From 8b2f7eb39fe182ff2e92f6ac5ad257bae72ddc5b Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Sun, 5 Jun 2016 18:50:41 +0300
Subject: [PATCH] Check for blank api secret

---
 app/Http/Middleware/ApiCheck.php        |  5 ++++-
 app/Http/routes.php                     |  4 ++--
 app/Models/Document.php                 |  5 +----
 resources/views/expenses/edit.blade.php |  4 ++--
 resources/views/invoices/edit.blade.php |  3 +--
 resources/views/master.blade.php        | 13 +++++++++++++
 6 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/app/Http/Middleware/ApiCheck.php b/app/Http/Middleware/ApiCheck.php
index 5200c3264a96..524b718cc44f 100644
--- a/app/Http/Middleware/ApiCheck.php
+++ b/app/Http/Middleware/ApiCheck.php
@@ -23,7 +23,10 @@ class ApiCheck {
     {
         $loggingIn = $request->is('api/v1/login') || $request->is('api/v1/register');
         $headers = Utils::getApiHeaders();
-        $hasApiSecret = hash_equals($request->api_secret ?: '', env(API_SECRET));
+
+        if ($secret = env(API_SECRET)) {
+            $hasApiSecret = hash_equals($request->api_secret ?: '', $secret);
+        }
 
         if ($loggingIn) {
             // check API secret
diff --git a/app/Http/routes.php b/app/Http/routes.php
index d215755ba940..d31991e577ad 100644
--- a/app/Http/routes.php
+++ b/app/Http/routes.php
@@ -322,8 +322,8 @@ Route::get('/testimonials', function() {
 Route::get('/compare-online-invoicing{sites?}', function() {
     return Redirect::to(NINJA_WEB_URL, 301);
 });
-Route::get('/forgot_password', function() {
-    return Redirect::to(NINJA_APP_URL.'/forgot', 301);
+Route::get('/forgot', function() {
+    return Redirect::to(NINJA_APP_URL.'/recover_password', 301);
 });
 
 
diff --git a/app/Models/Document.php b/app/Models/Document.php
index cc455fed0d79..589c2ccdccd6 100644
--- a/app/Models/Document.php
+++ b/app/Models/Document.php
@@ -18,7 +18,7 @@ class Document extends EntityModel
 
     public static $allowedMimes = array(// Used by Dropzone.js; does not affect what the server accepts
         'image/png', 'image/jpeg', 'image/tiff', 'application/pdf', 'image/gif', 'image/vnd.adobe.photoshop', 'text/plain',
-        'application/zip', 'application/msword',
+        'application/msword',
         'application/excel', 'application/vnd.ms-excel', 'application/x-excel', 'application/x-msexcel',
         'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
         'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet','application/postscript', 'image/svg+xml',
@@ -53,9 +53,6 @@ class Document extends EntityModel
         'txt' => array(
             'mime' => 'text/plain',
         ),
-        'zip' => array(
-            'mime' => 'application/zip',
-        ),
         'doc' => array(
             'mime' => 'application/msword',
         ),
diff --git a/resources/views/expenses/edit.blade.php b/resources/views/expenses/edit.blade.php
index 146005ebd1f5..f49a1c9097b3 100644
--- a/resources/views/expenses/edit.blade.php
+++ b/resources/views/expenses/edit.blade.php
@@ -371,7 +371,7 @@
         }
 
         window.countUploadingDocuments = 0;
-        @if (Auth::user()->account->hasFeature(FEATURE_DOCUMENTS))
+        
         function handleDocumentAdded(file){
             // open document when clicked
             if (file.url) {
@@ -412,7 +412,7 @@
         function handleDocumentError() {
             window.countUploadingDocuments--;
         }
-        @endif
+
     </script>
 
 @stop
diff --git a/resources/views/invoices/edit.blade.php b/resources/views/invoices/edit.blade.php
index 42aa40d27457..fcef2507ccc7 100644
--- a/resources/views/invoices/edit.blade.php
+++ b/resources/views/invoices/edit.blade.php
@@ -1463,7 +1463,7 @@
     }
 
     window.countUploadingDocuments = 0;
-    @if ($account->hasFeature(FEATURE_DOCUMENTS))
+    
     function handleDocumentAdded(file){
         // open document when clicked
         if (file.url) {
@@ -1508,7 +1508,6 @@
     function handleDocumentError() {
         window.countUploadingDocuments--;
     }
-    @endif
 
 	</script>
     @if ($account->hasFeature(FEATURE_DOCUMENTS) && $account->invoice_embed_documents)
diff --git a/resources/views/master.blade.php b/resources/views/master.blade.php
index 463be8be0eb7..c0f95e70323b 100644
--- a/resources/views/master.blade.php
+++ b/resources/views/master.blade.php
@@ -19,6 +19,15 @@
     <meta property="og:image" content="{{ SITE_URL }}/images/round_logo.png" />
     <meta property="og:description" content="Simple, Intuitive Invoicing." />
 
+    <!-- http://stackoverflow.com/questions/19012698/browser-cache-issues-in-laravel-4-application -->
+    <meta http-equiv="cache-control" content="max-age=0" />
+    <meta http-equiv="cache-control" content="no-cache" />
+    <meta http-equiv="cache-control" content="no-store" />
+    <meta http-equiv="cache-control" content="must-revalidate" />
+    <meta http-equiv="expires" content="0" />
+    <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
+    <meta http-equiv="pragma" content="no-cache" />
+
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <meta name="csrf-token" content="{{ csrf_token() }}">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
@@ -38,6 +47,10 @@
                 return;
             }
 
+            if (errorMsg.indexOf('No unicode cmap for font') > -1) {
+                alert("Please force refresh the page to update the font cache.\n\n - Windows: Ctrl + F5\n - Mac/Apple: Apple + R or Command + R\n - Linux: F5");
+            }
+
             try {
                 // Use StackTraceJS to parse the error context
                 if (error) {