From 5a6c00f68c9e2075db239a225293e30985152610 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Wed, 5 Nov 2025 23:23:18 +0000 Subject: [PATCH 1/3] ignore .github and .phan folders, fixed path check Signed-off-by: Andy Miller --- .gitattributes | 8 ++++++++ system/src/Grav/Common/Upgrade/SafeUpgradeService.php | 10 ++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..5d5d197ca --- /dev/null +++ b/.gitattributes @@ -0,0 +1,8 @@ +# Exclude development and CI/CD files from release archives +/.github export-ignore +/.phan export-ignore +/tests export-ignore +/codeception.yml export-ignore +/.travis.yml export-ignore +/.dependencies export-ignore +/.editorconfig export-ignore diff --git a/system/src/Grav/Common/Upgrade/SafeUpgradeService.php b/system/src/Grav/Common/Upgrade/SafeUpgradeService.php index 687ada268..e1ef1e2d9 100644 --- a/system/src/Grav/Common/Upgrade/SafeUpgradeService.php +++ b/system/src/Grav/Common/Upgrade/SafeUpgradeService.php @@ -84,6 +84,8 @@ class SafeUpgradeService 'tmp', 'cache', 'user', + '.github', + '.phan', ]; /** @var callable|null */ private $progressCallback = null; @@ -913,10 +915,14 @@ class SafeUpgradeService $stage = $packagePath . '/' . $relative; // Only delete from staging area, NEVER from live installation - if (strpos($stage, $this->rootPath . DIRECTORY_SEPARATOR) === 0) { + // Check if stage path is directly under root (e.g., /home/grav/user) + // but allow subdirectories (e.g., /home/grav/tmp/.../package/user) + $realStage = realpath(dirname($stage)); + $realRoot = realpath($this->rootPath); + if ($realStage === $realRoot) { throw new RuntimeException( 'SAFETY VIOLATION: Attempted to delete directory from live installation during hydration. ' . - 'Stage path appears to be within live root. This should never happen.' + 'Stage path appears to be directly in live root. This should never happen.' ); } From 6263a34c096c5c6e29ce3f61e8af7d45d381885b Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Wed, 5 Nov 2025 23:24:46 +0000 Subject: [PATCH 2/3] update changelog Signed-off-by: Andy Miller --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 263da36e2..753083582 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# v1.7.50.7 +## 11/05/2025 + +1. [](#improved) + * Exclude dev files from exports +1. [](#bugfix) + * Ignore .github and .phan folders during self-upgrade + * Fixed path check in self-upgrade + # v1.7.50.6 ## 11/05/2025 From 5af47f0634b07f3e88853c5f9e015a2176174d2c Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Wed, 5 Nov 2025 23:25:15 +0000 Subject: [PATCH 3/3] prepare for release Signed-off-by: Andy Miller --- system/defines.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/defines.php b/system/defines.php index aab3e8ac4..1c00fd38e 100644 --- a/system/defines.php +++ b/system/defines.php @@ -9,7 +9,7 @@ // Some standard defines define('GRAV', true); -define('GRAV_VERSION', '1.7.50.6'); +define('GRAV_VERSION', '1.7.50.7'); define('GRAV_SCHEMA', '1.7.0_2020-11-20_1'); define('GRAV_TESTING', false);