Merge branch 'develop' into feature/csrf

.editorconfig

@@ -15,5 +15,5 @@ trim_trailing_whitespace = false
 [{composer.json,package.json}]
 indent_style = space
 
-[package.json]
+[{package.json, *.yml}]
 indent_size = 2

common.php

@@ -136,7 +136,7 @@ if(!IS_CLI) {
 		}
 	}
 
-	define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
+	define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
 	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
 
@@ -147,6 +147,7 @@ if (file_exists(BASE . 'config.local.php')) {
 	require BASE . 'config.local.php';
 }
 
+/** @var array $config */
 ini_set('log_errors', 1);
 if(@$config['env'] === 'dev') {
 	ini_set('display_errors', 1);
@@ -165,3 +166,11 @@ if (!is_file($autoloadFile)) {
 }
 
 require $autoloadFile;
+
+function isHttps(): bool
+{
+	return
+		(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https')
+		|| (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
+		|| (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
+}

cypress/e2e/2-create-account.cy.js

@@ -14,7 +14,7 @@ describe('Create Account Page', () => {
 		cy.get('#email').type('tester@example.com')
 
 		cy.get('#password').type('test1234')
-		cy.get('#password2').type('test1234')
+		cy.get('#password_confirm').type('test1234')
 
 		cy.get('#character_name').type('Slaw')
 

system/functions.php

@@ -1220,16 +1220,38 @@ function clearCache()
 		if ($cache->fetch('failed_logins', $tmp))
 			$cache->delete('failed_logins');
 
-		global $template_name;
+		foreach (get_templates() as $template) {
-		if ($cache->fetch('template_ini' . $template_name, $tmp))
+			if ($cache->fetch('template_ini_' . $template, $tmp)) {
-			$cache->delete('template_ini' . $template_name);
+				$cache->delete('template_ini_' . $template);
+			}
+		}
 
-		if ($cache->fetch('plugins_hooks', $tmp))
+		if ($cache->fetch('template_menus', $tmp)) {
+			$cache->delete('template_menus');
+		}
+		if ($cache->fetch('database_tables', $tmp)) {
+			$cache->delete('database_tables');
+		}
+		if ($cache->fetch('database_columns', $tmp)) {
+			$cache->delete('database_columns');
+		}
+		if ($cache->fetch('database_checksum', $tmp)) {
+			$cache->delete('database_checksum');
+		}
+		if ($cache->fetch('last_kills', $tmp)) {
+			$cache->delete('last_kills');
+		}
+
+		if ($cache->fetch('hooks', $tmp)) {
+			$cache->delete('hooks');
+		}
+		if ($cache->fetch('plugins_hooks', $tmp)) {
 			$cache->delete('plugins_hooks');
-
+		}
-		if ($cache->fetch('plugins_routes', $tmp))
+		if ($cache->fetch('plugins_routes', $tmp)) {
 			$cache->delete('plugins_routes');
 		}
+	}
 
 	deleteDirectory(CACHE . 'signatures', ['index.html'], true);
 	deleteDirectory(CACHE . 'twig', ['index.html'], true);

system/pages/account/change_password.php

@@ -18,18 +18,18 @@ if(!$logged) {
 }
 
 $new_password = $_POST['newpassword'] ?? NULL;
-$new_password2 = $_POST['newpassword2'] ?? NULL;
+$new_password_confirm = $_POST['newpassword_confirm'] ?? NULL;
 $old_password = $_POST['oldpassword'] ?? NULL;
-if(empty($new_password) && empty($new_password2) && empty($old_password)) {
+if(empty($new_password) && empty($new_password_confirm) && empty($old_password)) {
 	$twig->display('account.change_password.html.twig');
 }
 else
 {
-	if(empty($new_password) || empty($new_password2) || empty($old_password)){
+	if(empty($new_password) || empty($new_password_confirm) || empty($old_password)){
 		$errors[] = 'Please fill in form.';
 	}
 	$password_strlen = strlen($new_password);
-	if($new_password != $new_password2) {
+	if($new_password != $new_password_confirm) {
 		$errors[] = 'The new passwords do not match!';
 	}
 

system/pages/account/create.php

@@ -50,7 +50,7 @@ if($save)
 
 	$email = $_POST['email'];
 	$password = $_POST['password'];
-	$password2 = $_POST['password2'];
+	$password_confirm = $_POST['password_confirm'];
 
 	// account
 	if(!config('account_login_by_email')) {
@@ -81,7 +81,7 @@ if($save)
 	if(empty($password)) {
 		$errors['password'] = 'Please enter the password for your new account.';
 	}
-	elseif($password != $password2) {
+	elseif($password != $password_confirm) {
 		$errors['password'] = 'Passwords are not the same.';
 	}
 	else if(!Validator::password($password)) {
@@ -134,7 +134,7 @@ if($save)
 		'email' => $email,
 		'country' => $country,
 		'password' => $password,
-		'password2' => $password2,
+		'password_confirm' => $password_confirm,
 		'accept_rules' => isset($_POST['accept_rules']) ? $_POST['accept_rules'] === 'true' : false,
 	);
 
@@ -267,7 +267,7 @@ if($save)
 					$_POST['account_login'] = USE_ACCOUNT_NAME ? $account_name : $account_id;
 				}
 
-				$_POST['password_login'] = $password2;
+				$_POST['password_login'] = $password_confirm;
 
 				require PAGES . 'account/login.php';
 				header('Location: ' . getLink('account/manage'));

system/pages/highscores.php

@@ -135,6 +135,7 @@ if($settingHighscoresOutfit) {
 $configHighscoresPerPage = setting('core.highscores_per_page');
 $limit = $configHighscoresPerPage + 1;
 
+$highscores = [];
 $needReCache = true;
 $cacheKey = 'highscores_' . $skill . '_' . $vocation . '_' . $page . '_' . $configHighscoresPerPage;
 
@@ -158,7 +159,7 @@ $query->join('accounts', 'accounts.id', '=', 'players.account_id')
 	->selectRaw('accounts.country, players.id, players.name, players.account_id, players.level, players.vocation' . $outfit . $promotion)
 	->orderByDesc('value');
 
-if (!isset($highscores) || empty($highscores)) {
+if (empty($highscores)) {
 	if ($skill >= POT::SKILL_FIRST && $skill <= POT::SKILL_LAST) { // skills
 		if ($db->hasColumn('players', 'skill_fist')) {// tfs 1.0
 			$skill_ids = array(
@@ -201,16 +202,16 @@ if (!isset($highscores) || empty($highscores)) {
 			$list = 'experience';
 		}
 	}
-}
 
-$highscores = $query->get()->map(function($row) {
+	$highscores = $query->get()->map(function($row) {
 		$tmp = $row->toArray();
 		$tmp['online'] = $row->online_status;
 		$tmp['vocation'] = $row->vocation_name;
 		unset($tmp['online_table']);
 
 		return $tmp;
-})->toArray();
+	})->toArray();
+}
 
 if ($cache->enabled() && $needReCache) {
 	$cache->set($cacheKey, serialize($highscores), setting('core.highscores_cache_ttl') * 60);

system/src/Models/GuildInvite.php

@@ -3,7 +3,7 @@
 namespace MyAAC\Models;
 use Illuminate\Database\Eloquent\Model;
 
-class GuildInvites extends Model {
+class GuildInvite extends Model {
 
 	protected $table = 'guild_invites';
 

system/templates/account.change_password.html.twig

@@ -34,7 +34,7 @@ Please enter your current password and a new password. For your security, please
 									<span>New Password Again:</span>
 								</td>
 								<td>
-									<input type="password" name="newpassword2" size="30" maxlength="29">
+									<input type="password" name="newpassword_confirm" size="30" maxlength="29">
 								</td>
 							</tr>
 							<tr>

system/templates/account.create.html.twig

@@ -105,11 +105,11 @@
 														<span{% if errors.password is defined %} class="red"{% endif %}>Repeat password:</span>
 													</td>
 													<td>
-														<input type="password" name="password2" id="password2" value="" size="30" maxlength="29" />
+														<input type="password" name="password_confirm" id="password_confirm" value="" size="30" maxlength="29" />
-														<img id="password2_indicator" src="images/global/general/{% if not save or errors.password is defined %}n{% endif %}ok.gif" style="display: none;" />
+														<img id="password_confirm_indicator" src="images/global/general/{% if not save or errors.password is defined %}n{% endif %}ok.gif" style="display: none;" />
 													</td>
 												</tr>
-												<tr><td></td><td><span id="password2_error" class="FormFieldError">{% if errors.password is defined %}{{ errors.password }}{% endif %}</span></td></tr>
+												<tr><td></td><td><span id="password_confirm_error" class="FormFieldError">{% if errors.password is defined %}{{ errors.password }}{% endif %}</span></td></tr>
 
 												{{ hook('HOOK_ACCOUNT_CREATE_AFTER_PASSWORDS') }}
 												</tbody>

system/templates/account.create.js.html.twig

@@ -17,7 +17,7 @@
 		$('#password').blur(function() {
 			checkPassword();
 		});
-		$('#password2').blur(function() {
+		$('#password_confirm').blur(function() {
 			checkPassword();
 		});
 		$('#SuggestAccountNumber a').click(function (event) {
@@ -150,11 +150,11 @@
 			return;
 		}
 
-		if(document.getElementById("password2").value == "")
+		if(document.getElementById("password_confirm").value == "")
 		{
-			$('#password2_error').html('Please enter the password again!');
+			$('#password_confirm_error').html('Please enter the password again!');
-			$('#password2_indicator').attr('src', 'images/global/general/nok.gif');
+			$('#password_confirm_indicator').attr('src', 'images/global/general/nok.gif');
-			$('#password2_indicator').show();
+			$('#password_confirm_indicator').show();
 			return;
 		}
 
@@ -172,24 +172,24 @@
 		}
 
 		var password = document.getElementById("password").value;
-		var password2 = document.getElementById("password2").value;
+		var password_confirm = document.getElementById("password_confirm").value;
-		$.getJSON("tools/validate.php", { password: password, password2: password2, uid: Math.random() },
+		$.getJSON("tools/validate.php", { password: password, password_confirm: password_confirm, uid: Math.random() },
 			function(data){
 				if(data.hasOwnProperty('success')) {
 					$('#password_error').html ('');
-					$('#password2_error').html ('');
+					$('#password_confirm_error').html ('');
 					$('#password_indicator').attr('src', 'images/global/general/ok.gif');
-					$('#password2_indicator').attr('src', 'images/global/general/ok.gif');
+					$('#password_confirm_indicator').attr('src', 'images/global/general/ok.gif');
 				}
 				else if(data.hasOwnProperty('error')) {
 					$('#password_error').html(data.error);
-					$('#password2_error').html(data.error);
+					$('#password_confirm_error').html(data.error);
 					$('#password_indicator').attr('src', 'images/global/general/nok.gif');
-					$('#password2_indicator').attr('src', 'images/global/general/nok.gif');
+					$('#password_confirm_indicator').attr('src', 'images/global/general/nok.gif');
 				}
 
 				$('#password_indicator').show();
-				$('#password2_indicator').show();
+				$('#password_confirm_indicator').show();
 			}
 		);
 

system/twig.php

@@ -31,7 +31,7 @@ if($dev_mode) {
 }
 unset($dev_mode);
 
-$filter = new Twig_SimpleFilter('timeago', function ($datetime) {
+$filter = new TwigFilter('timeago', function ($datetime) {
 
 	$time = time() - strtotime($datetime);
 

templates/tibiacom/account.login.html.twig

@@ -115,14 +115,14 @@
 											<tr>
 												<td >
 													<div style="float: right; margin-top: 20px;" >
-														{% spaceless %}
+														{% apply spaceless %}
 														<form class="MediumButtonForm" action="{{ getLink('account/create') }}" method="post" >
 															<div class="MediumButtonBackground" style="background-image:url({{ template_path }}/images/global/buttons/mediumbutton.gif)" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);">
 																<div class="MediumButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/mediumbutton-over.gif)" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);"></div>
 																<input class="MediumButtonText" type="image" name="Create Account" alt="Create Account" src="{{ template_path }}/images/global/buttons/mediumbutton_createaccount.png" />
 															</div>
 														</form>
-														{% endspaceless %}
+														{% endapply %}
 													</div>
 													<div id="LoginCreateAccountBox" >
 														<p><b>{{ config.lua.serverName }}...</b></p>

templates/tibiacom/account.management.html.twig

@@ -35,7 +35,7 @@
 			<td>
 				<img src="{{ template_path }}/images/content/headline-bracer-left.gif" />
 			</td>
-			<td style="text-align:center;vertical-align:middle;horizontal-align:center;font-size:17px;font-weight:bold;" >{{ welcome_message }}<br/></td>
+			<td style="text-align:center;vertical-align:middle;horizontal-align:center;font-size:17px;font-weight:bold;" >{{ welcome_message|raw }}<br/></td>
 			<td><img src="{{ template_path }}/images/content/headline-bracer-right.gif" /></td>
 		</tr>
 	</table>

templates/tibiacom/buttons.base.html.twig

@@ -1,8 +1,8 @@
-{% spaceless %}
+{% apply spaceless %}
 <div class="BigButton" style="background-image:url({{ template_path }}/images/global/buttons/button_blue.gif)">
 	<div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);">
 		<div class="BigButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/{% if button_color is defined and button_color == 'green' %}button_green{% else %}button_blue_over{% endif %}.gif);" ></div>
 		<input class="BigButtonText" type="submit" value="{{ button_name }}">
 	</div>
 </div>
-{% endspaceless %}
+{% endapply %}

tools/validate.php

@@ -75,9 +75,9 @@ else if(isset($_GET['name']))
 
 	success_('Good. Your name will be:<br /><b>' . (admin() ? $name : ucwords($name)) . '</b>');
 }
-else if(isset($_GET['password']) && isset($_GET['password2'])) {
+else if(isset($_GET['password']) && isset($_GET['password_confirm'])) {
 	$password = $_GET['password'];
-	$password2 = $_GET['password2'];
+	$password_confirm = $_GET['password_confirm'];
 
 	if(!isset($password[0])) {
 		error_('Please enter the password for your new account.');
@@ -86,7 +86,7 @@ else if(isset($_GET['password']) && isset($_GET['password2'])) {
 	if(!Validator::password($password))
 		error_(Validator::getLastError());
 
-	if($password != $password2)
+	if($password != $password_confirm)
 		error_('Passwords are not the same.');
 
 	success_(1);