3006cb544f
The way this now works is, if csrf is enabled: * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
28 lines
830 B
PHP
28 lines
830 B
PHP
<?php
|
|
|
|
// Make sure we are called from index.php
|
|
if (!defined('SECURITY')) die('Hacking attempt');
|
|
|
|
// Include markdown library
|
|
use \Michelf\Markdown;
|
|
|
|
if (!$smarty->isCached('master.tpl', $smarty_cache_key)) {
|
|
$debug->append('No cached version available, fetching from backend', 3);
|
|
// Fetch active news to display
|
|
$aNews = $news->getAllActive();
|
|
if (is_array($aNews)) {
|
|
foreach ($aNews as $key => $aData) {
|
|
// Transform Markdown content to HTML
|
|
$aNews[$key]['content'] = Markdown::defaultTransform($aData['content']);
|
|
}
|
|
}
|
|
|
|
$smarty->assign("HIDEAUTHOR", $setting->getValue('acl_hide_news_author'));
|
|
$smarty->assign("NEWS", $aNews);
|
|
} else {
|
|
$debug->append('Using cached page', 3);
|
|
}
|
|
// Load news entries for Desktop site and unauthenticated users
|
|
$smarty->assign("CONTENT", "default.tpl");
|
|
?>
|