mirror_php/winter
1
0
Fork 0
mirror of https://github.com/wintercms/winter.git synced 2024-06-28 05:33:29 +02:00
Code Issues Projects Releases Wiki Activity
5,317 Commits 35 Branches 172 Tags
Commit Graph

4602 Commits

Author SHA1 Message Date
Luke Towers
d52ea0ccf8 further WIP on rebrand 2021-03-08 02:41:13 -06:00
Luke Towers
62fbbdc182 Further WIP on October -> Winter rebrand 2021-03-07 02:24:21 -06:00
Luke Towers
7d80b771fe Initial work on Winter rebrand for 1.0 branch 2021-03-06 04:06:19 -06:00
Ben Thomson
f638d3f78c Add app.trustedHosts config and force host checks on password reset (#5423) 
Add app.trustedHosts config and force host checks on backend password reset.

Related: octobercms/library@f29865a
(cherry picked from commit f555ab6)
 2021-01-04 13:07:00 -06:00
Luke Towers
ea67b615e4 Further improvements to the Twig SecurityPolicy 2020-12-18 12:15:12 -06:00
Luke Towers
61e49d9e0b Improve Twig security policy 
Follow up to 106daa2...7cb148c. Thanks to @ka1n4t for the additional review.
 2020-11-13 03:50:39 -06:00
Samuel Georges
c5af6c226c Recompile JS 
To apply fix found in d49266ad90246fcf90565de8ccdcdbad492de0fe

Refs #5222
 2020-10-19 10:04:51 +11:00
Luke Towers
1fa076d475 Change Twig template loading fallbacks 
Previously:
- registered Laravel view file
- attempt to load file as a CMS partial

Now:
- registered Laravel view file
- valid CMS partials
- any file that Twig can access (from the project root) rendered as a plain twig template (but with support for the CMS twig environment)

Fixes 80aab47f04 (commitcomment-42223643), https://github.com/octobercms/october/issues/5261#issuecomment-691235167

(cherry picked from commit dca6128501890473043cbe2bfd3016b4f48d39d6)
 2020-09-11 15:48:58 -06:00
Luke Towers
a95d1c8852 Temporarily fixed an issue with existing code-bases that abuse the Twig engine by loading template files in unsupported ways (.js / .svg files rendered as partials through {% partial %}, {% include %}, or $this->renderPartial()). NOTE: This hotfix will not be available in Build 1.1.x so existing code still needs to be fixed to not use those unsupported file types. 
Related: https://github.com/octobercms/october/issues/5272 & https://github.com/skydiver/october-plugin-forms/issues/213
Somewhat related (not fixed by this commit though): 80aab47f04 (commitcomment-42223643)
 2020-09-11 03:45:22 -06:00
Luke Towers
78a37298a4 Tightened up the default permissions granted to the "Publisher" system role out of the box 
(cherry picked from commit 8a785e439395aa901d2b9d7bcb6a343a071c7870)
 2020-09-11 02:12:28 -06:00
Luke Towers
fd2d634b5e Composer updates for 1.0.469 2020-09-06 21:05:00 -06:00
Luke Towers
e9e4210842 Allow infinitely nested CmsObjects that may have been permitted to load previously through the filesystem continue to load. 2020-09-04 15:22:48 -06:00
Luke Towers
7cb148c167 minor cleanup and docblocks 2020-09-04 01:23:03 -06:00
Samuel Georges
ceb2ff8a6e Clean up redundancies 2020-09-04 13:35:21 +10:00
Samuel Georges
4c650bb775 Security fixes for v1.0.469 
Introduces sandbox policy to block extendable methods allowing arbitrary code execution
 2020-09-04 13:02:01 +10:00
Ben Thomson
d49266ad90
Make popup textarea HTML5-compliant in Inspector editor. 
Previously, this was a self-closing tag with a value attribute. Neither are supported for the textarea tag in HTML5. It appears that browsers now are actually checking this and/or won't work with it.

Fixes #5222.
 2020-07-25 22:52:23 +08:00
Luke Towers
a56e0cdf61 Use Arabic numerals instead of Indic ones for Arabic date translations. 
Fixes #5213
 2020-07-19 01:15:07 -06:00
Luke Towers
c1fd1b9346 Fix support for ignoreTimezone in date filter types 
Fixes #5197
 2020-07-19 01:01:09 -06:00
Klaas Poortinga
517c588ef7
Fix filter type "group" when 500+ options are available (#5141) 
When 500 options or more are presented in a group filter, PHP `max_input_vars` limits may prevent the filter from working. This fix passes selected options through as a JSON string to get around the limits.
 2020-07-17 17:12:41 +08:00
Ben Thomson
70eac9b0e2
Recompile assets 2020-07-16 18:00:19 +08:00
Patrick Boivin
987dfa4eb7
Add Paragraph Formats to Editor Settings (#4861) 
Co-authored-by: Luke Towers <github@luketowers.ca>
Co-authored-by: Ben Thomson <ben@abweb.com.au>
 2020-07-16 17:54:21 +08:00
Ruben van Erk
3be6e26e84
Clear input after creating tag (#5053) 
When using the taglist field type, the input isn't cleared after a tag has been created. This problem is described here: https://github.com/select2/select2/issues/4698
This change fixes that issue.
 2020-07-16 17:26:49 +08:00
Romain 'Maz' BILLOIR
745bdf9022
Add missing French translations (#5210) 2020-07-16 16:42:28 +08:00
Luke Towers
c1bb695f4b
Fix "use statement with non-compound names has no effect" (#5206) 
Fixes #5205.
 2020-07-09 02:19:36 -06:00
Meysam
9082a231a6
Document Select2's dynamic option creation (#5052) 2020-07-01 10:11:16 +08:00
Luke Towers
dea03a698c Use the Lang facade rather than the trans helper function 2020-06-28 11:14:35 -06:00
Luke Towers
c84c51c820 Improve error message when attempting to fork an unforkable component. 
Fixes #5142 and rainlab/forum-plugin#141
 2020-06-28 10:57:47 -06:00
Luke Towers
b2d88d6da9 Fix issue when refreshing an entire form that occurs because the toggleEmptyTabs timer runs after the elements it was based on have all been replaced. 2020-06-24 11:33:44 -06:00
Giuseppe Montuoro
cbbc82ac86
Use the current context when making redirects in FormController onSave handlers (#5132) 
Related: d0546599d1
 2020-06-20 16:04:57 -06:00
Luke Towers
ef36399cf7 Improve error handling for invalid counter properties on backend menu items 2020-06-19 23:54:44 -06:00
Luke Towers
1b8fae0ef0 Fix visual glitch on inspector autocomplete fields. 
Fixes #5085
 2020-06-18 11:55:14 -06:00
Luke Towers
dc400a0e20 Fix issue where the throttle feature was no longer logging IP addresses. 
Fixes #5128
 2020-06-18 11:27:53 -06:00
Luke Towers
b384954a29 Improve Froala sanitization of pasted content. 2020-06-18 11:03:48 -06:00
Luke Towers
0cdda52eb8 Fix bug where a field with @context in the name would completely break forms if it also depended on other fields. 
The bug occurred because if specific fields aren't detected in onRefresh(), the entire Form widget HTML will be returned as the result instead of specific fields. This created a problem because the october.form.js JS is not setup to gracefully handle having the entire root form DOM node completely replaced in the middle of a request being completed. Specifically, this would cause problems when trying to detect empty tabs, and then the problems would cascade from there as there would be an instance of october.form.js attached to the page with broken references to no-longer existing DOM nodes.

This fix solves the immediate issue of `field@context` using the `dependsOn` feature breaking by ensuring that the actual final field name for a given field is used instead of the name used in the configuration of the field. Future work should probably be done to better support an entire form being re-rendered if no fields are detected in onRefresh however.
 2020-06-17 03:05:40 -06:00
Tomasz Strojny
68d0667bd4
Updated Polish translation (#5129) 2020-06-17 16:10:37 +08:00
Romain 'Maz' BILLOIR
81a11f70c4
Fix Froala strip empty tags issue (#5126) 
Co-authored-by: Ben Thomson <git@alfreido.com>
 2020-06-16 14:59:40 +08:00
Luke Towers
24f87ae10e Also remove custom sorts from relationcontroller lists / pivot manage modes. 
Fixes https://github.com/octobercms/october/issues/4335#issuecomment-643706004, refs: 5f8a5454ee
 2020-06-14 14:29:21 -06:00
Ben Thomson
8dba43ba0b
Allow plugin autoloaders to load on restricted pages and actions (#5120) 
Allow plugin autoloaders to load, even on restricted pages. This allows (enabled) plugins to load their autoloaders on any pages, allowing includes in migration files to run.

Fixes #5110.
 2020-06-09 21:46:17 -06:00
Luke Towers
c03fd66aeb Support new onUpload() AJAX handler for uploads instead of postback takeovers. 
Fixes #5104. Refs: 4f7e2995c7
 2020-06-05 16:01:22 -06:00
Luke Towers
02af8bb254 Improve error handling when uploading a file that exceeds the server's post_max_size 2020-06-05 15:56:15 -06:00
Luke Towers
314b15dd13 Support decompiling mediamanager assets 2020-06-05 15:52:59 -06:00
Luke Towers
434f2cd433 Improve error handling for UploadableWidgets 2020-06-05 15:52:27 -06:00
Luke Towers
547d9bffeb Support nested asset files and files under a symlinked directory when decompiling backend assets 2020-06-05 15:51:12 -06:00
Luke Towers
33795fe6aa Delete unnecessary file 2020-06-04 09:19:24 -06:00
Alexander Guth
9e64e63805
Add filters widget to the pivot view (#5099) 
Fixes #5089
 2020-06-02 00:53:57 -06:00
Samuell
b63a39b106
Add missing import (#5101) 2020-06-01 10:42:15 -06:00
Luke Towers
5c3ba9a28a Fix naming conflict 
Reported by @alxy https://github.com/octobercms/october/pull/5088#issuecomment-636448210
 2020-05-31 11:23:31 -06:00
Luke Towers
5c7ba9fbe9 Update combined jquery file to 3.4.0, added fix for #5097 2020-05-31 02:32:58 -06:00
Ben Thomson
a43833d511
Trigger dependency check for remote values for inspector dropdown properties (#5071) 2020-05-27 09:36:21 +08:00
Marco Grüter
b417a4938f
Render the css classes on the filter widget (#5067) 2020-05-26 15:25:06 -06:00