diff --git a/src/Module/Admin/Addons/Details.php b/src/Module/Admin/Addons/Details.php index 8e0e14f22..4c1fe2df9 100644 --- a/src/Module/Admin/Addons/Details.php +++ b/src/Module/Admin/Addons/Details.php @@ -32,26 +32,24 @@ class Details extends BaseAdmin { public static function post(array $parameters = []) { - parent::post($parameters); + self::checkAdminAccess(); - $a = DI::app(); + $addon = Strings::sanitizeFilePathItem($parameters['addon']); - if ($a->argc > 2) { - // @TODO: Replace with parameter from router - $addon = $a->argv[2]; - $addon = Strings::sanitizeFilePathItem($addon); - if (is_file('addon/' . $addon . '/' . $addon . '.php')) { - include_once 'addon/' . $addon . '/' . $addon . '.php'; - if (function_exists($addon . '_addon_admin_post')) { - $func = $addon . '_addon_admin_post'; - $func($a); - } + $redirect = 'admin/addons/' . $addon; - DI::baseUrl()->redirect('admin/addons/' . $addon); + if (is_file('addon/' . $addon . '/' . $addon . '.php')) { + include_once 'addon/' . $addon . '/' . $addon . '.php'; + + if (function_exists($addon . '_addon_admin_post')) { + self::checkFormSecurityTokenRedirectOnError($redirect, 'admin_addons_details'); + + $func = $addon . '_addon_admin_post'; + $func(DI::app()); } } - DI::baseUrl()->redirect('admin/addons'); + DI::baseUrl()->redirect($redirect); } public static function content(array $parameters = []) @@ -62,79 +60,73 @@ class Details extends BaseAdmin $addons_admin = Addon::getAdminList(); - if ($a->argc > 2) { - // @TODO: Replace with parameter from router - $addon = $a->argv[2]; - $addon = Strings::sanitizeFilePathItem($addon); - if (!is_file("addon/$addon/$addon.php")) { - notice(DI::l10n()->t('Addon not found.')); - Addon::uninstall($addon); - DI::baseUrl()->redirect('admin/addons'); - } - - if (($_GET['action'] ?? '') == 'toggle') { - parent::checkFormSecurityTokenRedirectOnError('/admin/addons', 'admin_themes', 't'); - - // Toggle addon status - if (Addon::isEnabled($addon)) { - Addon::uninstall($addon); - info(DI::l10n()->t('Addon %s disabled.', $addon)); - } else { - Addon::install($addon); - info(DI::l10n()->t('Addon %s enabled.', $addon)); - } - - DI::baseUrl()->redirect('admin/addons/' . $addon); - } - - // display addon details - if (Addon::isEnabled($addon)) { - $status = 'on'; - $action = DI::l10n()->t('Disable'); - } else { - $status = 'off'; - $action = DI::l10n()->t('Enable'); - } - - $readme = null; - if (is_file("addon/$addon/README.md")) { - $readme = Markdown::convert(file_get_contents("addon/$addon/README.md"), false); - } elseif (is_file("addon/$addon/README")) { - $readme = '
' . file_get_contents("addon/$addon/README") . ''; - } - - $admin_form = ''; - if (array_key_exists($addon, $addons_admin)) { - require_once "addon/$addon/$addon.php"; - $func = $addon . '_addon_admin'; - $func($a, $admin_form); - } - - $t = Renderer::getMarkupTemplate('admin/addons/details.tpl'); - - return Renderer::replaceMacros($t, [ - '$title' => DI::l10n()->t('Administration'), - '$page' => DI::l10n()->t('Addons'), - '$toggle' => DI::l10n()->t('Toggle'), - '$settings' => DI::l10n()->t('Settings'), - '$baseurl' => DI::baseUrl()->get(true), - - '$addon' => $addon, - '$status' => $status, - '$action' => $action, - '$info' => Addon::getInfo($addon), - '$str_author' => DI::l10n()->t('Author: '), - '$str_maintainer' => DI::l10n()->t('Maintainer: '), - - '$admin_form' => $admin_form, - '$function' => 'addons', - '$screenshot' => '', - '$readme' => $readme, - - '$form_security_token' => parent::getFormSecurityToken('admin_themes'), - ]); + $addon = Strings::sanitizeFilePathItem($parameters['addon']); + if (!is_file("addon/$addon/$addon.php")) { + notice(DI::l10n()->t('Addon not found.')); + Addon::uninstall($addon); + DI::baseUrl()->redirect('admin/addons'); } - DI::baseUrl()->redirect('admin/addons'); + if (($_GET['action'] ?? '') == 'toggle') { + self::checkFormSecurityTokenRedirectOnError('/admin/addons', 'admin_addons_details', 't'); + + // Toggle addon status + if (Addon::isEnabled($addon)) { + Addon::uninstall($addon); + info(DI::l10n()->t('Addon %s disabled.', $addon)); + } else { + Addon::install($addon); + info(DI::l10n()->t('Addon %s enabled.', $addon)); + } + + DI::baseUrl()->redirect('admin/addons/' . $addon); + } + + // display addon details + if (Addon::isEnabled($addon)) { + $status = 'on'; + $action = DI::l10n()->t('Disable'); + } else { + $status = 'off'; + $action = DI::l10n()->t('Enable'); + } + + $readme = null; + if (is_file("addon/$addon/README.md")) { + $readme = Markdown::convert(file_get_contents("addon/$addon/README.md"), false); + } elseif (is_file("addon/$addon/README")) { + $readme = '
' . file_get_contents("addon/$addon/README") . ''; + } + + $admin_form = ''; + if (array_key_exists($addon, $addons_admin)) { + require_once "addon/$addon/$addon.php"; + $func = $addon . '_addon_admin'; + $func($a, $admin_form); + } + + $t = Renderer::getMarkupTemplate('admin/addons/details.tpl'); + + return Renderer::replaceMacros($t, [ + '$title' => DI::l10n()->t('Administration'), + '$page' => DI::l10n()->t('Addons'), + '$toggle' => DI::l10n()->t('Toggle'), + '$settings' => DI::l10n()->t('Settings'), + '$baseurl' => DI::baseUrl()->get(true), + + '$addon' => $addon, + '$status' => $status, + '$action' => $action, + '$info' => Addon::getInfo($addon), + '$str_author' => DI::l10n()->t('Author: '), + '$str_maintainer' => DI::l10n()->t('Maintainer: '), + + '$admin_form' => $admin_form, + '$function' => 'addons', + '$screenshot' => '', + '$readme' => $readme, + + '$form_security_token' => self::getFormSecurityToken('admin_addons_details'), + ]); } } diff --git a/src/Module/Admin/Addons/Index.php b/src/Module/Admin/Addons/Index.php index 1636d6cc6..0ffe32edb 100644 --- a/src/Module/Admin/Addons/Index.php +++ b/src/Module/Admin/Addons/Index.php @@ -34,7 +34,7 @@ class Index extends BaseAdmin // reload active themes if (!empty($_GET['action'])) { - parent::checkFormSecurityTokenRedirectOnError('/admin/addons', 'admin_addons', 't'); + self::checkFormSecurityTokenRedirectOnError('/admin/addons', 'admin_addons', 't'); switch ($_GET['action']) { case 'reload': @@ -73,7 +73,7 @@ class Index extends BaseAdmin '$addons' => $addons, '$pcount' => count($addons), '$noplugshint' => DI::l10n()->t('There are currently no addons available on your node. You can find the official addon repository at %1$s and might find other interesting addons in the open addon registry at %2$s', 'https://github.com/friendica/friendica-addons', 'http://addons.friendi.ca'), - '$form_security_token' => parent::getFormSecurityToken('admin_addons'), + '$form_security_token' => self::getFormSecurityToken('admin_addons'), ]); } } diff --git a/src/Module/Admin/Blocklist/Contact.php b/src/Module/Admin/Blocklist/Contact.php index 889362323..c4eedc5a8 100644 --- a/src/Module/Admin/Blocklist/Contact.php +++ b/src/Module/Admin/Blocklist/Contact.php @@ -32,14 +32,14 @@ class Contact extends BaseAdmin { public static function post(array $parameters = []) { - parent::post($parameters); + self::checkAdminAccess(); + + self::checkFormSecurityTokenRedirectOnError('/admin/blocklist/contact', 'admin_contactblock'); $contact_url = $_POST['contact_url'] ?? ''; $block_reason = $_POST['contact_block_reason'] ?? ''; $contacts = $_POST['contacts'] ?? []; - parent::checkFormSecurityTokenRedirectOnError('/admin/blocklist/contact', 'admin_contactblock'); - if (!empty($_POST['page_contactblock_block'])) { $contact_id = Model\Contact::getIdForURL($contact_url); if ($contact_id) { @@ -89,7 +89,7 @@ class Contact extends BaseAdmin '$h_newblock' => DI::l10n()->t('Block New Remote Contact'), '$th_contacts' => [DI::l10n()->t('Photo'), DI::l10n()->t('Name'), DI::l10n()->t('Reason')], - '$form_security_token' => parent::getFormSecurityToken('admin_contactblock'), + '$form_security_token' => self::getFormSecurityToken('admin_contactblock'), // values // '$baseurl' => DI::baseUrl()->get(true), diff --git a/src/Module/Admin/Blocklist/Server.php b/src/Module/Admin/Blocklist/Server.php index b145d6d01..3eefc6cbe 100644 --- a/src/Module/Admin/Blocklist/Server.php +++ b/src/Module/Admin/Blocklist/Server.php @@ -30,13 +30,13 @@ class Server extends BaseAdmin { public static function post(array $parameters = []) { - parent::post($parameters); + self::checkAdminAccess(); if (empty($_POST['page_blocklist_save']) && empty($_POST['page_blocklist_edit'])) { return; } - parent::checkFormSecurityTokenRedirectOnError('/admin/blocklist/server', 'admin_blocklist'); + self::checkFormSecurityTokenRedirectOnError('/admin/blocklist/server', 'admin_blocklist'); if (!empty($_POST['page_blocklist_save'])) { // Add new item to blocklist @@ -107,7 +107,7 @@ class Server extends BaseAdmin '$entries' => $blocklistform, '$baseurl' => DI::baseUrl()->get(true), '$confirm_delete' => DI::l10n()->t('Delete entry from blocklist?'), - '$form_security_token' => parent::getFormSecurityToken("admin_blocklist") + '$form_security_token' => self::getFormSecurityToken("admin_blocklist") ]); } } diff --git a/src/Module/Admin/DBSync.php b/src/Module/Admin/DBSync.php index 950e258f8..36f683e08 100644 --- a/src/Module/Admin/DBSync.php +++ b/src/Module/Admin/DBSync.php @@ -36,91 +36,93 @@ class DBSync extends BaseAdmin $a = DI::app(); - $o = ''; + $action = $parameters['action'] ?? ''; + $update = $parameters['update'] ?? 0; - if ($a->argc > 3 && $a->argv[2] === 'mark') { - // @TODO: Replace with parameter from router - $update = intval($a->argv[3]); - if ($update) { - DI::config()->set('database', 'update_' . $update, 'success'); - $curr = DI::config()->get('system', 'build'); - if (intval($curr) == $update) { - DI::config()->set('system', 'build', intval($curr) + 1); + switch ($action) { + case 'mark': + if ($update) { + DI::config()->set('database', 'update_' . $update, 'success'); + $curr = DI::config()->get('system', 'build'); + if (intval($curr) == $update) { + DI::config()->set('system', 'build', intval($curr) + 1); + } + + info(DI::l10n()->t('Update has been marked successful')); } - info(DI::l10n()->t('Update has been marked successful')); - } - DI::baseUrl()->redirect('admin/dbsync'); - } - if ($a->argc > 2) { - if ($a->argv[2] === 'check') { + break; + case 'check': // @TODO Seems like a similar logic like Update::check() $retval = DBStructure::update($a->getBasePath(), false, true); if ($retval === '') { - $o .= DI::l10n()->t("Database structure update %s was successfully applied.", DB_UPDATE_VERSION) . "
" . file_get_contents("view/theme/$theme/README") . ""; - } - - $admin_form = ''; - if (is_file("view/theme/$theme/config.php")) { - require_once "view/theme/$theme/config.php"; - - if (function_exists('theme_admin')) { - $admin_form = ''; - } - } - - $screenshot = [Theme::getScreenshot($theme), DI::l10n()->t('Screenshot')]; - if (!stristr($screenshot[0], $theme)) { - $screenshot = null; - } - - $t = Renderer::getMarkupTemplate('admin/addons/details.tpl'); - return Renderer::replaceMacros($t, [ - '$title' => DI::l10n()->t('Administration'), - '$page' => DI::l10n()->t('Themes'), - '$toggle' => DI::l10n()->t('Toggle'), - '$settings' => DI::l10n()->t('Settings'), - '$baseurl' => DI::baseUrl()->get(true), - '$addon' => $theme, - '$status' => $status, - '$action' => $action, - '$info' => Theme::getInfo($theme), - '$function' => 'themes', - '$admin_form' => $admin_form, - '$str_author' => DI::l10n()->t('Author: '), - '$str_maintainer' => DI::l10n()->t('Maintainer: '), - '$screenshot' => $screenshot, - '$readme' => $readme, - - '$form_security_token' => parent::getFormSecurityToken("admin_themes"), - ]); + $theme = Strings::sanitizeFilePathItem($parameters['theme']); + if (!is_dir("view/theme/$theme")) { + notice(DI::l10n()->t("Item not found.")); + return ''; } - DI::baseUrl()->redirect('admin/themes'); + $isEnabled = in_array($theme, Theme::getAllowedList()); + if ($isEnabled) { + $status = "on"; + $action = DI::l10n()->t("Disable"); + } else { + $status = "off"; + $action = DI::l10n()->t("Enable"); + } + + if (!empty($_GET['action']) && $_GET['action'] == 'toggle') { + self::checkFormSecurityTokenRedirectOnError('/admin/themes', 'admin_themes', 't'); + + if ($isEnabled) { + Theme::uninstall($theme); + info(DI::l10n()->t('Theme %s disabled.', $theme)); + } elseif (Theme::install($theme)) { + info(DI::l10n()->t('Theme %s successfully enabled.', $theme)); + } else { + notice(DI::l10n()->t('Theme %s failed to install.', $theme)); + } + + DI::baseUrl()->redirect('admin/themes/' . $theme); + } + + $readme = null; + if (is_file("view/theme/$theme/README.md")) { + $readme = Markdown::convert(file_get_contents("view/theme/$theme/README.md"), false); + } elseif (is_file("view/theme/$theme/README")) { + $readme = "
" . file_get_contents("view/theme/$theme/README") . ""; + } + + $admin_form = ''; + if (is_file("view/theme/$theme/config.php")) { + require_once "view/theme/$theme/config.php"; + + if (function_exists('theme_admin')) { + $admin_form = ''; + } + } + + $screenshot = [Theme::getScreenshot($theme), DI::l10n()->t('Screenshot')]; + if (!stristr($screenshot[0], $theme)) { + $screenshot = null; + } + + $t = Renderer::getMarkupTemplate('admin/addons/details.tpl'); + return Renderer::replaceMacros($t, [ + '$title' => DI::l10n()->t('Administration'), + '$page' => DI::l10n()->t('Themes'), + '$toggle' => DI::l10n()->t('Toggle'), + '$settings' => DI::l10n()->t('Settings'), + '$baseurl' => DI::baseUrl()->get(true), + '$addon' => $theme, + '$status' => $status, + '$action' => $action, + '$info' => Theme::getInfo($theme), + '$function' => 'themes', + '$admin_form' => $admin_form, + '$str_author' => DI::l10n()->t('Author: '), + '$str_maintainer' => DI::l10n()->t('Maintainer: '), + '$screenshot' => $screenshot, + '$readme' => $readme, + + '$form_security_token' => self::getFormSecurityToken("admin_themes"), + ]); } } diff --git a/src/Module/Admin/Themes/Embed.php b/src/Module/Admin/Themes/Embed.php index 37de7c238..a308b43cb 100644 --- a/src/Module/Admin/Themes/Embed.php +++ b/src/Module/Admin/Themes/Embed.php @@ -30,81 +30,59 @@ class Embed extends BaseAdmin { public static function init(array $parameters = []) { - $a = DI::app(); - - if ($a->argc > 2) { - // @TODO: Replace with parameter from router - $theme = $a->argv[2]; - $theme = Strings::sanitizeFilePathItem($theme); - if (is_file("view/theme/$theme/config.php")) { - $a->setCurrentTheme($theme); - } + $theme = Strings::sanitizeFilePathItem($parameters['theme']); + if (is_file("view/theme/$theme/config.php")) { + DI::app()->setCurrentTheme($theme); } } public static function post(array $parameters = []) { - parent::post($parameters); + self::checkAdminAccess(); - $a = DI::app(); - - if ($a->argc > 2) { - // @TODO: Replace with parameter from router - $theme = $a->argv[2]; - $theme = Strings::sanitizeFilePathItem($theme); - if (is_file("view/theme/$theme/config.php")) { + $theme = Strings::sanitizeFilePathItem($parameters['theme']); + if (is_file("view/theme/$theme/config.php")) { + require_once "view/theme/$theme/config.php"; + if (function_exists('theme_admin_post')) { self::checkFormSecurityTokenRedirectOnError('/admin/themes/' . $theme . '/embed?mode=minimal', 'admin_theme_settings'); - - require_once "view/theme/$theme/config.php"; - - if (function_exists('theme_admin_post')) { - theme_admin_post($a); - } + theme_admin_post(DI::app()); } - - if (DI::mode()->isAjax()) { - return; - } - - DI::baseUrl()->redirect('admin/themes/' . $theme . '/embed?mode=minimal'); } + + if (DI::mode()->isAjax()) { + return; + } + + DI::baseUrl()->redirect('admin/themes/' . $theme . '/embed?mode=minimal'); } public static function content(array $parameters = []) { parent::content($parameters); - $a = DI::app(); - - if ($a->argc > 2) { - // @TODO: Replace with parameter from router - $theme = $a->argv[2]; - $theme = Strings::sanitizeFilePathItem($theme); - if (!is_dir("view/theme/$theme")) { - notice(DI::l10n()->t('Unknown theme.')); - return ''; - } - - $admin_form = ''; - if (is_file("view/theme/$theme/config.php")) { - require_once "view/theme/$theme/config.php"; - - if (function_exists('theme_admin')) { - $admin_form = theme_admin($a); - } - } - - // Overrides normal theme style include to strip user param to show embedded theme settings - Renderer::$theme['stylesheet'] = 'view/theme/' . $theme . '/style.pcss'; - - $t = Renderer::getMarkupTemplate('admin/addons/embed.tpl'); - return Renderer::replaceMacros($t, [ - '$action' => '/admin/themes/' . $theme . '/embed?mode=minimal', - '$form' => $admin_form, - '$form_security_token' => parent::getFormSecurityToken("admin_theme_settings"), - ]); + $theme = Strings::sanitizeFilePathItem($parameters['theme']); + if (!is_dir("view/theme/$theme")) { + notice(DI::l10n()->t('Unknown theme.')); + return ''; } - return ''; + $admin_form = ''; + if (is_file("view/theme/$theme/config.php")) { + require_once "view/theme/$theme/config.php"; + + if (function_exists('theme_admin')) { + $admin_form = theme_admin(DI::app()); + } + } + + // Overrides normal theme style include to strip user param to show embedded theme settings + Renderer::$theme['stylesheet'] = 'view/theme/' . $theme . '/style.pcss'; + + $t = Renderer::getMarkupTemplate('admin/addons/embed.tpl'); + return Renderer::replaceMacros($t, [ + '$action' => '/admin/themes/' . $theme . '/embed?mode=minimal', + '$form' => $admin_form, + '$form_security_token' => self::getFormSecurityToken("admin_theme_settings"), + ]); } } diff --git a/src/Module/Admin/Themes/Index.php b/src/Module/Admin/Themes/Index.php index 9993f1f11..e703a87c4 100644 --- a/src/Module/Admin/Themes/Index.php +++ b/src/Module/Admin/Themes/Index.php @@ -37,7 +37,7 @@ class Index extends BaseAdmin // reload active themes if (!empty($_GET['action'])) { - parent::checkFormSecurityTokenRedirectOnError(DI::baseUrl()->get() . '/admin/themes', 'admin_themes', 't'); + self::checkFormSecurityTokenRedirectOnError(DI::baseUrl()->get() . '/admin/themes', 'admin_themes', 't'); switch ($_GET['action']) { case 'reload': @@ -119,7 +119,7 @@ class Index extends BaseAdmin '$noplugshint' => DI::l10n()->t('No themes found on the system. They should be placed in %1$s', '
/view/themes
'),
'$experimental' => DI::l10n()->t('[Experimental]'),
'$unsupported' => DI::l10n()->t('[Unsupported]'),
- '$form_security_token' => parent::getFormSecurityToken('admin_themes'),
+ '$form_security_token' => self::getFormSecurityToken('admin_themes'),
]);
}
}
diff --git a/src/Module/Admin/Tos.php b/src/Module/Admin/Tos.php
index a3bc94a1f..5ad3a72dd 100644
--- a/src/Module/Admin/Tos.php
+++ b/src/Module/Admin/Tos.php
@@ -29,14 +29,14 @@ class Tos extends BaseAdmin
{
public static function post(array $parameters = [])
{
- parent::post($parameters);
-
- parent::checkFormSecurityTokenRedirectOnError('/admin/tos', 'admin_tos');
+ self::checkAdminAccess();
if (empty($_POST['page_tos'])) {
return;
}
+ self::checkFormSecurityTokenRedirectOnError('/admin/tos', 'admin_tos');
+
$displaytos = !empty($_POST['displaytos']);
$displayprivstatement = !empty($_POST['displayprivstatement']);
$tostext = (!empty($_POST['tostext']) ? strip_tags(trim($_POST['tostext'])) : '');
@@ -62,7 +62,7 @@ class Tos extends BaseAdmin
'$preview' => DI::l10n()->t('Privacy Statement Preview'),
'$privtext' => $tos->privacy_complete,
'$tostext' => ['tostext', DI::l10n()->t('The Terms of Service'), DI::config()->get('system', 'tostext'), DI::l10n()->t('Enter the Terms of Service for your node here. You can use BBCode. Headers of sections should be [h2] and below.')],
- '$form_security_token' => parent::getFormSecurityToken('admin_tos'),
+ '$form_security_token' => self::getFormSecurityToken('admin_tos'),
'$submit' => DI::l10n()->t('Save Settings'),
]);
}
diff --git a/src/Module/Admin/Users.php b/src/Module/Admin/Users.php
index 41a691b0b..214671634 100644
--- a/src/Module/Admin/Users.php
+++ b/src/Module/Admin/Users.php
@@ -34,7 +34,9 @@ class Users extends BaseAdmin
{
public static function post(array $parameters = [])
{
- parent::post($parameters);
+ self::checkAdminAccess();
+
+ self::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users');
$pending = $_POST['pending'] ?? [];
$users = $_POST['user'] ?? [];
@@ -43,8 +45,6 @@ class Users extends BaseAdmin
$nu_email = $_POST['new_user_email'] ?? '';
$nu_language = DI::config()->get('system', 'language');
- parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users');
-
if ($nu_name !== '' && $nu_email !== '' && $nu_nickname !== '') {
try {
User::createMinimal($nu_name, $nu_email, $nu_nickname, $nu_language);
@@ -101,187 +101,186 @@ class Users extends BaseAdmin
{
parent::content($parameters);
- $a = DI::app();
+ $action = $parameters['action'] ?? '';
+ $uid = $parameters['uid'] ?? 0;
- if ($a->argc > 3) {
- // @TODO: Replace with parameter from router
- $action = $a->argv[2];
- $uid = $a->argv[3];
+ if ($uid) {
$user = User::getById($uid, ['username', 'blocked']);
if (!DBA::isResult($user)) {
notice(DI::l10n()->t('User not found'));
DI::baseUrl()->redirect('admin/users');
return ''; // NOTREACHED
}
+ }
- switch ($action) {
- case 'delete':
- if (local_user() != $uid) {
- parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
- // delete user
- User::remove($uid);
+ switch ($action) {
+ case 'delete':
+ if (local_user() != $uid) {
+ self::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
+ // delete user
+ User::remove($uid);
- notice(DI::l10n()->t('User "%s" deleted', $user['username']));
- } else {
- notice(DI::l10n()->t('You can\'t remove yourself'));
+ notice(DI::l10n()->t('User "%s" deleted', $user['username']));
+ } else {
+ notice(DI::l10n()->t('You can\'t remove yourself'));
+ }
+ break;
+ case 'block':
+ self::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
+ User::block($uid);
+ notice(DI::l10n()->t('User "%s" blocked', $user['username']));
+ break;
+ case 'unblock':
+ self::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
+ User::block($uid, false);
+ notice(DI::l10n()->t('User "%s" unblocked', $user['username']));
+ break;
+ case 'allow':
+ self::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
+ User::allow(Register::getPendingForUser($uid)['hash'] ?? '');
+ notice(DI::l10n()->t('Account approved.'));
+ break;
+ case 'deny':
+ self::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
+ User::deny(Register::getPendingForUser($uid)['hash'] ?? '');
+ notice(DI::l10n()->t('Registration revoked'));
+ break;
+ default:
+ /* get pending */
+ $pending = Register::getPending();
+
+ $pager = new Pager(DI::l10n(), DI::args()->getQueryString(), 100);
+
+ $valid_orders = [
+ 'name',
+ 'email',
+ 'register_date',
+ 'login_date',
+ 'last-item',
+ 'page-flags'
+ ];
+
+ $order = 'name';
+ $order_direction = '+';
+ if (!empty($_GET['o'])) {
+ $new_order = $_GET['o'];
+ if ($new_order[0] === '-') {
+ $order_direction = '-';
+ $new_order = substr($new_order, 1);
}
- break;
- case 'block':
- parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
- User::block($uid);
- notice(DI::l10n()->t('User "%s" blocked', $user['username']));
- break;
- case 'unblock':
- parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
- User::block($uid, false);
- notice(DI::l10n()->t('User "%s" unblocked', $user['username']));
- break;
- case 'allow':
- parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
- User::allow(Register::getPendingForUser($uid)['hash'] ?? '');
- notice(DI::l10n()->t('Account approved.'));
- break;
- case 'deny':
- parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
- User::deny(Register::getPendingForUser($uid)['hash'] ?? '');
- notice(DI::l10n()->t('Registration revoked'));
- break;
- }
- DI::baseUrl()->redirect('admin/users');
+ if (in_array($new_order, $valid_orders)) {
+ $order = $new_order;
+ }
+ }
+
+ $users = User::getList($pager->getStart(), $pager->getItemsPerPage(), 'all', $order, ($order_direction == '-'));
+
+ $adminlist = explode(',', str_replace(' ', '', DI::config()->get('config', 'admin_email')));
+ $_setup_users = function ($e) use ($adminlist) {
+ $page_types = [
+ User::PAGE_FLAGS_NORMAL => DI::l10n()->t('Normal Account Page'),
+ User::PAGE_FLAGS_SOAPBOX => DI::l10n()->t('Soapbox Page'),
+ User::PAGE_FLAGS_COMMUNITY => DI::l10n()->t('Public Forum'),
+ User::PAGE_FLAGS_FREELOVE => DI::l10n()->t('Automatic Friend Page'),
+ User::PAGE_FLAGS_PRVGROUP => DI::l10n()->t('Private Forum')
+ ];
+ $account_types = [
+ User::ACCOUNT_TYPE_PERSON => DI::l10n()->t('Personal Page'),
+ User::ACCOUNT_TYPE_ORGANISATION => DI::l10n()->t('Organisation Page'),
+ User::ACCOUNT_TYPE_NEWS => DI::l10n()->t('News Page'),
+ User::ACCOUNT_TYPE_COMMUNITY => DI::l10n()->t('Community Forum'),
+ User::ACCOUNT_TYPE_RELAY => DI::l10n()->t('Relay'),
+ ];
+
+ $e['page_flags_raw'] = $e['page-flags'];
+ $e['page-flags'] = $page_types[$e['page-flags']];
+
+ $e['account_type_raw'] = ($e['page_flags_raw'] == 0) ? $e['account-type'] : -1;
+ $e['account-type'] = ($e['page_flags_raw'] == 0) ? $account_types[$e['account-type']] : '';
+
+ $e['register_date'] = Temporal::getRelativeDate($e['register_date']);
+ $e['login_date'] = Temporal::getRelativeDate($e['login_date']);
+ $e['lastitem_date'] = Temporal::getRelativeDate($e['last-item']);
+ $e['is_admin'] = in_array($e['email'], $adminlist);
+ $e['is_deletable'] = (intval($e['uid']) != local_user());
+ $e['deleted'] = ($e['account_removed'] ? Temporal::getRelativeDate($e['account_expires_on']) : False);
+
+ return $e;
+ };
+
+ $tmp_users = array_map($_setup_users, $users);
+
+ // Get rid of dashes in key names, Smarty3 can't handle them
+ // and extracting deleted users
+
+ $deleted = [];
+ $users = [];
+ foreach ($tmp_users as $user) {
+ foreach ($user as $k => $v) {
+ $newkey = str_replace('-', '_', $k);
+ $user[$newkey] = $v;
+ }
+
+ if ($user['deleted']) {
+ $deleted[] = $user;
+ } else {
+ $users[] = $user;
+ }
+ }
+
+ $th_users = array_map(null, [DI::l10n()->t('Name'), DI::l10n()->t('Email'), DI::l10n()->t('Register date'), DI::l10n()->t('Last login'), DI::l10n()->t('Last public item'), DI::l10n()->t('Type')], $valid_orders);
+
+ $t = Renderer::getMarkupTemplate('admin/users.tpl');
+ $o = Renderer::replaceMacros($t, [
+ // strings //
+ '$title' => DI::l10n()->t('Administration'),
+ '$page' => DI::l10n()->t('Users'),
+ '$submit' => DI::l10n()->t('Add User'),
+ '$select_all' => DI::l10n()->t('select all'),
+ '$h_pending' => DI::l10n()->t('User registrations waiting for confirm'),
+ '$h_deleted' => DI::l10n()->t('User waiting for permanent deletion'),
+ '$th_pending' => [DI::l10n()->t('Request date'), DI::l10n()->t('Name'), DI::l10n()->t('Email')],
+ '$no_pending' => DI::l10n()->t('No registrations.'),
+ '$pendingnotetext' => DI::l10n()->t('Note from the user'),
+ '$approve' => DI::l10n()->t('Approve'),
+ '$deny' => DI::l10n()->t('Deny'),
+ '$delete' => DI::l10n()->t('Delete'),
+ '$block' => DI::l10n()->t('Block'),
+ '$blocked' => DI::l10n()->t('User blocked'),
+ '$unblock' => DI::l10n()->t('Unblock'),
+ '$siteadmin' => DI::l10n()->t('Site admin'),
+ '$accountexpired' => DI::l10n()->t('Account expired'),
+
+ '$h_users' => DI::l10n()->t('Users'),
+ '$h_newuser' => DI::l10n()->t('New User'),
+ '$th_deleted' => [DI::l10n()->t('Name'), DI::l10n()->t('Email'), DI::l10n()->t('Register date'), DI::l10n()->t('Last login'), DI::l10n()->t('Last public item'), DI::l10n()->t('Permanent deletion')],
+ '$th_users' => $th_users,
+ '$order_users' => $order,
+ '$order_direction_users' => $order_direction,
+
+ '$confirm_delete_multi' => DI::l10n()->t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'),
+ '$confirm_delete' => DI::l10n()->t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'),
+
+ '$form_security_token' => self::getFormSecurityToken('admin_users'),
+
+ // values //
+ '$baseurl' => DI::baseUrl()->get(true),
+
+ '$pending' => $pending,
+ 'deleted' => $deleted,
+ '$users' => $users,
+ '$newusername' => ['new_user_name', DI::l10n()->t('Name'), '', DI::l10n()->t('Name of the new user.')],
+ '$newusernickname' => ['new_user_nickname', DI::l10n()->t('Nickname'), '', DI::l10n()->t('Nickname of the new user.')],
+ '$newuseremail' => ['new_user_email', DI::l10n()->t('Email'), '', DI::l10n()->t('Email address of the new user.'), '', '', 'email'],
+ ]);
+
+ $o .= $pager->renderFull(DBA::count('user'));
+
+ return $o;
}
- /* get pending */
- $pending = Register::getPending();
-
- $pager = new Pager(DI::l10n(), DI::args()->getQueryString(), 100);
-
- $valid_orders = [
- 'name',
- 'email',
- 'register_date',
- 'login_date',
- 'last-item',
- 'page-flags'
- ];
-
- $order = 'name';
- $order_direction = '+';
- if (!empty($_GET['o'])) {
- $new_order = $_GET['o'];
- if ($new_order[0] === '-') {
- $order_direction = '-';
- $new_order = substr($new_order, 1);
- }
-
- if (in_array($new_order, $valid_orders)) {
- $order = $new_order;
- }
- }
-
- $users = User::getList($pager->getStart(), $pager->getItemsPerPage(), 'all', $order, ($order_direction == '-'));
-
- $adminlist = explode(',', str_replace(' ', '', DI::config()->get('config', 'admin_email')));
- $_setup_users = function ($e) use ($adminlist) {
- $page_types = [
- User::PAGE_FLAGS_NORMAL => DI::l10n()->t('Normal Account Page'),
- User::PAGE_FLAGS_SOAPBOX => DI::l10n()->t('Soapbox Page'),
- User::PAGE_FLAGS_COMMUNITY => DI::l10n()->t('Public Forum'),
- User::PAGE_FLAGS_FREELOVE => DI::l10n()->t('Automatic Friend Page'),
- User::PAGE_FLAGS_PRVGROUP => DI::l10n()->t('Private Forum')
- ];
- $account_types = [
- User::ACCOUNT_TYPE_PERSON => DI::l10n()->t('Personal Page'),
- User::ACCOUNT_TYPE_ORGANISATION => DI::l10n()->t('Organisation Page'),
- User::ACCOUNT_TYPE_NEWS => DI::l10n()->t('News Page'),
- User::ACCOUNT_TYPE_COMMUNITY => DI::l10n()->t('Community Forum'),
- User::ACCOUNT_TYPE_RELAY => DI::l10n()->t('Relay'),
- ];
-
- $e['page_flags_raw'] = $e['page-flags'];
- $e['page-flags'] = $page_types[$e['page-flags']];
-
- $e['account_type_raw'] = ($e['page_flags_raw'] == 0) ? $e['account-type'] : -1;
- $e['account-type'] = ($e['page_flags_raw'] == 0) ? $account_types[$e['account-type']] : '';
-
- $e['register_date'] = Temporal::getRelativeDate($e['register_date']);
- $e['login_date'] = Temporal::getRelativeDate($e['login_date']);
- $e['lastitem_date'] = Temporal::getRelativeDate($e['last-item']);
- $e['is_admin'] = in_array($e['email'], $adminlist);
- $e['is_deletable'] = (intval($e['uid']) != local_user());
- $e['deleted'] = ($e['account_removed'] ? Temporal::getRelativeDate($e['account_expires_on']) : False);
-
- return $e;
- };
-
- $tmp_users = array_map($_setup_users, $users);
-
- // Get rid of dashes in key names, Smarty3 can't handle them
- // and extracting deleted users
-
- $deleted = [];
- $users = [];
- foreach ($tmp_users as $user) {
- foreach ($user as $k => $v) {
- $newkey = str_replace('-', '_', $k);
- $user[$newkey] = $v;
- }
-
- if ($user['deleted']) {
- $deleted[] = $user;
- } else {
- $users[] = $user;
- }
- }
-
- $th_users = array_map(null, [DI::l10n()->t('Name'), DI::l10n()->t('Email'), DI::l10n()->t('Register date'), DI::l10n()->t('Last login'), DI::l10n()->t('Last public item'), DI::l10n()->t('Type')], $valid_orders);
-
- $t = Renderer::getMarkupTemplate('admin/users.tpl');
- $o = Renderer::replaceMacros($t, [
- // strings //
- '$title' => DI::l10n()->t('Administration'),
- '$page' => DI::l10n()->t('Users'),
- '$submit' => DI::l10n()->t('Add User'),
- '$select_all' => DI::l10n()->t('select all'),
- '$h_pending' => DI::l10n()->t('User registrations waiting for confirm'),
- '$h_deleted' => DI::l10n()->t('User waiting for permanent deletion'),
- '$th_pending' => [DI::l10n()->t('Request date'), DI::l10n()->t('Name'), DI::l10n()->t('Email')],
- '$no_pending' => DI::l10n()->t('No registrations.'),
- '$pendingnotetext' => DI::l10n()->t('Note from the user'),
- '$approve' => DI::l10n()->t('Approve'),
- '$deny' => DI::l10n()->t('Deny'),
- '$delete' => DI::l10n()->t('Delete'),
- '$block' => DI::l10n()->t('Block'),
- '$blocked' => DI::l10n()->t('User blocked'),
- '$unblock' => DI::l10n()->t('Unblock'),
- '$siteadmin' => DI::l10n()->t('Site admin'),
- '$accountexpired' => DI::l10n()->t('Account expired'),
-
- '$h_users' => DI::l10n()->t('Users'),
- '$h_newuser' => DI::l10n()->t('New User'),
- '$th_deleted' => [DI::l10n()->t('Name'), DI::l10n()->t('Email'), DI::l10n()->t('Register date'), DI::l10n()->t('Last login'), DI::l10n()->t('Last public item'), DI::l10n()->t('Permanent deletion')],
- '$th_users' => $th_users,
- '$order_users' => $order,
- '$order_direction_users' => $order_direction,
-
- '$confirm_delete_multi' => DI::l10n()->t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'),
- '$confirm_delete' => DI::l10n()->t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'),
-
- '$form_security_token' => parent::getFormSecurityToken('admin_users'),
-
- // values //
- '$baseurl' => DI::baseUrl()->get(true),
-
- '$pending' => $pending,
- 'deleted' => $deleted,
- '$users' => $users,
- '$newusername' => ['new_user_name', DI::l10n()->t('Name'), '', DI::l10n()->t('Name of the new user.')],
- '$newusernickname' => ['new_user_nickname', DI::l10n()->t('Nickname'), '', DI::l10n()->t('Nickname of the new user.')],
- '$newuseremail' => ['new_user_email', DI::l10n()->t('Email'), '', DI::l10n()->t('Email address of the new user.'), '', '', 'email'],
- ]);
-
- $o .= $pager->renderFull(DBA::count('user'));
-
- return $o;
+ DI::baseUrl()->redirect('admin/users');
+ return '';
}
}
diff --git a/src/Module/BaseAdmin.php b/src/Module/BaseAdmin.php
index 01215dc8e..e49059bba 100644
--- a/src/Module/BaseAdmin.php
+++ b/src/Module/BaseAdmin.php
@@ -26,7 +26,7 @@ use Friendica\Core\Addon;
use Friendica\Core\Renderer;
use Friendica\Core\Session;
use Friendica\DI;
-use Friendica\Network\HTTPException\ForbiddenException;
+use Friendica\Network\HTTPException;
require_once 'boot.php';
@@ -42,42 +42,35 @@ require_once 'boot.php';
*/
abstract class BaseAdmin extends BaseModule
{
- public static function post(array $parameters = [])
+ /**
+ * @param bool $interactive
+ * @throws HTTPException\ForbiddenException
+ * @throws HTTPException\InternalServerErrorException
+ */
+ public static function checkAdminAccess(bool $interactive = false)
{
- if (!is_site_admin()) {
- return;
+ if (!local_user()) {
+ if ($interactive) {
+ notice(DI::l10n()->t('Please login to continue.'));
+ Session::set('return_path', DI::args()->getQueryString());
+ DI::baseUrl()->redirect('login');
+ } else {
+ throw new HTTPException\UnauthorizedException(DI::l10n()->t('Please login to continue.'));
+ }
}
- // do not allow a page manager to access the admin panel at all.
- if (!empty($_SESSION['submanage'])) {
- return;
- }
- }
-
- public static function rawContent(array $parameters = [])
- {
if (!is_site_admin()) {
- return '';
+ throw new HTTPException\ForbiddenException(DI::l10n()->t('You don\'t have access to administration pages.'));
}
if (!empty($_SESSION['submanage'])) {
- return '';
+ throw new HTTPException\ForbiddenException(DI::l10n()->t('Submanaged account can\'t access the administation pages. Please log back in as the main account.'));
}
-
- return '';
}
public static function content(array $parameters = [])
{
- if (!is_site_admin()) {
- notice(DI::l10n()->t('Please login to continue.'));
- Session::set('return_path', DI::args()->getQueryString());
- DI::baseUrl()->redirect('login');
- }
-
- if (!empty($_SESSION['submanage'])) {
- throw new ForbiddenException(DI::l10n()->t('Submanaged account can\'t access the administation pages. Please log back in as the main account.'));
- }
+ self::checkAdminAccess(true);
// Header stuff
DI::page()['htmlhead'] .= Renderer::replaceMacros(Renderer::getMarkupTemplate('admin/settings_head.tpl'), []);
diff --git a/static/routes.config.php b/static/routes.config.php
index a9a66bf90..8f59ecb7a 100644
--- a/static/routes.config.php
+++ b/static/routes.config.php
@@ -76,9 +76,7 @@ return [
'/blocklist/contact' => [Module\Admin\Blocklist\Contact::class, [R::GET, R::POST]],
'/blocklist/server' => [Module\Admin\Blocklist\Server::class, [R::GET, R::POST]],
- '/dbsync[/check]' => [Module\Admin\DBSync::class, [R::GET]],
- '/dbsync/{update:\d+}' => [Module\Admin\DBSync::class, [R::GET]],
- '/dbsync/mark/{update:\d+}' => [Module\Admin\DBSync::class, [R::GET]],
+ '/dbsync[/{action}[/{update:\d+}]]' => [Module\Admin\DBSync::class, [R::GET]],
'/features' => [Module\Admin\Features::class, [R::GET, R::POST]],
'/federation' => [Module\Admin\Federation::class, [R::GET]],
@@ -91,7 +89,7 @@ return [
'/phpinfo' => [Module\Admin\PhpInfo::class, [R::GET]],
- '/queue[/deferred]' => [Module\Admin\Queue::class, [R::GET]],
+ '/queue[/{status}]' => [Module\Admin\Queue::class, [R::GET]],
'/site' => [Module\Admin\Site::class, [R::GET, R::POST]],
diff --git a/view/templates/admin/addons/details.tpl b/view/templates/admin/addons/details.tpl
index f5bb165e0..81625fecf 100644
--- a/view/templates/admin/addons/details.tpl
+++ b/view/templates/admin/addons/details.tpl
@@ -24,6 +24,7 @@
{{if $admin_form}}