Grav-Admin-Plugin

mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2025-10-29 09:16:48 +01:00

Author	SHA1	Message	Date
Matias Griese	853abfbbd3	Fixed `X-Frame-Options` to be `DENY` in all admin pages to prevent a clickjacking attack	2021-09-01 13:17:21 +03:00
Matias Griese	2546cd35e0	Make sure that login data is an array in taskLogin()	2021-08-18 13:41:04 +03:00
Matias Griese	f42e996138	Update taskGetChildTypes() to use Flex Pages (works without the plugin) [#2087 ]	2021-06-10 11:10:06 +03:00
Matias Griese	1136a1007e	Fixed configuration not fully updating on save [#2149 ]	2021-05-26 10:48:50 +03:00
Matias Griese	a01170576a	Updated SCSS compiler to v1.5	2021-05-18 18:32:32 +03:00
Andy Miller	1ceebec29f	improve plugin enabled logic	2021-05-05 12:53:07 -06:00
Andy Miller	3aae171297	improve activation logic	2021-05-05 12:14:04 -06:00
Matias Griese	9d21a98f61	Theme update - custom files overwritten #2135	2021-04-29 14:58:48 +03:00
Matias Griese	1b26b4ca7d	Fixed permission check for configuration save [#2130 ]	2021-04-23 11:21:41 +03:00
Djamil Legato	438c9716cc	Better Pages default permissions	2021-04-22 11:57:40 -07:00
Matias Griese	c097eee87f	Fixed error reporting for AJAX tasks if user has no permissions	2021-04-15 10:11:04 +03:00
Matias Griese	7ed36e462e	Fixed error reporting for AJAX tasks if user has no permissions	2021-04-14 21:43:40 +03:00
Matias Griese	cde46a2eb0	Regression: Fixed broken plugin/theme installer in admin	2021-04-14 13:54:01 +03:00
Matias Griese	9383007b93	Better document admin tasks	2021-04-14 13:40:02 +03:00
Matias Griese	1acb94e857	Fixed error message when user clicks logout link after his session has been expired	2021-04-13 10:16:17 +03:00
Matias Griese	da8a7b574c	Improve ACL checks for the tasks	2021-04-12 22:06:43 +03:00
Matias Griese	9108a4a85f	Fixed broken 2FA login when site is not configured to use Flex Users [#2109 ]	2021-04-08 10:56:18 +03:00
Matias Griese	9fca08ab43	Regression: Fixed broken 2FA form [#2109 ]	2021-04-07 14:14:04 +03:00
Matias Griese	58e2c6cc55	Change nonce expiration message	2021-03-31 11:48:15 +03:00
Matias Griese	f36b244198	Include query param `task` into task checks	2021-03-26 18:15:42 +02:00
Matias Griese	aa4f80eec1	Greatly improve login related actions for Admin * Better isolate admin to prevent session related vulnerabilities * Removed support for custom login redirects for improved security * Shorten forgot password link lifetime from 7 days to 1 hour * Fixed login related pages being accessible from admin when user has logged in * Fixed admin user creation and password reset allowing unsafe passwords * Fixed missing validation when registering the first admin user * Fixed reset password email not to have session specific token in it	2021-03-26 14:39:37 +02:00
Matias Griese	b3d66b3d3a	Rename internal save methods	2021-03-19 18:06:24 +02:00
Matias Griese	b7271bc424	Regression: Fixed enabling/disabling plugin or theme corrupting configuration	2021-02-19 22:04:04 +02:00
Matias Griese	7832d6992e	Fixed ACL for users with mixed case usernames [#2073 ]	2021-02-18 16:22:55 +02:00
Matias Griese	64e41b034e	Fixed fatal error in admin if POST request has `data` in it [#2074 ]	2021-02-18 15:33:38 +02:00
Matias Griese	a8983a003d	Fixed ACL for Configuration tabs [#771 ]	2021-02-10 15:26:02 +02:00
Matias Griese	417d82769b	Fixed `onAdminAfterAddMedia` event always pointing to the home page [#1905 ]	2021-02-10 13:08:34 +02:00
Matias Griese	725ed07ad9	Fixed `onAdminAfterDelMedia` event always pointing to home page [#1905 ]	2021-02-10 12:57:43 +02:00
Matias Griese	6328489170	Provide media object and filename in `onAdminAfterDelMedia` event [#1905 ]	2021-02-10 12:40:25 +02:00
Matias Griese	2223b2eb73	Fixed deleting list field options completely, didn't save changes [#2056 ]	2021-02-08 21:30:37 +02:00
Matias Griese	ad5d3a3829	Improve flash file error detection	2021-02-08 17:25:32 +02:00
Matias Griese	905a2a299f	Fixed case-sensitive `accept` in `filepicker` field	2021-02-04 17:08:05 +02:00
Matias Griese	01568544b5	Fixed admin style compilation failing to save CSS if assets folder does not exist	2021-01-21 14:44:41 +02:00
Matias Griese	5ed810a2ab	Fixed fatal error when moving a page using the old implementation [#2019 ]	2021-01-18 12:40:13 +02:00
Matias Griese	de3a557b80	Display controller exceptions in debugger	2021-01-18 12:05:24 +02:00
Matias Griese	1d669c5fb9	Minor code improvements	2021-01-08 18:57:41 +02:00
Djamil Legato	72116dcbca	Fixed notifications that would not be remembered as hidden + various improvements	2020-12-21 15:29:42 -08:00
Djamil Legato	06719a23dd	Properly exit the nested foreach when a matching dependency is found	2020-12-21 10:55:56 -08:00
Matias Griese	d9c73e2edb	Post merge conflicts	2020-12-01 09:51:43 +02:00
Matias Griese	432ef4bb1a	Composer update after merge	2020-12-01 09:37:58 +02:00
Matias Griese	be6428922d	Merge branch 'develop' of github.com:getgrav/grav-plugin-admin into 1.10 Conflicts: admin.php classes/plugin/AdminController.php composer.lock vendor/composer/autoload_classmap.php vendor/composer/autoload_psr4.php vendor/composer/autoload_real.php vendor/composer/autoload_static.php vendor/composer/installed.json	2020-12-01 09:24:05 +02:00
Matias Griese	9483b98be8	Check that backup file ends with .zip in case if there are other files in the backup folder	2020-12-01 09:01:41 +02:00
Andy Miller	24e7d154f1	fixes GHSA-85r3-mf4x-qp8f	2020-11-30 16:36:30 -07:00
Andy Miller	c32fa412b7	fixes for GHSA-85r3-mf4x-qp8f	2020-11-30 16:22:39 -07:00
Andy Miller	5eb2e6375f	Merge branch 'advisory-fix-1' into develop # Conflicts: # CHANGELOG.md	2020-11-30 16:00:52 -07:00
Matias Griese	018940c1bc	Reworked getMedia() field	2020-11-30 17:25:53 +02:00
Matias Griese	c604c05491	Remove comments	2020-11-26 15:55:02 +02:00
Matias Griese	ddc85f3b89	Merge branch 'develop' of github.com:getgrav/grav-plugin-admin into 1.10	2020-11-25 23:15:08 +02:00
Matias Griese	f5a051377e	Remove comments	2020-11-25 23:14:44 +02:00
Matias Griese	a6f0f4945f	Tightened checks when removing a media file, cleanup	2020-11-06 15:05:33 +02:00

1 2 3 4 5 ...

914 Commits