Merge branch 'release-1.4.1' into stable
This commit is contained in:
commit
e059544e90
16 changed files with 136 additions and 106 deletions
|
@ -6,6 +6,14 @@
|
|||
|
||||
- [S] release are always compared to the previous [S] release.
|
||||
|
||||
## Version 1.4.1 (2016-05-18) [S]
|
||||
- Switch to HTTP Basic Auth for the RCC API
|
||||
- Store password as hash
|
||||
- Require SSL for using the RCC and the RCC API
|
||||
- [FIX] Drawer "Go back" does not work
|
||||
- [FIX] Missing nodejs dependencies
|
||||
- [FIX] Disqus not completly migrated to new config
|
||||
|
||||
## Version 1.4.0 (2016-05-07) [S]
|
||||
|
||||
- Fix: Feeds contain no text
|
||||
|
|
|
@ -23,8 +23,14 @@ if ($password == "") {
|
|||
exit();
|
||||
}
|
||||
|
||||
$options = [
|
||||
'cost' => 12
|
||||
];
|
||||
|
||||
$password = password_hash($password, PASSWORD_BCRYPT, $options);
|
||||
|
||||
$username = '$username = "' . $username . '";';
|
||||
$password = '$password = "' . $password . '";';
|
||||
$password = '$password = \'' . $password . '\';';
|
||||
|
||||
$file = '<?php' . "\n" . $username . "\n" . $password . "\n";
|
||||
|
||||
|
|
|
@ -214,7 +214,7 @@ if ($config["design"]["drawer"] == "on") {
|
|||
// If viewing a blog or a tag
|
||||
?>
|
||||
<!-- Set a back item instead of the blogs. -->
|
||||
<a class="nav-item" onclick="goBack()">Go back</a>
|
||||
<a class="nav-item" onclick="history.go(-1);">Go back</a>
|
||||
<?php
|
||||
}
|
||||
if ($config["blog"]["home"] == "on") { // If a blog home is existend
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "rangitaki",
|
||||
"version": "1.4.0",
|
||||
"version": "1.4.1",
|
||||
"description": "A simple PHP blogging engine without any database dependencies",
|
||||
"main": "index.php",
|
||||
"scripts": {
|
||||
|
@ -21,6 +21,7 @@
|
|||
},
|
||||
"homepage": "https://gitlab.com/mmk2410/rangitaki#README",
|
||||
"devDependencies": {
|
||||
"coffee-script": "^1.10.0",
|
||||
"del": "^2.2.0",
|
||||
"gulp": "^3.9.1",
|
||||
"gulp-coffee": "^2.3.2",
|
||||
|
@ -30,6 +31,7 @@
|
|||
"gulp-size": "^2.1.0",
|
||||
"gulp-sourcemaps": "^2.0.0-alpha",
|
||||
"gulp-uglify": "^1.5.3",
|
||||
"merge-stream": "^1.0.0"
|
||||
"merge-stream": "^1.0.0",
|
||||
"node-sass": "^3.7.0"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,52 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* PHP Version 7
|
||||
*
|
||||
* Authentication Helper Class
|
||||
*
|
||||
* @category Authentication
|
||||
* @package Rbe
|
||||
* @author Marcel Kapfer (mmk2410) <marcelmichaelkapfer@yahoo.co.nz>
|
||||
* @license MIT License
|
||||
* @link http://marcel-kapfer.de/rangitaki
|
||||
*/
|
||||
namespace mmk2410\rbe\digestAuth;
|
||||
|
||||
/**
|
||||
* PHP Version 7
|
||||
*
|
||||
* Authentication Helper Class
|
||||
*
|
||||
* @category Authentication
|
||||
* @package Rbe
|
||||
* @author Marcel Kapfer (mmk2410) <marcelmichaelkapfer@yahoo.co.nz>
|
||||
* @license MIT License
|
||||
* @link http://marcel-kapfer.de/rangitaki
|
||||
*/
|
||||
class DigestAuth
|
||||
{
|
||||
|
||||
/**
|
||||
* parser for http digest
|
||||
*
|
||||
* @param $txt data to parse
|
||||
*
|
||||
* @return parsed data or FALSE
|
||||
*/
|
||||
public function httpDigestParse($txt)
|
||||
{
|
||||
// protect against missing data
|
||||
$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
|
||||
$data = array();
|
||||
$keys = implode('|', array_keys($needed_parts));
|
||||
|
||||
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
|
||||
|
||||
foreach ($matches as $m) {
|
||||
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
|
||||
unset($needed_parts[$m[1]]);
|
||||
}
|
||||
|
||||
return $needed_parts ? false : $data;
|
||||
}
|
||||
}
|
|
@ -1,39 +1,22 @@
|
|||
<?php
|
||||
// Marcel Kapfer (mmk2410)
|
||||
// License: MIT License
|
||||
// api digest auth
|
||||
// HTTP Basic Auth for the API
|
||||
|
||||
require 'DigestAuth.php';
|
||||
$basedir = "../../../";
|
||||
|
||||
require '../../ssl.php';
|
||||
|
||||
require '../../password.php';
|
||||
|
||||
use \mmk2410\rbe\digestAuth\DigestAuth as DigestAuth;
|
||||
|
||||
$realm = 'Restricted area';
|
||||
|
||||
$users = array($username => $password);
|
||||
|
||||
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
|
||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
header('WWW-Authenticate: Basic realm="RCC API"');
|
||||
header('HTTP/1.1 401 Unauthorized');
|
||||
header('WWW-Authenticate: Digest realm="'.$realm.
|
||||
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
|
||||
|
||||
die('Access to RCC API not granted');
|
||||
}
|
||||
|
||||
|
||||
// analyze the PHP_AUTH_DIGEST variable
|
||||
if (!($data = DigestAuth::httpDigestParse($_SERVER['PHP_AUTH_DIGEST'])) ||
|
||||
!isset($users[$data['username']])) {
|
||||
die('Wrong Credentials!');
|
||||
}
|
||||
|
||||
|
||||
// generate the valid response
|
||||
$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
|
||||
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
|
||||
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
|
||||
|
||||
if ($data['response'] != $valid_response) {
|
||||
die('Wrong Credentials!');
|
||||
echo "Access denied to the RCC API!";
|
||||
exit;
|
||||
} elseif ($_SERVER['PHP_AUTH_USER'] != $username ||
|
||||
!password_verify($_SERVER['PHP_AUTH_PW'], $password)) {
|
||||
header('HTTP/1.1 401 Unauthorized');
|
||||
echo "Wrong credentials: Access denied!";
|
||||
exit;
|
||||
}
|
||||
|
|
|
@ -9,13 +9,13 @@ use \Psr\Http\Message\ResponseInterface as Response;
|
|||
require '../../../vendor/autoload.php';
|
||||
require '../../../res/php/Config.php';
|
||||
|
||||
include '../auth/auth.php';
|
||||
|
||||
use \mmk2410\rbe\config\Config as Config;
|
||||
|
||||
$config = new Config("../../../config.yaml", '../../../vendor/autoload.php');
|
||||
$settings = $config->getConfig();
|
||||
|
||||
include '../auth/auth.php';
|
||||
|
||||
if ($settings["rcc"]["api"] == "on" && $settings["rcc"]["rcc"] == "on") {
|
||||
$app = new \Slim\App();
|
||||
|
||||
|
|
|
@ -10,13 +10,13 @@ require '../../../vendor/autoload.php';
|
|||
require '../../../res/php/Config.php';
|
||||
require '../../../res/php/ArticleGenerator.php';
|
||||
|
||||
include '../auth/auth.php';
|
||||
|
||||
use \mmk2410\rbe\config\Config as Config;
|
||||
|
||||
$config = new Config("../../../config.yaml", '../../../vendor/autoload.php');
|
||||
$settings = $config->getConfig();
|
||||
|
||||
include '../auth/auth.php';
|
||||
|
||||
if ($settings["rcc"]["api"] == "on" && $settings["rcc"]["rcc"] == "on") {
|
||||
$app = new \Slim\App();
|
||||
|
||||
|
|
|
@ -10,13 +10,13 @@ require '../../../vendor/autoload.php';
|
|||
require '../../../res/php/Config.php';
|
||||
require '../../../res/php/ArticleGenerator.php';
|
||||
|
||||
include '../auth/auth.php';
|
||||
|
||||
use \mmk2410\rbe\config\Config as Config;
|
||||
|
||||
$config = new Config("../../../config.yaml", '../../../vendor/autoload.php');
|
||||
$settings = $config->getConfig();
|
||||
|
||||
include '../auth/auth.php';
|
||||
|
||||
if ($settings["rcc"]["api"] == "on" && $settings["rcc"]["rcc"] == "on") {
|
||||
$app = new \Slim\App();
|
||||
|
||||
|
|
|
@ -32,6 +32,17 @@
|
|||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
* THE SOFTWARE.
|
||||
*/
|
||||
|
||||
require '../vendor/autoload.php';
|
||||
require '../res/php/Config.php';
|
||||
|
||||
use \mmk2410\rbe\config\Config as Config;
|
||||
|
||||
$config = new Config("../config.yaml", '../vendor/autoload.php');
|
||||
$settings = $config->getConfig();
|
||||
|
||||
include './ssl.php';
|
||||
|
||||
?>
|
||||
|
||||
<!DOCTYPE html>
|
||||
|
@ -64,12 +75,7 @@
|
|||
|
||||
<div class="main">
|
||||
<?php
|
||||
require '../res/php/Config.php';
|
||||
use mmk2410\rbe\config\Config as Config;
|
||||
|
||||
$configParser = new Config('../config.yaml', '../vendor/autoload.php');
|
||||
|
||||
$config = $configParser->getConfig();
|
||||
$config = $settings;
|
||||
|
||||
if ($config["rcc"]["rcc"] == "on") {
|
||||
include 'password.php';
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
<?php
|
||||
$username = "example";
|
||||
$password = "example";
|
||||
$username = "test";
|
||||
$password = '$2y$12$nHitKTwHqU4GmI3ADVE05eH/723fCNgdQ65kQ53FyZUVVB03BjfCO';
|
||||
|
|
11
rcc/ssl.php
Normal file
11
rcc/ssl.php
Normal file
|
@ -0,0 +1,11 @@
|
|||
<?php
|
||||
// Marcel Kapfer (mmk2410) / Wilson O'Sullivan
|
||||
// License: MIT License
|
||||
// SSL Verification
|
||||
|
||||
if ($settings["rcc"]["debug"] != "on") {
|
||||
if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") {
|
||||
header('HTTP/1.1 400 Bad Request');
|
||||
exit();
|
||||
}
|
||||
}
|
|
@ -1 +1 @@
|
|||
(function(){var n,t,a,e,r,i;r=function(){var e,r;return e=!1,$(".fabmenu").click(function(){return e?(a(),e=!1):(t(),e=!0)}),r=!1,$(".nav-img, .overlay, .nav-close").click(function(){return r?(n(),r=!1):(i(),r=!0)}),$(document).keyup(function(t){return r&&27===t.which?(n(),r=!1):r||77!==t.which?void 0:(i(),r=!0)}),$(".articletext a").attr("target","_blank")},$(document).ready(r),e=function(){return history.go(-1)},t=function(){return $(".subfab").fadeIn(125),$(".fab-img").fadeOut(60,function(){return $(".fab-img").attr("src","./res/img/close.svg"),$(".fab-img").fadeIn(60)})},a=function(){return $(".subfab").fadeOut(125),$(".fab-img").fadeOut(60,function(){return $(".fab-img").attr("src","./res/img/share.svg"),$(".fab-img").fadeIn(60)})},i=function(){return $(".nav").animate({left:"0px"},125),$(".overlay").show(),$(".overlay").animate({opacity:"0.4"},125)},n=function(){return $(".nav").animate({left:"-301px"},125),$(".overlay").animate({opacity:"0.0"},125,function(){return $(".overlay").hide})}}).call(this);
|
||||
(function(){var n,t,a,e,r;e=function(){var e,i;return e=!1,$(".fabmenu").click(function(){return e?(a(),e=!1):(t(),e=!0)}),i=!1,$(".nav-img, .overlay, .nav-close").click(function(){return i?(n(),i=!1):(r(),i=!0)}),$(document).keyup(function(t){return i&&27===t.which?(n(),i=!1):i||77!==t.which?void 0:(r(),i=!0)}),$(".articletext a").attr("target","_blank")},$(document).ready(e),t=function(){return $(".subfab").fadeIn(125),$(".fab-img").fadeOut(60,function(){return $(".fab-img").attr("src","./res/img/close.svg"),$(".fab-img").fadeIn(60)})},a=function(){return $(".subfab").fadeOut(125),$(".fab-img").fadeOut(60,function(){return $(".fab-img").attr("src","./res/img/share.svg"),$(".fab-img").fadeIn(60)})},r=function(){return $(".nav").animate({left:"0px"},125),$(".overlay").show(),$(".overlay").animate({opacity:"0.4"},125)},n=function(){return $(".nav").animate({left:"-301px"},125),$(".overlay").animate({opacity:"0.0"},125,function(){return $(".overlay").hide})}}).call(this);
|
|
@ -22,7 +22,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|||
THE SOFTWARE.
|
||||
-->
|
||||
|
||||
<?php if ($blogdisqus) { // check if disqus is enabled ?>
|
||||
<?php if ($config['blog']['disqus']) { // check if disqus is enabled ?>
|
||||
<section class="card">
|
||||
<div id="disqus_thread"></div>
|
||||
<script type="text/javascript">
|
||||
|
|
|
@ -64,9 +64,6 @@ main = () ->
|
|||
|
||||
$(document).ready main
|
||||
|
||||
goBack = () ->
|
||||
history.go -1
|
||||
|
||||
fabFadeIn = () ->
|
||||
$('.subfab').fadeIn 125
|
||||
$('.fab-img').fadeOut 60, ->
|
||||
|
@ -88,4 +85,3 @@ closeNav = () ->
|
|||
$('.nav').animate {"left": "-301px"}, 125
|
||||
$('.overlay').animate {"opacity": "0.0"}, 125, ->
|
||||
$('.overlay').hide
|
||||
|
||||
|
|
70
update-scripts/1-4-0_1-4-1.sh
Executable file
70
update-scripts/1-4-0_1-4-1.sh
Executable file
|
@ -0,0 +1,70 @@
|
|||
#!/bin/bash
|
||||
# Update script for Rangitaki from version 1.4.0 to 1.4.1
|
||||
|
||||
version="1.4.1"
|
||||
new="./rbe-new"
|
||||
|
||||
echo -n "Downloading version $version from GitLab... "
|
||||
git clone -q https://gitlab.com/mmk2410/rangitaki.git "$new"
|
||||
|
||||
if [[ $1 == "--debug" ]]; then
|
||||
cd $new
|
||||
git checkout master
|
||||
cd ../
|
||||
fi
|
||||
echo "done"
|
||||
|
||||
echo -n "Updating ressources... "
|
||||
rm -rf ./res/
|
||||
mv $new/res/ ./
|
||||
echo "done"
|
||||
|
||||
echo -n "Updating binaries... "
|
||||
rm -rf ./bin
|
||||
mv $new/bin/ ./
|
||||
echo "done"
|
||||
|
||||
echo -n "Updating source files... "
|
||||
rm -rf ./src
|
||||
mv $new/src/ ./
|
||||
echo "done"
|
||||
|
||||
echo -n "Updating RCC... "
|
||||
rm -rf ./rcc
|
||||
mv $new/rcc ./
|
||||
rm ./rcc/password.php
|
||||
echo "done"
|
||||
|
||||
echo -n "Updating core... "
|
||||
rm ./index.php
|
||||
mv $new/index.php ./
|
||||
echo "done"
|
||||
|
||||
echo -n "Updating npm... "
|
||||
mv $new/package.json ./
|
||||
echo "done"
|
||||
|
||||
echo -n "Updating Changelog... "
|
||||
|
||||
if [ -f ./CHANGELOG.txt ]; then
|
||||
rm CHANGELOG.txt
|
||||
fi
|
||||
|
||||
mv $new/CHANGELOG.md ./
|
||||
echo "done"
|
||||
|
||||
if [[ $1 != "--debug" ]]; then
|
||||
echo -n "Cleaning up... "
|
||||
rm -rf $new
|
||||
echo "done"
|
||||
fi
|
||||
|
||||
if [ -d "./update-scripts" ]; then
|
||||
echo -n "Remove obsolete update scripts folder... "
|
||||
rm -rf "./update-scripts"
|
||||
echo "done"
|
||||
fi
|
||||
|
||||
echo "$version" > ./VERSION
|
||||
|
||||
echo "Your Rangitaki installation is updated to version $version"
|
Reference in a new issue