Merge branch 'master' into enh/308-file-access

humhub · Sep 24, 2024 · 18f2d1e · 18f2d1e
2 parents 93c3054 + 641fc49
commit 18f2d1e
Show file tree

Hide file tree

Showing 252 changed files with 4,926 additions and 4,939 deletions.
diff --git a/Events.php b/Events.php
@@ -2,18 +2,21 @@
 
 namespace humhub\modules\custom_pages;
 
-use humhub\modules\admin\widgets\AdminMenu;
 use humhub\modules\admin\permissions\ManageModules;
+use humhub\modules\admin\widgets\AdminMenu;
+use humhub\modules\content\helpers\ContentContainerHelper;
 use humhub\modules\custom_pages\helpers\Url;
-use humhub\modules\custom_pages\models\Page;
 use humhub\modules\custom_pages\models\ContainerPage;
 use humhub\modules\custom_pages\models\ContainerSnippet;
-use humhub\modules\custom_pages\widgets\SnippetWidget;
+use humhub\modules\custom_pages\models\LinkType;
+use humhub\modules\custom_pages\models\Page;
 use humhub\modules\custom_pages\models\Snippet;
 use humhub\modules\custom_pages\modules\template\models\PagePermission;
 use humhub\modules\custom_pages\permissions\ManagePages;
+use humhub\modules\custom_pages\widgets\SnippetWidget;
 use humhub\modules\ui\menu\MenuLink;
 use humhub\modules\user\widgets\PeopleHeadingButtons;
+use humhub\widgets\TopMenu;
 use Throwable;
 use Yii;
 use yii\helpers\Html;
@@ -61,8 +64,9 @@ public static function onAdminMenuInit($event)
                 'group' => 'manage',
                 'icon' => '<i class="fa fa-file-text-o"></i>',
                 'isActive' => (Yii::$app->controller->module
-                    && Yii::$app->controller->module->id === 'custom_pages'
-                    && (Yii::$app->controller->id === 'page' || Yii::$app->controller->id === 'config')),
+                    && (Yii::$app->controller->module->id === 'custom_pages'
+                        && (Yii::$app->controller->id === 'page' || Yii::$app->controller->id === 'config'))
+                    ||  Yii::$app->controller->module->id == 'template'),
                 'sortOrder' => 300,
                 'isVisible' => true,
             ]);
@@ -138,6 +142,9 @@ public static function onSpaceAdminMenuInit($event)
 
     public static function onTopMenuInit($event)
     {
+        /** @var TopMenu $menu */
+        $menu = $event->sender;
+
         try {
             Yii::$app->moduleManager->getModule('custom_pages')->checkOldGlobalContent();
 
@@ -146,22 +153,53 @@ public static function onTopMenuInit($event)
                     continue;
                 }
 
-                $event->sender->addItem([
+                $menu->addEntry(new MenuLink([
+                    'id' => 'custom-page-' . $page->id,
                     'label' => Html::encode(Yii::t('CustomPagesModule.base', $page->title)),
-                    'url' => Url::to(['/custom_pages/view', 'id' => $page->id]),
+                    'url' => ['/custom_pages/view', 'id' => $page->id],
                     'htmlOptions' => ['target' => ($page->in_new_window) ? '_blank' : ''],
-                    'icon' => '<i class="fa ' . Html::encode($page->icon) . '"></i>',
-                    'isActive' => (Yii::$app->controller->module
-                        && Yii::$app->controller->module->id === 'custom_pages'
-                        && Yii::$app->controller->id === 'view' && !Yii::$app->controller->contentContainer && Yii::$app->request->get('id') == $page->id),
-                    'sortOrder' => ($page->sort_order != '') ? $page->sort_order : 1000,
-                ]);
+                    'icon' => $page->icon,
+                    'isActive' => (
+                        (
+                            MenuLink::isActiveState('custom_pages', 'view')
+                            && !Yii::$app->controller->contentContainer
+                            && (int)Yii::$app->request->get('id') === $page->id
+                        )
+                        || static::isCurrentTargetUrl($page)
+                    ),
+                    'sortOrder' => $page->sort_order ?: 1000,
+                ]));
             }
         } catch (Throwable $e) {
             Yii::error($e);
         }
     }
 
+    private static function isCurrentTargetUrl(Page $page): bool
+    {
+        if ($page->type === LinkType::ID && $page->page_content) {
+            $targetUrl = strpos($page->page_content, 'http') === 0 ?
+                $page->page_content :
+                'https://domain.tld/' . trim($page->page_content, '/');
+            $targetUrlPath = parse_url($targetUrl, PHP_URL_PATH) ?: '';
+            $targetUrlQuery = parse_url($targetUrl, PHP_URL_QUERY) ?: '';
+            $container = ContentContainerHelper::getCurrent();
+            $currentContainerPath = $container ?
+                rtrim($container->getUrl(), '/') :
+                null;
+            if (
+                $targetUrlPath
+                && (
+                    $currentContainerPath === $targetUrlPath
+                    || Url::to() === $targetUrlPath . ($targetUrlQuery ? '?' . $targetUrlQuery : '')
+                )
+            ) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     public static function onAccountMenuInit($event)
     {
         try {

diff --git a/Module.php b/Module.php
@@ -20,14 +20,35 @@ class Module extends ContentContainerModule
 
     public $resourcesPath = 'resources';
 
+
+    /**
+     * @see https://twig.symfony.com/doc/3.x/api.html#sandbox-extension
+     * @var bool
+     */
+    public $enableTwiqSandboxExtension = true;
+
+    /**
+     * @see https://twig.symfony.com/doc/3.x/api.html#sandbox-extension
+     * @var array
+     */
+    public $enableTwiqSandboxExtensionConfig = [
+        'allowedTags' => ['autoescape', 'apply', 'block', 'if', 'with', 'for', 'set'],
+        'allowedFilters' => ['capitalize', 'date', 'first', 'upper', 'escape', 'nl2br', 'url_encode', 'round'],
+        'allowedFunctions' => ['range', 'max', 'min', 'random'],
+        'allowedMethods' => [
+            'humhub\modules\custom_pages\modules\template\models\OwnerContentVariable' => '__toString',
+        ],
+        'allowedProperties' => ['sidebar_container', 'content', 'sidebar_container'],
+    ];
+
     public function checkOldGlobalContent()
     {
 
-        if(!Yii::$app->user->isAdmin()) {
+        if (!Yii::$app->user->isAdmin()) {
             return;
         }
 
-        if(!$this->settings->get(static::SETTING_MIGRATION_KEY, 0)) {
+        if (!$this->settings->get(static::SETTING_MIGRATION_KEY, 0)) {
             foreach (Page::find()->all() as $page) {
                 $page->content->visibility = $page->admin_only ? Content::VISIBILITY_PRIVATE : Content::VISIBILITY_PUBLIC;
                 $page->content->save();

diff --git a/assets/Assets.php b/assets/Assets.php
@@ -1,4 +1,9 @@
 <?php
+/**
+ * @link https://www.humhub.org/
+ * @copyright Copyright (c) HumHub GmbH & Co. KG
+ * @license https://www.humhub.com/licences
+ */
 
 namespace humhub\modules\custom_pages\assets;
 
@@ -29,13 +34,10 @@ class Assets extends AssetBundle
             'custom-pages.css',
             'loader.gif',
             'module_image.png',
-        ]
+        ],
     ];
 
     public $css = [
-        'custom-pages.css'
+        'css/custom-pages.css',
     ];
-
-    public $js = [];
-
 }
diff --git a/assets/InlineStyleAssets.php b/assets/InlineStyleAssets.php
@@ -0,0 +1,25 @@
+<?php
+/**
+ * @link https://www.humhub.org/
+ * @copyright Copyright (c) HumHub GmbH & Co. KG
+ * @license https://www.humhub.com/licences
+ */
+
+namespace humhub\modules\custom_pages\assets;
+
+use humhub\components\assets\AssetBundle;
+
+class InlineStyleAssets extends AssetBundle
+{
+    /**
+     * @inheritdoc
+     */
+    public $sourcePath = '@custom_pages/resources';
+
+    /**
+     * @inheritdoc
+     */
+    public $css = [
+        'css/inline.css',
+    ];
+}
diff --git a/controllers/AbstractCustomContainerController.php b/controllers/AbstractCustomContainerController.php
@@ -10,6 +10,7 @@
 use humhub\components\access\StrictAccess;
 use humhub\modules\admin\permissions\ManageModules;
 use humhub\modules\content\components\ContentContainerController;
+use humhub\modules\custom_pages\helpers\Html;
 use humhub\modules\custom_pages\models\ContainerPage;
 use humhub\modules\custom_pages\models\ContainerSnippet;
 use humhub\modules\custom_pages\models\CustomContentContainer;
@@ -116,8 +117,6 @@ public function renderTemplate($page, $editMode = null)
         $canEdit = PagePermission::canEdit();
         $editMode = ($editMode || Yii::$app->request->get('editMode')) && $canEdit;
 
-        $html = '';
-
         if(!$canEdit && TemplateCache::exists($templateInstance)) {
             $html = TemplateCache::get($templateInstance);
         } else {
@@ -126,7 +125,8 @@ public function renderTemplate($page, $editMode = null)
                 TemplateCache::set($templateInstance, $html);
             }
         }
-        return $html;
+
+        return Html::applyScriptNonce($html);
     }
 
     /**
@@ -148,4 +148,4 @@ public function isCanEdit() {
         return $this->_canEdit;
     }
 
-}
+}