From 659950996deedbb402b65d3ca0e3bf43c6b06cb7 Mon Sep 17 00:00:00 2001 From: sbwalker Date: Mon, 24 Feb 2025 16:15:35 -0500 Subject: [PATCH 1/9] remove IJSRuntime reference as it was causing a compilation warning --- Oqtane.Client/Themes/Controls/Theme/CookieConsent.razor | 1 - 1 file changed, 1 deletion(-) diff --git a/Oqtane.Client/Themes/Controls/Theme/CookieConsent.razor b/Oqtane.Client/Themes/Controls/Theme/CookieConsent.razor index 4d489b14..e7bfdc7b 100644 --- a/Oqtane.Client/Themes/Controls/Theme/CookieConsent.razor +++ b/Oqtane.Client/Themes/Controls/Theme/CookieConsent.razor @@ -1,7 +1,6 @@ @namespace Oqtane.Themes.Controls @inherits ThemeControlBase @inject ICookieConsentService CookieConsentService -@inject IJSRuntime JSRuntime @inject IStringLocalizer Localizer @if (showBanner) From 51aada892298cadd04b54d44dc09102aba5199a9 Mon Sep 17 00:00:00 2001 From: Ben Date: Wed, 26 Feb 2025 18:25:24 +0800 Subject: [PATCH 2/9] Fix #5116: parse the value as UTC time. --- Oqtane.Server/Controllers/VisitorController.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Oqtane.Server/Controllers/VisitorController.cs b/Oqtane.Server/Controllers/VisitorController.cs index 224aaa5f..66ba447c 100644 --- a/Oqtane.Server/Controllers/VisitorController.cs +++ b/Oqtane.Server/Controllers/VisitorController.cs @@ -34,7 +34,7 @@ namespace Oqtane.Controllers int SiteId; if (int.TryParse(siteid, out SiteId) && SiteId == _alias.SiteId) { - return _visitors.GetVisitors(SiteId, DateTime.ParseExact(fromdate, "yyyy-MM-dd", CultureInfo.InvariantCulture)); + return _visitors.GetVisitors(SiteId, DateTime.ParseExact(fromdate, "yyyy-MM-dd", CultureInfo.InvariantCulture, DateTimeStyles.AssumeUniversal | DateTimeStyles.AdjustToUniversal)); } else { From 29f07f6c5696db587916528106e53f061958813f Mon Sep 17 00:00:00 2001 From: sbwalker Date: Wed, 26 Feb 2025 12:11:56 -0500 Subject: [PATCH 3/9] remove unnecessary log message --- Oqtane.Server/Pages/Files.cshtml.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/Oqtane.Server/Pages/Files.cshtml.cs b/Oqtane.Server/Pages/Files.cshtml.cs index 5af6737a..b241388e 100644 --- a/Oqtane.Server/Pages/Files.cshtml.cs +++ b/Oqtane.Server/Pages/Files.cshtml.cs @@ -50,7 +50,6 @@ namespace Oqtane.Pages { if (string.IsNullOrWhiteSpace(path)) { - _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Access Attempt - Path Not Specified For Site {SiteId}", _alias.SiteId); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; return BrokenFile(); } From 5505c91ae0e593f6b8a90aa180f4033892bf6ca6 Mon Sep 17 00:00:00 2001 From: sbwalker Date: Wed, 26 Feb 2025 12:53:53 -0500 Subject: [PATCH 4/9] remove package validation logic --- .../Admin/ModuleDefinitions/Edit.razor | 42 +----------------- Oqtane.Client/Modules/Admin/Themes/Edit.razor | 43 +------------------ .../Modules/Admin/ModuleDefinitions/Edit.resx | 12 ------ .../Resources/Modules/Admin/Themes/Edit.resx | 12 ------ 4 files changed, 2 insertions(+), 107 deletions(-) diff --git a/Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor b/Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor index 4693891e..803f2437 100644 --- a/Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor +++ b/Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor @@ -63,24 +63,7 @@
- @if (!string.IsNullOrEmpty(_packagename)) - { -
- - @if (string.IsNullOrEmpty(_packageurl)) - { - - } - else - { - @SharedLocalizer["Download"] - } -
- } - else - { - - } +
@@ -244,7 +227,6 @@ private string _moduledefinitionname = ""; private string _version; private string _packagename = ""; - private string _packageurl = ""; private string _owner = ""; private string _url = ""; private string _contact = ""; @@ -445,27 +427,5 @@ } } - private async Task ValidatePackage() - { - try - { - var package = await PackageService.GetPackageAsync(_packagename, _version, true); - if (package == null || string.IsNullOrEmpty(package.PackageUrl)) - { - AddModuleMessage(Localizer["Message.Validate"], MessageType.Warning); - } - else - { - _packageurl = package.PackageUrl; - AddModuleMessage(Localizer["Message.Download"], MessageType.Info); - } - StateHasChanged(); - } - catch (Exception ex) - { - await logger.LogError(ex, "Error Downloading Package {PackageId} {Version}", _packagename, _version); - AddModuleMessage(Localizer["Error.Validate"], MessageType.Error); - } - } private string Browse(Page page) => string.IsNullOrEmpty(page.Url) ? NavigateUrl(page.Path) : page.Url; } diff --git a/Oqtane.Client/Modules/Admin/Themes/Edit.razor b/Oqtane.Client/Modules/Admin/Themes/Edit.razor index 92dcf3a8..ed324ebf 100644 --- a/Oqtane.Client/Modules/Admin/Themes/Edit.razor +++ b/Oqtane.Client/Modules/Admin/Themes/Edit.razor @@ -45,24 +45,7 @@
- @if (!string.IsNullOrEmpty(_packagename)) - { -
- - @if (string.IsNullOrEmpty(_packageurl)) - { - - } - else - { - @SharedLocalizer["Download"] - } -
- } - else - { - - } +
@@ -116,7 +99,6 @@ private string _name; private string _version; private string _packagename = ""; - private string _packageurl = ""; private string _owner = ""; private string _url = ""; private string _contact = ""; @@ -185,27 +167,4 @@ AddModuleMessage(SharedLocalizer["Message.InfoRequired"], MessageType.Warning); } } - - private async Task ValidatePackage() - { - try - { - var package = await PackageService.GetPackageAsync(_packagename, _version, true); - if (package == null || string.IsNullOrEmpty(package.PackageUrl)) - { - AddModuleMessage(Localizer["Message.Validate"], MessageType.Warning); - } - else - { - _packageurl = package.PackageUrl; - AddModuleMessage(Localizer["Message.Download"], MessageType.Info); - } - StateHasChanged(); - } - catch (Exception ex) - { - await logger.LogError(ex, "Error Downloading Package {PackageId} {Version}", _packagename, _version); - AddModuleMessage(Localizer["Error.Validate"], MessageType.Error); - } - } } diff --git a/Oqtane.Client/Resources/Modules/Admin/ModuleDefinitions/Edit.resx b/Oqtane.Client/Resources/Modules/Admin/ModuleDefinitions/Edit.resx index 7bb6ae59..186fdd65 100644 --- a/Oqtane.Client/Resources/Modules/Admin/ModuleDefinitions/Edit.resx +++ b/Oqtane.Client/Resources/Modules/Admin/ModuleDefinitions/Edit.resx @@ -228,18 +228,6 @@ View License - - Error Validating Package - - - Package Version Has Been Verified. Please Select The Download Button To Obtain The Package. - - - This Package Version Has Not Been Registered In The Oqtane Marketplace Or You Do Not Have The Right To Use It From This Installation - - - Validate - Browse diff --git a/Oqtane.Client/Resources/Modules/Admin/Themes/Edit.resx b/Oqtane.Client/Resources/Modules/Admin/Themes/Edit.resx index 58a04abe..c18f9761 100644 --- a/Oqtane.Client/Resources/Modules/Admin/Themes/Edit.resx +++ b/Oqtane.Client/Resources/Modules/Admin/Themes/Edit.resx @@ -180,16 +180,4 @@ View License - - Error Validating Package - - - Package Version Has Been Verified. Please Select The Download Button To Obtain The Package. - - - This Package Version Has Not Been Registered In The Oqtane Marketplace Or You Do Not Have The Right To Use It From This Installation - - - Validate - \ No newline at end of file From df593d43a772eed0834d8d2f857f87518f3c1cc2 Mon Sep 17 00:00:00 2001 From: Shaun Walker Date: Wed, 26 Feb 2025 15:25:25 -0500 Subject: [PATCH 5/9] Update SECURITY.md --- SECURITY.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 0f88a666..55e7b70f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,5 +1,9 @@ # Security Policy +## Security Bulletins + +All verified security bulletins are published in the [Oqtane Security Center](https://www.oqtane.net/security). + ## Reporting a Vulnerability We make every effort to ensure rapid and thorough analysis of reported issues and, where appropriate, provide workarounds and updated application releases to fix them. If you identify a potential security vulnerability please report it via support@oqtane.org. From 4b62fdbf93a4067c5c8094bdcee574063363f851 Mon Sep 17 00:00:00 2001 From: Shaun Walker Date: Wed, 26 Feb 2025 15:27:33 -0500 Subject: [PATCH 6/9] Update SECURITY.md --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 55e7b70f..128066ca 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,7 +2,7 @@ ## Security Bulletins -All verified security bulletins are published in the [Oqtane Security Center](https://www.oqtane.net/security). +All published security bulletins are available in the Oqtane [Security Center](https://www.oqtane.net/security). The Security Center allows you to select a specific version of the Oqtane Framework and view the associated security bulletins. ## Reporting a Vulnerability From 912760f2a7d94dee1bf3b8e5d8469e8819a16b1c Mon Sep 17 00:00:00 2001 From: Shaun Walker Date: Wed, 26 Feb 2025 15:29:49 -0500 Subject: [PATCH 7/9] Update SECURITY.md --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 128066ca..52366db0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -11,7 +11,7 @@ We make every effort to ensure rapid and thorough analysis of reported issues an All submitted information is viewed only by members of the Oqtane Security Team, and will not be discussed outside the Team without the permission of the person/company who reported the issue. Each confirmed issue is assigned a severity level (critical, moderate, or low) corresponding to its potential impact on an Oqtane installation. * **Critical** means the issue can be exploited by a remote attacker to gain access to data or functionality. All critical issue security bulletins include a recommended workaround or fix that should be applied as soon as possible. -* **Moderate** means the issue can compromise data or functionality on a portal/website only if some other condition is met (e.g. a particular module or a user within a particular role is required). Moderate issue security bulletins typically include recommended actions to resolve the issue. +* **Moderate** means the issue can compromise data or functionality on a site only if some other condition is met (e.g. a particular module or a user within a particular role is required). Moderate issue security bulletins typically include recommended actions to resolve the issue. * **Low** means the issue is very difficult to exploit or has a limited potential impact. Once an issue has been resolved via a public release of Oqtane, the release notes on GitHub are updated to reflect that security bulletins exist for the release. We strongly suggest using the "Watch" option on GitHub for "Releases" at a minimum to receive notifications of updated Oqtane releases. From 08dff5fb674343742d272d9a317b12b1f4d65b35 Mon Sep 17 00:00:00 2001 From: sbwalker Date: Thu, 27 Feb 2025 10:51:22 -0500 Subject: [PATCH 8/9] add missing maxlength attributes --- Oqtane.Client/Modules/Admin/Pages/Add.razor | 12 ++++++------ Oqtane.Client/Modules/Admin/Pages/Edit.razor | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Oqtane.Client/Modules/Admin/Pages/Add.razor b/Oqtane.Client/Modules/Admin/Pages/Add.razor index 6deef0eb..a4bc6500 100644 --- a/Oqtane.Client/Modules/Admin/Pages/Add.razor +++ b/Oqtane.Client/Modules/Admin/Pages/Add.razor @@ -16,7 +16,7 @@
- +
@if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Admin)) @@ -101,13 +101,13 @@
- +
- +
@@ -147,7 +147,7 @@
- +
@@ -186,13 +186,13 @@
- +
- +
diff --git a/Oqtane.Client/Modules/Admin/Pages/Edit.razor b/Oqtane.Client/Modules/Admin/Pages/Edit.razor index 436eb45a..6d27b990 100644 --- a/Oqtane.Client/Modules/Admin/Pages/Edit.razor +++ b/Oqtane.Client/Modules/Admin/Pages/Edit.razor @@ -205,13 +205,13 @@
- +
- +
From c52ee3d91d1bca650ab0a9560d34d1f66f68cf03 Mon Sep 17 00:00:00 2001 From: sbwalker Date: Fri, 28 Feb 2025 10:45:25 -0500 Subject: [PATCH 9/9] provide option to assign a theme to a site --- Oqtane.Client/Modules/Admin/Site/Index.razor | 30 +++++++++++-------- .../Modules/Admin/Themes/Index.razor | 7 +++-- .../Resources/Modules/Admin/Site/Index.resx | 3 ++ .../Resources/Modules/Admin/Themes/Index.resx | 5 +++- 4 files changed, 29 insertions(+), 16 deletions(-) diff --git a/Oqtane.Client/Modules/Admin/Site/Index.razor b/Oqtane.Client/Modules/Admin/Site/Index.razor index c23f9732..898d1a91 100644 --- a/Oqtane.Client/Modules/Admin/Site/Index.razor +++ b/Oqtane.Client/Modules/Admin/Site/Index.razor @@ -72,20 +72,8 @@

-
+
-
- -
- -
-
-
- -
- -
-
@@ -128,6 +116,22 @@
+
+
+
+ +
+ +
+
+
+ +
+ +
+
+
+
diff --git a/Oqtane.Client/Modules/Admin/Themes/Index.razor b/Oqtane.Client/Modules/Admin/Themes/Index.razor index db655868..b6b25345 100644 --- a/Oqtane.Client/Modules/Admin/Themes/Index.razor +++ b/Oqtane.Client/Modules/Admin/Themes/Index.razor @@ -4,6 +4,7 @@ @inject NavigationManager NavigationManager @inject IThemeService ThemeService @inject IPackageService PackageService +@inject ISiteService SiteService @inject IStringLocalizer Localizer @inject IStringLocalizer SharedLocalizer @@ -19,6 +20,7 @@ else
+       @SharedLocalizer["Name"] @@ -32,10 +34,11 @@ else @if (context.AssemblyName != Constants.ClientId) - { + { - } + } + @Localizer["Assign"] @context.Name @context.Version diff --git a/Oqtane.Client/Resources/Modules/Admin/Site/Index.resx b/Oqtane.Client/Resources/Modules/Admin/Site/Index.resx index 0551fb8f..1d815dfc 100644 --- a/Oqtane.Client/Resources/Modules/Admin/Site/Index.resx +++ b/Oqtane.Client/Resources/Modules/Admin/Site/Index.resx @@ -426,4 +426,7 @@ System + + Theme + \ No newline at end of file diff --git a/Oqtane.Client/Resources/Modules/Admin/Themes/Index.resx b/Oqtane.Client/Resources/Modules/Admin/Themes/Index.resx index e6b11297..7ff1b618 100644 --- a/Oqtane.Client/Resources/Modules/Admin/Themes/Index.resx +++ b/Oqtane.Client/Resources/Modules/Admin/Themes/Index.resx @@ -146,7 +146,7 @@ Install Theme - + View @@ -156,4 +156,7 @@ Enabled? + + Assign + \ No newline at end of file