diff --git a/lib/Baser/Controller/BcAppController.php b/lib/Baser/Controller/BcAppController.php
index 3837aa4913..02f116619c 100644
--- a/lib/Baser/Controller/BcAppController.php
+++ b/lib/Baser/Controller/BcAppController.php
@@ -734,6 +734,8 @@ private function __loadDataToView()
}
}
+ if(isset($_SERVER['REQUEST_URI']) && preg_match('/\.map$/', $_SERVER['REQUEST_URI'])) return;
+
/* ログインユーザー */
if (BC_INSTALLED && $user && $this->name !== 'Installations' && !Configure::read('BcRequest.isUpdater') && !Configure::read('BcRequest.isMaintenance') && $this->name !== 'CakeError') {
$this->set('user', $user);
@@ -1693,4 +1695,21 @@ protected function _checkReferer()
}
return true;
}
+
+ /**
+ * Render
+ *
+ * map ファイルへのリクエストの際、PHPのセッションを書き換えてしまい
+ * ログイン状態が継続できない問題となってしまうため、render を実行せず、Not Found を返却する
+ *
+ * @param string $view
+ * @param string $layout
+ * @return CakeResponse|string
+ */
+ public function render($view = null, $layout = null)
+ {
+ if(isset($_SERVER['REQUEST_URI']) && preg_match('/\.map$/', $_SERVER['REQUEST_URI'])) return 'Not Found';
+ return parent::render($view, $layout);
+ }
+
}
diff --git a/lib/Baser/Controller/Component/BcContentsComponent.php b/lib/Baser/Controller/Component/BcContentsComponent.php
index 8642b99436..3f2b1992aa 100644
--- a/lib/Baser/Controller/Component/BcContentsComponent.php
+++ b/lib/Baser/Controller/Component/BcContentsComponent.php
@@ -245,7 +245,9 @@ public function beforeRender(Controller $controller)
// CakePHP3では、ビューキャッシュは廃止となる為、別の方法に移行する
if ($this->useViewCache && !BcUtil::loginUser('admin') && !isConsole() && !empty($controller->request->params['Content'])) {
$controller->helpers[] = 'BcCache';
- $controller->cacheAction = $controller->Content->getCacheTime($controller->request->params['Content']);
+ // php 8系では'+5 min'など、string型で指定されていた場合、5分後と判定されない問題を解消
+ $cacheTime = $controller->Content->getCacheTime($controller->request->params['Content']);
+ $controller->cacheAction = is_numeric($cacheTime) ? $cacheTime : strtotime($cacheTime) - time();
}
}
}
diff --git a/lib/Baser/Controller/PluginsController.php b/lib/Baser/Controller/PluginsController.php
index 053a7708e8..50e6399cd8 100644
--- a/lib/Baser/Controller/PluginsController.php
+++ b/lib/Baser/Controller/PluginsController.php
@@ -390,7 +390,7 @@ public function admin_install($name)
} else {
// プラグインをインストール
if ($this->BcManager->installPlugin($this->request->data['Plugin']['name'])) {
- $this->BcMessage->setSuccess(sprintf(__d('baser', '新規プラグイン「%s」を baserCMS に登録しました。'), $name));
+ $this->BcMessage->setSuccess(sprintf(__d('baser', '新規プラグイン「%s」を %s に登録しました。'), $name, Configure::read('BcApp.title')));
$this->Plugin->addFavoriteAdminLink($name, $this->BcAuth->user());
$this->_addPermission($this->request->data);
diff --git a/lib/Baser/Lib/BcFileUploader.php b/lib/Baser/Lib/BcFileUploader.php
index b622ee1ce6..69c46e10ae 100644
--- a/lib/Baser/Lib/BcFileUploader.php
+++ b/lib/Baser/Lib/BcFileUploader.php
@@ -1030,7 +1030,11 @@ public function copyImages($setting, $file)
*/
public function setUploadingFiles($files)
{
- $this->uploadingFiles = $files;
+ if ($this->uploadingFiles) {
+ $this->uploadingFiles = array_merge($this->uploadingFiles, $files);
+ } else {
+ $this->uploadingFiles = $files;
+ }
}
/**
diff --git a/lib/Baser/Lib/BcUtil.php b/lib/Baser/Lib/BcUtil.php
index a9c141d9a6..f5582eb076 100644
--- a/lib/Baser/Lib/BcUtil.php
+++ b/lib/Baser/Lib/BcUtil.php
@@ -59,6 +59,20 @@ public static function isAdminUser()
return ($user['UserGroup']['id'] == Configure::read('BcApp.adminGroupId'));
}
+ /**
+ * ユーザーが編集可能なユーザーかチェック
+ * @return bool
+ */
+ public static function isUserEditableUser()
+ {
+ if(BcUtil::isAdminUser()) return true;
+ $user = BcUtil::loginUser();
+ if(!$user) return false;
+ /* @var Permission $permissionModel */
+ $permissionModel = ClassRegistry::init('Permission');
+ return $permissionModel->check('/admin/users/edit/', $user['UserGroup']['id']);
+ }
+
/**
* ログインユーザーのデータを取得する
*
@@ -66,6 +80,10 @@ public static function isAdminUser()
*/
public static function loginUser($prefix = 'admin')
{
+ // map ファイルへのリクエストの際、PHPのセッションを書き換えてしまい
+ // ログイン状態が継続できなくなってしまうため処理を実行しない
+ if(isset($_SERVER['REQUEST_URI']) && preg_match('/\.map$/', $_SERVER['REQUEST_URI'])) return null;
+
$Session = new CakeSession();
$sessionKey = BcUtil::authSessionKey($prefix);
$user = $Session->read('Auth.' . $sessionKey);
@@ -502,4 +520,23 @@ public static function getAdminPrefix()
return Configure::read('BcAuthPrefix.admin.alias');
}
+ /**
+ * 文字列よりスクリプトタグを除去する
+ *
+ * @param string $value
+ * @return string
+ */
+ public static function stripScriptTag($value)
+ {
+ $allows = [
+ 'a', 'abbr', 'address', 'area', 'b', 'blockquote', 'body', 'br', 'button', 'caption', 'cite', 'code',
+ 'col', 'colgroup', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'fieldset', 'form', 'h1', 'h2', 'h3',
+ 'h4', 'h5', 'h6', 'hr', 'i', 'iframe', 'img', 'input', 'ins', 'kbd', 'label', 'legend', 'li', 'link',
+ 'map', 'meta', 'noscript', 'object', 'ol', 'optgroup', 'option', 'p', 'pre', 'q', 'samp', 'select',
+ 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead',
+ 'title', 'tr', 'ul', 'var', 'style'
+ ];
+ return strip_tags($value, '<' . implode('><', $allows) . '>');
+ }
+
}
diff --git a/lib/Baser/Lib/Error/BcErrorHandler.php b/lib/Baser/Lib/Error/BcErrorHandler.php
index 32b8745703..4cbc730db2 100644
--- a/lib/Baser/Lib/Error/BcErrorHandler.php
+++ b/lib/Baser/Lib/Error/BcErrorHandler.php
@@ -336,7 +336,8 @@ private static function makeMessage($errorType, $errorCode, $description, $file_
$rs[] = 'Referer: ' . env('HTTP_REFERER');
}
- if (empty(Configure::read('Error.trace'))) {
+ $trace = Configure::read('Error.trace');
+ if (empty($trace)) {
return implode("\n", $rs);
}
diff --git a/lib/Baser/Model/Content.php b/lib/Baser/Model/Content.php
index 6ec5a32175..b5c46f15b4 100644
--- a/lib/Baser/Model/Content.php
+++ b/lib/Baser/Model/Content.php
@@ -311,7 +311,7 @@ public function getUniqueName($name, $parentId, $contentId = null)
foreach($datas as $data) {
if ($name === $data) {
$numbers[1] = 1;
- } elseif (preg_match("/^" . preg_quote($name, '/') . "_([0-9]+)$/s", $data, $matches)) {
+ } elseif ($data !== $name. '_1' && preg_match("/^" . preg_quote($name, '/') . "_([0-9]+)$/s", $data, $matches)) {
$numbers[$matches[1]] = true;
}
}
diff --git a/lib/Baser/Plugin/Blog/Controller/BlogController.php b/lib/Baser/Plugin/Blog/Controller/BlogController.php
index bfbc83b55c..40ac20f9c1 100644
--- a/lib/Baser/Plugin/Blog/Controller/BlogController.php
+++ b/lib/Baser/Plugin/Blog/Controller/BlogController.php
@@ -734,6 +734,12 @@ public function tags($name = null)
if (empty($name)) {
$this->notFound();
}
+ // /tags/{存在しないタグ名} がステータス200として戻される問題の解決
+ $tag = $this->BlogTag->find('first', ['conditions' => ['BlogTag.name' => $name], 'recursive' => -1]);
+ if (empty($tag)) {
+ $this->notFound();
+ }
+
$num = 10;
if (!empty($this->request->params['named']['num'])) {
$num = $this->request->params['named']['num'];
diff --git a/lib/Baser/Plugin/Blog/View/Helper/BlogHelper.php b/lib/Baser/Plugin/Blog/View/Helper/BlogHelper.php
index ae1dd85cad..05b5ab4323 100755
--- a/lib/Baser/Plugin/Blog/View/Helper/BlogHelper.php
+++ b/lib/Baser/Plugin/Blog/View/Helper/BlogHelper.php
@@ -197,7 +197,7 @@ public function getTitle()
*/
public function getDescription()
{
- return $this->blogContent['description'];
+ return BcUtil::stripScriptTag($this->blogContent['description']);
}
/**
diff --git a/lib/Baser/Plugin/Mail/Model/MailMessage.php b/lib/Baser/Plugin/Mail/Model/MailMessage.php
index a9a025fa68..8eb0a64dc9 100755
--- a/lib/Baser/Plugin/Mail/Model/MailMessage.php
+++ b/lib/Baser/Plugin/Mail/Model/MailMessage.php
@@ -336,7 +336,7 @@ protected function _validExtends($data)
$this->invalidate($field_name, __('日付の形式が無効です。'));
}
}
- if (is_string($data['MailMessage'][$field_name])) {
+ if (is_string($data['MailMessage'][$field_name]) && $data['MailMessage'][$field_name]) {
// カレンダー入力利用時は yyyy/mm/dd で入ってくる
// yyyy/mm/dd 以外の文字列入力も可能であり、そうした際は日付データとして 1970-01-01 となるため認めない
$inputValue = date('Y-m-d', strtotime($data['MailMessage'][$field_name]));
@@ -350,16 +350,16 @@ protected function _validExtends($data)
continue;
}
if (in_array('VALID_ZENKAKU_KATAKANA', $valids)) {
- if (!preg_match('/^(|[ァ-ヾ ]+)$/u', $this->data['MailMessage'][$mailField['field_name']])) {
- preg_match_all('/[^ァ-ヾ ]/u', $this->data['MailMessage'][$mailField['field_name']], $notKatakanaArray);
+ if (!preg_match('/^(|[ァ-ヾ ー]+)$/u', $this->data['MailMessage'][$mailField['field_name']])) {
+ preg_match_all('/[^ァ-ヾ ー]/u', $this->data['MailMessage'][$mailField['field_name']], $notKatakanaArray);
$notKatakana = implode('', $notKatakanaArray[0]);
$this->invalidate($mailField['field_name'], __('次の文字はカタカナではないので受け付けられません: ' . $notKatakana));
}
continue;
}
if (in_array('VALID_ZENKAKU_HIRAGANA', $valids)) {
- if (!preg_match('/^(|[ぁ-ゞ ]+)$/u', $this->data['MailMessage'][$mailField['field_name']])) {
- preg_match_all('/[^ぁ-ゞ ]/u', $this->data['MailMessage'][$mailField['field_name']], $notHiraganaArray);
+ if (!preg_match('/^(|[ぁ-ゞ ー]+)$/u', $this->data['MailMessage'][$mailField['field_name']])) {
+ preg_match_all('/[^ぁ-ゞ ー]/u', $this->data['MailMessage'][$mailField['field_name']], $notHiraganaArray);
$notHiragana = implode('', $notHiraganaArray[0]);
$this->invalidate($mailField['field_name'], __('次の文字はひらがなではないので受け付けられません: ' . $notHiragana));
}
diff --git a/lib/Baser/Plugin/Mail/View/Helper/MailHelper.php b/lib/Baser/Plugin/Mail/View/Helper/MailHelper.php
index fc96b0cc4d..fed6183766 100755
--- a/lib/Baser/Plugin/Mail/View/Helper/MailHelper.php
+++ b/lib/Baser/Plugin/Mail/View/Helper/MailHelper.php
@@ -158,7 +158,7 @@ public function getMailTemplates($siteId = 0)
*/
public function getDescription()
{
- return $this->mailContent['description'];
+ return BcUtil::stripScriptTag($this->mailContent['description']);
}
/**
diff --git a/lib/Baser/Plugin/Mail/View/Helper/MailformHelper.php b/lib/Baser/Plugin/Mail/View/Helper/MailformHelper.php
index 19ca2d70dc..a726395166 100755
--- a/lib/Baser/Plugin/Mail/View/Helper/MailformHelper.php
+++ b/lib/Baser/Plugin/Mail/View/Helper/MailformHelper.php
@@ -284,7 +284,7 @@ public function authCaptcha($fieldName, $options = [])
'class' => 'auth-captcha-image'
], $options);
$captchaId = mt_rand(0, 99999999);
- $url = $this->request->params['Content']['url'];
+ $url = h($this->request->params['Content']['url']);
if (!empty($this->request->params['Site']['same_main_url'])) {
$url = $this->BcContents->getPureUrl($url, $this->request->params['Site']['id']);
}
diff --git a/lib/Baser/Plugin/Uploader/webroot/js/admin/uploader_files/uploader_list.js b/lib/Baser/Plugin/Uploader/webroot/js/admin/uploader_files/uploader_list.js
index acdd6886fa..6e354dc279 100755
--- a/lib/Baser/Plugin/Uploader/webroot/js/admin/uploader_files/uploader_list.js
+++ b/lib/Baser/Plugin/Uploader/webroot/js/admin/uploader_files/uploader_list.js
@@ -318,6 +318,12 @@ $(function () {
return false;
});
+ $('.bca-list-num a').on('click.listNumEvent', function(){
+ $("#Waiting").show();
+ $.get($(this).attr('href'), updateFileListCompleteHander);
+ return false;
+ });
+
$("#BtnFilter" + listId).bind('click.filterEvent', function () {
updateFileList();
});
diff --git a/lib/Baser/Test/Case/Lib/BcUtilTest.php b/lib/Baser/Test/Case/Lib/BcUtilTest.php
index ba2ec71f5f..16e274703e 100644
--- a/lib/Baser/Test/Case/Lib/BcUtilTest.php
+++ b/lib/Baser/Test/Case/Lib/BcUtilTest.php
@@ -29,7 +29,9 @@ class BcUtilTest extends BaserTestCase
'baser.Default.SiteConfig',
'baser.Default.Content',
'baser.Default.Site',
- 'baser.Default.User'
+ 'baser.Default.User',
+ 'baser.Default.UserGroup',
+ 'baser.Default.Permission',
];
/**
@@ -113,6 +115,43 @@ public function isAdminUserDataProvider()
];
}
+ /**
+ * test isUserEditableUser
+ * @param $userGroupId
+ * @param $expect
+ * @return void
+ */
+ public function testIsUserEditableUser()
+ {
+ $Session = new CakeSession();
+ $sessionKey = Configure::read('BcAuthPrefix.admin.sessionKey');
+
+ // システム管理グループ
+ $Session->write('Auth.' . $sessionKey . '.UserGroup.id', 1);
+ $this->assertTrue(BcUtil::isUserEditableUser());
+
+ // システム管理グループ以外
+ $Session->write('Auth.' . $sessionKey . '.UserGroup.id', 2);
+ $this->assertFalse(BcUtil::isUserEditableUser());
+
+ // システム管理グループ以外(権限追加)
+ $permissionModel = ClassRegistry::init('Permission');
+ $permissionModel->create([
+ 'name' => 'ユーザー編集',
+ 'user_group_id' => 2,
+ 'url' => '/admin/users/edit/*',
+ 'auth' => 1,
+ 'status' => 1,
+ 'no' => 16,
+ 'sort' => 16
+ ]);
+ $permissionModel->save();
+ clearDataCache();
+ $permissionModel->permissionsTmp = -1;
+ $permissionModel->setCheck(2);
+ $this->assertTrue(BcUtil::isUserEditableUser());
+ }
+
/**
* ログインユーザーのデータを取得する
*/
@@ -442,4 +481,29 @@ public function getSubDomainDataProvider()
];
}
+ /**
+ * test stripScriptTag
+ * @return void
+ * @dataProvider stripScriptTagDataProvider
+ */
+ public function testStripScriptTag($content, $expect)
+ {
+ $result = BcUtil::stripScriptTag($content);
+ $this->assertEquals($expect, $result, 'scriptタグを削除できません。');
+ }
+
+ public function stripScriptTagDataProvider()
+ {
+ return [
+ [
+ 'content' => '',
+ 'expect' => 'hoge'
+ ],
+ [
+ 'content' => '
hoge',
+ 'expect' => '
hogehoge'
+ ]
+ ];
+ }
+
}
diff --git a/lib/Baser/VERSION.txt b/lib/Baser/VERSION.txt
index 318a360404..03483a0b2e 100644
--- a/lib/Baser/VERSION.txt
+++ b/lib/Baser/VERSION.txt
@@ -1,4 +1,4 @@
-4.7.7-dev
+4.8.0-dev
///////////////////////////////////////////////////////////////////////////////////////////////////////////
// +---------------------------------------------------------------------------------------------------+ //
@@ -17,6 +17,16 @@
CHG: 変更内容 / BUG: バグフィックス / NEW: 機能追加
+[2023-08-31] basercms-4.7.8
+- BUG [BC] fix #2638 PHP8を利用した際に正しくビューキャッシュが生成されない問題を改善
+- BUG [BC] fix #2538 メニュー取得に関するヘルパの挙動を改善
+- BUG [ML] fix #2570 メールフォームで複数のファイルフィールドを利用すると発生する不具合を改善
+
+[2023-06-29] basercms-4.7.7
+- BUG [BC] fix #2177 PHP5.4に対応していない問題を改善
+- BUG [BC] fix #2173 [コンテンツ]同一階層にindexがなくてもindex_1があるとindexが作成できない問題を改善
+- BUG [BG] fix #2406 [ver4] /tags/{存在しないタグ名} がステータス200として戻される問題を改善
+
[2023-04-27] basercms-4.7.6
- BUG [BC] fix #1899 php8系で$this->BcBaser->crumbs()を使用するとWarningがでる問題を改善
diff --git a/lib/Baser/View/Elements/widget_area.php b/lib/Baser/View/Elements/widget_area.php
index 475b69bd87..ac5e7a2e31 100755
--- a/lib/Baser/View/Elements/widget_area.php
+++ b/lib/Baser/View/Elements/widget_area.php
@@ -25,6 +25,6 @@
?>
-