From a59e364417c198ffb31e72de525c9e0900c8676a Mon Sep 17 00:00:00 2001 From: Sergio Brighenti Date: Tue, 17 Sep 2019 22:12:06 +0200 Subject: [PATCH] Clear database after orphaned files removal plaintext passwd not correctly removed from logs Fixes #74 --- CHANGELOG.md | 5 ++ app/Controllers/AdminController.php | 2 + app/Controllers/Controller.php | 1 + app/Controllers/UserController.php | 7 +- app/routes.php | 97 +++++++++++++----------- composer.json | 2 +- composer.lock | 25 +++--- resources/templates/dashboard/admin.twig | 4 +- 8 files changed, 82 insertions(+), 61 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3721dbf9..34497222 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +## v2.6.5 ++ Fixed error after orphaned files removal #74. ++ Fixed update password not correctly removed from log files #74. ++ Changed color to some buttons to address visibility with some themes. + ## v2.6.4 + Filter on displayable images. + Fixed during upload error on php compiled for 32 bit. diff --git a/app/Controllers/AdminController.php b/app/Controllers/AdminController.php index af1c494e..de849186 100644 --- a/app/Controllers/AdminController.php +++ b/app/Controllers/AdminController.php @@ -62,6 +62,8 @@ public function deleteOrphanFiles(Request $request, Response $response): Respons } } + $this->database->query('DELETE FROM `uploads` WHERE `user_id` IS NULL'); + $this->session->alert(lang('deleted_orphans', [$deleted])); return redirect($response, 'system'); diff --git a/app/Controllers/Controller.php b/app/Controllers/Controller.php index eca8a117..25da84e5 100644 --- a/app/Controllers/Controller.php +++ b/app/Controllers/Controller.php @@ -17,6 +17,7 @@ * @property Logger|null logger * @property Filesystem|null storage * @property Lang lang + * @property array settings */ abstract class Controller { diff --git a/app/Controllers/UserController.php b/app/Controllers/UserController.php index d8686025..f6ebf450 100644 --- a/app/Controllers/UserController.php +++ b/app/Controllers/UserController.php @@ -97,7 +97,7 @@ public function store(Request $request, Response $response): Response ]); $this->session->alert(lang('user_created', [$request->getParam('username')]), 'success'); - $this->logger->info('User ' . $this->session->get('username') . ' created a new user.', [array_diff($request->getParams(), ['password'])]); + $this->logger->info('User ' . $this->session->get('username') . ' created a new user.', [array_diff_key($request->getParams(), array_flip(['password']))]); return redirect($response, 'user.index'); } @@ -183,7 +183,10 @@ public function update(Request $request, Response $response, $args): Response } $this->session->alert(lang('user_updated', [$request->getParam('username')]), 'success'); - $this->logger->info('User ' . $this->session->get('username') . " updated $user->id.", [$user, array_diff($request->getParams(), ['password'])]); + $this->logger->info('User ' . $this->session->get('username') . " updated $user->id.", [ + array_diff_key((array)$user, array_flip(['password'])), + array_diff_key($request->getParams(), array_flip(['password'])), + ]); return redirect($response, 'user.index'); diff --git a/app/routes.php b/app/routes.php index c3e892d5..bd83bf03 100644 --- a/app/routes.php +++ b/app/routes.php @@ -1,57 +1,68 @@ group('', function () { - $this->get('/home[/page/{page}]', \App\Controllers\DashboardController::class . ':home')->setName('home'); + $this->get('/home[/page/{page}]', DashboardController::class . ':home')->setName('home'); $this->group('', function () { - $this->get('/home/switchView', \App\Controllers\DashboardController::class . ':switchView')->setName('switchView'); + $this->get('/home/switchView', DashboardController::class . ':switchView')->setName('switchView'); - $this->get('/system/deleteOrphanFiles', \App\Controllers\AdminController::class . ':deleteOrphanFiles')->setName('system.deleteOrphanFiles'); + $this->get('/system/deleteOrphanFiles', AdminController::class . ':deleteOrphanFiles')->setName('system.deleteOrphanFiles'); - $this->get('/system/themes', \App\Controllers\ThemeController::class . ':getThemes')->setName('theme'); - $this->post('/system/theme/apply', \App\Controllers\ThemeController::class . ':applyTheme')->setName('theme.apply'); + $this->get('/system/themes', ThemeController::class . ':getThemes')->setName('theme'); + $this->post('/system/theme/apply', ThemeController::class . ':applyTheme')->setName('theme.apply'); - $this->post('/system/lang/apply', \App\Controllers\AdminController::class . ':applyLang')->setName('lang.apply'); + $this->post('/system/lang/apply', AdminController::class . ':applyLang')->setName('lang.apply'); - $this->post('/system/upgrade', \App\Controllers\UpgradeController::class . ':upgrade')->setName('system.upgrade'); - $this->get('/system/checkForUpdates', \App\Controllers\UpgradeController::class . ':checkForUpdates')->setName('system.checkForUpdates'); + $this->post('/system/upgrade', UpgradeController::class . ':upgrade')->setName('system.upgrade'); + $this->get('/system/checkForUpdates', UpgradeController::class . ':checkForUpdates')->setName('system.checkForUpdates'); - $this->get('/system', \App\Controllers\AdminController::class . ':system')->setName('system'); + $this->get('/system', AdminController::class . ':system')->setName('system'); - $this->get('/users[/page/{page}]', \App\Controllers\UserController::class . ':index')->setName('user.index'); - })->add(\App\Middleware\AdminMiddleware::class); + $this->get('/users[/page/{page}]', UserController::class . ':index')->setName('user.index'); + })->add(AdminMiddleware::class); $this->group('/user', function () { - $this->get('/create', \App\Controllers\UserController::class . ':create')->setName('user.create'); - $this->post('/create', \App\Controllers\UserController::class . ':store')->setName('user.store'); - $this->get('/{id}/edit', \App\Controllers\UserController::class . ':edit')->setName('user.edit'); - $this->post('/{id}', \App\Controllers\UserController::class . ':update')->setName('user.update'); - $this->get('/{id}/delete', \App\Controllers\UserController::class . ':delete')->setName('user.delete'); - })->add(\App\Middleware\AdminMiddleware::class); - - $this->get('/profile', \App\Controllers\UserController::class . ':profile')->setName('profile'); - $this->post('/profile/{id}', \App\Controllers\UserController::class . ':profileEdit')->setName('profile.update'); - $this->post('/user/{id}/refreshToken', \App\Controllers\UserController::class . ':refreshToken')->setName('refreshToken'); - $this->get('/user/{id}/config/sharex', \App\Controllers\UserController::class . ':getShareXconfigFile')->setName('config.sharex'); - $this->get('/user/{id}/config/script', \App\Controllers\UserController::class . ':getUploaderScriptFile')->setName('config.script'); - - $this->post('/upload/{id}/publish', \App\Controllers\UploadController::class . ':togglePublish')->setName('upload.publish'); - $this->post('/upload/{id}/unpublish', \App\Controllers\UploadController::class . ':togglePublish')->setName('upload.unpublish'); - $this->get('/upload/{id}/raw', \App\Controllers\UploadController::class . ':getRawById')->add(\App\Middleware\AdminMiddleware::class)->setName('upload.raw'); - $this->post('/upload/{id}/delete', \App\Controllers\UploadController::class . ':delete')->setName('upload.delete'); - -})->add(App\Middleware\CheckForMaintenanceMiddleware::class)->add(\App\Middleware\AuthMiddleware::class); - -$app->get('/', \App\Controllers\DashboardController::class . ':redirects')->setName('root'); -$app->get('/login', \App\Controllers\LoginController::class . ':show')->setName('login.show'); -$app->post('/login', \App\Controllers\LoginController::class . ':login')->setName('login'); -$app->map(['GET', 'POST'], '/logout', \App\Controllers\LoginController::class . ':logout')->setName('logout'); - -$app->post('/upload', \App\Controllers\UploadController::class . ':upload')->setName('upload'); - -$app->get('/{userCode}/{mediaCode}', \App\Controllers\UploadController::class . ':show')->setName('public'); -$app->get('/{userCode}/{mediaCode}/delete/{token}', \App\Controllers\UploadController::class . ':show')->setName('public.delete.show')->add(\App\Middleware\CheckForMaintenanceMiddleware::class);; -$app->post('/{userCode}/{mediaCode}/delete/{token}', \App\Controllers\UploadController::class . ':deleteByToken')->setName('public.delete')->add(\App\Middleware\CheckForMaintenanceMiddleware::class);; -$app->get('/{userCode}/{mediaCode}/raw', \App\Controllers\UploadController::class . ':showRaw')->setName('public.raw')->setOutputBuffering(false); -$app->get('/{userCode}/{mediaCode}/download', \App\Controllers\UploadController::class . ':download')->setName('public.download')->setOutputBuffering(false); \ No newline at end of file + $this->get('/create', UserController::class . ':create')->setName('user.create'); + $this->post('/create', UserController::class . ':store')->setName('user.store'); + $this->get('/{id}/edit', UserController::class . ':edit')->setName('user.edit'); + $this->post('/{id}', UserController::class . ':update')->setName('user.update'); + $this->get('/{id}/delete', UserController::class . ':delete')->setName('user.delete'); + })->add(AdminMiddleware::class); + + $this->get('/profile', UserController::class . ':profile')->setName('profile'); + $this->post('/profile/{id}', UserController::class . ':profileEdit')->setName('profile.update'); + $this->post('/user/{id}/refreshToken', UserController::class . ':refreshToken')->setName('refreshToken'); + $this->get('/user/{id}/config/sharex', UserController::class . ':getShareXconfigFile')->setName('config.sharex'); + $this->get('/user/{id}/config/script', UserController::class . ':getUploaderScriptFile')->setName('config.script'); + + $this->post('/upload/{id}/publish', UploadController::class . ':togglePublish')->setName('upload.publish'); + $this->post('/upload/{id}/unpublish', UploadController::class . ':togglePublish')->setName('upload.unpublish'); + $this->get('/upload/{id}/raw', UploadController::class . ':getRawById')->add(AdminMiddleware::class)->setName('upload.raw'); + $this->post('/upload/{id}/delete', UploadController::class . ':delete')->setName('upload.delete'); + +})->add(App\Middleware\CheckForMaintenanceMiddleware::class)->add(AuthMiddleware::class); + +$app->get('/', DashboardController::class . ':redirects')->setName('root'); +$app->get('/login', LoginController::class . ':show')->setName('login.show'); +$app->post('/login', LoginController::class . ':login')->setName('login'); +$app->map(['GET', 'POST'], '/logout', LoginController::class . ':logout')->setName('logout'); + +$app->post('/upload', UploadController::class . ':upload')->setName('upload'); + +$app->get('/{userCode}/{mediaCode}', UploadController::class . ':show')->setName('public'); +$app->get('/{userCode}/{mediaCode}/delete/{token}', UploadController::class . ':show')->setName('public.delete.show')->add(CheckForMaintenanceMiddleware::class); +$app->post('/{userCode}/{mediaCode}/delete/{token}', UploadController::class . ':deleteByToken')->setName('public.delete')->add(CheckForMaintenanceMiddleware::class); +$app->get('/{userCode}/{mediaCode}/raw', UploadController::class . ':showRaw')->setName('public.raw')->setOutputBuffering(false); +$app->get('/{userCode}/{mediaCode}/download', UploadController::class . ':download')->setName('public.download')->setOutputBuffering(false); \ No newline at end of file diff --git a/composer.json b/composer.json index 5670ff31..2a43e1f3 100644 --- a/composer.json +++ b/composer.json @@ -1,6 +1,6 @@ { "name": "sergix44/xbackbone", - "version": "2.6.4", + "version": "2.6.5", "description": "A lightweight ShareX PHP backend", "type": "project", "require": { diff --git a/composer.lock b/composer.lock index 0170a4dc..449229dc 100644 --- a/composer.lock +++ b/composer.lock @@ -4,20 +4,20 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "4df20787f0e03ad691f0eb848cc7b25d", + "content-hash": "ebbdff1fa0c06d25785f6d437dc7e11f", "packages": [ { "name": "aws/aws-sdk-php", - "version": "3.112.0", + "version": "3.112.2", "source": { "type": "git", "url": "https://github.com/aws/aws-sdk-php.git", - "reference": "1e21446c6780a3b9b5e4315bd6d4347d2c3381eb" + "reference": "0d7a3ecb5dca10d1872ee5106cb154cbef52cf1c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/1e21446c6780a3b9b5e4315bd6d4347d2c3381eb", - "reference": "1e21446c6780a3b9b5e4315bd6d4347d2c3381eb", + "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/0d7a3ecb5dca10d1872ee5106cb154cbef52cf1c", + "reference": "0d7a3ecb5dca10d1872ee5106cb154cbef52cf1c", "shasum": "" }, "require": { @@ -87,7 +87,7 @@ "s3", "sdk" ], - "time": "2019-09-12T18:09:53+00:00" + "time": "2019-09-17T18:07:57+00:00" }, { "name": "container-interop/container-interop", @@ -2553,16 +2553,16 @@ }, { "name": "phpstan/phpstan", - "version": "0.11.15", + "version": "0.11.16", "source": { "type": "git", "url": "https://github.com/phpstan/phpstan.git", - "reference": "1be5b3a706db16ac472a4c40ec03cf4c810b118d" + "reference": "635cf20f3b92ce34ee94a8d2f282d62eb9dc6e1b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpstan/zipball/1be5b3a706db16ac472a4c40ec03cf4c810b118d", - "reference": "1be5b3a706db16ac472a4c40ec03cf4c810b118d", + "url": "https://api.github.com/repos/phpstan/phpstan/zipball/635cf20f3b92ce34ee94a8d2f282d62eb9dc6e1b", + "reference": "635cf20f3b92ce34ee94a8d2f282d62eb9dc6e1b", "shasum": "" }, "require": { @@ -2614,8 +2614,7 @@ "autoload": { "psr-4": { "PHPStan\\": [ - "src/", - "build/PHPStan" + "src/" ] } }, @@ -2624,7 +2623,7 @@ "MIT" ], "description": "PHPStan - PHP Static Analysis Tool", - "time": "2019-08-18T20:51:53+00:00" + "time": "2019-09-17T11:19:51+00:00" }, { "name": "symfony/console", diff --git a/resources/templates/dashboard/admin.twig b/resources/templates/dashboard/admin.twig index 0a8d51dd..36f8478d 100644 --- a/resources/templates/dashboard/admin.twig +++ b/resources/templates/dashboard/admin.twig @@ -54,8 +54,8 @@
{% if media.username is not null %} - - + + {% else %}