diff --git a/CHANGELOG.md b/CHANGELOG.md index c27ca3ad..3f90bf2d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,22 @@ +# v1.0.7 +## 01/15/2016 + +1. [](#new) + * Added onAdminDashboard event + * Added onAdminSave event + * New lang strings for reverse proxy toggle +1. [](#improved) + * More robust YAML file checking in config folders + * Removed deprecated menu event + * Removed old logs code + * Used new onAdminDashboard event for current dashboard widgets +1. [](#bugfix) + * Fix for missing access checks on config pages #397 + * Fix parent not loaded on admin form save #587 + * When no route field is added to a page blueprint, add it as page root + * Fix for wrong page count (will show dynamic added pages in count too - Need to fix this) + * Fix for IE/Edge saving forms #391 + # v1.0.6 ## 01/07/2016 diff --git a/admin.php b/admin.php index b19d3cc4..8d1ce6c2 100644 --- a/admin.php +++ b/admin.php @@ -96,10 +96,10 @@ class AdminPlugin extends Plugin // check for existence of a user account $account_dir = $file_path = $this->grav['locator']->findResource('account://'); - $user_check = (array) glob($account_dir . '/*.yaml'); + $user_check = glob($account_dir . '/*.yaml'); // If no users found, go to register - if (!count($user_check) > 0) { + if ($user_check == false || count((array)$user_check) == 0) { if (!$this->isAdminPath()) { $this->grav->redirect($this->base); } diff --git a/blueprints.yaml b/blueprints.yaml index 0a2f95c9..f242c93f 100644 --- a/blueprints.yaml +++ b/blueprints.yaml @@ -1,5 +1,5 @@ name: Admin Panel -version: 1.0.6 +version: 1.0.7 description: Adds an advanced administration panel to manage your site icon: empire author: diff --git a/classes/admin.php b/classes/admin.php index b336a37d..d3bf4128 100644 --- a/classes/admin.php +++ b/classes/admin.php @@ -402,10 +402,7 @@ class Admin */ public function countPages() { - $routable = $this->grav['pages']->all()->routable(); - $modular = $this->grav['pages']->all()->modular(); - - return count($routable) + count($modular); + return count($this->grav['pages']->all()); } /** diff --git a/classes/controller.php b/classes/controller.php index 6493288b..40f3bbbf 100644 --- a/classes/controller.php +++ b/classes/controller.php @@ -16,8 +16,10 @@ use Grav\Common\Theme; use Grav\Common\User\User; use Grav\Common\Utils; use Grav\Common\Backup\ZipBackup; +use RocketTheme\Toolbox\Event\Event; use RocketTheme\Toolbox\File\File; use RocketTheme\Toolbox\File\JsonFile; +use Symfony\Component\Yaml\Exception\ParseException; use Symfony\Component\Yaml\Yaml; class AdminController @@ -626,15 +628,18 @@ class AdminController // Check extension $fileParts = pathinfo($_FILES['file']['name']); - $fileExt = strtolower($fileParts['extension']); + + $fileExt = ''; + if (isset($fileParts['extension'])) { + $fileExt = strtolower($fileParts['extension']); + } // If not a supported type, return - if (!$config->get("media.{$fileExt}")) { + if (!$fileExt || !$config->get("media.{$fileExt}")) { $this->admin->json_response = ['status' => 'error', 'message' => $this->admin->translate('PLUGIN_ADMIN.UNSUPPORTED_FILE_TYPE') . ': '.$fileExt]; return false; } - // Upload it if (!move_uploaded_file($_FILES['file']['tmp_name'], sprintf('%s/%s', $page->path(), $_FILES['file']['name']))) { $this->admin->json_response = ['status' => 'error', 'message' => $this->admin->translate('PLUGIN_ADMIN.FAILED_TO_MOVE_UPLOADED_FILE')]; @@ -666,7 +671,7 @@ class AdminController $filename = !empty($this->post['filename']) ? $this->post['filename'] : null; if ($filename) { - $targetPath = $page->path().'/'.$filename; + $targetPath = $page->path() . '/' . $filename; if (file_exists($targetPath)) { if (unlink($targetPath)) { @@ -677,18 +682,20 @@ class AdminController } else { //Try with responsive images @1x, @2x, @3x $ext = pathinfo($targetPath, PATHINFO_EXTENSION); - $filename = $page->path() . '/'. basename($targetPath, ".$ext"); - $responsiveTargetPath = $filename . '@1x.' . $ext; + $fullPathFilename = $page->path() . '/'. basename($targetPath, ".$ext"); + $responsiveTargetPath = $fullPathFilename . '@1x.' . $ext; + $deletedResponsiveImage = false; if (file_exists($responsiveTargetPath) && unlink($responsiveTargetPath)) { $deletedResponsiveImage = true; } - $responsiveTargetPath = $filename . '@2x.' . $ext; + $responsiveTargetPath = $fullPathFilename . '@2x.' . $ext; if (file_exists($responsiveTargetPath) && unlink($responsiveTargetPath)) { $deletedResponsiveImage = true; } - $responsiveTargetPath = $filename . '@3x.' . $ext; + + $responsiveTargetPath = $fullPathFilename . '@3x.' . $ext; if (file_exists($responsiveTargetPath) && unlink($responsiveTargetPath)) { $deletedResponsiveImage = true; } @@ -1072,6 +1079,28 @@ class AdminController return $obj; } + /** + * @param string $frontmatter + * @return bool + */ + public function checkValidFrontmatter($frontmatter) + { + try { + // Try native PECL YAML PHP extension first if available. + if (function_exists('yaml_parse')) { + $saved = @ini_get('yaml.decode_php'); + @ini_set('yaml.decode_php', 0); + @yaml_parse("---\n" . $frontmatter . "\n..."); + @ini_set('yaml.decode_php', $saved); + } else { + Yaml::parse($frontmatter); + } + } catch (ParseException $e) { + return false; + } + return true; + } + /** * Handles form and saves the input data if its valid. * @@ -1096,6 +1125,11 @@ class AdminController $route = !isset($data['route']) ? dirname($this->admin->route) : $data['route']; $obj = $this->admin->page(true); + if (isset($data['frontmatter']) && !$this->checkValidFrontmatter($data['frontmatter'])) { + $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INVALID_FRONTMATTER_COULD_NOT_SAVE'), 'error'); + return false; + } + //Handle system.home.hide_in_urls $hide_home_route = $config->get('system.home.hide_in_urls', false); if ($hide_home_route) { @@ -1112,7 +1146,7 @@ class AdminController } } - $parent = $route && $route != '/' ? $pages->dispatch($route, true) : $pages->root(); + $parent = $route && $route != '/' && $route != '.' ? $pages->dispatch($route, true) : $pages->root(); $original_slug = $obj->slug(); $original_order = intval(trim($obj->order(), '.')); @@ -1152,6 +1186,9 @@ class AdminController } if ($obj) { + // Event to manipulate data before saving the object + $this->grav->fireEvent('onAdminSave', new Event(['object' => &$obj])); + $obj->save(true); $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.SUCCESSFULLY_SAVED'), 'info'); } diff --git a/languages/en.yaml b/languages/en.yaml index 91646f93..5d76495b 100644 --- a/languages/en.yaml +++ b/languages/en.yaml @@ -474,3 +474,4 @@ PLUGIN_ADMIN: SESSION_HTTPONLY_HELP: "If true, indicates that cookies should be used only over HTTP, and JavaScript modification is not allowed" REVERSE_PROXY: "Reverse Proxy" REVERSE_PROXY_HELP: "Enable this if you are behind a reverse proxy and you are having trouble with URLs containing incorrect ports" + INVALID_FRONTMATTER_COULD_NOT_SAVE: "Invalid frontmatter, could not save" \ No newline at end of file diff --git a/pages/admin/config.md b/pages/admin/config.md index e69de29b..aa5fef18 100644 --- a/pages/admin/config.md +++ b/pages/admin/config.md @@ -0,0 +1,7 @@ +--- +title: Config + +access: + admin.configuration: true + admin.super: true +--- diff --git a/pages/admin/dashboard.md b/pages/admin/dashboard.md index eb1f7e26..83962023 100644 --- a/pages/admin/dashboard.md +++ b/pages/admin/dashboard.md @@ -5,87 +5,3 @@ access: admin.login: true admin.super: true --- - -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod -tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, -quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo -consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse -cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non -proident, sunt in culpa qui officia deserunt mollit anim id est laborum. - -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod -tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, -quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo -consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse -cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non -proident, sunt in culpa qui officia deserunt mollit anim id est laborum. - -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod -tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, -quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo -consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse -cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non -proident, sunt in culpa qui officia deserunt mollit anim id est laborum. - -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod -tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, -quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo -consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse -cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non -proident, sunt in culpa qui officia deserunt mollit anim id est laborum. - -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod -tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, -quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo -consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse -cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non -proident, sunt in culpa qui officia deserunt mollit anim id est laborum. - -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod -tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, -quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo -consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse -cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non -proident, sunt in culpa qui officia deserunt mollit anim id est laborum. - -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod -tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, -quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo -consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse -cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non -proident, sunt in culpa qui officia deserunt mollit anim id est laborum. - -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod -tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, -quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo -consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse -cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non -proident, sunt in culpa qui officia deserunt mollit anim id est laborum. - -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod -tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, -quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo -consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse -cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non -proident, sunt in culpa qui officia deserunt mollit anim id est laborum. - -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod -tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, -quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo -consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse -cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non -proident, sunt in culpa qui officia deserunt mollit anim id est laborum. - -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod -tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, -quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo -consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse -cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non -proident, sunt in culpa qui officia deserunt mollit anim id est laborum. - -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod -tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, -quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo -consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse -cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non -proident, sunt in culpa qui officia deserunt mollit anim id est laborum. diff --git a/themes/grav/js/forms/form.js b/themes/grav/js/forms/form.js index 6d2fd72f..92745879 100644 --- a/themes/grav/js/forms/form.js +++ b/themes/grav/js/forms/form.js @@ -333,6 +333,19 @@ } } + //Prevent issue caused by a IE / Edge bug sending an empty form with just `route` and `task` + var numberOfProperties = 0; + for ( var prop in values ) { + if (values.hasOwnProperty(prop)) { + numberOfProperties++; + } + } + if (numberOfProperties == 2) { + if (values.route && values.task) { + return; + } + } + return form.appendTo('body').submit(); } else { return $.ajax({ method: method, url: action, data: values }); diff --git a/themes/grav/templates/forms/fields/order/order.html.twig b/themes/grav/templates/forms/fields/order/order.html.twig index 7675912e..aad5b139 100644 --- a/themes/grav/templates/forms/fields/order/order.html.twig +++ b/themes/grav/templates/forms/fields/order/order.html.twig @@ -25,7 +25,7 @@ {% if siblings|length < 200 %} {% else %} diff --git a/themes/grav/templates/pages.html.twig b/themes/grav/templates/pages.html.twig index c803f94e..b6e17908 100644 --- a/themes/grav/templates/pages.html.twig +++ b/themes/grav/templates/pages.html.twig @@ -89,7 +89,7 @@ 0 ? 'data-toggle="children"' : ''}} data-hint="{{ description|trim(' • ') }}" class="hint--bottom"> - {{ p.title }} + {{ p.title|e }} {% if p.language %} {{p.language}} @@ -192,7 +192,7 @@

{{ "PLUGIN_ADMIN.ADD_PAGE"|tu }}

{% elseif mode == 'edit' %}

- {{ context.exists ? "PLUGIN_ADMIN.EDIT"|tu ~ " #{context.menu}" : "PLUGIN_ADMIN.CREATE"|tu ~ " #{context.menu}" }} + {{ context.exists ? "PLUGIN_ADMIN.EDIT"|tu ~ " #{context.menu|e}" : "PLUGIN_ADMIN.CREATE"|tu ~ " #{context.menu|e}" }}

{% else %}

{{ "PLUGIN_ADMIN.MANAGE_PAGES"|tu }}

diff --git a/themes/grav/templates/partials/base.html.twig b/themes/grav/templates/partials/base.html.twig index 3b7d127d..d3f799e4 100644 --- a/themes/grav/templates/partials/base.html.twig +++ b/themes/grav/templates/partials/base.html.twig @@ -11,6 +11,8 @@ {% endif %} {% if header.robots %} + {% else %} + {% endif %} diff --git a/themes/grav/templates/partials/dashboard-pages.html.twig b/themes/grav/templates/partials/dashboard-pages.html.twig index 89cd08fe..8838fd8f 100644 --- a/themes/grav/templates/partials/dashboard-pages.html.twig +++ b/themes/grav/templates/partials/dashboard-pages.html.twig @@ -6,7 +6,11 @@

{{ "PLUGIN_ADMIN.LATEST_PAGE_UPDATES"|tu }}

{% for latest in admin.latestPages if admin.latestPages %} - + + + {% endfor %}
{{ latest.title }}{{ latest.route }}{{ latest.modified|nicetime }}
+ {{ latest.title|e }}{{ latest.route }}{{ latest.modified|nicetime }} +
diff --git a/themes/grav/templates/partials/nav.html.twig b/themes/grav/templates/partials/nav.html.twig index 43065372..f93d9a08 100644 --- a/themes/grav/templates/partials/nav.html.twig +++ b/themes/grav/templates/partials/nav.html.twig @@ -9,12 +9,12 @@ {#{% if admin.authorize %}#}
- +
-

{{ admin.user.fullname }}

-
{{ admin.user.title }}
+

{{ admin.user.fullname|e }}

+
{{ admin.user.title|e }}