Merge pull request #78 from Leantime/hotfixes-2.0.4

Hotfixes 2.0.4

config/settings.php

@@ -17,7 +17,7 @@ class settings {
 
 	public $appVersion = "2.0.4";
 
-    public $dbVersion = "2.0";
+    public $dbVersion = "2.0.4";
 
 	/**
 	 * __construct

nginx.conf

@@ -51,7 +51,6 @@ server {
     rewrite ^/?$ /index.php?act=dashboard.show;
     rewrite ^/([^/\.]+)/([^/\.]+)/?$ /index.php?act=$1.$2;
     rewrite ^/([^/\.]+)/([^/\.]+)/([^/\.]+)/?$ /index.php?act=$1.$2&id=$3;
-    rewrite ^/([^/\.]+)/([^/\.]+)/([^/\.]+)/([^/\.]+)/?$ /index.php?act=$1.$2&id=$3&id2=$4;
   }
 
   location = /resetPassword {
@@ -74,6 +73,16 @@ server {
     rewrite ^/install/([^/\.]+)/?$ /index.php?install=true;
   }
 
+  location = /update {
+
+      rewrite ^(.*)$ /index.php?update=true;
+  }
+
+  location /update {
+
+     rewrite ^/update/([^/\.]+)/?$ /index.php?update=true;
+  }
+
   # additional config
   # favicon.ico
   location = /favicon.ico {

public/.htaccess

@@ -9,10 +9,12 @@ RewriteRule ^resetPassword/([^/\.]+)/?$ /index.php?resetPassword=true&hash=$1
 RewriteRule ^install$ /index.php?install=true
 RewriteRule ^install/([^/\.]+)/?$ /index.php?install=true
 
+RewriteRule ^update /index.php?update=true
+RewriteRule ^update/([^/\.]+)/?$ /index.php?update=true
+
 RewriteRule ^/?$ /index.php?act=dashboard.show
-RewriteRule ^([^/\.]+)/([^/\.]+)/?$ /index.php?act=$1.$2 [NC]
-RewriteRule ^([^/\.]+)/([^/\.]+)/([^/\.]+)/?$ /index.php?act=$1.$2&id=$3
-RewriteRule ^([^/\.]+)/([^/\.]+)/([^/\.]+)/([^/\.]+)/?$ /index.php?act=$1.$2&id=$3&id2=$4
+RewriteRule ^([^/\.]+)/([^/\.]+)/?$ /index.php?act=$1.$2 [QSA]
+RewriteRule ^([^/\.]+)/([^/\.]+)/([^/\.]+)/?$ /index.php?act=$1.$2&id=$3 [QSA]
 
 
 

src/core/class.application.php

@@ -48,12 +48,14 @@ public function start()
         ob_start();
 
         if($this->login->logged_in()===false) {
-                
-            //Run password reset through application to avoid security holes in the front controller
+
+            //Hard coded routes for a few pages that can be access without login
             if(isset($_GET['resetPassword']) === true) {
                 include '../src/resetPassword.php';
             }else if(isset($_GET['install']) === true) {
                  include '../src/install.php';
+            }else if(isset($_GET['update']) === true) {
+                include '../src/update.php';
             }else{
                 include '../src/login.php';
             }    
@@ -105,6 +107,21 @@ public function overrideThemeSettings() {
             }
         }
 
+        //Only run this if the user is not logged in (db should be updated/installed before user login)
+        if($this->login->logged_in()===false) {
+
+            if($settings->checkIfInstalled() === false && isset($_GET['install']) === false){
+                header("Location: /install");
+                exit();
+            }
+
+            $dbVersion = $settings->getSetting("db-version");
+            if ($this->settings->dbVersion != $dbVersion && isset($_GET['update']) === false && isset($_GET['install']) === false) {
+                header("Location: /update");
+                exit();
+            }
+        }
+
 
     }
 

src/core/class.db.php

@@ -83,7 +83,7 @@ private function __construct()
 
         try{
 
-            $driver_options = array( PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8,sql_mode="NO_ENGINE_SUBSTITUTION"' );
+            $driver_options = array( PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8mb4,sql_mode="NO_ENGINE_SUBSTITUTION"' );
             $this->database = new PDO('mysql:host=' . $this->host . ';dbname='. $this->databaseName .'', $this->user, $this->password, $driver_options);
             $this->database->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);