From 14064e23b98080ba11e30064422b4584cee55f2a Mon Sep 17 00:00:00 2001
From: Thomas Walter <TomOne@users.noreply.github.com>
Date: Sat, 20 Oct 2018 02:47:01 +0200
Subject: [PATCH 1/9] Add the JS for the form attribute polyfill again. (#1491)

This file was deleted in commit c37988f68104e83ca7149d222a37269567f400d2.
---
 themes/grav/js/form-attr.polyfill.js | 80 ++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)
 create mode 100644 themes/grav/js/form-attr.polyfill.js

diff --git a/themes/grav/js/form-attr.polyfill.js b/themes/grav/js/form-attr.polyfill.js
new file mode 100644
index 00000000..c0c3d884
--- /dev/null
+++ b/themes/grav/js/form-attr.polyfill.js
@@ -0,0 +1,80 @@
+(function($) {
+    $(function() {
+        /**
+         * polyfill for html5 form attr
+         */
+
+        // detect if browser supports this
+        var sampleElement = $('[form]').get(0);
+        var isIE11 = !(window.ActiveXObject) && "ActiveXObject" in window;
+        if (sampleElement && window.HTMLFormElement && sampleElement.form instanceof HTMLFormElement && !isIE11) {
+            // browser supports it, no need to fix
+            return;
+        }
+
+        /**
+         * Append a field to a form
+         *
+         */
+        $.fn.appendField = function(data) {
+            // for form only
+            if (!this.is('form')) return;
+
+            // wrap data
+            if (!$.isArray(data) && data.name && data.value) {
+                data = [data];
+            }
+
+            var $form = this;
+
+            // attach new params
+            $.each(data, function(i, item) {
+                $('<input/>')
+                    .attr('type', 'hidden')
+                    .attr('name', item.name)
+                    .val(item.value).appendTo($form);
+            });
+
+            return $form;
+        };
+
+        /**
+         * Find all input fields with form attribute point to jQuery object
+         *
+         */
+        $('form[id]').submit(function(e) {
+            // serialize data
+            var data = $('[form=' + this.id + ']').serializeArray();
+            // append data to form
+            $(this).appendField(data);
+        }).each(function() {
+            var form    = this,
+                $fields = $('[form=' + this.id + ']');
+
+            $fields.filter('button, input')
+                .filter('[type=reset],[type=submit],[type=image],button')
+                .click(function() {
+                    var type = this.type.toLowerCase();
+                    if (type === 'reset') {
+                        // reset form
+                        form.reset();
+                        // for elements outside form
+                        $fields.each(function() {
+                            this.value = this.defaultValue;
+                            this.checked = this.defaultChecked;
+                        }).filter('select').each(function() {
+                            $(this).find('option').each(function() {
+                                this.selected = this.defaultSelected;
+                            });
+                        });
+                    } else {
+                        $(form).appendField({
+                            name: this.name,
+                            value: this.value
+                        }).submit();
+                    }
+                });
+        });
+    });
+
+})(jQuery);

From d6a36af4d5e07165d64fbb3d77f0b39be395ed8e Mon Sep 17 00:00:00 2001
From: Alexis Bouhet <zouloux@users.noreply.github.com>
Date: Tue, 23 Oct 2018 15:17:43 +0200
Subject: [PATCH 2/9] Hotfix for admincontroller.php (#1533)

Now checking if 'content' is in $data. Some blueprints can have 'content' optional so not defined, which cause a crash when editing.
Checking with operator `??` and default value empty string `''`.
---
 classes/admincontroller.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/admincontroller.php b/classes/admincontroller.php
index 7bd45be3..a9eba49a 100644
--- a/classes/admincontroller.php
+++ b/classes/admincontroller.php
@@ -658,7 +658,7 @@ class AdminController extends AdminBaseController
             // XSS Checks for page content
             $xss_whitelist = $this->grav['config']->get('security.xss_whitelist', 'admin.super');
             if (!$this->admin->authorize($xss_whitelist)) {
-                $check_what = ['header' => $data['header'], 'content' => $data['content']];
+                $check_what = ['header' => $data['header'], 'content' => $data['content'] ?? ''];
                 $results = Security::detectXssFromArray($check_what);
                 if (!empty($results)) {
                     $this->admin->setMessage('<i class="fa fa-ban"></i> ' . $this->admin->translate('PLUGIN_ADMIN.XSS_ONSAVE_ISSUE'),

From 8f654dcacca10920a75eb14a233f3252998a41b0 Mon Sep 17 00:00:00 2001
From: Andy Miller <1084697+rhukster@users.noreply.github.com>
Date: Tue, 23 Oct 2018 07:19:23 -0600
Subject: [PATCH 3/9] Revert "Hotfix for admincontroller.php (#1533)" (#1536)

This reverts commit d6a36af4d5e07165d64fbb3d77f0b39be395ed8e.
---
 classes/admincontroller.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/admincontroller.php b/classes/admincontroller.php
index a9eba49a..7bd45be3 100644
--- a/classes/admincontroller.php
+++ b/classes/admincontroller.php
@@ -658,7 +658,7 @@ class AdminController extends AdminBaseController
             // XSS Checks for page content
             $xss_whitelist = $this->grav['config']->get('security.xss_whitelist', 'admin.super');
             if (!$this->admin->authorize($xss_whitelist)) {
-                $check_what = ['header' => $data['header'], 'content' => $data['content'] ?? ''];
+                $check_what = ['header' => $data['header'], 'content' => $data['content']];
                 $results = Security::detectXssFromArray($check_what);
                 if (!empty($results)) {
                     $this->admin->setMessage('<i class="fa fa-ban"></i> ' . $this->admin->translate('PLUGIN_ADMIN.XSS_ONSAVE_ISSUE'),

From 5307038c98637958e3f05425556d15177c42abe7 Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Tue, 23 Oct 2018 08:35:13 -0600
Subject: [PATCH 4/9] Fix XSS checking when empty content #1533

---
 CHANGELOG.md                | 1 +
 classes/admincontroller.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5972d724..916244e5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@
     * Fixed file extension detection
     * Fix for HTML entities in page slug [#1524](https://github.com/getgrav/grav-plugin-admin/issues/1524)
     * Fix for port in backup download links [#1521](https://github.com/getgrav/grav-plugin-admin/issues/1521)
+    * Fix XSS checking when empty content [#1533](https://github.com/getgrav/grav-plugin-admin/issues/1533)
 
 # v1.8.10
 ## 10/01/2018
diff --git a/classes/admincontroller.php b/classes/admincontroller.php
index 7bd45be3..fb30ddb9 100644
--- a/classes/admincontroller.php
+++ b/classes/admincontroller.php
@@ -658,7 +658,7 @@ class AdminController extends AdminBaseController
             // XSS Checks for page content
             $xss_whitelist = $this->grav['config']->get('security.xss_whitelist', 'admin.super');
             if (!$this->admin->authorize($xss_whitelist)) {
-                $check_what = ['header' => $data['header'], 'content' => $data['content']];
+                $check_what = ['header' => $data['header'], 'content' => isset($data['content']) ? $data['content'] : ''];
                 $results = Security::detectXssFromArray($check_what);
                 if (!empty($results)) {
                     $this->admin->setMessage('<i class="fa fa-ban"></i> ' . $this->admin->translate('PLUGIN_ADMIN.XSS_ONSAVE_ISSUE'),

From 6e7b9e4214f06f5fc4994ed64f9ad7aa83b82f65 Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Tue, 23 Oct 2018 08:39:23 -0600
Subject: [PATCH 5/9] fixed changelog

---
 CHANGELOG.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 916244e5..69fbaab5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,12 @@
+# v1.8.12
+## mm/dd/2018
+
+1. [](#improved)
+    * Updated various lang strings
+    * Removed duplicate lang strings
+1. [](#bugfix)
+    * Fix XSS checking when empty content [#1533](https://github.com/getgrav/grav-plugin-admin/issues/1533)
+
 # v1.8.11
 ## 10/08/2018
 
@@ -10,7 +19,6 @@
     * Fixed file extension detection
     * Fix for HTML entities in page slug [#1524](https://github.com/getgrav/grav-plugin-admin/issues/1524)
     * Fix for port in backup download links [#1521](https://github.com/getgrav/grav-plugin-admin/issues/1521)
-    * Fix XSS checking when empty content [#1533](https://github.com/getgrav/grav-plugin-admin/issues/1533)
 
 # v1.8.10
 ## 10/01/2018

From d885da14fc76b259f3acd5ae116dea9e105bcdd8 Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Wed, 24 Oct 2018 15:49:16 -0600
Subject: [PATCH 6/9] Fix DirectInstall not working #1535

---
 CHANGELOG.md                | 1 +
 classes/admincontroller.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 69fbaab5..ac3e91c5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@
     * Removed duplicate lang strings
 1. [](#bugfix)
     * Fix XSS checking when empty content [#1533](https://github.com/getgrav/grav-plugin-admin/issues/1533)
+    * Fix DirectInstall not working [#1535](https://github.com/getgrav/grav-plugin-admin/issues/1535)
 
 # v1.8.11
 ## 10/08/2018
diff --git a/classes/admincontroller.php b/classes/admincontroller.php
index fb30ddb9..4e0932e2 100644
--- a/classes/admincontroller.php
+++ b/classes/admincontroller.php
@@ -2288,7 +2288,7 @@ class AdminController extends AdminBaseController
             $file_path = $_FILES['uploaded_file']['tmp_name'];
 
             // Handle bad filenames.
-            if (!Utils::checkFilename($file_path)) {
+            if (!Utils::checkFilename(basename($file_path))) {
                 $this->admin->json_response = [
                     'status'  => 'error',
                     'message' => $this->admin->translate('PLUGIN_ADMIN.UNKNOWN_ERRORS')

From b1f31e69d5599737023ec54461f7a225fea2bb67 Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Wed, 24 Oct 2018 15:51:38 -0600
Subject: [PATCH 7/9] Prepare for release

---
 CHANGELOG.md    | 2 +-
 blueprints.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ac3e91c5..6598a0a5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,5 @@
 # v1.8.12
-## mm/dd/2018
+## 10/24/2018
 
 1. [](#improved)
     * Updated various lang strings
diff --git a/blueprints.yaml b/blueprints.yaml
index 71b5f6af..a7a3e6ca 100644
--- a/blueprints.yaml
+++ b/blueprints.yaml
@@ -1,5 +1,5 @@
 name: Admin Panel
-version: 1.8.11
+version: 1.8.12
 description: Adds an advanced administration panel to manage your site
 icon: empire
 author:

From ec4504e017a18837eb3429becbd1c6e1c0bc708f Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Fri, 26 Oct 2018 12:56:07 -0600
Subject: [PATCH 8/9] fix for #2236 + add new `|nested` filter

---
 CHANGELOG.md                                   |  8 ++++++++
 classes/Twig/AdminTwigExtension.php            | 18 ++++++++++++++++++
 .../templates/forms/fields/list/list.html.twig |  2 +-
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6598a0a5..4f6df933 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.8.13
+## mm/dd/2018
+
+1. [](#new)
+    * Added new `|nested()` Twig filter to access array objects with dot notation syntax
+1. [](#bugfix)
+    * Fixed issue with complex lists structure and nested dot-notation [#2236](https://github.com/getgrav/grav/issues/2236)
+
 # v1.8.12
 ## 10/24/2018
 
diff --git a/classes/Twig/AdminTwigExtension.php b/classes/Twig/AdminTwigExtension.php
index 15d1eeab..e0862b92 100644
--- a/classes/Twig/AdminTwigExtension.php
+++ b/classes/Twig/AdminTwigExtension.php
@@ -31,6 +31,7 @@ class AdminTwigExtension extends \Twig_Extension
             new \Twig_SimpleFilter('toYaml', [$this, 'toYamlFilter']),
             new \Twig_SimpleFilter('fromYaml', [$this, 'fromYamlFilter']),
             new \Twig_SimpleFilter('adminNicetime', [$this, 'adminNicetimeFilter']),
+            new \Twig_SimpleFilter('nested', [$this, 'nestedFilter']),
         ];
     }
 
@@ -42,6 +43,23 @@ class AdminTwigExtension extends \Twig_Extension
         ];
     }
 
+    public function nestedFilter($current, $name)
+    {
+        $path = explode('.', trim($name, '.'));
+
+        foreach ($path as $field) {
+            if (is_object($current) && isset($current->{$field})) {
+                $current = $current->{$field};
+            } elseif (is_array($current) && isset($current[$field])) {
+                $current = $current[$field];
+            } else {
+                return null;
+            }
+        }
+
+        return $current;
+    }
+
     public function cloneFunc($obj)
     {
         return clone $obj;
diff --git a/themes/grav/templates/forms/fields/list/list.html.twig b/themes/grav/templates/forms/fields/list/list.html.twig
index 764f5ed4..806d367b 100644
--- a/themes/grav/templates/forms/fields/list/list.html.twig
+++ b/themes/grav/templates/forms/fields/list/list.html.twig
@@ -77,7 +77,7 @@
                                 {% set childName = itemName -%}
                             {%- elseif childName starts with '.' -%}
                                 {% set childKey = childName|trim('.') %}
-                                {% set childValue = val[childName[1:]] %}
+                                {% set childValue = val|nested(childName) %}
                                 {% set childName = itemName ~ childName %}
                             {% else %}
                                 {% set childKey = childName %}

From 56048211f54d3d54ddf3b05c1ead4f3a4a2919cc Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Fri, 26 Oct 2018 12:56:54 -0600
Subject: [PATCH 9/9] update changelog

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4f6df933..ec0b3621 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,7 @@
 1. [](#new)
     * Added new `|nested()` Twig filter to access array objects with dot notation syntax
 1. [](#bugfix)
-    * Fixed issue with complex lists structure and nested dot-notation [#2236](https://github.com/getgrav/grav/issues/2236)
+    * Fixed issue with complex lists structure and nested dot-notation [admin#2236](https://github.com/getgrav/grav/issues/2236)
 
 # v1.8.12
 ## 10/24/2018