Merge remote-tracking branch 'origin/6.2.1' into 7.1.4
Conflicts: src/Umbraco.Core/Models/DeepCloneHelper.cs src/Umbraco.Core/Models/PreValue.cs src/Umbraco.Core/Models/PreValueCollection.cs src/Umbraco.Tests/Persistence/Repositories/TemplateRepositoryTest.cs src/Umbraco.Web/umbraco.presentation/umbraco/editContent.aspx.cs
This commit is contained in:
Shannon
@@ -1,5 +1,7 @@
|
||||
using System.Data;
|
||||
using System.Linq;
|
||||
using Umbraco.Core.Configuration;
|
||||
using Umbraco.Core.Persistence.SqlSyntax;
|
||||
|
||||
namespace Umbraco.Core.Persistence.Migrations.Upgrades.TargetVersionFourNineZero
|
||||
{
|
||||
@@ -18,9 +20,18 @@ namespace Umbraco.Core.Persistence.Migrations.Upgrades.TargetVersionFourNineZero
|
||||
}
|
||||
else
|
||||
{
|
||||
//These are the old aliases
|
||||
Delete.ForeignKey("FK_umbracoUser2app_umbracoApp").OnTable("umbracoUser2app");
|
||||
Delete.ForeignKey("FK_umbracoUser2app_umbracoUser").OnTable("umbracoUser2app");
|
||||
//These are the old aliases, before removing them, check they exist
|
||||
var constraints = SqlSyntaxContext.SqlSyntaxProvider.GetConstraintsPerColumn(Context.Database).Distinct().ToArray();
|
||||
|
||||
if (constraints.Any(x => x.Item1.InvariantEquals("umbracoUser2app") && x.Item3.InvariantEquals("FK_umbracoUser2app_umbracoApp")))
|
||||
{
|
||||
Delete.ForeignKey("FK_umbracoUser2app_umbracoApp").OnTable("umbracoUser2app");
|
||||
}
|
||||
if (constraints.Any(x => x.Item1.InvariantEquals("umbracoUser2app") && x.Item3.InvariantEquals("FK_umbracoUser2app_umbracoUser")))
|
||||
{
|
||||
Delete.ForeignKey("FK_umbracoUser2app_umbracoUser").OnTable("umbracoUser2app");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -179,6 +179,7 @@ Umbraco.Sys.registerNamespace("Umbraco.Controls");
|
||||
instructions +
|
||||
"<form action=\"" + self._opts.umbracoPath + "/webservices/MediaUploader.ashx?format=json&action=upload&parentNodeId=" + this._parentId + "\" method=\"post\" enctype=\"multipart/form-data\">" +
|
||||
"<input id='fileupload' type='file' name='file' multiple>" +
|
||||
"<input type='hidden' name='__reqver' value='" + self._opts.reqver + "' />" +
|
||||
"<input type='hidden' name='name' />" +
|
||||
"<input type='hidden' name='replaceExisting' />" +
|
||||
"</form>" +
|
||||
|
||||
@@ -4,6 +4,7 @@ using System.Text;
|
||||
using System.Web.UI;
|
||||
using System.Web.UI.WebControls;
|
||||
using ClientDependency.Core;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Web.UI.Bundles;
|
||||
using umbraco.BasePages;
|
||||
using Umbraco.Core.IO;
|
||||
@@ -138,10 +139,11 @@ namespace Umbraco.Web.UI.Controls
|
||||
|
||||
Page.ClientScript.RegisterStartupScript(typeof(FolderBrowser),
|
||||
"RegisterFolderBrowsers",
|
||||
string.Format("$(function () {{ $(\".umbFolderBrowser\").folderBrowser({{ umbracoPath : '{0}', basePath : '{1}' }}); " +
|
||||
string.Format("$(function () {{ $(\".umbFolderBrowser\").folderBrowser({{ umbracoPath : '{0}', basePath : '{1}', reqver : '{2}' }}); " +
|
||||
"$(\".umbFolderBrowser #filterTerm\").keypress(function(event) {{ return event.keyCode != 13; }});}});",
|
||||
IOHelper.ResolveUrl(SystemDirectories.Umbraco),
|
||||
IOHelper.ResolveUrl(SystemDirectories.Base)),
|
||||
IOHelper.ResolveUrl(SystemDirectories.Base),
|
||||
UmbracoEnsuredPage.umbracoUserContextID.EncryptWithMachineKey() ),
|
||||
true);
|
||||
}
|
||||
|
||||
|
||||
@@ -87,7 +87,7 @@ namespace Umbraco.Web.WebServices
|
||||
case PublishStatusType.FailedHasExpired:
|
||||
case PublishStatusType.FailedAwaitingRelease:
|
||||
case PublishStatusType.FailedIsTrashed:
|
||||
return ""; //we will not notify about this type of failure... or should we ?
|
||||
return "Cannot publish document with a status of " + status.StatusType;
|
||||
case PublishStatusType.FailedCancelledByEvent:
|
||||
return ui.Text("publish", "contentPublishedFailedByEvent",
|
||||
string.Format("{0} ({1})", status.ContentItem.Name, status.ContentItem.Id), UmbracoUser);
|
||||
|
||||
@@ -70,6 +70,7 @@ namespace umbraco.presentation.actions
|
||||
case PublishStatusType.FailedHasExpired:
|
||||
case PublishStatusType.FailedAwaitingRelease:
|
||||
case PublishStatusType.FailedIsTrashed:
|
||||
return "Cannot publish document with a status of " + status.StatusType;
|
||||
case PublishStatusType.FailedContentInvalid:
|
||||
return ui.Text("publish", "contentPublishedFailedInvalid",
|
||||
new[]
|
||||
|
||||
@@ -258,10 +258,32 @@ namespace umbraco.presentation.umbraco.webservices
|
||||
else
|
||||
{
|
||||
var usr = User.GetCurrent();
|
||||
|
||||
if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID) && usr != null)
|
||||
{
|
||||
isValid = true;
|
||||
AuthenticatedUser = usr;
|
||||
//The user is valid based on their cookies, but is the request valid? We need to validate
|
||||
// against CSRF here. We'll do this by ensuring that the request contains a token which will
|
||||
// be equal to the decrypted version of the current user's user context id.
|
||||
var token = context.Request["__reqver"];
|
||||
if (token.IsNullOrWhiteSpace() == false)
|
||||
{
|
||||
//try decrypting it
|
||||
try
|
||||
{
|
||||
var decrypted = token.DecryptWithMachineKey();
|
||||
//now check if it matches
|
||||
if (decrypted == BasePage.umbracoUserContextID)
|
||||
{
|
||||
isValid = true;
|
||||
AuthenticatedUser = usr;
|
||||
}
|
||||
}
|
||||
catch
|
||||
{
|
||||
//couldn't decrypt, so it's invalid
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user