Security hardening
This commit is contained in:
@@ -1,99 +0,0 @@
|
||||
<?php
|
||||
|
||||
|
||||
defined('_JEXEC') or die('Restricted access');
|
||||
|
||||
\Joomla\CMS\HTML\HTMLHelper::_('bootstrap.dropdown');
|
||||
|
||||
vmJsApi::cssSite();
|
||||
|
||||
$data = $cart->prepareAjaxData(true);
|
||||
$view = vRequest::getCmd('view');
|
||||
?>
|
||||
|
||||
<div class="vmCartModule row <?php echo $params->get('moduleclass_sfx'); ?>">
|
||||
<div class="col-12 mb-2">
|
||||
<p class="total_products px-2 py-1 bg-light">
|
||||
<?php echo $data->totalProductTxt ?>
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<?php if ($show_product_list) : ?>
|
||||
<div class="hiddencontainer d-none" id="hiddencontainer">
|
||||
<div class="vmcontainer">
|
||||
<div class="product_row row align-items-center pb-2 mb-2">
|
||||
<div class="product_image col-3">
|
||||
<div class="image image img-thumbnail"></div>
|
||||
</div>
|
||||
<div class="col-6">
|
||||
<span class="quantity"></span>
|
||||
x
|
||||
<span class="product_name"></span>
|
||||
<div class="customProductData col-12 mt-1 small"></div>
|
||||
</div>
|
||||
<?php if ($show_price and $currencyDisplay->_priceConfig['salesPrice'][0]) : ?>
|
||||
<div class="col-3 text-end">
|
||||
<span class="subtotal_with_tax"></span>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<div class="col-12 mt-3">
|
||||
<div class="border-bottom"></div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="vmcontainer vm_cart_products container small">
|
||||
<?php foreach ($data->products as $product) : ?>
|
||||
<div class="product_row row align-items-center pb-2 mb-2">
|
||||
<div class="product_image col-3">
|
||||
<?php if ( VmConfig::get('oncheckout_show_images')) : ?>
|
||||
<div class="image img-thumbnail"><?php echo $product['image']; ?></div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
|
||||
<div class="col-6">
|
||||
<span class="quantity">
|
||||
<?php echo $product['quantity'] ?>
|
||||
</span>
|
||||
x
|
||||
<span class="product_name">
|
||||
<?php echo $product['product_name'] ?>
|
||||
</span>
|
||||
<div class="customProductData col-12 mt-1 small">
|
||||
<?php echo $product['customProductData'] ?>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php if ($show_price and $currencyDisplay->_priceConfig['salesPrice'][0]) : ?>
|
||||
<div class="col-3 text-end text-nowrap">
|
||||
<span class="subtotal_with_tax">
|
||||
<?php echo $product['subtotal_with_tax'] ?>
|
||||
</span>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<div class="col-12 mt-3">
|
||||
<div class="border-bottom"></div>
|
||||
</div>
|
||||
</div>
|
||||
<?php endforeach; ?>
|
||||
</div>
|
||||
|
||||
<div class="show_cart_m d-flex align-items-center container">
|
||||
<a class="btn btn-secondary btn-sm show-cart me-auto" href="<?php echo $data->cart_show_link; ?>" rel="nofollow">
|
||||
<?php echo vmText::_('COM_VIRTUEMART_CART_SHOW'); ?>
|
||||
</a>
|
||||
<span class="total small">
|
||||
<?php echo !empty($data->products) ? $data->billTotal : ''; ?>
|
||||
</span>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ($view != 'cart' and $view != 'user') : ?>
|
||||
<div class="payments-signin-button"></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<noscript>
|
||||
<?php echo vmText::_('MOD_VIRTUEMART_CART_AJAX_CART_PLZ_JAVASCRIPT') ?>
|
||||
</noscript>
|
||||
</div>
|
||||
@@ -1,107 +0,0 @@
|
||||
<?php
|
||||
|
||||
|
||||
/**
|
||||
* @package Joomla.Site
|
||||
* @subpackage Templates.vmbasic
|
||||
*
|
||||
* @copyright (C) 2024 Spiros Petrakis
|
||||
* @license GNU General Public License version 2 or later; see LICENSE.txt
|
||||
*/
|
||||
|
||||
defined('_JEXEC') or die('Restricted access');
|
||||
|
||||
\Joomla\CMS\HTML\HTMLHelper::_('bootstrap.dropdown');
|
||||
|
||||
vmJsApi::cssSite();
|
||||
|
||||
$data = $cart->prepareAjaxData(true);
|
||||
$view = vRequest::getCmd('view');
|
||||
?>
|
||||
|
||||
<div class="vmCartModule <?php echo $params->get('moduleclass_sfx'); ?> dropdown">
|
||||
<button class="btn btn-link btn-sm p-0 dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="currentColor" class="bi bi-cart3" viewBox="0 0 16 16">
|
||||
<path d="M0 1.5A.5.5 0 0 1 .5 1H2a.5.5 0 0 1 .485.379L2.89 3H14.5a.5.5 0 0 1 .49.598l-1 5a.5.5 0 0 1-.465.401l-9.397.472L4.415 11H13a.5.5 0 0 1 0 1H4a.5.5 0 0 1-.491-.408L2.01 3.607 1.61 2H.5a.5.5 0 0 1-.5-.5M3.102 4l.84 4.479 9.144-.459L13.89 4zM5 12a2 2 0 1 0 0 4 2 2 0 0 0 0-4m7 0a2 2 0 1 0 0 4 2 2 0 0 0 0-4m-7 1a1 1 0 1 1 0 2 1 1 0 0 1 0-2m7 0a1 1 0 1 1 0 2 1 1 0 0 1 0-2"/>
|
||||
</svg>
|
||||
|
||||
<span class="total_products ms-2">
|
||||
<?php echo $data->totalProductTxt ?>
|
||||
</span>
|
||||
</button>
|
||||
|
||||
<?php if ($show_product_list) : ?>
|
||||
<div class="hiddencontainer d-none" id="hiddencontainer">
|
||||
<div class="vmcontainer">
|
||||
<div class="product_row row align-items-center pb-2 mb-2 border-bottom">
|
||||
<div class="product_image col-3">
|
||||
<div class="image image img-thumbnail"></div>
|
||||
</div>
|
||||
<div class="col-6">
|
||||
<span class="quantity"></span>
|
||||
x
|
||||
<span class="product_name"></span>
|
||||
<div class="customProductData col-12 mt-1 small"></div>
|
||||
</div>
|
||||
<?php if ($show_price and $currencyDisplay->_priceConfig['salesPrice'][0]) : ?>
|
||||
<div class="col-3 text-end">
|
||||
<span class="subtotal_with_tax"></span>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="dropdown-menu dropdown-menu-end">
|
||||
<div class="vmcontainer vm_cart_products container small">
|
||||
<?php foreach ($data->products as $product) : ?>
|
||||
<div class="product_row row align-items-center pb-2 mb-2 border-bottom">
|
||||
<div class="product_image col-3">
|
||||
<?php if ( VmConfig::get('oncheckout_show_images')) : ?>
|
||||
<div class="image img-thumbnail"><?php echo $product['image']; ?></div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
|
||||
<div class="col-6">
|
||||
<span class="quantity">
|
||||
<?php echo $product['quantity'] ?>
|
||||
</span>
|
||||
x
|
||||
<span class="product_name">
|
||||
<?php echo $product['product_name'] ?>
|
||||
</span>
|
||||
<div class="customProductData col-12 mt-1 small">
|
||||
<?php echo $product['customProductData'] ?>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php if ($show_price and $currencyDisplay->_priceConfig['salesPrice'][0]) : ?>
|
||||
<div class="col-3 text-end text-nowrap">
|
||||
<span class="subtotal_with_tax">
|
||||
<?php echo $product['subtotal_with_tax'] ?>
|
||||
</span>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<?php endforeach; ?>
|
||||
</div>
|
||||
|
||||
<div class="show_cart_m d-flex align-items-center container">
|
||||
<a class="btn btn-secondary btn-sm show-cart me-auto" href="<?php echo $data->cart_show_link; ?>" rel="nofollow">
|
||||
<?php echo vmText::_('COM_VIRTUEMART_CART_SHOW'); ?>
|
||||
</a>
|
||||
<span class="total small">
|
||||
<?php echo !empty($data->products) ? $data->billTotal : ''; ?>
|
||||
</span>
|
||||
</div>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ($view != 'cart' and $view != 'user') : ?>
|
||||
<div class="payments-signin-button"></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<noscript>
|
||||
<?php echo vmText::_('MOD_VIRTUEMART_CART_AJAX_CART_PLZ_JAVASCRIPT') ?>
|
||||
</noscript>
|
||||
</div>
|
||||
@@ -1,118 +0,0 @@
|
||||
<!--
|
||||
* Copyright (C) 2025 Moko Consulting <jmiller@mokoconsulting.tech>
|
||||
*
|
||||
* This file is part of a Moko Consulting project.
|
||||
*
|
||||
* SPDX-License-Identifier: GPL-3.0-or-later
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
-->
|
||||
|
||||
<!--FILE INFORMATION
|
||||
* DEFGROUP: Joomla.Site
|
||||
* INGROUP: Templates.Moko-Cassiopeia
|
||||
* FILE: index.html
|
||||
* BRIEF: Security redirect page to block folder access and forward to site root.
|
||||
-->
|
||||
|
||||
<!doctype html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<title>Redirecting…</title>
|
||||
|
||||
<!-- Search engines: do not index this placeholder redirect page -->
|
||||
<meta name="robots" content="noindex, nofollow, noarchive" />
|
||||
|
||||
<!-- Instant redirect fallback even if JavaScript is disabled -->
|
||||
<meta http-equiv="refresh" content="0; url=/" />
|
||||
|
||||
<!-- Canonical root reference -->
|
||||
<link rel="canonical" href="/" />
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
|
||||
<script>
|
||||
/**
|
||||
* @defgroup Dolibarr
|
||||
* @file index.html (embedded script)
|
||||
* @version 1.0.0
|
||||
* @brief Security redirect logic. Replaces the current history entry with the site root.
|
||||
* @details This script computes the absolute root URL using `location.origin` and
|
||||
* forwards the user immediately. It prevents leaving the protected folder
|
||||
* in the browser history by default.
|
||||
*
|
||||
* @section VARIABLES
|
||||
* @var {Object} opts Configuration options for the redirect behavior.
|
||||
* @var {string} opts.fallbackPath Path used when `location.origin` cannot be determined.
|
||||
* @var {number} opts.delayMs Optional delay in milliseconds before redirecting.
|
||||
* @var {"replace"|"assign"} opts.behavior Navigation method used for the redirect.
|
||||
*
|
||||
* @section OPTIONS
|
||||
* - opts.fallbackPath: default "/" (root path)
|
||||
* - opts.delayMs: default 0 (immediate)
|
||||
* - opts.behavior: one of
|
||||
* * "replace" — calls `location.replace(url)`; does not keep the folder page in history.
|
||||
* * "assign" — calls `location.assign(url)`; keeps an extra history entry.
|
||||
*/
|
||||
(function redirectToRoot() {
|
||||
// Configuration object with safe defaults.
|
||||
var opts = {
|
||||
fallbackPath: "/", // string: fallback destination if origin is unavailable
|
||||
delayMs: 0, // number: delay before redirect in ms (0 = immediate)
|
||||
behavior: "replace" // enum: "replace" | "assign"
|
||||
};
|
||||
|
||||
// Determine absolute origin in all mainstream browsers.
|
||||
var origin = (typeof location.origin === "string" && location.origin)
|
||||
|| (location.protocol + "//" + location.host);
|
||||
|
||||
// Final destination: absolute root of the current site, or fallback path.
|
||||
var destination = origin ? origin + "/" : opts.fallbackPath;
|
||||
|
||||
function go() {
|
||||
if (opts.behavior === "assign") {
|
||||
location.assign(destination);
|
||||
} else {
|
||||
location.replace(destination);
|
||||
}
|
||||
}
|
||||
|
||||
// Execute redirect, optionally after a short delay.
|
||||
if (opts.delayMs > 0) {
|
||||
setTimeout(go, opts.delayMs);
|
||||
} else {
|
||||
go();
|
||||
}
|
||||
})();
|
||||
</script>
|
||||
|
||||
<!--
|
||||
Secondary meta-refresh for no-JS environments is already set above.
|
||||
Some very old crawlers may ignore JS; the meta refresh ensures coverage.
|
||||
-->
|
||||
|
||||
<noscript>
|
||||
<!-- Extra defense-in-depth: if JS is disabled, meta refresh (above) handles redirect. -->
|
||||
<style>
|
||||
html, body { height:100%; }
|
||||
body { display:flex; align-items:center; justify-content:center; margin:0; font: 16px/1.4 system-ui, -apple-system, Segoe UI, Roboto, Arial, sans-serif; }
|
||||
.msg { opacity: .75; text-align: center; }
|
||||
</style>
|
||||
</noscript>
|
||||
</head>
|
||||
<body>
|
||||
<div class="msg">Redirecting to the site root… If you are not redirected, <a href="/">click here</a>.</div>
|
||||
</body>
|
||||
</html>
|
||||
Reference in New Issue
Block a user