diff --git a/CHANGELOG.md b/CHANGELOG.md index 60fb9e53f..23ce18779 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# v1.7.12 +## 04/15/2021 + +1. [](#improved) + * Improve JSON support for the request +1. [](#bugfix) + * Fixed absolute path support for Windows [#3297](https://github.com/getgrav/grav/issues/3297) + * Fixed adding tags in admin after upgrading Grav [#3315](https://github.com/getgrav/grav/issues/3315) + # v1.7.11 ## 04/13/2021 @@ -9,7 +18,7 @@ 1. [](#improved) * Better GPM detection of unauthorized installations 1. [](#bugfix) - * **IMPORTANT** Fixed security vulnerability with Twig allowing dangerous PHP functions by default (GHSA-g8r4-p96j-xfxc)[https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc] + * **IMPORTANT** Fixed security vulnerability with Twig allowing dangerous PHP functions by default [GHSA-g8r4-p96j-xfxc](https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc) * Fixed nxinx appending repeating `?_url=` in some redirects * Fixed deleting page with language code not removing the folder if it was the last language [#3305](https://github.com/getgrav/grav/issues/3305) * Fixed fatal error when using markdown links with `image://` stream [#3285](https://github.com/getgrav/grav/issues/3285) diff --git a/composer.lock b/composer.lock index 47909abbe..64e3f269f 100644 --- a/composer.lock +++ b/composer.lock @@ -2135,16 +2135,16 @@ }, { "name": "rockettheme/toolbox", - "version": "1.5.8", + "version": "1.5.9", "source": { "type": "git", "url": "https://github.com/rockettheme/toolbox.git", - "reference": "531b2c333d024becabc67b13ae819d92708c5e5f" + "reference": "2d6693235aaca2efaadb61c84dac927aaf4eabfa" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/rockettheme/toolbox/zipball/531b2c333d024becabc67b13ae819d92708c5e5f", - "reference": "531b2c333d024becabc67b13ae819d92708c5e5f", + "url": "https://api.github.com/repos/rockettheme/toolbox/zipball/2d6693235aaca2efaadb61c84dac927aaf4eabfa", + "reference": "2d6693235aaca2efaadb61c84dac927aaf4eabfa", "shasum": "" }, "require": { @@ -2185,9 +2185,9 @@ ], "support": { "issues": "https://github.com/rockettheme/toolbox/issues", - "source": "https://github.com/rockettheme/toolbox/tree/1.5.8" + "source": "https://github.com/rockettheme/toolbox/tree/1.5.9" }, - "time": "2021-04-12T20:11:43+00:00" + "time": "2021-04-14T19:52:40+00:00" }, { "name": "seld/cli-prompt", diff --git a/system/defines.php b/system/defines.php index 59e7d9754..af8d2a0be 100644 --- a/system/defines.php +++ b/system/defines.php @@ -9,7 +9,7 @@ // Some standard defines define('GRAV', true); -define('GRAV_VERSION', '1.7.11'); +define('GRAV_VERSION', '1.7.12'); define('GRAV_SCHEMA', '1.7.0_2020-11-20_1'); define('GRAV_TESTING', false); @@ -68,7 +68,7 @@ unset($path); // INTERNAL: Do not use! define('USER_DIR', GRAV_WEBROOT . '/' . GRAV_USER_PATH . '/'); -define('CACHE_DIR', (!str_starts_with(GRAV_CACHE_PATH, '/') ? GRAV_ROOT . '/' : '') . GRAV_CACHE_PATH . '/'); +define('CACHE_DIR', (!preg_match('`^(/|[a-z]:[\\\/])`ui', GRAV_CACHE_PATH) ? GRAV_ROOT . '/' : '') . GRAV_CACHE_PATH . '/'); // DEPRECATED: Do not use! define('CACHE_PATH', GRAV_CACHE_PATH . DS); @@ -81,10 +81,10 @@ define('PAGES_DIR', USER_DIR . 'pages/'); define('DATA_DIR', USER_DIR . 'data/'); define('PLUGINS_DIR', USER_DIR . 'plugins/'); define('THEMES_DIR', USER_DIR . 'themes/'); -define('SYSTEM_DIR', (!str_starts_with(GRAV_SYSTEM_PATH, '/') ? GRAV_ROOT . '/' : '') . GRAV_SYSTEM_PATH . '/'); +define('SYSTEM_DIR', (!preg_match('`^(/|[a-z]:[\\\/])`ui', GRAV_SYSTEM_PATH) ? GRAV_ROOT . '/' : '') . GRAV_SYSTEM_PATH . '/'); define('LIB_DIR', SYSTEM_DIR . 'src/'); define('VENDOR_DIR', GRAV_ROOT . '/vendor/'); -define('LOG_DIR', (!str_starts_with(GRAV_LOG_PATH, '/') ? GRAV_ROOT . '/' : '') . GRAV_LOG_PATH . '/'); +define('LOG_DIR', (!preg_match('`^(/|[a-z]:[\\\/])`ui', GRAV_LOG_PATH) ? GRAV_ROOT . '/' : '') . GRAV_LOG_PATH . '/'); // END DEPRECATED // Some extensions diff --git a/system/src/Grav/Common/Service/RequestServiceProvider.php b/system/src/Grav/Common/Service/RequestServiceProvider.php index 271571351..17b3149e5 100644 --- a/system/src/Grav/Common/Service/RequestServiceProvider.php +++ b/system/src/Grav/Common/Service/RequestServiceProvider.php @@ -10,6 +10,7 @@ namespace Grav\Common\Service; use Grav\Common\Uri; +use JsonException; use Nyholm\Psr7\Factory\Psr17Factory; use Nyholm\Psr7Server\ServerRequestCreator; use Pimple\Container; @@ -18,6 +19,7 @@ use function explode; use function fopen; use function function_exists; use function in_array; +use function is_array; use function strtolower; use function trim; @@ -51,18 +53,30 @@ class RequestServiceProvider implements ServiceProviderInterface $headers = function_exists('getallheaders') ? getallheaders() : $creator::getHeadersFromServer($_SERVER); $post = null; - if ('POST' === $method) { + if (in_array($method, ['POST', 'PUT', 'PATCH', 'DELETE'])) { foreach ($headers as $headerName => $headerValue) { if ('content-type' !== strtolower($headerName)) { continue; } - if (in_array( - strtolower(trim(explode(';', $headerValue, 2)[0])), - ['application/x-www-form-urlencoded', 'multipart/form-data'] - )) { - $post = $_POST; - break; + $contentType = strtolower(trim(explode(';', $headerValue, 2)[0])); + switch ($contentType) { + case 'application/x-www-form-urlencoded': + case 'multipart/form-data': + $post = $_POST; + break 2; + case 'application/json': + case 'application/vnd.api+json': + try { + $json = file_get_contents('php://input'); + $post = json_decode($json, true, 512, JSON_THROW_ON_ERROR); + if (!is_array($post)) { + $post = null; + } + } catch (JsonException $e) { + $post = null; + } + break 2; } } } diff --git a/system/src/Grav/Framework/Controller/Traits/ControllerResponseTrait.php b/system/src/Grav/Framework/Controller/Traits/ControllerResponseTrait.php index bbc8f1a4f..62ed3e103 100644 --- a/system/src/Grav/Framework/Controller/Traits/ControllerResponseTrait.php +++ b/system/src/Grav/Framework/Controller/Traits/ControllerResponseTrait.php @@ -173,6 +173,7 @@ trait ControllerResponseTrait if ($method !== 'GET' && $method !== 'HEAD') { $this->setMessage($message, 'error'); $referer = $request->getHeaderLine('Referer'); + return $this->createRedirectResponse($referer, 303); }