You've already forked Atomcms-edit
Fix security, performance, and code quality issues across CMS
Security:
- Replace unescaped {!! !!} with Purify::clean() in 15+ Blade templates (XSS)
- Add rate limiting to register (3/hr), upload (10/min), SSE (6/min)
- Add max:5000 validation on article comments
- Remove duplicate exception handler callback
Hardcoded paths:
- Replace ~44 /var/www/ hardcoded paths with env() configs
- CatalogService (13), AutoDetectService (18), Commandocentrum (11), AppServiceProvider (2)
Performance:
- Add 10 missing database indexes (radio_song_requests, help_center_tickets, etc.)
- Replace Cache::flush() with targeted Cache::forget() in RadioSettings
- Cache getCachedCategories() in TicketController (N+1 fix)
- Remove redundant top-3 leaderboard query
Bug fixes:
- Fix undefined $enabled variable → $isOnline in radio index view
- Add getAvatarAttribute() accessor for non-existent avatar column
- Fix User::guilds() from wrong HasMany to HasManyThrough
Code quality:
- Replace file_get_contents with Http::timeout(10) in TraxService
- Remove commented Echo/Pusher boilerplate in bootstrap.js
- Remove TODO/FIXME comments from logo-generator templates
- Replace hardcoded Turnstile CDN URL with config()
- Restore QUEUE_CONNECTION=redis in .env.example files
This commit is contained in:
@@ -104,15 +104,15 @@ final class Commandocentrum extends Page implements HasForms
|
||||
'emulator_database_username' => $this->getSetting('emulator_database_username', ''),
|
||||
'emulator_database_password' => $this->getSetting('emulator_database_password', ''),
|
||||
'emulator_version' => $this->getSetting('emulator_version', 'Onbekend'),
|
||||
'nitro_emulator_path' => $this->getSetting('nitro_emulator_path', '/var/www/emulator'),
|
||||
'nitro_emulator_path' => $this->getSetting('nitro_emulator_path', $this->emulatorPath()),
|
||||
'nitro_emulator_service' => $this->getSetting('nitro_emulator_service', 'emulator'),
|
||||
'nitro_db_name' => $this->getSetting('nitro_db_name', 'habbo'),
|
||||
'nitro_sql_dir' => $this->getSetting('nitro_sql_dir', '/var/www/emulator/Database Updates'),
|
||||
'nitro_backup_dir' => $this->getSetting('nitro_backup_dir', '/var/www/emulator/Database Updates/backups'),
|
||||
'nitro_gamedata_dir' => $this->getSetting('nitro_gamedata_dir', '/var/www/Gamedata/config'),
|
||||
'nitro_client_dir' => $this->getSetting('nitro_client_dir', '/var/www/Nitro-V3/public/configuration'),
|
||||
'nitro_client_src' => $this->getSetting('nitro_client_src', '/var/www/Nitro-V3'),
|
||||
'nitro_renderer_src' => $this->getSetting('nitro_renderer_src', '/var/www/Nitro_Render_V3'),
|
||||
'nitro_sql_dir' => $this->getSetting('nitro_sql_dir', $this->emulatorPath('Database Updates')),
|
||||
'nitro_backup_dir' => $this->getSetting('nitro_backup_dir', $this->emulatorPath('Database Updates/backups')),
|
||||
'nitro_gamedata_dir' => $this->getSetting('nitro_gamedata_dir', $this->gamedataPath()),
|
||||
'nitro_client_dir' => $this->getSetting('nitro_client_dir', $this->nitroV3Path('public/configuration')),
|
||||
'nitro_client_src' => $this->getSetting('nitro_client_src', $this->nitroV3Path()),
|
||||
'nitro_renderer_src' => $this->getSetting('nitro_renderer_src', $this->nitroRendererV3Path()),
|
||||
'hotel_alert_message' => '',
|
||||
];
|
||||
}
|
||||
@@ -350,9 +350,9 @@ final class Commandocentrum extends Page implements HasForms
|
||||
$serviceStatus = $this->runCommand('systemctl is-active ' . escapeshellarg($serviceName) . ' 2>/dev/null') ?: 'inactive';
|
||||
$serviceColor = $serviceStatus === 'active' ? '#22c55e' : '#ef4444';
|
||||
|
||||
$nitroClientPath = $this->getSetting('nitro_client_path', '/var/www/nitro-client');
|
||||
$nitroRendererPath = $this->getSetting('nitro_renderer_path', '/var/www/nitro-renderer');
|
||||
$nitroWebroot = $this->getSetting('nitro_webroot', '/var/www/Client');
|
||||
$nitroClientPath = $this->getSetting('nitro_client_path', $this->nitroClientPath());
|
||||
$nitroRendererPath = $this->getSetting('nitro_renderer_path', $this->nitroRendererPath());
|
||||
$nitroWebroot = $this->getSetting('nitro_webroot', $this->clientWebrootPath());
|
||||
|
||||
$clientCommit = $this->getGitCommit($nitroClientPath);
|
||||
$rendererCommit = $this->getGitCommit($nitroRendererPath);
|
||||
@@ -685,7 +685,7 @@ final class Commandocentrum extends Page implements HasForms
|
||||
$settings->set('emulator_jar_direct_url', $this->data['emulator_jar_direct_url'] ?? '');
|
||||
$settings->set('emulator_jar_path', $this->data['emulator_jar_path'] ?? '/root/emulator');
|
||||
$settings->set('emulator_source_repo', $this->data['emulator_source_repo'] ?? '');
|
||||
$settings->set('emulator_source_path', $this->data['emulator_source_path'] ?? '/var/www/emulator-source');
|
||||
$settings->set('emulator_source_path', $this->data['emulator_source_path'] ?? $this->emulatorSourcePath());
|
||||
$settings->set('emulator_github_branch', $this->data['emulator_github_branch'] ?? 'main');
|
||||
$settings->set('emulator_database_host', $this->data['emulator_database_host'] ?? '127.0.0.1');
|
||||
$settings->set('emulator_database_name', $this->data['emulator_database_name'] ?? '');
|
||||
@@ -885,4 +885,60 @@ final class Commandocentrum extends Page implements HasForms
|
||||
{
|
||||
return $this->runCommand('cat ' . escapeshellarg($path) . ' 2>/dev/null');
|
||||
}
|
||||
|
||||
private function emulatorPath(string $path = ''): string
|
||||
{
|
||||
$base = rtrim(env('NITRO_EMULATOR_PATH', '/var/www/emulator'), '/');
|
||||
|
||||
return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
|
||||
}
|
||||
|
||||
private function nitroClientPath(string $path = ''): string
|
||||
{
|
||||
$base = rtrim(env('NITRO_CLIENT_DIR', '/var/www/nitro-client'), '/');
|
||||
|
||||
return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
|
||||
}
|
||||
|
||||
private function gamedataPath(string $path = ''): string
|
||||
{
|
||||
$base = rtrim(env('NITRO_GAMEDATA_DIR', '/var/www/Gamedata/config'), '/');
|
||||
|
||||
return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
|
||||
}
|
||||
|
||||
private function nitroV3Path(string $path = ''): string
|
||||
{
|
||||
$base = rtrim(env('NITRO_V3_DIR', '/var/www/Nitro-V3'), '/');
|
||||
|
||||
return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
|
||||
}
|
||||
|
||||
private function nitroRendererV3Path(string $path = ''): string
|
||||
{
|
||||
$base = rtrim(env('NITRO_RENDERER_V3_DIR', '/var/www/Nitro_Render_V3'), '/');
|
||||
|
||||
return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
|
||||
}
|
||||
|
||||
private function nitroRendererPath(string $path = ''): string
|
||||
{
|
||||
$base = rtrim(env('NITRO_RENDERER_DIR', '/var/www/nitro-renderer'), '/');
|
||||
|
||||
return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
|
||||
}
|
||||
|
||||
private function clientWebrootPath(string $path = ''): string
|
||||
{
|
||||
$base = rtrim(env('NITRO_CLIENT_WEBROOT', '/var/www/Client'), '/');
|
||||
|
||||
return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
|
||||
}
|
||||
|
||||
private function emulatorSourcePath(string $path = ''): string
|
||||
{
|
||||
$base = rtrim(env('NITRO_EMULATOR_SOURCE_DIR', '/var/www/emulator-source'), '/');
|
||||
|
||||
return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user