feat: added rss

2022-09-02 03:05:18 +00:00 · 2022-09-02 03:05:18 +00:00 · cdcef1822e
parent 07a08500be
commit cdcef1822e
8 changed files with 69 additions and 11 deletions
--- a/composer.json
+++ b/composer.json
@ -70,7 +70,10 @@
        ]
    },
    "config": {
-        "preferred-install": "dist"
+        "preferred-install": "dist",
+        "allow-plugins": {
+            "composer/installers": true
+        }
    },
    "minimum-stability": "dev",
    "prefer-stable": true
--- a/modules/backend/behaviors/ImportExportController.php
+++ b/modules/backend/behaviors/ImportExportController.php
@ -15,6 +15,7 @@ use League\Csv\EscapeFormula as CsvEscapeFormula;
 use ApplicationException;
 use SplTempFileObject;
 use Exception;
+use League\Csv\Statement;

 /**
 * Adds features for importing and exporting data.
@ -250,10 +251,13 @@ class ImportExportController extends ControllerBehavior
        $reader = $this->createCsvReader($path);

        if (post('first_row_titles')) {
-            $reader->setOffset(1);
+            $reader->setHeaderOffset(1);
        }

-        $result = $reader->setLimit(50)->fetchColumn((int) $columnId);
+        $result = (new Statement())
+            ->limit(50)
+            ->process($reader)
+            ->fetchColumn((int) $columnId);
        $data = iterator_to_array($result, false);

        /*
--- a/modules/backend/controllers/users/config_filter.yaml
+++ b/modules/backend/controllers/users/config_filter.yaml
@ -8,8 +8,8 @@ scopes:
        label: backend::lang.user.superuser
        type: switch
        conditions:
-            - is_superuser = 0
-            - is_superuser = 1
+            - is_superuser = false
+            - is_superuser = true

    login_date:
        label: backend::lang.user.last_login
--- a/modules/system/classes/UpdateManager.php
+++ b/modules/system/classes/UpdateManager.php
@ -8,6 +8,7 @@ use Http;
 use Cache;
 use Schema;
 use Config;
+use Request;
 use ApplicationException;
 use Cms\Classes\ThemeManager;
 use System\Models\Parameter;
@ -885,6 +886,10 @@ class UpdateManager
            throw new ApplicationException(Lang::get('system::lang.server.response_invalid'));
        }

+        if (!$this->validateServerSignature($resultData, $result->headers['Rest-Sign'] ?? '')) {
+            throw new ApplicationException(Lang::get('system::lang.server.response_invalid') . ' (Bad signature)');
+        }
+
        return $resultData;
    }

@ -963,12 +968,13 @@ class UpdateManager
     */
    protected function applyHttpAttributes($http, $postData)
    {
-        $postData['protocol_version'] = '1.2';
-        $postData['client'] = 'october';
+        $postData['protocol_version'] = '1.3';
+        $postData['client'] = 'October CMS';

        $postData['server'] = base64_encode(json_encode([
            'php'   => PHP_VERSION,
            'url'   => Url::to('/'),
+            'ip'    => Request::ip(),
            'since' => PluginVersion::orderBy('created_at')->value('created_at')
        ]));

@ -1070,4 +1076,34 @@ class UpdateManager
            }
        }
    }
+
+    /**
+     * validateServerSignature checks the server has provided a valid signature
+     *
+     * @return bool
+     */
+    protected function validateServerSignature($data, $signature)
+    {
+        if (!$signature) {
+            return false;
+        }
+
+        $signature = base64_decode($signature);
+
+        $pubKey = '-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+KwvTXqC8Mz9vV4KIvX
+3y+aZusrlg26jdbNVUuhXNFbt1VisjJydHW2+WGsiEHSy2s61ZAV2dICR6f3huSw
+jY/MH9j23Oo/u61CBpvIS3Q8uC+TLtJl4/F9eqlnzocfMoKe8NmcBbUR3TKQoIok
+xbSMl6jiE2k5TJdzhHUxjZRIeeLDLMKYX6xt37LdhuM8zO6sXQmCGg4J6LmHTJph
+96H11gBvcFSFJSmIiDykJOELZl/aVcY1g3YgpL0mw5Bw1VTmKaRdz1eBi9DmKrKX
+UijG4gD8eLRV/FS/sZCFNR/evbQXvTBxO0TOIVi85PlQEcMl4SBj0CoTyNbcAGtz
+4wIDAQAB
+-----END PUBLIC KEY-----';
+
+        $pubKey = Config::get('system.update_gateway_key', $pubKey);
+
+        $data = base64_encode(json_encode($data));
+
+        return openssl_verify($data, $signature, $pubKey) === 1;
+    }
 }
--- a/modules/system/reportwidgets/status/partials/_widget.htm
+++ b/modules/system/reportwidgets/status/partials/_widget.htm
@ -4,6 +4,7 @@
    <?php if (!isset($error)): ?>
        <div class="control-status-list">
            <ul>
+                <?php /*
                <li>
                    <?php if ($updates): ?>
                        <span class="status-icon warning"><i class="icon-exclamation"></i></span>
@ -20,6 +21,7 @@
                        </span>
                    <?php endif ?>
                </li>
+                */ ?>
                <li>
                    <?php if ($warnings): ?>
                        <span class="status-icon warning"><i class="icon-exclamation"></i></span>
--- a/modules/system/twig/SecurityPolicy.php
+++ b/modules/system/twig/SecurityPolicy.php
@ -18,6 +18,9 @@ final class SecurityPolicy implements SecurityPolicyInterface
     * @var array List of forbidden methods.
     */
    protected $blockedMethods = [
+        // Prevent magic bypass
+        '__call',
+
        // Prevent manipulating Twig itself
        'getTwig',

--- a/themes/birzha/pages/rss.htm
+++ b/themes/birzha/pages/rss.htm
@ -0,0 +1,10 @@
+title = "rss"
+url = "/rss"
+is_hidden = 0
+
+[blogRssFeed]
+sortOrder = "created_at desc"
+postsPerPage = 10
+blogPage = "news_post"
+postPage = "news_post"
+==
--- a/themes/birzha/partials/footer.htm
+++ b/themes/birzha/partials/footer.htm
@ -1,9 +1,9 @@
+[viewBag]
+
 [categories categories3]
 active = 1
 slug = "{{ :slug }}"
 renderFeatures = "footer"
-
-[viewBag]
 ==
 <footer class="footer">
    <div class="auto_container">
@ -46,7 +46,7 @@ renderFeatures = "footer"
                </div>
            </div>
            <div class="copyright">
-                {{ 'footer.copyright'|_ }}
+                {{ 'footer.copyright'|_ }} / <a href="/{{activeLocale}}/rss" style="color: white;" target="_blank">RSS</a>
            </div>
        </div>
    </div>