Release v1.5.0 (#216)

* Use "cms.enableCsrfProtection" in onFormSubmit (#205) * fir for broken js file inclusion (#215) * apply fix suggested by Samuel Georges (@daftspunk) * Revert "apply fix suggested by Samuel Georges (@daftspunk)" This reverts commit 6dd82f8. * fix by renaming the js partials as htm files * code linting & cleanup * getIP method refactor * php linting * version bump Co-authored-by: rechik <[email protected]> Co-authored-by: Marc Jauvin <[email protected]>
skydiver · Sep 13, 2020 · b1a021d · b1a021d · daftspunk · Sep 13, 2020
1 parent af352e3
commit b1a021d
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 29 deletions.
diff --git a/classes/MagicForm.php b/classes/MagicForm.php
@@ -2,18 +2,23 @@
 
 namespace Martin\Forms\Classes;
 
-use AjaxException, Lang, Redirect, Request, Session, Validator;
+use Lang;
+use Config;
+use Request;
+use Session;
+use Redirect;
+use Validator;
+use AjaxException;
 use Cms\Classes\ComponentBase;
-use Illuminate\Support\Facades\Event;
-use October\Rain\Exception\ApplicationException;
-use October\Rain\Exception\ValidationException;
-use October\Rain\Support\Facades\Flash;
-use Martin\Forms\Classes\BackendHelpers;
-use Martin\Forms\Classes\SendMail;
 use Martin\Forms\Models\Record;
 use Martin\Forms\Models\Settings;
+use Martin\Forms\Classes\SendMail;
+use Illuminate\Support\Facades\Event;
+use Martin\Forms\Classes\BackendHelpers;
+use October\Rain\Exception\ValidationException;
 
-abstract class MagicForm extends ComponentBase {
+abstract class MagicForm extends ComponentBase
+{
 
     use \Martin\Forms\Classes\ReCaptcha;
     use \Martin\Forms\Classes\SharedProperties;
@@ -50,7 +55,7 @@ public function onFormSubmit() {
         $flash_partial = $this->property('messages_partial', '@flash.htm');
 
         // CSRF CHECK
-        if (Session::token() != post('_token')) {
+        if (Config::get('cms.enableCsrfProtection') && (Session::token() != post('_token'))) {
             throw new AjaxException(['#' . $this->alias . '_forms_flash' => $this->renderPartial($flash_partial, [
                 'status'  => 'error',
                 'type'    => 'danger',
@@ -183,7 +188,7 @@ public function onFormSubmit() {
         }
 
         $record = new Record;
-        $record->ip        = $this->_getIP();
+        $record->ip        = $this->getIP();
         $record->created_at = date('Y-m-d H:i:s');
 
         // SAVE RECORD TO DATABASE
@@ -226,7 +231,7 @@ public function onFormSubmit() {
             'status'  => 'success',
             'type'    => 'success',
             'content' => $message,
-            'jscript' => $this->_prepareJavaScript(),
+            'jscript' => $this->prepareJavaScript(),
         ])];
 
     }
@@ -248,8 +253,8 @@ private function _exceptionResponse($validator, $params) {
 
     }
 
-    private function _prepareJavaScript() {
-
+    private function prepareJavaScript()
+    {
         $code = false;
 
         /* SUCCESS JS */
@@ -259,30 +264,37 @@ private function _prepareJavaScript() {
 
         /* RECAPTCHA JS */
         if ($this->isReCaptchaEnabled()) {
-            $code .= $content = $this->renderPartial('@js/recaptcha.js');
+            $code .= $this->renderPartial('@js/recaptcha.htm');
         }
 
         /* RESET FORM JS */
         if ($this->property('reset_form')) {
-            $code .= $content = $this->renderPartial('@js/reset-form.js', ['id' => '#' . $this->alias . '_forms_flash']);
-            if ($this->property('uploader_enable')) {
-                $code .= $content = $this->renderPartial('@js/reset-uploader.js', ['id' => $this->alias]);
-            }
+            $params = ['id' => '#' . $this->alias . '_forms_flash'];
+            $code .= $this->renderPartial('@js/reset-form.htm', $params);
         }
 
-        return $code;
+        /* RESET UPLOAD FORM */
+        if ($this->property('reset_form') && $this->property('uploader_enable')) {
+            $params = ['id' => $this->alias];
+            $code .= $this->renderPartial('@js/reset-uploader.htm', $params);
+        }
 
+        return $code;
     }
 
-    private function _getIP() {
+    private function getIP()
+    {
         if ($this->property('anonymize_ip') == 'full') {
-            $address = '(Not stored)';
-        } else if ($this->property('anonymize_ip') == 'partial') {
-            $address = BackendHelpers::anonymizeIPv4(Request::getClientIp());
-        } else {
-            $address = Request::getClientIp();
+            return '(Not stored)';
         }
-        return $address;
+
+        $ip = Request::getClientIp();
+
+        if ($this->property('anonymize_ip') == 'partial') {
+            return BackendHelpers::anonymizeIPv4($ip);
+        }
+
+        return $ip;
     }
 
     private function array_map_recursive($callback, $array)
@@ -293,7 +305,4 @@ private function array_map_recursive($callback, $array)
 
         return array_map($func, $array);
     }
-
 }
-
-?>
diff --git a/components/partials/js/recaptcha.js → components/partials/js/recaptcha.htm b/components/partials/js/recaptcha.js → components/partials/js/recaptcha.htm
diff --git a/components/partials/js/reset-form.js → components/partials/js/reset-form.htm b/components/partials/js/reset-form.js → components/partials/js/reset-form.htm
diff --git a/components/partials/js/reset-uploader.js → components/partials/js/reset-uploader.htm b/components/partials/js/reset-uploader.js → components/partials/js/reset-uploader.htm
diff --git a/updates/version.yaml b/updates/version.yaml
@@ -118,3 +118,7 @@
 1.4.20:
     - added invisible reCAPTCHA [thanks to mjauvin]
     - new option to set custom date format on emails subject
+1.5.0:
+    - fixes related to October Build 469 [thanks to mjauvin]
+    - fix when CSRF check is disabled [thanks to rechik]
+    - php linting and cleanup