From a35e503fbfa7a9259f129319f5b22d42bb232f07 Mon Sep 17 00:00:00 2001
From: KuJoe <me@kujoe.net>
Date: Wed, 22 May 2024 10:16:25 -0400
Subject: [PATCH] Added option to hide HTMLy version publicly and added version
 to admin layout

A configuration setting has been added to allow users to hide the version of HTMLy from the source code publicly as a security precaution. The version has been added to the admin layout for easier visibility for admins.
---
 lang/en_US.ini                     |  4 +++-
 system/admin/views/config.html.php | 21 +++++++++++++++++++++
 system/admin/views/layout.html.php |  2 +-
 system/configList.json             |  3 ++-
 system/includes/functions.php      |  4 +++-
 5 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/lang/en_US.ini b/lang/en_US.ini
index 5a66510..4e496f8 100644
--- a/lang/en_US.ini
+++ b/lang/en_US.ini
@@ -301,4 +301,6 @@ login_protect_system = "Login protection system"
 cloudflare_info = "Review Cloudflare's Turnstile documentation: "
 mfa_config = "Multi Factor Authentication (MFA)"
 set_mfa_globally = "Set the status of MFA"
-explain_mfa = "When enabled, MFA is optional for all users. When disabled, no users can use it and it hides the field on the login page."
\ No newline at end of file
+explain_mfa = "When enabled, MFA is optional for all users. When disabled, no users can use it and it hides the field on the login page."
+set_version_publicly = "HTMLy Version Visibility"
+explain_version = "By default the version of HTMLy is visible publicly in the source code, some bots and bad actors can use this information for bad reasons so some admins may prefer to hide this."
\ No newline at end of file
diff --git a/system/admin/views/config.html.php b/system/admin/views/config.html.php
index d106af0..afd2ae2 100644
--- a/system/admin/views/config.html.php
+++ b/system/admin/views/config.html.php
@@ -140,6 +140,27 @@ Please install and enable the INTL extension to format the date format to your l
       <input type="text" name="-config-blog.copyright" class="form-control" id="blog.copyright" value="<?php echo valueMaker(config('blog.copyright'));?>" placeholder="<?php echo i18n('Copyright_Line_Placeholder');?>">
     </div>
   </div>
+  <div class="form-group row">
+    <label class="col-sm-2 col-form-label"><?php echo i18n('set_version_publicly');?></label>
+    <div class="col-sm-10">
+      <div class="col-sm-10">
+        <div class="form-check">
+          <input class="form-check-input" type="radio" name="-config-show.version" id="show.version1" value="true" <?php if (config('show.version') === 'true'):?>checked<?php endif;?>>
+          <label class="form-check-label" for="show.version1">
+            <?php echo i18n('Enable');?>
+          </label>
+        </div>
+        <div class="form-check">
+          <input class="form-check-input" type="radio" name="-config-show.version" id="show.version2" value="false" <?php if (config('show.version') === 'false'):?>checked<?php endif;?>>
+          <label class="form-check-label" for="show.version2">
+            <?php echo i18n('Disable');?>
+          </label>
+        </div>
+      </div>
+	  <small><em><?php echo i18n('explain_version');?></em></small>
+    </div>
+  </div>
+  <hr />
   <div class="form-group row">
     <div class="col-sm-10">
       <button type="submit" class="btn btn-primary"><?php echo i18n('Save_Config');?></button>
diff --git a/system/admin/views/layout.html.php b/system/admin/views/layout.html.php
index 9f28b5f..192e82d 100644
--- a/system/admin/views/layout.html.php
+++ b/system/admin/views/layout.html.php
@@ -328,7 +328,7 @@ if (isset($_GET['search'])) {
       <small><?php echo i18n('Admin_panel_style_based_on');?> <a rel="nofollow" target="_blank" href="https://github.com/ColorlibHQ/AdminLTE">AdminLTE</a></small>
     </div>
     <!-- Default to the left -->
-    <?php echo i18n('Proudly_powered_by');?> <a href="https://www.htmly.com" target="_blank">HTMLy</a>
+    <?php echo i18n('Proudly_powered_by');?> <a href="https://www.htmly.com" target="_blank"><?php echo 'HTMLy ' . constant('HTMLY_VERSION'); ?></a>
   </footer>
 </div>
 <!-- ./wrapper -->
diff --git a/system/configList.json b/system/configList.json
index 0296c09..0f041c4 100644
--- a/system/configList.json
+++ b/system/configList.json
@@ -88,5 +88,6 @@
     "views.root",
     "views.layout",
     "autosave.enable",
-    "mfa.state"
+    "mfa.state",
+    "show.version"
 ]
\ No newline at end of file
diff --git a/system/includes/functions.php b/system/includes/functions.php
index 5ab35c6..2330990 100644
--- a/system/includes/functions.php
+++ b/system/includes/functions.php
@@ -3440,7 +3440,9 @@ function head_contents()
     $output .= '<meta charset="utf-8" />' . "\n";
     $output .= '<meta http-equiv="X-UA-Compatible" content="IE=edge" />' . "\n";
     $output .= '<meta name="viewport" content="width=device-width, initial-scale=1" />' . "\n";
-    $output .= '<meta name="generator" content="' . $version . '" />' . "\n";
+	if (config('show.version') == 'true') {
+		$output .= '<meta name="generator" content="' . $version . '" />' . "\n";
+	}
     $output .= $favicon;
     $output .= '<link rel="sitemap" href="' . site_url() . 'sitemap.xml" />' . "\n";
     $output .= '<link rel="alternate" type="application/rss+xml" title="' . blog_title() . ' Feed" href="' . site_url() . 'feed/rss" />' . "\n";