Merge pull request #106 from nukeviet/develop

NukeViet Egov 1.2.01

.htaccess

@@ -10,15 +10,15 @@
 
 RedirectMatch 404 ^.*\/(config|mainfile)\.php(.*)$
 
-ErrorDocument 400 /error.php?code=400
-ErrorDocument 403 /error.php?code=403
-ErrorDocument 404 /error.php?code=404
-ErrorDocument 405 /error.php?code=405
-ErrorDocument 408 /error.php?code=408
-ErrorDocument 500 /error.php?code=500
-ErrorDocument 502 /error.php?code=502
-ErrorDocument 503 /error.php?code=503
-ErrorDocument 504 /error.php?code=504
+ErrorDocument 400 /error.php?code=400&nvDisableRewriteCheck=1
+ErrorDocument 403 /error.php?code=403&nvDisableRewriteCheck=1
+ErrorDocument 404 /error.php?code=404&nvDisableRewriteCheck=1
+ErrorDocument 405 /error.php?code=405&nvDisableRewriteCheck=1
+ErrorDocument 408 /error.php?code=408&nvDisableRewriteCheck=1
+ErrorDocument 500 /error.php?code=500&nvDisableRewriteCheck=1
+ErrorDocument 502 /error.php?code=502&nvDisableRewriteCheck=1
+ErrorDocument 503 /error.php?code=503&nvDisableRewriteCheck=1
+ErrorDocument 504 /error.php?code=504&nvDisableRewriteCheck=1
 
 <IfModule mod_deflate.c>
   <FilesMatch "\.(css|js|xml|ttf)$">

CHANGELOG.txt

@@ -1,6 +1,10 @@
 CHANGE LOG: NukeViet eGovernment
 http://egov.nukeviet.vn
 
+NukeViet eGovernment 1.2.01
+- Cập nhật NukeViet CMS 4.4.01
+- Sửa lỗi thanh tìm kiếm trên giao diện mobile không hoạt động (#104)
+
 NukeViet eGovernment 1.2.00
 - Cập nhật NukeViet CMS 4.4.00
 - Cập nhật module videoclips 4.3.03

admin/authors/add.php

@@ -49,8 +49,11 @@
 $adminThemes = [''];
 $adminThemes = array_merge($adminThemes, nv_scandir(NV_ROOTDIR . '/themes', $global_config['check_theme_admin']));
 unset($adminThemes[0]);
-
+$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $admin_info['userid']);
 if ($nv_Request->get_int('save', 'post', 0)) {
+    if ($checkss != $nv_Request->get_string('checkss', 'post')) {
+        nv_htmlOutput('Error Session, Please close the browser and try again');
+    }
     $userid = $nv_Request->get_title('userid', 'post', 0);
     $lev = $nv_Request->get_int('lev', 'post', 0);
     $editor = $nv_Request->get_title('editor', 'post');
@@ -273,6 +276,7 @@
 $xtpl->assign('RESULT_URL', NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=add&result=1&checksess=' . NV_CHECK_SESSION);
 $xtpl->assign('FILTERSQL', $crypt->encrypt($filtersql, NV_CHECK_SESSION));
 $xtpl->assign('ACTION', $contents['action']);
+$xtpl->assign('CHECKSS', $checkss);
 
 foreach ($adminThemes as $_admin_theme) {
     $xtpl->assign('THEME_NAME', $_admin_theme);

admin/authors/del.php

@@ -65,8 +65,8 @@ function nv_checkAdmpass($adminpass)
 $action_account = $nv_Request->get_int('action_account', 'post', 0);
 $action_account = (isset($array_action_account[$action_account])) ? $action_account : 0;
 $error = '';
-$checkss = md5($admin_id . NV_CHECK_SESSION);
-if ($nv_Request->get_title('ok', 'post', 0) == $checkss) {
+$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $admin_id);
+if ($nv_Request->get_title('checkss', 'post') == $checkss) {
     $sendmail = $nv_Request->get_int('sendmail', 'post', 0);
     $reason = $nv_Request->get_title('reason', 'post', '', 1);
     $adminpass = $nv_Request->get_title('adminpass_iavim', 'post');

admin/authors/edit.php

@@ -69,8 +69,11 @@
 $adminThemes = [''];
 $adminThemes = array_merge($adminThemes, nv_scandir(NV_ROOTDIR . '/themes', $global_config['check_theme_admin']));
 unset($adminThemes[0]);
-
+$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $admin_id);
 if ($nv_Request->get_int('save', 'post', 0)) {
+    if ($checkss != $nv_Request->get_string('checkss', 'post')) {
+        nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name);
+    }
     $editor = $nv_Request->get_title('editor', 'post', '');
     if (defined('NV_IS_SPADMIN')) {
         $allow_files_type = $nv_Request->get_array('allow_files_type', 'post', []);
@@ -393,6 +396,7 @@
 $xtpl->assign('INFO', $contents['info']);
 $xtpl->assign('ACTION', $contents['action']);
 $xtpl->assign('LANG', $lang_module);
+$xtpl->assign('CHECKSS', $checkss);
 
 foreach ($adminThemes as $_admin_theme) {
     $xtpl->assign('THEME_NAME', $_admin_theme);

admin/authors/module.php

@@ -12,42 +12,45 @@
     die('Stop!!!');
 }
 
+$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $admin_info['userid']);
 if (defined('NV_IS_AJAX')) {
-    if ($nv_Request->isset_request('changeweight', 'post')) {
-        $mid = $nv_Request->get_int('changeweight', 'post', 0);
-        $new_vid = $nv_Request->get_int('new_vid', 'post', 0);
+    if ($checkss == $nv_Request->get_string('checkss', 'post')) {
+        if ($nv_Request->isset_request('changeweight', 'post')) {
+            $mid = $nv_Request->get_int('changeweight', 'post', 0);
+            $new_vid = $nv_Request->get_int('new_vid', 'post', 0);
 
-        $query = 'SELECT mid FROM ' . NV_AUTHORS_GLOBALTABLE . '_module WHERE mid!=' . $mid . ' ORDER BY weight ASC';
-        $result = $db->query($query);
-        $weight = 0;
-        while ($row = $result->fetch()) {
-            ++$weight;
-            if ($weight == $new_vid) {
+            $query = 'SELECT mid FROM ' . NV_AUTHORS_GLOBALTABLE . '_module WHERE mid!=' . $mid . ' ORDER BY weight ASC';
+            $result = $db->query($query);
+            $weight = 0;
+            while ($row = $result->fetch()) {
                 ++$weight;
+                if ($weight == $new_vid) {
+                    ++$weight;
+                }
+                $db->query('UPDATE ' . NV_AUTHORS_GLOBALTABLE . '_module SET weight=' . $weight . ' WHERE mid=' . $row['mid']);
             }
-            $db->query('UPDATE ' . NV_AUTHORS_GLOBALTABLE . '_module SET weight=' . $weight . ' WHERE mid=' . $row['mid']);
-        }
-        $db->query('UPDATE ' . NV_AUTHORS_GLOBALTABLE . '_module SET weight=' . $new_vid . ' WHERE mid=' . $mid);
-    } elseif ($nv_Request->isset_request('changact', 'post')) {
-        $mid = $nv_Request->get_int('mid', 'post', 0);
-        $act = $nv_Request->get_int('changact', 'post', 1);
-        $query = 'SELECT * FROM ' . NV_AUTHORS_GLOBALTABLE . '_module WHERE mid=' . $mid;
-        $row = $db->query($query)->fetch();
-        if (!empty($row)) {
-            $save = true;
-            if ($act == 3 and ($row['module'] == 'database' or $row['module'] == 'settings' or $row['module'] == 'site')) {
-                $save = false;
-            } elseif ($act == 1 and ($row['module'] == 'authors' or $row['module'] == 'siteinfo')) {
-                $save = false;
-            }
+            $db->query('UPDATE ' . NV_AUTHORS_GLOBALTABLE . '_module SET weight=' . $new_vid . ' WHERE mid=' . $mid);
+        } elseif ($nv_Request->isset_request('changact', 'post')) {
+            $mid = $nv_Request->get_int('mid', 'post', 0);
+            $act = $nv_Request->get_int('changact', 'post', 1);
+            $query = 'SELECT * FROM ' . NV_AUTHORS_GLOBALTABLE . '_module WHERE mid=' . $mid;
+            $row = $db->query($query)->fetch();
+            if (!empty($row)) {
+                $save = true;
+                if ($act == 3 and ($row['module'] == 'database' or $row['module'] == 'settings' or $row['module'] == 'site')) {
+                    $save = false;
+                } elseif ($act == 1 and ($row['module'] == 'authors' or $row['module'] == 'siteinfo')) {
+                    $save = false;
+                }
 
-            if ($save) {
-                $act_val = ($row['act_' . $act]) ? 0 : 1;
-                $checksum = md5($row['module'] . '#' . $row['act_1'] . '#' . $row['act_2'] . '#' . $row['act_3'] . '#' . $global_config['sitekey']);
-                $db->query("UPDATE " . NV_AUTHORS_GLOBALTABLE . "_module SET act_" . $act . " = '" . $act_val . "', checksum = '" . $checksum . "' WHERE mid = " . $mid);
+                if ($save) {
+                    $act_val = ($row['act_' . $act]) ? 0 : 1;
+                    $checksum = md5($row['module'] . '#' . $row['act_1'] . '#' . $row['act_2'] . '#' . $row['act_3'] . '#' . $global_config['sitekey']);
+                    $db->query("UPDATE " . NV_AUTHORS_GLOBALTABLE . "_module SET act_" . $act . " = '" . $act_val . "', checksum = '" . $checksum . "' WHERE mid = " . $mid);
+                }
             }
+            die('OK');
         }
-        die('OK');
     }
 }
 
@@ -61,6 +64,7 @@
 $xtpl->assign('NV_OP_VARIABLE', NV_OP_VARIABLE);
 $xtpl->assign('MODULE_NAME', $module_name);
 $xtpl->assign('NV_LANG_INTERFACE', NV_LANG_INTERFACE);
+$xtpl->assign('CHECKSS', $checkss);
 
 $a = 0;
 $rows = $db->query('SELECT * FROM ' . NV_AUTHORS_GLOBALTABLE . '_module ORDER BY weight ASC')->fetchAll();

admin/authors/suspend.php

@@ -17,6 +17,7 @@
 }
 
 $admin_id = $nv_Request->get_int('admin_id', 'get', 0);
+$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $admin_id);
 
 if (empty($admin_id) or $admin_id == $admin_info['admin_id']) {
     nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name);
@@ -62,7 +63,7 @@
 
         if (! empty($new_suspend) and empty($new_reason)) {
             $error = sprintf($lang_module['susp_reason_empty'], $row_user['username']);
-        } else {
+        } elseif ($checkss == $nv_Request->get_string('checkss', 'post')) {
             if ($new_suspend) {
                 if ($clean_history) {
                     $susp_reason = array();
@@ -211,6 +212,7 @@
 // Parse content
 $xtpl = new XTemplate('suspend.tpl', NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/' . $module_file);
 $xtpl->assign('SUSPEND_INFO', $contents['suspend_info'][0]);
+$xtpl->assign('CHECKSS', $checkss);
 
 if (empty($contents['suspend_info'][1])) {
     $xtpl->parse('suspend.suspend_info');

admin/database/sampledata.php

@@ -65,28 +65,13 @@
         nv_htmlOutput('Wrong URL');
     }
     $sname = nv_strtolower(nv_substr($nv_Request->get_title('sname', 'post', ''), 0, 50));
-    if (preg_match('/^([a-z0-9]+)$/', $sname) and file_exists(NV_ROOTDIR . '/install/samples/data_' . $sname . '.php')) {
+    if ($nv_Request->get_string('delete', 'post') == md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $sname) and preg_match('/^([a-z0-9]+)$/', $sname) and file_exists(NV_ROOTDIR . '/install/samples/data_' . $sname . '.php')) {
         nv_deletefile(NV_ROOTDIR . '/install/samples/data_' . $sname . '.php');
         nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['sampledata'], 'Delete: ' . $sname, $admin_info['userid']);
     }
     nv_htmlOutput('OK');
 }
 
-// Tải về file dữ liệu
-if ($nv_Request->isset_request('downloadfile', 'get')) {
-    $sample_name = nv_strtolower(nv_substr($nv_Request->get_title('sample_name', 'get', ''), 0, 50));
-
-    if (!file_exists($file_data_dump) or !preg_match('/^([a-z0-9]+)$/', $sample_name)) {
-        nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op);
-    }
-
-    nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['sampledata'], 'Manual Download: ' . $sample_name, $admin_info['userid']);
-
-    $download = new NukeViet\Files\Download($file_data_dump, NV_ROOTDIR . '/' . NV_TEMP_DIR, 'data_' . $sample_name . '.php');
-    $download->download_file();
-    exit();
-}
-
 // Tiến trình quét bằng AJAX
 if ($nv_Request->isset_request('startwrite', 'get')) {
     if ($sys_info['ini_set_support']) {
@@ -355,6 +340,7 @@
     $xtpl->parse('main.empty');
 } else {
     foreach ($array as $row) {
+        $row['checkss'] = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $row['title']);
         $xtpl->assign('ROW', $row);
         $xtpl->parse('main.data.loop');
     }

admin/database/setting.php

@@ -15,13 +15,13 @@
 $page_title = $lang_global['mod_settings'];
 $array_sql_ext = array( 'sql', 'gz' );
 
-$errormess = '';
 $array_config_global = array();
 $array_config_global['dump_backup_day'] = $global_config['dump_backup_day'];
 $array_config_global['dump_backup_ext'] = $global_config['dump_backup_ext'];
 $array_config_global['dump_interval'] = $global_config['dump_interval'];
 
-if ($nv_Request->isset_request('submit', 'post')) {
+$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $admin_info['userid']);
+if ($checkss == $nv_Request->get_string('checkss', 'post')) {
     $array_config_global = array();
     $array_config_global['dump_backup_ext'] = $nv_Request->get_title('dump_backup_ext', 'post', '', 1);
     $array_config_global['dump_autobackup'] = $nv_Request->get_int('dump_autobackup', 'post');
@@ -56,6 +56,7 @@
 $xtpl->assign('LANG', $lang_module);
 $xtpl->assign('GLANG', $lang_global);
 $xtpl->assign('DATA', $array_config_global);
+$xtpl->assign('CHECKSS', $checkss);
 
 foreach ($array_sql_ext as $ext_i) {
     $xtpl->assign('BACKUPEXTSELECTED', ($ext_i == $array_config_global['dump_backup_ext']) ? ' selected="selected"' : '');

admin/extensions/detail.php

@@ -37,7 +37,7 @@
 );
 
 $array = $NV_Http->post(NUKEVIET_STORE_APIURL, $args);
-$array = ! empty($array['body']) ? @unserialize($array['body']) : array();
+$array = (is_array($array) and !empty($array['body'])) ? @unserialize($array['body']) : array();
 
 $error = '';
 if (! empty(NukeViet\Http\Http::$error)) {

admin/extensions/download.php

@@ -55,9 +55,9 @@
 
     $array = $NV_Http->post(NUKEVIET_STORE_APIURL, $args);
 
-    if (! empty(NukeViet\Http\Http::$error)) {
+    if (!empty(NukeViet\Http\Http::$error)) {
         $contents = "ERR|" . nv_http_get_lang(NukeViet\Http\Http::$error);
-    } elseif (empty($array['filename']) or ! file_exists($array['filename']) or filesize($array['filename']) <= 0) {
+    } elseif (empty($array['filename']) or !file_exists($array['filename']) or filesize($array['filename']) <= 0) {
         $contents = "ERR|" . $lang_module['download_error_save'];
     } else {
         $contents = 'OK|' . $filename;

admin/extensions/install.php

@@ -56,21 +56,28 @@
         'body' => $request
     );
 
+    $cookies = [];
     $array = $NV_Http->post(NUKEVIET_STORE_APIURL, $args);
-    $cookies = $array['cookies'];
-    $array = ! empty($array['body']) ? @unserialize($array['body']) : array();
+
+    if (is_array($array)) {
+        $cookies = $array['cookies'];
+        $array = ! empty($array['body']) ? @unserialize($array['body']) : array();
+    } else {
+        // Do post có thể trả về object
+        $array = [];
+    }
 
     // Next step
-    if (! empty($array['data']['compatible']['id']) and $request['mode'] == 'getfile') {
+    if (!empty($array['data']['compatible']['id']) and $request['mode'] == 'getfile') {
         header('location: ' . NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=install&id=' . $array['data']['id'] . '&fid=' . $array['data']['compatible']['id'] . '&getfile=1');
         die();
     }
 
-    if (! empty(NukeViet\Http\Http::$error)) {
+    if (!empty(NukeViet\Http\Http::$error)) {
         $error = nv_http_get_lang(NukeViet\Http\Http::$error);
-    } elseif (empty($array['status']) or ! isset($array['error']) or ! isset($array['data']) or ! isset($array['pagination']) or ! is_array($array['error']) or ! is_array($array['data']) or ! is_array($array['pagination']) or (! empty($array['error']) and (! isset($array['error']['level']) or empty($array['error']['message'])))) {
+    } elseif (empty($array['status']) or !isset($array['error']) or !isset($array['data']) or !isset($array['pagination']) or !is_array($array['error']) or !is_array($array['data']) or !is_array($array['pagination']) or (!empty($array['error']) and (!isset($array['error']['level']) or empty($array['error']['message'])))) {
         $error = $lang_global['error_valid_response'];
-    } elseif (! empty($array['error']['message'])) {
+    } elseif (!empty($array['error']['message'])) {
         $error = $array['error']['message'];
     }
 }

admin/extensions/login.php

@@ -8,17 +8,19 @@
  * @Createdate 2-1-2010 22:5
  */
 
-if (! defined('NV_IS_FILE_EXTENSIONS')) {
+if (!defined('NV_IS_FILE_EXTENSIONS')) {
     die('Stop!!!');
 }
 
 $page_title = $lang_module['login_pagetitle'];
 
-$request = array();
+$request = [];
 $request['username'] = $nv_Request->get_title('username', 'post', '');
 $request['password'] = $nv_Request->get_title('password', 'post', '');
 $request['redirect'] = $nv_Request->get_title('redirect', 'post,get', '');
 
+$checksess = md5(NV_CHECK_SESSION . 'mer-login');
+
 $xtpl = new XTemplate($op . '.tpl', NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/' . $module_file);
 $xtpl->assign('LANG', $lang_module);
 $xtpl->assign('GLANG', $lang_global);
@@ -28,8 +30,9 @@
 $xtpl->assign('NV_LANG_DATA', NV_LANG_DATA);
 $xtpl->assign('NV_NAME_VARIABLE', NV_NAME_VARIABLE);
 $xtpl->assign('MODULE_NAME', $module_name);
+$xtpl->assign('CHECKSESS', $checksess);
 
-if (! empty($request['username']) and ! empty($request['password'])) {
+if (!empty($request['username']) and !empty($request['password']) and $checksess === $nv_Request->get_title('checksess', 'post', '')) {
     // Fixed request
     $request['lang'] = NV_LANG_INTERFACE;
     $request['basever'] = $global_config['version'];
@@ -42,28 +45,31 @@
     // Debug
     $args = array(
         'headers' => array(
-            'Referer' => NUKEVIET_STORE_APIURL,
+            'Referer' => NUKEVIET_STORE_APIURL
         ),
         'cookies' => $stored_cookies,
         'body' => $request
     );
 
+    $cookies = [];
     $array = $NV_Http->post(NUKEVIET_STORE_APIURL, $args);
 
-    $cookies = $array['cookies'];
-    $array = ! empty($array['body']) ? (is_serialized_string($array['body']) ? unserialize($array['body']) : array()) : array();
+    if (is_array($array)) {
+        $cookies = $array['cookies'];
+        $array = !empty($array['body']) ? (is_serialized_string($array['body']) ? unserialize($array['body']) : []) : [];
+    }
 
     $error = '';
-    if (! empty(NukeViet\Http\Http::$error)) {
+    if (!empty(NukeViet\Http\Http::$error)) {
         $error = nv_http_get_lang(NukeViet\Http\Http::$error);
-    } elseif (empty($array['status']) or ! isset($array['error']) or ! isset($array['data']) or ! isset($array['pagination']) or ! is_array($array['error']) or ! is_array($array['data']) or ! is_array($array['pagination']) or (! empty($array['error']) and (! isset($array['error']['level']) or empty($array['error']['message'])))) {
+    } elseif (empty($array['status']) or !isset($array['error']) or !isset($array['data']) or !isset($array['pagination']) or !is_array($array['error']) or !is_array($array['data']) or !is_array($array['pagination']) or (!empty($array['error']) and (!isset($array['error']['level']) or empty($array['error']['message'])))) {
         $error = $lang_global['error_valid_response'];
-    } elseif (! empty($array['error']['message'])) {
+    } elseif (!empty($array['error']['message'])) {
         $error = $array['error']['message'];
     }
 
     // Show error
-    if (! empty($error)) {
+    if (!empty($error)) {
         $xtpl->assign('ERROR', $error);
         $xtpl->parse('main.error');