Merge branch 'develop' of https://github.com/getgrav/grav-plugin-admin into develop

# Conflicts: # classes/controller.php
2025-11-02 11:26:04 +01:00 · 2016-01-21 09:51:35 +02:00
parent 0424975657 9f7b55476a
commit 77639e71cf
14 changed files with 103 additions and 107 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,22 @@
+# v1.0.7
+## 01/15/2016
+
+1. [](#new)
+    * Added onAdminDashboard event
+    * Added onAdminSave event
+    * New lang strings for reverse proxy toggle
+1. [](#improved)
+    * More robust YAML file checking in config folders
+    * Removed deprecated menu event
+    * Removed old logs code
+    * Used new onAdminDashboard event for current dashboard widgets 
+1. [](#bugfix)
+    * Fix for missing access checks on config pages #397
+    * Fix parent not loaded on admin form save #587
+    * When no route field is added to a page blueprint, add it as page root
+    * Fix for wrong page count (will show dynamic added pages in count too - Need to fix this)
+    * Fix for IE/Edge saving forms #391
+
 # v1.0.6
 ## 01/07/2016

--- a/admin.php
+++ b/admin.php
@@ -96,10 +96,10 @@ class AdminPlugin extends Plugin

        // check for existence of a user account
        $account_dir = $file_path = $this->grav['locator']->findResource('account://');
-        $user_check = (array) glob($account_dir . '/*.yaml');
+        $user_check = glob($account_dir . '/*.yaml');

        // If no users found, go to register
-        if (!count($user_check) > 0) {
+        if ($user_check == false || count((array)$user_check) == 0) {
            if (!$this->isAdminPath()) {
                $this->grav->redirect($this->base);
            }
--- a/blueprints.yaml
+++ b/blueprints.yaml
@@ -1,5 +1,5 @@
 name: Admin Panel
-version: 1.0.6
+version: 1.0.7
 description: Adds an advanced administration panel to manage your site
 icon: empire
 author:
--- a/classes/admin.php
+++ b/classes/admin.php
@@ -402,10 +402,7 @@ class Admin
     */
    public function countPages()
    {
-        $routable = $this->grav['pages']->all()->routable();
-        $modular = $this->grav['pages']->all()->modular();
-
-        return count($routable) + count($modular);
+        return count($this->grav['pages']->all());
    }

    /**
--- a/classes/controller.php
+++ b/classes/controller.php
@@ -16,8 +16,10 @@ use Grav\Common\Theme;
 use Grav\Common\User\User;
 use Grav\Common\Utils;
 use Grav\Common\Backup\ZipBackup;
+use RocketTheme\Toolbox\Event\Event;
 use RocketTheme\Toolbox\File\File;
 use RocketTheme\Toolbox\File\JsonFile;
+use Symfony\Component\Yaml\Exception\ParseException;
 use Symfony\Component\Yaml\Yaml;

 class AdminController
@@ -626,15 +628,18 @@ class AdminController

        // Check extension
        $fileParts = pathinfo($_FILES['file']['name']);
+
+        $fileExt = '';
+        if (isset($fileParts['extension'])) {
            $fileExt = strtolower($fileParts['extension']);
+        }

        // If not a supported type, return
-        if (!$config->get("media.{$fileExt}")) {
+        if (!$fileExt || !$config->get("media.{$fileExt}")) {
            $this->admin->json_response = ['status' => 'error', 'message' => $this->admin->translate('PLUGIN_ADMIN.UNSUPPORTED_FILE_TYPE') . ': '.$fileExt];
            return false;
        }

-
        // Upload it
        if (!move_uploaded_file($_FILES['file']['tmp_name'], sprintf('%s/%s', $page->path(), $_FILES['file']['name']))) {
            $this->admin->json_response = ['status' => 'error', 'message' => $this->admin->translate('PLUGIN_ADMIN.FAILED_TO_MOVE_UPLOADED_FILE')];
@@ -677,18 +682,20 @@ class AdminController
            } else {
                //Try with responsive images @1x, @2x, @3x
                $ext = pathinfo($targetPath, PATHINFO_EXTENSION);
-                $filename = $page->path() . '/'. basename($targetPath, ".$ext");
-                $responsiveTargetPath = $filename . '@1x.' . $ext;
+                $fullPathFilename = $page->path() . '/'. basename($targetPath, ".$ext");
+                $responsiveTargetPath = $fullPathFilename . '@1x.' . $ext;
+
                $deletedResponsiveImage = false;
                if (file_exists($responsiveTargetPath) && unlink($responsiveTargetPath)) {
                    $deletedResponsiveImage = true;
                }

-                $responsiveTargetPath = $filename . '@2x.' . $ext;
+                $responsiveTargetPath = $fullPathFilename . '@2x.' . $ext;
                if (file_exists($responsiveTargetPath) && unlink($responsiveTargetPath)) {
                    $deletedResponsiveImage = true;
                }
-                $responsiveTargetPath = $filename . '@3x.' . $ext;
+
+                $responsiveTargetPath = $fullPathFilename . '@3x.' . $ext;
                if (file_exists($responsiveTargetPath) && unlink($responsiveTargetPath)) {
                    $deletedResponsiveImage = true;
                }
@@ -1072,6 +1079,28 @@ class AdminController
        return $obj;
    }

+    /**
+     * @param string $frontmatter
+     * @return bool
+     */
+    public function checkValidFrontmatter($frontmatter)
+    {
+        try {
+            // Try native PECL YAML PHP extension first if available.
+            if (function_exists('yaml_parse')) {
+                $saved = @ini_get('yaml.decode_php');
+                @ini_set('yaml.decode_php', 0);
+                @yaml_parse("---\n" . $frontmatter . "\n...");
+                @ini_set('yaml.decode_php', $saved);
+            } else {
+                Yaml::parse($frontmatter);
+            }
+        } catch (ParseException $e) {
+            return false;
+        }
+        return true;
+    }
+
    /**
     * Handles form and saves the input data if its valid.
     *
@@ -1096,6 +1125,11 @@ class AdminController
            $route = !isset($data['route']) ? dirname($this->admin->route) : $data['route'];
            $obj = $this->admin->page(true);

+            if (isset($data['frontmatter']) && !$this->checkValidFrontmatter($data['frontmatter'])) {
+                $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INVALID_FRONTMATTER_COULD_NOT_SAVE'), 'error');
+                return false;
+            }
+
            //Handle system.home.hide_in_urls
            $hide_home_route = $config->get('system.home.hide_in_urls', false);
            if ($hide_home_route) {
@@ -1112,7 +1146,7 @@ class AdminController
                }
            }

-            $parent = $route && $route != '/' ? $pages->dispatch($route, true) : $pages->root();
+            $parent = $route && $route != '/' && $route != '.' ? $pages->dispatch($route, true) : $pages->root();

            $original_slug = $obj->slug();
            $original_order = intval(trim($obj->order(), '.'));
@@ -1152,6 +1186,9 @@ class AdminController
        }

        if ($obj) {
+            // Event to manipulate data before saving the object
+            $this->grav->fireEvent('onAdminSave', new Event(['object' => &$obj]));
+
            $obj->save(true);
            $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.SUCCESSFULLY_SAVED'), 'info');
        }
--- a/languages/en.yaml
+++ b/languages/en.yaml
@@ -474,3 +474,4 @@ PLUGIN_ADMIN:
  SESSION_HTTPONLY_HELP: "If true, indicates that cookies should be used only over HTTP, and JavaScript modification is not allowed"
  REVERSE_PROXY: "Reverse Proxy"
  REVERSE_PROXY_HELP: "Enable this if you are behind a reverse proxy and you are having trouble with URLs containing incorrect ports"
+  INVALID_FRONTMATTER_COULD_NOT_SAVE: "Invalid frontmatter, could not save"
--- a/pages/admin/config.md
+++ b/pages/admin/config.md
@@ -0,0 +1,7 @@
+---
+title: Config
+
+access:
+    admin.configuration: true
+    admin.super: true
+---
--- a/pages/admin/dashboard.md
+++ b/pages/admin/dashboard.md
@@ -5,87 +5,3 @@ access:
    admin.login: true
    admin.super: true
 ---
-
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
-tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
-quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
-consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
-cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
-proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
-
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
-tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
-quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
-consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
-cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
-proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
-
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
-tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
-quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
-consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
-cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
-proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
-
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
-tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
-quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
-consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
-cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
-proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
-
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
-tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
-quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
-consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
-cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
-proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
-
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
-tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
-quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
-consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
-cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
-proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
-
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
-tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
-quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
-consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
-cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
-proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
-
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
-tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
-quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
-consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
-cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
-proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
-
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
-tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
-quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
-consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
-cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
-proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
-
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
-tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
-quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
-consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
-cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
-proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
-
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
-tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
-quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
-consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
-cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
-proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
-
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
-tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
-quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
-consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
-cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
-proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
--- a/themes/grav/js/forms/form.js
+++ b/themes/grav/js/forms/form.js
@@ -333,6 +333,19 @@
                }
            }

+            //Prevent issue caused by a IE / Edge bug sending an empty form with just `route` and `task`
+            var numberOfProperties = 0;
+            for ( var prop in values ) {
+                if (values.hasOwnProperty(prop)) {
+                    numberOfProperties++;
+                }
+            }
+            if (numberOfProperties == 2) {
+                if (values.route && values.task) {
+                    return;
+                }
+            }
+
            return form.appendTo('body').submit();
        } else {
            return $.ajax({ method: method, url: action, data: values });
--- a/themes/grav/templates/forms/fields/order/order.html.twig
+++ b/themes/grav/templates/forms/fields/order/order.html.twig
@@ -25,7 +25,7 @@
            {% if siblings|length < 200 %}
 				<ul id="ordering" class="{{ field.classes }}">
 			    {% for page in siblings %}
-					<li class="{% if page.order  == value %}drag-handle{% else %}ignore{% endif %}" data-id="{{ page.slug }}">{{ page.title() }}</li>
+					<li class="{% if page.order  == value %}drag-handle{% else %}ignore{% endif %}" data-id="{{ page.slug }}">{{ page.title|e }}</li>
                {% endfor %}
 				</ul>
 			{% else %}
--- a/themes/grav/templates/pages.html.twig
+++ b/themes/grav/templates/pages.html.twig
@@ -89,7 +89,7 @@
                <span {{ p.children(0).count > 0 ? 'data-toggle="children"' : ''}} data-hint="{{ description|trim(' &bull; ') }}" class="hint--bottom">
                <i class="page-icon fa fa-fw fa-circle-o {{ p.children(0).count > 0 ? 'children-closed' : ''}} {{ p.modular ? 'modular' : (not p.routable ? 'not-routable' : (not p.visible ? 'not-visible' : (not p.page ? 'folder' :  ''))) }}"></i>
                </span>
-                <a href="{{ page_url }}" class="page-edit">{{ p.title }}</a>
+                <a href="{{ page_url }}" class="page-edit">{{ p.title|e }}</a>

                {% if p.language %}
                    <span class="badge lang {% if p.language == admin_lang %}info{% endif %}">{{p.language}}</span>
@@ -192,7 +192,7 @@
        <h1><i class="fa fa-fw fa-file-text-o"></i> {{ "PLUGIN_ADMIN.ADD_PAGE"|tu }}</h1>
    {% elseif mode == 'edit' %}
        <h1><i class="fa fa-fw fa-file-text-o"></i>
-            {{ context.exists ? "PLUGIN_ADMIN.EDIT"|tu ~ " <i>#{context.menu}</i>" : "PLUGIN_ADMIN.CREATE"|tu ~ " <i>#{context.menu}</i>" }}
+            {{ context.exists ? "PLUGIN_ADMIN.EDIT"|tu ~ " <i>#{context.menu|e}</i>" : "PLUGIN_ADMIN.CREATE"|tu ~ " <i>#{context.menu|e}</i>" }}
        </h1>
    {% else %}
        <h1><i class="fa fa-fw fa-file-text-o"></i> {{ "PLUGIN_ADMIN.MANAGE_PAGES"|tu }}</h1>
--- a/themes/grav/templates/partials/base.html.twig
+++ b/themes/grav/templates/partials/base.html.twig
@@ -11,6 +11,8 @@
    {% endif %}
    {% if header.robots %}
        <meta name="robots" content="{{ header.robots }}">
+    {% else %}
+        <meta name="robots" content="noindex, nofollow">
    {% endif %}
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="icon" type="image/png" href="{{ base_url_simple }}{{ theme_url }}/images/favicon.png">
--- a/themes/grav/templates/partials/dashboard-pages.html.twig
+++ b/themes/grav/templates/partials/dashboard-pages.html.twig
@@ -6,7 +6,11 @@
        <h1>{{ "PLUGIN_ADMIN.LATEST_PAGE_UPDATES"|tu }}</h1>
        <table>
        {% for latest in admin.latestPages if admin.latestPages %}
-            <tr><td class="double page-title"><a href="{{ base_url }}/pages/{{ latest.route|trim('/') }}"><i class="fa fa-fw fa-file-o"></i> {{ latest.title }}</a></td><td class="double page-route">{{ latest.route }}</td><td><b class="last-modified">{{ latest.modified|nicetime }}</b></td></tr>
+            <tr>
+                <td class="double page-title">
+                    <a href="{{ base_url }}/pages/{{ latest.route|trim('/') }}"><i class="fa fa-fw fa-file-o"></i> {{ latest.title|e }}</a></td><td class="double page-route">{{ latest.route }}</td><td><b class="last-modified">{{ latest.modified|nicetime }}</b>
+                </td>
+            </tr>
        {% endfor %}
        </table>
    </div>
--- a/themes/grav/templates/partials/nav.html.twig
+++ b/themes/grav/templates/partials/nav.html.twig
@@ -9,12 +9,12 @@

    {#{% if admin.authorize %}#}
    <div id="admin-user-details">
-        <a href="{{ base_url_relative }}/users/{{ admin.user.username }}">
+        <a href="{{ base_url_relative }}/users/{{ admin.user.username|e }}">
            <img src="//www.gravatar.com/avatar/{{ admin.user.email|md5 }}?s=32" />

            <div class="admin-user-names">
-                <h4>{{ admin.user.fullname }}</h4>
-                <h5>{{ admin.user.title }}</h5>
+                <h4>{{ admin.user.fullname|e }}</h4>
+                <h5>{{ admin.user.title|e }}</h5>
            </div>
        </a>
    </div>