tmdinosaurcenter
/
tainacan
mirror of https://github.com/tainacan/tainacan
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'hotfix/security-adjustment'

This commit is contained in:
vnmedeiros 2024-03-12 15:27:13 -03:00
parent b61b4e5836 710f94ccc0
commit 70bcae9e22
13 changed files with 72 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/classes/api/endpoints/class-tainacan-rest-background-processes-controller.php
View File

@ -242,8 +242,9 @@ class REST_Background_Processes_Controller extends REST_Controller {
} }
public function prepare_item_for_response($item, $request) { public function prepare_item_for_response($item, $request) {
$item->log = $this->get_log_url($item->ID, $item->action); $key_log = $item->bg_uuid ?? $item->ID;
$item->error_log = $this->get_log_url($item->ID, $item->action, 'error'); $item->log = $this->get_log_url($key_log, $item->action);
$item->error_log = $this->get_log_url($key_log, $item->action, 'error');
$nonce = wp_create_nonce( 'wp_rest' ); $nonce = wp_create_nonce( 'wp_rest' );
$item->output = str_replace("&_wpnonce=[nonce]", "&_wpnonce=$nonce", $item->output); $item->output = str_replace("&_wpnonce=[nonce]", "&_wpnonce=$nonce", $item->output);
return $item; return $item;

2
src/classes/api/endpoints/class-tainacan-rest-exporters-controller.php
View File

@ -111,7 +111,7 @@ class REST_Exporters_Controller extends REST_Controller {
* @throws \Exception * @throws \Exception
*/ */
public function export_permissions_check($request) { public function export_permissions_check($request) {
return true; return current_user_can('manage_tainacan');
} }
public function get_registered_exporters() { public function get_registered_exporters() {

2
src/classes/api/endpoints/class-tainacan-rest-importers-controller.php
View File

@ -137,7 +137,7 @@ class REST_Importers_Controller extends REST_Controller {
*/ */
public function import_permissions_check($request){ public function import_permissions_check($request){
// TODO // TODO
return true; return current_user_can('manage_tainacan');
} }
/** /**

39
src/classes/class-tainacan-background-process.php
View File

@ -114,7 +114,8 @@ abstract class Background_Process extends \Tainacan_WP_Background_Process {
'action' => $this->action, 'action' => $this->action,
'name' => $this->get_name(), 'name' => $this->get_name(),
'queued_on' => date('Y-m-d H:i:s'), 'queued_on' => date('Y-m-d H:i:s'),
'status' => 'waiting' 'status' => 'waiting',
'bg_uuid' => uniqid(),
] ]
); );
$this->ID = $wpdb->insert_id; $this->ID = $wpdb->insert_id;
@ -263,6 +264,7 @@ abstract class Background_Process extends \Tainacan_WP_Background_Process {
$batch->key = $query->ID; $batch->key = $query->ID;
$batch->data = maybe_unserialize( $query->data ); $batch->data = maybe_unserialize( $query->data );
$batch->status = $query->status; $batch->status = $query->status;
$batch->bg_uuid = $query->bg_uuid;
if ($batch->status != 'running') { if ($batch->status != 'running') {
$this->open($batch->key); $this->open($batch->key);
@ -271,6 +273,33 @@ abstract class Background_Process extends \Tainacan_WP_Background_Process {
return $batch; return $batch;
} }
/**
* Get batch by key ID
*
* @return stdClass Return the batch
*/
protected function get_batch_by_key($key) {
global $wpdb;
$table = $this->table;
$query = $wpdb->get_row( $wpdb->prepare( "
SELECT *
FROM {$table}
WHERE action = %s
AND ID = %s
LIMIT 1
", $this->action, $key ) );
$batch = new \stdClass();
$batch->key = $query->ID;
$batch->data = maybe_unserialize( $query->data );
$batch->status = $query->status;
$batch->bg_uuid = $query->bg_uuid;
return $batch;
}
/** /**
* Handle * Handle
* *
@ -428,10 +457,14 @@ abstract class Background_Process extends \Tainacan_WP_Background_Process {
} }
protected function write_log($key, $log) { protected function write_log($key, $log) {
$this->write_log_to_file($key, $log); $batch = $this->get_batch_by_key($key);
$key_log = $batch->bg_uuid ?? $key;
$this->write_log_to_file($key_log, $log);
} }
protected function write_error_log($key, $log) { protected function write_error_log($key, $log) {
$this->write_log_to_file($key, $log, 'error'); $batch = $this->get_batch_by_key($key);
$key_log = $batch->bg_uuid ?? $key;
$this->write_log_to_file($key_log, $log, 'error');
} }
private function recursive_stingify_log_array(array $log, $break = true) { private function recursive_stingify_log_array(array $log, $break = true) {

1
src/classes/exporter/class-tainacan-exporter.php
View File

@ -689,7 +689,6 @@ abstract class Exporter {
$upload_dir_info = wp_upload_dir(); $upload_dir_info = wp_upload_dir();
$prefix = $this->get_id(); $prefix = $this->get_id();
$upload_dir = trailingslashit( $upload_dir_info['basedir'] ); $upload_dir = trailingslashit( $upload_dir_info['basedir'] );
// $upload_url = trailingslashit( $upload_dir_info['baseurl'] );
$exporter_folder = 'tainacan/exporter'; $exporter_folder = 'tainacan/exporter';
$file_suffix = "{$exporter_folder}/{$prefix}_{$key}"; $file_suffix = "{$exporter_folder}/{$prefix}_{$key}";

14
src/migrations.php
View File

@ -509,6 +509,20 @@ class Migrations {
); );
} }
static function alter_table_tnc_bg_process_add_uuid() {
global $wpdb;
// update default order by "creation_date" to "date"
$table_name = $wpdb->prefix . 'tnc_bg_process';
$column_exists = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '$table_name' AND column_name = 'bg_uuid'" );
if(empty($column_exists)) {
$wpdb->query("
ALTER TABLE $table_name
ADD bg_uuid text NULL
");
}
}
} }

10
src/readme.txt
View File

@ -1,21 +1,21 @@
=== Tainacan === === Tainacan ===
Contributors: andrebenedito, daltonmartins, fabianobn, jacsonp, leogermani, weryques, wetah, eduardohumberto, ravipassos, jessicafpx, marinagiolo, omarceloavila, vnmedeiros, tainacan, r-guimaraes, suelanesilva, ccaio, alanargomes, ateneagarcia123, rodrigo0freire, clarandreozzi Contributors: andrebenedito, daltonmartins, fabianobn, jacsonp, leogermani, weryques, wetah, eduardohumberto, ravipassos, jessicafpx, marinagiolo, omarceloavila, vnmedeiros, tainacan, suelanesilva, ccaio, alanargomes, ateneagarcia123, rodrigo0freire, clarandreozzi
Tags: museums, libraries, archives, GLAM, collections, repository Tags: museums, archives, GLAM, collections, repository
Requires at least: 5.9 Requires at least: 5.9
Tested up to: 6.4 Tested up to: 6.4
Requires PHP: 7.0 Requires PHP: 7.0
Stable tag: 0.20.7 Stable tag: 0.20.8
License: GPLv2 or later License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-3.0.html License URI: http://www.gnu.org/licenses/gpl-3.0.html
Tainacan is an open-source, powerful and flexible digital repository platform for WordPress. With all the tools of a professional repository platform, you can manage and publish your digital collections as easily as posting to your blog. It is versatile and can be used to create a digital collection, a digital library or a digital repository for your institutional or personal collection. Tainacan is an open-source, powerful and flexible digital repository platform for WordPress.
== Description == == Description ==
[Tainacan](https://tainacan.org/) is an [open-source](https://github.com/tainacan/tainacan), powerful and flexible digital repository platform for WordPress. Manage and publish your digital collections just as easily as you post to your blog, having all the tools of a professional repository platform. It can be used for the creation of a digital collection, a digital library or a digital repository for your institutional or personal collection. [Tainacan](https://tainacan.org/) is an [open-source](https://github.com/tainacan/tainacan), powerful and flexible digital repository platform for WordPress. Manage and publish your digital collections just as easily as you post to your blog, having all the tools of a professional repository platform. It can be used for the creation of a digital collection, a digital library or a digital repository for your institutional or personal collection.
Tainacan aims to facilitate the activities of organizing, documenting, disseminating and displaying digital objects based on simple and accessible principles of digital curation. The plugin integrates with the WordPress block engine, making it easy to reuse objects for different and varied uses. Tainacan aims to facilitate the activities of organizing, documenting, disseminating and displaying digital objects based on simple and accessible principles of digital curation. The plugin integrates with the WordPress block engine, making it easy to reuse objects for different and varied uses. You can manage and publish your digital collections as easily as posting to your blog. It is versatile and can be used to create a digital collection, a digital library or a digital repository for your institutional or personal collection.

6
src/tainacan.php
View File

@ -5,17 +5,17 @@ Plugin URI: https://tainacan.org/
Description: Open source, powerful and flexible repository platform for WordPress. Manage and publish you digital collections as easily as publishing a post to your blog, while having all the tools of a professional repository platform. Description: Open source, powerful and flexible repository platform for WordPress. Manage and publish you digital collections as easily as publishing a post to your blog, while having all the tools of a professional repository platform.
Author: Tainacan.org Author: Tainacan.org
Author URI: https://tainacan.org/ Author URI: https://tainacan.org/
Version: 0.20.7 Version: 0.20.8
Requires at least: 5.9 Requires at least: 5.9
Tested up to: 6.4 Tested up to: 6.4
Requires PHP: 7.0 Requires PHP: 7.0
Stable tag: 0.20.7 Stable tag: 0.20.8
Text Domain: tainacan Text Domain: tainacan
License: GPLv2 or later License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-3.0.html License URI: http://www.gnu.org/licenses/gpl-3.0.html
*/ */
const TAINACAN_VERSION = '0.20.7'; const TAINACAN_VERSION = '0.20.8';
defined( 'ABSPATH' ) or die( 'No script kiddies please!' ); defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
$TAINACAN_BASE_URL = plugins_url('', __FILE__); $TAINACAN_BASE_URL = plugins_url('', __FILE__);

4
src/views/admin/components/navigation/primary-menu.vue
View File

@ -103,7 +103,7 @@
<span class="menu-text">{{ $i18n.get('capabilities') }}</span> <span class="menu-text">{{ $i18n.get('capabilities') }}</span>
</router-link> </router-link>
</li> </li>
<li v-if="!$adminOptions.hidePrimaryMenuImportersButton"> <li v-if="!$adminOptions.hidePrimaryMenuImportersButton && $userCaps.hasCapability('manage_tainacan')">
<router-link <router-link
tag="a" tag="a"
to="/importers" to="/importers"
@ -118,7 +118,7 @@
<span class="menu-text menu-text-import">{{ $i18n.get('importers') }}</span> <span class="menu-text menu-text-import">{{ $i18n.get('importers') }}</span>
</router-link> </router-link>
</li> </li>
<li v-if="!$adminOptions.hidePrimaryMenuExportersButton"> <li v-if="!$adminOptions.hidePrimaryMenuExportersButton && $userCaps.hasCapability('manage_tainacan')">
<router-link <router-link
tag="a" tag="a"
to="/exporters" to="/exporters"

3
src/views/admin/components/navigation/tainacan-repository-subheader.vue
View File

@ -51,12 +51,11 @@
</h1> </h1>
<ul class="repository-subheader-icons"> <ul class="repository-subheader-icons">
<li> <li v-if="!isRepositoryLevel && !$adminOptions.hideRepositorySubheaderExportButton && $userCaps.hasCapability('manage_tainacan')">
<a <a
@click="openAvailableExportersModal" @click="openAvailableExportersModal"
class="button" class="button"
id="exporter-collection-button" id="exporter-collection-button"
v-if="!isRepositoryLevel && !$adminOptions.hideRepositorySubheaderExportButton"
:aria-label="$i18n.get('exporters')"> :aria-label="$i18n.get('exporters')">
<span class="icon"> <span class="icon">
<i class="tainacan-icon tainacan-icon-1-25em tainacan-icon-export"/> <i class="tainacan-icon tainacan-icon-1-25em tainacan-icon-export"/>

4
src/views/admin/pages/home-page.vue
View File

@ -88,7 +88,7 @@
<span class="menu-text">{{ $i18n.get('title_repository_activities_page') }}</span> <span class="menu-text">{{ $i18n.get('title_repository_activities_page') }}</span>
</router-link> </router-link>
</li> </li>
<li v-if="!$adminOptions.hideHomeImportersButton"> <li v-if="!$adminOptions.hideHomeImportersButton && $userCaps.hasCapability('manage_tainacan')">
<router-link <router-link
tag="a" tag="a"
to="/importers"> to="/importers">
@ -98,7 +98,7 @@
<span class="menu-text menu-text-import">{{ $i18n.get('importers') }}</span> <span class="menu-text menu-text-import">{{ $i18n.get('importers') }}</span>
</router-link> </router-link>
</li> </li>
<li v-if="!$adminOptions.hideHomeExportersButton"> <li v-if="!$adminOptions.hideHomeExportersButton && $userCaps.hasCapability('manage_tainacan')">
<router-link <router-link
tag="a" tag="a"
to="/exporters"> to="/exporters">

4
src/views/admin/pages/lists/collections-page.vue
View File

@ -41,7 +41,9 @@
<small class="is-small">{{ $i18n.get('info_preset_collections') }}</small> <small class="is-small">{{ $i18n.get('info_preset_collections') }}</small>
</div> </div>
</b-dropdown-item> </b-dropdown-item>
<b-dropdown-item aria-role="listitem"> <b-dropdown-item
v-if="$userCaps.hasCapability('manage_tainacan')"
aria-role="listitem">
<div <div
id="a-import-collection" id="a-import-collection"
tag="div" tag="div"

2
src/views/admin/pages/lists/items-page.vue
View File

@ -188,7 +188,7 @@
</router-link> </router-link>
</b-dropdown-item> </b-dropdown-item>
<b-dropdown-item <b-dropdown-item
v-if="!$adminOptions.hideItemsListCreationDropdownImport" v-if="!$adminOptions.hideItemsListCreationDropdownImport && $userCaps.hasCapability('manage_tainacan')"
aria-role="listitem"> aria-role="listitem">
<div <div
id="a-import-items" id="a-import-items"