From 89481b5fa1c7943202996c16e0e770ec62297b5e Mon Sep 17 00:00:00 2001 From: Nabeel S Date: Tue, 3 Mar 2020 10:20:13 -0500 Subject: [PATCH] HTTP/HTTPS mixed content errors #612 (#613) * Configure TrustProxies middleware * Add trusted proxies to deps * Replace jquery request with axios request code * Trust current user IP for forwarded headers * Update dependencies * Downgrade self-updater package for PHP 7.2 --- .travis/deploy_script.sh | 9 +- app/Http/Kernel.php | 2 + app/Http/Middleware/TrustProxies.php | 40 +++++ app/Models/FlightField.php | 1 + composer.json | 7 +- composer.lock | 141 ++++++++++++------ config/app.php | 2 +- .../Importer/Resources/views/app.blade.php | 18 ++- .../Resources/views/step1-configure.blade.php | 27 ++-- .../Installer/Resources/views/app.blade.php | 35 ++--- .../views/install/steps/step2-db.blade.php | 24 +-- .../views/update/index-start.blade.php | 12 -- .../update/steps/step1-no-update.blade.php | 13 -- .../steps/step1-update-available.blade.php | 12 -- .../steps/step2-migrations-done.blade.php | 18 --- .../steps/step3-update-complete.blade.php | 13 -- modules/Updater/Resources/views/app.blade.php | 6 +- public/assets/admin/js/app.js | 2 +- public/assets/admin/js/app.js.map | 2 +- public/assets/frontend/js/app.js | 2 +- public/assets/frontend/js/app.js.map | 2 +- public/assets/installer/js/app.js | 2 +- public/assets/installer/js/app.js.map | 2 +- public/mix-manifest.json | 12 +- resources/js/request.js | 2 + yarn.lock | 4 - 26 files changed, 219 insertions(+), 191 deletions(-) create mode 100644 app/Http/Middleware/TrustProxies.php delete mode 100644 modules/Installer/Resources/views/update/index-start.blade.php delete mode 100644 modules/Installer/Resources/views/update/steps/step1-no-update.blade.php delete mode 100644 modules/Installer/Resources/views/update/steps/step1-update-available.blade.php delete mode 100644 modules/Installer/Resources/views/update/steps/step2-migrations-done.blade.php delete mode 100644 modules/Installer/Resources/views/update/steps/step3-update-complete.blade.php diff --git a/.travis/deploy_script.sh b/.travis/deploy_script.sh index 4513b463d..96fb20b20 100755 --- a/.travis/deploy_script.sh +++ b/.travis/deploy_script.sh @@ -140,4 +140,11 @@ else artifacts upload --target-paths "/" ${TRAVIS_BRANCH}_version fi -curl -X POST --data "{\"content\": \"A new build is available at http://downloads.phpvms.net/$TAR_NAME (${FULL_VERSION})\"}" -H "Content-Type: application/json" $DISCORD_WEBHOOK_URL +#if [ "$TRAVIS_BRANCH" != "master" ] && [ "$TRAVIS_BRANCH" != "dev" ]; then +# echo "Skipping Discord branch update broadcast" +#else + curl -X POST \ + --data "{\"content\": \"A new build is available at http://downloads.phpvms.net/$TAR_NAME (${FULL_VERSION})\"}" \ + -H "Content-Type: application/json" \ + $DISCORD_WEBHOOK_URL +#fi diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 4fc5cadb9..d67df2a73 100755 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -7,6 +7,7 @@ use App\Http\Middleware\InstalledCheck; use App\Http\Middleware\JsonResponse; use App\Http\Middleware\RedirectIfAuthenticated; +use App\Http\Middleware\TrustProxies; use App\Http\Middleware\UpdatePending; use Illuminate\Auth\Middleware\Authenticate; use Illuminate\Auth\Middleware\Authorize; @@ -23,6 +24,7 @@ class Kernel extends HttpKernel { protected $middleware = [ + TrustProxies::class, CheckForMaintenanceMode::class, TrimStrings::class, ConvertEmptyStringsToNull::class, diff --git a/app/Http/Middleware/TrustProxies.php b/app/Http/Middleware/TrustProxies.php new file mode 100644 index 000000000..c38a6c353 --- /dev/null +++ b/app/Http/Middleware/TrustProxies.php @@ -0,0 +1,40 @@ +setTrustedProxies([$request->getClientIp()], $this->getTrustedHeaderNames()); + $this->setTrustedProxyIpAddresses($request); + + return $next($request); + } +} diff --git a/app/Models/FlightField.php b/app/Models/FlightField.php index f337fbb56..40dad611a 100644 --- a/app/Models/FlightField.php +++ b/app/Models/FlightField.php @@ -9,6 +9,7 @@ * * @property string name * @property string slug + * @property bool required */ class FlightField extends Model { diff --git a/composer.json b/composer.json index 046b0689c..d899373f3 100755 --- a/composer.json +++ b/composer.json @@ -21,10 +21,11 @@ "anhskohbo/no-captcha": "^3.0", "appstract/laravel-opcache": "^2.0", "arrilot/laravel-widgets": "~3.13.0", - "codedge/laravel-selfupdater": "^2.5", + "codedge/laravel-selfupdater": "~2.5.1", "doctrine/dbal": "~2.9.2", "elcobvg/laravel-opcache": "~0.4", "facade/ignition": "^1.6", + "fideloper/proxy": "^4.3", "guzzlehttp/guzzle": "~6.3.3", "hashids/hashids": "^2.0.0", "igaster/laravel-theme": "^2.0", @@ -43,6 +44,7 @@ "nabeel/vacentral": "~2.0", "nwidart/laravel-modules": "^6.0", "php-units-of-measure/php-units-of-measure": "~2.1.0", + "phpvms/sample-module": "^1.0", "pragmarx/version": "0.2.*", "prettus/l5-repository": "~2.6.0", "santigarcor/laratrust": "~5.2.0", @@ -54,8 +56,7 @@ "theiconic/php-ga-measurement-protocol": "2.7.*", "tivie/php-os-detector": "~1.1.0", "webpatser/laravel-uuid": "~3.0", - "oomphinc/composer-installers-extender": "^1.1", - "phpvms/sample-module": "^1.0" + "oomphinc/composer-installers-extender": "^1.1" }, "require-dev": { "barryvdh/laravel-debugbar": "^3.0", diff --git a/composer.lock b/composer.lock index 18be82996..4d745451b 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "3ecbeb1fd297e2827adb61806383aa5b", + "content-hash": "add2551f0dcadfb273fa70e8264c7ce5", "packages": [ { "name": "akaunting/money", @@ -558,16 +558,16 @@ }, { "name": "codedge/laravel-selfupdater", - "version": "2.5.1", + "version": "2.5.2", "source": { "type": "git", "url": "https://github.com/codedge/laravel-selfupdater.git", - "reference": "6f8c2be280bff00dc8a6c2ef01d4836ad1cae4ed" + "reference": "0d7d4eb7ea9e9ab42177df560d0b2e06296a84bd" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/codedge/laravel-selfupdater/zipball/6f8c2be280bff00dc8a6c2ef01d4836ad1cae4ed", - "reference": "6f8c2be280bff00dc8a6c2ef01d4836ad1cae4ed", + "url": "https://api.github.com/repos/codedge/laravel-selfupdater/zipball/0d7d4eb7ea9e9ab42177df560d0b2e06296a84bd", + "reference": "0d7d4eb7ea9e9ab42177df560d0b2e06296a84bd", "shasum": "" }, "require": { @@ -622,7 +622,7 @@ "self-update", "update" ], - "time": "2020-02-10T12:01:41+00:00" + "time": "2020-03-02T22:07:04+00:00" }, { "name": "composer/ca-bundle", @@ -1007,16 +1007,16 @@ }, { "name": "composer/xdebug-handler", - "version": "1.4.0", + "version": "1.4.1", "source": { "type": "git", "url": "https://github.com/composer/xdebug-handler.git", - "reference": "cbe23383749496fe0f373345208b79568e4bc248" + "reference": "1ab9842d69e64fb3a01be6b656501032d1b78cb7" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/xdebug-handler/zipball/cbe23383749496fe0f373345208b79568e4bc248", - "reference": "cbe23383749496fe0f373345208b79568e4bc248", + "url": "https://api.github.com/repos/composer/xdebug-handler/zipball/1ab9842d69e64fb3a01be6b656501032d1b78cb7", + "reference": "1ab9842d69e64fb3a01be6b656501032d1b78cb7", "shasum": "" }, "require": { @@ -1047,7 +1047,7 @@ "Xdebug", "performance" ], - "time": "2019-11-06T16:40:04+00:00" + "time": "2020-03-01T12:26:26+00:00" }, { "name": "doctrine/cache", @@ -1589,23 +1589,23 @@ }, { "name": "facade/flare-client-php", - "version": "1.3.1", + "version": "1.3.2", "source": { "type": "git", "url": "https://github.com/facade/flare-client-php.git", - "reference": "24444ea0e1556f0a4b5fc8e61802caf72ae9a408" + "reference": "db1e03426e7f9472c9ecd1092aff00f56aa6c004" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/facade/flare-client-php/zipball/24444ea0e1556f0a4b5fc8e61802caf72ae9a408", - "reference": "24444ea0e1556f0a4b5fc8e61802caf72ae9a408", + "url": "https://api.github.com/repos/facade/flare-client-php/zipball/db1e03426e7f9472c9ecd1092aff00f56aa6c004", + "reference": "db1e03426e7f9472c9ecd1092aff00f56aa6c004", "shasum": "" }, "require": { "facade/ignition-contracts": "~1.0", - "illuminate/pipeline": "~5.5|~5.6|~5.7|~5.8|^6.0", + "illuminate/pipeline": "^5.5|^6.0|^7.0", "php": "^7.1", - "symfony/http-foundation": "~3.3|~4.1", + "symfony/http-foundation": "^3.3|^4.1|^5.0", "symfony/var-dumper": "^3.4|^4.0|^5.0" }, "require-dev": { @@ -1639,7 +1639,7 @@ "flare", "reporting" ], - "time": "2019-12-15T18:28:38+00:00" + "time": "2020-03-02T15:52:04+00:00" }, { "name": "facade/ignition", @@ -1756,6 +1756,60 @@ ], "time": "2019-08-30T14:06:08+00:00" }, + { + "name": "fideloper/proxy", + "version": "4.3.0", + "source": { + "type": "git", + "url": "https://github.com/fideloper/TrustedProxy.git", + "reference": "ec38ad69ee378a1eec04fb0e417a97cfaf7ed11a" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/fideloper/TrustedProxy/zipball/ec38ad69ee378a1eec04fb0e417a97cfaf7ed11a", + "reference": "ec38ad69ee378a1eec04fb0e417a97cfaf7ed11a", + "shasum": "" + }, + "require": { + "illuminate/contracts": "^5.0|^6.0|^7.0|^8.0", + "php": ">=5.4.0" + }, + "require-dev": { + "illuminate/http": "^5.0|^6.0|^7.0|^8.0", + "mockery/mockery": "^1.0", + "phpunit/phpunit": "^6.0" + }, + "type": "library", + "extra": { + "laravel": { + "providers": [ + "Fideloper\\Proxy\\TrustedProxyServiceProvider" + ] + } + }, + "autoload": { + "psr-4": { + "Fideloper\\Proxy\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Chris Fidao", + "email": "fideloper@gmail.com" + } + ], + "description": "Set trusted proxies for Laravel", + "keywords": [ + "load balancing", + "proxy", + "trusted proxy" + ], + "time": "2020-02-22T01:51:47+00:00" + }, { "name": "filp/whoops", "version": "2.7.1", @@ -3377,16 +3431,16 @@ }, { "name": "nesbot/carbon", - "version": "2.30.0", + "version": "2.31.0", "source": { "type": "git", "url": "https://github.com/briannesbitt/Carbon.git", - "reference": "912dff66d2690ca66abddb9b291a1df5f371d3b4" + "reference": "bbc0ab53f41a4c6f223c18efcdbd9bc725eb5d2d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/912dff66d2690ca66abddb9b291a1df5f371d3b4", - "reference": "912dff66d2690ca66abddb9b291a1df5f371d3b4", + "url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/bbc0ab53f41a4c6f223c18efcdbd9bc725eb5d2d", + "reference": "bbc0ab53f41a4c6f223c18efcdbd9bc725eb5d2d", "shasum": "" }, "require": { @@ -3443,7 +3497,7 @@ "datetime", "time" ], - "time": "2020-02-07T15:25:46+00:00" + "time": "2020-03-01T11:11:58+00:00" }, { "name": "nikic/php-parser", @@ -4673,16 +4727,16 @@ }, { "name": "scrivo/highlight.php", - "version": "v9.18.1.0", + "version": "v9.18.1.1", "source": { "type": "git", "url": "https://github.com/scrivo/highlight.php.git", - "reference": "a57c858cb753f543965a1e17af386a648012ed8f" + "reference": "52fc21c99fd888e33aed4879e55a3646f8d40558" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/scrivo/highlight.php/zipball/a57c858cb753f543965a1e17af386a648012ed8f", - "reference": "a57c858cb753f543965a1e17af386a648012ed8f", + "url": "https://api.github.com/repos/scrivo/highlight.php/zipball/52fc21c99fd888e33aed4879e55a3646f8d40558", + "reference": "52fc21c99fd888e33aed4879e55a3646f8d40558", "shasum": "" }, "require": { @@ -4692,6 +4746,7 @@ }, "require-dev": { "phpunit/phpunit": "^4.8|^5.7", + "sabberworm/php-css-parser": "^8.3", "symfony/finder": "^2.8|^3.4", "symfony/var-dumper": "^2.8|^3.4" }, @@ -4737,7 +4792,7 @@ "highlight.php", "syntax" ], - "time": "2020-02-03T02:19:36+00:00" + "time": "2020-03-02T05:59:21+00:00" }, { "name": "sebastiaanluca/laravel-helpers", @@ -4999,37 +5054,37 @@ }, { "name": "spatie/laravel-backup", - "version": "6.7.8", + "version": "6.8.0", "source": { "type": "git", "url": "https://github.com/spatie/laravel-backup.git", - "reference": "48f9310a2396db79d396dd63e20f657e8b11ce4e" + "reference": "b2cf3f9f35613a20a39e1c35803b77858b455382" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/spatie/laravel-backup/zipball/48f9310a2396db79d396dd63e20f657e8b11ce4e", - "reference": "48f9310a2396db79d396dd63e20f657e8b11ce4e", + "url": "https://api.github.com/repos/spatie/laravel-backup/zipball/b2cf3f9f35613a20a39e1c35803b77858b455382", + "reference": "b2cf3f9f35613a20a39e1c35803b77858b455382", "shasum": "" }, "require": { - "illuminate/console": "^5.8.15|^6.0", - "illuminate/contracts": "^5.8.15|^6.0", - "illuminate/events": "^5.8.15|^6.0", - "illuminate/filesystem": "^5.8.15|^6.0", - "illuminate/notifications": "^5.8.15|^6.0", - "illuminate/support": "^5.8.15|^6.0", + "illuminate/console": "^5.8.15|^6.0|^7.0", + "illuminate/contracts": "^5.8.15|^6.0|^7.0", + "illuminate/events": "^5.8.15|^6.0|^7.0", + "illuminate/filesystem": "^5.8.15|^6.0|^7.0", + "illuminate/notifications": "^5.8.15|^6.0|^7.0", + "illuminate/support": "^5.8.15|^6.0|^7.0", "league/flysystem": "^1.0.49", "php": "^7.2", "spatie/db-dumper": "^2.12", "spatie/temporary-directory": "^1.1", - "symfony/finder": "^4.2" + "symfony/finder": "^4.2|^5.0" }, "require-dev": { "laravel/slack-notification-channel": "^1.0", "league/flysystem-aws-s3-v3": "^1.0", - "mockery/mockery": "^1.0", - "orchestra/testbench": "3.8.*|4.*", - "phpunit/phpunit": "^8.4" + "mockery/mockery": "^1.3", + "orchestra/testbench": "3.8.*|4.*|5.*", + "phpunit/phpunit": "^8.4|^9.0" }, "suggest": { "laravel/slack-notification-channel": "Required for sending notifications via Slack" @@ -5070,7 +5125,7 @@ "laravel-backup", "spatie" ], - "time": "2020-02-19T16:54:03+00:00" + "time": "2020-03-02T21:43:50+00:00" }, { "name": "spatie/temporary-directory", diff --git a/config/app.php b/config/app.php index 7e75aea4f..505af2b4b 100755 --- a/config/app.php +++ b/config/app.php @@ -11,7 +11,7 @@ 'name' => env('APP_NAME', 'phpvms'), 'env' => env('APP_ENV', 'dev'), 'debug' => env('APP_DEBUG', true), - 'url' => env('APP_URL', 'http://localhost'), + 'url' => env('APP_URL', ''), 'version' => '7.0.0', 'debug_toolbar' => false, diff --git a/modules/Importer/Resources/views/app.blade.php b/modules/Importer/Resources/views/app.blade.php index e89bdbc76..cd52b1331 100644 --- a/modules/Importer/Resources/views/app.blade.php +++ b/modules/Importer/Resources/views/app.blade.php @@ -42,14 +42,17 @@
- +
+
+ +
+
+

@yield('title')

+
+