Skip to content

Commit

Permalink
v6.00.39-dev-pre-rev-24 (#167)
Browse files Browse the repository at this point in the history
* TODO

TODO

* refactoring

refactoring

* changelog

changelog

* TODO

TODO

* fixes, notes, revised resources page

fixes, notes, revised resources page
  • Loading branch information
taoteh1221 authored Sep 11, 2024
1 parent cadbc26 commit 0e5db28
Show file tree
Hide file tree
Showing 21 changed files with 117 additions and 110 deletions.
18 changes: 6 additions & 12 deletions DOCUMENTATION-ETC/TODO.txt
Original file line number Diff line number Diff line change
Expand Up @@ -195,12 +195,6 @@ P̵̫̊h̴̪̑ì̶̯s̵̫̀h̸̠̆i̶̔͜n̸̞͒g̶̳̏ ̸̺͐a̴͎̓n̷̜̕d̴
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Test LINUX Desktop Edition FIRST, as Windows 11 forced updates have been borking up dual boot / bitlocker setups a ton the past few months (lol)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~DO AN APP RELEASE AT THIS POINT IN THIS LIST~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Do a bitcoin opentimestamp of the v6.00.39 release.


Expand Down Expand Up @@ -234,9 +228,6 @@ Start looking at which exchange APIs have a 'search' API endpoint (for exchanges
Add a "search for" feature, in the app logs interface. Should only show logs that match the search query when used.


Add a new mode for the asset perfomance chart (on the 'more stats' modal page), which is a drop-down menu option, that switches from showing comparisons between assets, over to showing ONLY ASSETS A USER HOLDS, AND INCLUDES A "TOTAL PORTFOLIO VALUE" CHART LINE TOO (showing perecent increase / decrease in TOTAL PORTFOLIO VALUE).


Create CONFIG backups, using same logic we use for chart backups, EXCEPT WE USE $ct['conf']['sec']['backup_archive_password'] TO EXCRYPT THE ZIP FILE (for security of any sensitive config data).


Expand All @@ -246,6 +237,12 @@ On the backup / restore admin page, have all the backups (charts / configs) list
Add admin settings feature to restore CONFIG backups, AND CHART DATA backups, from the zip archive backups (with admin authentication ONLY).


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~DO AN APP RELEASE AT THIS POINT IN THIS LIST~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Add a new mode for the asset perfomance chart (on the 'more stats' modal page), which is a drop-down menu option, that switches from showing comparisons between assets, over to showing ONLY ASSETS A USER HOLDS, AND INCLUDES A "TOTAL PORTFOLIO VALUE" CHART LINE TOO (showing perecent increase / decrease in TOTAL PORTFOLIO VALUE).


Add these feature-assets to developer-config.php, AND have it DYNAMICALLY USED in every instance of logic that has processing on them, INCLUDING A CONVERSION TO A JAVASCRIPT ARRAY FOR JAVASCRIPT USING THEM:
'MISCASSETS',
'BTCNFTS',
Expand Down Expand Up @@ -329,9 +326,6 @@ Send out an OPTIONAL comms alert when we change the admin security mode, OR when
Add a 24 hour time picker, in the recurring reminder plugin settings interface.


DOUBLE-CHECK ALL security tokens are skipped by the input sanitizer, since they can cause false positives, and they are already HEAVILY scanned in other ways.


On windows desktop edition, when registering an admin account for the first time, if you click on certain links in the user area menu, it just hangs with a loading message, and never redirects back to the registration page like it should.


Expand Down
4 changes: 3 additions & 1 deletion DOCUMENTATION-ETC/changelog.txt
Original file line number Diff line number Diff line change
Expand Up @@ -6799,9 +6799,11 @@ AND MIGRATE YOUR EXISTING CUSTOM SETTINGS TO THE NEW FORMAT.

-Optimized / cleaned up page loading logic

-Increased reliability of app runtime

-Upgraded Idex exchange API to v4

-Upgraded ZingChart to v2.9.15
-Upgraded ZingChart to v2.9.14

-Upgraded Kraken exchange API

Expand Down
22 changes: 11 additions & 11 deletions app-lib/js/functions.js
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ $('#' + tree_id).show(250, 'linear'); // 0.25 seconds

// IF secured with the general CSRF security token
if ( csrf_sec_token ) {
url_params = url_params + "&token=" + Base64.decode(gen_csrf_sec_token);
url_params = url_params + "&gen_nonce=" + Base64.decode(gen_csrf_sec_token);
}


Expand Down Expand Up @@ -2517,7 +2517,7 @@ $(elm_id).html("<div style='margin: " + loading_height + "em; line-height: " + (

// IF secured with the general CSRF security token
if ( csrf_sec_token ) {
url_params = url_params + "&token=" + Base64.decode(gen_csrf_sec_token);
url_params = url_params + "&gen_nonce=" + Base64.decode(gen_csrf_sec_token);
}


Expand Down Expand Up @@ -2624,7 +2624,7 @@ not_whole_num = (log_lines - Math.floor(log_lines)) !== 0;


// Get log data
$.getJSON("ajax.php?token=" + Base64.decode(logs_csrf_sec_token) + "&type=log&logfile=" + log_file + '&lines=' + set_lines, function( data ) {
$.getJSON("ajax.php?logs_nonce=" + Base64.decode(logs_csrf_sec_token) + "&type=log&logfile=" + log_file + '&lines=' + set_lines, function( data ) {

data_length = data.length;

Expand Down Expand Up @@ -2875,20 +2875,20 @@ function row_alert(tr_id, alert_type, color, theme) {

if ( color == 'yellow' ) {

$('.tablesorter tr#' + tr_id).css("background", alert_color_loss);
$('.tablesorter tr#' + tr_id + ' td').css("background", alert_color_loss);
$('.tablesorter tr#' + tr_id).css("background-color", alert_color_loss);
$('.tablesorter tr#' + tr_id + ' td').css("background-color", alert_color_loss);
$('#coins_table tr#' + tr_id).css("background", alert_color_loss);
$('#coins_table tr#' + tr_id + ' td').css("background", alert_color_loss);
$('#coins_table tr#' + tr_id).css("background-color", alert_color_loss);
$('#coins_table tr#' + tr_id + ' td').css("background-color", alert_color_loss);

}


if ( color == 'green' ) {

$('.tablesorter tr#' + tr_id).css("background", alert_color_gain);
$('.tablesorter tr#' + tr_id + ' td').css("background", alert_color_gain);
$('.tablesorter tr#' + tr_id).css("background-color", alert_color_gain);
$('.tablesorter tr#' + tr_id + ' td').css("background-color", alert_color_gain);
$('#coins_table tr#' + tr_id).css("background", alert_color_gain);
$('#coins_table tr#' + tr_id + ' td').css("background", alert_color_gain);
$('#coins_table tr#' + tr_id).css("background-color", alert_color_gain);
$('#coins_table tr#' + tr_id + ' td').css("background-color", alert_color_gain);

}

Expand Down
18 changes: 9 additions & 9 deletions app-lib/php/classes/core/admin.php
Original file line number Diff line number Diff line change
Expand Up @@ -399,7 +399,7 @@ function color_form_fields($field_array_base, $passed_key, $passed_val, $render_
<?php
if ( isset($render_params[$passed_key]['is_notes']) ) {
?>
<i class="notes_arrow arrow_up"></i><br /><span class='admin_settings_notes bitcoin random_tip'><?=$render_params[$passed_key]['is_notes']?></span>
<i class="notes_arrow arrow_up"></i><br /><span class='settings_notes bitcoin random_tip'><?=$render_params[$passed_key]['is_notes']?></span>
<?php
}

Expand Down Expand Up @@ -512,7 +512,7 @@ function textarea_form_fields($field_array_base, $passed_key, $passed_val, $rend
<?php
if ( isset($render_params[$passed_key]['is_notes']) ) {
?>
<i class="notes_arrow arrow_up"></i><br /><span class='admin_settings_notes bitcoin random_tip'><?=$render_params[$passed_key]['is_notes']?></span>
<i class="notes_arrow arrow_up"></i><br /><span class='settings_notes bitcoin random_tip'><?=$render_params[$passed_key]['is_notes']?></span>
<?php
}

Expand Down Expand Up @@ -618,7 +618,7 @@ function hidden_form_fields($field_array_base, $passed_key, $passed_val, $render
if ( isset($render_params[$passed_key]['is_notes']) ) {
?>

<p><span class='admin_settings_notes red red_dotted'><?=$render_params[$passed_key]['is_notes']?></span></p>
<p><span class='settings_notes red red_dotted'><?=$render_params[$passed_key]['is_notes']?></span></p>

<?php
}
Expand Down Expand Up @@ -694,7 +694,7 @@ function text_form_fields($field_array_base, $passed_key, $passed_val, $render_p
if ( isset($render_params[$passed_key]['is_notes']) ) {
?>

<br /><i class="notes_arrow arrow_up"></i><br /><span class='admin_settings_notes bitcoin random_tip'><?=$render_params[$passed_key]['is_notes']?></span>
<br /><i class="notes_arrow arrow_up"></i><br /><span class='settings_notes bitcoin random_tip'><?=$render_params[$passed_key]['is_notes']?></span>

<?php
}
Expand Down Expand Up @@ -843,7 +843,7 @@ function radio_form_fields($field_array_base, $passed_key, $passed_val, $render_

if ( isset($render_params[$passed_key]['is_notes']) ) {
?>
<br /><i class="notes_arrow arrow_up"></i><br /><span class='admin_settings_notes bitcoin random_tip'><?=$render_params[$passed_key]['is_notes']?></span>
<br /><i class="notes_arrow arrow_up"></i><br /><span class='settings_notes bitcoin random_tip'><?=$render_params[$passed_key]['is_notes']?></span>
<?php
}

Expand Down Expand Up @@ -1056,7 +1056,7 @@ function admin_config_interface($conf_id, $interface_id, $render_params=false) {
if ( isset($render_params[$key]['is_notes']) ) {
?>

<i class="notes_arrow arrow_up"></i><br /><span class='admin_settings_notes bitcoin random_tip'><?=$render_params[$key]['is_notes']?></span>
<i class="notes_arrow arrow_up"></i><br /><span class='settings_notes bitcoin random_tip'><?=$render_params[$key]['is_notes']?></span>

<?php
}
Expand Down Expand Up @@ -1087,7 +1087,7 @@ function admin_config_interface($conf_id, $interface_id, $render_params=false) {
if ( isset($render_params[$key]['is_notes']) ) {
?>

<br /><i class="notes_arrow arrow_up"></i><br /><span class='admin_settings_notes bitcoin random_tip'><?=$render_params[$key]['is_notes']?></span>
<br /><i class="notes_arrow arrow_up"></i><br /><span class='settings_notes bitcoin random_tip'><?=$render_params[$key]['is_notes']?></span>

<?php
}
Expand Down Expand Up @@ -1410,7 +1410,7 @@ function range_form_fields($field_array_base, $passed_key, $passed_val, $render_
if ( isset($render_params[$passed_key]['is_notes']) ) {
?>

<br /><i class="notes_arrow arrow_up"></i><br /><span class='admin_settings_notes bitcoin random_tip'><?=$render_params[$passed_key]['is_notes']?></span>
<br /><i class="notes_arrow arrow_up"></i><br /><span class='settings_notes bitcoin random_tip'><?=$render_params[$passed_key]['is_notes']?></span>

<?php
}
Expand Down Expand Up @@ -1642,7 +1642,7 @@ function select_form_fields($field_array_base, $passed_key, $passed_val, $render

if ( isset($render_params[$passed_key]['is_notes']) ) {
?>
<br /><i class="notes_arrow arrow_up"></i><br /><span class='admin_settings_notes bitcoin random_tip'><?=$render_params[$passed_key]['is_notes']?></span>
<br /><i class="notes_arrow arrow_up"></i><br /><span class='settings_notes bitcoin random_tip'><?=$render_params[$passed_key]['is_notes']?></span>
<?php
}

Expand Down
17 changes: 2 additions & 15 deletions app-lib/php/classes/core/general.php
Original file line number Diff line number Diff line change
Expand Up @@ -2703,21 +2703,8 @@ function sanitize_string($method, $ext_key, $data, $mysqli_connection=false) {
// STRINGS THAT ARE *SECURITY TOKENS* / QR CODE GENERATOR INPUTS ARE *ALREADY* HEAVILY SCANNED / CHECKED, SO WE CAN SAFELY EXCLUDE THEM
// (AND THEY CAN ***TRIGGER ATTACK SIGNATURE FALSE POSITIVES*** on code opening and closing tag symbols <>,
// ***WHEN HASHES / DIGESTS ARE RUN THROUGH THE HEXIDECIMAL DECODER FURTHER DOWN IN THIS FUNCTION***)
if (

// Security tokens, WITH 'token' IN NAME
stristr($ext_key, 'token')

// Security tokens, WITH 'nonce' IN NAME
|| stristr($ext_key, 'nonce')

// Admin 2FA setup security token
|| $ext_key == '2fa_setup'

// QR Code Generator (for crypto addresses)
|| $ext_key == 'qr_code_crypto_address'

) {
// Security tokens, WITH 'nonce' IN NAME, AND QR Code Generator (for crypto addresses)
if ( stristr($ext_key, 'nonce') || $ext_key == 'qr_code_crypto_address' ) {
return $data;
}

Expand Down
2 changes: 1 addition & 1 deletion app-lib/php/inline/ajax/access-stats.php
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@


// If we are not admin logged in, OR fail the CSRF security token check, exit
if ( !$ct['gen']->admin_logged_in() || !$ct['gen']->pass_sec_check($_GET['token'], 'general_csrf_security') ) {
if ( !$ct['gen']->admin_logged_in() || !$ct['gen']->pass_sec_check($_GET['gen_nonce'], 'general_csrf_security') ) {
// Log errors / debugging, send notifications
$ct['cache']->app_log();
$ct['cache']->send_notifications();
Expand Down
2 changes: 1 addition & 1 deletion app-lib/php/inline/ajax/jstree/jstree-init.php
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@


// If we are not admin logged in, OR fail the CSRF security token check, exit
if ( !$ct['gen']->admin_logged_in() || !$ct['gen']->pass_sec_check($_GET['token'], 'general_csrf_security') ) {
if ( !$ct['gen']->admin_logged_in() || !$ct['gen']->pass_sec_check($_GET['gen_nonce'], 'general_csrf_security') ) {
// Log errors / debugging, send notifications
$ct['cache']->app_log();
$ct['cache']->send_notifications();
Expand Down
2 changes: 1 addition & 1 deletion app-lib/php/inline/ajax/logs.php
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@


// If we are not admin logged in, OR fail the CSRF security token check, exit
if ( !$ct['gen']->admin_logged_in() || !$ct['gen']->pass_sec_check($_GET['token'], 'logs_csrf_security') ) {
if ( !$ct['gen']->admin_logged_in() || !$ct['gen']->pass_sec_check($_GET['logs_nonce'], 'logs_csrf_security') ) {
// Log errors / debugging, send notifications
$ct['cache']->app_log();
$ct['cache']->send_notifications();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@


// If we are not admin logged in, OR fail the CSRF security token check, exit
if ( !$ct['gen']->admin_logged_in() || !$ct['gen']->pass_sec_check($_GET['token'], 'general_csrf_security') ) {
if ( !$ct['gen']->admin_logged_in() || !$ct['gen']->pass_sec_check($_GET['gen_nonce'], 'general_csrf_security') ) {

// Log errors / debugging, send notifications
$ct['cache']->app_log();
Expand Down
2 changes: 1 addition & 1 deletion app-lib/php/inline/init/config-init.php
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@


// Global alert that a ticker search is running
if ( isset($_POST['add_markets_search']) && $ct['gen']->admin_logged_in() && $ct['gen']->pass_sec_check($_GET['token'], 'general_csrf_security') ) {
if ( isset($_POST['add_markets_search']) && $ct['gen']->admin_logged_in() && $ct['gen']->pass_sec_check($_GET['gen_nonce'], 'general_csrf_security') ) {
$ct['ticker_markets_search'] = true;
}

Expand Down
2 changes: 2 additions & 0 deletions app-lib/php/inline/init/runtime-type-init.php
Original file line number Diff line number Diff line change
Expand Up @@ -352,6 +352,8 @@
}


//$ct['gen']->array_debugging($ct['sel_opt']); // DEBUGGING ONLY

//////////////////////////////////////////////////////////////////
// END RUNTIME TYPE INIT
//////////////////////////////////////////////////////////////////
Expand Down
4 changes: 2 additions & 2 deletions app-lib/php/inline/security/early-security-logic.php
Original file line number Diff line number Diff line change
Expand Up @@ -153,8 +153,8 @@
//////////////////////////////////////////////////////////////////////////////////////////////////////////


// CSRF attack protection for downloads EXCEPT backup downloads (which are secured by requiring the nonce)
if ( $ct['runtime_mode'] == 'download' && !isset($_GET['backup']) && $_GET['token'] != $ct['gen']->nonce_digest('download') ) {
// CSRF attack protection for downloads EXCEPT backup downloads (which are secured by having a nonce in the filename instead)
if ( $ct['runtime_mode'] == 'download' && !isset($_GET['backup']) && $_GET['download_nonce'] != $ct['gen']->nonce_digest('download') ) {
$ct['gen']->log('security_error', 'aborted, security token mis-match/stale from ' . $_SERVER['REMOTE_ADDR'] . ', for request: ' . $_SERVER['REQUEST_URI'] . ' (try reloading the app)');
$ct['cache']->app_log();
echo "Aborted, security token mis-match/stale, try reloading the app.";
Expand Down
40 changes: 40 additions & 0 deletions templates/interface/css/admin.css
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,41 @@ CLASSES
////////////////////////////// */


.pretty_text_fields .admin_range_fields {
position: relative;
white-space: nowrap;
margin-top: 3.75em;
margin-bottom: 3.75em;
}

.admin_range_fields {
position: relative;
min-width: 100%;
max-width: 100%;
}

.admin_range_fields .setting_title {
position: absolute;
top: -1em;
font-weight: bold;
}


.subarray_item .admin_range_fields {
margin-top: unset;
}


.admin_login_alerts {
display: inline-block;
font-weight: bold;
padding: 0.4em;
margin: 0.4em;
font-size: 1.5em;
border-radius: 0.7em !important;
}


.admin_iframe {
overflow: hidden;
width: 100%;
Expand Down Expand Up @@ -80,6 +115,11 @@ IDs
////////////////////////////// */


#admin_wrapper .full_width_wrapper {
margin-left: 0.45em !important;
}


#admin_tabs li a {
position: relative;
left: 2px;
Expand Down
15 changes: 12 additions & 3 deletions templates/interface/css/root-css-combined.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,21 @@
'modaal.css',
'jquery.mCustomScrollbar.min.css',
'style.css',
'admin.css',
''.$_GET['theme'].'.style.css',
''.$_GET['theme'].'.admin.css',
$_GET['theme'].'.style.css',
'highlightjs.min.css',
);


// Only include ADMIN CSS, if flagged to
if ( $_GET['admin'] == 'yes' ) {

$css[] = 'admin.css';

$css[] = $_GET['theme'].'.admin.css';

}


// Prevent a notice
$css_content = '';

Expand Down
Loading

0 comments on commit 0e5db28

Please sign in to comment.