Dodanie obsługi tokenów przesyłania i kluczy API w edytorach artykułów, banerów i produktów; aktualizacja adresu URL do changeloga

admin/templates/articles/article-edit.php

@@ -4,6 +4,17 @@
 <?
 global $db;
 
+$upload_token = bin2hex( random_bytes(24) );
+$_SESSION['upload_tokens'][$upload_token] = [
+  'user_id' => $this -> user['id'],
+  'expires' => time() + 60*20
+];
+
+$_SESSION['rfm_akey'] = bin2hex(random_bytes(16));
+$_SESSION['rfm_akey_expires'] = time() + 20*60;
+$_SESSION['can_use_rfm'] = true;
+$rfmAkeyJS = $_SESSION['rfm_akey'];
+
 ob_start();
 ?>
   <div id="settings-tabs">
@@ -63,7 +74,7 @@ ob_start();
                         'value' => htmlspecialchars( $this -> article['languages'][ $lg['id'] ]['main_image'] ),
                         'icon_content' => 'przeglądaj',
                         'inline'  => true,
-                        'icon_js' => "window.open ( '/libraries/filemanager-9.14.2/dialog.php?type=1&popup=1&field_id=main_image_" . $lg['id'] . "&akey=c3cb2537d25c0efc9e573d059d79c3b8', 'mywindow', 'location=1,status=1,scrollbars=1, width=1100,height=700');"
+                        'icon_js' => "window.open ( '/libraries/filemanager-9.14.2/dialog.php?type=1&popup=1&field_id=main_image_" . $lg['id'] . "&akey=" . $rfmAkeyJS . "', 'mywindow', 'location=1,status=1,scrollbars=1, width=1100,height=700');"
                     ] );
                   ?>
                   <?= \Html::textarea(
@@ -95,7 +106,11 @@ ob_start();
                     $( function() {
                       $( '#text_<?= $lg['id'];?>, #entry_<?= $lg['id'];?>, #table_of_contents_<?= $lg['id'];?>' ).ckeditor( {
                         toolbar : 'MyToolbar',
-                        height:'250'
+                        height:'250',
+                        filebrowserBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&akey=<?= $rfmAkeyJS;?>',
+                        filebrowserImageBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&akey=<?= $rfmAkeyJS;?>',
+                        filebrowserUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&upload=1&akey=<?= $rfmAkeyJS;?>',
+                        filebrowserImageUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&upload=1&akey=<?= $rfmAkeyJS;?>'
                       });
                     });
                   </script>
@@ -401,6 +416,9 @@ echo $grid -> draw();
 
     $( "#images-uploader" ).pluploadQueue(
     {
+      multipart_params: {
+        upload_token: '<?= $upload_token ?>',
+      },
       runtimes: 'html5,flash,html4',
       init:
       {
@@ -453,6 +471,9 @@ echo $grid -> draw();
 
     $( "#files-uploader" ).pluploadQueue(
     {
+      multipart_params: {
+        upload_token: '<?= $upload_token ?>',
+      },
       runtimes: 'html5,flash,html4',
       init:
       {

admin/templates/banners/banner-edit.php

@@ -4,6 +4,11 @@
 \S::set_session( 'admin', true );
 global $db;
 
+$_SESSION['rfm_akey'] = bin2hex(random_bytes(16));
+$_SESSION['rfm_akey_expires'] = time() + 20*60;
+$_SESSION['can_use_rfm'] = true;
+$rfmAkeyJS = $_SESSION['rfm_akey'];
+
 ob_start();
 ?>
 
@@ -80,7 +85,7 @@ ob_start();
                                       'id'           => 'src_' . $lg['id'],
                                       'value'        => $this -> banner['languages'][ $lg['id'] ]['src'],
                                       'icon_content' => 'przeglądaj',
-                                      'icon_js'      => "window.open ( 'http://" . $_SERVER['SERVER_NAME'] . "/libraries/filemanager-9.14.2/dialog.php?type=1&popup=1&field_id=src_" . $lg['id'] . "&akey=c3cb2537d25c0efc9e573d059d79c3b8', 'mywindow', 'location=1,status=1,scrollbars=1, width=1100,height=700');"
+                                      'icon_js'      => "window.open ( 'http://" . $_SERVER['SERVER_NAME'] . "/libraries/filemanager-9.14.2/dialog.php?type=1&popup=1&field_id=src_" . $lg['id'] . "&akey=" . $rfmAkeyJS . "', 'mywindow', 'location=1,status=1,scrollbars=1, width=1100,height=700');"
                               )
                 );
                 ?>

admin/templates/shop-producer/edit.php

@@ -2,6 +2,12 @@
 <script type="text/javascript" src="/libraries/framework/vendor/plugins/ckeditor/adapters/jquery.js"></script>
 <?
 global $db;
+
+$_SESSION['rfm_akey'] = bin2hex(random_bytes(16));
+$_SESSION['rfm_akey_expires'] = time() + 20*60;
+$_SESSION['can_use_rfm'] = true;
+$rfmAkeyJS = $_SESSION['rfm_akey'];
+
 ob_start();
 ?>
   <div id="settings-tabs">
@@ -30,7 +36,7 @@ ob_start();
                     'id' => 'img',
                     'value' => $this -> producer['img'],
                     'icon_content' => 'przeglądaj',
-                    'icon_js' => "window.open ( 'http://" . $_SERVER['SERVER_NAME'] . "/libraries/filemanager-9.14.2/dialog.php?type=1&popup=1&field_id=img&akey=c3cb2537d25c0efc9e573d059d79c3b8', 'mywindow', 'location=1,status=1,scrollbars=1, width=1100,height=700');"
+                    'icon_js' => "window.open ( 'http://" . $_SERVER['SERVER_NAME'] . "/libraries/filemanager-9.14.2/dialog.php?type=1&popup=1&field_id=img&akey=" . $rfmAkeyJS . "', 'mywindow', 'location=1,status=1,scrollbars=1, width=1100,height=700');"
                 ] );
         ?>
       </div>

admin/templates/shop-product/product-edit.php

@@ -4,6 +4,17 @@
 <?
 global $db;
 
+$upload_token = bin2hex( random_bytes(24) );
+$_SESSION['upload_tokens'][$upload_token] = [
+  'user_id' => $this -> user['id'],
+  'expires' => time() + 60*20
+];
+
+$_SESSION['rfm_akey'] = bin2hex(random_bytes(16));
+$_SESSION['rfm_akey_expires'] = time() + 20*60;
+$_SESSION['can_use_rfm'] = true;
+$rfmAkeyJS = $_SESSION['rfm_akey'];
+
 ob_start();
 ?>
 
@@ -119,7 +130,11 @@ ob_start();
                     $(function() {
                       $('#short_description_<?= $lg['id']; ?>, #description_<?= $lg['id']; ?>').ckeditor({
                         toolbar: 'MyToolbar',
-                        height: '250'
+                        height: '250',
+                        filebrowserBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&akey=<?= $rfmAkeyJS;?>',
+                        filebrowserImageBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&akey=<?= $rfmAkeyJS;?>',
+                        filebrowserUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&upload=1&akey=<?= $rfmAkeyJS;?>',
+                        filebrowserImageUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&upload=1&akey=<?= $rfmAkeyJS;?>'
                       });
                     });
                   </script>
@@ -208,7 +223,11 @@ ob_start();
                     $(function() {
                       $('#tab_description_1_<?= $lg['id']; ?>, #tab_description_2_<?= $lg['id']; ?>').ckeditor({
                         toolbar: 'MyToolbar',
-                        height: '250'
+                        height: '250',
+                        filebrowserBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&akey=<?= $rfmAkeyJS;?>',
+                        filebrowserImageBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&akey=<?= $rfmAkeyJS;?>',
+                        filebrowserUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&upload=1&akey=<?= $rfmAkeyJS;?>',
+                        filebrowserImageUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&upload=1&akey=<?= $rfmAkeyJS;?>'
                       });
                     });
                   </script>
@@ -826,6 +845,9 @@ echo $grid->draw();
     });
 
     $("#images-uploader").pluploadQueue({
+      multipart_params: {
+        upload_token: '<?= $upload_token ?>',
+      },
       runtimes: 'html5,flash,html4',
       init: {
         Refresh: function(up) {
@@ -874,6 +896,9 @@ echo $grid->draw();
     });
 
     $("#files-uploader").pluploadQueue({
+      multipart_params: {
+        upload_token: '<?= $upload_token ?>',
+      },
       runtimes: 'html5,flash,html4',
       init: {
         Refresh: function(up) {

admin/templates/update/main-view.php

@@ -64,7 +64,7 @@ echo $grid -> draw();
 ?>
 <?
 ob_start();
-echo $versions = file_get_contents( 'http://www.shoppro.project-dc.pl/updates/changelog.php' );
+echo $versions = file_get_contents( 'https://shoppro.project-dc.pl/updates/changelog.php' );
 $out = ob_get_clean();
 
 $grid                    = new \gridEdit;

autoload/admin/controls/class.Articles.php

@@ -39,19 +39,24 @@ class Articles
     exit;
   }
 
-  public static function article_edit()
+  public static function article_edit() {
-  {
+    global $user;
+
+    if ( !$user ) {
+      header( 'Location: /admin/' );
+      exit;
+    }
+
     \admin\factory\Articles::delete_nonassigned_images();
     \admin\factory\Articles::delete_nonassigned_files();
 
-    return \admin\view\Articles::article_edit(
+    return \Tpl::view( 'articles/article-edit', [
-              \admin\factory\Articles::article_details(
+      'article'   => \admin\factory\Articles::article_details( (int)\S::get( 'id' ) ),
-                \S::get( 'id' )
+      'menus'     => \admin\factory\Pages::menus_list(),
-              ),
+      'languages' => \admin\factory\Languages::languages_list(),
-              \admin\factory\Pages::menus_list(),
+      'layouts'   => \admin\factory\Layouts::layouts_list(),
-              \admin\factory\Languages::languages_list(),
+      'user'      => $user
-              \admin\factory\Layouts::layouts_list()
+    ] );
-            );
   }
 
   public static function view_list()

autoload/admin/controls/class.ShopProduct.php

@@ -229,22 +229,29 @@ class ShopProduct
   }
 
   // edycja produktu
-  public static function product_edit()
+  public static function product_edit() {
-  {
+    global $user;
+
+    if ( !$user ) {
+      header( 'Location: /admin/' );
+      exit;
+    }
+
     \admin\factory\ShopProduct::delete_nonassigned_images();
     \admin\factory\ShopProduct::delete_nonassigned_files();
 
     return \Tpl::view( 'shop-product/product-edit', [
-            'product' => \admin\factory\ShopProduct::product_details( (int) \S::get( 'id' ) ),
+      'product'     => \admin\factory\ShopProduct::product_details( (int) \S::get( 'id' ) ),
-            'languages' => \admin\factory\Languages::languages_list(),
+      'languages'   => \admin\factory\Languages::languages_list(),
-            'categories' => \admin\factory\ShopCategory::subcategories( null ),
+      'categories'  => \admin\factory\ShopCategory::subcategories( null ),
-            'layouts' => \admin\factory\Layouts::layouts_list(),
+      'layouts'     => \admin\factory\Layouts::layouts_list(),
-            'products' => \admin\factory\ShopProduct::products_list(),
+      'products'    => \admin\factory\ShopProduct::products_list(),
-            'dlang' => \front\factory\Languages::default_language(),
+      'dlang'       => \front\factory\Languages::default_language(),
-            'sets' => \shop\ProductSet::sets_list(),
+      'sets'        => \shop\ProductSet::sets_list(),
-            'producers' => \admin\factory\ShopProducer::all(),
+      'producers'   => \admin\factory\ShopProducer::all(),
-            'units' => \admin\factory\Dictionaries::all_units()
+      'units'       => \admin\factory\Dictionaries::all_units(),
-        ] );
+      'user'        => $user
+    ] );
   }
 
   // ajax_load_products ARCHIVE

autoload/admin/view/class.Articles.php

@@ -24,15 +24,5 @@ class Articles
     $tpl = new \Tpl;
     return $tpl -> render( 'articles/articles-list' );
   }
-  
-  public static function article_edit( $article, $menus, $languages, $layouts )
-  {
-    $tpl = new \Tpl;
-    $tpl -> article     = $article;
-    $tpl -> menus       = $menus;
-    $tpl -> languages   = $languages;
-    $tpl -> layouts     = $layouts;
-    return $tpl -> render( 'articles/article-edit' );
-  }
 }
 ?>