Skip to content

Commit

Permalink
Webasyst Framework v.2.9.8
Browse files Browse the repository at this point in the history 
  * Improved the Webasyst 2 user interface.
  * Corrected access rights check in sending web push notifications.
  * Added authorization headers check in the API.
  • Loading branch information
Leonix committed Dec 22, 2023
1 parent eb24eb1 commit e7901ec
Show file tree
Hide file tree
Showing 20 changed files with 106 additions and 42 deletions.
2 changes: 1 addition & 1 deletion wa-apps/installer/js/installer.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -574,7 +574,7 @@ String.prototype.translate = function () {
const startPosition = $this.offset();

const target_params = {
top: targetPosition.top,
top: 0,
left: targetPosition.left
};

Expand Down
11 changes: 11 additions & 0 deletions wa-apps/installer/lib/actions/settings/installerSettingsStaticID.controller.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ protected function getUrl()
$params = [
'hash' => $wa_installer->getHash(),
'domain' => waRequest::server('HTTP_HOST'),
'token' => $this->getStoreToken(),
'beta_test_products' => 1,
'locale' => wa()->getLocale(),
];
Expand All @@ -81,6 +82,16 @@ protected function getUrl()
return $url;
}

protected function getStoreToken()
{
$token_data = (new waAppSettingsModel)->get('installer', 'token_data', false);
if ($token_data) {
$token_data = waUtils::jsonDecode($token_data, true);
return $token_data && isset($token_data['token']) ? $token_data['token'] : null;
}
return null;
}

protected function logException(Exception $e)
{
$message = join(PHP_EOL, [$e->getCode(), $e->getMessage(), $e->getTraceAsString()]);
Expand Down
4 changes: 2 additions & 2 deletions wa-apps/installer/lib/config/app.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
'description' => 'Install new apps from the Webasyst Store',
'icon' => 'img/installer.svg',
'mobile' => false,
'version' => '2.9.7',
'critical' => '2.9.7',
'version' => '2.9.8',
'critical' => '2.9.8',
'system' => true,
'vendor' => 'webasyst',
'csrf' => true,
Expand Down
8 changes: 7 additions & 1 deletion wa-content/js/jquery-wa/dashboard-mobile.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -553,6 +553,7 @@ const Page = ( function($, backend_url) {

/*TODO check vice versa case*/
$widgetActivity.find('.activity-empty-today').remove();
$widgetActivity.find('.activity-divider.hidden:first').removeClass('hidden');

that.storage.isActivityFilterLocked = false;
});
Expand Down Expand Up @@ -620,7 +621,12 @@ const Page = ( function($, backend_url) {
// Render
$widgetActivity.find(".empty-activity-text").remove();
$widgetActivity.find(".activity-item.activity-empty-today").remove();
$wrapper.prepend(response);
const $activity_divider = $wrapper.find('.activity-divider:first');
if ($activity_divider.length) {
$activity_divider.after(response)
}else{
$wrapper.prepend(response);
}
}

that.storage.isTopLazyLoadLocked = false;
Expand Down
30 changes: 29 additions & 1 deletion wa-content/js/jquery-wa/dashboard.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1487,6 +1487,7 @@ const Page = ( function($, backend_url) {

/*TODO check vice versa case*/
$widgetActivity.find('.activity-empty-today').remove();
$widgetActivity.find('.activity-divider.hidden:first').removeClass('hidden');

that.storage.isActivityFilterLocked = false;
});
Expand Down Expand Up @@ -1608,6 +1609,17 @@ const Page = ( function($, backend_url) {

/*TODO check vice versa case*/
$widgetActivity.find('.activity-empty-today').remove();

const $activity_divider = $widgetActivity.find('.activity-divider');
let uniqueTexts = [];
$activity_divider.each(function() {
const text = $(this).text();
if ($.inArray(text, uniqueTexts) === -1) {
uniqueTexts.push(text);
} else {
$(this).remove();
}
});
});
}
}
Expand Down Expand Up @@ -1637,7 +1649,23 @@ const Page = ( function($, backend_url) {
// Render
$widgetActivity.find(".empty-activity-text").remove();
$widgetActivity.find(".activity-item.activity-empty-today").remove();
$wrapper.prepend(response);
const $today_divider = $widgetActivity.find('.activity-divider.today');
const $activity_divider = $widgetActivity.find('.activity-divider');
if ($today_divider.length) {
$today_divider.after(response)
}else{
$wrapper.prepend(response);
}

let uniqueTexts = [];
$activity_divider.each(function() {
const text = $(this).text();
if ($.inArray(text, uniqueTexts) === -1) {
uniqueTexts.push(text);
} else {
$(this).remove();
}
});
}

that.storage.isTopLazyLoadLocked = false;
Expand Down
9 changes: 6 additions & 3 deletions wa-system/api/waAPIController.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,17 +169,20 @@ protected function checkToken()
$token = waRequest::server('HTTP_AUTHORIZATION', null, 'string');
}
if ($token) {
$token = preg_replace('~^(Bearer\s)~ui', '', $token);
$token = preg_replace('~^(\s*Bearer\s+)~ui', '', $token);
$token = trim($token);
}
}
if (!$token) {
throw new waAPIException('invalid_request', 'Required parameter is missing: access_token', 400);
throw new waAPIException('token_required', 'Access token is missing', 400);
}

$tokens_model = new waApiTokensModel();
$data = $tokens_model->getById($token);
if (!$data || $data['token'] != $token) {
throw new waAPIException('invalid_token', 'Invalid access token', 401);
throw new waAPIException('invalid_token', 'Invalid access token', 401, [
'sha256' => hash('sha256', $token),
]);
}
if ($data['expires'] && (strtotime($data['expires']) < time())) {
throw new waAPIException('invalid_token', 'Access token has expired', 401);
Expand Down
4 changes: 2 additions & 2 deletions wa-system/captcha/phpcaptcha/templates/captcha.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<p>
<a href="#" class="wa-captcha-refresh">{$refresh}</a>
</p>
<script type="text/javascript">
<script>
$(function () {
$('div.{$wrapper_class} .wa-captcha-img').on('load', function () {
$(window).trigger('wa_captcha_loaded');
Expand All @@ -31,4 +31,4 @@
});
});
</script>
</div>
</div>
4 changes: 2 additions & 2 deletions wa-system/captcha/phpcaptcha/templates/captcha2.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
</a>
</div>
</div>
<script type="text/javascript">
<script>
$(function () {
$('div.{$wrapper_class} .wa-captcha-img').on('load', function () {
$(window).trigger('wa_captcha_loaded');
Expand All @@ -36,4 +36,4 @@
});
});
</script>
</div>
</div>
14 changes: 14 additions & 0 deletions wa-system/contact/waContactAddressField.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,13 @@ public function format($data, $format = null, $ignore_hidden = true)
$tmp = trim($field->format($data['data'][$f_id], 'value', $data['data']));
if ($tmp) {
if (!in_array($f_id, array('country', 'region', 'zip', 'street', 'city'))) {
if ($field instanceof waContactSelectField) {
try {
$tmp = $field->getOptions($tmp);
} catch (Exception $e) {
//
}
}
$tmp = $field->getName().' '.$tmp;
}
$value[$f_id] = $tmp;
Expand Down Expand Up @@ -276,6 +283,13 @@ protected function getParts($data, $format = null)
}
$result['parts'][$id] = htmlspecialchars($result['parts'][$id]);
if (!in_array($id, array('country', 'region', 'zip', 'street', 'city'))) {
if ($field instanceof waContactSelectField) {
try {
$result['parts'][$id] = $field->getOptions($result['parts'][$id]);
} catch (Exception $e) {
//
}
}
$result['parts'][$id] = '<span>'.$field->getName().'</span>' . ' ' . $result['parts'][$id];
}
}
Expand Down
4 changes: 2 additions & 2 deletions wa-system/design/templates/Design.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -248,9 +248,9 @@ <h3 class="dialog-header">[s`Upload theme`]</h3>
$theme_preview_link = $('.js-tabs-menu .wa-theme-preview'),
$theme_edit_link = $('.js-tabs-menu li[data-action="edit"]');

const current_menu_id = sessionStorage.getItem('wa_design_menu_id') ?? null;
var current_menu_id = sessionStorage.getItem('wa_design_menu_id') ?? null;

let $bottombar = $('.bottombar');
var $bottombar = $('.bottombar');


async function postData(url, data) {
Expand Down
8 changes: 4 additions & 4 deletions wa-system/push/adapters/onesignal/api_key_description.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,15 @@
[s`Each domain used by your backend users has to be configured separately in OneSignal account.`]
</p>

<table class="light" style="max-width: 200px; margin: 0 0 10px 0;">
<table class="light" style="max-width: {if $wa->whichUI() == '1.3'}200px{else}auto{/if}; margin: 0 0 10px 0;">
{foreach $domains as $d}
<tr>
<td style="color: black;">{$d.name|escape}</td>
<td{if $wa->whichUI() == '1.3'} style="color: black;"{else} class="black"{/if}>{$d.name|escape}</td>
{if $d.connected}
<td style="color: green;">[`Connected`]</td>
<td></td>
{else}
<td style="color: red;">[`Not connected`]</td>
<td{if $wa->whichUI() == '1.3'} style="color: red;"{else} class="text-red"{/if}>[`Not connected`]</td>
{/if}
</tr>
{/foreach}
Expand All @@ -30,4 +30,4 @@
[s`To add a different domain, open Webasyst backend on that domain and save settings again.`]
</p>
</div>
{/if}
{/if}
12 changes: 6 additions & 6 deletions wa-system/view/waViewHelper.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,7 +261,7 @@ public function head()
$og = wa()->getResponse()->getMeta('og');
if ($og) {
foreach ($og as $k => $v) {
$html .= '<meta property="'.htmlspecialchars($k).'" content="'.htmlspecialchars($v).'" />'.PHP_EOL;
$html .= '<meta property="'.htmlspecialchars($k).'" content="'.htmlspecialchars($v).'">'.PHP_EOL;
}
}

Expand All @@ -282,7 +282,7 @@ public function head()
if (!empty($domain_config['google_analytics']['code'])) {
if (!empty($domain_config['google_analytics']['universal'])) {
$html .= <<<HTML
<script type="text/javascript">
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
Expand Down Expand Up @@ -310,7 +310,7 @@ function gtag(){dataLayer.push(arguments);}

$canonical = wa()->getResponse()->getCanonical();
if ($canonical) {
$html .= '<link rel="canonical" href="' . htmlspecialchars($canonical) . '" />' . PHP_EOL;
$html .= '<link rel="canonical" href="' . htmlspecialchars($canonical) . '">' . PHP_EOL;
}

return $html;
Expand Down Expand Up @@ -412,7 +412,7 @@ public function legacyCss($strict = false)

// for handling iPad and tablet computer default view properly
if (!waRequest::isMobile(false)) {
$css .= '<meta name="viewport" content="width=device-width, initial-scale=1" />'."\n";
$css .= '<meta name="viewport" content="width=device-width, initial-scale=1">'."\n";
}

return $css.wa()->getResponse()->getCss(true, $strict);
Expand All @@ -437,10 +437,10 @@ public function css($strict = false)
$css = '<link href="'.wa()->getRootUrl().'wa-content/css/wa/wa-2.0.css?v'.$this->version(true).'" rel="stylesheet" type="text/css">
<script src="'.wa()->getRootUrl().'wa-content/js/jquery-wa/wa.switch-mode.js?v'.$this->version(true).'"></script>
<script defer src="'.wa()->getRootUrl().'wa-content/js/fontawesome/fontawesome-all.min.js?v=513"></script>
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, shrink-to-fit=no, user-scalable=0" />';
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, shrink-to-fit=no, user-scalable=0">';

// no referrer for backend urls
$css .= '<meta name="referrer" content="origin-when-cross-origin" />';
$css .= '<meta name="referrer" content="origin-when-cross-origin">';
}

return $css.wa()->getResponse()->getCss(true, $strict);
Expand Down
6 changes: 4 additions & 2 deletions wa-system/webasyst/lib/classes/webasystFieldConstructor.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,11 +279,13 @@ protected function getUpdatedField($field = null, $data = array())
}

if ($select_field_value && $field->getParameter('storage') === 'data') {
$opts = array_map('trim', array_filter(explode("\r\n", $select_field_value)));
$opts = array_map('trim', explode("\r\n", $select_field_value));
if (!empty($opts)) {
$select_options = array();
foreach ($opts as $val) {
$select_options[$val] = $val;
if ((string) $val !== '') {
$select_options[$val] = $val;
}
}
$field->setParameter('options', $select_options);
}
Expand Down
4 changes: 2 additions & 2 deletions wa-system/webasyst/lib/config/app.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
return array(
'name' => 'Webasyst',
'prefix' => 'webasyst',
'version' => '2.9.7',
'critical' => '2.9.7',
'version' => '2.9.8',
'critical' => '2.9.8',
'vendor' => 'webasyst',
'csrf' => true,
'header_items' => array(
Expand Down
11 changes: 4 additions & 7 deletions wa-system/webasyst/lib/models/waContactRights.model.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -406,11 +406,9 @@ public function getByIds($ids, $app_id=null, $name='backend', $check_groups=true
'cids' => array_keys($no_access),
))->fetchAll('contact_id', true);
foreach($arr as $id => $v) {
$access[$id] = $v;
unset($no_access[$id]);
}
if (!$no_access) {
return $access;
if (!isset($access[$id])) {
$access[$id] = $v;
}
}

// Filter people with group rigths allowing $name
Expand All @@ -427,8 +425,7 @@ public function getByIds($ids, $app_id=null, $name='backend', $check_groups=true
'cids' => array_keys($no_access),
))->fetchAll('contact_id', true);
foreach($arr as $id => $v) {
$access[$id] = $v;
unset($no_access[$id]);
$access[$id] = max($v, ifset($access, $id, 0));
}

return $access;
Expand Down
Binary file modified wa-system/webasyst/locale/ru_RU/LC_MESSAGES/webasyst.mo
View file
Binary file not shown.
6 changes: 3 additions & 3 deletions wa-system/webasyst/locale/ru_RU/LC_MESSAGES/webasyst.po
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Webasyst\n"
"POT-Creation-Date: \n"
"PO-Revision-Date: 2023-10-19 10:27+0300\n"
"PO-Revision-Date: 2023-11-28 09:58+0300\n"
"Last-Translator: \n"
"Language-Team: \n"
"Language: ru_RU\n"
Expand Down Expand Up @@ -6421,8 +6421,8 @@ msgstr "Открыть в новом окне"
msgid "Copied"
msgstr "Скопировано"

msgid "This dashboard can be viewed both in a browser and on a TV with the support for basic website browsing. Get a private TV link and open it using an internal browser on your TV."
msgstr "Этот дашборд можно открыть и в браузере, и на любом телевизоре с функцией просмотра интернет-сайтов. Просто перейдите по приватной ссылке этого дашборда в браузере своего телевизора."
msgid "This dashboard can be displayed on a TV with a built-in website browser. Use it to open the dashboard’s special TV link."
msgstr "Этот дашборд можно показывать на телевизоре с функцией просмотра интернет-сайтов. Для этого откройте ссылку дашборда в браузере своего телевизора."

msgid "Show navigation"
msgstr "Показать меню"
Expand Down
2 changes: 1 addition & 1 deletion wa-system/webasyst/templates/actions/backend/BackendDashboard.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@
{if $no_today_activity}
<div class="activity-list-block activity-empty-today">
{if !$today_users}
<div class="activity-divider today h3 2">[`Today`]</div>
<div class="activity-divider today h3">[`Today`]</div>
{/if}
<div class="activity-item activity-empty-today custom-mb-24">
<div class="item-content-wrapper">
Expand Down
7 changes: 5 additions & 2 deletions wa-system/webasyst/templates/actions/dashboard/DashboardActivity.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,13 @@
{foreach $activity as $activity_item}
{$app_name = $activity_item.app.name}
{$app_color = ifset($activity_item.app.sash_color, "#aaa")}

{if $activity_item.datetime_group != $_group }
{if $activity_item@first && $activity_item.datetime_group == $_group}
<div class="activity-divider h3">{$activity_item.datetime_group}</div>
{/if}

{if $activity_item.datetime_group != $_group}
<div class="activity-divider h3{if $activity_item@first} today{/if}">{$activity_item.datetime_group}</div>
{/if}
{$_group=$activity_item.datetime_group}

<div class="activity-item" data-id="{$activity_item.id}">
Expand Down
2 changes: 1 addition & 1 deletion wa-system/webasyst/templates/actions/dashboard/DashboardDashboard.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ <h1>{$dashboard.name|escape}</h1>
</div>
<input style="position: absolute; left: -9999em" class="js-dashboard-url" type="text" aria-hidden="true" value="{$wa->domainUrl()}{$wa_backend_url}dashboard/{$dashboard.hash}/">
</div>
<span data-wa-tooltip-placement="right" data-wa-tooltip-content="[`This dashboard can be viewed both in a browser and on a TV with the support for basic website browsing. Get a private TV link and open it using an internal browser on your TV.`]">
<span data-wa-tooltip-placement="right" data-wa-tooltip-content="[`This dashboard can be displayed on a TV with a built-in website browser. Use it to open the dashboard’s special TV link.`]">
<i class="fas fa-question-circle"></i>
</span>
<div class="alert-fixed-box hidden" id="link_coped">
Expand Down

0 comments on commit e7901ec

Please sign in to comment.