7 年之前 · 6b7fac91a4
--- a/cache/lastCache.txt
+++ b/cache/lastCache.txt
@@ -1 +1 @@
 
				-1527151147
			
 
				+1527608103
			
--- a/settings/settings.yaml.example
+++ b/settings/settings.yaml.example
@@ -1,6 +0,0 @@
 
				-title: MyWebsite
			
 
				-author: 'Your Name'
			
 
				-copyright: ©
			
 
				-year: '2018'
			
 
				-theme: typemill
			
 
				-startpage: true
			
--- a/system/Controllers/AuthController.php
+++ b/system/Controllers/AuthController.php
@@ -34,7 +34,7 @@ class AuthController extends Controller
 
				 	*/
			
 
				 	
			
 
				 	public function show(Request $request, Response $response, $args)
			
 
				-	{
			
 
				+	{	
			
 
				 		$data 			= array();
			
 
				 
			
 
				 		/* check previous login attemps */		
			
@@ -63,7 +63,7 @@ class AuthController extends Controller
 
				 			}
			
 
				 		}
			
 
				 
			
 
				-		$this->c->view->render($response, '/auth/login.twig', $data);
			
 
				+		$this->render($response, '/auth/login.twig', $data);
			
 
				 	}
			
 
				 	
			
 
				 	/**
			
--- a/system/Controllers/Controller.php
+++ b/system/Controllers/Controller.php
@@ -18,9 +18,17 @@ abstract class Controller
 
				 	protected function render($response, $route, $data)
			
 
				 	{
			
 
				 		$data = $this->c->dispatcher->dispatch('onPageReady', new OnPageReady($data))->getData();
			
 
				-
			
 
				-		unset($_SESSION['old']);
			
 
				 		
			
 
				+		if(isset($_SESSION['old']))
			
 
				+		{
			
 
				+			unset($_SESSION['old']);
			
 
				+		}
			
 
				+		
			
 
				+		if($this->c->request->getUri()->getScheme() == 'https')
			
 
				+		{
			
 
				+			$response = $response->withAddedHeader('Strict-Transport-Security', 'max-age=63072000');			
			
 
				+		}
			
 
				+			
			
 
				 		$response = $response->withAddedHeader('X-Content-Type-Options', 'nosniff');
			
 
				 		$response = $response->withAddedHeader('X-Frame-Options', 'SAMEORIGIN');
			
 
				 		$response = $response->withAddedHeader('X-XSS-Protection', '1;mode=block');
			
--- a/system/author/settings/system.twig
+++ b/system/author/settings/system.twig
@@ -57,6 +57,9 @@
 
				 						{% if errors.settings.language %}
			
 
				 							<span class="error">{{ errors.settings.language | first }}</span>
			
 
				 						{% endif %}
			
 
				+					</div><div class="medium">
			
 
				+						<label for="settings[sitemap]">Google Sitemap <small>(Readonly)</small></label>
			
 
				+						<input type="text" name="settings[sitemap]" id="sitemap" readonly value="{{ base_url }}cache/sitemap.xml" />
			
 
				 					</div><div class="medium">
			
 
				 						<span class="label">Startpage</span>
			
 
				 						<label class="control-group">Startpage is designed as landing-page.
			
--- a/system/system.php
+++ b/system/system.php
@@ -3,14 +3,6 @@
 
				 use Typemill\Events\OnSettingsLoaded;
			
 
				 use Typemill\Events\OnPluginsLoaded;
			
 
				 
			
 
				-/************************
			
 
				-* START SESSION			*
			
 
				-************************/
			
 
				-
			
 
				-ini_set( 'session.cookie_httponly', 1 );
			
 
				-session_name('typemill_session');
			
 
				-session_start();
			
 
				-
			
 
				 /****************************
			
 
				 * CREATE EVENT DISPATCHER	*
			
 
				 ****************************/
			
@@ -35,17 +27,6 @@ $app = new \Slim\App($settings);
 
				 
			
 
				 $container = $app->getContainer();
			
 
				 
			
 
				-/************************
			
 
				-* ADD CSRF PROTECTION 	*
			
 
				-************************/
			
 
				-
			
 
				-$container['csrf'] = function ($c) {
			
 
				-    $guard = new \Slim\Csrf\Guard();
			
 
				-    $guard->setPersistentTokenMode(true);
			
 
				-	
			
 
				-	return $guard;
			
 
				-};
			
 
				-
			
 
				 /************************
			
 
				 * LOAD PLUGINS 			*
			
 
				 ************************/
			
@@ -117,14 +98,52 @@ $container['assets'] = function($c)
 
				 	return new \Typemill\Assets($c['request']->getUri()->getBaseUrl());
			
 
				 };
			
 
				 
			
 
				-/******************************
			
 
				-* ADD FLASH MESSAGES FOR TIWG *
			
 
				-******************************/
			
 
				 
			
 
				-$container['flash'] = function () 
			
 
				+/************************
			
 
				+* 	DECIDE FOR SESSION	*
			
 
				+************************/
			
 
				+
			
 
				+$session_segments = array('setup/', 'tm/');
			
 
				+$path = $container['request']->getUri()->getPath();
			
 
				+$container['flash'] = false;
			
 
				+$container['csrf'] = false;
			
 
				+
			
 
				+foreach($session_segments as $segment)
			
 
				 {
			
 
				-    return new \Slim\Flash\Messages();
			
 
				-};
			
 
				+	if(substr( $path, 0, strlen($segment) ) === $segment)
			
 
				+	{
			
 
				+		/* start a session */
			
 
				+		ini_set( 'session.cookie_httponly', 1 );
			
 
				+		ini_set('session.use_strict_mode', 1);
			
 
				+		if($container['request']->getUri()->getScheme() == 'https')
			
 
				+		{
			
 
				+			ini_set('session.cookie_secure', 1);
			
 
				+			session_name('__Secure-typemill-session');
			
 
				+		}
			
 
				+		else
			
 
				+		{
			
 
				+			session_name('typemill-session');
			
 
				+		}
			
 
				+		session_start();
			
 
				+		
			
 
				+		/* add csrf-protection */
			
 
				+		$container['csrf'] = function ($c)
			
 
				+		{
			
 
				+			$guard = new \Slim\Csrf\Guard();
			
 
				+			$guard->setPersistentTokenMode(true);
			
 
				+			
			
 
				+			return $guard;
			
 
				+		};
			
 
				+		
			
 
				+		/* add flash to container */
			
 
				+		$container['flash'] = function () 
			
 
				+		{
			
 
				+			return new \Slim\Flash\Messages();
			
 
				+		};
			
 
				+				
			
 
				+		break;
			
 
				+	}
			
 
				+}
			
 
				 
			
 
				 /************************
			
 
				 * 	LOAD TWIG VIEW		*
			
@@ -144,14 +163,17 @@ $container['view'] = function ($container)
 
				     $basePath = rtrim(str_ireplace('index.php', '', $container['request']->getUri()->getBasePath()), '/');
			
 
				     $view->addExtension(new Slim\Views\TwigExtension($container['router'], $basePath));
			
 
				 	$view->addExtension(new Twig_Extension_Debug());
			
 
				-    $view->addExtension(new Typemill\Extensions\TwigCsrfExtension($container['csrf']));
			
 
				     $view->addExtension(new Typemill\Extensions\TwigUserExtension());
			
 
				 	
			
 
				 	/* use {{ base_url() }} in twig templates */
			
 
				 	$view['base_url'] = $container['request']->getUri()->getBaseUrl();
			
 
				 	
			
 
				-	/* add flash messages to all views */
			
 
				-	$view->getEnvironment()->addGlobal('flash', $container->flash);
			
 
				+	/* if session route, add flash messages and csrf-protection */
			
 
				+	if($container['flash'])
			
 
				+	{
			
 
				+		$view->getEnvironment()->addGlobal('flash', $container->flash);
			
 
				+		$view->addExtension(new Typemill\Extensions\TwigCsrfExtension($container['csrf']));
			
 
				+	}
			
 
				 
			
 
				 	/* add asset-function to all views */
			
 
				 	$view->getEnvironment()->addGlobal('assets', $container->assets);
			
@@ -183,9 +205,13 @@ foreach($middleware as $pluginMiddleware)
 
				 		$app->add(new $middlewareClass($middlewareParams));
			
 
				 	}
			
 
				 }
			
 
				-$app->add(new \Typemill\Middleware\ValidationErrorsMiddleware($container['view']));
			
 
				-$app->add(new \Typemill\Middleware\OldInputMiddleware($container['view']));
			
 
				-$app->add($container->get('csrf'));
			
 
				+
			
 
				+if($container['flash'])
			
 
				+{
			
 
				+	$app->add(new \Typemill\Middleware\ValidationErrorsMiddleware($container['view']));
			
 
				+	$app->add(new \Typemill\Middleware\OldInputMiddleware($container['view']));
			
 
				+	$app->add($container->get('csrf'));	
			
 
				+}
			
 
				 
			
 
				 /************************
			
 
				 * 	ADD ROUTES			*