From abfe156d8d18483f265a264c9769063cbfde8ba2 Mon Sep 17 00:00:00 2001
From: Ben Thomson <git@alfreido.com>
Date: Mon, 10 Aug 2020 09:07:24 +0800
Subject: [PATCH 1/4] Change File model to use fillable as opposed to guardable
 attributes

---
 modules/system/models/File.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/modules/system/models/File.php b/modules/system/models/File.php
index ffca84afb..4bc33ae74 100644
--- a/modules/system/models/File.php
+++ b/modules/system/models/File.php
@@ -20,6 +20,26 @@ class File extends FileBase
      */
     protected $table = 'system_files';
 
+    /**
+     * @var array The attributes that are mass assignable.
+     */
+    protected $fillable = [
+        'file_name',
+        'title',
+        'description',
+        'field',
+        'attachment_id',
+        'attachment_type',
+        'is_public',
+        'sort_order',
+        'data',
+    ];
+
+    /**
+     * @var array The attributes that aren't mass assignable.
+     */
+    protected $guarded = [];
+
     /**
      * {@inheritDoc}
      */

From 8bc440defa83c93d6e4c34582cfccfb5ff5f6e9a Mon Sep 17 00:00:00 2001
From: Ben Thomson <git@alfreido.com>
Date: Mon, 10 Aug 2020 09:17:32 +0800
Subject: [PATCH 2/4] Revert "Change File model to use fillable as opposed to
 guardable attributes"

This reverts commit abfe156d8d18483f265a264c9769063cbfde8ba2.
---
 modules/system/models/File.php | 20 --------------------
 1 file changed, 20 deletions(-)

diff --git a/modules/system/models/File.php b/modules/system/models/File.php
index 4bc33ae74..ffca84afb 100644
--- a/modules/system/models/File.php
+++ b/modules/system/models/File.php
@@ -20,26 +20,6 @@ class File extends FileBase
      */
     protected $table = 'system_files';
 
-    /**
-     * @var array The attributes that are mass assignable.
-     */
-    protected $fillable = [
-        'file_name',
-        'title',
-        'description',
-        'field',
-        'attachment_id',
-        'attachment_type',
-        'is_public',
-        'sort_order',
-        'data',
-    ];
-
-    /**
-     * @var array The attributes that aren't mass assignable.
-     */
-    protected $guarded = [];
-
     /**
      * {@inheritDoc}
      */

From cdb8acd2142434858caa768756ddf4b38adf62d4 Mon Sep 17 00:00:00 2001
From: moisessepulveda <69491477+moisessepulveda@users.noreply.github.com>
Date: Thu, 13 Aug 2020 00:03:35 -0400
Subject: [PATCH 3/4] Improvements to Spanish translations (#5237)

---
 modules/backend/lang/es/lang.php  | 13 +++++++------
 modules/system/lang/es/client.php | 31 +++++++++++++++++++------------
 2 files changed, 26 insertions(+), 18 deletions(-)

diff --git a/modules/backend/lang/es/lang.php b/modules/backend/lang/es/lang.php
index 2e5764c61..e8c0a257e 100644
--- a/modules/backend/lang/es/lang.php
+++ b/modules/backend/lang/es/lang.php
@@ -307,11 +307,11 @@ return [
         'auto_closing' => 'Cerrado de etiquetas automático',
         'show_invisibles' => 'Mostrar caracteres invisibles',
         'show_gutter' => 'Mostrar numeros de línea',
-        'basic_autocompletion'=> 'Autocompletado Basico (Ctrl + Espacio)',
-        'live_autocompletion'=> 'Autocompletado en Vivo',
-        'enable_snippets'=> 'Activar uso de Snippets',
-        'display_indent_guides'=> 'Mostrar Guias de Identado',
-        'show_print_margin'=> 'Mostrar Margen de impresión',
+        'basic_autocompletion' => 'Autocompletado Basico (Ctrl + Espacio)',
+        'live_autocompletion' => 'Autocompletado en Vivo',
+        'enable_snippets' => 'Activar uso de Snippets',
+        'display_indent_guides' => 'Mostrar Guias de Identado',
+        'show_print_margin' => 'Mostrar Margen de impresión',
         'mode_off' => 'Off',
         'mode_fluid' => 'Fluido',
         '40_characters' => '40 Caracteres',
@@ -396,7 +396,8 @@ return [
     'filter' => [
         'all' => 'todo',
         'options_method_not_exists' => "La clase de modelo :model debe definir un método :method() para regresar opciones para el filtro ':filter'.",
-        'date_all' => 'todo el período'
+        'date_all' => 'todo el período',
+        'number_all' => 'todos los números'
     ],
     'import_export' => [
         'upload_csv_file' => '1. Subir un archivo CSV',
diff --git a/modules/system/lang/es/client.php b/modules/system/lang/es/client.php
index 95602d98a..fb6f31ead 100644
--- a/modules/system/lang/es/client.php
+++ b/modules/system/lang/es/client.php
@@ -33,7 +33,6 @@ return [
         'fullscreen' => 'Pantalla completa',
         'preview' => 'Previsualizar'
     ],
-
     'mediamanager' => [
         'insert_link' => "Insertar Media Vínculo",
         'insert_image' => "Insertar Media Imagen",
@@ -45,12 +44,10 @@ return [
         'invalid_video_empty_insert' => "Por favor seleccione un archivo de video para insertar.",
         'invalid_audio_empty_insert' => "Por favor seleccione un archivo de audio para insertar.",
     ],
-
     'alert' => [
         'confirm_button_text' => 'OK',
         'cancel_button_text' => 'Cancelar'
     ],
-
     'datepicker' => [
         'previousMonth' => 'Mes Anterior',
         'nextMonth' => 'Mes Siguiente',
@@ -58,21 +55,31 @@ return [
         'weekdays' => ['Domingo', 'Lunes', 'Martes', 'Miercoles', 'Jueves', 'Viernes', 'Sabado'],
         'weekdaysShort' => ['Dom', 'Lun', 'Mar', 'Mie', 'Jue', 'Vie', 'Sab']
     ],
-
     'filter' => [
         'group' => [
             'all' => 'todos'
         ],
+        'scopes' => [
+            'apply_button_text' => 'Aplicar',
+            'clear_button_text' => 'Limpiar',
+        ],
         'dates' => [
-            'all' => 'todos',
-            'filter_button_text' => 'Filtro',
-            'reset_button_text'  => 'Restablecer',
+            'all' => 'todas',
+            'filter_button_text' => 'Filtrar',
+            'reset_button_text' => 'Restablecer',
             'date_placeholder' => 'Fecha',
-            'after_placeholder' => 'Despues',
-            'before_placeholder' => 'Antes'
-        ]
+            'after_placeholder' => 'Desde',
+            'before_placeholder' => 'Hasta'
+        ],
+        'numbers' => [
+            'all' => 'todos',
+            'filter_button_text' => 'Filtrar',
+            'reset_button_text' => 'Restablecer',
+            'min_placeholder' => 'Mínimo',
+            'max_placeholder' => 'Máximo',
+            'number_placeholder' => 'Número'
+        ],
     ],
-
     'eventlog' => [
         'show_stacktrace' => 'Mostrar el seguimiento de la pila',
         'hide_stacktrace' => 'Ocultar el seguimiento de la pila',
@@ -84,7 +91,7 @@ return [
             'title' => 'Seleccione el editor de código fuente a usar',
             'description' => 'Su entorno de sistema operativo debe estar configurado para escuchar a uno de estos esquemas de URL.',
             'openWith' => 'Abrir con',
-            'rememberChoice' => 'Recuerde que la opción seleccionada para esta sesión del navegador',
+            'rememberChoice' => 'Recuerde la opción seleccionada para esta sesión del navegador',
             'open' => 'Abrir',
             'cancel' => 'Cancelar'
         ]

From 3a1f547adb0bef8245691fc5df0612cf865d90d7 Mon Sep 17 00:00:00 2001
From: Ben Thomson <git@alfreido.com>
Date: Thu, 13 Aug 2020 12:48:07 +0800
Subject: [PATCH 4/4] Use new PathResolver methods for handling file Asset /
 Object paths

---
 modules/cms/classes/Asset.php     | 10 +++++-----
 modules/cms/classes/CmsObject.php | 14 +++++++-------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/modules/cms/classes/Asset.php b/modules/cms/classes/Asset.php
index 0bfc2eba8..9a83504ba 100644
--- a/modules/cms/classes/Asset.php
+++ b/modules/cms/classes/Asset.php
@@ -4,10 +4,11 @@ use File;
 use Lang;
 use Config;
 use Request;
-use Cms\Helpers\File as FileHelper;
-use October\Rain\Extension\Extendable;
 use ApplicationException;
 use ValidationException;
+use Cms\Helpers\File as FileHelper;
+use October\Rain\Extension\Extendable;
+use October\Rain\Filesystem\PathResolver;
 
 /**
  * The CMS theme asset file class.
@@ -287,14 +288,13 @@ class Asset extends Extendable
 
         $directory = $this->theme->getPath() . '/' . $this->dirName . '/';
         $filePath = $directory . $fileName;
-        $resolvedPath = resolve_path($filePath);
 
         // Limit paths to those under the theme's assets directory
-        if (!starts_with($resolvedPath, $directory)) {
+        if (!PathResolver::within($filePath, $directory)) {
             return false;
         }
 
-        return $resolvedPath;
+        return PathResolver::resolve($filePath);
     }
 
     /**
diff --git a/modules/cms/classes/CmsObject.php b/modules/cms/classes/CmsObject.php
index 714650150..766f3726c 100644
--- a/modules/cms/classes/CmsObject.php
+++ b/modules/cms/classes/CmsObject.php
@@ -4,11 +4,12 @@ use App;
 use Lang;
 use Event;
 use Config;
-use October\Rain\Halcyon\Model as HalcyonModel;
-use Cms\Contracts\CmsObject as CmsObjectContract;
-use ApplicationException;
-use ValidationException;
 use Exception;
+use ValidationException;
+use ApplicationException;
+use Cms\Contracts\CmsObject as CmsObjectContract;
+use October\Rain\Filesystem\PathResolver;
+use October\Rain\Halcyon\Model as HalcyonModel;
 
 /**
  * This is a base class for all CMS objects - content files, pages, partials and layouts.
@@ -229,14 +230,13 @@ class CmsObject extends HalcyonModel implements CmsObjectContract
 
         $directory = $this->theme->getPath() . '/' . $this->getObjectTypeDirName() . '/';
         $filePath = $directory . $fileName;
-        $resolvedPath = resolve_path($filePath);
 
         // Limit paths to those under the corresponding theme directory
-        if (!starts_with($resolvedPath, $directory)) {
+        if (!PathResolver::within($filePath, $directory)) {
             return false;
         }
 
-        return $resolvedPath;
+        return PathResolver::resolve($filePath);
     }
 
     /**