Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2026-01-01 21:30:41 +01:00
Code Issues Packages Projects Releases Activity
4,773 Commits 5 Branches 244 Tags
1f1c166314b84ef6ed26bea986ee905391f2c500
Commit Graph

226 Commits

Author SHA1 Message Date
Andy Miller
4221938159 fixes for storing options 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-12-11 18:01:58 -07:00
Andy Miller
bc9158ebcf fixes #2481 - twig3 breaking editor preview 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-12-03 14:09:53 -07:00
Andy Miller
99f6532965 Fix security vulnerabilities: user enumeration and XSS issues 
Security fixes:

1. GHSA-q3qx-cp62-f6m7: User Enumeration & Email Disclosure
   - Changed rate-limiter error message in taskForgot() to not include email
   - Added generic translation key FORGOT_CANNOT_RESET_RATE_LIMITED
   - Prevents attackers from enumerating valid usernames via forgot password

2. GHSA-rmw5-f87r-w988: Stored XSS in Group Display Name
   - Added HTML escaping to group.readableName in acl_picker.html.twig
   - Prevents XSS when malicious group names are rendered in selectize

3. GHSA-gqxx-248x-g29f & GHSA-mpjj-4688-3fxg: XSS in Taxonomy Fields
   - Added HTML escaping to taxonomy labels in taxonomy.html.twig
   - Prevents XSS when malicious taxonomy names are rendered

4. GHSA-65mj-f7p4-wggq, GHSA-7g78-5g5g-mvfj: XSS in Selectize Dropdowns
   - Added SafeRender functions to selectize.js that escape HTML by default
   - All selectize dropdowns now escape option/item text unless custom render is specified
   - Provides defense-in-depth against XSS in any selectize-based field
 2025-11-29 18:43:02 -07:00
Andy Miller
7d7d30e4a7 more safe-guards 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-11-14 16:30:50 +00:00
Andy Miller
bbed7e5478 honor safe_upgrade setting 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-11-14 16:14:56 +00:00
Andy Miller
0a7f9c0e4e regression fix for session/logout 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-11-14 15:40:09 +00:00
Andy Miller
dfc1875129 some fixes for new safe-upgrade 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-11-14 14:42:39 +00:00
Andy Miller
1dca097521 admin fixes for safe update 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-11-11 17:55:27 +00:00
Andy Miller
b568929d02 simplified safe-upgrade 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-11-10 11:40:01 +00:00
Andy Miller
9078633b73 fix for deprecation notice 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-10-29 09:26:34 +00:00
Andy Miller
00be4faee1 stop deleting recover.window file 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-10-19 20:34:16 -06:00
Andy Miller
e81ed34dd6 fix labels in snapshots 2025-10-18 19:10:42 -06:00
Andy Miller
419fcc3f13 create adhoc snapshot 2025-10-18 18:41:39 -06:00
Andy Miller
1e14c47d28 fixes for restore 2025-10-18 17:54:29 -06:00
Andy Miller
84cf62bc7b bg process for restore 2025-10-18 13:48:40 -06:00
Andy Miller
64bbed1312 Revert "minor tweaks" 
This reverts commit d437bd117a.
 2025-10-18 12:29:51 -06:00
Andy Miller
d437bd117a minor tweaks 2025-10-18 12:27:32 -06:00
Andy Miller
796c61e66d restore tool - but not curretly working 2025-10-18 12:04:25 -06:00
Andy Miller
c24c13716b extra attribute 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-10-17 18:23:17 -06:00
Andy Miller
92664e9fe9 progress check fix 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-10-17 18:19:22 -06:00
Andy Miller
48b4f3fd63 sync directory changes 2025-10-17 16:52:17 -06:00
Andy Miller
eac840a615 logic fixes 2025-10-17 16:17:09 -06:00
Andy Miller
4aedf58f78 smoother progress 2025-10-17 14:09:56 -06:00
Andy Miller
7e73ba9a61 more granular upgrade status 2025-10-17 12:31:43 -06:00
Andy Miller
fe42c3344d more fixes for installation process 2025-10-17 11:31:02 -06:00
Andy Miller
654c2bb9c4 more improvements to safe upgrade 2025-10-17 10:02:22 -06:00
Andy Miller
4a2b386b51 fix stuck progress at 80% - part deux 2025-10-16 21:28:43 -06:00
Andy Miller
f15d3a3bc6 missing package size 2025-10-16 20:57:46 -06:00
Andy Miller
099e6cddc6 more progress fixes 2025-10-16 19:56:59 -06:00
Andy Miller
8142b48558 ensure binaries are executable 2025-10-16 18:16:27 -06:00
Andy Miller
79c061a42b improvements to logging and command calling 2025-10-16 17:59:05 -06:00
Andy Miller
f08a32cf67 new and improve admin async upgrade process 2025-10-16 17:31:57 -06:00
Andy Miller
b23940fb10 yet more upgrade flow fixes 3 2025-10-16 15:47:33 -06:00
Andy Miller
6ff2c4576c more updates 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-10-16 13:49:53 -06:00
Andy Miller
a4e0c83160 safe upgrade progress 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-10-16 10:59:50 -06:00
Andy Miller
325764a304 improved login/session handling 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-09-15 12:02:55 -06:00
Andy Miller
aec62290d4 more scheduler improvements 
Signed-off-by: Andy Miller <rhuk@mac.com>
 2025-08-25 10:05:19 +01:00
Andy Miller
841ec861bd PHP 8.4 fixes - Implicitly nullable parameter declarations deprecated 2024-10-25 20:12:25 +01:00
Andy Miller
8cc7fb4393 use login’s site_host functionality 2024-05-06 12:38:46 +01:00
Andy Miller
d5eea54aca Revert "require new email status style" 
This reverts commit 4d87a391ad.
 2024-04-05 11:49:13 -06:00
Andy Miller
4d87a391ad require new email status style 2024-04-05 11:46:39 -06:00
Andy Miller
540482a487 update copyright date 2024-01-05 11:50:46 +00:00
Andy Miller
7ea0f78eb7 better fix 2023-05-11 11:40:18 -06:00
Andy Miller
3f37e2c350 rewrote this function to make it safer 2023-05-11 11:37:24 -06:00
Andy Miller
462d0121cb fixed another deprecation issue 2023-05-09 13:01:39 -06:00
Andy Miller
beef4420ca Fixes for SCSS compiler 2023-05-08 18:21:03 -06:00
Andy Miller
8fd500d381 missing Admin::$routes definition 2023-05-08 17:37:29 -06:00
Andy Miller
f32b6ff439 copyright dates 2023-01-02 11:17:40 -07:00
Andy Miller
97ab52df81 no longer reference SwiftException (deprecated) 2022-10-05 08:07:09 -06:00
Matias Griese
925dbf7cbf Fixed disabling/enabling plugin from the list breaking the plugin configuration 2022-02-07 11:55:14 +02:00