diff --git a/assets/plugins/tinymce7/src/TinyMCE7/Editor/EditorInitializer.php b/assets/plugins/tinymce7/src/TinyMCE7/Editor/EditorInitializer.php index 699e8c9d62..5a7b5512a3 100644 --- a/assets/plugins/tinymce7/src/TinyMCE7/Editor/EditorInitializer.php +++ b/assets/plugins/tinymce7/src/TinyMCE7/Editor/EditorInitializer.php @@ -1,4 +1,5 @@ preferences->applyMenubarPreference($config); $config = $this->preferences->applyEnterMode($config); + $config = $this->applyEditorCssPath($config); + [$config, $fileBrowser] = $this->fileBrowserResolver->resolve($config, $params); $configJson = $this->configRepository->encode($config); @@ -148,4 +151,73 @@ public function handle($event): void $event->output(implode("\n", $output)); } + + private function applyEditorCssPath(array $config): array + { + if (!function_exists('evo')) { + return $config; + } + + $editorCssPath = (string)evo()->config('editor_css_path', ''); + if ($editorCssPath === '') { + return $config; + } + + if (str_starts_with($editorCssPath, '/') || preg_match('@^https?://@', $editorCssPath)) { + $cssUrl = $editorCssPath; + } else { + $cssUrl = defined('MODX_BASE_URL') ? MODX_BASE_URL . $editorCssPath : '/' . $editorCssPath; + } + + $cssUrl = $this->appendEditorCssVersion($cssUrl, $editorCssPath); + + $existing = $config['content_css'] ?? []; + if ($existing === false || $existing === '' || $existing === null) { + $config['content_css'] = $cssUrl; + } elseif (is_array($existing)) { + $existing[] = $cssUrl; + $config['content_css'] = $existing; + } else { + $config['content_css'] = [(string)$existing, $cssUrl]; + } + + return $config; + } + + private function appendEditorCssVersion(string $cssUrl, string $editorCssPath): string + { + if (preg_match('@^https?://@', $editorCssPath)) { + return $cssUrl; + } + + $queryString = parse_url($cssUrl, PHP_URL_QUERY); + if (is_string($queryString)) { + parse_str($queryString, $queryParams); + if (isset($queryParams['v'])) { + return $cssUrl; + } + } + + $pathPart = parse_url($editorCssPath, PHP_URL_PATH); + if (!is_string($pathPart) || $pathPart === '') { + $pathPart = $editorCssPath; + } + + $localPath = defined('MODX_BASE_PATH') + ? MODX_BASE_PATH . ltrim($pathPart, '/') + : ltrim($pathPart, '/'); + + if (!is_file($localPath)) { + return $cssUrl; + } + + $mtime = filemtime($localPath); + if ($mtime === false) { + return $cssUrl; + } + + $separator = str_contains($cssUrl, '?') ? '&' : '?'; + + return $cssUrl . $separator . 'v=' . $mtime; + } } diff --git a/manager/actions/element/mutate_template_tv_rank.dynamic.php b/manager/actions/element/mutate_template_tv_rank.dynamic.php index 2db485ac40..cf2147b546 100644 --- a/manager/actions/element/mutate_template_tv_rank.dynamic.php +++ b/manager/actions/element/mutate_template_tv_rank.dynamic.php @@ -7,21 +7,21 @@ alert()->dumpError(); } -if (!is_numeric($_REQUEST['id'])) { +if (!is_numeric(anyv('id'))) { echo 'Template ID is NaN'; exit; } -$id = intval($_REQUEST['id']); +$id = intval(anyv('id')); $basePath = $modx->config['base_path']; $siteURL = MODX_SITE_URL; $updateMsg = ''; -if (isset($_POST['listSubmitted'])) { +if (postv('listSubmitted')) { $updateMsg .= 'Updated!

'; foreach ($_POST as $listName => $listValue) { - if ($listName === 'listSubmitted') { + if ($listName === 'listSubmitted' || $listName === 'csrf_token') { continue; } $orderArray = explode(';', rtrim($listValue, ';')); @@ -155,5 +155,9 @@
- + '; + +echo csrfTokenField(); + +echo '
'; diff --git a/manager/actions/main/welcome.static.php b/manager/actions/main/welcome.static.php index ee12a9e119..39a6701656 100644 --- a/manager/actions/main/welcome.static.php +++ b/manager/actions/main/welcome.static.php @@ -46,8 +46,8 @@ function hideConfigCheckWarning(key){ // setup message info if (evo()->hasPermission('messages')) { $messages = manager()->getMessageCount(); - $_SESSION['nrtotalmessages'] = $messages['total']; - $_SESSION['nrnewmessages'] = $messages['new']; + sessionv('*nrtotalmessages', $messages['total']); + sessionv('*nrnewmessages', $messages['new']); $msg = '  ' . $_lang["inbox"] . (sessionv('nrnewmessages') > 0 ? " (" . sessionv('nrnewmessages') . ')' : '') . '
'; @@ -194,7 +194,8 @@ function hideConfigCheckWarning(key){ $modx->setPlaceholder('Modules', $modules); // do some config checks -if (config('warning_visibility' == 0 && manager()->isAdmin()) +if ( + config('warning_visibility' == 0 && manager()->isAdmin()) || (config('warning_visibility') == 2 && evo()->hasPermission('save_role') == 1) || config('warning_visibility') == 1 ) { diff --git a/manager/actions/permission/messages.static.php b/manager/actions/permission/messages.static.php index 818c3f14bf..0557098511 100644 --- a/manager/actions/permission/messages.static.php +++ b/manager/actions/permission/messages.static.php @@ -8,25 +8,26 @@ alert()->dumpError(); } $icons_path = manager_style_image_path('icons'); -if (isset($_REQUEST['id'])) { - $msgid = intval($_REQUEST['id']); -} +$msgid = (int) anyv('id', 0); +$messageMode = (string) anyv('m', ''); +$subjecttext = ''; +$messagetext = ''; $uid = evo()->getLoginUserID(); ?> -

+

-
- -
+
+ +
- + 0 && $messageMode === 'r') { ?>
@@ -52,24 +53,26 @@ $row2 = db()->getRow($rs2); $sendername = $row2['username']; } - ?> + ?> @@ -104,7 +107,7 @@
- update('messageread=1', '[+prefix+]user_messages', "id='{$msgid}'"); } @@ -115,276 +118,280 @@ -
-
-
- +
+
+ select('count(id)', '[+prefix+]user_messages', "recipient='{$uid}'"); - $num_rows = db()->getValue($rs); + // Get number of rows + $rs = db()->select('count(id)', '[+prefix+]user_messages', "recipient='{$uid}'"); + $num_rows = db()->getValue($rs); - // ============================================================== - // Exemple Usage - // Note: I make 2 query to the database for this exemple, it - // could (and should) be made with only one query... - // ============================================================== + // ============================================================== + // Exemple Usage + // Note: I make 2 query to the database for this exemple, it + // could (and should) be made with only one query... + // ============================================================== - // If current position is not set, set it to zero - if (!isset($_REQUEST['int_cur_position']) || $_REQUEST['int_cur_position'] == 0) { - $int_cur_position = 0; - } else { - $int_cur_position = $_REQUEST['int_cur_position']; - } + // If current position is not set, set it to zero + $int_cur_position = (int) anyv('int_cur_position', 0); + if ($int_cur_position < 0) { + $int_cur_position = 0; + } - // Number of result to display on the page, will be in the LIMIT of the sql query also - $int_num_result = $modx->config['number_of_messages']; + // Number of result to display on the page, will be in the LIMIT of the sql query also + $int_num_result = $modx->config['number_of_messages']; + $pager = ''; + $dotablestuff = 0; - $extargv = "&a=10"; // extra argv here (could be anything depending on your page) + $extargv = "&a=10"; // extra argv here (could be anything depending on your page) - include_once(MODX_CORE_PATH . 'paginate.inc.php'); - // New instance of the Paging class, you can modify the color and the width of the html table - $p = new Paging($num_rows, $int_cur_position, $int_num_result, $extargv); + include_once(MODX_CORE_PATH . 'paginate.inc.php'); + // New instance of the Paging class, you can modify the color and the width of the html table + $p = new Paging($num_rows, $int_cur_position, $int_num_result, $extargv); - // Load up the 2 array in order to display result - $array_paging = $p->getPagingArray(); - $array_row_paging = $p->getPagingRowArray(); + // Load up the 2 array in order to display result + $array_paging = $p->getPagingArray(); + $array_row_paging = $p->getPagingRowArray(); - // Display the result as you like... - $pager .= $_lang['showing'] . " " . $array_paging['lower']; - $pager .= " " . $_lang['to'] . " " . $array_paging['upper']; - $pager .= " (" . $array_paging['total'] . " " . $_lang['total'] . ")"; - $pager .= "
" . $array_paging['previous_link'] . '<<' . (isset($array_paging['previous_link']) ? " " : " "); - foreach ($array_row_paging as $v) { - $pager .= $v . ' '; - } - $pager .= $array_paging['next_link'] . ">>" . (isset($array_paging['next_link']) ? "" : ""); + // Display the result as you like... + $pager .= $_lang['showing'] . " " . $array_paging['lower']; + $pager .= " " . $_lang['to'] . " " . $array_paging['upper']; + $pager .= " (" . $array_paging['total'] . " " . $_lang['total'] . ")"; + $pager .= "
" . $array_paging['previous_link'] . '<<' . (isset($array_paging['previous_link']) ? " " : " "); + foreach ($array_row_paging as $v) { + $pager .= $v . ' '; + } + $pager .= $array_paging['next_link'] . ">>" . (isset($array_paging['next_link']) ? "" : ""); - $rs = db()->select( - '*', - '[+prefix+]user_messages', - sprintf("recipient='%s'", $uid), - 'postdate DESC', - sprintf('%d, %s', $int_cur_position, $int_num_result) - ); - $limit = db()->count($rs); - if ($limit < 1): - echo $_lang['messages_no_messages']; - else: + $rs = db()->select( + '*', + '[+prefix+]user_messages', + sprintf("recipient='%s'", $uid), + 'postdate DESC', + sprintf('%d, %s', $int_cur_position, $int_num_result) + ); + $limit = db()->count($rs); + if ($limit < 1): + echo $_lang['messages_no_messages']; + else: echo $pager; $dotablestuff = 1; - ?> + ?> + id="table-1" width='100%'> - - - - - - - + + + + + + + - getRow($rs)) : - $message['subject'] = decrypt($message['subject']); - $message['message'] = decrypt($message['message']); - $sender = $message['sender']; - if ($sender == 0): - $sendername = "[System]"; - else: - $rs2 = db()->select('username', '[+prefix+]manager_users', "id='{$sender}'"); - $row2 = db()->getRow($rs2); - $sendername = $row2['username']; - endif; - $messagestyle = $message['messageread'] == 0 ? "messageUnread" : "messageRead"; + getRow($rs)) : + $message['subject'] = decrypt($message['subject']); + $message['message'] = decrypt($message['message']); + $sender = $message['sender']; + if ($sender == 0): + $sendername = "[System]"; + else: + $rs2 = db()->select('username', '[+prefix+]manager_users', "id='{$sender}'"); + $row2 = db()->getRow($rs2); + $sendername = $row2['username']; + endif; + $messagestyle = $message['messageread'] == 0 ? "messageUnread" : "messageRead"; ?> - - - - - - - - + + + + + + +
', - $icons_path); - } ?>toDateFormat($message['postdate'] + $modx->config['server_offset_time']) ?>
', + $icons_path + ); + } ?>toDateFormat($message['postdate'] + $modx->config['server_offset_time']) ?>
-
-
-
-
- select('*', '[+prefix+]user_messages', "id='{$msgid}'"); - $limit = db()->count($rs); - if ($limit != 1) { - echo "Wrong number of messages returned!"; +
+
+
+
+ 0) { + $rs = db()->select('*', '[+prefix+]user_messages', "id='{$msgid}'"); + $limit = db()->count($rs); + if ($limit != 1) { + echo "Wrong number of messages returned!"; + } else { + $message = db()->getRow($rs); + $message['subject'] = decrypt($message['subject']); + $message['message'] = decrypt($message['message']); + if ($message['recipient'] != $uid) { + echo $_lang['messages_not_allowed_to_read']; } else { - $message = db()->getRow($rs); - $message['subject'] = decrypt($message['subject']); - $message['message'] = decrypt($message['message']); - if ($message['recipient'] != $uid) { - echo $_lang['messages_not_allowed_to_read']; + // output message! + // get the name of the sender + $sender = $message['sender']; + if ($sender == 0) { + $sendername = "[System]"; } else { - // output message! - // get the name of the sender - $sender = $message['sender']; - if ($sender == 0) { - $sendername = "[System]"; - } else { - $rs2 = db()->select('username', '[+prefix+]manager_users', "id={$sender}"); - $row2 = db()->getRow($rs2); - $sendername = $row2['username']; - } - $subjecttext = $_REQUEST['m'] == 'rp' ? "Re: " : "Fwd: "; - $subjecttext .= $message['subject']; - $messagetext = "\n\n\n-----\n" . $_lang['messages_from'] . ": $sendername\n" . $_lang['messages_sent'] . ": " . $modx->toDateFormat($message['postdate'] + $modx->config['server_offset_time']) . "\n" . $_lang['messages_subject'] . ": " . $message['subject'] . "\n\n" . $message['message']; - if ($_REQUEST['m'] == 'rp') { - $recipientindex = $message['sender']; - } + $rs2 = db()->select('username', '[+prefix+]manager_users', "id={$sender}"); + $row2 = db()->getRow($rs2); + $sendername = $row2['username']; + } + $subjecttext = $messageMode === 'rp' ? "Re: " : "Fwd: "; + $subjecttext .= $message['subject']; + $messagetext = "\n\n\n-----\n" . $_lang['messages_from'] . ": $sendername\n" . $_lang['messages_sent'] . ": " . $modx->toDateFormat($message['postdate'] + $modx->config['server_offset_time']) . "\n" . $_lang['messages_subject'] . ": " . $message['subject'] . "\n\n" . $message['message']; + if ($messageMode === 'rp') { + $recipientindex = $message['sender']; } } } - ?> + } + ?> - -
-
- : - - - - -
- - -
- :  - select('mu.username,mu.id', - '[+prefix+]manager_users mu INNER JOIN [+prefix+]user_attributes mua ON mua.internalkey=mu.id', - "mua.blocked='0'"); - ?> - - - - -
-
+ if (showSpan == 2) { + document.getElementById("groupspan").style.display = "block"; + } + if (showSpan == 3) { + document.getElementById("allspan").style.display = "block"; + } + } + + +
+ : + + + + +
+ + +
+ :  + select( + 'mu.username,mu.id', + '[+prefix+]manager_users mu INNER JOIN [+prefix+]user_attributes mua ON mua.internalkey=mu.id', + "mua.blocked='0'" + ); + ?> + + + + +
+
-

+

-

- : +
+ : - - - - - - - - - - - - - -
:
:
- -
+ + + + + + + + + + + + + +
:
:
+ +
-
- -
+ +
+
select('count(*)', '[+prefix+]user_messages', "recipient='{$uid}' AND messageread=0"); -$_SESSION['nrnewmessages'] = db()->getValue($rs); +sessionv('*nrnewmessages', db()->getValue($rs)); $rs = db()->select('count(*)', '[+prefix+]user_messages', "recipient='{$uid}'"); -$_SESSION['nrtotalmessages'] = db()->getValue($rs); +sessionv('*nrtotalmessages', db()->getValue($rs)); $messagesallowed = evo()->hasPermission('messages'); ?> - + v = setTimeout('msgCountAgain()', 1500); // do this with a slight delay so it overwrites msgCount() + dbname, db()->table_prefix )); + $truncateable = [ + db()->table_prefix . 'event_log', + db()->table_prefix . 'manager_log', + ]; $i = 0; $totaloverhead = 0; $total = 0; while ($row = db()->getRow($rs)) { $bgcolor = ($i % 2) ? '#EEEEEE' : '#FFFFFF'; + $isTruncateable = in_array($row['Name'], $truncateable, true); + $isInnoDb = strtolower((string)($row['Engine'] ?? '')) === 'innodb'; + $recordCount = (int)$row['Rows']; + if ($isTruncateable) { + $recordCount = (int)db()->getValue( + db()->select( + 'COUNT(*)', + $row['Name'] + ) + ); + } if (isset($dumper->_dbtables) && !empty($dumper->_dbtables)) { $table_string = implode(',', $dumper->_dbtables); @@ -212,26 +227,22 @@ class="mutate">' . $row['Name'] . '' . "\n" . - '' . $row['Rows'] . '' . "\n"; + '' . ( + evo()->hasPermission('settings') && $isTruncateable && $recordCount > 0 + ? '' . $recordCount . '' + : $recordCount + ) . '' . "\n"; echo '' . $row['Collation'] . '' . "\n"; - // Enable record deletion for certain tables (TRUNCATE TABLE) if they're not already empty - $truncateable = [ - db()->table_prefix . 'event_log', - db()->table_prefix . 'manager_log', - ]; - if (evo()->hasPermission('settings') && in_array( - $row['Name'], - $truncateable - ) && $row['Rows'] > 0) { - echo '' . - '' . evo()->nicesize($row['Data_length'] + $row['Data_free']) . '' . - '' . "\n"; + if ($isInnoDb) { + echo '-' . "\n"; } else { echo '' . evo()->nicesize($row['Data_length'] + $row['Data_free']) . '' . "\n"; } - if (evo()->hasPermission('settings')) { + if ($isInnoDb) { + echo '-' . "\n"; + } elseif (evo()->hasPermission('settings')) { echo '' . ($row['Data_free'] > 0 ? '' . evo()->nicesize($row['Data_free']) . '' : '-') .