diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..5d5d197ca --- /dev/null +++ b/.gitattributes @@ -0,0 +1,8 @@ +# Exclude development and CI/CD files from release archives +/.github export-ignore +/.phan export-ignore +/tests export-ignore +/codeception.yml export-ignore +/.travis.yml export-ignore +/.dependencies export-ignore +/.editorconfig export-ignore diff --git a/CHANGELOG.md b/CHANGELOG.md index 263da36e2..753083582 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# v1.7.50.7 +## 11/05/2025 + +1. [](#improved) + * Exclude dev files from exports +1. [](#bugfix) + * Ignore .github and .phan folders during self-upgrade + * Fixed path check in self-upgrade + # v1.7.50.6 ## 11/05/2025 diff --git a/system/defines.php b/system/defines.php index aab3e8ac4..1c00fd38e 100644 --- a/system/defines.php +++ b/system/defines.php @@ -9,7 +9,7 @@ // Some standard defines define('GRAV', true); -define('GRAV_VERSION', '1.7.50.6'); +define('GRAV_VERSION', '1.7.50.7'); define('GRAV_SCHEMA', '1.7.0_2020-11-20_1'); define('GRAV_TESTING', false); diff --git a/system/src/Grav/Common/Upgrade/SafeUpgradeService.php b/system/src/Grav/Common/Upgrade/SafeUpgradeService.php index 687ada268..e1ef1e2d9 100644 --- a/system/src/Grav/Common/Upgrade/SafeUpgradeService.php +++ b/system/src/Grav/Common/Upgrade/SafeUpgradeService.php @@ -84,6 +84,8 @@ class SafeUpgradeService 'tmp', 'cache', 'user', + '.github', + '.phan', ]; /** @var callable|null */ private $progressCallback = null; @@ -913,10 +915,14 @@ class SafeUpgradeService $stage = $packagePath . '/' . $relative; // Only delete from staging area, NEVER from live installation - if (strpos($stage, $this->rootPath . DIRECTORY_SEPARATOR) === 0) { + // Check if stage path is directly under root (e.g., /home/grav/user) + // but allow subdirectories (e.g., /home/grav/tmp/.../package/user) + $realStage = realpath(dirname($stage)); + $realRoot = realpath($this->rootPath); + if ($realStage === $realRoot) { throw new RuntimeException( 'SAFETY VIOLATION: Attempted to delete directory from live installation during hydration. ' . - 'Stage path appears to be within live root. This should never happen.' + 'Stage path appears to be directly in live root. This should never happen.' ); }