From 0a1908f1b53e3c246e5019ed010878f06bb93e63 Mon Sep 17 00:00:00 2001
From: Ricardo Verdugo <ricardo-verdugo@hotmail.com>
Date: Thu, 2 Jul 2020 18:19:46 +0100
Subject: [PATCH 1/3] Fix the hidden login plugin toggle

Broken during the blueprints change on https://github.com/getgrav/grav-plugin-login/commit/853fb07e19a564dccff27ed8ec145280bf364218
---
 themes/grav/templates/partials/plugins-list.html.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/themes/grav/templates/partials/plugins-list.html.twig b/themes/grav/templates/partials/plugins-list.html.twig
index e9607809..b46b4abf 100644
--- a/themes/grav/templates/partials/plugins-list.html.twig
+++ b/themes/grav/templates/partials/plugins-list.html.twig
@@ -42,7 +42,7 @@
                 {% if isTestingRelease %}<span class="gpm-testing">test release</span>{% endif %}
             </td>
             <td class="gpm-actions">
-                {% if (not installing and (plugin.form.fields.enabled.type != 'hidden' and plugin.form.fields.tabs.fields.login.fields.enabled.type != 'hidden')) %}
+                {% if (not installing and (plugin.form.fields.enabled.type != 'hidden' and plugin.form.fields.tabs.fields.options.fields.enabled.type != 'hidden')) %}
                     <a class="{{ data.get('enabled') ? 'enabled' : 'disabled' }}" href="{{ uri.addNonce(base_url_relative ~ '/plugins/' ~ slug ~ '/task' ~ config.system.param_sep ~ (data.get('enabled') ? 'disable' : 'enable'), 'admin-form', 'admin-nonce') }}">
                         <i class="fa fa-fw fa-toggle-{{ data.get('enabled') ? 'on' : 'off' }}"></i>
                     </a>

From e1a487bd88d8fa9baaeb0d52b21e985d7d4e0238 Mon Sep 17 00:00:00 2001
From: Matias Griese <matias@trilbymedia.com>
Date: Fri, 28 Aug 2020 13:34:40 +0300
Subject: [PATCH 2/3] Fixed a glitch which allows user to delete entire pages
 directory [#1941]

---
 CHANGELOG.md                |  6 ++++++
 classes/admincontroller.php | 16 +++++++++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1a078d63..52d831b3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+# v1.9.16
+## mm/dd/2020
+
+1. [](#bugfix)
+    * Fixed a glitch which allows user to delete entire pages directory [#1941](https://github.com/getgrav/grav-plugin-admin/issues/1941)
+
 # v1.9.15
 ## 06/08/2020
 
diff --git a/classes/admincontroller.php b/classes/admincontroller.php
index 17e0b6a0..95295ac5 100644
--- a/classes/admincontroller.php
+++ b/classes/admincontroller.php
@@ -487,6 +487,11 @@ class AdminController extends AdminBaseController
 
         $data = (array)$this->data;
 
+        $folder = $data['folder'] ?? '';
+        if ($folder === '' || mb_strpos($folder, '/') !== false) {
+            throw new \RuntimeException('Creating folder failed, bad folder name', 400);
+        }
+
         if ($data['route'] === '/') {
             $path = $this->grav['locator']->findResource('page://');
         } else {
@@ -494,7 +499,7 @@ class AdminController extends AdminBaseController
         }
 
         $orderOfNewFolder = static::getNextOrderInFolder($path);
-        $new_path         = $path . '/' . $orderOfNewFolder . '.' . $data['folder'];
+        $new_path         = $path . '/' . $orderOfNewFolder . '.' . $folder;
 
         Folder::create($new_path);
         Cache::clearCache('invalidate');
@@ -585,6 +590,11 @@ class AdminController extends AdminBaseController
         /** @var PageInterface $obj */
         $obj = $this->admin->page(true);
 
+        $folder = $data['folder'] ?? null;
+        if ($folder === '' || mb_strpos($folder, '/') !== false) {
+            throw new \RuntimeException('Saving page failed: bad folder name', 400);
+        }
+
         if (!isset($data['folder']) || !$data['folder']) {
             $data['folder'] = $obj->slug();
             $this->data['folder'] = $obj->slug();
@@ -814,6 +824,10 @@ class AdminController extends AdminBaseController
             $folder = \Grav\Plugin\Admin\Utils::slug($data[substr($folder, 9)]);
         }
         $folder = ltrim($folder, '_');
+        if ($folder === '' || mb_strpos($folder, '/') !== false) {
+            throw new \RuntimeException('Creating page failed: bad folder name', 400);
+        }
+
         if (!empty($data['modular'])) {
             $folder = '_' . $folder;
         }

From 775c414412ab81528a581a645eff4afe98c17e4d Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Tue, 1 Sep 2020 14:31:53 -0600
Subject: [PATCH 3/3] prepare for release

---
 CHANGELOG.md    | 3 ++-
 blueprints.yaml | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 52d831b3..f0c052da 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,9 @@
 # v1.9.16
-## mm/dd/2020
+## 09/01/2020
 
 1. [](#bugfix)
     * Fixed a glitch which allows user to delete entire pages directory [#1941](https://github.com/getgrav/grav-plugin-admin/issues/1941)
+    * Fixed the hidden login plugin toggle
 
 # v1.9.15
 ## 06/08/2020
diff --git a/blueprints.yaml b/blueprints.yaml
index f00d9356..8bb5e6ca 100644
--- a/blueprints.yaml
+++ b/blueprints.yaml
@@ -1,7 +1,7 @@
 name: Admin Panel
 slug: admin
 type: plugin
-version: 1.9.15
+version: 1.9.16
 testing: false
 description: Adds an advanced administration panel to manage your site
 icon: empire