Commit d5ed9d90 authored by Al-Demon's avatar Al-Demon
Browse files

Changes in several days of work to improve

parent 55a71d8a
<IfModule mod_headers.c>
# Disable content sniffing, since it's an attack vector.
Header always set X-Content-Type-Options nosniff
Header always set Strict-Transport-Security "max-age=15568000"
Header always set Content-Security-Policy "img-src 'none' ; script-src 'self' ; style-src 'self' ; connect-src 'self' ; font-src 'self' ; object-src 'self' ; media-src 'self' ; fram$
#Header always set Content-Security-Policy "default-src 'self' data: https: 'unsafe-inline' "
Header always set Referrer-Policy "no-referrer"
Header set X-Frame-Options: SAMEORIGIN
Header set X-XSS-Protection "1; mode=block"
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} =fair.coop [NC]
# 404 test -- file/folder exists?
## Begin RewriteBase
# If you are getting 500 or 404 errors on subpages, you may have to uncomment the RewriteBase entry
......
# v1.4.2
## 03/21/2018
1. [](#new)
* Added new `|nicefilesize` Twig filter for pretty file (auto converts to bytes, kB, MB, GB, etc)
* Added new `regex_filter()` Twig function to values in arrays
1. [](#improved)
* Added bosnian to lang codes [#1917](https://github.com/getgrav/grav/issues/1917)
* Improved Zip extraction error codes [#1922](https://github.com/getgrav/grav/issues/1922)
1. [](#bugfix)
* Fixed an issue with Markdown Video and Audio that broke after Parsedown 1.7.0 Security updates [#1924](https://github.com/getgrav/grav/issues/1924)
* Fix for case-sensitive page metadata [admin#1370](https://github.com/getgrav/grav-plugin-admin/issues/1370)
* Fixed missing composer requirements for the new `Grav\Framework\Uri` classes
* Added missing PSR-7 vendor library required for URI additions in Grav 1.4.0
# v1.4.1
## 03/11/2018
1. [](#bugfix)
* Fixed session timing out because of session cookie was not being sent
# v1.4.0
## 03/09/2018
1. [](#new)
* Added `Grav\Framework\Uri` classes extending PSR-7 `HTTP message UriInterface` implementation
* Added `Grav\Framework\Route` classes to allow route/link manipulation
* Added `$grav['uri]->getCurrentUri()` method to get `Grav\Framework\Uri\Uri` instance for the current URL
* Added `$grav['uri]->getCurrentRoute()` method to get `Grav\Framework\Route\Route` instance for the current URL
* Added ability to have `php` version dependencies in GPM assets
* Added new `{% switch %}` twig tag for more elegant if statements
* Added new `{% markdown %}` twig tag
* Added **Route Overrides** to the default page blueprint
* Added new `Collection::toExtendedArray()` method that's particularly useful for Json output of data
* Added new `|yaml_encode` and `|yaml_decode` Twig filter to convert to and from YAML
* Added new `read_file()` Twig function to allow you to load and display a file in Twig (Supports streams and regular paths)
* Added a new `Medium::exists()` method to check for file existence
* Moved Twig `urlFunc()` to `Utils::url()` as its so darn handy
* Transferred overall copyright from RocketTheme, LLC, to Trilby Media LLC
* Added `theme_var`, `header_var` and `body_class` Twig functions for themes
* Added `Grav\Framework\Cache` classes providing PSR-16 `Simple Cache` implementation
* Added `Grav\Framework\ContentBlock` classes for nested HTML blocks with CSS/JS assets
* Added `Grav\Framework\Object` classes for creating collections of objects
* Added `|nicenumber` Twig filter
* Added `{% try %} ... {% catch %} Error: {{ e.message }} {% endcatch %}` tag to allow basic exception handling inside Twig
* Added `{% script %}` and `{% style %}` tags for Twig templates
* Deprecated GravTrait
1. [](#improved)
* Improved `Session` initialization
* Added ability to set a `theme_var()` option in page frontmatter
* Force clearing PHP `clearstatcache` and `opcache-reset` on `Cache::clear()`
* Better `Page.collection()` filtering support including ability to have non-published pages in collections
* Stopped Chrome from auto-completing admin user profile form [#1847](https://github.com/getgrav/grav/issues/1847)
* Support for empty `switch` field like a `checkbox`
* Made `modular` blueprint more flexible
* Code optimizations to `Utils` class [#1830](https://github.com/getgrav/grav/pull/1830)
* Objects: Add protected function `getElement()` to get serialized value for a single property
* `ObjectPropertyTrait`: Added protected functions `isPropertyLoaded()`, `offsetLoad()`, `offsetPrepare()` and `offsetSerialize()`
* `Grav\Framework\Cache`: Allow unlimited TTL
* Optimizations & refactoring to the test suite [#1779](https://github.com/getgrav/grav/pull/1779)
* Slight modification of Whoops error colors
* Added new configuration option `system.session.initialize` to delay session initialization if needed by a plugin
* Vendor library updated to latest
* Updated vendor libraries to latest versions
* Removed constructor from `ObjectInterface`
* Make it possible to include debug bar also into non-HTML responses
* Updated built-in JQuery to latest 3.3.1
1. [](#bugfix)
* Fixed issue with image alt tag always getting empted out unless set in markdown
* Fixed issue with remote PHP version determination for Grav updates [#1883](https://github.com/getgrav/grav/issues/1883)
* Fixed issue with _illegal scheme offset_ in `Uri::convertUrl()` [page-inject#8](https://github.com/getgrav/grav-plugin-page-inject/issues/8)
* Properly validate YAML blueprint fields so admin can save as proper YAML now [addresses many issues]
* Fixed OpenGraph metatags so only Twitter uses `name=`, and all others use `property=` [#1849](https://github.com/getgrav/grav/issues/1849)
* Fixed an issue with `evaluate()` and `evaluate_twig()` Twig functions that throws invalid template error
* Fixed issue with `|sort_by_key` twig filter if the input was null or not an array
* Date ordering should always be numeric [#1810](https://github.com/getgrav/grav/issues/1810)
* Fix for base paths containing special characters [#1799](https://github.com/getgrav/grav/issues/1799)
* Fix for session cookies in paths containing special characters
* Fix for `vundefined` error for version numbers in GPM [form#222](https://github.com/getgrav/grav-plugin-form/issues/222)
* Fixed `BadMethodCallException` thrown in GPM updates [#1784](https://github.com/getgrav/grav/issues/1784)
* NOTE: Parsedown security release now escapes `&` to `&amp;` in Markdown links
# v1.3.10
## 12/06/2017
1. [](#bugfix)
* Reverted GPM Local pull request as it broken admin [#1742](https://github.com/getgrav/grav/issues/1742)
1. [](#new)
* Reverted GPM Local pull request as it broken admin [#1742](https://github.com/getgrav/grav/issues/1742)
# v1.3.9
## 12/05/2017
1. [](#new)
* Added new core Twig templates for `partials/metadata.html.twig` and `partials/messages.html.twig`
* Added ability to work with GPM locally [#1742](https://github.com/getgrav/grav/issues/1742)
* Added ability to work with GPM locally [#1742](https://github.com/getgrav/grav/issues/1742)
* Added new HTML5 audio controls [#1756](https://github.com/getgrav/grav/issues/1756)
* Added `Medium::copy()` method to create a copy of a medium object
* Added new `force_lowercase_urls` functionality on routes and slugs
......@@ -35,15 +115,15 @@
* Fixed token creation issue with `Uri` params like `/id:3`
* Fixed CSS Pipeline failing with Google remote fonts if the file was minified [#1261](https://github.com/getgrav/grav-plugin-admin/issues/1261)
* Forced `field.multiple: true` to allow use of min/max options in `checkboxes.validate`
# v1.3.8
## 10/26/2017
1. [](#new)
* Added Page `media_order` capability to manually order page media via a page header
1. [](#bugfix)
* Fixed GPM update issue with filtered slugs [#1711](https://github.com/getgrav/grav/issues/1711)
* Fixed issue with missing image file not throwing 404 properly [#1713](https://github.com/getgrav/grav/issues/1713)
* Fixed GPM update issue with filtered slugs [#1711](https://github.com/getgrav/grav/issues/1711)
* Fixed issue with missing image file not throwing 404 properly [#1713](https://github.com/getgrav/grav/issues/1713)
# v1.3.7
## 10/18/2017
......@@ -59,20 +139,20 @@
1. [](#bugfix)
* Regression: Ajax error in Nginx [admin#1244](https://github.com/getgrav/grav-plugin-admin/issues/1244)
* Remove the `_url=$uri` portion of the the Nginx `try_files` command [admin#1244](https://github.com/getgrav/grav-plugin-admin/issues/1244)
# v1.3.5
## 10/11/2017
1. [](#improved)
* Refactored `URI` class with numerous bug fixes, and optimizations
* Override `system.media.upload_limit` with PHP's `post_max_size` or `upload_max_filesize`
* Updated `bin/grav clean` command to remove unnecessary vendor files (save some bytes)
* Updated `bin/grav clean` command to remove unnecessary vendor files (save some bytes)
* Added a `http_status_code` Twig function to allow setting HTTP status codes from Twig directly.
* Deter XSS attacks via URI path/uri methods (credit:newbthenewbd)
* Added support for `$uri->toArray()` and `(string)$uri`
* Added support for `type` on `Asstes::addInlineJs()` [#1683](https://github.com/getgrav/grav/pull/1683)
1. [](#bugfix)
* Fixed method signature error with `GPM\InstallCommand::processPackage()` [#1682](https://github.com/getgrav/grav/pull/1682)
* Fixed method signature error with `GPM\InstallCommand::processPackage()` [#1682](https://github.com/getgrav/grav/pull/1682)
# v1.3.4
## 09/29/2017
......@@ -86,7 +166,7 @@
* Improved support for Assets with query strings [#1451](https://github.com/getgrav/grav/issues/1451)
* Twig extension cleanup
1. [](#bugfix)
* Fixed an issue where fallback was not supporting dynamic page generation
* Fixed an issue where fallback was not supporting dynamic page generation
* Fixed issue with Image query string not being fully URL encoded [#1622](https://github.com/getgrav/grav/issues/1622)
* Fixed `Page::summary()` when using delimiter and multibyte UTF8 Characters [#1644](https://github.com/getgrav/grav/issues/1644)
* Fixed missing `.json` thumbnail throwing error when adding media [grav-plugin-admin#1156](https://github.com/getgrav/grav-plugin-admin/issues/1156)
......@@ -129,7 +209,7 @@
* Allow `session.timeout` field to be set to `0` via blueprints [#1598](https://github.com/getgrav/grav/issues/1598)
* Fixed `Data::exists()` and `Data::raw()` functions breaking if `Data::file()` hasn't been called with non-null value
* Fixed parent theme auto-loading in child themes of Gantry 5
# v1.3.1
## 07/19/2017
......
The MIT License (MIT)
Copyright (c) 2017 Grav
Copyright (c) 2018 Grav
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
......
No preview for this file type
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
<?php
return [
'@class' => 'Grav\\Common\\File\\CompiledYamlFile',
'filename' => '/var/www/grav/web/user/config/plugins/login.yaml',
'modified' => 1519059005,
'data' => [
'enabled' => true,
'built_in_css' => true,
'route' => '/admin/login',
'redirect_to_login' => true,
'route_activate' => '/activate_user',
'route_forgot' => '/forgot_password',
'route_reset' => '/reset_password',
'route_profile' => '/user_profile',
'route_register' => '/user_register',
'route_unauthorized' => '/user_unauthorized',
'dynamic_page_visibility' => false,
'parent_acl' => false,
'protect_protected_page_media' => false,
'rememberme' => [
'enabled' => true,
'timeout' => 604800,
'name' => 'grav-rememberme'
],
'max_pw_resets_count' => 0,
'max_pw_resets_interval' => 60,
'max_login_count' => 0,
'max_login_interval' => 2,
'user_registration' => [
'enabled' => true,
'fields' => [
0 => 'username',
1 => 'password',
2 => 'email',
3 => 'fullname',
4 => 'title',
5 => 'level'
],
'default_values' => [
'level' => 'Newbie'
],
'access' => [
'site' => [
'login' => 'true'
]
],
'options' => [
'validate_password1_and_password2' => true,
'set_user_disabled' => false,
'login_after_registration' => true,
'send_activation_email' => false,
'send_notification_email' => false,
'send_welcome_email' => '0'
]
]
]
];
This diff is collapsed.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment