Skip to content

Commit

Permalink
Merge pull request from GHSA-4r3m-j6x5-48m3
Browse files Browse the repository at this point in the history 
fix security/advisories/GHSA-4r3m-j6x5-48m3
  • Loading branch information
baserproject authored Aug 19, 2020
2 parents 1a2fb07 + 233bd0b commit 94cbfab
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 36 deletions.
72 changes: 38 additions & 34 deletions app/webroot/theme/admin-third/Elements/admin/toolbar.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,52 +39,54 @@
<div id="ToolBar" class="bca-toolbar">
<div id="ToolbarInner" class="clearfix bca-toolbar__body">
<div class="bca-toolbar__logo">
<?php
# インストール画面
if ($this->name == 'Installations'): ?>
<?php // インストール画面 ?>
<?php if ($this->name == 'Installations'): ?>
<?php $this->BcBaser->link(
$this->BcBaser->getImg('admin/logo_icon.svg', ['alt' => '', 'width' => '24', 'height' => '21', 'class' => 'bca-toolbar__logo-symbol']) .
'<span class="bca-toolbar__logo-text">' . __d('baser', 'インストールマニュアル') . '</span>',
'https://basercms.net/manuals/introductions/4.html', ['target' => '_blank', 'class' => 'bca-toolbar__logo-link']) ?>
<?php
# バージョンアップ画面
elseif (Configure::read('BcRequest.isUpdater')): ?>
'https://basercms.net/manuals/introductions/4.html',
['target' => '_blank', 'class' => 'bca-toolbar__logo-link']
) ?>

<?php // バージョンアップ画面 ?>
<?php elseif (Configure::read('BcRequest.isUpdater')): ?>
<?php $this->BcBaser->link(
$this->BcBaser->getImg('admin/logo_icon.svg', ['alt' => '', 'width' => '24', 'height' => '21', 'class' => 'bca-toolbar__logo-symbol']) .
'<span class="bca-toolbar__logo-text">' . __d('baser', 'アップデートマニュアル') . '</span>',
'https://basercms.net/manuals/introductions/8.html', ['target' => '_blank', 'class' => 'bca-toolbar__logo-link']) ?>
<?php
# 通常
elseif (!empty($this->request->params['admin']) || ('/' . $this->request->url) == $loginUrl): ?>
'https://basercms.net/manuals/introductions/8.html',
['target' => '_blank', 'class' => 'bca-toolbar__logo-link']
) ?>

<?php // 通常管理画面 ?>
<?php elseif (!empty($this->request->params['admin']) || ('/' . $this->request->url) == $loginUrl): ?>
<?php
$this->BcBaser->link(
$this->BcBaser->getImg('admin/logo_icon.svg', ['alt' => '', 'width' => '24', 'height' => '21', 'class' => 'bca-toolbar__logo-symbol'])
.'<span class="bca-toolbar__logo-text">'
.$this->BcBaser->siteConfig['formal_name']
.'</span>', '/'
. '<span class="bca-toolbar__logo-text">'
. h($this->BcBaser->siteConfig['formal_name'])
. '</span>', '/'
,
['class' => 'bca-toolbar__logo-link']
)
?>
<?php
else: ?>
<?php
# 管理画面にアクセス可能な権限がある場合
if (in_array('admin', $currentUserAuthPrefixes)): ?>
<?php // 公開画面 ?>
<?php else: ?>
<?php // 管理画面にアクセス可能な権限がある場合 ?>
<?php if (in_array('admin', $currentUserAuthPrefixes)): ?>
<?php
$this->BcBaser->link(
$this->BcBaser->getImg('admin/logo_icon.svg', ['alt' => '', 'width' => '24', 'height' => '21', 'class' => 'bca-toolbar__logo-symbol'])
.'<span class="bca-toolbar__logo-text">'
.$this->BcBaser->siteConfig['formal_name']
.'</span>', ['plugin' => null, 'admin' => true, 'controller' => 'dashboard', 'action' => 'index']
. '<span class="bca-toolbar__logo-text">'
. h($this->BcBaser->siteConfig['formal_name'])
. '</span>', ['plugin' => null, 'admin' => true, 'controller' => 'dashboard', 'action' => 'index']
,
['class' => 'bca-toolbar__logo-link']
)
?>
<?php
# 管理画面にアクセス権限がない場合
else: ?>
<?php $this->BcBaser->link($authName, Configure::read('BcAuthPrefix.' . $currentPrefix . '.loginRedirect'), ['title' => $authName]) ?>
<?php // 管理画面にアクセス権限がない場合 ?>
<?php else: ?>
<?php $this->BcBaser->link(h($authName), Configure::read('BcAuthPrefix.' . $currentPrefix . '.loginRedirect'), ['title' => h($authName)]) ?>
<?php endif ?>
<?php endif ?>
</div>
Expand Down Expand Up @@ -112,14 +114,16 @@
<div id="UserMenu" class="bca-toolbar__users">
<ul class="clearfix">
<?php
# TODO: お気に入りを表示(サイドメニューとのイベント処理・同期・スタイルの調整を検討中)
# <li>
# <a href="javascript:void(0)" class="title"><?php echo __d('baser', 'お気に入り') ? ><img src="/theme/admin-third/img/admin/btn_dropdown.png" width="8" height="11" class="bc-btn"></a>
# <div id="FavoriteArea" hidden>
# <?php $this->BcBaser->element('favorite_menu') ? >
# <?php $this->BcBaser->element('permission') ? >
# </div>
#</li>
/**
* TODO: お気に入りを表示(サイドメニューとのイベント処理・同期・スタイルの調整を検討中)
* <li>
* <a href="javascript:void(0)" class="title"><?php echo __d('baser', 'お気に入り') ? ><img src="/theme/admin-third/img/admin/btn_dropdown.png" width="8" height="11" class="bc-btn"></a>
* <div id="FavoriteArea" hidden>
* <?php $this->BcBaser->element('favorite_menu') ? >
* <?php $this->BcBaser->element('permission') ? >
* </div>
* </li>
*/
?>
<li>
<?php if (!empty($user)): ?>
Expand Down
4 changes: 2 additions & 2 deletions lib/Baser/View/Elements/admin/toolbar.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,12 +47,12 @@
<?php elseif (Configure::read('BcRequest.isUpdater')): ?>
<li><?php $this->BcBaser->link(__d('baser', 'アップデートマニュアル'), 'http://wiki.basercms.net/%E3%83%90%E3%83%BC%E3%82%B8%E3%83%A7%E3%83%B3%E3%82%A2%E3%83%83%E3%83%97%E3%82%AC%E3%82%A4%E3%83%89', ['target' => '_blank', 'class' => 'tool-menu']) ?></li>
<?php elseif (!empty($this->request->params['admin']) || ('/' . $this->request->url) == $loginUrl): ?>
<li><?php $this->BcBaser->link($this->BcBaser->siteConfig['formal_name'], '/') ?></li>
<li><?php $this->BcBaser->link($this->BcBaser->siteConfig['formal_name'], '/', ['escape' => true]) ?></li>
<?php else: ?>
<?php if (in_array('admin', $currentUserAuthPrefixes)): ?>
<li><?php $this->BcBaser->link($this->BcBaser->getImg('admin/btn_logo.png', ['alt' => __d('baser', 'baserCMS管理システム'), 'class' => 'bc-btn']), ['plugin' => null, 'admin' => true, 'controller' => 'dashboard', 'action' => 'index'], ['title' => __d('baser', 'baserCMS管理システム')]) ?></li>
<?php else: ?>
<li><?php $this->BcBaser->link($authName, Configure::read('BcAuthPrefix.' . $currentPrefix . '.loginRedirect'), ['title' => $authName]) ?></li>
<li><?php $this->BcBaser->link($authName, Configure::read('BcAuthPrefix.' . $currentPrefix . '.loginRedirect'), ['title' => $authName, 'escape' => ture]) ?></li>
<?php endif ?>
<?php endif ?>
<?php if ($this->BcBaser->existsEditLink() && !isset($this->request->query['preview'])): ?>
Expand Down

0 comments on commit 94cbfab

Please # to comment.