Merge pull request #4 from GreenMeteor/develop

Enh: Security & General Update

Author: ArchBlood

Events.php

@@ -34,12 +34,15 @@ public static function onAdminMenuInit($event)
 
     public static function addCodeboxFrame($event)
     {
+        $module = Yii::$app->getModule('codebox');
+        $settings = $module->settings;
+
         if (Yii::$app->user->isGuest) {
             return;
         } else {
             Yii::$app->user;
         }
 
-        $event->sender->addWidget(widgets\CodeboxFrame::class, [], ['sortOrder' => Yii::$app->getModule('codebox')->settings->get('sortOrder')]);
+        $event->sender->addWidget(widgets\CodeboxFrame::class, [], ['sortOrder' => $settings->get('sortOrder')]);
     }
 }

docs/CHANGELOG.md

@@ -1,4 +1,10 @@
 # Changelogs
+
+### Release v1.1.0 (*2/27/2024*)
+- Enh: Use of CodeMirrorInputWidget implemented
+- Enh: Encode Title
+- Enh: Use of Security class
+
 ### Release v1.0.2 (*12/19/2020*)
 - Enh: Implement AdminMenu permission restriction
 - Enh: minVersion update

models/ConfigureForm.php

@@ -27,7 +27,7 @@ public function rules()
         return [
             ['title', 'string'],
             ['htmlCode', 'string'],
-            ['sortOrder', 'string'],
+            ['sortOrder', 'integer'],
         ];
     }
 
@@ -37,6 +37,7 @@ public function rules()
     public function attributeLabels()
     {
         return [
+            'title' => Yii::t('CodeboxModule.base', 'Title:'),
             'htmlCode' => Yii::t('CodeboxModule.base', 'Codebox HTML code snippet:'),
         ];
     }
@@ -47,24 +48,30 @@ public function attributeLabels()
     public function attributeHints()
     {
         return [
-            'htmlCode' => Yii::t('CodeboxModule.base', 'e.g. <code><php? ?></code>'),
+            'htmlCode' => Yii::t('CodeboxModule.base', 'e.g. <code>Code Here</code>, also for inline scripts use {code}.', ['code' => '<code>&lt;script nonce={{nonce}}&gt;</code>']),
         ];
     }
 
     public function loadSettings()
     {
-        $this->title = Yii::$app->getModule('codebox')->settings->get('title');
-        $this->htmlCode = Yii::$app->getModule('codebox')->settings->get('htmlCode');
-        $this->sortOrder = Yii::$app->getModule('codebox')->settings->get('sortOrder');
+        $module = Yii::$app->getModule('codebox');
+        $settings = $module->settings;
+
+        $this->title = $settings->get('title');
+        $this->htmlCode = $settings->get('htmlCode');
+        $this->sortOrder = $settings->get('sortOrder');
 
         return true;
     }
 
     public function save()
     {
-        Yii::$app->getModule('codebox')->settings->set('title', $this->title);
-        Yii::$app->getModule('codebox')->settings->set('htmlCode', $this->htmlCode);
-        Yii::$app->getModule('codebox')->settings->set('sortOrder', $this->sortOrder);
+        $module = Yii::$app->getModule('codebox');
+        $settings = $module->settings;
+
+        $settings->set('title', $this->title);
+        $settings->set('htmlCode', $this->htmlCode);
+        $settings->set('sortOrder', $this->sortOrder);
 
         return true;
     }

module.json

@@ -1,11 +1,21 @@
 {
     "id": "codebox",
+    "version": "1.1.0",
     "name": "Codebox",
     "description": "Allows the use of HTML snippets on your sidebar.",
-    "keywords": ["codebox"],
-    "version": "1.0.2",
     "humhub": {
-    "minVersion": "1.5"
+        "minVersion": "1.9.0"
     },
+    "keywords": ["codebox"],
     "screenshots": ["resources/Screenshot_1.png", "resources/Screenshot_2.png"]
+    "homepage": "https://github.com/GreenMeteor/codebox/",
+    "issues": "https://github.com/GreenMeteor/codebox/issues",
+    "authors": [
+        {
+            "name": "Green Meteor",
+            "email": "[email protected]",
+            "homepage": "https://greenmeteor.net",
+            "role": "Owner"
+        }
+    ]
 }

views/admin/index.php

@@ -1,20 +1,20 @@
 <?php
 
+use humhub\modules\ui\form\widgets\CodeMirrorInputWidget;
 use humhub\modules\ui\form\widgets\SortOrderField;
-use yii\bootstrap\ActiveForm;
-use yii\helpers\Html;
+use humhub\modules\ui\form\widgets\ActiveForm;
+use humhub\libs\Html;
 
 ?>
 
 <div class="panel panel-default">
-
     <div class="panel-heading"><?= Yii::t('CodeboxModule.base', '<strong>Codebox</strong> module configuration'); ?></div>
     <div class="panel-body">
 
 <?php $form = ActiveForm::begin(['id' => 'configure-form']); ?>
 <div class="form-group">
-    <?= $form->field($model, 'title')->textInput(['class' => 'form-control', 'placeholder' => 'Title', 'disabled' => false])->label(true) ?>
-    <?= $form->field($model, 'htmlCode')->textarea(['rows' => '8']); ?>
+    <?= $form->field($model, Html::encode('title'))->textInput(['class' => 'form-control', 'placeholder' => 'Title', 'disabled' => false])->label(true) ?>
+    <?= $form->field($model, Html::encode('htmlCode'))->widget(CodeMirrorInputWidget::class); ?>
     <?= $form->field($model, 'sortOrder')->widget(SortOrderField::class) ?>
 </div>
 <hr>

widgets/CodeboxFrame.php

@@ -4,6 +4,7 @@
 
 use Yii;
 use humhub\components\Widget;
+use humhub\modules\web\security\helpers\Security;
 
 /**
  * CodeboxFrame adds HTML snippet code to all layouts extended by config.php
@@ -23,14 +24,13 @@ public function run()
 
         $sortOrder = Yii::$app->getModule('codebox')->getOrder();
 
-
         $htmlCode = Yii::$app->getModule('codebox')->getHtmlCode();
 
         if (!$title || !$htmlCode || !$sortOrder) {
             return '';
         }
 
-        return $this->render('codeboxframe', ['title' => $title, 'htmlCode' => $htmlCode, $sortOrder => 'sortOrder']);
+        return $this->render('codeboxframe', ['title' => $title, 'htmlCode' => $htmlCode, $sortOrder => 'sortOrder', 'nonce' => Security::getNonce()]);
     }
 
 }

widgets/views/codeboxframe.php

@@ -8,7 +8,7 @@
 <div class="panel panel-default panel-codebox" id="panel-codebox">
     <?= PanelMenu::widget(['id' => 'panel-codebox']); ?>
   <div class="panel-heading">
-    <p><?= $title ?></p>
+    <strong><?= Html::encode($title) ?></strong>
   </div>
   <div class="panel-body">