From e16c81516e09ab5b9dc6b08068f346fa532c2c7d Mon Sep 17 00:00:00 2001 From: Newb I the Newbd Date: Mon, 24 Jun 2019 20:34:38 +0200 Subject: [PATCH 1/7] Make yaml_decode only return array, again --- system/src/Grav/Framework/File/Formatter/YamlFormatter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/src/Grav/Framework/File/Formatter/YamlFormatter.php b/system/src/Grav/Framework/File/Formatter/YamlFormatter.php index 05b09a515..189626d28 100644 --- a/system/src/Grav/Framework/File/Formatter/YamlFormatter.php +++ b/system/src/Grav/Framework/File/Formatter/YamlFormatter.php @@ -97,7 +97,7 @@ class YamlFormatter extends AbstractFormatter @ini_set('yaml.decode_php', $saved); if ($decoded !== false) { - return $decoded; + return (array) $decoded; } } From f0e97a7277f0cbf40398386b30b2de3e98727f4c Mon Sep 17 00:00:00 2001 From: Matias Griese Date: Wed, 26 Jun 2019 10:38:38 +0300 Subject: [PATCH 2/7] Fixed some potential issues when `$grav['user']` is not set --- CHANGELOG.md | 3 ++- system/src/Grav/Common/Data/Blueprint.php | 14 ++++++-------- system/src/Grav/Common/Twig/TwigExtension.php | 6 +++--- system/src/Grav/Common/Utils.php | 9 +++------ .../Framework/Flex/Traits/FlexAuthorizeTrait.php | 4 ++-- 5 files changed, 16 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ff71f3d1f..c287d230f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,8 @@ 1. [](#new) * Added support for custom `FormFlash` save locations - + * Fixed some potential issues when `$grav['user']` is not set + # v1.6.11 ## 06/21/2019 diff --git a/system/src/Grav/Common/Data/Blueprint.php b/system/src/Grav/Common/Data/Blueprint.php index 2beeea828..e7037774f 100644 --- a/system/src/Grav/Common/Data/Blueprint.php +++ b/system/src/Grav/Common/Data/Blueprint.php @@ -378,14 +378,12 @@ class Blueprint extends BlueprintForm $grav = Grav::instance(); $actions = (array)$call['params']; - /** @var UserInterface $user */ - if (isset($grav['user'])) { - $user = Grav::instance()['user']; - foreach ($actions as $action) { - if (!$user->authorize($action)) { - $this->addPropertyRecursive($field, 'validate', ['ignore' => true]); - return; - } + /** @var UserInterface|null $user */ + $user = $grav['user'] ?? null; + foreach ($actions as $action) { + if (!$user || !$user->authorize($action)) { + $this->addPropertyRecursive($field, 'validate', ['ignore' => true]); + return; } } } diff --git a/system/src/Grav/Common/Twig/TwigExtension.php b/system/src/Grav/Common/Twig/TwigExtension.php index 7e596d98a..f3e67ccff 100644 --- a/system/src/Grav/Common/Twig/TwigExtension.php +++ b/system/src/Grav/Common/Twig/TwigExtension.php @@ -1004,10 +1004,10 @@ class TwigExtension extends \Twig_Extension implements \Twig_Extension_GlobalsIn */ public function authorize($action) { - /** @var UserInterface $user */ - $user = $this->grav['user']; + /** @var UserInterface|null $user */ + $user = $this->grav['user'] ?? null; - if (!$user->authenticated || (isset($user->authorized) && !$user->authorized)) { + if (!$user || !$user->authenticated || (isset($user->authorized) && !$user->authorized)) { return false; } diff --git a/system/src/Grav/Common/Utils.php b/system/src/Grav/Common/Utils.php index a19373585..a1e903c1c 100644 --- a/system/src/Grav/Common/Utils.php +++ b/system/src/Grav/Common/Utils.php @@ -1070,12 +1070,9 @@ abstract class Utils */ private static function generateNonceString($action, $previousTick = false) { - $username = ''; - if (isset(Grav::instance()['user'])) { - $user = Grav::instance()['user']; - $username = $user->username; - } + $grav = Grav::instance(); + $username = isset($grav['user']) ? $grav['user']->username : ''; $token = session_id(); $i = self::nonceTick(); @@ -1083,7 +1080,7 @@ abstract class Utils $i--; } - return ($i . '|' . $action . '|' . $username . '|' . $token . '|' . Grav::instance()['config']->get('security.salt')); + return ($i . '|' . $action . '|' . $username . '|' . $token . '|' . $grav['config']->get('security.salt')); } /** diff --git a/system/src/Grav/Framework/Flex/Traits/FlexAuthorizeTrait.php b/system/src/Grav/Framework/Flex/Traits/FlexAuthorizeTrait.php index 643004e74..e1b63d966 100644 --- a/system/src/Grav/Framework/Flex/Traits/FlexAuthorizeTrait.php +++ b/system/src/Grav/Framework/Flex/Traits/FlexAuthorizeTrait.php @@ -27,10 +27,10 @@ trait FlexAuthorizeTrait { if (null === $user) { /** @var UserInterface $user */ - $user = Grav::instance()['user']; + $user = Grav::instance()['user'] ?? null; } - return $this->isAuthorizedAction($user, $action, $scope) || $this->isAuthorizedSuperAdmin($user); + return $user && ($this->isAuthorizedAction($user, $action, $scope) || $this->isAuthorizedSuperAdmin($user)); } protected function isAuthorizedSuperAdmin(UserInterface $user): bool From 75210b102e8bcae1f130bfc916a9e1ca456d634a Mon Sep 17 00:00:00 2001 From: Matias Griese Date: Wed, 26 Jun 2019 10:48:06 +0300 Subject: [PATCH 3/7] Changelog update --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c287d230f..809f7c762 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ 1. [](#new) * Added support for custom `FormFlash` save locations +1. [](#bugfix) * Fixed some potential issues when `$grav['user']` is not set # v1.6.11 From 3dca7e3539b5122df3b51627695a81789c5edfe3 Mon Sep 17 00:00:00 2001 From: Keith Bentrup Date: Thu, 13 Jun 2019 16:50:08 -0400 Subject: [PATCH 4/7] fixed typos in comments / API docs --- system/src/Grav/Common/GPM/Licenses.php | 2 +- system/src/Grav/Common/Language/Language.php | 2 +- system/src/Grav/Common/Twig/TwigExtension.php | 2 +- system/src/Grav/Common/Uri.php | 2 +- system/src/Grav/Common/Utils.php | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/system/src/Grav/Common/GPM/Licenses.php b/system/src/Grav/Common/GPM/Licenses.php index fd0f21c6e..14c925832 100644 --- a/system/src/Grav/Common/GPM/Licenses.php +++ b/system/src/Grav/Common/GPM/Licenses.php @@ -103,7 +103,7 @@ class Licenses } /** - * Get's the License File object + * Get the License File object * * @return \RocketTheme\Toolbox\File\FileInterface */ diff --git a/system/src/Grav/Common/Language/Language.php b/system/src/Grav/Common/Language/Language.php index 81abbc11a..a625146a2 100644 --- a/system/src/Grav/Common/Language/Language.php +++ b/system/src/Grav/Common/Language/Language.php @@ -234,7 +234,7 @@ class Language } /** - * Get's a URL prefix based on configuration + * Get a URL prefix based on configuration * * @param string|null $lang * @return string diff --git a/system/src/Grav/Common/Twig/TwigExtension.php b/system/src/Grav/Common/Twig/TwigExtension.php index f3e67ccff..784c13604 100644 --- a/system/src/Grav/Common/Twig/TwigExtension.php +++ b/system/src/Grav/Common/Twig/TwigExtension.php @@ -1136,7 +1136,7 @@ class TwigExtension extends \Twig_Extension implements \Twig_Extension_GlobalsIn } /** - * Get's the Exif data for a file + * Get the Exif data for a file * * @param string $image * @param bool $raw diff --git a/system/src/Grav/Common/Uri.php b/system/src/Grav/Common/Uri.php index 0bcba9a8c..ea25b1f20 100644 --- a/system/src/Grav/Common/Uri.php +++ b/system/src/Grav/Common/Uri.php @@ -1286,7 +1286,7 @@ class Uri } /** - * Get's post from either $_POST or JSON response object + * Get post from either $_POST or JSON response object * By default returns all data, or can return a single item * * @param string $element diff --git a/system/src/Grav/Common/Utils.php b/system/src/Grav/Common/Utils.php index a1e903c1c..b8a74d4b2 100644 --- a/system/src/Grav/Common/Utils.php +++ b/system/src/Grav/Common/Utils.php @@ -1294,7 +1294,7 @@ abstract class Utils } /** - * Get's path based on a token + * Get path based on a token * * @param string $path * @param PageInterface|null $page From e422eebd3cee5ef9cd4c8a0a95701d5ebba72d74 Mon Sep 17 00:00:00 2001 From: Keith Bentrup Date: Thu, 13 Jun 2019 17:53:33 -0400 Subject: [PATCH 5/7] fixed typos in comments / API docs --- system/src/Grav/Common/Page/Medium/ImageMedium.php | 2 +- system/src/Grav/Common/Twig/TwigExtension.php | 2 +- .../src/Grav/Framework/Collection/AbstractIndexCollection.php | 2 +- system/src/Grav/Framework/Collection/ArrayCollection.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/system/src/Grav/Common/Page/Medium/ImageMedium.php b/system/src/Grav/Common/Page/Medium/ImageMedium.php index 936f696a9..1925bef81 100644 --- a/system/src/Grav/Common/Page/Medium/ImageMedium.php +++ b/system/src/Grav/Common/Page/Medium/ImageMedium.php @@ -232,7 +232,7 @@ class ImageMedium extends Medium } /** - * Allows the ability to override the Inmage's Pretty name stored in cache + * Allows the ability to override the image's pretty name stored in cache * * @param string $name */ diff --git a/system/src/Grav/Common/Twig/TwigExtension.php b/system/src/Grav/Common/Twig/TwigExtension.php index 784c13604..e5d4fa821 100644 --- a/system/src/Grav/Common/Twig/TwigExtension.php +++ b/system/src/Grav/Common/Twig/TwigExtension.php @@ -455,7 +455,7 @@ class TwigExtension extends \Twig_Extension implements \Twig_Extension_GlobalsIn } /** - * Gets a human readable output for cron sytnax + * Gets a human readable output for cron syntax * * @param $at * @return string diff --git a/system/src/Grav/Framework/Collection/AbstractIndexCollection.php b/system/src/Grav/Framework/Collection/AbstractIndexCollection.php index 7299c0961..0e4fae22d 100644 --- a/system/src/Grav/Framework/Collection/AbstractIndexCollection.php +++ b/system/src/Grav/Framework/Collection/AbstractIndexCollection.php @@ -437,7 +437,7 @@ abstract class AbstractIndexCollection implements CollectionInterface } /** - * Implementes JsonSerializable interface. + * Implements JsonSerializable interface. * * @return array */ diff --git a/system/src/Grav/Framework/Collection/ArrayCollection.php b/system/src/Grav/Framework/Collection/ArrayCollection.php index d3a200247..f79ab9614 100644 --- a/system/src/Grav/Framework/Collection/ArrayCollection.php +++ b/system/src/Grav/Framework/Collection/ArrayCollection.php @@ -84,7 +84,7 @@ class ArrayCollection extends BaseArrayCollection implements CollectionInterface } /** - * Implementes JsonSerializable interface. + * Implements JsonSerializable interface. * * @return array */ From 7fdb2c10cbc97339f4b518b000ce2a4d7496e8d9 Mon Sep 17 00:00:00 2001 From: Matias Griese Date: Wed, 26 Jun 2019 12:14:57 +0300 Subject: [PATCH 6/7] Minor code cleanup --- system/src/Grav/Common/Utils.php | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/system/src/Grav/Common/Utils.php b/system/src/Grav/Common/Utils.php index b8a74d4b2..6076932b5 100644 --- a/system/src/Grav/Common/Utils.php +++ b/system/src/Grav/Common/Utils.php @@ -28,7 +28,7 @@ abstract class Utils /** * Simple helper method to make getting a Grav URL easier * - * @param string $input + * @param string|object $input * @param bool $domain * @param bool $fail_gracefully * @return bool|null|string @@ -68,11 +68,7 @@ abstract class Utils try { $resource = $locator->findResource("{$parts['scheme']}://{$parts['host']}{$parts['path']}", false); } catch (\Exception $e) { - if ($fail_gracefully) { - return $input; - } else { - return false; - } + return $fail_gracefully ? $input : false; } if ($resource && isset($parts['query'])) { From fa5c1e495da10492618599d17cc8f5dde606789d Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Wed, 26 Jun 2019 08:59:24 -0600 Subject: [PATCH 7/7] Use new `Utils::getSupportedPageTypes()` to enforce `html,htm` at the front of the list #2531 --- CHANGELOG.md | 2 ++ system/src/Grav/Common/Page/Page.php | 2 +- system/src/Grav/Common/Uri.php | 2 +- system/src/Grav/Common/Utils.php | 37 ++++++++++++++++++++++++++++ 4 files changed, 41 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 809f7c762..dddd533cf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ 1. [](#new) * Added support for custom `FormFlash` save locations +1. [](#improved) + * Use new `Utils::getSupportedPageTypes()` to enforce `html,htm` at the front of the list [#2531](https://github.com/getgrav/grav/issues/2531) 1. [](#bugfix) * Fixed some potential issues when `$grav['user']` is not set diff --git a/system/src/Grav/Common/Page/Page.php b/system/src/Grav/Common/Page/Page.php index bcf7539bd..0d6269656 100644 --- a/system/src/Grav/Common/Page/Page.php +++ b/system/src/Grav/Common/Page/Page.php @@ -1410,7 +1410,7 @@ class Page implements PageInterface if (is_string($http_accept)) { $negotiator = new Negotiator(); - $supported_types = Grav::instance()['config']->get('system.pages.types', ['html', 'json']); + $supported_types = Utils::getSupportPageTypes(['html', 'json']); $priorities = Utils::getMimeTypes($supported_types); $media_type = $negotiator->getBest($http_accept, $priorities); diff --git a/system/src/Grav/Common/Uri.php b/system/src/Grav/Common/Uri.php index ea25b1f20..16d7fb166 100644 --- a/system/src/Grav/Common/Uri.php +++ b/system/src/Grav/Common/Uri.php @@ -1345,7 +1345,7 @@ class Uri */ public function isValidExtension($extension) { - $valid_page_types = implode('|', Grav::instance()['config']->get('system.pages.types')); + $valid_page_types = implode('|', Utils::getSupportPageTypes()); // Strip the file extension for valid page types if (preg_match('/(' . $valid_page_types . ')/', $extension)) { diff --git a/system/src/Grav/Common/Utils.php b/system/src/Grav/Common/Utils.php index 6076932b5..d535150fc 100644 --- a/system/src/Grav/Common/Utils.php +++ b/system/src/Grav/Common/Utils.php @@ -284,6 +284,24 @@ abstract class Utils return (object)array_merge((array)$obj1, (array)$obj2); } + /** + * Simple function to remove item/s in an array by value + * + * @param $search array + * @param $value string|array + * @return array + */ + public static function arrayRemoveValue(Array $search, $value) + { + foreach ((array) $value as $val) { + $key = array_search($val, $search); + if ($key !== false) { + unset($search[$key]); + } + } + return $search; + } + /** * Recursive Merge with uniqueness * @@ -1527,4 +1545,23 @@ abstract class Utils return $subnet; } + + /** + * Wrapper to ensure html, htm in the front of the supported page types + * + * @param array|null $defaults + * @return array|mixed + */ + public static function getSupportPageTypes(array $defaults = null) + { + $types = Grav::instance()['config']->get('system.pages.types', $defaults); + + // remove html/htm + $types = static::arrayRemoveValue($types, ['html', 'htm']); + + // put them back at the front + $types = array_merge(['html', 'htm'], $types); + + return $types; + } }