This will allow to keep clones of repositories on different folders and still be able to symlink them.
Example of ~/.grav/config:
```
github_repos:
- /Users/my_user/Projects/grav/
- /Users/my_user/Projects/personal/
- /Users/my_user/Projects/work/
```
* Remove deprecated "getNonceOldStyle" function
This commit removes the following functions:
- getNonceOldStyle
- generateNonceStringOldStyle
The functions have been replaced in newer versions of
grav. It seems to me that they only existed in order to make a
upgrade to a newer version of grav painless (i.e. accept both types of
nonce tokens). Nowadays, existing old style nonces are expired long
time ago so it should be save to delete the deprecated funtions.
* Fix caching of nonces in static class variable
Currently, the behavior of `getNonce` is broken because it saves the
generated nonce in an array and only use the $action as the
key. However, the generated nonce does not only depend on the $action,
but also on $plusOneTick.
* Fix broken "plusOneTick" for nonces
It looks to me that there is a bug in the current implemention of
verifyNonce. Here is an example:
- 2018-08-01 10:00: We respond to a request and generate a nonce. The
current tick is at 35489
- 2018-08-01 10:05: We use the previously generated nonce to make
another request. We compare the given nounce with a new generated
one (based on the same tick). The result is exactly the same and the
request succeeds.
- 2018-08-01 14:00: We're now one tick ahead. Remember: A day (24
hours) is separated into two ticks (each 12 hours). A request comes
in, we compare the given nounce with a newly generated one based on
the current tick (now at 35490). They don't match (which is totally
okay).
If the comparison fails, we then compare the given nounce with a
another, newly generated one. This time, we pass "plusOneTick", to
the function, which increases the current tick by one. Our tick is
now at 35491. We generate a nonce based on that tick and of course,
it still does not match the given nonce.
Instead of increasing the tick, we should rather decreasing it by
one (i.e. use the previous tick). If the first comparison fails, we
use the current tick (35490), decrease it by one (35489) and then
compare it again. 35489 is the same tick as in the very first
request.
This bug leads to a maximum life time of 12 hours for a nonce and in
worst case only a few seconds (!)
I would like to prove the bug with an unit test but I'm too unexperienced
in PHP. Furthermore it seems that we need some kind of library which
is able to mock builtin functions (like "time"). Maybe
<https://github.com/Codeception/AspectMock> would be a good canditate?
Fixes: #2099
To be able to add videos to sites that behave as GIFs, two attributes are needed for the videos to be properly handled on iOS and in Chrome: muted and playsinline.
Muted
Chrome only allows videos to autoplay when the contain the muted attribute. Non-muted videos will not autoplay unless the user has interacted with the site. More details here: https://developers.google.com/web/updates/2017/09/autoplay-policy-changes#new-behaviors
Playsinline
The playsinline attribute allows developers to specify videos on iPhone should play inline and not automatically enter fullscreen mode when playback begins. More details here: https://developers.google.com/web/updates/2017/09/autoplay-policy-changes#new-behaviors
