From d5ce0bd93cbff97358ae322ecbd19973c75a9724 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Mon, 1 Oct 2018 15:26:44 -0600 Subject: [PATCH 1/4] updated vendor libs --- composer.lock | 114 +++++++++++++++++++++++++------------------------- 1 file changed, 58 insertions(+), 56 deletions(-) diff --git a/composer.lock b/composer.lock index d1e051c56..ac8b42adc 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "ec4860b0ab68318d0e4550d58b5c12b3", + "content-hash": "544658e69ae737e742e014c6c674cc70", "packages": [ { "name": "antoligy/dom-string-iterators", @@ -385,16 +385,16 @@ }, { "name": "filp/whoops", - "version": "2.2.0", + "version": "2.2.1", "source": { "type": "git", "url": "https://github.com/filp/whoops.git", - "reference": "181c4502d8f34db7aed7bfe88d4f87875b8e947a" + "reference": "e79cd403fb77fc8963a99ecc30e80ddd885b3311" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/filp/whoops/zipball/181c4502d8f34db7aed7bfe88d4f87875b8e947a", - "reference": "181c4502d8f34db7aed7bfe88d4f87875b8e947a", + "url": "https://api.github.com/repos/filp/whoops/zipball/e79cd403fb77fc8963a99ecc30e80ddd885b3311", + "reference": "e79cd403fb77fc8963a99ecc30e80ddd885b3311", "shasum": "" }, "require": { @@ -413,7 +413,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "2.1-dev" + "dev-master": "2.2-dev" } }, "autoload": { @@ -442,7 +442,7 @@ "throwable", "whoops" ], - "time": "2018-03-03T17:56:25+00:00" + "time": "2018-06-30T13:14:06+00:00" }, { "name": "gregwar/cache", @@ -1311,16 +1311,16 @@ }, { "name": "symfony/console", - "version": "v3.4.14", + "version": "v3.4.16", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "6b217594552b9323bcdcfc14f8a0ce126e84cd73" + "reference": "1cbaac35024c9dfc9612b7e2310e82677bf85709" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/6b217594552b9323bcdcfc14f8a0ce126e84cd73", - "reference": "6b217594552b9323bcdcfc14f8a0ce126e84cd73", + "url": "https://api.github.com/repos/symfony/console/zipball/1cbaac35024c9dfc9612b7e2310e82677bf85709", + "reference": "1cbaac35024c9dfc9612b7e2310e82677bf85709", "shasum": "" }, "require": { @@ -1376,20 +1376,20 @@ ], "description": "Symfony Console Component", "homepage": "https://symfony.com", - "time": "2018-07-26T11:19:56+00:00" + "time": "2018-09-30T03:37:36+00:00" }, { "name": "symfony/debug", - "version": "v3.4.14", + "version": "v3.4.16", "source": { "type": "git", "url": "https://github.com/symfony/debug.git", - "reference": "d5a058ff6ecad26b30c1ba452241306ea34c65cc" + "reference": "b70cfaae39009ecde3164bb8cba4d029220d27b1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/debug/zipball/d5a058ff6ecad26b30c1ba452241306ea34c65cc", - "reference": "d5a058ff6ecad26b30c1ba452241306ea34c65cc", + "url": "https://api.github.com/repos/symfony/debug/zipball/b70cfaae39009ecde3164bb8cba4d029220d27b1", + "reference": "b70cfaae39009ecde3164bb8cba4d029220d27b1", "shasum": "" }, "require": { @@ -1432,11 +1432,11 @@ ], "description": "Symfony Debug Component", "homepage": "https://symfony.com", - "time": "2018-07-26T11:19:56+00:00" + "time": "2018-09-22T18:25:03+00:00" }, { "name": "symfony/event-dispatcher", - "version": "v3.4.14", + "version": "v3.4.16", "source": { "type": "git", "url": "https://github.com/symfony/event-dispatcher.git", @@ -1675,16 +1675,16 @@ }, { "name": "symfony/var-dumper", - "version": "v3.4.14", + "version": "v3.4.16", "source": { "type": "git", "url": "https://github.com/symfony/var-dumper.git", - "reference": "f62a394bd3de96f2f5e8f4c7d685035897fb3cb3" + "reference": "e57a24dc13accad1d5f90d232c5564910c5eb7b0" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/var-dumper/zipball/f62a394bd3de96f2f5e8f4c7d685035897fb3cb3", - "reference": "f62a394bd3de96f2f5e8f4c7d685035897fb3cb3", + "url": "https://api.github.com/repos/symfony/var-dumper/zipball/e57a24dc13accad1d5f90d232c5564910c5eb7b0", + "reference": "e57a24dc13accad1d5f90d232c5564910c5eb7b0", "shasum": "" }, "require": { @@ -1740,20 +1740,20 @@ "debug", "dump" ], - "time": "2018-07-26T11:19:56+00:00" + "time": "2018-09-18T08:05:59+00:00" }, { "name": "symfony/yaml", - "version": "v3.4.14", + "version": "v3.4.16", "source": { "type": "git", "url": "https://github.com/symfony/yaml.git", - "reference": "810af2d35fc72b6cf5c01116806d2b65ccaaf2e2" + "reference": "61973ecda60e9f3561e929e19c07d4878b960fc1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/yaml/zipball/810af2d35fc72b6cf5c01116806d2b65ccaaf2e2", - "reference": "810af2d35fc72b6cf5c01116806d2b65ccaaf2e2", + "url": "https://api.github.com/repos/symfony/yaml/zipball/61973ecda60e9f3561e929e19c07d4878b960fc1", + "reference": "61973ecda60e9f3561e929e19c07d4878b960fc1", "shasum": "" }, "require": { @@ -1799,7 +1799,7 @@ ], "description": "Symfony Yaml Component", "homepage": "https://symfony.com", - "time": "2018-07-26T11:19:56+00:00" + "time": "2018-09-24T08:15:45+00:00" }, { "name": "twig/twig", @@ -1930,22 +1930,23 @@ }, { "name": "codeception/codeception", - "version": "2.4.5", + "version": "2.5.0", "source": { "type": "git", "url": "https://github.com/Codeception/Codeception.git", - "reference": "5fee32d5c82791548931cbc34806b4de6aa1abfc" + "reference": "dee493561daf644134c95cf176fd2c25aff59ea9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Codeception/Codeception/zipball/5fee32d5c82791548931cbc34806b4de6aa1abfc", - "reference": "5fee32d5c82791548931cbc34806b4de6aa1abfc", + "url": "https://api.github.com/repos/Codeception/Codeception/zipball/dee493561daf644134c95cf176fd2c25aff59ea9", + "reference": "dee493561daf644134c95cf176fd2c25aff59ea9", "shasum": "" }, "require": { "behat/gherkin": "^4.4.0", "codeception/phpunit-wrapper": "^6.0.9|^7.0.6", "codeception/stub": "^2.0", + "ext-curl": "*", "ext-json": "*", "ext-mbstring": "*", "facebook/webdriver": ">=1.1.3 <2.0", @@ -1993,7 +1994,7 @@ }, "autoload": { "psr-4": { - "Codeception\\": "src\\Codeception", + "Codeception\\": "src/Codeception", "Codeception\\Extension\\": "ext" } }, @@ -2017,7 +2018,7 @@ "functional testing", "unit testing" ], - "time": "2018-08-01T07:21:49+00:00" + "time": "2018-09-24T09:33:01+00:00" }, { "name": "codeception/phpunit-wrapper", @@ -3334,7 +3335,7 @@ }, { "name": "symfony/browser-kit", - "version": "v3.4.14", + "version": "v3.4.16", "source": { "type": "git", "url": "https://github.com/symfony/browser-kit.git", @@ -3391,16 +3392,16 @@ }, { "name": "symfony/css-selector", - "version": "v3.4.14", + "version": "v3.4.16", "source": { "type": "git", "url": "https://github.com/symfony/css-selector.git", - "reference": "edda5a6155000ff8c3a3f85ee5c421af93cca416" + "reference": "b2d6f39145261c082537264b7624f49847915711" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/css-selector/zipball/edda5a6155000ff8c3a3f85ee5c421af93cca416", - "reference": "edda5a6155000ff8c3a3f85ee5c421af93cca416", + "url": "https://api.github.com/repos/symfony/css-selector/zipball/b2d6f39145261c082537264b7624f49847915711", + "reference": "b2d6f39145261c082537264b7624f49847915711", "shasum": "" }, "require": { @@ -3440,20 +3441,20 @@ ], "description": "Symfony CssSelector Component", "homepage": "https://symfony.com", - "time": "2018-07-26T09:06:28+00:00" + "time": "2018-09-08T13:15:14+00:00" }, { "name": "symfony/dom-crawler", - "version": "v3.4.14", + "version": "v3.4.16", "source": { "type": "git", "url": "https://github.com/symfony/dom-crawler.git", - "reference": "452bfc854b60134438e3824b159b0d24a5892331" + "reference": "d844f826b15709e3e87a8cf9276899496edf12a5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/dom-crawler/zipball/452bfc854b60134438e3824b159b0d24a5892331", - "reference": "452bfc854b60134438e3824b159b0d24a5892331", + "url": "https://api.github.com/repos/symfony/dom-crawler/zipball/d844f826b15709e3e87a8cf9276899496edf12a5", + "reference": "d844f826b15709e3e87a8cf9276899496edf12a5", "shasum": "" }, "require": { @@ -3497,20 +3498,20 @@ ], "description": "Symfony DomCrawler Component", "homepage": "https://symfony.com", - "time": "2018-07-26T10:03:52+00:00" + "time": "2018-09-21T12:47:54+00:00" }, { "name": "symfony/finder", - "version": "v3.4.14", + "version": "v3.4.16", "source": { "type": "git", "url": "https://github.com/symfony/finder.git", - "reference": "8a84fcb207451df0013b2c74cbbf1b62d47b999a" + "reference": "e8db87d755e14271e920e31ba834a4ae99483232" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/finder/zipball/8a84fcb207451df0013b2c74cbbf1b62d47b999a", - "reference": "8a84fcb207451df0013b2c74cbbf1b62d47b999a", + "url": "https://api.github.com/repos/symfony/finder/zipball/e8db87d755e14271e920e31ba834a4ae99483232", + "reference": "e8db87d755e14271e920e31ba834a4ae99483232", "shasum": "" }, "require": { @@ -3546,20 +3547,20 @@ ], "description": "Symfony Finder Component", "homepage": "https://symfony.com", - "time": "2018-07-26T11:19:56+00:00" + "time": "2018-09-21T12:47:54+00:00" }, { "name": "symfony/process", - "version": "v3.4.14", + "version": "v3.4.16", "source": { "type": "git", "url": "https://github.com/symfony/process.git", - "reference": "0414db29bd770ec5a4152683e655f55efd4fa60f" + "reference": "8b87aca97f341d65dee430c60863f2442605c88b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/process/zipball/0414db29bd770ec5a4152683e655f55efd4fa60f", - "reference": "0414db29bd770ec5a4152683e655f55efd4fa60f", + "url": "https://api.github.com/repos/symfony/process/zipball/8b87aca97f341d65dee430c60863f2442605c88b", + "reference": "8b87aca97f341d65dee430c60863f2442605c88b", "shasum": "" }, "require": { @@ -3595,7 +3596,7 @@ ], "description": "Symfony Process Component", "homepage": "https://symfony.com", - "time": "2018-07-26T11:19:56+00:00" + "time": "2018-09-08T13:15:14+00:00" }, { "name": "victorjonsson/markdowndocs", @@ -3706,7 +3707,8 @@ "ext-mbstring": "*", "ext-openssl": "*", "ext-curl": "*", - "ext-zip": "*" + "ext-zip": "*", + "ext-json": "*" }, "platform-dev": [], "platform-overrides": { From e67c3c1091ec5426807d2f5344c9ee8e8dc85ab6 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Mon, 1 Oct 2018 15:31:39 -0600 Subject: [PATCH 2/4] updated changelog --- CHANGELOG.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4ec3c0027..1231442d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,11 +2,14 @@ ## mm/dd/2018 1. [](#new) + * Added new `Security` class for Grav security functionality including XSS checks + * Added new `bin/grav security` command to scan for security issues + * Added new `xss()` Twig function to allow for XSS checks on strings and arrays + * Added `onHttpPostFilter` event to allow plugins to globally clean up XSS in the forms and tasks * Added `Deprecated` tab to DebugBar to catch future incompatibilities with later Grav versions * Added deprecation notices for features which will be removed in Grav 2.0 - * Added new `bin/grav security` command to scan for security issues (XSS currently) - * Added new `Security` class for Grav security functionality - * Added `onHttpPostFilter` event to allow plugins to globally clean up XSS in the forms and tasks +1. [](#improved) + * Updated vendor libraries to latest 1. [](#bugfix) * Allow `$page->slug()` to be called before `$page->init()` without breaking the page * Fix for `Page::translatedLanguages()` to use routes always [#2163](https://github.com/getgrav/grav/issues/2163) From f0e33dc24264f11328f8874420b5e5f9132fe6eb Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Mon, 1 Oct 2018 15:32:29 -0600 Subject: [PATCH 3/4] prepare for release --- CHANGELOG.md | 2 +- system/defines.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1231442d6..6817f9ecb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,5 @@ # v1.5.2 -## mm/dd/2018 +## 10/01/2018 1. [](#new) * Added new `Security` class for Grav security functionality including XSS checks diff --git a/system/defines.php b/system/defines.php index 8caf4c9ec..82cc8ce84 100644 --- a/system/defines.php +++ b/system/defines.php @@ -8,7 +8,7 @@ // Some standard defines define('GRAV', true); -define('GRAV_VERSION', '1.5.1'); +define('GRAV_VERSION', '1.5.2'); define('GRAV_TESTING', false); define('DS', '/'); From ed0cb0c8f24eee8a59a136952fb027e8f5b20d5c Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Mon, 1 Oct 2018 21:32:49 -0600 Subject: [PATCH 4/4] set to testing mode --- system/config/system.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/config/system.yaml b/system/config/system.yaml index fad5a1c20..595ed391b 100644 --- a/system/config/system.yaml +++ b/system/config/system.yaml @@ -142,7 +142,7 @@ session: path: gpm: - releases: stable # Set to either 'stable' or 'testing' + releases: testing # Set to either 'stable' or 'testing' proxy_url: # Configure a manual proxy URL for GPM (eg 127.0.0.1:3128) method: 'auto' # Either 'curl', 'fopen' or 'auto'. 'auto' will try fopen first and if not available cURL verify_peer: true # Sometimes on some systems (Windows most commonly) GPM is unable to connect because the SSL certificate cannot be verified. Disabling this setting might help.