Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2026-02-06 13:16:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' into feature/2fa

Browse Source
This commit is contained in:
slawkens
2026-01-31 12:31:28 +01:00
parent e2c9c2bbe0 d91de1005b
commit 4d7fe0bd58
11 changed files with 98 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
CHANGELOG-1.x.md
View File

@@ -1,5 +1,21 @@
# Changelog # Changelog
## [1.8.8 - 31.01.2026]
### Added
* Change Comment: Add missing hooks - patched from 0.8 (https://github.com/slawkens/myaac/commit/a60a23b84f61d41d1503073b52e01e3120f6d92a)
### Changed
* Account Manage: Change the last login to the correct login time Instead of just "now" (https://github.com/slawkens/myaac/commit/5b841682cdc473b38ef1a5edfcfe1a020802e286)
* Twig: Extract renderInline(content, context) as a method to $twig (https://github.com/slawkens/myaac/commit/5e4806f891f8c88c37d45b89bbede23afc2fa37b)
* Mail: Remove HTML tags from the email function (https://github.com/slawkens/myaac/commit/6661c78dac69c6aa498b9c79fe7da4fe0150e5c8)
### Fixed
* Forum: Fix XSS in board name (https://github.com/slawkens/myaac/commit/e52d9e486f5bf1dea867f59287f70aef3d538189, https://github.com/slawkens/myaac/commit/6db738a87c44b8d96919191ba5e661c32ab47457)
* Forum: Fix edit_post, despite being an author, edit didn't work (https://github.com/slawkens/myaac/commit/e8b47429e8c607c2662a78b65415dfa772aa0e48)
* Forum: Fix a player link in the forum thread being not clickable (When outfits are enabled) (https://github.com/slawkens/myaac/commit/f640ca636f34cd2dfc1fa8de6fdbed0674908b30)
* Settings: Fix variable overlapping if the same var name as in core (https://github.com/slawkens/myaac/commit/c2415e9df3a5ffaf768f6f9668bdd38b5efd0771)
* Settings: fix show_if for the selects (https://github.com/slawkens/myaac/commit/8dcbb66753914322706216cfd01436eb1478a5ce)
## [1.8.7 - 04.01.2026] ## [1.8.7 - 04.01.2026]
### Fixed ### Fixed

6
package-lock.json generated
View File

@@ -1431,9 +1431,9 @@
} }
}, },
"node_modules/lodash": { "node_modules/lodash": {
"version": "4.17.21", "version": "4.17.23",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
"dev": true, "dev": true,
"license": "MIT" "license": "MIT"
}, },

13
system/functions.php
View File

@@ -23,7 +23,6 @@ use MyAAC\News;
use MyAAC\Plugins; use MyAAC\Plugins;
use MyAAC\Settings; use MyAAC\Settings;
use PHPMailer\PHPMailer\PHPMailer; use PHPMailer\PHPMailer\PHPMailer;
use Twig\Loader\ArrayLoader as Twig_ArrayLoader;
function message($message, $type, $return) function message($message, $type, $return)
{ {
@@ -1463,17 +1462,7 @@ function getCustomPage($name, &$success): string
ob_end_clean(); ob_end_clean();
} }
else { else {
$oldLoader = $twig->getLoader(); $content .= $twig->renderInline($page['body']);
$twig_loader_array = new Twig_ArrayLoader(array(
'content.html' => $page['body']
));
$twig->setLoader($twig_loader_array);
$content .= $twig->render('content.html');
$twig->setLoader($oldLoader);
} }
} }

14
system/migrations/49.php
View File

@@ -3,11 +3,21 @@
* @var OTS_DB_MySQL $db * @var OTS_DB_MySQL $db
*/ */
use MyAAC\Models\Account as AccountModel;
$time = time(); $time = time();
$accountId = getSession('account') ?? 1;
if (!defined('MYAAC_INSTALL')) {
$accountModel = AccountModel::where('web_flags', 3)->first();
if ($accountModel) {
$accountId = $accountModel->id;
}
}
function insert_sample_if_not_exist($p): void function insert_sample_if_not_exist($p): void
{ {
global $time; global $time, $accountId;
$player = new OTS_Player(); $player = new OTS_Player();
$player->find($p['name']); $player->find($p['name']);
@@ -17,7 +27,7 @@ function insert_sample_if_not_exist($p): void
$player->setData([ $player->setData([
'name' => $p['name'], 'name' => $p['name'],
'group_id' => 1, 'group_id' => 1,
'account_id' => getSession('account'), 'account_id' => $accountId,
'level' => $p['level'], 'level' => $p['level'],
'vocation' => $p['vocation_id'], 'vocation' => $p['vocation_id'],
'health' => $p['health'], 'health' => $p['health'],

4
system/pages/forum/edit_post.php
View File

@@ -36,9 +36,9 @@ if(Forum::canPost($account_logged)) {
$thread = $db->query("SELECT `author_guid`, `author_aid`, `first_post`, `post_topic`, `post_date`, `post_text`, `post_smile`, `post_html`, `id`, `section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$post_id." LIMIT 1")->fetch(); $thread = $db->query("SELECT `author_guid`, `author_aid`, `first_post`, `post_topic`, `post_date`, `post_text`, `post_smile`, `post_html`, `id`, `section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$post_id." LIMIT 1")->fetch();
if(isset($thread['id'])) { if(isset($thread['id'])) {
$first_post = $db->query("SELECT `" . FORUM_TABLE_PREFIX . "forum`.`author_guid`, `" . FORUM_TABLE_PREFIX . "forum`.`author_aid`, `" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_smile`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $thread['first_post']." LIMIT 1")->fetch(); $first_post = $db->query("SELECT `" . FORUM_TABLE_PREFIX . "forum`.`author_guid`, `" . FORUM_TABLE_PREFIX . "forum`.`author_aid`, `" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_smile`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $thread['first_post']." LIMIT 1")->fetch();
echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread['first_post']) . '">'.htmlspecialchars($first_post['post_topic']).'</a> >> <b>Edit post</b>'; echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.escapeHtml($sections[$thread['section']]['name']).'</a> >> <a href="' . getForumThreadLink($thread['first_post']) . '">'.htmlspecialchars($first_post['post_topic']).'</a> >> <b>Edit post</b>';
if(Forum::hasAccess($thread['section'] && ($account_logged->getId() == $thread['author_aid'] || Forum::isModerator()))) { if(Forum::hasAccess($thread['section']) && ($account_logged->getId() == $thread['author_aid'] || Forum::isModerator())) {
$char_id = $post_topic = $text = $smile = $html = null; $char_id = $post_topic = $text = $smile = $html = null;
$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll(); $players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
$saved = false; $saved = false;

2
system/pages/forum/new_post.php
View File

@@ -42,7 +42,7 @@ if(Forum::canPost($account_logged)) {
$thread = $db->query("SELECT `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $thread_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".$thread_id." LIMIT 1")->fetch(); $thread = $db->query("SELECT `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $thread_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".$thread_id." LIMIT 1")->fetch();
if(isset($thread['id']) && Forum::hasAccess($thread['section'])) { if(isset($thread['id']) && Forum::hasAccess($thread['section'])) {
echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.htmlspecialchars($thread['post_topic']).'</a> >> <b>Post new reply</b><br /><h3>'.htmlspecialchars($thread['post_topic']).'</h3>'; echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.escapeHtml($sections[$thread['section']]['name']).'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.htmlspecialchars($thread['post_topic']).'</a> >> <b>Post new reply</b><br /><h3>'.htmlspecialchars($thread['post_topic']).'</h3>';
$quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL; $quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL;
$text = isset($_POST['text']) ? stripslashes(trim($_POST['text'])) : NULL; $text = isset($_POST['text']) ? stripslashes(trim($_POST['text'])) : NULL;

2
system/pages/forum/new_thread.php
View File

@@ -34,7 +34,7 @@ if(Forum::canPost($account_logged)) {
$players_from_account = $db->query('SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = '.(int) $account_logged->getId())->fetchAll(); $players_from_account = $db->query('SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = '.(int) $account_logged->getId())->fetchAll();
$section_id = $_REQUEST['section_id'] ?? null; $section_id = $_REQUEST['section_id'] ?? null;
if($section_id !== null) { if($section_id !== null) {
echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($section_id) . '">' . $sections[$section_id]['name'] . '</a> >> <b>Post new thread</b><br />'; echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($section_id) . '">' . escapeHtml($sections[$section_id]['name']) . '</a> >> <b>Post new thread</b><br />';
if(isset($sections[$section_id]['name']) && Forum::hasAccess($section_id)) { if(isset($sections[$section_id]['name']) && Forum::hasAccess($section_id)) {
if ($sections[$section_id]['closed'] && !Forum::isModerator()) if ($sections[$section_id]['closed'] && !Forum::isModerator())

18
system/src/Models/AccountBan.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
namespace MyAAC\Models;
use Illuminate\Database\Eloquent\Model;
class AccountBan extends Model {
protected $table = TABLE_PREFIX . 'account_bans';
public $timestamps = false;
protected $fillable = [
'account_id',
'reason', 'banned_at',
'expires_at', 'banned_by'
];
}

25
system/src/Settings.php
View File

@@ -122,18 +122,21 @@ class Settings implements \ArrayAccess
public static function display($plugin, $settings): array public static function display($plugin, $settings): array
{ {
$settingsDb = ModelsSettings::where('name', $plugin)->pluck('value', 'key')->toArray(); $settingsDb = ModelsSettings::where('name', $plugin)->pluck('value', 'key')->toArray();
$config = [];
require BASE . 'config.local.php';
foreach ($config as $key => $value) { if ($plugin === 'core') {
if (is_bool($value)) { $config = [];
$settingsDb[$key] = $value ? 'true' : 'false'; require BASE . 'config.local.php';
}
elseif (is_array($value)) { foreach ($config as $key => $value) {
$settingsDb[$key] = $value; if (is_bool($value)) {
} $settingsDb[$key] = $value ? 'true' : 'false';
else { }
$settingsDb[$key] = (string)$value; elseif (is_array($value)) {
$settingsDb[$key] = $value;
}
else {
$settingsDb[$key] = (string)$value;
}
} }
} }

18
system/src/Twig/EnvironmentBridge.php
View File

@@ -3,6 +3,7 @@
namespace MyAAC\Twig; namespace MyAAC\Twig;
use Twig\Environment; use Twig\Environment;
use Twig\Loader\ArrayLoader as Twig_ArrayLoader;
class EnvironmentBridge extends Environment class EnvironmentBridge extends Environment
{ {
@@ -25,4 +26,21 @@ class EnvironmentBridge extends Environment
return parent::render($name, $context); return parent::render($name, $context);
} }
public function renderInline($content, array $context = []): string
{
$oldLoader = $this->getLoader();
$twig_loader_array = new Twig_ArrayLoader(array(
'content.html' => $content
));
$this->setLoader($twig_loader_array);
$ret = $this->render('content.html', $context);
$this->setLoader($oldLoader);
return $ret;
}
} }

14
system/templates/admin.settings.html.twig
View File

@@ -37,21 +37,31 @@
{% for key, value in settings %} {% for key, value in settings %}
{% if value.show_if is defined %} {% if value.show_if is defined %}
$(function () { $(function () {
$('input[name="settings[{{ value.show_if[0] }}]"]').change(function () { {% set inputType = 'input' %}
{% if settings[value.show_if[0]]['type'] == 'options' %}
{% set inputType = 'select' %}
{% endif %}
$('{{ inputType }}[name="settings[{{ value.show_if[0] }}]"]').change(function () {
performChecks_{{ key }}(this); performChecks_{{ key }}(this);
}); });
{% if settings[value.show_if[0]]['type'] == 'boolean' %} {% if settings[value.show_if[0]]['type'] == 'boolean' %}
performChecks_{{ key }}('input[name="settings[{{ value.show_if[0] }}]"]:checked'); performChecks_{{ key }}('input[name="settings[{{ value.show_if[0] }}]"]:checked');
{% else %} {% else %}
performChecks_{{ key }}('input[name="settings[{{ value.show_if[0] }}]"]'); performChecks_{{ key }}('{{ inputType }}[name="settings[{{ value.show_if[0] }}]"]');
{% endif %} {% endif %}
}); });
function performChecks_{{ key }}(el) function performChecks_{{ key }}(el)
{ {
let success = false; let success = false;
let thisVal = $(el).val(); let thisVal = $(el).val();
{% if settings[value.show_if[0]]['type'] == 'options' %}
thisVal = $(el).find(":selected").val();
{% endif %}
let operator = '{{ value.show_if[1]|raw }}'; let operator = '{{ value.show_if[1]|raw }}';
if (operator === '>') { if (operator === '>') {