Changeset 3357:9bbeb2691a23

Timestamp:

10/06/16 15:55:18 (9 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Parents:

3356:d298544918cd (diff), 3354:a9db771a5a70 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge fixes commited on stable 2.10 branch

Location:

inc

Files:

• admin/lib.dc.page.php (modified) (6 diffs)
• core/class.dc.media.php (modified) (3 diffs)
• core/class.dc.media.php (modified) (2 diffs)

inc/admin/lib.dc.page.php

@@ -106 +106 @@
                // Get directives from settings if exist, else set defaults
                $csp = new ArrayObject(array());
-               $csp['default-src'] = $core->blog->settings->system->csp_admin_default ? $core->blog->settings->system->csp_admin_default : "'self'";
-               $csp['script-src'] = $core->blog->settings->system->csp_admin_script ? $core->blog->settings->system->csp_admin_script : "'self' 'unsafe-inline' 'unsafe-eval'";
-               $csp['style-src'] = $core->blog->settings->system->csp_admin_style ? $core->blog->settings->system->csp_admin_style : "'self' 'unsafe-inline'";
-               $csp['img-src'] = $core->blog->settings->system->csp_admin_img ? $core->blog->settings->system->csp_admin_img : "'self' data: media.dotaddict.org";
+               $csp['default-src'] = $core->blog->settings->system->csp_admin_default ?: "'self'";
+               $csp['script-src'] = $core->blog->settings->system->csp_admin_script ?: "'self' 'unsafe-inline' 'unsafe-eval'";
+               $csp['style-src'] = $core->blog->settings->system->csp_admin_style ?: "'self' 'unsafe-inline'";
+               $csp['img-src'] = $core->blog->settings->system->csp_admin_img ?: "'self' data: media.dotaddict.org";
 
                # Cope with blog post preview (via public URL in iframe)
@@ -137 +137 @@
                          $directives[] = "report-uri ".DC_ADMIN_URL."csp_report.php";
                     }
-                    $headers['csp'] = "Content-Security-Policy: ".implode(" ; ",$directives);
+                    $report_only = ($core->blog->settings->system->csp_admin_report_only) ? '-Report-Only' : '';
+                    $headers['csp'] = "Content-Security-Policy".$report_only.": ".implode(" ; ",$directives);
                }
           }
@@ -211 +212 @@
           '<div id="wrapper" class="clearfix">'."\n".
           '<div class="hidden-if-no-js collapser-box"><a href="#" id="collapser">'.
-          '<img class="collapse-mm" src="images/collapser-hide.png" alt="'.__('Hide main menu').'" />'.
-          '<img class="expand-mm" src="images/collapser-show.png" alt="'.__('Show main menu').'" />'.
+          '<img class="collapse-mm visually-hidden" src="images/collapser-hide.png" alt="'.__('Hide main menu').'" />'.
+          '<img class="expand-mm visually-hidden" src="images/collapser-show.png" alt="'.__('Show main menu').'" />'.
           '</a></div>'.
           '<div id="main" role="main">'."\n".
@@ -297 +298 @@
      {
           global $core;
-          $tag = (isset($n['divtag'])&& $n['divtag'])?'div':'p';
+          $tag = (isset($n['divtag']) && $n['divtag']) ? 'div' : 'p';
           $ts = '';
           if (!isset($n['with_ts']) || ($n['with_ts'] == true)) {
@@ -441 +442 @@
      {
           global $core;
-          $with_home_link = isset($options['home_link'])?$options['home_link']:true;
-          $hl = isset($options['hl'])?$options['hl']:true;
-          $hl_pos = isset($options['hl_pos'])?$options['hl_pos']:-1;
+          $with_home_link = isset($options['home_link']) ? $options['home_link'] : true;
+          $hl = isset($options['hl']) ? $options['hl'] : true;
+          $hl_pos = isset($options['hl_pos']) ? $options['hl_pos'] : -1;
           // First item of array elements should be blog's name, System or Plugins
           $res = '<h2>'.($with_home_link ?
@@ -1053 +1054 @@
                          }
                     }
+                    sort($themes);
                }
           }

inc/core/class.dc.media.php

@@ -393 +393 @@
           }
 
-          $media_dir = $this->relpwd ? $this->relpwd : '.';
+          $media_dir = $this->relpwd ?: '.';
 
           $strReq =
@@ -660 +660 @@
      protected function rebuildDB($pwd)
      {
-          $media_dir = $pwd ? $pwd : '.';
+          $media_dir = $pwd ?: '.';
 
           $strReq =
@@ -919 +919 @@
      public function getDBDirs()
      {
-          $media_dir = $this->relpwd ? $this->relpwd : '.';
+          $media_dir = $this->relpwd ?: '.';
 
           $strReq =

inc/core/class.dc.media.php

@@ -943 +943 @@
           $zip = new fileUnzip($f->file);
           $zip->setExcludePattern($this->exclude_pattern);
-          $zip->getList(false,'#(^|/)(__MACOSX|\.svn|\.DS_Store|\.directory|Thumbs\.db)(/|$)#');
+          $list = $zip->getList(false,'#(^|/)(__MACOSX|\.svn|\.DS_Store|\.directory|Thumbs\.db)(/|$)#');
 
           if ($create_dir)
@@ -968 +968 @@
           $zip->unzipAll($target);
           $zip->close();
+
+          // Clean-up all extracted filenames
+          $clean = function ($name) {
+               $n = text::deaccent($name);
+               $n = preg_replace('/^[.]/u','',$n);
+               return preg_replace('/[^A-Za-z0-9._\-\/]/u','_',$n);
+          };
+          foreach ($list as $zk => $zv) {
+               // Check if extracted file exists
+               $zf = $target.'/'.$zk;
+               if (!$zv['is_dir'] && file_exists($zf)) {
+                    $zt = $clean($zf);
+                    if ($zt != $zf) {
+                         rename($zf,$zt);
+                    }
+               }
+          }
+
           return dirname($f->relname).'/'.$destination;
      }