Webasyst Framework v.2.9.8

  * Improved the Webasyst 2 user interface.
  * Corrected access rights check in sending web push notifications.
  * Added authorization headers check in the API.

Author: Leonix

wa-apps/installer/js/installer.js

@@ -574,7 +574,7 @@ String.prototype.translate = function () {
                 const startPosition = $this.offset();
 
                 const target_params = {
-                    top: targetPosition.top,
+                    top: 0,
                     left: targetPosition.left
                 };
 

wa-apps/installer/lib/actions/settings/installerSettingsStaticID.controller.php

@@ -73,6 +73,7 @@ protected function getUrl()
         $params = [
             'hash'   => $wa_installer->getHash(),
             'domain' => waRequest::server('HTTP_HOST'),
+            'token'  => $this->getStoreToken(),
             'beta_test_products' => 1,
             'locale' => wa()->getLocale(),
         ];
@@ -81,6 +82,16 @@ protected function getUrl()
         return $url;
     }
 
+    protected function getStoreToken()
+    {
+        $token_data = (new waAppSettingsModel)->get('installer', 'token_data', false);
+        if ($token_data) {
+            $token_data = waUtils::jsonDecode($token_data, true);
+            return $token_data && isset($token_data['token']) ? $token_data['token'] : null;
+        }
+        return null;
+    }
+
     protected function logException(Exception $e)
     {
         $message = join(PHP_EOL, [$e->getCode(), $e->getMessage(), $e->getTraceAsString()]);

wa-apps/installer/lib/config/app.php

@@ -4,8 +4,8 @@
     'description' => 'Install new apps from the Webasyst Store',
     'icon'        => 'img/installer.svg',
     'mobile'      => false,
-    'version'     => '2.9.7',
-    'critical'    => '2.9.7',
+    'version'     => '2.9.8',
+    'critical'    => '2.9.8',
     'system'      => true,
     'vendor'      => 'webasyst',
     'csrf'        => true,

wa-content/js/jquery-wa/dashboard-mobile.js

@@ -553,6 +553,7 @@ const Page = ( function($, backend_url) {
 
                     /*TODO check vice versa case*/
                     $widgetActivity.find('.activity-empty-today').remove();
+                    $widgetActivity.find('.activity-divider.hidden:first').removeClass('hidden');
 
                     that.storage.isActivityFilterLocked = false;
                 });
@@ -620,7 +621,12 @@ const Page = ( function($, backend_url) {
                         // Render
                         $widgetActivity.find(".empty-activity-text").remove();
                         $widgetActivity.find(".activity-item.activity-empty-today").remove();
-                        $wrapper.prepend(response);
+                        const $activity_divider = $wrapper.find('.activity-divider:first');
+                        if ($activity_divider.length) {
+                            $activity_divider.after(response)
+                        }else{
+                            $wrapper.prepend(response);
+                        }
                     }
 
                     that.storage.isTopLazyLoadLocked = false;

wa-content/js/jquery-wa/dashboard.js

@@ -1487,6 +1487,7 @@ const Page = ( function($, backend_url) {
 
                     /*TODO check vice versa case*/
                     $widgetActivity.find('.activity-empty-today').remove();
+                    $widgetActivity.find('.activity-divider.hidden:first').removeClass('hidden');
 
                     that.storage.isActivityFilterLocked = false;
                 });
@@ -1608,6 +1609,17 @@ const Page = ( function($, backend_url) {
 
                     /*TODO check vice versa case*/
                     $widgetActivity.find('.activity-empty-today').remove();
+
+                    const $activity_divider = $widgetActivity.find('.activity-divider');
+                    let uniqueTexts = [];
+                    $activity_divider.each(function() {
+                        const text = $(this).text();
+                        if ($.inArray(text, uniqueTexts) === -1) {
+                            uniqueTexts.push(text);
+                        } else {
+                            $(this).remove();
+                        }
+                    });
                 });
             }
         }
@@ -1637,7 +1649,23 @@ const Page = ( function($, backend_url) {
                         // Render
                         $widgetActivity.find(".empty-activity-text").remove();
                         $widgetActivity.find(".activity-item.activity-empty-today").remove();
-                        $wrapper.prepend(response);
+                        const $today_divider = $widgetActivity.find('.activity-divider.today');
+                        const $activity_divider = $widgetActivity.find('.activity-divider');
+                        if ($today_divider.length) {
+                            $today_divider.after(response)
+                        }else{
+                            $wrapper.prepend(response);
+                        }
+
+                        let uniqueTexts = [];
+                        $activity_divider.each(function() {
+                            const text = $(this).text();
+                            if ($.inArray(text, uniqueTexts) === -1) {
+                                uniqueTexts.push(text);
+                            } else {
+                                $(this).remove();
+                            }
+                        });
                     }
 
                     that.storage.isTopLazyLoadLocked = false;

wa-system/api/waAPIController.class.php

@@ -169,17 +169,20 @@ protected function checkToken()
                 $token = waRequest::server('HTTP_AUTHORIZATION', null, 'string');
             }
             if ($token) {
-                $token = preg_replace('~^(Bearer\s)~ui', '', $token);
+                $token = preg_replace('~^(\s*Bearer\s+)~ui', '', $token);
+                $token = trim($token);
             }
         }
         if (!$token) {
-            throw new waAPIException('invalid_request', 'Required parameter is missing: access_token', 400);
+            throw new waAPIException('token_required', 'Access token is missing', 400);
         }
 
         $tokens_model = new waApiTokensModel();
         $data = $tokens_model->getById($token);
         if (!$data || $data['token'] != $token) {
-            throw new waAPIException('invalid_token', 'Invalid access token', 401);
+            throw new waAPIException('invalid_token', 'Invalid access token', 401, [
+                'sha256' => hash('sha256', $token),
+            ]);
         }
         if ($data['expires'] && (strtotime($data['expires']) < time())) {
             throw new waAPIException('invalid_token', 'Access token has expired', 401);

wa-system/captcha/phpcaptcha/templates/captcha.html

@@ -7,7 +7,7 @@
     <p>
         <a href="#" class="wa-captcha-refresh">{$refresh}</a>
     </p>
-    <script type="text/javascript">
+    <script>
         $(function () {
             $('div.{$wrapper_class} .wa-captcha-img').on('load', function () {
                 $(window).trigger('wa_captcha_loaded');
@@ -31,4 +31,4 @@
             });
         });
     </script>
-</div>
+</div>

wa-system/captcha/phpcaptcha/templates/captcha2.html

@@ -11,7 +11,7 @@
             </a>
         </div>
     </div>
-    <script type="text/javascript">
+    <script>
         $(function () {
             $('div.{$wrapper_class} .wa-captcha-img').on('load', function () {
                 $(window).trigger('wa_captcha_loaded');
@@ -36,4 +36,4 @@
             });
         });
     </script>
-</div>
+</div>

wa-system/contact/waContactAddressField.class.php

@@ -59,6 +59,13 @@ public function format($data, $format = null, $ignore_hidden = true)
                     $tmp = trim($field->format($data['data'][$f_id], 'value', $data['data']));
                     if ($tmp) {
                         if (!in_array($f_id, array('country', 'region', 'zip', 'street', 'city'))) {
+                            if ($field instanceof waContactSelectField) {
+                                try {
+                                    $tmp = $field->getOptions($tmp);
+                                } catch (Exception $e) {
+                                    //
+                                }
+                            }
                             $tmp = $field->getName().' '.$tmp;
                         }
                         $value[$f_id] = $tmp;
@@ -276,6 +283,13 @@ protected function getParts($data, $format = null)
                 }
                 $result['parts'][$id] = htmlspecialchars($result['parts'][$id]);
                 if (!in_array($id, array('country', 'region', 'zip', 'street', 'city'))) {
+                    if ($field instanceof waContactSelectField) {
+                        try {
+                            $result['parts'][$id] = $field->getOptions($result['parts'][$id]);
+                        } catch (Exception $e) {
+                            //
+                        }
+                    }
                     $result['parts'][$id] = '<span>'.$field->getName().'</span>' . ' ' . $result['parts'][$id];
                 }
             }

wa-system/design/templates/Design.html

@@ -248,9 +248,9 @@ <h3 class="dialog-header">[s`Upload theme`]</h3>
         $theme_preview_link = $('.js-tabs-menu .wa-theme-preview'),
         $theme_edit_link = $('.js-tabs-menu li[data-action="edit"]');
 
-    const current_menu_id = sessionStorage.getItem('wa_design_menu_id') ?? null;
+    var current_menu_id = sessionStorage.getItem('wa_design_menu_id') ?? null;
 
-        let $bottombar = $('.bottombar');
+    var $bottombar = $('.bottombar');
 
 
     async function postData(url, data) {