Merge branch 'develop'

tastyigniter · Jul 28, 2021 · e762721 · e762721
2 parents 03cd0b1 + 8baf83b
commit e762721
Show file tree

Hide file tree

Showing 31 changed files with 431 additions and 116 deletions.
diff --git a/.nginx.conf b/.nginx.conf
@@ -0,0 +1,33 @@
+## Pass requests that don't refer directly to files in the filesystem to index.php
+location / { try_files $uri $uri/ /index.php?$query_string; }
+
+## Pass the PHP scripts to FastCGI server
+location ~ ^/index.php {
+## Write your FPM configuration here
+
+}
+
+## Whitelist
+location ~ ^/favicon\.ico { try_files $uri /index.php; }
+location ~ ^/sitemap\.xml { try_files $uri /index.php; }
+
+## Block all .dotfiles except well-known
+location ~ /\.(?!well-known).* { deny all; }
+
+### Let nginx return 404 if static file does not exists
+location ~ ^/assets/media { try_files $uri 404; }
+location ~ ^/storage/temp/public { try_files $uri 404; }
+
+location ~ ^/app/.*/assets { try_files $uri 404; }
+location ~ ^/app/.*/actions/.*/assets { try_files $uri 404; }
+location ~ ^/app/.*/dashboardwidgets/.*/assets { try_files $uri 404; }
+location ~ ^/app/.*/formwidgets/.*/assets { try_files $uri 404; }
+location ~ ^/app/.*/widgets/.*/assets { try_files $uri 404; }
+
+location ~ ^/extensions/.*/.*/assets { try_files $uri 404; }
+location ~ ^/extensions/.*/.*/actions/.*/assets { try_files $uri 404; }
+location ~ ^/extensions/.*/.*/dashboardwidgets/.*/assets { try_files $uri 404; }
+location ~ ^/extensions/.*/.*/formwidgets/.*/assets { try_files $uri 404; }
+location ~ ^/extensions/.*/.*/widgets/.*/assets { try_files $uri 404; }
+
+location ~ ^/themes/.*/assets { try_files $uri 404; }
diff --git a/app/admin/classes/AdminController.php b/app/admin/classes/AdminController.php
@@ -28,6 +28,7 @@
 use System\Classes\ErrorHandler;
 use System\Traits\AssetMaker;
 use System\Traits\ConfigMaker;
+use System\Traits\VerifiesCsrfToken;
 use System\Traits\ViewMaker;
 
 class AdminController extends BaseController
@@ -38,6 +39,7 @@ class AdminController extends BaseController
     use WidgetMaker;
     use ValidatesForm;
     use HasAuthentication;
+    use VerifiesCsrfToken;
 
     /**
      * @var object Object used for storing a fatal error.
@@ -136,6 +138,10 @@ public function remap($action, $params)
         $this->action = $action;
         $this->params = $params;
 
+        if (!$this->verifyCsrfToken()) {
+            return Response::make(lang('admin::lang.alert_invalid_csrf_token'), 403);
+        }
+
         // Determine if this request is a public action or authentication is required
         $requireAuthentication = !(in_array($action, $this->publicActions) OR !$this->requireAuthentication);
 

diff --git a/app/admin/classes/ToolbarButton.php b/app/admin/classes/ToolbarButton.php
@@ -93,7 +93,7 @@ public function getAttributes($htmlBuild = TRUE)
         }
 
         if ($this->disabled)
-            $result['disabled'] = 'disabled';
+            $attributes['disabled'] = 'disabled';
 
         return $htmlBuild ? Html::attributes($attributes) : $attributes;
     }

diff --git a/app/admin/database/migrations/2021_07_20_010000_add_columns_default_value.php b/app/admin/database/migrations/2021_07_20_010000_add_columns_default_value.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Admin\Database\Migrations;
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddColumnsDefaultValue extends Migration
+{
+    public function up()
+    {
+        Schema::table('locationables', function (Blueprint $table) {
+            $table->text('options')->change()->nullable();
+        });
+
+        Schema::table('menu_item_options', function (Blueprint $table) {
+            $table->boolean('required')->change()->default(0);
+        });
+    }
+
+    public function down()
+    {
+    }
+}
diff --git a/app/admin/formwidgets/ScheduleEditor.php b/app/admin/formwidgets/ScheduleEditor.php
@@ -72,7 +72,7 @@ public function onLoadRecord()
         $scheduleCode = post('recordId');
         $scheduleItem = $this->getSchedule($scheduleCode);
 
-        $formTitle = sprintf(lang($this->formTitle), $scheduleCode);
+        $formTitle = sprintf(lang($this->formTitle), lang('admin::lang.text_'.$scheduleCode));
 
         return $this->makePartial('recordeditor/form', [
             'formRecordId' => $scheduleCode,

diff --git a/app/admin/formwidgets/scheduleeditor/schedules.blade.php b/app/admin/formwidgets/scheduleeditor/schedules.blade.php
@@ -10,7 +10,7 @@ class="card bg-light shadow-sm mb-2"
             >
                 <div class="card-body">
                     <div class="flex-fill">
-                        <h5 class="card-title">{{ ucfirst(strtolower($schedule->name.' '.lang('admin::lang.locations.text_schedule'))) }}</h5>
+                        <h5 class="card-title">{{ lang('admin::lang.text_'.$schedule->name).' '.lang('admin::lang.locations.text_schedule') }}</h5>
                         <p class="card-text">{{ lang('admin::lang.locations.text_'.$schedule->type) }}</p>
                     </div>
 

diff --git a/app/admin/language/en/lang.php b/app/admin/language/en/lang.php
@@ -49,6 +49,9 @@
     'text_help' => 'Click for Help',
     'text_no_title' => 'No Title',
     'text_allow' => 'Allow',
+    'text_opening' => 'Opening',
+    'text_delivery' => 'Delivery',
+    'text_collection' => 'Pick-up',
 
     'label_code' => 'Code',
     'label_name' => 'Name',
@@ -95,6 +98,7 @@
     'alert_warning_locationable_delete' => 'Warning: You do not have the right permission to delete record(s) attached to multiple locations, please contact the system administrator.',
     'alert_form_error_message' => 'Sorry but form validation has failed, please check for errors.',
     'alert_error_set_default' => '"%s" is disabled and cannot be set as default.',
+    'alert_invalid_csrf_token' => 'Invalid security token, please reload the page and try again.',
     'text_settings_title' => 'Settings',
     'text_message_title' => 'Your messages',
     'text_activity_title' => 'Recent activities',
@@ -498,8 +502,6 @@
         'label_schedule_hours' => 'Hours',
         'label_schedule_open' => 'Start Time',
         'label_schedule_close' => 'End Time',
-        'label_delivery_type' => 'Delivery Hours',
-        'label_collection_type' => 'Pick-up Hours',
         'label_area_shape' => 'Area Shape',
         'label_area_circle' => 'Area Circle',
         'label_area_vertices' => 'Area Vertices',

diff --git a/app/admin/models/Orders_model.php b/app/admin/models/Orders_model.php
@@ -202,9 +202,8 @@ public function getOrderDatetimeAttribute($value)
             AND !isset($this->attributes['order_time'])
         ) return null;
 
-        return Carbon::createFromTimeString(
-            "{$this->attributes['order_date']} {$this->attributes['order_time']}"
-        );
+        return make_carbon($this->attributes['order_date'])
+            ->setTimeFromTimeString($this->attributes['order_time']);
     }
 
     public function getFormattedAddressAttribute($value)

diff --git a/app/admin/models/Reservations_model.php b/app/admin/models/Reservations_model.php
@@ -78,7 +78,7 @@ class Reservations_model extends Model
 
     protected $purgeable = ['tables'];
 
-    public $appends = ['customer_name', 'duration', 'table_name'];
+    public $appends = ['customer_name', 'duration', 'table_name', 'reservation_datetime', 'reservation_end_datetime'];
 
     public static $allowedSortingColumns = [
         'reservation_id asc', 'reservation_id desc',
@@ -222,9 +222,8 @@ public function getReservationDatetimeAttribute($value)
             AND !isset($this->attributes['reserve_time'])
         ) return null;
 
-        return Carbon::createFromTimeString(
-            "{$this->attributes['reserve_date']} {$this->attributes['reserve_time']}"
-        );
+        return make_carbon($this->attributes['reserve_date'])
+            ->setTimeFromTimeString($this->attributes['reserve_time']);
     }
 
     public function getReservationEndDatetimeAttribute($value)

diff --git a/app/admin/routes.php b/app/admin/routes.php
@@ -15,8 +15,7 @@
 
         // Other pages
         Route::any('{slug}', 'System\Classes\Controller@runAdmin')
-            ->where('slug', '(.*)?')
-            ->middleware(\Igniter\Flame\Foundation\Http\Middleware\VerifyCsrfToken::class);
+            ->where('slug', '(.*)?');
     });
 
     // Admin entry point

diff --git a/app/admin/traits/HasWorkingHours.php b/app/admin/traits/HasWorkingHours.php
@@ -7,6 +7,7 @@
 use Exception;
 use Igniter\Flame\Location\WorkingSchedule;
 use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Event;
 use InvalidArgumentException;
 
 trait HasWorkingHours
@@ -122,6 +123,8 @@ public function newWorkingSchedule($type, $days = null)
 
         $schedule->setType($type);
 
+        Event::fire('admin.workingSchedule.created', [$this, $schedule]);
+
         return $schedule;
     }
 

diff --git a/app/admin/widgets/Lists.php b/app/admin/widgets/Lists.php
@@ -864,7 +864,7 @@ protected function evalTimetenseTypeValue($record, $column, $value)
      */
     protected function evalCurrencyTypeValue($record, $column, $value)
     {
-        return currency_format($value);
+        return currency_format((float)$value);
     }
 
     /**

diff --git a/app/main/classes/MainController.php b/app/main/classes/MainController.php
@@ -34,6 +34,7 @@
 use System\Models\Request_logs_model;
 use System\Template\Extension\BladeExtension as SystemBladeExtension;
 use System\Traits\AssetMaker;
+use System\Traits\VerifiesCsrfToken;
 use URL;
 use View;
 
@@ -44,6 +45,7 @@ class MainController extends BaseController
 {
     use AssetMaker;
     use EventEmitter;
+    use VerifiesCsrfToken;
 
     /**
      * @var \Main\Classes\Theme The main theme processed by the controller.
@@ -274,9 +276,8 @@ public function runPage($page)
         // Render the layout
         $this->loader->setSource($this->layout);
         $template = $this->template->load($this->layout->getFilePath());
-        $result = $template->render($this->vars);
 
-        return $result;
+        return $template->render($this->vars);
     }
 
     /**
@@ -354,6 +355,9 @@ protected function processHandlers()
         if (!$handler = $this->getHandler())
             return FALSE;
 
+        if (!$this->verifyCsrfToken())
+            return FALSE;
+
         try {
             $this->validateHandler($handler);
 

diff --git a/app/main/routes.php b/app/main/routes.php
@@ -14,7 +14,6 @@
         Route::any(config('system.assetsCombinerUri', '_assets').'/{asset}', 'System\Classes\Controller@combineAssets');
 
         Route::any('{slug}', 'System\Classes\Controller@run')
-            ->where('slug', '(.*)?')
-            ->middleware(\Igniter\Flame\Foundation\Http\Middleware\VerifyCsrfToken::class);
+            ->where('slug', '(.*)?');
     });
 });
diff --git a/app/system/classes/UpdateManager.php b/app/system/classes/UpdateManager.php
@@ -513,6 +513,9 @@ public function extractFile($fileCode, $extractTo = null)
         if ($extractTo)
             $extractTo .= '/'.str_replace('.', '/', $fileCode);
 
+        if (is_null($extractTo))
+            $extractTo = base_path();
+
         if (!file_exists($extractTo))
             mkdir($extractTo, 0777, TRUE);
-Original file line number
+Diff line change
@@ Expand Up @@
          */
         protected function evalCurrencyTypeValue($record, $column, $value)
         {
-            return currency_format($value);
+            return currency_format((float)$value);
         }
         /**
@@ Expand Down @@