Mirrors/grav
1
0
Fork 0
mirror of https://github.com/getgrav/grav.git synced 2025-02-20 19:56:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,618 Commits 6 Branches 287 Tags 57 MiB
51dbed282d
Commit Graph

5553 Commits

Author SHA1 Message Date
Andy Miller
37d0498e1b
prepare for release 2024-03-18 11:35:20 -06:00
Andy Miller
b9529d0010
minor lang updates 2024-03-18 11:20:51 -06:00
Andy Miller
4149c81339
fix for safe_functions attack #GHSA-c9gp-64c4-2rrh 2024-03-06 14:53:53 -07:00
Andy Miller
de1ccfa12d
Mitigate various SSTI injections 2024-03-04 15:41:30 -07:00
Andy Miller
5928411b86
fixed path traversal by santize checking fiilename 2024-03-04 13:39:50 -07:00
Andy Miller
f9f5781af8
fix for bad page dates + changelog update 2024-02-03 13:45:35 -07:00
pmoreno.rodriguez
ad8b1b79bd
New Trait for decoding attribute in images (#3796) 
* New Trait for decoding attribute in images

* Update comments info

* decoding default in system/config/system.yaml and system/blueprints/config/system.yaml for the images.defaults.decoding value

* Fixed predefined option in the decoding attribute
 2024-02-03 13:24:12 -07:00
Andy Miller
1dc6866eab
fix other multibyte issues in inflector 2024-01-19 12:40:55 +00:00
Andy Miller
0b16401a91
fix special-chars in titleize - fixes #732 2024-01-19 12:39:24 +00:00
Andy Miller
e5990f431d
Revert "Added 'outdated' option to scheduler command (#3771)" 
This reverts commit a71403f158.

# Conflicts:
#	tests/unit/Grav/Common/Scheduler/SchedulerTest.php
 2024-01-05 12:31:53 +00:00
Andy Miller
f33e89fa45
prepare for release 2024-01-05 11:59:37 +00:00
maelanleborgne
a71403f158
Added 'outdated' option to scheduler command (#3771) 2024-01-05 11:46:14 +00:00
Ron Wardenier
88eb9f915a
Allow empty and maolformed links in markdown (#3782) 
When a user adds an invalid link in a page in markdown for example [](https://) and that page is parsed to be shown in a blog listing page that blog listing page crashes with a CRITICAL error. Instead of throwing an error the URL is now ignored. See also https://discord.com/channels/501836936584101899/506916956637495306/1185616779486167141
 2024-01-05 11:44:44 +00:00
Andy Miller
a1c116dd82
update copyright year 2024-01-05 11:43:52 +00:00
Andy Miller
f59fa9a291
language updates 2024-01-05 11:26:45 +00:00
Andy Miller
458c64086e
Revert "Use new groupNames method" 
This reverts commit 470b69c775.
 2024-01-05 11:20:40 +00:00
JS Media Creation
1b8e267d0a
Add mime type for vCards (.vcf files) (#3772) 
Adds support for vCards (.vcf files) in case of e.g. scanning a qr-code with the direct url to the file, so that it can be downloaded. 

Only a thumb-vcf.png should be added then too.
 2023-11-08 12:06:04 +00:00
Andy Miller
4e01398545
Added debugger output when routes conflict 2023-11-06 16:50:27 +00:00
Andy Miller
b0dd2358f4
Updated packages (including dom-sanitizer 1.0.7) 2023-11-06 16:50:15 +00:00
Djamil Legato
0c9333e60d
Revert "fix whitespace encoding in urls" (#3764) 
* Revert "fix whitespace encoding in urls (#3719)"

This reverts commit 6a9b1f2214.

* Revert change
 2023-10-27 23:58:08 -07:00
Andy Miller
cfa510e7f7
Merge branch 'master' into develop 2023-10-25 12:38:41 +01:00
Andy Miller
6d5f0ff9ba
validaiton math rounding - fixes #3761 2023-10-25 12:38:12 +01:00
Angela Ugrinovska
71939e18be
Fixed too few arguments exception thrown in the admin with using flex objects (#3658) 
Going through older PRs, thanks for this.
 2023-10-24 10:33:58 +01:00
Junky Junkerson
45f8fe4d0b
Correcting comment in about custom site.yaml value (#3659) 
Corrected blog: route: '/blog' comment from system.blog.route to site.blog.route
 2023-10-24 10:32:49 +01:00
Vital
2179ef33a7
Fixed exception: "Property 'jsmodule_pipeline_include_externals' does not exist in the object!" (#3661) 
Co-authored-by: Artemkin_V <avr@vital-web.ru>
 2023-10-24 10:32:19 +01:00
Rotzbua
d0ae677e61
Update jquery-3.x.min.js to v3.6.4 (#3713) 
Source: https://code.jquery.com/jquery-3.6.4.min.js
 2023-10-24 10:30:19 +01:00
dirkjf
6a9b1f2214
fix whitespace encoding in urls (#3719) 
* fix broken src url encoding

* remove redundant code

* Revert "remove redundant code"

This reverts commit 4e0020114e.

* Revert "fix broken src url encoding"

This reverts commit 3e8259da3a.

* encode whitespaces in url paths
 2023-10-24 10:30:00 +01:00
yiwu
b1117e45c9
Update system.yaml (#3721) 
add ISO 8601 dateformat
 2023-10-24 10:28:44 +01:00
Ricardo Verdugo
382a836d80
Fix invalid input to foreach (#3724) 
* Fix invalid input to foreach

This happens with discord oauth, possibly others

* Update UserGroupObject.php

---------

Co-authored-by: Andy Miller <1084697+rhukster@users.noreply.github.com>
 2023-10-24 10:28:23 +01:00
Raffael Herrmann
db3e39f0cb
Added detection of external triggers of the scheduler (#3726) 
Added extension to the isCrontabSetup method to detect external triggers of the scheduler, so that in the admin interface the error message is hidden when the scheduler is called by an external trigger.
 2023-10-24 10:25:44 +01:00
Jeremy Angele
80ce87e4a9
Update dangerous extensions (#3756) 
Thanks for this!
 2023-10-24 10:20:22 +01:00
Jeff
f0f29891d6
Update Inflector::ordinalize() (#3759) 
put the init() call before the $ordinals test
 2023-10-24 10:19:24 +01:00
Andy Miller
21b218e464
prepare for release 2023-10-02 10:41:26 -06:00
pamtbaau
3cdbc5890a
Fix url of @import not being rewritten (#3750) 
Looks good.  thanks.
 2023-10-02 10:04:29 -06:00
Andy Miller
79f9640b12
move language debug to debugger - fixes #3752 2023-10-02 09:51:22 -06:00
Andy Miller
65aeb82e21
add ability to override modified date via frontmatter 2023-10-02 09:36:22 -06:00
Andy Miller
e3b0aa0c50
inlcude phar in dangerous extensions 2023-08-22 11:57:13 +01:00
Andy Miller
893b1dd1db
prepare for release 2023-07-18 12:40:57 -06:00
Andy Miller
1146959806
fixed a typo 2023-07-18 12:40:27 -06:00
Andy Miller
0d27f2d77e
prepare for release 2023-07-18 10:50:36 -06:00
Andy Miller
b4c62101a4
SSTI attack mitigation - GHSA-9436-3gmp-4f53 2023-07-18 10:49:47 -06:00
Andy Miller
cf6bf7d1ec
prepare for release 2023-06-15 12:57:46 -06:00
Andy Miller
47665dbddb
Fixes #3727 - filter field being a closure 2023-06-15 09:03:12 -06:00
Andy Miller
50ee844759
prepare for release 2023-06-14 14:19:00 -06:00
Andy Miller
244758d438
also handle SSTI in reduce twig filter + function 2023-06-14 11:08:17 -06:00
Andy Miller
71bbed12f9
more SSTI fixes in Utils::isDangerousFunction() 2023-06-13 17:57:11 -06:00
Andy Miller
8c2c1cb726
better SSTI in |map and |filter 2023-06-13 17:45:40 -06:00
Andy Miller
9d01140a63
Fix for dangerous tags in |map filter 2023-06-13 17:07:39 -06:00
Andy Miller
259e775db8
Added languages debug option 2023-06-08 14:50:52 -06:00
Andy Miller
722ce55ccb
prepare for release 2023-06-01 15:18:53 -06:00