Andy Miller
de1ccfa12d
Mitigate various SSTI injections
2024-03-04 15:41:30 -07:00
Andy Miller
5928411b86
fixed path traversal by santize checking fiilename
2024-03-04 13:39:50 -07:00
Andy Miller
f9f5781af8
fix for bad page dates + changelog update
2024-02-03 13:45:35 -07:00
pmoreno.rodriguez
ad8b1b79bd
New Trait for decoding attribute in images ( #3796 )
...
* New Trait for decoding attribute in images
* Update comments info
* decoding default in system/config/system.yaml and system/blueprints/config/system.yaml for the images.defaults.decoding value
* Fixed predefined option in the decoding attribute
2024-02-03 13:24:12 -07:00
Andy Miller
1dc6866eab
fix other multibyte issues in inflector
2024-01-19 12:40:55 +00:00
Andy Miller
0b16401a91
fix special-chars in titleize - fixes #732
2024-01-19 12:39:24 +00:00
Andy Miller
e5990f431d
Revert "Added 'outdated' option to scheduler command ( #3771 )"
...
This reverts commit a71403f158
2024-01-05 12:31:53 +00:00
maelanleborgne
a71403f158
Added 'outdated' option to scheduler command ( #3771 )
2024-01-05 11:46:14 +00:00
Ron Wardenier
88eb9f915a
Allow empty and maolformed links in markdown ( #3782 )
...
When a user adds an invalid link in a page in markdown for example [](https://) and that page is parsed to be shown in a blog listing page that blog listing page crashes with a CRITICAL error. Instead of throwing an error the URL is now ignored. See also https://discord.com/channels/501836936584101899/506916956637495306/1185616779486167141
2024-01-05 11:44:44 +00:00
Andy Miller
a1c116dd82
update copyright year
2024-01-05 11:43:52 +00:00
Andy Miller
4e01398545
Added debugger output when routes conflict
2023-11-06 16:50:27 +00:00
Andy Miller
b0dd2358f4
Updated packages (including dom-sanitizer 1.0.7)
2023-11-06 16:50:15 +00:00
Djamil Legato
0c9333e60d
Revert "fix whitespace encoding in urls" ( #3764 )
...
* Revert "fix whitespace encoding in urls (#3719 )"
This reverts commit 6a9b1f2214
2023-10-27 23:58:08 -07:00
Andy Miller
cfa510e7f7
Merge branch 'master' into develop
2023-10-25 12:38:41 +01:00
Andy Miller
6d5f0ff9ba
validaiton math rounding - fixes #3761
2023-10-25 12:38:12 +01:00
Angela Ugrinovska
71939e18be
Fixed too few arguments exception thrown in the admin with using flex objects ( #3658 )
...
Going through older PRs, thanks for this.
2023-10-24 10:33:58 +01:00
Vital
2179ef33a7
Fixed exception: "Property 'jsmodule_pipeline_include_externals' does not exist in the object!" ( #3661 )
...
Co-authored-by: Artemkin_V <avr@vital-web.ru>
2023-10-24 10:32:19 +01:00
dirkjf
6a9b1f2214
fix whitespace encoding in urls ( #3719 )
...
* fix broken src url encoding
* remove redundant code
* Revert "remove redundant code"
This reverts commit 4e0020114e3e8259da3a
2023-10-24 10:30:00 +01:00
Ricardo Verdugo
382a836d80
Fix invalid input to foreach ( #3724 )
...
* Fix invalid input to foreach
This happens with discord oauth, possibly others
* Update UserGroupObject.php
---------
Co-authored-by: Andy Miller <1084697+rhukster@users.noreply.github.com>
2023-10-24 10:28:23 +01:00
Raffael Herrmann
db3e39f0cb
Added detection of external triggers of the scheduler ( #3726 )
...
Added extension to the isCrontabSetup method to detect external triggers of the scheduler, so that in the admin interface the error message is hidden when the scheduler is called by an external trigger.
2023-10-24 10:25:44 +01:00
Jeremy Angele
80ce87e4a9
Update dangerous extensions ( #3756 )
...
Thanks for this!
2023-10-24 10:20:22 +01:00
Jeff
f0f29891d6
Update Inflector::ordinalize() ( #3759 )
...
put the init() call before the $ordinals test
2023-10-24 10:19:24 +01:00
pamtbaau
3cdbc5890a
Fix url of @import not being rewritten ( #3750 )
...
Looks good. thanks.
2023-10-02 10:04:29 -06:00
Andy Miller
79f9640b12
move language debug to debugger - fixes #3752
2023-10-02 09:51:22 -06:00
Andy Miller
65aeb82e21
add ability to override modified date via frontmatter
2023-10-02 09:36:22 -06:00
Andy Miller
1146959806
fixed a typo
2023-07-18 12:40:27 -06:00
Andy Miller
b4c62101a4
SSTI attack mitigation - GHSA-9436-3gmp-4f53
2023-07-18 10:49:47 -06:00
Andy Miller
47665dbddb
Fixes #3727 - filter field being a closure
2023-06-15 09:03:12 -06:00
Andy Miller
244758d438
also handle SSTI in reduce twig filter + function
2023-06-14 11:08:17 -06:00
Andy Miller
71bbed12f9
more SSTI fixes in Utils::isDangerousFunction()
2023-06-13 17:57:11 -06:00
Andy Miller
8c2c1cb726
better SSTI in |map and |filter
2023-06-13 17:45:40 -06:00
Andy Miller
9d01140a63
Fix for dangerous tags in |map filter
2023-06-13 17:07:39 -06:00
Andy Miller
259e775db8
Added languages debug option
2023-06-08 14:50:52 -06:00
Andy Miller
8dfa2110bf
fix for special chars in slugs causing redirect loops
2023-06-01 15:16:56 -06:00
Andy Miller
31aeaf6309
improved the Twig Cache Tag with customizable key (lang specific if needed)
2023-05-23 15:54:48 -06:00
Andy Miller
9da8cad7fe
truncator fix
2023-05-10 08:34:09 -06:00
Andy Miller
e5ac37e3cf
FILTER_SANITIZE_STRING + Toolbox 1.6.5
2023-05-09 12:13:46 -06:00
Andy Miller
66463ddff3
more FILTER_SANITIZE_STRING fixes
2023-05-09 12:13:32 -06:00
Andy Miller
956c2993ae
more filter fixes
2023-05-09 11:22:28 -06:00
Andy Miller
3cf67cb2fd
deprecation fix
2023-05-09 11:18:36 -06:00
Andy Miller
36afa9d848
won’t work internally in Parsedown
2023-05-08 19:31:37 -06:00
Andy Miller
694ab76d1e
added parse_url to the list of Grav Twig functions
2023-05-08 19:03:29 -06:00
Andy Miller
369c2e9ffa
remove filter_input in favor of htmlspecialchars + strip_tags
2023-05-08 18:42:52 -06:00
Andy Miller
95ae35216a
various cast fixes
2023-05-08 18:41:19 -06:00
Andy Miller
9c0477fa52
fix dynamic class value
2023-05-08 18:41:04 -06:00
Andy Miller
e1ab15e323
another cast fix
2023-05-08 17:44:52 -06:00
Andy Miller
ff77d58acb
more casting fixes
2023-05-08 17:37:42 -06:00
Andy Miller
bf175983ec
various deprecated fixes
2023-05-08 17:31:15 -06:00
Andy Miller
75cd4f4306
Various casting fixes for deprecated messages
2023-05-08 17:27:03 -06:00
Andy Miller
2412115f41
TwigDeferredExtension updates
2023-05-08 17:26:22 -06:00
