Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2026-03-02 02:21:26 +01:00
Code Issues Packages Projects Releases Activity
4,782 Commits 5 Branches 246 Tags
ebbb658bf0bb9e05c4a5a2b5c4e35291fa0c413e
Commit Graph

300 Commits

Author SHA1 Message Date
Andy Miller
87fed58453 lang updates for latest Grav 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-12-08 17:19:34 -07:00
Andy Miller
e3886e5b4c grav scheduler lang 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-12-03 10:40:48 -07:00
Andy Miller
99f6532965 Fix security vulnerabilities: user enumeration and XSS issues 
Security fixes:

1. GHSA-q3qx-cp62-f6m7: User Enumeration & Email Disclosure
   - Changed rate-limiter error message in taskForgot() to not include email
   - Added generic translation key FORGOT_CANNOT_RESET_RATE_LIMITED
   - Prevents attackers from enumerating valid usernames via forgot password

2. GHSA-rmw5-f87r-w988: Stored XSS in Group Display Name
   - Added HTML escaping to group.readableName in acl_picker.html.twig
   - Prevents XSS when malicious group names are rendered in selectize

3. GHSA-gqxx-248x-g29f & GHSA-mpjj-4688-3fxg: XSS in Taxonomy Fields
   - Added HTML escaping to taxonomy labels in taxonomy.html.twig
   - Prevents XSS when malicious taxonomy names are rendered

4. GHSA-65mj-f7p4-wggq, GHSA-7g78-5g5g-mvfj: XSS in Selectize Dropdowns
   - Added SafeRender functions to selectize.js that escape HTML by default
   - All selectize dropdowns now escape option/item text unless custom render is specified
   - Provides defense-in-depth against XSS in any selectize-based field
 2025-11-29 18:43:02 -07:00
Andy Miller
dfc1875129 some fixes for new safe-upgrade 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-11-14 14:42:39 +00:00
Andy Miller
a65eeed4dc improved safe upgrade success message 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-11-11 23:17:18 +00:00
Andy Miller
419fcc3f13 create adhoc snapshot 2025-10-18 18:41:39 -06:00
Andy Miller
1e14c47d28 fixes for restore 2025-10-18 17:54:29 -06:00
Andy Miller
84cf62bc7b bg process for restore 2025-10-18 13:48:40 -06:00
Andy Miller
796c61e66d restore tool - but not curretly working 2025-10-18 12:04:25 -06:00
Andy Miller
7bb6044e05 improved safe upgrade modal 2025-10-17 22:15:39 -06:00
Andy Miller
3910792195 css tweaks 4 2025-10-17 15:40:31 -06:00
Andy Miller
1a308b1326 css tweaks 3 2025-10-17 15:22:13 -06:00
Andy Miller
765e760541 css tweaks 2 2025-10-17 15:07:46 -06:00
Andy Miller
a4e0c83160 safe upgrade progress 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-10-16 10:59:50 -06:00
Andy Miller
325764a304 improved login/session handling 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-09-15 12:02:55 -06:00
Andy Miller
043bb0aad5 updated changelog 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-08-25 14:10:03 +01:00
Andy Miller
aec62290d4 more scheduler improvements 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-08-25 10:05:19 +01:00
Andy Miller
3269e392d4 missing lang strings 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-08-17 19:30:30 +01:00
pmoreno.rodriguez
5b292eca9b Added translations for Fetchpriority Trait (#2436) 2025-01-18 12:37:41 +00:00
Andy Miller
39c22e9e4a lang translation updates 2024-03-18 11:23:24 -06:00
Andy Miller
c74ff404e3 added lang 2024-02-03 13:26:36 -07:00
Andy Miller
480edddb0b language updates 2024-01-05 11:33:21 +00:00
Andy Miller
51f0f0f367 couple of lang strings 2023-06-08 14:51:09 -06:00
Paweł Bogusławski
152f3fb539 Syslog tag fields labels added (#2296) 2023-03-17 09:07:46 -06:00
Matias Griese
c03da19129 Added configuration strings to English language 2022-05-06 12:44:22 +03:00
Djamil Legato
5a8e0ede20 Added Media Reorder language 2022-04-08 18:26:49 -07:00
Andy Miller
5b709d7c1e Alternative Multiavatar Approach (#2246) 
* multiavatar support

* Update lang strings

* more generic description
 2022-03-08 09:45:53 -07:00
Rotzbua
304bb9b557 Links to https, Discord (#2212) 
* Change links to https

* github.com
* getgrav.org

* Change Slack to Discord
 2022-02-04 09:56:22 -08:00
Andy Miller
0f05d065b0 Support for YubiKey OTP 2 factor authenticator 2022-01-11 12:00:10 -07:00
Andy Miller
eca994c70e updated asset language strings 2022-01-09 21:25:07 -07:00
Matias Griese
ebbae4e711 Added translation for system.session.secure_https setting 2021-12-08 17:43:15 +02:00
Andy Miller
3dca1015b6 updated lang strings with new HTTP stuff 2021-09-30 17:40:10 -06:00
Andy Miller
613f7e15a0 Updated with latest lang strings 2021-09-29 10:55:11 -06:00
Andy Miller
7b4a03bb81 note about UTC times in scheduler 2021-09-13 17:43:29 -06:00
Andy Miller
6e5839ded6 lang strings 2021-05-05 13:42:03 -06:00
Andy Miller
8a98c3d16d updated with latest lang strings 2021-04-23 09:59:21 -06:00
Djamil Legato
38af7a75fe Initial setup for new copy page modal (#1738) 2021-04-20 22:17:21 -07:00
Andy Miller
a6b8732c39 Highlight support in presets 2021-04-20 17:09:42 -06:00
Djamil Legato
e16f1243cc Added refresh action button for Folder to ease the regeneration of the slug based on the title. Available also as API entry Grav.default.Forms.Fields.FolderField.Regenerate() (#1738) 2021-04-20 15:45:56 -07:00
Fabien Basmaison
ecbfda8681 Fix typos (Cumative Layer Shift > Cumulative Layout Shift). (#2124) 2021-04-20 05:52:59 -06:00
Andy Miller
67be8d76c1 Updated lang strings 2021-04-06 10:51:51 -06:00
Andy Miller
af4b0977de Added Image CLS Strings 2021-04-01 18:53:32 -06:00
Andy Miller
46838a62a7 Updated langauges again 2021-03-17 11:42:10 -06:00
Matias Griese
63db654392 Add translations to the new redirect options 2021-03-11 16:26:35 +02:00
Andy Miller
d57447a970 Language updates 2021-03-08 10:23:55 -07:00
Miguel Sales Pereira
fdb5e5bb71 Added translation string to new assets admin option (#2091) 2021-03-08 10:17:28 -07:00
Andy Miller
17f8bfc7c0 Updated lang strings again 2021-02-16 17:59:58 -07:00
Andy Miller
820827cfff updated languages from crowdin 2021-02-16 14:47:54 -07:00
Matias Griese
86cc782709 Translation update 2021-02-10 18:54:26 +02:00
Matias Griese
78a001b491 Added translations for system config 2021-02-10 18:44:32 +02:00