Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-07 19:04:41 -04:00
Code Issues Packages Projects Releases Wiki Activity

Check for blank api secret

Browse Source
This commit is contained in:
Hillel Coren 2016-06-05 18:50:41 +03:00
parent 0c16d89540
commit 8b2f7eb39f
6 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Http/Middleware/ApiCheck.php
View File

@ -23,7 +23,10 @@ class ApiCheck {
{ {
$loggingIn = $request->is('api/v1/login') || $request->is('api/v1/register'); $loggingIn = $request->is('api/v1/login') || $request->is('api/v1/register');
$headers = Utils::getApiHeaders(); $headers = Utils::getApiHeaders();
$hasApiSecret = hash_equals($request->api_secret ?: '', env(API_SECRET));
if ($secret = env(API_SECRET)) {
$hasApiSecret = hash_equals($request->api_secret ?: '', $secret);
}
if ($loggingIn) { if ($loggingIn) {
// check API secret // check API secret

4
app/Http/routes.php
View File

@ -322,8 +322,8 @@ Route::get('/testimonials', function() {
Route::get('/compare-online-invoicing{sites?}', function() { Route::get('/compare-online-invoicing{sites?}', function() {
return Redirect::to(NINJA_WEB_URL, 301); return Redirect::to(NINJA_WEB_URL, 301);
}); });
Route::get('/forgot_password', function() { Route::get('/forgot', function() {
return Redirect::to(NINJA_APP_URL.'/forgot', 301); return Redirect::to(NINJA_APP_URL.'/recover_password', 301);
}); });

5
app/Models/Document.php
View File

@ -18,7 +18,7 @@ class Document extends EntityModel
public static $allowedMimes = array(// Used by Dropzone.js; does not affect what the server accepts public static $allowedMimes = array(// Used by Dropzone.js; does not affect what the server accepts
'image/png', 'image/jpeg', 'image/tiff', 'application/pdf', 'image/gif', 'image/vnd.adobe.photoshop', 'text/plain', 'image/png', 'image/jpeg', 'image/tiff', 'application/pdf', 'image/gif', 'image/vnd.adobe.photoshop', 'text/plain',
'application/zip', 'application/msword', 'application/msword',
'application/excel', 'application/vnd.ms-excel', 'application/x-excel', 'application/x-msexcel', 'application/excel', 'application/vnd.ms-excel', 'application/x-excel', 'application/x-msexcel',
'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet','application/postscript', 'image/svg+xml', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet','application/postscript', 'image/svg+xml',
@ -53,9 +53,6 @@ class Document extends EntityModel
'txt' => array( 'txt' => array(
'mime' => 'text/plain', 'mime' => 'text/plain',
), ),
'zip' => array(
'mime' => 'application/zip',
),
'doc' => array( 'doc' => array(
'mime' => 'application/msword', 'mime' => 'application/msword',
), ),

4
resources/views/expenses/edit.blade.php
View File

@ -371,7 +371,7 @@
} }
window.countUploadingDocuments = 0; window.countUploadingDocuments = 0;
@if (Auth::user()->account->hasFeature(FEATURE_DOCUMENTS))
function handleDocumentAdded(file){ function handleDocumentAdded(file){
// open document when clicked // open document when clicked
if (file.url) { if (file.url) {
@ -412,7 +412,7 @@
function handleDocumentError() { function handleDocumentError() {
window.countUploadingDocuments--; window.countUploadingDocuments--;
} }
@endif
</script> </script>
@stop @stop

3
resources/views/invoices/edit.blade.php
View File

@ -1463,7 +1463,7 @@
} }
window.countUploadingDocuments = 0; window.countUploadingDocuments = 0;
@if ($account->hasFeature(FEATURE_DOCUMENTS))
function handleDocumentAdded(file){ function handleDocumentAdded(file){
// open document when clicked // open document when clicked
if (file.url) { if (file.url) {
@ -1508,7 +1508,6 @@
function handleDocumentError() { function handleDocumentError() {
window.countUploadingDocuments--; window.countUploadingDocuments--;
} }
@endif
</script> </script>
@if ($account->hasFeature(FEATURE_DOCUMENTS) && $account->invoice_embed_documents) @if ($account->hasFeature(FEATURE_DOCUMENTS) && $account->invoice_embed_documents)

13
resources/views/master.blade.php
View File

@ -19,6 +19,15 @@
<meta property="og:image" content="{{ SITE_URL }}/images/round_logo.png" /> <meta property="og:image" content="{{ SITE_URL }}/images/round_logo.png" />
<meta property="og:description" content="Simple, Intuitive Invoicing." /> <meta property="og:description" content="Simple, Intuitive Invoicing." />
<!-- http://stackoverflow.com/questions/19012698/browser-cache-issues-in-laravel-4-application -->
<meta http-equiv="cache-control" content="max-age=0" />
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="cache-control" content="no-store" />
<meta http-equiv="cache-control" content="must-revalidate" />
<meta http-equiv="expires" content="0" />
<meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
<meta http-equiv="pragma" content="no-cache" />
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="csrf-token" content="{{ csrf_token() }}"> <meta name="csrf-token" content="{{ csrf_token() }}">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
@ -38,6 +47,10 @@
return; return;
} }
if (errorMsg.indexOf('No unicode cmap for font') > -1) {
alert("Please force refresh the page to update the font cache.\n\n - Windows: Ctrl + F5\n - Mac/Apple: Apple + R or Command + R\n - Linux: F5");
}
try { try {
// Use StackTraceJS to parse the error context // Use StackTraceJS to parse the error context
if (error) { if (error) {