From 936ccb93bf39c9e2ec4c7b30a5780601cfddc95b Mon Sep 17 00:00:00 2001 From: objecttothis Date: Mon, 30 Jan 2023 16:31:58 +0400 Subject: [PATCH] Bug Fixes - Properly reference Cookie and Security settings values. - Instantiate IncomingRequest Instance in view. - Added return value of Login::index(). - Added missing return statement to Secure_Controller::is_logged_in() --- app/Controllers/Login.php | 9 +++++---- app/Controllers/Secure_Controller.php | 10 +++++----- app/Views/partial/header.php | 10 +++++++--- app/Views/partial/header_js.php | 8 ++++---- 4 files changed, 21 insertions(+), 16 deletions(-) diff --git a/app/Controllers/Login.php b/app/Controllers/Login.php index ae8f9910d..e91f69634 100644 --- a/app/Controllers/Login.php +++ b/app/Controllers/Login.php @@ -4,6 +4,7 @@ namespace App\Controllers; use App\Libraries\MY_Migration; use App\Models\Employee; +use CodeIgniter\HTTP\RedirectResponse; use Config\Migrations; use Config\Services; @@ -14,7 +15,7 @@ class Login extends BaseController { protected $helpers = ['form']; - public function index() + public function index(): RedirectResponse { $this->employee = model('Employee'); @@ -39,10 +40,10 @@ class Login extends BaseController // } } -// return redirect()->to('home'); + return redirect()->to('home'); } -/* public function login_check(string $username): bool + public function login_check(string $username): bool { if(!$this->installation_check()) { @@ -127,5 +128,5 @@ class Login extends BaseController } return $result; - }*/ + } } \ No newline at end of file diff --git a/app/Controllers/Secure_Controller.php b/app/Controllers/Secure_Controller.php index add36ba6f..4e6399010 100644 --- a/app/Controllers/Secure_Controller.php +++ b/app/Controllers/Secure_Controller.php @@ -26,15 +26,15 @@ class Secure_Controller extends BaseController if(!$this->employee->is_logged_in()) { - redirect()->to('login'); + return redirect()->to('login'); } $logged_in_employee_info = $this->employee->get_logged_in_employee_info(); -// if(!$this->employee->has_module_grant($module_id, $logged_in_employee_info->person_id) -// || (isset($submodule_id) && !$this->employee->has_module_grant($submodule_id, $logged_in_employee_info->person_id))) -// { + if(!$this->employee->has_module_grant($module_id, $logged_in_employee_info->person_id) + || (isset($submodule_id) && !$this->employee->has_module_grant($submodule_id, $logged_in_employee_info->person_id))) + { redirect("no_access/$module_id/$submodule_id"); -// } + } // load up global data visible to all the loaded views $this->session = session(); diff --git a/app/Views/partial/header.php b/app/Views/partial/header.php index fcbfd313e..9b18f6b0e 100644 --- a/app/Views/partial/header.php +++ b/app/Views/partial/header.php @@ -2,10 +2,14 @@ /** * @var object $user_info * @var array $allowed_modules + * @var CodeIgniter\HTTP\IncomingRequest $request */ + +$request = \Config\Services::request(); +helper('cookie'); ?> - + @@ -13,7 +17,7 @@ - request->cookie('debug') == 'true' || $this->request->getGet('debug') == 'true') : ?> + getGet('debug') == 'true') : ?> @@ -115,7 +119,7 @@ diff --git a/app/Views/partial/header_js.php b/app/Views/partial/header_js.php index 67d8d7737..248109ed8 100644 --- a/app/Views/partial/header_js.php +++ b/app/Views/partial/header_js.php @@ -16,18 +16,18 @@ from: "settings['notify_vertical_position'], 'js') ?>" }}); - var cookie_name = "settings['cookie_prefix'], 'js') . esc(config('OSPOS')->settings['csrf_cookie_name'], 'js') ?>"; + var cookie_name = "prefix, 'js') . esc(config('Security')->cookieName, 'js') ?>"; var csrf_token = function() { return Cookies.get(cookie_name); }; var csrf_form_base = function() { - return { security->get_csrf_token_name(), 'js') ?> : function () { return csrf_token() } } + return { tokenName, 'js') ?> : function () { return csrf_token() } } }; var setup_csrf_token = function() { - $('input[name="security->get_csrf_token_name(), 'js') ?>"]').val(csrf_token()); + $('input[name="tokenName, 'js') ?>"]').val(csrf_token()); }; var ajax = $.ajax; @@ -55,7 +55,7 @@ $.ajax({ url: "", data: { - "security->get_csrf_token_name(); ?>": csrf_token() + "tokenName, 'js'); ?>": csrf_token() }, success: function() { window.location.href = '';