Nemcio/Grav
1
0
Fork 0
mirror of https://github.com/getgrav/grav.git synced 2026-02-25 08:01:29 +01:00
Code Issues Packages Projects Releases Activity
7,611 Commits 9 Branches 318 Tags
2da91d9c8b7899abccfc327bf6ed26df5ebfa6be
Commit Graph

5550 Commits

Author SHA1 Message Date
Andy Miller
de1ccfa12d Mitigate various SSTI injections 2024-03-04 15:41:30 -07:00
Andy Miller
5928411b86 fixed path traversal by santize checking fiilename 2024-03-04 13:39:50 -07:00
Andy Miller
f9f5781af8 fix for bad page dates + changelog update 2024-02-03 13:45:35 -07:00
pmoreno.rodriguez
ad8b1b79bd New Trait for decoding attribute in images (#3796) 
* New Trait for decoding attribute in images

* Update comments info

* decoding default in system/config/system.yaml and system/blueprints/config/system.yaml for the images.defaults.decoding value

* Fixed predefined option in the decoding attribute
 2024-02-03 13:24:12 -07:00
Andy Miller
1dc6866eab fix other multibyte issues in inflector 2024-01-19 12:40:55 +00:00
Andy Miller
0b16401a91 fix special-chars in titleize - fixes #732 2024-01-19 12:39:24 +00:00
Andy Miller
e5990f431d Revert "Added 'outdated' option to scheduler command (#3771)" 
This reverts commit a71403f158.

# Conflicts:
#	tests/unit/Grav/Common/Scheduler/SchedulerTest.php
 2024-01-05 12:31:53 +00:00
Andy Miller
f33e89fa45 prepare for release 2024-01-05 11:59:37 +00:00
maelanleborgne
a71403f158 Added 'outdated' option to scheduler command (#3771) 2024-01-05 11:46:14 +00:00
Ron Wardenier
88eb9f915a Allow empty and maolformed links in markdown (#3782) 
When a user adds an invalid link in a page in markdown for example [](https://) and that page is parsed to be shown in a blog listing page that blog listing page crashes with a CRITICAL error. Instead of throwing an error the URL is now ignored. See also https://discord.com/channels/501836936584101899/506916956637495306/1185616779486167141
 2024-01-05 11:44:44 +00:00
Andy Miller
a1c116dd82 update copyright year 2024-01-05 11:43:52 +00:00
Andy Miller
f59fa9a291 language updates 2024-01-05 11:26:45 +00:00
Andy Miller
458c64086e Revert "Use new groupNames method" 
This reverts commit 470b69c775.
 2024-01-05 11:20:40 +00:00
JS Media Creation
1b8e267d0a Add mime type for vCards (.vcf files) (#3772) 
Adds support for vCards (.vcf files) in case of e.g. scanning a qr-code with the direct url to the file, so that it can be downloaded. 

Only a thumb-vcf.png should be added then too.
 2023-11-08 12:06:04 +00:00
Andy Miller
4e01398545 Added debugger output when routes conflict 2023-11-06 16:50:27 +00:00
Andy Miller
b0dd2358f4 Updated packages (including dom-sanitizer 1.0.7) 2023-11-06 16:50:15 +00:00
Djamil Legato
0c9333e60d Revert "fix whitespace encoding in urls" (#3764) 
* Revert "fix whitespace encoding in urls (#3719)"

This reverts commit 6a9b1f2214.

* Revert change
 2023-10-27 23:58:08 -07:00
Andy Miller
cfa510e7f7 Merge branch 'master' into develop 2023-10-25 12:38:41 +01:00
Andy Miller
6d5f0ff9ba validaiton math rounding - fixes #3761 2023-10-25 12:38:12 +01:00
Angela Ugrinovska
71939e18be Fixed too few arguments exception thrown in the admin with using flex objects (#3658) 
Going through older PRs, thanks for this.
 2023-10-24 10:33:58 +01:00
Junky Junkerson
45f8fe4d0b Correcting comment in about custom site.yaml value (#3659) 
Corrected blog: route: '/blog' comment from system.blog.route to site.blog.route
 2023-10-24 10:32:49 +01:00
Vital
2179ef33a7 Fixed exception: "Property 'jsmodule_pipeline_include_externals' does not exist in the object!" (#3661) 
Co-authored-by: Artemkin_V <avr@vital-web.ru>
 2023-10-24 10:32:19 +01:00
Rotzbua
d0ae677e61 Update jquery-3.x.min.js to v3.6.4 (#3713) 
Source: https://code.jquery.com/jquery-3.6.4.min.js
 2023-10-24 10:30:19 +01:00
dirkjf
6a9b1f2214 fix whitespace encoding in urls (#3719) 
* fix broken src url encoding

* remove redundant code

* Revert "remove redundant code"

This reverts commit 4e0020114e.

* Revert "fix broken src url encoding"

This reverts commit 3e8259da3a.

* encode whitespaces in url paths
 2023-10-24 10:30:00 +01:00
yiwu
b1117e45c9 Update system.yaml (#3721) 
add ISO 8601 dateformat
 2023-10-24 10:28:44 +01:00
Ricardo Verdugo
382a836d80 Fix invalid input to foreach (#3724) 
* Fix invalid input to foreach

This happens with discord oauth, possibly others

* Update UserGroupObject.php

---------

Co-authored-by: Andy Miller <1084697+rhukster@users.noreply.github.com>
 2023-10-24 10:28:23 +01:00
Raffael Herrmann
db3e39f0cb Added detection of external triggers of the scheduler (#3726) 
Added extension to the isCrontabSetup method to detect external triggers of the scheduler, so that in the admin interface the error message is hidden when the scheduler is called by an external trigger.
 2023-10-24 10:25:44 +01:00
Jeremy Angele
80ce87e4a9 Update dangerous extensions (#3756) 
Thanks for this!
 2023-10-24 10:20:22 +01:00
Jeff
f0f29891d6 Update Inflector::ordinalize() (#3759) 
put the init() call before the $ordinals test
 2023-10-24 10:19:24 +01:00
Andy Miller
21b218e464 prepare for release 2023-10-02 10:41:26 -06:00
pamtbaau
3cdbc5890a Fix url of @import not being rewritten (#3750) 
Looks good.  thanks.
 2023-10-02 10:04:29 -06:00
Andy Miller
79f9640b12 move language debug to debugger - fixes #3752 2023-10-02 09:51:22 -06:00
Andy Miller
65aeb82e21 add ability to override modified date via frontmatter 2023-10-02 09:36:22 -06:00
Andy Miller
e3b0aa0c50 inlcude phar in dangerous extensions 2023-08-22 11:57:13 +01:00
Andy Miller
893b1dd1db prepare for release 2023-07-18 12:40:57 -06:00
Andy Miller
1146959806 fixed a typo 2023-07-18 12:40:27 -06:00
Andy Miller
0d27f2d77e prepare for release 2023-07-18 10:50:36 -06:00
Andy Miller
b4c62101a4 SSTI attack mitigation - GHSA-9436-3gmp-4f53 2023-07-18 10:49:47 -06:00
Andy Miller
cf6bf7d1ec prepare for release 2023-06-15 12:57:46 -06:00
Andy Miller
47665dbddb Fixes #3727 - filter field being a closure 2023-06-15 09:03:12 -06:00
Andy Miller
50ee844759 prepare for release 2023-06-14 14:19:00 -06:00
Andy Miller
244758d438 also handle SSTI in reduce twig filter + function 2023-06-14 11:08:17 -06:00
Andy Miller
71bbed12f9 more SSTI fixes in Utils::isDangerousFunction() 2023-06-13 17:57:11 -06:00
Andy Miller
8c2c1cb726 better SSTI in |map and |filter 2023-06-13 17:45:40 -06:00
Andy Miller
9d01140a63 Fix for dangerous tags in |map filter 2023-06-13 17:07:39 -06:00
Andy Miller
259e775db8 Added languages debug option 2023-06-08 14:50:52 -06:00
Andy Miller
722ce55ccb prepare for release 2023-06-01 15:18:53 -06:00
Andy Miller
8dfa2110bf fix for special chars in slugs causing redirect loops 2023-06-01 15:16:56 -06:00
Andy Miller
31aeaf6309 improved the Twig Cache Tag with customizable key (lang specific if needed) 2023-05-23 15:54:48 -06:00
Andy Miller
b34f70f91d prepare for release 2023-05-10 08:34:45 -06:00