mirror of
https://github.com/slawkens/myaac.git
synced 2026-02-06 21:26:22 +01:00
Merge branch 'develop' into feature/2fa
This commit is contained in:
slawkens
@@ -1,5 +1,21 @@
|
||||
# Changelog
|
||||
|
||||
## [1.8.8 - 31.01.2026]
|
||||
### Added
|
||||
* Change Comment: Add missing hooks - patched from 0.8 (https://github.com/slawkens/myaac/commit/a60a23b84f61d41d1503073b52e01e3120f6d92a)
|
||||
|
||||
### Changed
|
||||
* Account Manage: Change the last login to the correct login time – Instead of just "now" (https://github.com/slawkens/myaac/commit/5b841682cdc473b38ef1a5edfcfe1a020802e286)
|
||||
* Twig: Extract renderInline(content, context) as a method to $twig (https://github.com/slawkens/myaac/commit/5e4806f891f8c88c37d45b89bbede23afc2fa37b)
|
||||
* Mail: Remove HTML tags from the email function (https://github.com/slawkens/myaac/commit/6661c78dac69c6aa498b9c79fe7da4fe0150e5c8)
|
||||
|
||||
### Fixed
|
||||
* Forum: Fix XSS in board name (https://github.com/slawkens/myaac/commit/e52d9e486f5bf1dea867f59287f70aef3d538189, https://github.com/slawkens/myaac/commit/6db738a87c44b8d96919191ba5e661c32ab47457)
|
||||
* Forum: Fix edit_post, despite being an author, edit didn't work (https://github.com/slawkens/myaac/commit/e8b47429e8c607c2662a78b65415dfa772aa0e48)
|
||||
* Forum: Fix a player link in the forum thread being not clickable (When outfits are enabled) (https://github.com/slawkens/myaac/commit/f640ca636f34cd2dfc1fa8de6fdbed0674908b30)
|
||||
* Settings: Fix variable overlapping if the same var name as in core (https://github.com/slawkens/myaac/commit/c2415e9df3a5ffaf768f6f9668bdd38b5efd0771)
|
||||
* Settings: fix show_if for the selects (https://github.com/slawkens/myaac/commit/8dcbb66753914322706216cfd01436eb1478a5ce)
|
||||
|
||||
## [1.8.7 - 04.01.2026]
|
||||
|
||||
### Fixed
|
||||
|
||||
6
package-lock.json
generated
6
package-lock.json
generated
@@ -1431,9 +1431,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/lodash": {
|
||||
"version": "4.17.21",
|
||||
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
|
||||
"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
|
||||
"version": "4.17.23",
|
||||
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
|
||||
"integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
|
||||
"dev": true,
|
||||
"license": "MIT"
|
||||
},
|
||||
|
||||
@@ -23,7 +23,6 @@ use MyAAC\News;
|
||||
use MyAAC\Plugins;
|
||||
use MyAAC\Settings;
|
||||
use PHPMailer\PHPMailer\PHPMailer;
|
||||
use Twig\Loader\ArrayLoader as Twig_ArrayLoader;
|
||||
|
||||
function message($message, $type, $return)
|
||||
{
|
||||
@@ -1463,17 +1462,7 @@ function getCustomPage($name, &$success): string
|
||||
ob_end_clean();
|
||||
}
|
||||
else {
|
||||
$oldLoader = $twig->getLoader();
|
||||
|
||||
$twig_loader_array = new Twig_ArrayLoader(array(
|
||||
'content.html' => $page['body']
|
||||
));
|
||||
|
||||
$twig->setLoader($twig_loader_array);
|
||||
|
||||
$content .= $twig->render('content.html');
|
||||
|
||||
$twig->setLoader($oldLoader);
|
||||
$content .= $twig->renderInline($page['body']);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -3,11 +3,21 @@
|
||||
* @var OTS_DB_MySQL $db
|
||||
*/
|
||||
|
||||
use MyAAC\Models\Account as AccountModel;
|
||||
|
||||
$time = time();
|
||||
|
||||
$accountId = getSession('account') ?? 1;
|
||||
if (!defined('MYAAC_INSTALL')) {
|
||||
$accountModel = AccountModel::where('web_flags', 3)->first();
|
||||
if ($accountModel) {
|
||||
$accountId = $accountModel->id;
|
||||
}
|
||||
}
|
||||
|
||||
function insert_sample_if_not_exist($p): void
|
||||
{
|
||||
global $time;
|
||||
global $time, $accountId;
|
||||
|
||||
$player = new OTS_Player();
|
||||
$player->find($p['name']);
|
||||
@@ -17,7 +27,7 @@ function insert_sample_if_not_exist($p): void
|
||||
$player->setData([
|
||||
'name' => $p['name'],
|
||||
'group_id' => 1,
|
||||
'account_id' => getSession('account'),
|
||||
'account_id' => $accountId,
|
||||
'level' => $p['level'],
|
||||
'vocation' => $p['vocation_id'],
|
||||
'health' => $p['health'],
|
||||
|
||||
@@ -36,9 +36,9 @@ if(Forum::canPost($account_logged)) {
|
||||
$thread = $db->query("SELECT `author_guid`, `author_aid`, `first_post`, `post_topic`, `post_date`, `post_text`, `post_smile`, `post_html`, `id`, `section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$post_id." LIMIT 1")->fetch();
|
||||
if(isset($thread['id'])) {
|
||||
$first_post = $db->query("SELECT `" . FORUM_TABLE_PREFIX . "forum`.`author_guid`, `" . FORUM_TABLE_PREFIX . "forum`.`author_aid`, `" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_smile`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $thread['first_post']." LIMIT 1")->fetch();
|
||||
echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread['first_post']) . '">'.htmlspecialchars($first_post['post_topic']).'</a> >> <b>Edit post</b>';
|
||||
echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.escapeHtml($sections[$thread['section']]['name']).'</a> >> <a href="' . getForumThreadLink($thread['first_post']) . '">'.htmlspecialchars($first_post['post_topic']).'</a> >> <b>Edit post</b>';
|
||||
|
||||
if(Forum::hasAccess($thread['section'] && ($account_logged->getId() == $thread['author_aid'] || Forum::isModerator()))) {
|
||||
if(Forum::hasAccess($thread['section']) && ($account_logged->getId() == $thread['author_aid'] || Forum::isModerator())) {
|
||||
$char_id = $post_topic = $text = $smile = $html = null;
|
||||
$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
|
||||
$saved = false;
|
||||
|
||||
@@ -42,7 +42,7 @@ if(Forum::canPost($account_logged)) {
|
||||
$thread = $db->query("SELECT `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $thread_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".$thread_id." LIMIT 1")->fetch();
|
||||
|
||||
if(isset($thread['id']) && Forum::hasAccess($thread['section'])) {
|
||||
echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.htmlspecialchars($thread['post_topic']).'</a> >> <b>Post new reply</b><br /><h3>'.htmlspecialchars($thread['post_topic']).'</h3>';
|
||||
echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.escapeHtml($sections[$thread['section']]['name']).'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.htmlspecialchars($thread['post_topic']).'</a> >> <b>Post new reply</b><br /><h3>'.htmlspecialchars($thread['post_topic']).'</h3>';
|
||||
|
||||
$quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL;
|
||||
$text = isset($_POST['text']) ? stripslashes(trim($_POST['text'])) : NULL;
|
||||
|
||||
@@ -34,7 +34,7 @@ if(Forum::canPost($account_logged)) {
|
||||
$players_from_account = $db->query('SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = '.(int) $account_logged->getId())->fetchAll();
|
||||
$section_id = $_REQUEST['section_id'] ?? null;
|
||||
if($section_id !== null) {
|
||||
echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($section_id) . '">' . $sections[$section_id]['name'] . '</a> >> <b>Post new thread</b><br />';
|
||||
echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($section_id) . '">' . escapeHtml($sections[$section_id]['name']) . '</a> >> <b>Post new thread</b><br />';
|
||||
|
||||
if(isset($sections[$section_id]['name']) && Forum::hasAccess($section_id)) {
|
||||
if ($sections[$section_id]['closed'] && !Forum::isModerator())
|
||||
|
||||
18
system/src/Models/AccountBan.php
Normal file
18
system/src/Models/AccountBan.php
Normal file
@@ -0,0 +1,18 @@
|
||||
<?php
|
||||
|
||||
namespace MyAAC\Models;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
|
||||
class AccountBan extends Model {
|
||||
|
||||
protected $table = TABLE_PREFIX . 'account_bans';
|
||||
|
||||
public $timestamps = false;
|
||||
|
||||
protected $fillable = [
|
||||
'account_id',
|
||||
'reason', 'banned_at',
|
||||
'expires_at', 'banned_by'
|
||||
];
|
||||
|
||||
}
|
||||
@@ -122,6 +122,8 @@ class Settings implements \ArrayAccess
|
||||
public static function display($plugin, $settings): array
|
||||
{
|
||||
$settingsDb = ModelsSettings::where('name', $plugin)->pluck('value', 'key')->toArray();
|
||||
|
||||
if ($plugin === 'core') {
|
||||
$config = [];
|
||||
require BASE . 'config.local.php';
|
||||
|
||||
@@ -136,6 +138,7 @@ class Settings implements \ArrayAccess
|
||||
$settingsDb[$key] = (string)$value;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$javascript = '';
|
||||
ob_start();
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
namespace MyAAC\Twig;
|
||||
|
||||
use Twig\Environment;
|
||||
use Twig\Loader\ArrayLoader as Twig_ArrayLoader;
|
||||
|
||||
class EnvironmentBridge extends Environment
|
||||
{
|
||||
@@ -25,4 +26,21 @@ class EnvironmentBridge extends Environment
|
||||
|
||||
return parent::render($name, $context);
|
||||
}
|
||||
|
||||
public function renderInline($content, array $context = []): string
|
||||
{
|
||||
$oldLoader = $this->getLoader();
|
||||
|
||||
$twig_loader_array = new Twig_ArrayLoader(array(
|
||||
'content.html' => $content
|
||||
));
|
||||
|
||||
$this->setLoader($twig_loader_array);
|
||||
|
||||
$ret = $this->render('content.html', $context);
|
||||
|
||||
$this->setLoader($oldLoader);
|
||||
|
||||
return $ret;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -37,21 +37,31 @@
|
||||
{% for key, value in settings %}
|
||||
{% if value.show_if is defined %}
|
||||
$(function () {
|
||||
$('input[name="settings[{{ value.show_if[0] }}]"]').change(function () {
|
||||
{% set inputType = 'input' %}
|
||||
|
||||
{% if settings[value.show_if[0]]['type'] == 'options' %}
|
||||
{% set inputType = 'select' %}
|
||||
{% endif %}
|
||||
|
||||
$('{{ inputType }}[name="settings[{{ value.show_if[0] }}]"]').change(function () {
|
||||
performChecks_{{ key }}(this);
|
||||
});
|
||||
|
||||
{% if settings[value.show_if[0]]['type'] == 'boolean' %}
|
||||
performChecks_{{ key }}('input[name="settings[{{ value.show_if[0] }}]"]:checked');
|
||||
{% else %}
|
||||
performChecks_{{ key }}('input[name="settings[{{ value.show_if[0] }}]"]');
|
||||
performChecks_{{ key }}('{{ inputType }}[name="settings[{{ value.show_if[0] }}]"]');
|
||||
{% endif %}
|
||||
});
|
||||
|
||||
function performChecks_{{ key }}(el)
|
||||
{
|
||||
let success = false;
|
||||
|
||||
let thisVal = $(el).val();
|
||||
{% if settings[value.show_if[0]]['type'] == 'options' %}
|
||||
thisVal = $(el).find(":selected").val();
|
||||
{% endif %}
|
||||
|
||||
let operator = '{{ value.show_if[1]|raw }}';
|
||||
if (operator === '>') {
|
||||
|
||||
Reference in New Issue
Block a user