Merge branch 'dev'

Author: Awilum

.htaccess

@@ -1,34 +1,63 @@
 #
-# Monstra  :: php & apache settings 
+# This file is part of the Monstra.
+#
+# (c) Romanenko Sergey / Awilum <awilum@msn.com>
+#
+# For the full copyright and license information, please view the LICENSE
+# file that was distributed with this source code.
 #
 
 # Set default charset utf-8
 AddDefaultCharset UTF-8
 
-# Don't show directory listings for URLs which map to a directory.
-Options -Indexes
-
 # PHP 5, Apache 1 and 2.
 <IfModule mod_php5.c>
 	php_flag magic_quotes_gpc                 off
 	php_flag magic_quotes_sybase              off
 	php_flag register_globals                 off
 </IfModule>
 
-
-# Setting rewrite rules.
 <IfModule mod_rewrite.c>
 	RewriteEngine on
 
-	# Update code bellow for SEO improvements
-	# RewriteCond %{HTTP_HOST} ^www.example.org [NC]
- 	# RewriteRule ^(.*)$ http://example.org/$1 [R=301,L]
-
+	## Begin - Rewrite rules to block out some common exploits.
+	# If you experience problems on your site block out the operations listed below
+	# This attempts to block the most common type of exploit `attempts` to Monstra
+	#
+	# Block out any script trying to base64_encode data within the URL.
+	RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
+	# Block out any script that includes a <script> tag in URL.
+	RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
+	# Block out any script trying to set a PHP GLOBALS variable via URL.
+	RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
+	# Block out any script trying to modify a _REQUEST variable via URL.
+	RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
+	# Return 403 Forbidden header and show the content of the root homepage
+	RewriteRule .* index.php [F]
+	#
+	## End - Rewrite rules to block out some common exploits.
+
+	## Begin - Rewrite rules for Monstra
 	RewriteBase /%siteurlhere%/
 	RewriteCond %{REQUEST_FILENAME} !-f
 	RewriteCond %{REQUEST_FILENAME} !-d
 	RewriteRule ^(.*)$ index.php [QSA,L]
+	## End - Rewrite rules for Monstra
+
+	## Begin - Rewrite rules for SEO improvements.
+	# RewriteCond %{HTTP_HOST} ^www.example.org [NC]
+ 	# RewriteRule ^(.*)$ http://example.org/$1 [R=301,L]
+	# Redirect 301 /index http://example.org/
+	## End - Rewrite rules for SEO improvements.
 
-	# Update code bellow for SEO improvements
-	# Redirect 301 /home http://example.org/
 </IfModule>
+
+# Prevent visitors from viewing files directly.
+<FilesMatch "(^#.*#|\.(md|txt|html|tpl|yml|yaml)|~)$">
+	Order allow,deny
+	Deny from all
+	Satisfy All
+</FilesMatch>
+
+# Don't show directory listings for URLs which map to a directory.
+Options -Indexes

CHANGELOG.md

@@ -1,3 +1,11 @@
+Monstra 3.0.3, 2016-01-29
+------------------------
+- Improved Monstra Security
+- Minimum PHP version for Monstra is 5.3.2
+- Admin: Fixed 404 error when using certain server configurations
+- Localization: Major Fixes for SR, KA-GE, and ES
+- Install Script Fixes
+
 Monstra 3.0.2, 2015-10-16
 ------------------------
 - Added Monstra MIT LICENSE instead of GNU GENERAL PUBLIC LICENSE v3
@@ -141,7 +149,7 @@ Monstra 2.1.3, 2012-12-09
 - Pages Plugin: add ability to get content for specific page.
 - XMLDB: New method factory() added.
 - Twitter Bootstrap updated to Version 2.2.2
-- Sitemap Plugin: _blank removed.
+- Sitemap Plugin: `_blank` removed.
 - Filesmanager Plugin: fixes.
 - Backup Plugin: fixes.
 

LICENSE.md

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2012 - 2015 Monstra Content Management
+Copyright (c) 2012 - 2016 Monstra Content Management
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -5,7 +5,7 @@ Monstra is a modern and lightweight Content Management System.
 
 ## System Requirements
 Operation system: Unix, Linux, Windows, Mac OS   
-Middleware: PHP 5.3.0 or higher with PHP's [SimpleXML module](http://php.net/simplexml) and [Multibyte String module](http://php.net/mbstring)   
+Middleware: PHP 5.3.2 or higher with PHP's [SimpleXML module](http://php.net/simplexml) and [Multibyte String module](http://php.net/mbstring)   
 Webserver: Apache with [Mod Rewrite](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) or Ngnix with [Rewrite Module](http://wiki.nginx.org/HttpRewriteModule)   
 
 ## Steps to Install

admin/index.php

@@ -156,7 +156,7 @@
     if (Request::get('id')) {
         $area = Request::get('id');
     } else {
-        Request::redirect('index.php?id=dashboard');
+        Request::redirect(Site::url().'/admin/index.php?id=dashboard');
     }
 
     $plugins_registered = Plugin::$plugins;

admin/themes/default/css/default.css

@@ -14,11 +14,11 @@
 @font-face {
     font-family: 'Glyphicons Halflings';
 
+    src: url('@site_url/public/assets/fonts/glyphicons-halflings-regular.eot');
     src: url('@site_url/public/assets/fonts/glyphicons-halflings-regular.eot?#iefix') format('embedded-opentype'),
     url('@site_url/public/assets/fonts/glyphicons-halflings-regular.woff') format('woff'),
     url('@site_url/public/assets/fonts/glyphicons-halflings-regular.ttf') format('truetype'),
     url('@site_url/public/assets/fonts/glyphicons-halflings-regular.svg#glyphicons-halflingsregular') format('svg');
-    src: url('@site_url/public/assets/fonts/glyphicons-halflings-regular.eot');
 }
 
 body {
@@ -88,6 +88,10 @@ footer span {
     border-top: 1px solid #e0e0e0;
 }
 
+footer .highlight {
+    color: #333;
+}
+
 /*************************************
     2. COMPONENTS
 *************************************/

admin/themes/default/index.template.php

@@ -2,12 +2,12 @@
 <html lang="en">
 <head>
     <meta charset="utf-8">
-    
+
     <meta http-equiv="x-dns-prefetch-control" content="on">
     <link rel="dns-prefetch" href="<?php echo Site::url(); ?>" />
     <link rel="dns-prefetch" href="//www.google-analytics.com" />
     <link rel="dns-prefetch" href="//www.gravatar.com" />
-    
+
     <title>Monstra :: <?php echo __('Administration', 'system'); ?></title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <meta name="description" content="Monstra Admin Area" />
@@ -27,8 +27,8 @@
     <!-- JavaScripts -->
     <script src="<?php echo Site::url(); ?>/public/assets/js/jquery.min.js"></script>
     <script src="<?php echo Site::url(); ?>/public/assets/js/bootstrap.min.js"></script>
-    <script src="<?php echo Site::url(); ?>/public/assets/js/messenger.min.js"></script>    
-    <script src="<?php echo Site::url(); ?>/public/assets/js/icheck.min.js"></script>    
+    <script src="<?php echo Site::url(); ?>/public/assets/js/messenger.min.js"></script>
+    <script src="<?php echo Site::url(); ?>/public/assets/js/icheck.min.js"></script>
     <?php Javascript::add('public/assets/js/jquery.chocolat.js', 'backend', 3); ?>
     <?php Javascript::add('public/assets/js/bootstrap-fileupload.js', 'backend', 4); ?>
     <?php Javascript::add('admin/themes/default/js/default.js', 'backend', 5); ?>
@@ -41,9 +41,9 @@
 
           $('.chocolat').Chocolat({
               overlayColor          : '#000',
-              leftImg               : "<?php echo Option::get('siteurl'); ?>/public/assets/img/chocolat/left.gif",  
-              rightImg              : "<?php echo Option::get('siteurl'); ?>/public/assets/img/chocolat/right.gif", 
-              closeImg              : "<?php echo Option::get('siteurl'); ?>/public/assets/img/chocolat/close.gif",   
+              leftImg               : "<?php echo Option::get('siteurl'); ?>/public/assets/img/chocolat/left.gif",
+              rightImg              : "<?php echo Option::get('siteurl'); ?>/public/assets/img/chocolat/right.gif",
+              closeImg              : "<?php echo Option::get('siteurl'); ?>/public/assets/img/chocolat/close.gif",
               loadingImg            : "<?php echo Option::get('siteurl'); ?>/public/assets/img/chocolat/loading.gif"
           });
 
@@ -53,7 +53,7 @@
               increaseArea: '20%'
           });
 
-        });      
+        });
     </script>
 
     <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
@@ -65,7 +65,7 @@
 
   <body class="page-<?php echo Request::get('id'); ?>">
 
-    <nav class="navbar navbar-default navbar-inverse" role="navigation">      
+    <nav class="navbar navbar-default navbar-inverse" role="navigation">
       <div class="container">
           <div class="navbar-header">
             <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
@@ -77,57 +77,57 @@
             <a class="navbar-brand" href="<?php echo Site::url(); ?>/admin/index.php?id=dashboard">MONSTRA</a>
           </div>
 
-          <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">      
-            <ul class="nav navbar-nav">          
-              <li<?php if (Request::get('id') == 'dashboard') { ?> class="active"<?php } ?>><a href="<?php echo Site::url(); ?>/admin/index.php?id=dashboard"><?php echo __('Dashboard', 'dashboard'); ?></a></li>              
+          <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
+            <ul class="nav navbar-nav">
+              <li<?php if (Request::get('id') == 'dashboard') { ?> class="active"<?php } ?>><a href="<?php echo Site::url(); ?>/admin/index.php?id=dashboard"><?php echo __('Dashboard', 'dashboard'); ?></a></li>
               <li class="dropdown">
                 <a href="#" class="dropdown-toggle" data-toggle="dropdown"><?php echo __('Content', 'pages'); ?> <b class="caret"></b></a>
                 <ul class="dropdown-menu">
                     <?php Navigation::draw('content'); ?>
                 </ul>
               </li>
-              <?php if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin'))) { ?>               
+              <?php if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin'))) { ?>
               <li class="dropdown">
                 <a href="#" class="dropdown-toggle" data-toggle="dropdown"><?php echo __('Extends', 'system'); ?> <b class="caret"></b></a>
                 <ul class="dropdown-menu">
-                    <?php Navigation::draw('extends'); ?>                      
+                    <?php Navigation::draw('extends'); ?>
                 </ul>
               </li>
               <?php } ?>
               <li class="dropdown">
                 <a href="#" class="dropdown-toggle" data-toggle="dropdown"><?php echo __('System', 'system'); ?> <b class="caret"></b></a>
                 <ul class="dropdown-menu">
-                    <?php Navigation::draw('system'); ?>                       
+                    <?php Navigation::draw('system'); ?>
                 </ul>
               </li>
               <li class="dropdown">
                 <a href="#" class="dropdown-toggle" data-toggle="dropdown"><?php echo __('Help', 'system'); ?> <b class="caret"></b></a>
                 <ul class="dropdown-menu">
-                    <li><a href="http://monstra.org/documentation" target="_blank"><?php echo __('Documentation', 'system'); ?></a></li>              
+                    <li><a href="http://monstra.org/documentation" target="_blank"><?php echo __('Documentation', 'system'); ?></a></li>
                     <?php if (Option::get('language') == 'ru') { ?>
                     <li><a href="http://ru.forum.monstra.org" target="_blank"><?php echo __('Official Support Forum', 'system'); ?></a></li>
                     <?php } else { ?>
                     <li><a href="http://forum.monstra.org" target="_blank"><?php echo __('Official Support Forum', 'system'); ?></a></li>
                     <?php } ?>
                 </ul>
               </li>
-            </ul>        
+            </ul>
             <ul class="nav navbar-nav navbar-right">
               <li><a href="<?php echo Site::url(); ?>" target="_blank"><?php echo __('View Site', 'system'); ?></a></li>
               <li class="dropdown">
                 <a href="#" class="dropdown-toggle" data-toggle="dropdown"><?php echo Session::get('user_login'); ?> <img src="<?php echo Users::getGravatarURL(Session::get('user_email'), 28); ?>" alt=""> <b class="caret"></b></a>
                 <ul class="dropdown-menu">
                   <li><a href="<?php echo Site::url(); ?>/admin/index.php?id=users&action=edit&user_id=<?php echo Session::get('user_id'); ?>"><?php echo __('Profile', 'users')?></a></li>
-                  <li><a href="<?php echo Site::url(); ?>/admin/?logout=do"><?php echo __('Log Out', 'users'); ?></a></li>              
+                  <li><a href="<?php echo Site::url(); ?>/admin/?logout=do"><?php echo __('Log Out', 'users'); ?></a></li>
                 </ul>
               </li>
-            </ul>        
+            </ul>
           </div>
       </div>
     </nav>
 
     <div class="container">
-        
+
         <?php
             // Monstra Notifications
             Notification::get('success') AND Alert::success(Notification::get('success'));
@@ -156,13 +156,7 @@
       <footer class="container visible-md visible-lg">
           <p class="pull-right">
             <span>
-              <?php if (Option::get('language') == 'ru') { ?>
-              <a href="http://ru.forum.monstra.org" target="_blank"><?php echo __('Official Support Forum', 'system'); ?></a> /
-              <?php } else { ?>
-              <a href="http://forum.monstra.org" target="_blank"><?php echo __('Official Support Forum', 'system'); ?></a> /
-              <?php } ?>
-              <a href="http://monstra.org/documentation" target="_blank"><?php echo __('Documentation', 'system'); ?></a> /
-              © 2012 - 2014 <a href="http://monstra.org" target="_blank">Monstra</a> – <?php echo __('Version', 'system'); ?> <?php echo Monstra::VERSION; ?>
+              <a href="http://monstra.org" target="_blank">Monstra</a> was made by <a href="http://awilum.github.io" target="_blank" class="highlight">Sergey Romanenko</a> and is maintained by <a href="https://github.com/monstra-cms/monstra/network/members" target="_blank" class="highlight">Monstra Community</a> / © 2012 - 2016 <a href="http://monstra.org/about/license" target="_blank">Monstra</a> – <?php echo __('Version', 'system'); ?> <?php echo Monstra::VERSION; ?>
             </span>
           </p>
       </footer>

admin/themes/default/login.template.php

@@ -21,7 +21,7 @@
         <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
         <script src="<?php echo Site::url(); ?>/public/assets/js/bootstrap.min.js"></script>
         <script src="<?php echo Site::url(); ?>/public/assets/js/messenger.min.js"></script>
-        <script src="<?php echo Site::url(); ?>/public/assets/js/messenger-theme-flat.js"></script>        
+        <script src="<?php echo Site::url(); ?>/public/assets/js/messenger-theme-flat.js"></script>
         <?php Javascript::add('public/assets/js/bootstrap-lightbox.js', 'backend', 3); ?>
         <?php Javascript::add('public/assets/js/bootstrap-fileupload.js', 'backend', 4); ?>
         <?php Javascript::add('admin/themes/default/js/default.js', 'backend', 5); ?>
@@ -92,7 +92,7 @@
                     <form method="post">
                         <div class="form-group">
                         <label><?php echo __('Username', 'users'); ?></label>
-                        <input name="login" class="form-control" type="text" value="<?php echo $user_login; ?>" />                        
+                        <input name="login" class="form-control" type="text" value="<?php echo $user_login; ?>" />
                         </div>
                         <?php if (Option::get('captcha_installed') == 'true') { ?>
                         <div class="form-group">
@@ -128,11 +128,8 @@
             </div>
 
             <div class="text-center">
-                <span>© 2012 - 2014 <a href="http://monstra.org" class="small-grey-text" target="_blank">Monstra</a> – <?php echo __('Version', 'system'); ?> <?php echo Monstra::VERSION; ?></span>
+                © 2012 - 2016 <a href="http://monstra.org/about/license" target="_blank">Monstra</a> – <?php echo __('Version', 'system'); ?> <?php echo Monstra::VERSION; ?>
             </div>
-
         </div>
-            
-
     </body>
 </html>

engine/Monstra.php

@@ -31,7 +31,7 @@ class Monstra
     /**
      * The version of Monstra
      */
-    const VERSION = '3.0.2';
+    const VERSION = '3.0.3';
 
 
     /**

engine/Plugin/I18n.php

@@ -33,6 +33,7 @@ class I18n
         'fi' => 'Suomi',
         'fr' => 'Français',
         'gl' => 'Galego',
+        'ka-ge' => 'Georgian',
         'hu' => 'Magyar',
         'it' => 'Italiano',
         'id' => 'Bahasa Indonesia',

engine/_init.php

@@ -1,10 +1,10 @@
 <?php defined('MONSTRA_ACCESS') or die('No direct script access.');
 
 /**
- *  Monstra requires PHP 5.3.0 or greater
+ *  Monstra requires PHP 5.3.2 or greater
  */
-if (version_compare(PHP_VERSION, "5.3.0", "<")) {
-    exit("Monstra requires PHP 5.3.0 or greater.");
+if (version_compare(PHP_VERSION, "5.3.2", "<")) {
+    exit("Monstra requires PHP 5.3.2 or greater.");
 }
 
 /**

install.php

@@ -277,7 +277,7 @@
 
 
     <?php
-        if (version_compare(PHP_VERSION, "5.2.3", "<")) {
+        if (version_compare(PHP_VERSION, "5.3.2", "<")) {
             $errors['php'] = 'error';
         } else {
             $errors['php'] = '';
@@ -524,8 +524,8 @@
             <ul class="list-unstyled">
             <?php
 
-                if (version_compare(PHP_VERSION, "5.2.0", "<")) {
-                    echo '<li class="error alert alert-danger">'.__('PHP 5.2 or greater is required', 'system').'</li>';
+                if (version_compare(PHP_VERSION, "5.3.2", "<")) {
+                    echo '<li class="error alert alert-danger">'.__('PHP 5.3.2 or greater is required', 'system').'</li>';
                 } else {
                     echo '<li class="ok alert alert-success">'.__('PHP Version', 'system').' '.PHP_VERSION.'</li>';
                 }
@@ -603,7 +603,7 @@
 
         <div class="install-block-footer login-footer">
             <div class="text-center">
-                <span>© 2012 - 2015 <a href="http://monstra.org" class="small-grey-text" target="_blank">Monstra</a> – <?php echo __('Version', 'system'); ?> <?php echo Monstra::VERSION; ?></span>
+                <span>© 2012 - 2016 <a href="http://monstra.org" class="small-grey-text" target="_blank">Monstra</a> – <?php echo __('Version', 'system'); ?> <?php echo Monstra::VERSION; ?></span>
             </div>
         </div>