From 4d5eb659c0bdb02aaf5aa51a2edcccd570c188f9 Mon Sep 17 00:00:00 2001 From: Rotzbua Date: Tue, 15 Jan 2019 01:55:56 +0100 Subject: [PATCH 1/3] IP pseudonymization for rate limiter (#1589) requirement of gdpr --- classes/admin.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/classes/admin.php b/classes/admin.php index 24692a79..181e8e2a 100644 --- a/classes/admin.php +++ b/classes/admin.php @@ -367,6 +367,9 @@ class Admin $ipKey = Uri::ip(); $redirect = isset($post['redirect']) ? $post['redirect'] : $this->base . $this->route; + // Pseudonymization of the IP + $ipKey = sha1($ipKey . $this->grav['config']->get('security.salt')); + // Check if the current IP has been used in failed login attempts. $attempts = count($rateLimiter->getAttempts($ipKey, 'ip')); From ffe08b0bff74cda617cac4d955c66d5aeb44c4b7 Mon Sep 17 00:00:00 2001 From: Thomas Vantuycom Date: Tue, 15 Jan 2019 01:01:16 +0000 Subject: [PATCH 2/3] Add option to hide modular pages in parent select (#1571) --- blueprints.yaml | 12 ++++++++++++ .../templates/forms/fields/parents/parents.html.twig | 8 +++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/blueprints.yaml b/blueprints.yaml index 1675fdf3..01a3bcb4 100644 --- a/blueprints.yaml +++ b/blueprints.yaml @@ -162,6 +162,18 @@ form: label: Parents Levels size: small help: The number of levels to show in parent select list + + pages.show_modular: + type: toggle + label: Modular parents + hightlight: 1 + default: 1 + options: + 1: PLUGIN_ADMIN.ENABLED + 0: PLUGIN_ADMIN.DISABLED + validate: + type: bool + help: Show modular pages in the parent select list google_fonts: type: toggle diff --git a/themes/grav/templates/forms/fields/parents/parents.html.twig b/themes/grav/templates/forms/fields/parents/parents.html.twig index 4a403eae..20072b01 100644 --- a/themes/grav/templates/forms/fields/parents/parents.html.twig +++ b/themes/grav/templates/forms/fields/parents/parents.html.twig @@ -4,6 +4,7 @@ {% set last_page_route = admin.page.getLastPageRoute %} {% set show_slug_val = true %} {% set show_fullpath_val = false %} + {% set show_all_val = true %} {% set show_parents = config.get('plugins.admin.pages.show_parents') %} {% if show_parents == 'folder' %} @@ -14,7 +15,12 @@ {% set limit_levels_val = config.get('plugins.admin.pages.parents_levels') %} - {% set defaults = {show_root:true, show_all:true, show_slug:show_slug_val, show_fullpath:show_fullpath_val, default:last_page_route, limit_levels:limit_levels_val} %} + {% set show_modular_val = config.get('plugins.admin.pages.show_modular') %} + {% if show_modular_val == false %} + {% set show_all_val = false %} + {% endif %} + + {% set defaults = {show_root:true, show_all:show_all_val, show_modular:show_modular_val, show_slug:show_slug_val, show_fullpath:show_fullpath_val, default:last_page_route, limit_levels:limit_levels_val} %} {% set field = field|merge(defaults) %} {{ parent() }} {% endblock %} From 03a06486432033aee6cd4783a7437a840b0a8703 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Droz?= Date: Mon, 14 Jan 2019 22:02:19 -0300 Subject: [PATCH 3/3] Added `admin.tools` permission (#1550) So that an administrator can disable access to `Direct Install of Grav Packages` --- admin.php | 1 + 1 file changed, 1 insertion(+) diff --git a/admin.php b/admin.php index e0ff45ee..b81c791f 100644 --- a/admin.php +++ b/admin.php @@ -862,6 +862,7 @@ class AdminPlugin extends Plugin 'admin.statistics' => 'boolean', 'admin.plugins' => 'boolean', 'admin.themes' => 'boolean', + 'admin.tools' => 'boolean', 'admin.users' => 'boolean', ]; $admin->addPermissions($permissions);