Security hardening
This commit is contained in:
@@ -1,44 +0,0 @@
|
||||
<?php
|
||||
|
||||
|
||||
defined('_JEXEC') or die('Restricted access');
|
||||
|
||||
use Joomla\CMS\Router\Route;
|
||||
use Joomla\CMS\HTML\HTMLHelper;
|
||||
|
||||
$category_id = vRequest::getInt ('virtuemart_category_id', 0);
|
||||
$sublevel = $params->get('level', 0);
|
||||
?>
|
||||
<ul class="vm-menu list-unstyled<?php echo $class_sfx ? ' ' . $class_sfx : ''; ?>">
|
||||
<?php foreach ($categories as $category) : ?>
|
||||
<?php
|
||||
$active_menu = '';
|
||||
$caturl = Route::_('index.php?option=com_virtuemart&view=category&virtuemart_category_id='.$category->virtuemart_category_id);
|
||||
$cattext = $category->category_name;
|
||||
|
||||
if (in_array( $category->virtuemart_category_id, $parentCategories)) {
|
||||
$active_menu = ' active';
|
||||
}
|
||||
?>
|
||||
<li class="border-bottom<?php echo $active_menu ?>">
|
||||
<?php echo HTMLHelper::link($caturl, $cattext); ?>
|
||||
<?php if (!empty($category->childs) && $sublevel > 0) : ?>
|
||||
<ul class="vm-submenu<?php echo $class_sfx; ?> list-unstyled small px-3 py-1 bg-light">
|
||||
<?php foreach ($category->childs as $child) : ?>
|
||||
<?php
|
||||
$active_menu = '';
|
||||
if ($child->virtuemart_category_id == $category_id) {
|
||||
$active_menu = ' active';
|
||||
}
|
||||
$caturl = Route::_('index.php?option=com_virtuemart&view=category&virtuemart_category_id='.$child->virtuemart_category_id);
|
||||
$cattext = vmText::_($child->category_name);
|
||||
?>
|
||||
<li class="border-bottom<?php echo $active_menu ?>">
|
||||
<?php echo HTMLHelper::link($caturl, $cattext); ?>
|
||||
</li>
|
||||
<?php endforeach; ?>
|
||||
</ul>
|
||||
<?php endif; ?>
|
||||
</li>
|
||||
<?php endforeach; ?>
|
||||
</ul>
|
||||
@@ -1,67 +0,0 @@
|
||||
<?php
|
||||
|
||||
|
||||
defined('_JEXEC') or die('Restricted access');
|
||||
|
||||
use Joomla\CMS\Factory;
|
||||
use Joomla\CMS\Router\Route;
|
||||
use Joomla\CMS\HTML\HTMLHelper;
|
||||
|
||||
\Joomla\CMS\HTML\HTMLHelper::_('bootstrap.collapse');
|
||||
|
||||
$doc = Factory::getDocument();
|
||||
$wa = $doc->getWebAssetManager();
|
||||
$wa->addInlineScript('jQuery(function($) {
|
||||
$(\'.vm-menu-btn\').click(function(e){
|
||||
e.stopPropagation();
|
||||
e.preventDefault();
|
||||
});
|
||||
});
|
||||
');
|
||||
|
||||
$category_id = vRequest::getInt ('virtuemart_category_id', 0);
|
||||
$sublevel = $params->get('level', 0);
|
||||
$btnIcon = '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-chevron-down" viewBox="0 0 16 16">
|
||||
<path fill-rule="evenodd" d="M1.646 4.646a.5.5 0 0 1 .708 0L8 10.293l5.646-5.647a.5.5 0 0 1 .708.708l-6 6a.5.5 0 0 1-.708 0l-6-6a.5.5 0 0 1 0-.708"/>
|
||||
</svg>';
|
||||
?>
|
||||
<ul class="vm-menu vm-menu-current list-unstyled<?php echo $class_sfx ? ' ' . $class_sfx : ''; ?>">
|
||||
<?php foreach ($categories as $category) : ?>
|
||||
<?php
|
||||
$active_menu = '';
|
||||
|
||||
if (in_array( $category->virtuemart_category_id, $parentCategories)) {
|
||||
$active_menu = ' active';
|
||||
}
|
||||
|
||||
$has_children = !empty($category->childs) ? ' has-children' : '';
|
||||
$collapsed = empty($active_menu) ? ' collapsed' : '';
|
||||
$caturl = Route::_('index.php?option=com_virtuemart&view=category&virtuemart_category_id='.$category->virtuemart_category_id);
|
||||
$btn = '<button class="vm-menu-btn' . $collapsed . '" type="button" data-bs-toggle="collapse" href="#vm-menu-current-' . $category->virtuemart_category_id . '" role="button" aria-expanded="false" aria-controls="vm-menu-current-' . $category->virtuemart_category_id . '">' . $btnIcon . '</button>';
|
||||
$submenu_btn = !empty($category->childs) && $sublevel > 0 ? $btn : '';
|
||||
$cattext = $category->category_name . $submenu_btn;
|
||||
?>
|
||||
<li class="border-bottom<?php echo $active_menu . $has_children; ?>">
|
||||
<?php echo HTMLHelper::link($caturl, $cattext); ?>
|
||||
<?php if (!empty($category->childs) && $sublevel > 0) : ?>
|
||||
<div class="collapse<?php echo !empty($active_menu) ? ' show' : ''; ?>" id="vm-menu-current-<?php echo $category->virtuemart_category_id; ?>">
|
||||
<ul class="vm-submenu<?php echo $class_sfx; ?> list-unstyled small px-3 py-1 bg-light">
|
||||
<?php foreach ($category->childs as $child) : ?>
|
||||
<?php
|
||||
$active_menu = '';
|
||||
if ($child->virtuemart_category_id == $category_id) {
|
||||
$active_menu = ' active';
|
||||
}
|
||||
$caturl = Route::_('index.php?option=com_virtuemart&view=category&virtuemart_category_id='.$child->virtuemart_category_id);
|
||||
$childcattext = $child->category_name;
|
||||
?>
|
||||
<li class="border-bottom<?php echo $active_menu ?>">
|
||||
<?php echo HTMLHelper::link($caturl, $childcattext); ?>
|
||||
</li>
|
||||
<?php endforeach; ?>
|
||||
</ul>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</li>
|
||||
<?php endforeach; ?>
|
||||
</ul>
|
||||
@@ -1,67 +0,0 @@
|
||||
<?php
|
||||
|
||||
|
||||
defined('_JEXEC') or die('Restricted access');
|
||||
|
||||
use Joomla\CMS\Factory;
|
||||
use Joomla\CMS\Router\Route;
|
||||
use Joomla\CMS\HTML\HTMLHelper;
|
||||
|
||||
\Joomla\CMS\HTML\HTMLHelper::_('bootstrap.collapse');
|
||||
|
||||
$doc = Factory::getDocument();
|
||||
$wa = $doc->getWebAssetManager();
|
||||
$wa->addInlineScript('jQuery(function($) {
|
||||
$(\'.vm-menu-btn\').click(function(e){
|
||||
e.stopPropagation();
|
||||
e.preventDefault();
|
||||
});
|
||||
});
|
||||
');
|
||||
|
||||
$category_id = vRequest::getInt ('virtuemart_category_id', 0);
|
||||
$sublevel = $params->get('level', 0);
|
||||
$btnIcon = '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-chevron-down" viewBox="0 0 16 16">
|
||||
<path fill-rule="evenodd" d="M1.646 4.646a.5.5 0 0 1 .708 0L8 10.293l5.646-5.647a.5.5 0 0 1 .708.708l-6 6a.5.5 0 0 1-.708 0l-6-6a.5.5 0 0 1 0-.708"/>
|
||||
</svg>';
|
||||
?>
|
||||
<ul id="vm-menu-default-<?php echo $module->id; ?>" class="vm-menu vm-menu-default accordion list-unstyled<?php echo $class_sfx ? ' ' . $class_sfx : ''; ?>">
|
||||
<?php foreach ($categories as $category) : ?>
|
||||
<?php
|
||||
$active_menu = '';
|
||||
|
||||
if (in_array( $category->virtuemart_category_id, $parentCategories)) {
|
||||
$active_menu = ' active';
|
||||
}
|
||||
|
||||
$has_children = !empty($category->childs) ? ' has-children' : '';
|
||||
$collapsed = empty($active_menu) ? ' collapsed' : '';
|
||||
$caturl = Route::_('index.php?option=com_virtuemart&view=category&virtuemart_category_id='.$category->virtuemart_category_id);
|
||||
$btn = '<button class="vm-menu-btn' . $collapsed . '" type="button" data-bs-toggle="collapse" href="#vm-menu-default-' . $category->virtuemart_category_id . '" role="button" aria-expanded="false" aria-controls="vm-menu-default-' . $category->virtuemart_category_id . '">' . $btnIcon . '</button>';
|
||||
$submenu_btn = !empty($category->childs) && $sublevel > 0 ? $btn : '';
|
||||
$cattext = $category->category_name . $submenu_btn;
|
||||
?>
|
||||
<li class="accordion-item border-bottom<?php echo $active_menu . $has_children; ?>">
|
||||
<?php echo HTMLHelper::link($caturl, $cattext); ?>
|
||||
<?php if (!empty($category->childs) && $sublevel > 0) : ?>
|
||||
<div class="accordion-collapse collapse<?php echo !empty($active_menu) ? ' show' : ''; ?>" id="vm-menu-default-<?php echo $category->virtuemart_category_id; ?>" data-bs-parent="#vm-menu-default-<?php echo $module->id; ?>">
|
||||
<ul class="vm-submenu<?php echo $class_sfx; ?> list-unstyled small px-3 py-1 bg-light">
|
||||
<?php foreach ($category->childs as $child) : ?>
|
||||
<?php
|
||||
$active_menu = '';
|
||||
if ($child->virtuemart_category_id == $category_id) {
|
||||
$active_menu = ' active';
|
||||
}
|
||||
$caturl = Route::_('index.php?option=com_virtuemart&view=category&virtuemart_category_id='.$child->virtuemart_category_id);
|
||||
$childcattext = $child->category_name;
|
||||
?>
|
||||
<li class="border-bottom<?php echo $active_menu ?>">
|
||||
<?php echo HTMLHelper::link($caturl, $childcattext); ?>
|
||||
</li>
|
||||
<?php endforeach; ?>
|
||||
</ul>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</li>
|
||||
<?php endforeach; ?>
|
||||
</ul>
|
||||
@@ -1,118 +0,0 @@
|
||||
<!--
|
||||
* Copyright (C) 2025 Moko Consulting <jmiller@mokoconsulting.tech>
|
||||
*
|
||||
* This file is part of a Moko Consulting project.
|
||||
*
|
||||
* SPDX-License-Identifier: GPL-3.0-or-later
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
-->
|
||||
|
||||
<!--FILE INFORMATION
|
||||
* DEFGROUP: Joomla.Site
|
||||
* INGROUP: Templates.Moko-Cassiopeia
|
||||
* FILE: index.html
|
||||
* BRIEF: Security redirect page to block folder access and forward to site root.
|
||||
-->
|
||||
|
||||
<!doctype html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<title>Redirecting…</title>
|
||||
|
||||
<!-- Search engines: do not index this placeholder redirect page -->
|
||||
<meta name="robots" content="noindex, nofollow, noarchive" />
|
||||
|
||||
<!-- Instant redirect fallback even if JavaScript is disabled -->
|
||||
<meta http-equiv="refresh" content="0; url=/" />
|
||||
|
||||
<!-- Canonical root reference -->
|
||||
<link rel="canonical" href="/" />
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
|
||||
<script>
|
||||
/**
|
||||
* @defgroup Dolibarr
|
||||
* @file index.html (embedded script)
|
||||
* @version 1.0.0
|
||||
* @brief Security redirect logic. Replaces the current history entry with the site root.
|
||||
* @details This script computes the absolute root URL using `location.origin` and
|
||||
* forwards the user immediately. It prevents leaving the protected folder
|
||||
* in the browser history by default.
|
||||
*
|
||||
* @section VARIABLES
|
||||
* @var {Object} opts Configuration options for the redirect behavior.
|
||||
* @var {string} opts.fallbackPath Path used when `location.origin` cannot be determined.
|
||||
* @var {number} opts.delayMs Optional delay in milliseconds before redirecting.
|
||||
* @var {"replace"|"assign"} opts.behavior Navigation method used for the redirect.
|
||||
*
|
||||
* @section OPTIONS
|
||||
* - opts.fallbackPath: default "/" (root path)
|
||||
* - opts.delayMs: default 0 (immediate)
|
||||
* - opts.behavior: one of
|
||||
* * "replace" — calls `location.replace(url)`; does not keep the folder page in history.
|
||||
* * "assign" — calls `location.assign(url)`; keeps an extra history entry.
|
||||
*/
|
||||
(function redirectToRoot() {
|
||||
// Configuration object with safe defaults.
|
||||
var opts = {
|
||||
fallbackPath: "/", // string: fallback destination if origin is unavailable
|
||||
delayMs: 0, // number: delay before redirect in ms (0 = immediate)
|
||||
behavior: "replace" // enum: "replace" | "assign"
|
||||
};
|
||||
|
||||
// Determine absolute origin in all mainstream browsers.
|
||||
var origin = (typeof location.origin === "string" && location.origin)
|
||||
|| (location.protocol + "//" + location.host);
|
||||
|
||||
// Final destination: absolute root of the current site, or fallback path.
|
||||
var destination = origin ? origin + "/" : opts.fallbackPath;
|
||||
|
||||
function go() {
|
||||
if (opts.behavior === "assign") {
|
||||
location.assign(destination);
|
||||
} else {
|
||||
location.replace(destination);
|
||||
}
|
||||
}
|
||||
|
||||
// Execute redirect, optionally after a short delay.
|
||||
if (opts.delayMs > 0) {
|
||||
setTimeout(go, opts.delayMs);
|
||||
} else {
|
||||
go();
|
||||
}
|
||||
})();
|
||||
</script>
|
||||
|
||||
<!--
|
||||
Secondary meta-refresh for no-JS environments is already set above.
|
||||
Some very old crawlers may ignore JS; the meta refresh ensures coverage.
|
||||
-->
|
||||
|
||||
<noscript>
|
||||
<!-- Extra defense-in-depth: if JS is disabled, meta refresh (above) handles redirect. -->
|
||||
<style>
|
||||
html, body { height:100%; }
|
||||
body { display:flex; align-items:center; justify-content:center; margin:0; font: 16px/1.4 system-ui, -apple-system, Segoe UI, Roboto, Arial, sans-serif; }
|
||||
.msg { opacity: .75; text-align: center; }
|
||||
</style>
|
||||
</noscript>
|
||||
</head>
|
||||
<body>
|
||||
<div class="msg">Redirecting to the site root… If you are not redirected, <a href="/">click here</a>.</div>
|
||||
</body>
|
||||
</html>
|
||||
@@ -1,28 +0,0 @@
|
||||
<?php
|
||||
|
||||
|
||||
defined('_JEXEC') or die('Restricted access');
|
||||
|
||||
use Joomla\CMS\Router\Route;
|
||||
|
||||
$categoryModel->addImages($categories);
|
||||
$categories_per_row = vmConfig::get('categories_per_row');
|
||||
$bscol = $module->position == 'sidebar-left' || $module->position == 'sidebar-right' ? '6' : '3';
|
||||
?>
|
||||
|
||||
<ul class="vm-categories-wall list-unstyled p-0 row <?php echo $class_sfx ?>">
|
||||
<?php foreach ($categories as $category) : ?>
|
||||
<?php
|
||||
$caturl = Route::_('index.php?option=com_virtuemart&view=category&virtuemart_category_id='.$category->virtuemart_category_id);
|
||||
$catname = $category->category_name ;
|
||||
?>
|
||||
<li class="vm-categories-wall-catwrapper col-6 col-md-4 col-xl-<?php echo $bscol; ?>">
|
||||
<div class="vm-categories-wall-spacer text-center">
|
||||
<a href="<?php echo $caturl; ?>">
|
||||
<?php echo $category->images[0]->displayMediaThumb('class="vm-categories-wall-img img-fluid mb-3"',false) ?>
|
||||
<div class="vm-subcategory-title fw-normal pt-2 mb-2 border-top lh-sm"><?php echo $catname; ?></div>
|
||||
</a>
|
||||
</div>
|
||||
</li>
|
||||
<?php endforeach; ?>
|
||||
</ul>
|
||||
Reference in New Issue
Block a user