merge dev

app/Controller/AppController.php

@@ -48,7 +48,7 @@ public function beforeFilter()
     {
         // find any xss vulnability on request data
         $datas = $this->request->data;
-        $this->request->data = $this->xssProtection($datas);
+        $this->request->data = $this->xssProtection($datas, ['command', 'cmd', 'order', 'broadcast']);
         $this->request->data["xss"] = $datas;
         // lowercase to avoid errors when the controller is called with uppercase
         $this->params['controller'] = strtolower($this->params['controller']);
@@ -57,7 +57,7 @@ public function beforeFilter()
         $LoginCondition = $this->here != "/login" || !$this->EyPlugin->isInstalled('phpierre.signinup');
 
         $this->loadModel("Maintenance");
-        if ($this->params['controller'] != "user" and $this->params['controller'] != "maintenance" and !$this->Permissions->can("BYPASS_MAINTENANCE") and $maintenance = $this->Maintenance->checkMaintenance($this->here) and $LoginCondition) {
+        if ($this->params['controller'] != "user" and $this->params['controller'] != "maintenance" and !$this->Permissions->can("BYPASS_MAINTENANCE") and $maintenance = $this->Maintenance->checkMaintenance($this->here, $this->Util) and $LoginCondition) {
             $this->redirect([
                 'controller' => 'maintenance',
                 'action' => $maintenance['url'],
@@ -113,10 +113,13 @@ public function beforeFilter()
 
     }
 
-    public function xssProtection($array)
+    public function xssProtection($array, $excluded = [])
     {
         foreach ($array as $key => $value) {
-            $array[$key] = is_array($value) ? $this->xssProtection($value) : $this->EySecurity->xssProtection($value);
+            if (strlen(str_replace($excluded, '', $key)) !== strlen($key))
+                $array[$key] = $value;
+            else
+                $array[$key] = is_array($value) ? $this->xssProtection($value) : $this->EySecurity->xssProtection($value);
         }
         return $array;
 
@@ -550,9 +553,17 @@ public function __initSeoConfiguration()
         $default = $this->Seo->find('first', ["conditions" => ['page' => null]])['Seo'];
         $current_url = $this->here;
         $get_page = [];
-        $check = max($this->Seo->find('all', ['conditions' => ["'" . $current_url . "' LIKE CONCAT(page, '%')"]]));
-        if ($check && ($check['Seo']["page"] == $current_url || $current_url != "/"))
+        $condition = ["'" . $current_url . "' LIKE CONCAT(page, '%')"];
+
+        $use_sqlite = $this->Util->useSqlite();
+
+        if ($use_sqlite)
+            $condition = ["'" . $current_url . "' LIKE 'page' || '%' "];
+        $check = $this->Seo->find('all', ['conditions' => $condition]);
+
+        if ($check && ($check = max($check)) && ($check['Seo']["page"] == $current_url || $current_url != "/"))
             $get_page = $check['Seo'];
+
         $seo_config['title'] = (!empty($default['title']) ? $default['title'] : "{TITLE} - {WEBSITE_NAME}");
         $seo_config['title'] = (!empty($get_page['title']) ? $get_page['title'] : $seo_config['title']);
         $seo_config['description'] = (!empty($get_page['description']) ? $get_page['description'] : (!empty($default['description']) ? $default['description'] : ""));

app/Controller/Component/UtilComponent.php

@@ -1,5 +1,6 @@
 <?php
 App::uses('CakeObject', 'Core');
+App::uses('ConnectionManager', 'Model');
 
 class UtilComponent extends CakeObject
 {
@@ -14,6 +15,8 @@ class UtilComponent extends CakeObject
 
     private $smtpOptions = [];
 
+    private $db_type = "mysql";
+
     function shutdown($controller)
     {
     }
@@ -33,10 +36,12 @@ function initialize($controller)
         if ($this->controller->Configuration === null) {
             $this->controller->Configuration = ClassRegistry::init('Configuration');
         }
+
     }
 
     function startup($controller)
     {
+        $this->db_type = ConnectionManager::$config->default['datasource'];
     }
 
     // Get ip (support cloudfare)
@@ -346,5 +351,16 @@ public function random($list, $probabilityTotal)
         return $item;
     }
 
+    public function getDBType()
+    {
+        return $this->db_type;
+    }
+
+    public function useSqlite() {
+        if (strpos(strtolower($this->getDBType()), "sqlite"))
+            return true;
+        return false;
+    }
+
 
 }

app/Controller/ConfigurationController.php

@@ -14,51 +14,11 @@ public function admin_index()
 
             if ($this->request->is('post')) {
                 foreach ($this->request->data as $key => $value) {
-                    if ($key != "version" && $key != "social_btn" && $key != "social_btn_edited" && $key != "social_btn_added") {
+                    if ($key != "version") {
                         if ($key == "banner_server") {
                             $value = serialize($value);
                         }
                         $data[$key] = $value;
-                    } else if ($key == "social_btn") { // si c'est pour les boutons sociaux personnalisés
-
-                        $this->loadModel('SocialButton');
-                        foreach ($value as $k => $v) { // on enregistre le tout
-                            if (!empty($v['color']) && !empty($v['url']) && (!empty($v['title']) || !empty($v['img']))) {
-                                $this->SocialButton->create();
-                                $this->SocialButton->set([
-                                    'title' => $v['title'],
-                                    'img' => $v['img'],
-                                    'color' => $v['color'],
-                                    'url' => $v['url']
-                                ]);
-                                $this->SocialButton->save();
-                            }
-                        }
-
-                    } else if ($key == "social_btn_edited") { // si c'est pour les boutons sociaux personnalisés
-
-                        $this->loadModel('SocialButton');
-                        foreach ($value as $k => $v) { // on enregistre le tout
-                            if (!empty($v['color']) && !empty($v['url']) && (!empty($v['title']) || !empty($v['img']))) {
-                                $this->SocialButton->read(null, $v['id']);
-                                $this->SocialButton->set([
-                                    'title' => $v['title'],
-                                    'img' => $v['img'],
-                                    'color' => $v['color'],
-                                    'url' => $v['url']
-                                ]);
-                                $this->SocialButton->save();
-                            }
-                        }
-
-                    } else if ($key == "social_btn_added") {
-                        $this->loadModel('SocialButton');
-                        foreach ($value['deleted'] as $k => $v) { // on enregistre le tout
-                            $find = $this->SocialButton->findById($v);
-                            if (!empty($find)) {
-                                $this->SocialButton->delete($v);
-                            }
-                        }
                     }
                 }
 
@@ -98,8 +58,6 @@ public function admin_index()
 
             $this->set('shopIsInstalled', $this->EyPlugin->isInstalled('eywek.shop'));
 
-            $this->loadModel('SocialButton');
-            $this->set('social_buttons', $this->SocialButton->find('all', ['order' => 'id desc']));
         } else {
             $this->redirect('/');
         }

app/Controller/NavbarController.php

@@ -54,7 +54,7 @@ public function admin_save_ajax()
         if ($this->isConnected and $this->Permissions->can('MANAGE_NAV')) {
             if ($this->request->is('post')) {
                 if (!empty($this->request->data)) {
-                    $data = $this->request->data['xss']['nav'];
+                    $data = $this->request->data['navbar_order'];
                     $data = explode('&', $data);
                     $i = 1;
                     foreach ($data as $key => $value) {

app/Model/Maintenance.php

@@ -2,9 +2,16 @@
 
 class Maintenance extends AppModel
 {
-    function checkMaintenance($url = "")
+    function checkMaintenance($url, $utilComponent)
     {
-        $check = $this->find("first", ["conditions" => ["'" . $url . "' LIKE CONCAT(Maintenance.url, '%')", "active" => 1]]);
+        $use_sqlite = $utilComponent->useSqlite();
+
+        $condition = ["'" . $url . "' LIKE CONCAT(Maintenance.url, '%')", "active" => 1];
+
+        if ($use_sqlite)
+            $condition = ["'" . $url . "' LIKE 'Maintenance.url' || '%')", "active" => 1];
+
+        $check = $this->find("first", ["conditions" => $condition]);
         if (isset($check["Maintenance"]))
             $check = $check["Maintenance"];
         if ($check && (($check["url"] == $url) || ($check["sub_url"] && $url != "/")))

app/View/Navbar/admin_index.ctp

@@ -73,10 +73,8 @@
             axis: 'y',
             stop: function (event, ui) {
                 $('#save').empty().html('<?= $Lang->get('NAVBAR__SAVE_IN_PROGRESS') ?>');
-                var inputs = {};
-                var nav = $(this).sortable('serialize');
-                inputs['nav'] = nav;
-                $('#yolo').text(nav);
+                let inputs = {};
+                inputs['navbar_order'] = $(this).sortable('serialize');
                 inputs['data[_Token][key]'] = '<?= $csrfToken ?>';
                 $.post("<?= $this->Html->url(['controller' => 'navbar', 'action' => 'save_ajax', 'admin' => true]) ?>", inputs, function (data) {
                     if (data.statut) {