From 8b0325c7d3c672754de220efd52b9ba9de8a9868 Mon Sep 17 00:00:00 2001 From: Miguel Ribeiro Date: Wed, 7 Aug 2024 22:35:24 +0200 Subject: [PATCH] fix: service worker precaching logout.php causes user to be logged out fix: add samesite directive to cookies fix: sort by price --- endpoints/subscriptions/get.php | 13 +- endpoints/user/save_user.php | 6 +- includes/getsettings.php | 5 +- includes/list_subscriptions.php | 271 +++++++++++++++++--------------- includes/version.php | 2 +- index.php | 13 +- login.php | 30 +++- scripts/common.js | 14 +- scripts/dashboard.js | 2 +- scripts/registration.js | 2 +- scripts/theme.js | 8 +- service-worker.js | 1 - 12 files changed, 197 insertions(+), 170 deletions(-) diff --git a/endpoints/subscriptions/get.php b/endpoints/subscriptions/get.php index 0eacce5fd..c0a0fda79 100644 --- a/endpoints/subscriptions/get.php +++ b/endpoints/subscriptions/get.php @@ -146,19 +146,8 @@ } } - if ($sort === "price") { - usort($subscriptions, function ($a, $b) { - return $a['price'] < $b['price'] ? 1 : -1; - }); - if ($settings['disabledToBottom'] === 'true') { - usort($print, function ($a, $b) { - return $a['inactive'] - $b['inactive']; - }); - } - } - if (isset($print)) { - printSubscriptions($print, $sort, $categories, $members, $i18n, $colorTheme, "../../"); + printSubscriptions($print, $sort, $categories, $members, $i18n, $colorTheme, "../../", $settings['disabledToBottom']); } if (count($subscriptions) == 0) { diff --git a/endpoints/user/save_user.php b/endpoints/user/save_user.php index 51a3e719d..0cf574ae9 100644 --- a/endpoints/user/save_user.php +++ b/endpoints/user/save_user.php @@ -291,7 +291,11 @@ function resizeAndUploadAvatar($uploadedFile, $uploadDir, $name) $oldLanguage = isset($_COOKIE['language']) ? $_COOKIE['language'] : "en"; $root = str_replace('/endpoints/user', '', dirname($_SERVER['PHP_SELF'])); $root = $root == '' ? '/' : $root; - setcookie('language', $language, $cookieExpire, $root); + setcookie('language', $language, [ + 'path' => $root, + 'expires' => $cookieExpire, + 'samesite' => 'Strict' + ]); $_SESSION['avatar'] = $avatar; $_SESSION['main_currency'] = $main_currency; diff --git a/includes/getsettings.php b/includes/getsettings.php index 7def7ee62..0710eb436 100644 --- a/includes/getsettings.php +++ b/includes/getsettings.php @@ -11,7 +11,10 @@ $themeMapping = array(0 => 'light', 1 => 'dark', 2 => 'automatic'); $themeKey = isset($settings['dark_theme']) ? $settings['dark_theme'] : 2; $themeValue = $themeMapping[$themeKey]; - setcookie('theme', $themeValue, $cookieExpire); + setcookie('theme', $themeValue, [ + 'expires' => $cookieExpire, + 'samesite' => 'Strict' + ]); $settings['update_theme_setttings'] = false; if (isset($_COOKIE['inUseTheme']) && $settings['dark_theme'] == 2) { $inUseTheme = $_COOKIE['inUseTheme']; diff --git a/includes/list_subscriptions.php b/includes/list_subscriptions.php index a19ab0325..c3794bdb0 100644 --- a/includes/list_subscriptions.php +++ b/includes/list_subscriptions.php @@ -1,9 +1,10 @@ prepare($query); + $stmt->bindParam(':currency', $currency, SQLITE3_INTEGER); + $result = $stmt->execute(); + + $exchangeRate = $result->fetchArray(SQLITE3_ASSOC); + if ($exchangeRate === false) { + return $price; + } else { + $fromRate = $exchangeRate['rate']; + return $price / $fromRate; + } +} - - function getPriceConverted($price, $currency, $database) { - $query = "SELECT rate FROM currencies WHERE id = :currency"; - $stmt = $database->prepare($query); - $stmt->bindParam(':currency', $currency, SQLITE3_INTEGER); - $result = $stmt->execute(); - - $exchangeRate = $result->fetchArray(SQLITE3_ASSOC); - if ($exchangeRate === false) { - return $price; - } else { - $fromRate = $exchangeRate['rate']; - return $price / $fromRate; +function printSubscriptions($subscriptions, $sort, $categories, $members, $i18n, $colorTheme, $imagePath, $disabledToBottom) +{ + if ($sort === "price") { + usort($subscriptions, function ($a, $b) { + return $a['price'] < $b['price'] ? 1 : -1; + }); + if ($disabledToBottom === 'true') { + usort($subscriptions, function ($a, $b) { + return $a['inactive'] - $b['inactive']; + }); } } - function printSubscriptions($subscriptions, $sort, $categories, $members, $i18n, $colorTheme, $imagePath) { - $currentCategory = 0; - $currentPayerUserId = 0; - $currentPaymentMethodId = 0; - foreach ($subscriptions as $subscription) { - if ($sort == "category_id" && $subscription['category_id'] != $currentCategory) { - ?> -
- -
+ $currentCategory = 0; + $currentPayerUserId = 0; + $currentPaymentMethodId = 0; + foreach ($subscriptions as $subscription) { + if ($sort == "category_id" && $subscription['category_id'] != $currentCategory) { + ?> +
-
- -
- -
- -
- + +
+ +
+ +
+ +
+ -
-
- - - - - - - - - -
    -
  • - - -
  • -
  • - - -
  • -
  • - - -
  • -
-
-
- - - +
+
+
- -
- - - - -
+ + ?> + + + + + + + + + +
    +
  • + + +
  • +
  • + + +
  • +
  • + + +
  • +
+
+ + + + + + +
+ +
+ + + + +
+ +
prepare($query); - $stmt->bindValue(':userId', $userId, SQLITE3_INTEGER); - $result = $stmt->execute(); - $row = $result->fetchArray(SQLITE3_ASSOC); - $mainCurrencyId = $row['main_currency']; +$query = "SELECT main_currency FROM user WHERE id = :userId"; +$stmt = $db->prepare($query); +$stmt->bindValue(':userId', $userId, SQLITE3_INTEGER); +$result = $stmt->execute(); +$row = $result->fetchArray(SQLITE3_ASSOC); +$mainCurrencyId = $row['main_currency']; ?> \ No newline at end of file diff --git a/includes/version.php b/includes/version.php index dc380584f..7ba82494d 100644 --- a/includes/version.php +++ b/includes/version.php @@ -1,3 +1,3 @@ \ No newline at end of file diff --git a/index.php b/index.php index b35fa6d55..1f2e46bd0 100644 --- a/index.php +++ b/index.php @@ -289,19 +289,8 @@ } } - if ($sort === "price") { - usort($subscriptions, function ($a, $b) { - return $a['price'] < $b['price'] ? 1 : -1; - }); - if ($settings['disabledToBottom'] === 'true') { - usort($print, function ($a, $b) { - return $a['inactive'] - $b['inactive']; - }); - } - } - if (isset($print)) { - printSubscriptions($print, $sort, $categories, $members, $i18n, $colorTheme, ""); + printSubscriptions($print, $sort, $categories, $members, $i18n, $colorTheme, "", $settings['disabledToBottom']); } $db->close(); diff --git a/login.php b/login.php index df63847df..7dcdb87e6 100644 --- a/login.php +++ b/login.php @@ -51,16 +51,25 @@ $_SESSION['main_currency'] = $main_currency; $_SESSION['userId'] = $userId; $cookieExpire = time() + (30 * 24 * 60 * 60); - setcookie('language', $language, $cookieExpire); + setcookie('language', $language, [ + 'expires' => $cookieExpire, + 'samesite' => 'Strict' + ]); $query = "SELECT color_theme FROM settings"; $stmt = $db->prepare($query); $result = $stmt->execute(); $settings = $result->fetchArray(SQLITE3_ASSOC); - setcookie('colorTheme', $settings['color_theme'], $cookieExpire); + setcookie('colorTheme', $settings['color_theme'], [ + 'expires' => $cookieExpire, + 'samesite' => 'Strict' + ]); $cookieValue = $username . "|" . "abc123ABC" . "|" . $main_currency; - setcookie('wallos_login', $cookieValue, $cookieExpire); + setcookie('wallos_login', $cookieValue, [ + 'expires' => $cookieExpire, + 'samesite' => 'Strict' + ]); $db->close(); header("Location: ."); @@ -118,14 +127,20 @@ $_SESSION['main_currency'] = $main_currency; $_SESSION['userId'] = $userId; $cookieExpire = time() + (30 * 24 * 60 * 60); - setcookie('language', $language, $cookieExpire); + setcookie('language', $language, [ + 'expires' => $cookieExpire, + 'samesite' => 'Strict' + ]); if ($rememberMe) { $query = "SELECT color_theme FROM settings"; $stmt = $db->prepare($query); $result = $stmt->execute(); $settings = $result->fetchArray(SQLITE3_ASSOC); - setcookie('colorTheme', $settings['color_theme'], $cookieExpire); + setcookie('colorTheme', $settings['color_theme'], [ + 'expires' => $cookieExpire, + 'samesite' => 'Strict' + ]); $token = bin2hex(random_bytes(32)); $addLoginTokens = "INSERT INTO login_tokens (user_id, token) VALUES (:userId, :token)"; @@ -135,7 +150,10 @@ $addLoginTokensStmt->execute(); $_SESSION['token'] = $token; $cookieValue = $username . "|" . $token . "|" . $main_currency; - setcookie('wallos_login', $cookieValue, $cookieExpire); + setcookie('wallos_login', $cookieValue, [ + 'expires' => $cookieExpire, + 'samesite' => 'Strict' + ]); } $db->close(); header("Location: ."); diff --git a/scripts/common.js b/scripts/common.js index f76aee04d..f681dcb44 100644 --- a/scripts/common.js +++ b/scripts/common.js @@ -8,9 +8,9 @@ function toggleDropdown() { function showErrorMessage(message) { const toast = document.querySelector(".toast#errorToast"); - (closeIcon = document.querySelector(".close-error")), - (errorMessage = document.querySelector(".errorMessage")), - (progress = document.querySelector(".progress.error")); + const closeIcon = document.querySelector(".close-error"); + const errorMessage = document.querySelector(".errorMessage"); + const progress = document.querySelector(".progress.error"); let timer1, timer2; errorMessage.textContent = message; toast.classList.add("active"); @@ -39,9 +39,9 @@ function showErrorMessage(message) { function showSuccessMessage(message) { const toast = document.querySelector(".toast#successToast"); - (closeIcon = document.querySelector(".close-success")), - (successMessage = document.querySelector(".successMessage")), - (progress = document.querySelector(".progress.success")); + const closeIcon = document.querySelector(".close-success"); + const successMessage = document.querySelector(".successMessage"); + const progress = document.querySelector(".progress.success"); let timer1, timer2; successMessage.textContent = message; toast.classList.add("active"); @@ -76,7 +76,7 @@ document.addEventListener('DOMContentLoaded', function () { const darkThemeCss = document.querySelector("#dark-theme"); darkThemeCss.disabled = themePreference === 'light'; document.body.className = themePreference; - document.cookie = `inUseTheme=${themePreference}; expires=Fri, 31 Dec 9999 23:59:59 GMT`; + document.cookie = `inUseTheme=${themePreference}; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Strict`; const themeColorMetaTag = document.querySelector('meta[name="theme-color"]'); themeColorMetaTag.setAttribute('content', themePreference === 'dark' ? '#222222' : '#FFFFFF'); } diff --git a/scripts/dashboard.js b/scripts/dashboard.js index 32ca26414..beef96f49 100644 --- a/scripts/dashboard.js +++ b/scripts/dashboard.js @@ -337,7 +337,7 @@ function setSortOption(sortOption) { const expirationDate = new Date(); expirationDate.setDate(expirationDate.getDate() + daysToExpire); const cookieValue = encodeURIComponent(sortOption) + '; expires=' + expirationDate.toUTCString(); - document.cookie = 'sortOrder=' + cookieValue; + document.cookie = 'sortOrder=' + cookieValue + '; SameSite=Strict'; fetchSubscriptions(); toggleSortOptions(); } diff --git a/scripts/registration.js b/scripts/registration.js index 442ba7377..df386e4bb 100644 --- a/scripts/registration.js +++ b/scripts/registration.js @@ -5,7 +5,7 @@ function setCookie(name, value, days) { date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000)); expires = "; expires=" + date.toUTCString(); } - document.cookie = name + "=" + value + expires; + document.cookie = name + "=" + value + expires + "; SameSite=Strict"; } function storeFormFieldValue(fieldId) { diff --git a/scripts/theme.js b/scripts/theme.js index cfe63cd9f..6ff1c6b9f 100644 --- a/scripts/theme.js +++ b/scripts/theme.js @@ -3,7 +3,7 @@ function switchTheme() { darkThemeCss.disabled = !darkThemeCss.disabled; const themeChoice = darkThemeCss.disabled ? 'light' : 'dark'; - document.cookie = `theme=${themeChoice}; expires=Fri, 31 Dec 9999 23:59:59 GMT`; + document.cookie = 'theme=' + themeValue + '; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Strict'; document.body.className = themeChoice; @@ -60,7 +60,7 @@ function setDarkTheme(theme) { lightThemeButton.classList.remove('selected'); automaticThemeButton.classList.remove('selected'); - document.cookie = `theme=${themeValue}; expires=Fri, 31 Dec 9999 23:59:59 GMT`; + document.cookie = `theme=${themeValue}; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Strict`; if (theme == 0) { darkThemeCss.disabled = true; @@ -78,7 +78,7 @@ function setDarkTheme(theme) { darkThemeCss.disabled = !prefersDarkMode; document.body.className = prefersDarkMode ? 'dark' : 'light'; automaticThemeButton.classList.add('selected'); - document.cookie = `inUseTheme=${prefersDarkMode ? 'dark' : 'light'}; expires=Fri, 31 Dec 9999 23:59:59 GMT`; + document.cookie = `inUseTheme=${prefersDarkMode ? 'dark' : 'light'}; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Strict`; } showSuccessMessage(data.message); @@ -129,7 +129,7 @@ function setTheme(themeColor) { targetLabel.classList.add('is-selected'); } - document.cookie = `colorTheme=${themeColor}; expires=Fri, 31 Dec 9999 23:59:59 GMT`; + document.cookie = `colorTheme=${themeColor}; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Strict`; fetch('endpoints/settings/colortheme.php', { method: 'POST', diff --git a/service-worker.js b/service-worker.js index 673dbb859..231b9a8d7 100644 --- a/service-worker.js +++ b/service-worker.js @@ -8,7 +8,6 @@ self.addEventListener('install', function (event) { 'settings.php', 'stats.php', 'about.php', - 'logout.php', 'login.php', 'admin.php', 'endpoints/subscriptions/get.php',