From dc9b6daaa34bb0bca5e7883c8873d21aba850e3c Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Wed, 20 Jun 2018 23:37:58 +0100
Subject: [PATCH 1/5] Fix for modular markdown preview admin#1066

---
 CHANGELOG.md                | 6 ++++++
 classes/admincontroller.php | 1 +
 2 files changed, 7 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1dfede56..93b3436a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+# v1.8.6
+## mm/dd/2018
+
+1. [](#bugfix)
+    * Force `html` for markdown preview [grav#2066](https://github.com/getgrav/grav/issues/2066)
+
 # v1.8.5
 ## 06/20/2018
 
diff --git a/classes/admincontroller.php b/classes/admincontroller.php
index 300f6b75..383c6e6c 100644
--- a/classes/admincontroller.php
+++ b/classes/admincontroller.php
@@ -1863,6 +1863,7 @@ class AdminController extends AdminBaseController
 
             $this->preparePage($page, true);
             $page->header();
+            $page->templateFormat('html');
 
             // Add theme template paths to Twig loader
             $template_paths = $this->grav['locator']->findResources('theme://templates');

From 3282d9f1165092f72f4a7afa8b5514bc68a88e9d Mon Sep 17 00:00:00 2001
From: Djamil Legato <djamil@djamil.it>
Date: Mon, 2 Jul 2018 11:40:18 -0700
Subject: [PATCH 2/5] Syslog language

---
 languages/en.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/languages/en.yaml b/languages/en.yaml
index 0d89de41..59d6a178 100644
--- a/languages/en.yaml
+++ b/languages/en.yaml
@@ -392,6 +392,10 @@ PLUGIN_ADMIN:
   DISPLAY_ERRORS_HELP: "Display full backtrace-style error page"
   LOG_ERRORS: "Log errors"
   LOG_ERRORS_HELP: "Log errors to /logs folder"
+  LOG_HANDLER: "Log handler"
+  LOG_HANDLER_HELP: "Where to output the logs"
+  SYSLOG_FACILITY: "Syslog facility"
+  SYSLOG_FACILITY_HELP: "Syslog facility for output"
   DEBUGGER: "Debugger"
   DEBUGGER_HELP: "Enable Grav debugger and following settings"
   DEBUG_TWIG: "Debug Twig"

From e87217a2426864669cc63740620f5bd702860874 Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Wed, 11 Jul 2018 15:30:11 -0600
Subject: [PATCH 3/5] Add some missing `authorizeTask()` checks #1483

---
 CHANGELOG.md                |   1 +
 classes/admincontroller.php | 127 +++++++++++++++++++++++-------------
 2 files changed, 82 insertions(+), 46 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 93b3436a..03cacf4f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 
 1. [](#bugfix)
     * Force `html` for markdown preview [grav#2066](https://github.com/getgrav/grav/issues/2066)
+    * Add missing `authorizeTask()` checks in controller [#1483](https://github.com/getgrav/grav/issues/1483)
 
 # v1.8.5
 ## 06/20/2018
diff --git a/classes/admincontroller.php b/classes/admincontroller.php
index 383c6e6c..fcd0256b 100644
--- a/classes/admincontroller.php
+++ b/classes/admincontroller.php
@@ -876,6 +876,10 @@ class AdminController extends AdminBaseController
 
     protected function taskGetNewsFeed()
     {
+        if (!$this->authorizeTask('dashboard', ['admin.login', 'admin.super'])) {
+            return false;
+        }
+
         $cache = $this->grav['cache'];
 
         if ($this->post['refresh'] === 'true') {
@@ -924,6 +928,10 @@ class AdminController extends AdminBaseController
      */
     protected function taskGetUpdates()
     {
+        if (!$this->authorizeTask('dashboard', ['admin.login', 'admin.super'])) {
+            return false;
+        }
+
         $data  = $this->post;
         $flush = (isset($data['flush']) && $data['flush'] == true) ? true : false;
 
@@ -970,6 +978,10 @@ class AdminController extends AdminBaseController
      */
     protected function taskGetNotifications()
     {
+        if (!$this->authorizeTask('dashboard', ['admin.login', 'admin.super'])) {
+            return false;
+        }
+
         $cache = $this->grav['cache'];
         if (!(bool)$this->grav['config']->get('system.cache.enabled') || !$notifications = $cache->fetch('notifications')) {
             //No notifications cache (first time)
@@ -1009,6 +1021,10 @@ class AdminController extends AdminBaseController
      */
     protected function taskProcessNotifications()
     {
+        if (!$this->authorizeTask('notifications', ['admin.login', 'admin.super'])) {
+            return false;
+        }
+
         $cache = $this->grav['cache'];
 
         $data          = $this->post;
@@ -1217,6 +1233,15 @@ class AdminController extends AdminBaseController
         $package_name    = isset($data['package_name']) ? $data['package_name'] : '';
         $current_version = isset($data['current_version']) ? $data['current_version'] : '';
 
+        if (!$this->authorizeTask('install ' . $type, ['admin.' . $type, 'admin.super'])) {
+            $json_response = [
+                'status'  => 'error',
+                'message' => $this->admin->translate('PLUGIN_ADMIN.INSUFFICIENT_PERMISSIONS_FOR_TASK')
+            ];
+            echo json_encode($json_response);
+            exit;
+        }
+
         $url = "https://getgrav.org/download/{$type}s/$slug/$current_version";
 
         $result = Gpm::directInstall($url);
@@ -1845,9 +1870,9 @@ class AdminController extends AdminBaseController
      */
     protected function taskProcessMarkdown()
     {
-        /*if (!$this->authorizeTask('process markdown', ['admin.pages', 'admin.super'])) {
+        if (!$this->authorizeTask('process markdown', ['admin.pages', 'admin.super'])) {
             return;
-        }*/
+        }
 
         try {
             $page = $this->admin->page(true);
@@ -2174,6 +2199,10 @@ class AdminController extends AdminBaseController
      */
     protected function taskSwitchlanguage()
     {
+        if (!$this->authorizeTask('switch language', ['admin.pages', 'admin.super'])) {
+            return false;
+        }
+
         $data = (array)$this->data;
 
         if (isset($data['lang'])) {
@@ -2199,6 +2228,56 @@ class AdminController extends AdminBaseController
         $this->setRedirect('/' . $language . $admin_route . '/' . $redirect);
     }
 
+    /**
+     * Handle direct install.
+     */
+    protected function taskDirectInstall()
+    {
+        if (!$this->authorizeTask('install', ['admin.super'])) {
+            return false;
+        }
+
+        $file_path = isset($this->data['file_path']) ? $this->data['file_path'] : null ;
+
+        if (isset($_FILES['uploaded_file'])) {
+
+            // Check $_FILES['file']['error'] value.
+            switch ($_FILES['uploaded_file']['error']) {
+                case UPLOAD_ERR_OK:
+                    break;
+                case UPLOAD_ERR_NO_FILE:
+                    $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.NO_FILES_SENT'), 'error');
+                    return false;
+                case UPLOAD_ERR_INI_SIZE:
+                case UPLOAD_ERR_FORM_SIZE:
+                    $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.EXCEEDED_FILESIZE_LIMIT'), 'error');
+                    return false;
+                case UPLOAD_ERR_NO_TMP_DIR:
+                    $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.UPLOAD_ERR_NO_TMP_DIR'), 'error');
+                    return false;
+                default:
+                    $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.UNKNOWN_ERRORS'), 'error');
+                    return false;
+            }
+
+            $file_path = $_FILES['uploaded_file']['tmp_name'];
+        }
+
+
+        $result = Gpm::directInstall($file_path);
+
+        if ($result === true) {
+            $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INSTALLATION_SUCCESSFUL'), 'info');
+        } else {
+            $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INSTALLATION_FAILED') . ': ' . $result,
+                'error');
+        }
+
+        $this->setRedirect('/tools');
+
+        return true;
+    }
+
     /**
      * Save the current page in a different language. Automatically switches to that language.
      *
@@ -2270,49 +2349,5 @@ class AdminController extends AdminBaseController
         return $filename . '.md';
     }
 
-    /**
-     * Handle direct install.
-     */
-    protected function taskDirectInstall()
-    {
-        $file_path = isset($this->data['file_path']) ? $this->data['file_path'] : null ;
 
-        if (isset($_FILES['uploaded_file'])) {
-
-            // Check $_FILES['file']['error'] value.
-            switch ($_FILES['uploaded_file']['error']) {
-                case UPLOAD_ERR_OK:
-                    break;
-                case UPLOAD_ERR_NO_FILE:
-                    $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.NO_FILES_SENT'), 'error');
-                    return false;
-                case UPLOAD_ERR_INI_SIZE:
-                case UPLOAD_ERR_FORM_SIZE:
-                    $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.EXCEEDED_FILESIZE_LIMIT'), 'error');
-                    return false;
-                case UPLOAD_ERR_NO_TMP_DIR:
-                    $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.UPLOAD_ERR_NO_TMP_DIR'), 'error');
-                    return false;
-                default:
-                    $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.UNKNOWN_ERRORS'), 'error');
-                    return false;
-            }
-
-            $file_path = $_FILES['uploaded_file']['tmp_name'];
-        }
-
-
-        $result = Gpm::directInstall($file_path);
-
-        if ($result === true) {
-            $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INSTALLATION_SUCCESSFUL'), 'info');
-        } else {
-            $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INSTALLATION_FAILED') . ': ' . $result,
-                'error');
-        }
-
-        $this->setRedirect('/tools');
-
-        return true;
-    }
 }

From 9a1dec55b8b114085f48c59504709bdcba21ebd0 Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Fri, 13 Jul 2018 15:43:15 -0600
Subject: [PATCH 4/5] Support `force_ssl` option in admin plugin #1479

---
 CHANGELOG.md |  1 +
 admin.php    | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 03cacf4f..3c7905b0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@
 1. [](#bugfix)
     * Force `html` for markdown preview [grav#2066](https://github.com/getgrav/grav/issues/2066)
     * Add missing `authorizeTask()` checks in controller [#1483](https://github.com/getgrav/grav/issues/1483)
+    * Add support for `force_ssl` to admin URLs [#1479](https://github.com/getgrav/grav-plugin-admin/issues/1479)
 
 # v1.8.5
 ## 06/20/2018
diff --git a/admin.php b/admin.php
index 6be371c3..2dcfaf0f 100644
--- a/admin.php
+++ b/admin.php
@@ -317,6 +317,16 @@ class AdminPlugin extends Plugin
      */
     public function onPagesInitialized()
     {
+        $config = $this->config;
+
+        // Force SSL with redirect if required
+        if ($config->get('system.force_ssl')) {
+            if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on') {
+                $url = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+                $this->grav->redirect($url);
+            }
+        }
+
         $this->session = $this->grav['session'];
 
         // Set original route for the home page.

From efb7e7ff41dcc77d2908e9a9cc3451940f7299a1 Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Fri, 13 Jul 2018 15:50:19 -0600
Subject: [PATCH 5/5] Prepare for release

---
 CHANGELOG.md    | 2 +-
 blueprints.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3c7905b0..30e57f58 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,5 @@
 # v1.8.6
-## mm/dd/2018
+## 07/13/2018
 
 1. [](#bugfix)
     * Force `html` for markdown preview [grav#2066](https://github.com/getgrav/grav/issues/2066)
diff --git a/blueprints.yaml b/blueprints.yaml
index a060baf4..ed2b2290 100644
--- a/blueprints.yaml
+++ b/blueprints.yaml
@@ -1,5 +1,5 @@
 name: Admin Panel
-version: 1.8.5
+version: 1.8.6
 description: Adds an advanced administration panel to manage your site
 icon: empire
 author: