GetSimple CMS - Community Edition

Author: risingisland

README.md

@@ -0,0 +1,119 @@
+### GetSimple CMS 3.3.19 COMMUNITY EDITION 
+The official unofficial GS update repo. Helping to bridge the gap in PHP compatibility. 
+
+What has changed in this version of the Community Edition?
+
+🚀 **_Added support for php7.4-8.2_**
+
+
+**New in this Update:**
+
+⭐ Massive Admin included by default (repsponsive admin + user manager + much much more...).
+
+⭐ New Admin themes option.
+
+⭐ ResponsiveCE default template (front-end starter theme).
+
+⭐ New ckEditor plugins (Codemirror, YouTube, FontAwesome, etc.).
+
+⭐ New Soport Page options (view errorlog & phpInfo).
+
+⭐ New gsconfig option (view page tree by Title or Menu order).
+
+⭐ New Copy Component code button.
+
+⭐ Other minor fixes and cleanup.
+
+**Previous Updates:**
+
+- Fix deprecated Text-encoding HTML-ENTITIES for php8.2.
+- Hotfixes: form action reflection, add phar to blacklist, .htaccess
+- Fix bug in Components if none exist.
+- Fix non numeric error on gsdebug.
+- Fix vulnerability #1335 (https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1335)
+- Fix error message (empty log file) #1312 (https://github.com/GetSimpleCMS/GetSimpleCMS/pull/1312)
+- Fix missing php7 extension on file_ext_blacklist #1237 (https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1237)
+- Add .webp support for GetSimple CMS #1350 (https://github.com/GetSimpleCMS/GetSimpleCMS/pull/1350)
+- Add thumbnail creation on upload.
+- Update Google Fonts to local in Innovation theme (for German GDPR).
+- Changed function name do to deprecated class constructor.
+- Further 8.x compatibility from Topic with fixes ([Forum Thread](http://get-simple.info/forums/showthread.php?tid=16548))
+
+
+```bash
+/// original readme below ///
+```
+GetSimple Content Management System
+=========================================
+
+ DESCRIPTION:
+-----------------------------------
+
+GetSimple CMS is a flatfile CMS that works fast and efficient and has 
+the best UI around.
+
+Official Website - http://get-simple.info/
+
+GetSimple CMS was developed by Chris Cagle [ http://chriscagle.me ] and 
+is now passionately supported and developed by a loving community.
+
+
+ LICENSE:
+-----------------------------------
+
+This software package is licensed under the GNU GENERAL PUBLIC LICENSE v3. 
+LICENSE.txt is located within this download's zip file
+
+It would be great if you would link back to get-simple.info if you use it.
+
+
+REQUIREMENTS: 
+-----------------------------------
+
+http://get-simple.info/docs/requirements
+
+### Build Requirements ###
+
+PHP 7.4+
+
+### Module Requirements ###
+
+SimpleXML
+
+### Browser Requirements ###
+
+Javascript Enabled
+
+### Server ###
+*Apache ( required for out of the box security using .htaccess )
+
+*If not using Apache you will get a non-apache warning, 
+this warning is to alert you that your data files will not be secure 
+and you must take proper precautions to secure your site.
+To disable this warning see gsconfig definition GSNOAPACHECHECK
+
+
+INSTALLATION:
+-----------------------------------
+
+Please see: http://get-simple.info/docs/installation
+
+
+UPGRADING
+-----------------------------------
+
+Please see: http://get-simple.info/docs/upgrading
+
+
+DISCLAIMER:
+-----------------------------------
+
+While GetSimple strives to be a secure and stable application, we simply cannot 
+be held liable for any information loss, corruption or anything else that may 
+happen to your site while it is using the our software. If you find a bug 
+or security hole, please contact someone in the forums at 
+http://get-simple.info/forum
+
+
+______________________________________________
+GetSimple CMS - http://get-simple.info/

admin/api.php

@@ -0,0 +1,62 @@
+<?php
+/**
+ * GetSimple API Handler
+ *
+ * @package GetSimple
+ * @subpackage API
+ */
+	include('inc/common.php');
+	include('inc/api.class.php');
+
+	#step 1 - check for post
+	if (empty($_POST)) exit;
+	if (!getDef('GSEXTAPI',true)) exit;
+
+	// disable libxml error output
+	if(!isDebug()) libxml_use_internal_errors(true);
+
+	// disable entity loading to avoid xxe
+	libxml_disable_entity_loader();
+
+	#step 1 - check post for data
+	if (!isset($_POST['data'])) {
+		$message = ['status' => 'error', 'message' => i18n_r('API_ERR_MISSINGPARAM')];
+		echo json_encode($message);
+		exit;
+	};
+
+	#step 2 - setup request
+	$in = simplexml_load_string($_POST['data'], 'SimpleXMLExtended', LIBXML_NOCDATA);
+	$request = new API_Request();
+	$request->add_data($in);
+
+	#step 3 - verify a compatible method was provided
+	$methods = ['page_read', 'page_save', 'all_pages_read', 'all_files_read', 'file_upload', 'settings_read'];
+	if (!in_array($in->method, $methods)) {
+		$message = ['status' => 'error', 'message' => sprintf(i18n_r('API_ERR_BADMETHOD'), $in->method)];
+		echo json_encode($message);
+		exit;
+	}
+
+	#step 4 - process request
+	$method = (string)$in->method;
+	echo call_user_func([$request, $method], '');
+
+exit;
+
+/*
+----------------------------
+EXAMPLE XML FILE COMING IN
+----------------------------
+
+<request>
+	<key>ABCDE12345</key>
+	<method>page_read</method>
+	<data>
+		<field1></field1>
+		<field2></field2>
+		<field3></field3>
+	</data>
+</request>
+
+*/

admin/apple-touch-icon.png

@@ -0,0 +1,98 @@
+<?php 
+/**
+ * Archive
+ *
+ * Displays and starts the website archives 	
+ *
+ * @package GetSimple
+ * @subpackage Backups
+ */
+
+// Setup inclusions
+$load['plugin'] = true;
+
+// Include common.php
+include('inc/common.php');
+
+// Variable Settings
+login_cookie_check();
+$table = '';
+
+// if a backup needs to be created
+if(isset($_GET['do'])) {
+	
+	// check for csrf
+	if (!defined('GSNOCSRF') || (GSNOCSRF == FALSE) ) {
+		$nonce = $_GET['nonce'];
+		if(!check_nonce($nonce, "create")) {
+			die("CSRF detected!");
+		}
+	}	
+	exec_action('archive-backup');
+	redirect('zip.php?s='.$SESSIONHASH);	
+}
+
+// if a backup has just been created
+if(isset($_GET['done'])) {
+	$success = i18n_r('SUCC_WEB_ARCHIVE');
+}
+
+if(isset($_GET['nozip'])) {
+	$error = i18n_r('NO_ZIPARCHIVE'). ' - <a href="health-check.php">'.i18n_r('WEB_HEALTH_CHECK').'</a>';
+}
+
+get_template('header', cl($SITENAME).' &raquo; '.i18n_r('BAK_MANAGEMENT').' &raquo; '.i18n_r('WEBSITE_ARCHIVES')); 
+
+?>
+	
+<?php include('template/include-nav.php'); ?>
+
+<div class="bodycontent clearfix">
+	
+	<div id="maincontent">
+		<div class="main" >
+		<h3 class="floated"><?php i18n('WEBSITE_ARCHIVES');?></h3>
+		<div class="edit-nav clearfix" >
+    	<a id="waittrigger" href="archive.php?do&amp;nonce=<?php echo get_nonce("create"); ?>" accesskey="<?php echo find_accesskey(i18n_r('ASK_CREATE_ARC'));?>" title="<?php i18n('CREATE_NEW_ARC');?>" ><?php i18n('ASK_CREATE_ARC');?></a>
+		</div>
+		<p style="display:none" id="waiting" ><?php i18n('CREATE_ARC_WAIT');?></p>
+		
+		<table class="highlight paginate">
+			<tr><th><?php i18n('ARCHIVE_DATE'); ?></th><th style="text-align:right;" ><?php i18n('FILE_SIZE'); ?></th><th></th></tr>
+			<?php
+				$count="0";
+				$path = tsl(GSBACKUPSPATH .'zip/');
+				
+				$filenames = getFiles($path);
+	
+				natsort($filenames);
+				rsort($filenames);
+				
+				foreach ($filenames as $file) {
+					if($file[0] != "." ) {
+						$timestamp = explode('_', $file);
+						$name = lngDate($timestamp[0]);
+						clearstatcache();
+						$ss = stat($path . $file);
+						$size = fSize($ss['size']);
+						echo '<tr>
+								<td><a title="'.i18n_r('DOWNLOAD').' '. $name .'" href="download.php?file='. $path . $file .'&amp;nonce='.get_nonce("archive", "download.php").'">'.$name .'</a></td>
+								<td style="width:70px;text-align:right;" ><span>'.$size.'</span></td>
+								<td class="delete" ><a class="delconfirm" title="'.i18n_r('DELETE_ARCHIVE').': '. $name .'?" href="deletefile.php?zip='. $file .'&amp;nonce='.get_nonce("delete", "deletefile.php").'">&times;</a></td>
+							  </tr>';
+						$count++;
+					}
+				}
+	
+			?>
+			</table>
+			<p><em><b><span id="pg_counter"><?php echo $count; ?></span></b> <?php i18n('TOTAL_ARCHIVES');?></em></p>
+		</div>
+	</div>
+	
+	<div id="sidebar" >
+		<?php include('template/sidebar-backups.php'); ?>
+	</div>
+
+</div>
+<?php get_template('footer'); ?>