mirror of
https://github.com/slawkens/myaac.git
synced 2025-09-15 13:03:34 +02:00
Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
524e982a0e | ||
|
|
fffb427eae | ||
|
|
10cd71a663 | ||
|
|
0812fe025d | ||
|
|
309c1fb715 | ||
|
|
8d29fdb98b | ||
|
|
f782850307 | ||
|
|
835dda9659 | ||
|
|
dcc703b1eb | ||
|
|
9d8e9d27bd | ||
|
|
db09980de1 | ||
|
|
2dba778167 |
@@ -1,5 +1,18 @@
|
||||
# Changelog
|
||||
|
||||
## [1.6.1 - 11.06.2025]
|
||||
|
||||
### Fixed
|
||||
* Fixed "Request has been cancelled due to security reasons", cause of missing csrf() in twig files (https://github.com/slawkens/myaac/commit/10cd71a6630ffec91b43a26a6d685b66c5836a6a)
|
||||
* Fix: Ignore duplicated route exception (https://github.com/slawkens/myaac/commit/9d8e9d27bd87167d8d4005942a6af62bfe4c0892)
|
||||
|
||||
### Changed
|
||||
* Move counter & visitors code before router (In case someone wants to include that info on page) (https://github.com/slawkens/myaac/commit/f78285030708ad3c74ab048711f73bbf3ee5281e)
|
||||
* Set TinyMCE license key to gpl (Avoid warning message in browser console) (https://github.com/slawkens/myaac/commit/8d29fdb98b92dbc3d2853ef88a185c67036b4a77)
|
||||
|
||||
### Removed
|
||||
* Remove deprecated TinyMCE plugin - template (https://github.com/slawkens/myaac/commit/309c1fb715b882e67cb673b1544a03befbf64a22)
|
||||
|
||||
## [1.6 - 03.06.2025]
|
||||
|
||||
### Added
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
<?php
|
||||
|
||||
use MyAAC\Hooks;
|
||||
use MyAAC\Settings;
|
||||
|
||||
const MYAAC_ADMIN = true;
|
||||
|
||||
@@ -26,7 +26,7 @@
|
||||
if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
|
||||
|
||||
const MYAAC = true;
|
||||
const MYAAC_VERSION = '1.6';
|
||||
const MYAAC_VERSION = '1.6.1';
|
||||
const DATABASE_VERSION = 45;
|
||||
const TABLE_PREFIX = 'myaac_';
|
||||
define('START_TIME', microtime(true));
|
||||
|
||||
15
index.php
15
index.php
@@ -117,6 +117,14 @@ if(setting('core.backward_support')) {
|
||||
$config['status']['serverStatus_' . $key] = $value;
|
||||
}
|
||||
|
||||
if(setting('core.views_counter')) {
|
||||
require_once SYSTEM . 'counter.php';
|
||||
}
|
||||
|
||||
if(setting('core.visitors_counter')) {
|
||||
$visitors = new Visitors(setting('core.visitors_counter_ttl'));
|
||||
}
|
||||
|
||||
require_once SYSTEM . 'router.php';
|
||||
|
||||
// anonymous usage statistics
|
||||
@@ -153,13 +161,6 @@ if(setting('core.anonymous_usage_statistics')) {
|
||||
}
|
||||
}
|
||||
|
||||
if(setting('core.views_counter'))
|
||||
require_once SYSTEM . 'counter.php';
|
||||
|
||||
if(setting('core.visitors_counter')) {
|
||||
$visitors = new Visitors(setting('core.visitors_counter_ttl'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @var OTS_Account $account_logged
|
||||
*/
|
||||
|
||||
@@ -51,5 +51,8 @@
|
||||
"themes": true,
|
||||
"admin-pages": true,
|
||||
"admin-pages-sub-folders": true,
|
||||
"settings": true,
|
||||
"install": true,
|
||||
"init": false
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* Change comment
|
||||
*
|
||||
* @package MyAAC
|
||||
* @author Gesior <jerzyskalski@wp.pl>
|
||||
* @author Slawkens <slawkens@gmail.com>
|
||||
* @copyright 2019 MyAAC
|
||||
* @link https://my-aac.org
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$redirect = urldecode($_REQUEST['redirect']);
|
||||
|
||||
// should never happen, unless hacker modify the URL
|
||||
if (!str_contains($redirect, BASE_URL)) {
|
||||
error('Fatal error: Cannot redirect outside the website.');
|
||||
return;
|
||||
}
|
||||
|
||||
$twig->display('account.redirect.html.twig', array(
|
||||
'redirect' => $redirect
|
||||
));
|
||||
@@ -174,8 +174,13 @@ $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r)
|
||||
// apply aliases
|
||||
$route[1] = str_replace($aliases[0], $aliases[1], $route[1]);
|
||||
|
||||
try {
|
||||
$r->addRoute($route[0], $route[1], $route[2]);
|
||||
}
|
||||
catch (\Exception $e) {
|
||||
// duplicated route, just ignore
|
||||
}
|
||||
}
|
||||
|
||||
if (config('env') === 'dev') {
|
||||
foreach(Plugins::getWarnings() as $warning) {
|
||||
|
||||
@@ -22,11 +22,11 @@ return [
|
||||
['GET', 'account/confirm-email/{hash:alphanum}', 'account/confirm-email.php'],
|
||||
|
||||
['GET', 'bans/{page:int}', 'bans.php'],
|
||||
[['GET', 'POST'], 'characters[/{name:[A-Za-z0-9-_%+\' \[\]]+}]', 'characters.php'],
|
||||
['GET', 'changelog[/{page:int}]', 'changelog.php'],
|
||||
[['GET', 'POST'], 'monsters[/{name:string}]', 'monsters.php'],
|
||||
[['GET', 'POST'], 'characters/{name:[A-Za-z0-9-_%+\' \[\]]+}', 'characters.php'],
|
||||
['GET', 'changelog/{page:int}', 'changelog.php'],
|
||||
[['GET', 'POST'], 'monsters/{name:string}', 'monsters.php'],
|
||||
|
||||
[['GET', 'POST'], 'faq[/{action:string}]', 'faq.php'],
|
||||
[['GET', 'POST'], 'faq/{action:string}', 'faq.php'],
|
||||
|
||||
[['GET', 'POST'], 'forum/{action:string}', 'forum.php'],
|
||||
['GET', 'forum/board/{id:int}', 'forum/show_board.php'],
|
||||
|
||||
@@ -32,14 +32,14 @@ To generate recovery key for your account please enter your password.<br/><br/>
|
||||
</td>
|
||||
<td>
|
||||
<table border="0" cellspacing="0" cellpadding="0">
|
||||
<form action="{{ getLink('account/manage') }}" method="post">
|
||||
{{ csrf() }}
|
||||
<tr>
|
||||
<td style="border: 0;">
|
||||
<form action="{{ getLink('account/manage') }}" method="post">
|
||||
{{ csrf() }}
|
||||
{{ include('buttons.back.html.twig') }}
|
||||
</td>
|
||||
</tr>
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
selector: "#editor",
|
||||
content_css: '{{ constant('ADMIN_URL') }}template/style.css',
|
||||
theme: "silver",
|
||||
plugins: 'preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap pagebreak nonbreaking anchor insertdatetime advlist lists wordcount help code emoticons',
|
||||
plugins: 'preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media codesample table charmap pagebreak nonbreaking anchor insertdatetime advlist lists wordcount help code emoticons',
|
||||
toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify | numlist bullist outdent indent | removeformat code',
|
||||
resize: 'both',
|
||||
image_advtab: true,
|
||||
@@ -23,6 +23,8 @@
|
||||
{title: 'Colored Table', value: 'myaac-table'},
|
||||
],
|
||||
|
||||
license_key: 'gpl',
|
||||
|
||||
setup: function (ed) {
|
||||
ed.on('NodeChange', function (e) {
|
||||
if (ed.getContent() !== lastContent) {
|
||||
|
||||
@@ -11,13 +11,14 @@
|
||||
<td width="100%"></td>
|
||||
<td>
|
||||
<table border="0" cellspacing="0" cellpadding="0" >
|
||||
<form action="{{ getLink('account/logout') }}" method="post" >
|
||||
<tr>
|
||||
<td style="border:0px;">
|
||||
<td style="border:0;">
|
||||
<form action="{{ getLink('account/logout') }}" method="post" >
|
||||
{{ csrf() }}
|
||||
{{ include('buttons.logout.html.twig') }}
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
</form>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
@@ -59,13 +60,14 @@
|
||||
</table>
|
||||
<div style="text-align:center">
|
||||
<table border="0" cellspacing="0" cellpadding="0" style="margin-left: auto; margin-right: auto;">
|
||||
<form action="{{ getLink('account/register') }}" method="post">
|
||||
<tr>
|
||||
<td style="border:0;">
|
||||
<form action="{{ getLink('account/register') }}" method="post">
|
||||
{{ csrf() }}
|
||||
{{ include('buttons.register_account.html.twig') }}
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
</form>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
@@ -94,13 +96,14 @@
|
||||
</table>
|
||||
<div style="text-align:center">
|
||||
<table border="0" cellspacing="0" cellpadding="0">
|
||||
<form action="{{ getLink('account/change-email') }}" method="post">
|
||||
<tr>
|
||||
<td style="border:0px;">
|
||||
<td style="border:0;">
|
||||
<form action="{{ getLink('account/change-email') }}" method="post">
|
||||
{{ csrf() }}
|
||||
{{ include('buttons.edit.html.twig') }}
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
</form>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
@@ -177,26 +180,29 @@
|
||||
<tr>
|
||||
<td>
|
||||
<table border="0" cellspacing="0" cellpadding="0">
|
||||
<form action="{{ getLink('account/change-password') }}" method="post">
|
||||
<tr>
|
||||
<td style="border:0px;" >
|
||||
<td style="border:0;" >
|
||||
<form action="{{ getLink('account/change-password') }}" method="post">
|
||||
{{ csrf() }}
|
||||
{{ include('buttons.change_password.html.twig') }}
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
</form>
|
||||
</table>
|
||||
</td>
|
||||
<td>
|
||||
<table border="0" cellspacing="0" cellpadding="0">
|
||||
<form action="{{ getLink('account/change-email') }}" method="post">
|
||||
<tr>
|
||||
<td style="border:0px;">
|
||||
<td style="border:0;">
|
||||
<form action="{{ getLink('account/change-email') }}" method="post">
|
||||
{{ csrf() }}
|
||||
|
||||
<input type="hidden" name="newemail" value=""/>
|
||||
<input type="hidden" name="newemaildate" value="0">
|
||||
{{ include('buttons.change_email.html.twig') }}
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
</form>
|
||||
</table>
|
||||
</td>
|
||||
<td width="100%"></td>
|
||||
@@ -204,13 +210,14 @@
|
||||
{% if recovery_key is empty %}
|
||||
<td>
|
||||
<table border="0" cellspacing="0" cellpadding="0">
|
||||
<form action="{{ getLink('account/register') }}" method="post">
|
||||
<tr>
|
||||
<td style="border:0px;">
|
||||
<td style="border:0;">
|
||||
<form action="{{ getLink('account/register') }}" method="post">
|
||||
{{ csrf() }}
|
||||
{{ include('buttons.register_account.html.twig') }}
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
</form>
|
||||
</table>
|
||||
</td>
|
||||
{% endif %}
|
||||
@@ -258,13 +265,14 @@
|
||||
</td>
|
||||
<td align=right>
|
||||
<table border="0" cellspacing="0" cellpadding="0">
|
||||
<form action="{{ getLink('account/change-info') }}" method="post">
|
||||
<tr>
|
||||
<td style="border:0px;">
|
||||
<td style="border:0;">
|
||||
<form action="{{ getLink('account/change-info') }}" method="post">
|
||||
{{ csrf() }}
|
||||
{{ include('buttons.edit.html.twig') }}
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
</form>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
@@ -398,8 +406,9 @@
|
||||
<td>
|
||||
<table border="0" cellspacing="0" cellpadding="0" >
|
||||
<tr>
|
||||
<td style="border:0px;">
|
||||
<td style="border:0;">
|
||||
<form action="{{ getLink('account/characters/create') }}" method="post" >
|
||||
{{ csrf() }}
|
||||
{{ include('buttons.create_character.html.twig') }}
|
||||
</form>
|
||||
</td>
|
||||
@@ -410,8 +419,9 @@
|
||||
<td>
|
||||
<table border="0" cellspacing="0" cellpadding="0" >
|
||||
<tr>
|
||||
<td style="border:0px;">
|
||||
<td style="border:0;">
|
||||
<form action="{{ getLink('account/characters/change-name') }}" method="post" >
|
||||
{{ csrf() }}
|
||||
{{ include('buttons.change_name.html.twig') }}
|
||||
</form>
|
||||
</td>
|
||||
@@ -423,8 +433,9 @@
|
||||
<td>
|
||||
<table border="0" cellspacing="0" cellpadding="0" >
|
||||
<tr>
|
||||
<td style="border:0px;">
|
||||
<td style="border:0;">
|
||||
<form action="{{ getLink('account/characters/change-sex') }}" method="post">
|
||||
{{ csrf() }}
|
||||
{{ include('buttons.change_sex.html.twig') }}
|
||||
</form>
|
||||
</td>
|
||||
@@ -436,8 +447,9 @@
|
||||
<td>
|
||||
<table border="0" cellspacing="0" cellpadding="0">
|
||||
<tr>
|
||||
<td style="border: 0px;">
|
||||
<td style="border: 0;">
|
||||
<form action="{{ getLink('account/characters/delete') }}" method="post">
|
||||
{{ csrf() }}
|
||||
{{ include('buttons.delete_character.html.twig') }}
|
||||
</form>
|
||||
</td>
|
||||
|
||||
Reference in New Issue
Block a user