status-list">
             <ul>
+                <?php /*
                 <li>
                     <?php if ($updates): ?>
                         <span class="status-icon warning"><i class="icon-exclamation"></i></span>
@@ -20,6 +21,7 @@
                         </span>
                     <?php endif ?>
                 </li>
+                */ ?>
                 <li>
                     <?php if ($warnings): ?>
                         <span class="status-icon warning"><i class="icon-exclamation"></i></span>
diff --git a/modules/system/twig/SecurityPolicy.php b/modules/system/twig/SecurityPolicy.php
index b273e9246..e4864072d 100644
--- a/modules/system/twig/SecurityPolicy.php
+++ b/modules/system/twig/SecurityPolicy.php
@@ -18,6 +18,9 @@ final class SecurityPolicy implements SecurityPolicyInterface
      * @var array List of forbidden methods.
      */
     protected $blockedMethods = [
+        // Prevent magic bypass
+        '__call',
+
         // Prevent manipulating Twig itself
         'getTwig',
 
diff --git a/themes/birzha/pages/rss.htm b/themes/birzha/pages/rss.htm
new file mode 100644
index 000000000..7c940290e
--- /dev/null
+++ b/themes/birzha/pages/rss.htm
@@ -0,0 +1,10 @@
+title = "rss"
+url = "/rss"
+is_hidden = 0
+
+[blogRssFeed]
+sortOrder = "created_at desc"
+postsPerPage = 10
+blogPage = "news_post"
+postPage = "news_post"
+==
\ No newline at end of file
diff --git a/themes/birzha/partials/footer.htm b/themes/birzha/partials/footer.htm
index 1a203b757..ddf542647 100644
--- a/themes/birzha/partials/footer.htm
+++ b/themes/birzha/partials/footer.htm
@@ -1,9 +1,9 @@
+[viewBag]
+
 [categories categories3]
 active = 1
 slug = "{{ :slug }}"
 renderFeatures = "footer"
-
-[viewBag]
 ==
 <footer class="footer">
     <div class="auto_container">
@@ -46,8 +46,8 @@ renderFeatures = "footer"
                 </div>
             </div>
             <div class="copyright">
-                {{ 'footer.copyright'|_ }}
+                {{ 'footer.copyright'|_ }} / <a href="/{{activeLocale}}/rss" style="color: white;" target="_blank">RSS</a>
             </div>
         </div>
     </div>
-</footer>
+</footer>
\ No newline at end of file