mikuli.cz

:)
git clone https://git.sr.ht/~ashymad/mikuli.cz
Log | Files | Refs
commit 5aec5794c42bbbae0370e0a1c22e60078f41fde6
parent f2a1bec88b748c3cdcb4eb5115e79f0e82dea0a8
Author: markseu <mark2011@mayberg.se>
Date:   Fri,  6 Jul 2018 14:21:16 +0200

Updated plugins, summer cleanup

Diffstat:

Msystem/plugins/core.php | 6------


Msystem/plugins/edit.php | 20+++-----------------


Msystem/plugins/update.php | 19+++----------------


3 files changed, 6 insertions(+), 39 deletions(-)

diff --git a/system/plugins/core.php b/system/plugins/core.php
@@ -1919,12 +1919,6 @@ class YellowConfig
 		return $this->yellow->toolbox->createFile($fileName, $fileDataNew);
 	}
 	
-	// Update configuration in file, TODO: remove later, used for backwards compatibility
-	function update($fileName, $config)
-	{
-		return $this->save($fileName, $config);
-	}
-	
 	// Set default configuration
 	function setDefault($key, $value)
 	{
diff --git a/system/plugins/edit.php b/system/plugins/edit.php
@@ -5,7 +5,7 @@
 
 class YellowEdit
 {
-	const VERSION = "0.7.24";
+	const VERSION = "0.7.25";
 	var $yellow;			//access to API
 	var $response;			//web response
 	var $users;				//user accounts
@@ -1689,7 +1689,7 @@ class YellowUsers
 		$expire = $this->getAuthExpire($authToken);
 		return $expire>time() && $this->isExisting($email) && $this->users[$email]["status"]=="active" &&
 			$this->yellow->toolbox->verifyHash($this->users[$email]["hash"]."auth".$expire, "sha256", $signature) &&
-			($this->verifyToken($csrfTokenExpected, $csrfTokenReceived) || $ignoreCsrfToken);
+			($this->yellow->toolbox->verifyToken($csrfTokenExpected, $csrfTokenReceived) || $ignoreCsrfToken);
 	}
 	
 	// Check action token
@@ -1746,7 +1746,7 @@ class YellowUsers
 		if(empty($stamp)) $stamp = substrb($authToken, 96, 20);
 		foreach($this->users as $key=>$value)
 		{
-			if($this->verifyToken($value["stamp"], $stamp)) $email = $key;
+			if($this->yellow->toolbox->verifyToken($value["stamp"], $stamp)) $email = $key;
 		}
 		return $email;
 	}
@@ -1831,20 +1831,6 @@ class YellowUsers
 		return $data;
 	}
 	
-	// Verify that token is not empty and identical, timing attack safe text string comparison
-	function verifyToken($tokenExpected, $tokenReceived) //TODO: remove later, use directly from core after next release
-	{
-		$ok = false;
-		$lengthExpected = strlenb($tokenExpected);
-		$lengthReceived = strlenb($tokenReceived);
-		if($lengthExpected!=0 && $lengthReceived!=0)
-		{
-			$ok = $lengthExpected==$lengthReceived;
-			for($i=0; $i<$lengthReceived; ++$i) $ok &= $tokenExpected[$i<$lengthExpected ? $i : 0]==$tokenReceived[$i];
-		}
-		return $ok;
-	}
-	
 	// Check if user is taken
 	function isTaken($email)
 	{
diff --git a/system/plugins/update.php b/system/plugins/update.php
@@ -5,7 +5,7 @@
 
 class YellowUpdate
 {
-	const VERSION = "0.7.11";
+	const VERSION = "0.7.12";
 	var $yellow;					//access to API
 	var $updates;					//number of updates
 	
@@ -23,13 +23,6 @@ class YellowUpdate
 	// Handle startup
 	function onStartup($update)
 	{
-		if(!$this->yellow->config->isExisting("startupUpdate")) //TODO: remove later, detects old version
-		{
-			$update = true;
-			$fileNameConfig = $this->yellow->config->get("configDir").$this->yellow->config->get("configFile");
-			$this->yellow->config->update($fileNameConfig, array("startupUpdate" => "none"));
-			$this->yellow->config->setDefault("startupUpdate", "none");
-		}
 		if($update)
 		{
 			$fileNameConfig = $this->yellow->config->get("configDir").$this->yellow->config->get("configFile");
@@ -39,12 +32,6 @@ class YellowUpdate
 			foreach($this->yellow->toolbox->getTextLines($fileData) as $line)
 			{
 				preg_match("/^\s*(.*?)\s*:\s*(.*?)\s*$/", $line, $matches);
-				if(substru($line, 0, 12)=="Webinterface")	//TODO: remove later, converts old config
-				{
-					$line = preg_replace("/^Webinterface/i", "Edit", $line);
-					preg_match("/^\s*(.*?)\s*:\s*(.*?)\s*$/", $line, $matches);
-					if(!empty($matches[1]) && !strempty($matches[2])) $this->yellow->config->set($matches[1], $matches[2]);
-				}
 				if(!empty($matches[1]) && !is_null($configDefaults[$matches[1]])) unset($configDefaults[$matches[1]]);
 				if(!empty($matches[1]) && $matches[1][0]!='#' && is_null($this->yellow->config->configDefaults[$matches[1]]))
 				{
@@ -496,7 +483,7 @@ class YellowUpdate
 		if($startupUpdate=="none") $startupUpdate = "YellowUpdate";
 		if($software!="YellowUpdate") $startupUpdate .= ",$software";
 		$fileNameConfig = $this->yellow->config->get("configDir").$this->yellow->config->get("configFile");
-		if(!$this->yellow->config->update($fileNameConfig, array("startupUpdate" => $startupUpdate)))
+		if(!$this->yellow->config->save($fileNameConfig, array("startupUpdate" => $startupUpdate)))
 		{
 			$statusCode = 500;
 			$this->yellow->page->error(500, "Can't write file '$fileNameConfig'!");
@@ -635,7 +622,7 @@ class YellowUpdate
 			{
 				if($this->yellow->config->get("sitename")=="Yellow") $_REQUEST["sitename"] = $name;
 				$fileNameConfig = $this->yellow->config->get("configDir").$this->yellow->config->get("configFile");
-				$status = $this->yellow->config->update($fileNameConfig, $this->getConfigData()) ? "done" : "error";
+				$status = $this->yellow->config->save($fileNameConfig, $this->getConfigData()) ? "done" : "error";
 				if($status=="error") $this->yellow->page->error(500, "Can't write file '$fileNameConfig'!");
 			}
 			if($status=="done")