mirror_php/winter
1
0
Fork 0
mirror of https://github.com/wintercms/winter.git synced 2024-06-28 05:33:29 +02:00
Code Issues Projects Releases Wiki Activity
5,301 Commits 35 Branches 172 Tags
Commit Graph

5301 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luke Towers
a95d1c8852 Temporarily fixed an issue with existing code-bases that abuse the Twig engine by loading template files in unsupported ways (.js / .svg files rendered as partials through {% partial %}, {% include %}, or $this->renderPartial()). NOTE: This hotfix will not be available in Build 1.1.x so existing code still needs to be fixed to not use those unsupported file types. 
Related: https://github.com/octobercms/october/issues/5272 & https://github.com/skydiver/october-plugin-forms/issues/213
Somewhat related (not fixed by this commit though): 80aab47f04 (commitcomment-42223643)
 2020-09-11 03:45:22 -06:00
Luke Towers
78a37298a4 Tightened up the default permissions granted to the "Publisher" system role out of the box 
(cherry picked from commit 8a785e439395aa901d2b9d7bcb6a343a071c7870)
 2020-09-11 02:12:28 -06:00
Luke Towers
fd2d634b5e Composer updates for 1.0.469 v1.0.469 2020-09-06 21:05:00 -06:00
Luke Towers
e9e4210842 Allow infinitely nested CmsObjects that may have been permitted to load previously through the filesystem continue to load. 2020-09-04 15:22:48 -06:00
Luke Towers
7cb148c167 minor cleanup and docblocks 2020-09-04 01:23:03 -06:00
Samuel Georges
ceb2ff8a6e Clean up redundancies 2020-09-04 13:35:21 +10:00
Samuel Georges
4c650bb775 Security fixes for v1.0.469 
Introduces sandbox policy to block extendable methods allowing arbitrary code execution
 2020-09-04 13:02:01 +10:00
Ben Thomson
d49266ad90
Make popup textarea HTML5-compliant in Inspector editor. 
Previously, this was a self-closing tag with a value attribute. Neither are supported for the textarea tag in HTML5. It appears that browsers now are actually checking this and/or won't work with it.

Fixes #5222.
v1.0.468 		2020-07-25 22:52:23 +08:00
Luke Towers
a56e0cdf61 Use Arabic numerals instead of Indic ones for Arabic date translations. 
Fixes #5213
 2020-07-19 01:15:07 -06:00
Luke Towers
5a5208bd0b Document caveat with uploaded file URL generation when installing October in a subfolder 
Fixes #5204
 2020-07-19 01:08:01 -06:00
Luke Towers
c1fd1b9346 Fix support for ignoreTimezone in date filter types 
Fixes #5197
 2020-07-19 01:01:09 -06:00
Klaas Poortinga
517c588ef7
Fix filter type "group" when 500+ options are available (#5141) 
When 500 options or more are presented in a group filter, PHP `max_input_vars` limits may prevent the filter from working. This fix passes selected options through as a JSON string to get around the limits.
 2020-07-17 17:12:41 +08:00
Ben Thomson
70eac9b0e2
Recompile assets 2020-07-16 18:00:19 +08:00
Patrick Boivin
987dfa4eb7
Add Paragraph Formats to Editor Settings (#4861) 
Co-authored-by: Luke Towers <github@luketowers.ca>
Co-authored-by: Ben Thomson <ben@abweb.com.au>
 2020-07-16 17:54:21 +08:00
Ruben van Erk
3be6e26e84
Clear input after creating tag (#5053) 
When using the taglist field type, the input isn't cleared after a tag has been created. This problem is described here: https://github.com/select2/select2/issues/4698
This change fixes that issue.
 2020-07-16 17:26:49 +08:00
Romain 'Maz' BILLOIR
745bdf9022
Add missing French translations (#5210) 2020-07-16 16:42:28 +08:00
Luke Towers
c1bb695f4b
Fix "use statement with non-compound names has no effect" (#5206) 
Fixes #5205.
 2020-07-09 02:19:36 -06:00
Meysam
9082a231a6
Document Select2's dynamic option creation (#5052) v1.0.467 2020-07-01 10:11:16 +08:00
Luke Towers
dea03a698c Use the Lang facade rather than the trans helper function 2020-06-28 11:14:35 -06:00
Luke Towers
c84c51c820 Improve error message when attempting to fork an unforkable component. 
Fixes #5142 and rainlab/forum-plugin#141
 2020-06-28 10:57:47 -06:00
Saifur Rahman Mohsin
869625aef2
Minor code standards fix (#5138) 2020-06-25 10:18:21 -06:00
Luke Towers
b2d88d6da9 Fix issue when refreshing an entire form that occurs because the toggleEmptyTabs timer runs after the elements it was based on have all been replaced. 2020-06-24 11:33:44 -06:00
Giuseppe Montuoro
cbbc82ac86
Use the current context when making redirects in FormController onSave handlers (#5132) 
Related: d0546599d1
 2020-06-20 16:04:57 -06:00
Luke Towers
ef36399cf7 Improve error handling for invalid counter properties on backend menu items 2020-06-19 23:54:44 -06:00
Luke Towers
1b8fae0ef0 Fix visual glitch on inspector autocomplete fields. 
Fixes #5085
 2020-06-18 11:55:14 -06:00
Luke Towers
dc400a0e20 Fix issue where the throttle feature was no longer logging IP addresses. 
Fixes #5128
 2020-06-18 11:27:53 -06:00
Luke Towers
b384954a29 Improve Froala sanitization of pasted content. 2020-06-18 11:03:48 -06:00
Luke Towers
0cdda52eb8 Fix bug where a field with @context in the name would completely break forms if it also depended on other fields. 
The bug occurred because if specific fields aren't detected in onRefresh(), the entire Form widget HTML will be returned as the result instead of specific fields. This created a problem because the october.form.js JS is not setup to gracefully handle having the entire root form DOM node completely replaced in the middle of a request being completed. Specifically, this would cause problems when trying to detect empty tabs, and then the problems would cascade from there as there would be an instance of october.form.js attached to the page with broken references to no-longer existing DOM nodes.

This fix solves the immediate issue of `field@context` using the `dependsOn` feature breaking by ensuring that the actual final field name for a given field is used instead of the name used in the configuration of the field. Future work should probably be done to better support an entire form being re-rendered if no fields are detected in onRefresh however.
 2020-06-17 03:05:40 -06:00
Tomasz Strojny
68d0667bd4
Updated Polish translation (#5129) 2020-06-17 16:10:37 +08:00
Romain 'Maz' BILLOIR
81a11f70c4
Fix Froala strip empty tags issue (#5126) 
Co-authored-by: Ben Thomson <git@alfreido.com>
 2020-06-16 14:59:40 +08:00
Luke Towers
24f87ae10e Also remove custom sorts from relationcontroller lists / pivot manage modes. 
Fixes https://github.com/octobercms/october/issues/4335#issuecomment-643706004, refs: 5f8a5454ee
 2020-06-14 14:29:21 -06:00
Ben Thomson
b7d9bd1ca6
Remove Subsplit from repo 2020-06-12 11:52:28 +08:00
Ben Thomson
c3800c4196
Switch to checkout-v1, v2 is doing something wrong with auth 2020-06-11 13:24:46 +08:00
Ben Thomson
5d66b74378
Fix auth for subsplit on checkout-v2 2020-06-11 13:21:47 +08:00
Ben Thomson
78a6a6e126
Finalise subsplit action 2020-06-11 13:15:43 +08:00
Ben Thomson
32b0ad3bba
Test full subsplit 2020-06-11 13:02:03 +08:00
Ben Thomson
2948ee93e4
Live test of Subsplit (System Module only) 2020-06-11 12:59:42 +08:00
Ben Thomson
d7cdefbba6
Fix subsplit repo URL 2020-06-11 12:56:24 +08:00
Ben Thomson
61af4f8d9e
Debugging split 2020-06-11 12:42:46 +08:00
Ben Thomson
556637baa0
Third test of Subsplit (just the Demo theme) 2020-06-11 12:37:28 +08:00
Ben Thomson
736ac5e67d
Second test of Subsplit (just the Demo theme) 2020-06-11 12:35:55 +08:00
Ben Thomson
7e81d01117
Live test of Subsplit (just the Demo theme) 2020-06-11 12:24:12 +08:00
Ben Thomson
46e20223c7
Fix Subsplit options 2020-06-11 12:21:16 +08:00
Ben Thomson
d4d80f4577
Fix command for subsplit test 2020-06-11 12:19:00 +08:00
Ben Thomson
0793ebd677
Dry-run test of subsplit through GitHub Actions 2020-06-11 12:15:13 +08:00
Ben Thomson
8dba43ba0b
Allow plugin autoloaders to load on restricted pages and actions (#5120) 
Allow plugin autoloaders to load, even on restricted pages. This allows (enabled) plugins to load their autoloaders on any pages, allowing includes in migration files to run.

Fixes #5110.
 2020-06-09 21:46:17 -06:00
Luke Towers
48a7cc2a89 Make it even more clear how to report a security issue. Closes #5117. 2020-06-08 10:30:00 -06:00
Luke Towers
c03fd66aeb Support new onUpload() AJAX handler for uploads instead of postback takeovers. 
Fixes #5104. Refs: 4f7e2995c7
 2020-06-05 16:01:22 -06:00
Luke Towers
d64c3850ff fix tests, not required since decompileAssets() supports even invalid assets now 2020-06-05 15:59:20 -06:00
Luke Towers
02af8bb254 Improve error handling when uploading a file that exceeds the server's post_max_size 2020-06-05 15:56:15 -06:00