Merge branch 'develop' into 1.7

# Conflicts: # CHANGELOG.md # composer.json # composer.lock
2026-03-01 18:11:25 +01:00 · 2020-03-18 17:34:58 -06:00
parent a5d47a36f0 2eae104c7a
commit 987429208c
2 changed files with 13 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -315,6 +315,15 @@
    * Optimization: Initialize debugbar only after the configuration has been loaded
    * Optimization: Combine some early Grav processors into a single one

+# v1.6.23
+## mm/dd/2020
+
+1. [](#new)
+    * Moved `Parsedown` 1.6 and `ParsedownExtra` 0.7 into `Grav\Framework\Parsedown` to allow fixes
+1. [](#bugfix)
+    * Fixed PHP 7.4 issue in ParsedownExtra [#2832](https://github.com/getgrav/grav/issues/2832)
+    * Fix for [user reported](https://twitter.com/OriginalSicksec) CVE path-based open redirect
+
 # v1.6.22
 ## 03/05/2020

--- a/system/src/Grav/Common/Grav.php
+++ b/system/src/Grav/Common/Grav.php
@@ -352,7 +352,10 @@ class Grav extends Container
        /** @var Uri $uri */
        $uri = $this['uri'];

-        //Check for code in route
+        // Clean route for redirect
+        $route = preg_replace("#^\/[\\\/]+\/#", '/', $route);
+
+         // Check for code in route
        $regex = '/.*(\[(30[1-7])\])$/';
        preg_match($regex, $route, $matches);
        if ($matches) {