Release v1.6.1

Update account.generate_recovery_key.html.twig
Add missing csrf() into account manage actions
2025-09-16 21:43:35 +02:00 · 2025-06-11 05:51:39 +02:00 · 2025-06-09 21:18:45 +02:00 · 2025-06-09 21:18:42 +02:00 · 2025-06-09 21:14:44 +02:00 · 2025-06-09 14:24:36 +02:00
11 changed files with 103 additions and 91 deletions
--- a/CHANGELOG-1.x.md
+++ b/CHANGELOG-1.x.md
@@ -1,5 +1,18 @@
 # Changelog
 ## [1.6.1 - 11.06.2025]
 ### Fixed
 * Fixed "Request has been cancelled due to security reasons", cause of missing csrf() in twig files (https://github.com/slawkens/myaac/commit/10cd71a6630ffec91b43a26a6d685b66c5836a6a)
 * Fix: Ignore duplicated route exception (https://github.com/slawkens/myaac/commit/9d8e9d27bd87167d8d4005942a6af62bfe4c0892)
 ### Changed
 * Move counter & visitors code before router (In case someone wants to include that info on page) (https://github.com/slawkens/myaac/commit/f78285030708ad3c74ab048711f73bbf3ee5281e)
 * Set TinyMCE license key to gpl (Avoid warning message in browser console) (https://github.com/slawkens/myaac/commit/8d29fdb98b92dbc3d2853ef88a185c67036b4a77)
 ### Removed
 * Remove deprecated TinyMCE plugin - template (https://github.com/slawkens/myaac/commit/309c1fb715b882e67cb673b1544a03befbf64a22)
 ## [1.6 - 03.06.2025]
 ### Added
--- a/admin/tools/settings_save.php
+++ b/admin/tools/settings_save.php
@@ -1,6 +1,5 @@
 <?php
 use MyAAC\Hooks;
 use MyAAC\Settings;
 const MYAAC_ADMIN = true;
--- a/common.php
+++ b/common.php
@@ -26,7 +26,7 @@
 if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 const MYAAC = true;
-const MYAAC_VERSION = '1.6';
+const MYAAC_VERSION = '1.6.1';
 const DATABASE_VERSION = 45;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
--- a/index.php
+++ b/index.php
@@ -117,6 +117,14 @@ if(setting('core.backward_support')) {
 		$config['status']['serverStatus_' . $key] = $value;
 }
 if(setting('core.views_counter')) {
 	require_once SYSTEM . 'counter.php';
 }
 if(setting('core.visitors_counter')) {
 	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 }
 require_once SYSTEM . 'router.php';
 // anonymous usage statistics
@@ -153,13 +161,6 @@ if(setting('core.anonymous_usage_statistics')) {
 	}
 }
 if(setting('core.views_counter'))
 	require_once SYSTEM . 'counter.php';
 if(setting('core.visitors_counter')) {
 	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 }
 /**
 * @var OTS_Account $account_logged
 */
--- a/plugins/example.json
+++ b/plugins/example.json
@@ -51,5 +51,8 @@
 		"themes": true,
 		"admin-pages": true,
 		"admin-pages-sub-folders": true,
 		"settings": true,
 		"install": true,
 		"init": false
 	}
 }
--- a/system/pages/account/redirect.php
+++ b/system/pages/account/redirect.php
@@ -1,23 +0,0 @@
 <?php
 /**
 * Change comment
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $redirect = urldecode($_REQUEST['redirect']);
 // should never happen, unless hacker modify the URL
 if (!str_contains($redirect, BASE_URL)) {
 	error('Fatal error: Cannot redirect outside the website.');
 	return;
 }
 $twig->display('account.redirect.html.twig', array(
 	'redirect' => $redirect
 ));
--- a/system/router.php
+++ b/system/router.php
@@ -174,7 +174,12 @@ $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r)
 		// apply aliases
 		$route[1] = str_replace($aliases[0], $aliases[1], $route[1]);
-		$r->addRoute($route[0], $route[1], $route[2]);
+		try {
 			$r->addRoute($route[0], $route[1], $route[2]);
 		}
 		catch (\Exception $e) {
 			// duplicated route, just ignore
 		}
 	}
 	if (config('env') === 'dev') {
--- a/system/routes.php
+++ b/system/routes.php
@@ -22,11 +22,11 @@ return [
 	['GET', 'account/confirm-email/{hash:alphanum}', 'account/confirm-email.php'],
 	['GET', 'bans/{page:int}', 'bans.php'],
-	[['GET', 'POST'], 'characters[/{name:[A-Za-z0-9-_%+\' \[\]]+}]', 'characters.php'],
+	[['GET', 'POST'], 'characters/{name:[A-Za-z0-9-_%+\' \[\]]+}', 'characters.php'],
-	['GET', 'changelog[/{page:int}]', 'changelog.php'],
+	['GET', 'changelog/{page:int}', 'changelog.php'],
-	[['GET', 'POST'], 'monsters[/{name:string}]', 'monsters.php'],
+	[['GET', 'POST'], 'monsters/{name:string}', 'monsters.php'],
-	[['GET', 'POST'], 'faq[/{action:string}]', 'faq.php'],
+	[['GET', 'POST'], 'faq/{action:string}', 'faq.php'],
 	[['GET', 'POST'], 'forum/{action:string}', 'forum.php'],
 	['GET', 'forum/board/{id:int}', 'forum/show_board.php'],
--- a/system/templates/account.generate_recovery_key.html.twig
+++ b/system/templates/account.generate_recovery_key.html.twig
@@ -32,14 +32,14 @@ To generate recovery key for your account please enter your password.<br/><br/>
 		</td>
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0">
-				<form action="{{ getLink('account/manage') }}" method="post">
+				<tr>
-					{{ csrf() }}
+					<td style="border: 0;">
-					<tr>
+						<form action="{{ getLink('account/manage') }}" method="post">
-						<td style="border: 0;">
+							{{ csrf() }}
 							{{ include('buttons.back.html.twig') }}
-						</td>
+						</form>
-					</tr>
+					</td>
-				</form>
+				</tr>
 			</table>
 		</td>
 	</tr>
--- a/system/templates/tinymce.html.twig
+++ b/system/templates/tinymce.html.twig
@@ -8,7 +8,7 @@
 			selector: "#editor",
 			content_css: '{{ constant('ADMIN_URL') }}template/style.css',
 			theme: "silver",
-			plugins: 'preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap pagebreak nonbreaking anchor insertdatetime advlist lists wordcount help code emoticons',
+			plugins: 'preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media codesample table charmap pagebreak nonbreaking anchor insertdatetime advlist lists wordcount help code emoticons',
 			toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
 			resize: 'both',
 			image_advtab: true,
@@ -23,6 +23,8 @@
 				{title: 'Colored Table', value: 'myaac-table'},
 			],
 			license_key: 'gpl',
 			setup: function (ed) {
 				ed.on('NodeChange', function (e) {
 					if (ed.getContent() !== lastContent) {
--- a/templates/tibiacom/account.management.html.twig
+++ b/templates/tibiacom/account.management.html.twig
@@ -11,13 +11,14 @@
 					<td width="100%"></td>
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
-							<form action="{{ getLink('account/logout') }}" method="post" >
+							<tr>
-								<tr>
+								<td style="border:0;">
-									<td style="border:0px;">
+									<form action="{{ getLink('account/logout') }}" method="post" >
 										{{ csrf() }}
 										{{ include('buttons.logout.html.twig') }}
-									</td>
+									</form>
-								</tr>
+								</td>
-							</form>
+							</tr>
 						</table>
 					</td>
 				</tr>
@@ -59,13 +60,14 @@
 			</table>
 			<div style="text-align:center">
 				<table border="0" cellspacing="0" cellpadding="0" style="margin-left: auto; margin-right: auto;">
-					<form action="{{ getLink('account/register') }}" method="post">
+					<tr>
-						<tr>
+						<td style="border:0;">
-							<td style="border:0;">
+							<form action="{{ getLink('account/register') }}" method="post">
 								{{ csrf() }}
 								{{ include('buttons.register_account.html.twig') }}
-							</td>
+							</form>
-						</tr>
+						</td>
-					</form>
+					</tr>
 				</table>
 			</div>
 		</div>
@@ -94,13 +96,14 @@
 			</table>
 			<div style="text-align:center">
 				<table border="0" cellspacing="0" cellpadding="0">
-					<form action="{{ getLink('account/change-email') }}" method="post">
+					<tr>
-						<tr>
+						<td style="border:0;">
-							<td style="border:0px;">
+							<form action="{{ getLink('account/change-email') }}" method="post">
 								{{ csrf() }}
 								{{ include('buttons.edit.html.twig') }}
-							</td>
+							</form>
-						</tr>
+						</td>
-					</form>
+					</tr>
 				</table>
 			</div>
 		</div>
@@ -177,26 +180,29 @@
 				<tr>
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
-							<form action="{{ getLink('account/change-password') }}" method="post">
+							<tr>
-								<tr>
+								<td style="border:0;" >
-									<td style="border:0px;" >
+									<form action="{{ getLink('account/change-password') }}" method="post">
 										{{ csrf() }}
 										{{ include('buttons.change_password.html.twig') }}
-									</td>
+									</form>
-								</tr>
+								</td>
-							</form>
+							</tr>
 						</table>
 					</td>
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
-							<form action="{{ getLink('account/change-email') }}" method="post">
+							<tr>
-								<tr>
+								<td style="border:0;">
-									<td style="border:0px;">
+									<form action="{{ getLink('account/change-email') }}" method="post">
 										{{ csrf() }}
 										<input type="hidden" name="newemail" value=""/>
 										<input type="hidden" name="newemaildate" value="0">
 										{{ include('buttons.change_email.html.twig') }}
-									</td>
+									</form>
-								</tr>
+								</td>
-							</form>
+							</tr>
 						</table>
 					</td>
 					<td width="100%"></td>
@@ -204,13 +210,14 @@
 					{% if recovery_key is empty %}
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
-							<form action="{{ getLink('account/register') }}" method="post">
+							<tr>
-								<tr>
+								<td style="border:0;">
-									<td style="border:0px;">
+									<form action="{{ getLink('account/register') }}" method="post">
 										{{ csrf() }}
 										{{ include('buttons.register_account.html.twig') }}
-									</td>
+									</form>
-								</tr>
+								</td>
-							</form>
+							</tr>
 						</table>
 					</td>
 					{% endif %}
@@ -258,13 +265,14 @@
 							</td>
 							<td align=right>
 								<table border="0" cellspacing="0" cellpadding="0">
-									<form action="{{ getLink('account/change-info') }}" method="post">
+									<tr>
-										<tr>
+										<td style="border:0;">
-											<td style="border:0px;">
+											<form action="{{ getLink('account/change-info') }}" method="post">
 												{{ csrf() }}
 												{{ include('buttons.edit.html.twig') }}
-											</td>
+											</form>
-										</tr>
+										</td>
-									</form>
+									</tr>
 								</table>
 							</td>
 						</tr>
@@ -398,8 +406,9 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
-								<td style="border:0px;">
+								<td style="border:0;">
 									<form action="{{ getLink('account/characters/create') }}" method="post" >
 										{{ csrf() }}
 										{{ include('buttons.create_character.html.twig') }}
 									</form>
 								</td>
@@ -410,8 +419,9 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
-								<td style="border:0px;">
+								<td style="border:0;">
 									<form action="{{ getLink('account/characters/change-name') }}" method="post" >
 										{{ csrf() }}
 										{{ include('buttons.change_name.html.twig') }}
 									</form>
 								</td>
@@ -423,8 +433,9 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
-								<td style="border:0px;">
+								<td style="border:0;">
 									<form action="{{ getLink('account/characters/change-sex') }}" method="post">
 										{{ csrf() }}
 										{{ include('buttons.change_sex.html.twig') }}
 									</form>
 								</td>
@@ -436,8 +447,9 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
 							<tr>
-								<td style="border: 0px;">
+								<td style="border: 0;">
 									<form action="{{ getLink('account/characters/delete') }}" method="post">
 										{{ csrf() }}
 										{{ include('buttons.delete_character.html.twig') }}
 									</form>
 								</td>
Author	SHA1	Message	Date
slawkens	524e982a0e	Release v1.6.1	2025-06-11 05:51:39 +02:00
slawkens	fffb427eae	Update account.generate_recovery_key.html.twig	2025-06-09 21:18:45 +02:00
slawkens	10cd71a663	Add missing csrf() into account manage actions	2025-06-09 21:18:42 +02:00
slawkens	0812fe025d	Update settings_save.php	2025-06-09 21:14:44 +02:00
slawkens	309c1fb715	Remove deprecated TinyMCE plugin - template	2025-06-09 14:24:36 +02:00
slawkens	8d29fdb98b	Set TinyMCE license key to gpl (Avoid warning message in browser console)	2025-06-09 14:24:22 +02:00
slawkens	f782850307	Move counter & visitors code before router In case someone wants to include that info on page	2025-06-06 22:10:13 +02:00
slawkens	835dda9659	Remove duplicated code - account redirect, already in account/manage	2025-06-05 19:08:53 +02:00
slawkens	dcc703b1eb	Remove optional param, make it required for few routes	2025-06-05 18:11:44 +02:00
slawkens	9d8e9d27bd	Ignore duplicated route exception	2025-06-05 18:11:31 +02:00
slawkens	db09980de1	Start v1.6.1-dev	2025-06-03 22:57:33 +02:00
slawkens	2dba778167	Update example.json	2025-06-03 18:38:02 +02:00