-
- In
Utils::isDangerousFunction
, handle double\\
in|map
twig filter to mitigate SSTI attack - Better handle empty email in
Validatoin::typeEmail()
- In
-
- Quick fix for
isDangerousFunction
when$name
was a closure #3727
- Quick fix for
-
- Added a new
system.languages.debug
option that adds a<span class="translate-debug"></span>
around strings translated with|t
. This can be styled by the theme as needed.
- Added a new
-
- More robust SSTI handling in
filter
,map
, andreduce
Twig filters and functions - Various SSTI improvements
Utils::isDangerousFunction()
- More robust SSTI handling in
-
- Fixed Twig
|map()
allowing code execution - Fixed Twig
|reduce()
allowing code execution
- Fixed Twig
-
- Added the ability to set a configurable 'key' for the Twig Cache Tag:
{% cache 'my-key' 600 %}
- Added the ability to set a configurable 'key' for the Twig Cache Tag:
-
- Fixed an issue with special characters in slug's would cause redirect loops
-
- Fixed certain UTF-8 characters breaking
Truncator
class #3716
- Fixed certain UTF-8 characters breaking
-
- Removed
FILTER_SANITIZE_STRING
input filter in favor ofhtmlspecialchars(strip_tags())
for PHP 8.2+ - Added
GRAV_SANITIZE_STRING
constant to replaceFILTER_SANITIZE_STRING
for PHP 8.2+ - Support non-deprecated style dynamic properties in
Parsedown
class viaParseDownGravTrait
for PHP 8.2+ - Modified
Truncator
to not use deprecatedmb_convert_encoding()
for PHP 8.2+ - Fixed passing null into
mb_strpos()
deprecated for PHP 8.2+ - Updated internal
TwigDeferredExtension
to be PHP 8.2+ compatible - Upgraded
getgrav/image
fork to take advantage of various PHP 8.2+ fixes - Use
UserGroupObject::groupNames
method in blueprints for PHP 8.2+ - Comment out
files-upload
deprecated message as this is not going to be removed - Added various public
Twig
class variables used by admin to address deprecated messages for PHP 8.2+ - Added
parse_url
to list of PHP functions supported in Twig Extension - Added support for dynamic functions in
Parsedown
to stop deprecation messages in PHP 8.2+
- Removed
-
- Reverted a reorganization of
account.yaml
that caused username to be disabled admin#2344
- Reverted a reorganization of
-
- Fix for overzealous modular page template rendering fix in 1.7.39 causing Feed plugin to break #3689
-
- Vendor library updates to latest versions
-
- Various PHP 8.2 fixes
- Fixed an issue with modular pages rendering thew wrong template when dynamically changing the page
- Fixed an issue with
email
validation that was failing on UTF-8 characters. Following best practices and now only check for@
and length. - Fixed PHPUnit tests to remove deprecation warnings
-
- New
onBeforeSessionStart()
event to be used to store data lost during session regeneration (e.g. login)
- New
-
- Vendor library updates to latest versions
- Updated
bin/composer.phar
to latest2.4.4
version #3627
-
- Don't fail hard if pages recurse with same path
- Github workflows security hardening #3624
-
- Fixed a bad return type #3630
-
- Added new
onPageHeaders()
event to allow for header modification as needed - Added a
system.pages.dirs
configuration option to allow for configurable paths, and multiple page paths - Added new
Pages::getSimplePagesHash
which is useful for caching pages specific data - Updated to latest vendor libraries
- Added new
-
- An attempt to workaround windows reading locked file issue getgrav/grav-plugin-admin#2299
- Force user index file to be updated to fix email addresses getgrav/grav-plugin-login#229
-
- Added
authorize-*@:
support for Flex blueprints, e.g.authorize-disabled@: not delete
disables the field if user does not have access to delete object - Added support for
flex-ignore@
to hide all the nested fields in the blueprint
- Added
-
- Fixed login with a capitalised email address when using old users getgrav/grav-plugin-login#229
-
- Added support for
multipart/form-data
content type in PUT and PATCH requests - Added support for object relationships
- Added variables
$environment
(string),$request
(PSR-7 ServerRequestInterface|null) and$uri
(PSR-7 Uri|null) to be used insetup.php
- Added support for
-
- Minor vendor updates
-
- Added back Yiddish to Language Codes #3336
- Ignore upcoming
media.json
file in media
-
- Regression: Fixed saving page with a new language causing cache corruption getgrav/grav-plugin-admin#2282
- Fixed a potential fatal error when using watermark in images
- Fixed
bin/grav install
command with arbitrary destination folder name - Fixed Twig
|filter()
allowing code execution - Fixed login and user search by email not being case-insensitive when using Flex Users
-
- When saving yaml and markdown, create also a cached version of the file and recompile it in opcache
-
- Fixed missing changes in yaml & markdown files if saved multiple times during the same second because of a caching issue
- Fixed XSS check not detecting onX events without quotes
- Fixed default collection ordering in pages admin
-
- Added
|replace_last(search, replace)
filter - Added
parseurl
Twig function to expose PHP'sparse_url
function
- Added
-
- Added multi-language support for page routes in
Utils::url()
- Set default maximum length for text fields
password
: 256email
: 320text
,url
,hidden
,commalist
: 2048text
(multiline),textarea
: 65536
- Added multi-language support for page routes in
-
- Fixed issue with
system.cache.gzip: true
resulted in "Fetch Failed" for PHP 8.0.17 and PHP 8.1.4 PHP issue #8218 - Fix for multi-lang issues with Security Report
- Fixed page search not working with selected language #3316
- Fixed issue with
-
- Added new local Multiavatar (local generation). This will be default in Grav 1.8
- Added support to get image size for SVG vector images #3533
- Added XSS check for uploaded SVG files before they get stored
- Fixed phpstan issues (All level 2, Framework level 5)
-
- Moved Accounts out of Experimental section of System configuration to new "Accounts" tab
-
- Fixed
'mbstring' extension is not loaded
error, use Polyfill instead #3504 - Fixed new
Utils::pathinfo()
andUtils::basename()
being too strict for legacy use #3542 - Fixed non-standard video html atributes generated by
{{ media.html() }}
#3540 - Fixed entity sanitization for XSS detection
- Fixed avatar save location when
account://
stream points to custom directory - Fixed bug in
Utils::url()
when path contains part of root
- Fixed
-
- Added twig filter
|field_parent
to get parent field name
- Added twig filter
-
- Fixed error while deleting retina image in admin
- Fixed "Page Authors" field in Security tab, wrongly loading and saving the value #3525
- Fixed accounts filter only matches against email address getgrav/grav-plugin-admin#2224
-
- Fixed
Call to undefined method
error when upgrading from Grav 1.6 #3523
- Fixed
-
- Added support for registering assets from
HtmlBlock
- Added unicode-safe
Utils::basename()
andUtils::pathinfo()
methods
- Added support for registering assets from
-
- Improved
Filesystem::basename()
andFilesystem::pathinfo()
to be unicode-safe - Made path handling unicode-safe, use new
Utils::basename()
andUtils::pathinfo()
everywhere
- Improved
-
- Fixed error on thumbnail image creation
- Fixed MimeType for
gzip
(application/x-gzip
)
-
- Added links and modules support to
HtmlBlock
class - Added module support for twig script tag:
{% script module 'theme://js/module.mjs' %}
- Added twig tag for links:
{% link icon 'theme://images/favicon.png' priority: 20 with { type: 'image/png' } %}
- Added
HtmlBlock
support for{% style %}
,{% script %}
and{% link %}
tags - Support for page-level
redirect_default_route
frontmatter header override
- Added links and modules support to
-
- Fixed XSS check not detecting escaped
:
- Fixed XSS check not detecting escaped
-
- Support for
YubiKey OTP
2-Factor authenticator - Added support for generic
assets.link()
for external references. No pipeline support - Added support for
assets.addJsModule()
with full pipeline support - Added
Utils::getExtensionsByMime()
method to get all the registered extensions for the specific mime type - Added
Media::getRoute()
andMedia::getRawRoute()
methods to get page route if available - Added
Medium::getAlternatives()
to be able to list all the retina sizes
- Support for
-
- Improved
Utils::download()
method to allow overrides on download name, mime and expires header - Improved
onPageFallBackUrl
event - Reorganized the Asset system configuration blueprint for clarity
- Improved
-
- Fixed CLI
--env
and--lang
options having no effect if they aren't added before all the other options - Fixed scaled image medium filename when using non-existing retina file
- Fixed an issue with JS
imports
and pipelining Assets
- Fixed CLI
-
- Made
Grav::redirect()
to acceptRoute
class - Added
translated()
method toPageTranslateInterface
- Added second parameter to
UserObject::isMyself()
method - Added
UserObject::$isAuthorizedCallable
to allow$user->isAuthorized()
customization - Use secure session cookies in HTTPS by default (
system.session.secure_https: true
) - Added new
Plugin::inheritedConfigOption()
function to access plugin specific functions for page overrides
- Made
-
- Upgraded vendor libs for PHP 8.1 compatibility
- Upgraded to composer v2.1.14 for PHP 8.1 compatibility
- Added third
$name
parameter toBlueprint::flattenData()
method, useful for flattening repeating data ControllerResponseTrait
: Redirect response should be json if the extension is .json- When symlinking Grav install, include also tests
- Updated copyright year to
2022
-
- Fixed bad key lookup in
FlexRelatedDirectoryTrait::getCollectionByProperty()
- Fixed RequestHandlers
NotFoundException
having empty request - Block
.json
files in web server configs - Disabled pretty debug info for Flex as it slows down Twig rendering
- Fixed Twig being very slow when template overrides do not exist
- Fixed
UserObject::$authorizeCallable
binding to the user object - Fixed
FlexIndex::call()
to return null instead of failing to call undefined method - Fixed Flex directory configuration creating environment configuration when it should not
- Fixed bad key lookup in
-
- Updated phpstan to v1.0
- Added
FlexObject::getDiff()
to see difference to the saved object
-
- Use Symfony
dump
instead of PHP'svardump
in side the{{ vardump(x) }}
Twig vardump function - Added
route
andrequest
toonPagesInitialized
event - Improved page cloning, added method
Page::initialize()
- Improved
FlexObject::getChanges()
: return changed lists and arrays as whole instead of just changed keys/values - Improved form validation JSON responses to contain list of failed fields with their error messages
- Improved redirects: send redirect response in JSON if the request was in JSON
- Use Symfony
-
- Fixed path traversal vulnerability when using
bin/grav server
- Fixed unescaped error messages in JSON error responses
- Fixed
|t(variable)
twig filter in admin - Fixed
FlexObject::getChanges()
always returning empty array - Fixed form validation exceptions to use
400 Bad Request
instead of500 Internal Server Error
- Fixed path traversal vulnerability when using
-
- Added support for image watermarks
- Added support to disable a form, making it readonly
-
- Flex
$user->authorize()
now checks user groups beforeadmin.super
, allowing deny rules to work properly
- Flex
-
- Fixed a bug in
PermissionsReader
in PHP 7.3 - Fixed
session_store_active
language option (#3464) - Fixed deprecated warnings on
ArrayAccess
in PHP 8.1 - Fixed XSS detection with
:
- Fixed a bug in
-
- Added method
Pages::referrerRoute()
to get the referrer route and language - Added true unique
Utils::uniqueId()
/{{ unique_id() }}
utilities with length, prefix, and suffix support - Added
UserObject::isMyself()
method to check if flex user is currently logged in - Added support for custom form field options validation with
validate: options: key|ignore
- Added method
-
- Replaced GPL
SVG-Sanitizer
with MIT licensedDOM-Sanitizer
Uri::referrer()
now accepts third parameter, if set totrue
, it returns route without base or language code #3411- Updated vendor libs with latest
- Updated with latest language strings via Crowdin.com
- Replaced GPL
-
- Fixed
Folder::move()
throwing an error when target folder is changed by only appending characters to the end #3445 - Fixed some phpstan issues (all code back to level 1, Framework level 3)
- Fixed form reset causing image uploads to fail when using Flex
- Fixed
-
- Register plugin autoloaders into plugin objects
-
- Improve Twig 2 compatibility
- Update to customized version of Twig DeferredExtension (Twig 1/2 compatible)
-
- Fixed conflicting
$_original
variable inFlex Pages
- Fixed conflicting
-
- Added
|yaml
filter to convert input to YAML - Added
route
andrequest
toonPageNotFound
event - Added file upload/remove support for
Flex Forms
- Added support for
flex-required@: not exists
andflex-required@: '!exists'
in blueprints - Added
$object->getOriginalData()
to get flex objects data before it was modified withupdate()
- Throwing exceptions from Twig templates fires
onDisplayErrorPage.[code]
event allowing better error pages
- Added
-
- Use a simplified text-based
cron
field for scheduler - Add timestamp to logging output of scheduler jobs to see when they ran
- Use a simplified text-based
-
- Include active form and request in
onPageTask
andonPageAction
events (defaults tonull
) - Added
UserObject::$authorizeCallable
to allow$user->authorize()
customization
- Include active form and request in
-
- Fixed
Warning: Undefined array key "SERVER_SOFTWARE" in index.php
#3408 - Fixed error in
loadDirectoryConfig()
if configuration hasn't been saved #3409 - Fixed GPM not using non-standard cache path #3410
- Fixed broken
environment://
stream when it doesn't have configuration - Fixed
Flex Object
missing key field value when usingFolderStorage
- Fixed broken Twig try tag when catch has not been defined or is empty
- Fixed
FlexForm
serialization - Fixed form validation for numeric values in PHP 8
- Fixed
flex-options@
in blueprints duplicating items in array - Fixed wrong form issue with flex objects after cache clear
- Fixed Flex object types not implementing
MediaInterface
- Fixed issue with
svgImageFunction()
that was causing broken output
- Fixed
-
- Added support for loading Flex Directory configuration from main configuration
- Move SVGs that cannot be sanitized to quarantine folder under
log://quarantine
- Added support for CloudFlare-forwarded client IP in the
URI::ip()
method
-
- Fixed error when using Flex
SimpleStorage
with no entries - Fixed page search to include slug field #3316
- Fixed Admin becoming unusable when GPM cannot be reached #3383
- Fixed
Failed to save entry: Forbidden
when moving a page to a visible page #3389 - Better support for Symfony local server on linux #3400
- Fixed
open_basedir()
error with some forms
- Fixed error when using Flex
-
- Interface
FlexDirectoryInterface
now extendsFlexAuthorizeInterface
- Interface
-
- Fixed missing styles when CSS/JS Pipeline is used and
asset://
folder is missing - Fixed permission check when moving a page #3382
- Fixed missing styles when CSS/JS Pipeline is used and
-
- Added 'addFrame()' method to ImageMedium #3323
-
- Set
cache.clear_images_by_default
tofalse
by default - Improve error on bad nested form data #3364
- Set
-
- Improve Plugin and Theme initialization to fix PHP8 bug #3368
- Fixed
pathinfo()
twig filter in PHP7 - Fixed the first visible child page getting ordering number
999999.
#3365 - Fixed flex pages search using only folder name #3316
- Fixed flex pages using wrong type in
onBlueprintCreated
event #3157 - Fixed wrong SRI paths invoked when Grav instance as a sub folder #3358
- Fixed SRI trying to calculate remote assets, only ever set integrity for local files. Use the SRI provided by the remote source and manually add it in the
addJs/addCss
call for remote support. #3358 - Fix for weird regex issue with latest PHP versions on Intel Macs causing params to not parse properly in URI object
-
- Allow optional start date in page collections #3350
- Added
page
andoutput
properties toonOutputGenerated
andonOutputRendered
events
-
- Fixed twig deprecated TwigFilter messages #3348
- Fixed fatal error with some markdown links getgrav/grav-premium-issues#95
- Fixed markdown media operations not working when using
image://
stream #3333 #3349 - Fixed copying page without changing the slug getgrav/grav-plugin-admin#2135
- Fixed missing and commonly used methods when using
system.twig.undefined_functions = false
getgrav/grav-plugin-admin#2138 - Fixed uploading images into Flex Object if field destination is not set
-
- Added
MediaUploadTrait::checkFileMetadata()
method
- Added
-
- Updating a theme should always keep the custom files getgrav/grav-plugin-admin#2135
-
- Fixed broken numeric language codes in Flex Pages #3332
- Fixed broken
exif_imagetype()
twig function
-
- Added support for getting translated collection of Flex Pages using
$collection->withTranslated('de')
- Added support for getting translated collection of Flex Pages using
-
- Moved
gregwar/Image
andgregwar/Cache
in-house to officialgetgrav/Image
andgetgrav/Cache
packagist packages. This will help environments with very strict proxy setups that don't allow VCS setup. #3289 - Improved XSS Invalid Protocol detection regex #3298
- Added support for user provided folder in Flex
$page->copy()
- Moved
-
- Added configuration options to allow PHP methods to be used in Twig functions (
system.twig.safe_functions
) and filters (system.twig.safe_filters
) - Deprecated using PHP methods in Twig without them being in the safe lists
- Prevent dangerous PHP methods from being used as Twig functions and filters
- Restrict filesystem Twig functions to accept only local filesystem and grav streams
- Added configuration options to allow PHP methods to be used in Twig functions (
-
- Better GPM detection of unauthorized installations
- IMPORTANT Fixed security vulnerability with Twig allowing dangerous PHP functions by default GHSA-g8r4-p96j-xfxc
- Fixed nxinx appending repeating
?_url=
in some redirects - Fixed deleting page with language code not removing the folder if it was the last language #3305
- Fixed fatal error when using markdown links with
image://
stream #3285 - Fixed
system.languages.session_store_active
not having any effect #3269 - Fixed fatal error if
system.pages.types
is not an array #2984
- Fixed nxinx appending repeating
-
- Added initial support for running Grav library from outside the webroot #3297
-
- Improved password handling when saving a user
-
- Ignore errors when using
set_time_limit
inArchiver
andGPM\Response
classes #3023 - Fixed
Folder::move()
deleting the folder if you move folder into itself, created empty file instead - Fixed moving
Flex Page
to itself causing the page to be lost #3227 - Fixed
PageStorage
from detecting files as pages - Fixed
UserIndex
not implementingUserCollectionInterface
- Fixed missing
onAdminAfterDelete
event call inFlex Pages
- Fixed system templates not getting scanned #3296
- Fixed incorrect routing if url path looks like a domain name #2184
- Ignore errors when using
-
- Added
Media::hide()
method to hide files from media - Added
Utils::getPathFromToken()
method which works also withFlex Objects
- Added
FlexMediaTrait::getMediaField()
, which can be used to access custom media set in the blueprint fields - Added
FlexMediaTrait::getFieldSettings()
, which can be used to get media field settings
- Added
-
- Method
Utils::getPagePathFromToken()
now calls the more genericUtils::getPathFromToken()
- Updated
SECURITY.md
to use security@getgrav.org
- Method
-
- Fixed broken media upload in
Flex
with@self/path
,@page
and@theme
destinations #3275 - Fixed media fields excluding newly deleted files before saving the object
- Fixed method
$pages->find()
should never redirect #3266 - Fixed
Page::activeChild()
throwing an error #3276 - Fixed
Flex Page
CRUD ACL when creating a new page (needs Flex Objects plugin update) grav-plugin-flex-objects#115 - Fixed the list of pages not showing up in admin #3280
- Fixed text field min/max validation for UTF8 characters #3281
- Fixed redirects using wrong redirect code
- Fixed broken media upload in
-
- Added
ControllerResponseTrait::createDownloadResponse()
method - Added full blueprint support to theme if you move existing files in
blueprints/
toblueprints/pages/
folder #3255 - Added support for
Theme::getFormFieldTypes()
just like in plugins
- Added
-
- Optimized
Flex Pages
for speed - Optimized saving visible/ordered pages when there are a lot of siblings #3231
- Clearing cache now deletes all clockwork files
- Improved
system.pages.redirect_default_route
andsystem.pages.redirect_trailing_slash
configuration options to accept redirect code
- Optimized
-
- Fixed clockwork error when clearing cache
- Fixed missing method
translated()
inFlex Pages
- Fixed missing
Flex Pages
in site if multi-language support has been enabled - Fixed Grav using blueprints and form fields from disabled plugins
- Fixed
FlexIndex::sortBy(['key' => 'ASC'])
having no effect - Fixed default Flex Pages collection ordering to order by filesystem path
- Fixed disappearing pages on save if
pages://
stream resolves to multiple folders where the preferred folder doesn't exist - Fixed Markdown image attribute
loading
#3251 - Fixed
Uri::isValidExtension()
returning false positives - Fixed
page.html
returning duplicated content withsystem.pages.redirect_default_route
turned on #3130 - Fixed site redirect with redirect code failing when redirecting to sub-pages #3035
- Fixed
Uncaught ValueError: Path cannot be empty
when failing to upload a file #3265 - Fixed
Path cannot be empty
when viewing non-existent log file #3270 - Fixed
onAdminSave
original page having empty header #3259
-
- Added
Utils::arrayToQueryParams()
to convert an array into query params
- Added
-
- Added original image support for all flex objects and media fields
- Improved
Pagination
class to allow custom pagination query parameter
-
- Fixed avatar of the user not being saved grav-plugin-flex-objects#111
- Replaced special space character with regular space in
system/blueprints/user/account_new.yaml
-
- Added abstract
FlexObject
,FlexCollection
andFlexIndex
classes to\Grav\Common\Flex
namespace (extend those instead of Framework or Generic classes) - Updated bundled
composer.phar
binary to latest version2.0.9
- Improved session fixation handling in PHP 7.4+ (cannot fix it in PHP 7.3 due to PHP bug)
- Added optional password/database attributes for redis in
system.yaml
- Added ability to filter enabled or disabled with bin/gpm index #3187
- Added
$grav->getVersion()
orgrav.version
in twig to get the current Grav version #3142 - Added second parameter to
$blueprint->flattenData()
to include every field, including those which have no data - Added support for setting session domain #2040
- Better support inheriting languages when using child themes #3226
- Added option for
FlexForm
constructor to reset the form
- Added abstract
-
- Fixed issue with
content-security-policy
not being properly supported withhttp-equiv
+ support single quotes - Fixed CLI progressbar in
backup
andsecurity
commands to use styled output #3198 - Fixed page save failing because of uploaded images #3191
- Fixed
Flex Pages
using only default language in frontend #106 - Fixed empty
route()
andraw_route()
when getting translated pages #3184 - Fixed error on
bin/gpm plugin uninstall
#3207 - Fixed broken min/max validation for field
type: int
- Fixed lowering uppercase characters in usernames when saving from frontend #2565
- Fixed save error when editing accounts that have been created with capital letters in their username #3211
- Fixed renaming flex objects key when using file storage
- Fixed wrong values in Admin pages list #3214
- Fixed pipelined asset using different hash when extra asset is added to before/after position #2781
- Fixed trailing slash redirect to only apply to GET/HEAD requests and use 301 status code #3127
- Fixed root page to always contain trailing slash #3127
- Fixed
<meta name="flattr:*" content="*">
to use name instead property #3010 - Fixed behavior of opposite filters in
Pages::getCollection()
to match Grav 1.6 #3216 - Fixed modular content with missing template file ending up using non-modular template #3218
- Fixed broken attachment image in Flex Objects Admin when
destination: self@
used #3225 - Fixed bug in page content with both markdown and twig enabled #3223
- Fixed issue with
-
- Revert: Fixed page save failing because of uploaded images #3191 - breaking save
-
- Added
FlexForm::setSubmitMethod()
to customize form submit action
- Added
-
- Improved GPM error handling
-
- Fixed
bin/gpm uninstall
script not working because of bad typehint #3172 - Fixed
login: visibility_requires_access
not working in pages #3176 - Fixed cannot change image format #3173
- Fixed saving page in expert mode #3174
- Fixed exception in
$flexPage->frontmatter()
method when setting value - Fixed
onBlueprintCreated
event being called multiple times inFlex Pages
grav-plugin-flex-objects#97 - Fixed wrong ordering in page collections if
intl
extension has been enabled #3167 - Fixed page redirect to the first visible child page (needs to be routable and published, too)
- Fixed untranslated module pages showing up in the menu
- Fixed page save failing because of uploaded images #3191
- Fixed incorrect config lookup for loading in
ImageLoadingTrait
#3192
- Fixed
-
- IMPORTANT - Please checkout the process to
self-upgrade
from CLI if you are on Grav 1.7.0 or 1.7.1 - Added support for symlinking individual plugins and themes by using
bin/grav install -p myplugin
or-t mytheme
- Added support for symlinking plugins and themes with
hebe.json
file to support custom folder structures - Added support for running post-install scripts in
bin/gpm selfupgrade
if Grav was updated manually
- IMPORTANT - Please checkout the process to
-
- Fixed default GPM Channel back to 'stable' - this was inadvertently left as 'testing' #3163
- Fixed broken stream initialization if
environment://
paths aren't streams - Fixed Clockwork debugger in sub-folder multi-site setups
- Fixed
Unsupported option "curl" passed to "Symfony\Component\HttpClient\CurlHttpClient"
inbin/gpm selfupgrade
#3165
-
- Fixed fatal error when
site.taxonomies
contains a bad value - Sanitize valid Page extensions from
Page::template_format()
- Fixed
bin/gpm index
erroring out #3158 - Fixed
bin/gpm selfupgrade
failing to report failed Grav update #3116 - Fixed
bin/gpm selfupgrade
error onCall to undefined method
#3160 - Flex Pages: Fixed fatal error when trying to move a page to Root (/) #3161
- Fixed twig parsing errors in pages where twig is parsed after markdown #3162
- Fixed
lighttpd.conf
access-deny rule #1876 - Fixed page metadata being double-escaped #3121
- Fixed fatal error when
-
- Requires PHP 7.3.6
- Read about this release in the Grav 1.7 Released blog post
- Read the full list of all changes in the Changelog on GitHub
- Please read Grav 1.7 Upgrade Guide before upgrading!
- Added support for overriding configuration by using environment variables
- Use PHP 7.4 serialization (the old
Serializable
methods are now final and cannot be overridden) - Enabled
ETag
setting by default for 304 responses - Added
FlexCollection::getDistinctValues()
to get all the assigned values from the field Flex Pages
method$page->header()
returns\Grav\Common\Page\Header
object, oldPage
class still returnsstdClass
-
- Make it possible to use an absolute path when loading a blueprint
- Make serialize methods final in
ContentBlock
,AbstractFile
,FormTrait
,ObjectCollectionTrait
andObjectTrait
- Added support for relative paths in
PageObject::getLevelListing()
#3110 - Better
--env
and--lang
support forbin/grav
,bin/gpm
andbin/plugin
console commands- BC BREAK Shorthand for
--env
:-e
will not work anymore as it conflicts with some plugins
- BC BREAK Shorthand for
- Added support for locking the
start
andlimit
in a Page Collection
-
- Fixed port issue with
system.custom_base_url
- Hide errors with
exif_read_data
inImageFile
- Fixed unserialize in
MarkdownFormatter
andFramework\File
classes - Fixed pages with session messages should never be cached #3108
- Fixed
Filesystem::normalize()
with dot-dot paths - Fixed Flex sorting issues grav-plugin-flex-objects#92
- Fixed Clockwork missing dumped arrays and objects
- Fixed fatal error in PHP 8 when trying to access root page
- Fixed Array->String conversion error when
languages:translations: false
admin#1896 - Fixed
Inflector
methods when translation is missingGRAV.INFLECTOR_*
translations - Fixed exception when changing parent of new page grav-plugin-admin#2018
- Fixed ordering issue with moving pages grav-plugin-admin#2015
- Fixed Flex Pages cache not invalidating if saving an old
Page
object #3152 - Fixed multiple issues with
system.language.translations: false
- Fixed page collections containing dummy items for untranslated default language #2985
- Fixed streams in
setup.php
being overridden bysystem/streams.yaml
#2450 - Fixed
ERR_TOO_MANY_REDIRECTS
with HTTPS = 'On' #3155 - Fixed page collection pagination not behaving as it did in Grav 1.6
- Fixed port issue with
-
- Update phpstan to version 0.12
- Auto-Escape enabled by default. Manually enable Twig Compatibility and disable Auto-Escape to use the old setting.
- Updated unit tests to use codeception 4.1
- Added support for setting
GRAV_ENVIRONMENT
by using environment variable or a constant - Added support for setting
GRAV_SETUP_PATH
by using environment variable (constant already worked) - Added support for setting
GRAV_ENVIRONMENTS_PATH
by using environment variable or a constant - Added support for setting
GRAV_ENVIRONMENT_PATH
by using environment variable or a constant
-
- Improved
bin/grav install
command
- Improved
-
- Fixed potential error when upgrading Grav
- Fixed broken list in
bin/gpm index
#3092 - Fixed CLI/GPM command failures returning 0 (success) value #3017
- Fixed unimplemented
PageObject::getOriginal()
call #3098 - Fixed
Argument 1 passed to Grav\Common\User\DataUser\User::filterUsername() must be of the type string
#3101 - Fixed broken check if php exif module is enabled in
ImageFile::fixOrientation()
- Fixed
StaticResizeTrait::resize()
bad image height/width attributes ifnull
values are passed to the method - Fixed twig script/style tag
{% script 'file.js' at 'bottom' %}
, replaces brokenin
operator #3084 - Fixed dropped query params when
?
is preceded with/
#2964
-
- Set minimum requirements to PHP 7.3.6
- Updated Clockwork to v5.0
- Added
FlexDirectoryInterface
interface - Renamed
PageCollectionInterface::nonModular()
intoPageCollectionInterface::pages()
and deprecated the old method - Renamed
PageCollectionInterface::modular()
intoPageCollectionInterface::modules()
and deprecated the old method' - Upgraded
bin/composer.phar
to2.0.2
which is all new and much faster - Added search option
same_as
to Flex Objects - Added PHP 8 compatible
function_exists()
:Utils::functionExists()
- New sites have
compatibility
features turned off by default, upgrading from older versions will keep the settings on
-
- Updated bundled JQuery to latest version
3.5.1
- Forward a
sid
to GPM when downloading a premium package via CLI - Allow
JsonFormatter
options to be passed as a string - Hide Flex Pages frontend configuration (not ready for production use)
- Improve Flex configuration: gather views together in blueprint
- Added XSS detection to all forms. See documentation
- Better handling of missing repository index grav-plugin-admin#1916
- Added support for having all sites / environments under
user/env
folder #3072 - Added
FlexObject::refresh()
method to make sure object is up to date
- Updated bundled JQuery to latest version
-
- Menu Visibility Requires Access Security option setting wrong frontmatter login#265
- Accessing page with unsupported file extension (jpg, pdf, xsl) will use wrong mime type #3031
- Fixed media crashing on a bad image
- Fixed bug in collections where filter
type: false
did not work - Fixed
print_r()
in twig - Fixed sorting by groups in
Flex Users
- Changing
Flex Page
template causes the other language versions of that page to lose their content admin#1958 - Fixed plugins getting initialized multiple times (by CLI commands for example)
- Fixed
header.admin.children_display_order
in Flex Pages to work just like with regular pages - Fixed
Utils::isFunctionDisabled()
method if there are spaces indisable_functions
#3023 - Fixed potential fatal error when creating flex index using cache #3062
- Fixed fatal error in
CompiledFile
if the cached version is broken - Fixed updated media missing from media when editing Flex Object after page reload
- Fixed issue with
config-default@
breaking on set #1972 - Escape titles in Flex pages list flex-objects#84
- Fixed Purge successful message only working in Scheduler but broken in CLI and Admin #1935
- Fixed
system://
stream is causing issues in Admin, making Media tab to disappear and possibly causing other issues #3072 - Fixed CLI self-upgrade from Grav 1.6 #3079
- Fixed
bin/grav yamllinter -a
and-f
not following symlinks #3080 - Fixed
|safe_email
filter to return safe and escaped UTF-8 HTML #3072 - Fixed exception in CLI GPM and backup commands when
php-zip
is not enabled #3075 - Fix for XSS advisory GHSA-cvmr-6428-87w9
- Fixed Flex and Page ordering to be natural and case insensitive flex-objects#87
- Fixed plugin/theme priority ordering to be numeric
-
- Added a
Uri::getAllHeaders()
compatibility function
- Added a
-
- Fall back through various templates scenarios if they don't exist in theme to avoid unhelpful error.
- Added default templates for
external.html.twig
,default.html.twig
, andmodular.html.twig
- Improve Media classes
- POTENTIAL BREAKING CHANGE: Added reload argument to
FlexStorageInterface::getMetaData()
-
- Fixed
Security::sanitizeSVG()
creating an empty file if SVG file cannot be parsed - Fixed infinite loop in blueprints with
extend@
to a parent stream - Added missing
Stream::create()
method - Added missing
onBlueprintCreated
event for Flex Pages - Fixed
onBlueprintCreated
firing multiple times recursively - Fixed media upload failing with custom folders
- Fixed
unset()
inObjectProperty
class - Fixed
FlexObject::freeMedia()
method causing media to become null - Fixed bug in
Flex Form
making it impossible to set nested values - Fixed
Flex User
avatar when using folder storage, also allow multiple images - Fixed Referer reference during GPM calls.
- Fixed fatal error with toggled lists
- Fixed
-
- Added a new
svg_image()
twig function to make it easier to 'include' SVG source in Twig - Added a helper
Utils::fullPath()
to get the full path to a file be it stream, relative, etc.
- Added a new
-
- Added
themes
to cached blueprints and configuration
- Added
-
- Fixed
Flex Pages
issue withgetRoute()
returning path with language prefix for default language if set not to do that - Fixed
Flex Pages
bug where reordering pages causes page content to disappear if default language uses wrong extension (.md
vs.en.md
) - Fixed
Flex Pages
bug whereonAdminSave
passes page as$event['page']
instead of$event['object']
#2995 - Fixed
Flex Pages
bug where changing a modular page template added duplicate file admin#1899 - Fixed
Flex Pages
bug where renaming slug causes bad ordering range after save #2997
- Fixed
-
- Added ability to
noprocess
specific items only in Link/Image Excerpts, e.g.http://foo.com/page?id=foo&target=_blank&noprocess=id
#2954
- Added ability to
-
- Regression: Default language fix broke
Language::getLanguageURLPrefix()
andLanguage::isIncludeDefaultLanguage()
methods when not using multi-language - Reverted
Language::getDefault()
andLanguage::getLanguage()
to return false again because of plugin compatibility (updated docblocks) - Fixed UTF-8 issue in
Excerpts::getExcerptsFromHtml
- Fixed some compatibility issues with recent Changes to
Assets
handling - Fixed issue with
CSS_IMPORTS_REGEX
breaking with complex URLs #2958 - Moved duplicated
CSS_IMPORT_REGEX
to local variable inAssetUtilsTrait::moveImports()
- Fixed page media only accepting images #2943
- Regression: Default language fix broke
-
- Added support for uploading and deleting images directly in
Media
- Added new
onAfterCacheClear
event
- Added support for uploading and deleting images directly in
-
- Improved
CvsFormatter
to attempt to encode non-scalar variables into JSON before giving up - Moved image loading into its own trait to be used by images+static images
- Adjusted asset types to enable extension of assets in class #2937
- Composer update for vendor library updates
- Updated bundled
composer.phar
to2.0.0-dev
- Improved
-
- Fixed
MediaUploadTrait::copyUploadedFile()
not adding uploaded media to the collection - Fixed regression in saving media to a new Flex Object admin#1867
- Fixed
Trying to get property 'username' of non-object
error in Flex flex-objects#62 - Fixed retina images not working in Flex flex-objects#64
- Fixed plugin initialization in CLI
- Fixed broken logic in
Page::topParent()
when dealing with first-level pages - Fixed broken
Flex Page
authorization for groups - Fixed missing
onAdminSave
andonAdminAfterSave
events when usingFlex Pages
andFlex Users
flex-objects#58 - Fixed new
User Group
allowing bad group name to be saved admin#1917 - Fixed
Language::getDefault()
returning false and not 'en' - Fixed non-text links in
Excerpts::getExcerptFromHtml
- Fixed CLI commands not properly intializing Plugins so events can fire
- Fixed
-
- Changed
Folder::hasChildren
toFolder::countChildren
- Added
Content Editor
option to user account blueprint
- Changed
-
- Fixed new
Flex Page
not having correct form fields for the page type - Fixed new
Flex User
erroring out on save (thanks @mikebi42) - Fixed
Flex Object
request cache clear when saving object - Fixed blueprint value filtering in lists #2923
- Fixed blueprint for
system.pages.hide_empty_folders
#1925 - Fixed file field in
Flex Objects
(useGrav\Common\Flex\Types\GenericObject
instead ofFlexObject
) flex-objects#37 - Fixed saving nested file fields in
Flex Objects
flex-objects#34 - JSON Route of homepage with no ‘route’ set is valid form#425
- Fixed new
-
- Added support for native
loading=lazy
attributes on images. Can be set insystem.images.defaults
or per md image with?loading=lazy
#2910
- Added support for native
-
- Added
PageCollection::all()
to mimic Pages class - Added system configuration support for
HTTP_X_Forwarded
headers (host disabled by default) - Updated
PHPUserAgentParser
to 1.0.0 - Improved docblocks
- Fixed some phpstan issues
- Tighten vendor requirements
- Added
-
- Fix for uppercase image extensions
- Fix for
&
errors in HTML when passed toExcerpts.php
-
- Changed
Response::get()
used by GPM/Admin to use Symfony HttpClient v4.4 (composer install --nodev
required for Git installations) - Added new
Excerpts::processLinkHtml()
method
- Changed
-
- Fixed
Flex Pages
admin with PHPintl
extension enabled when using custom page order - Fixed saving non-numeric-prefix
Flex Page
changing to numeric-prefix flex-objects#56 - Copying
Flex Page
in admin does nothing flex-objects#55 - Force GPM progress to be between 0-100%
- Fixed
-
- Support for
webp
image format in Page Media #1168 - Added
Route::getBase()
method
- Support for
-
- Support symlinks when saving
File
- Support symlinks when saving
-
- Fixed flex objects with integer keys not working #2863
- Fixed
Pages::instances()
returning null values when usingFlex Pages
#2889 - Fixed Flex Page parent
header.admin.children_display_order
setting being ignored in Admin #2881 - Implemented missing Flex
$pageCollection->batch()
and$pageCollection->order()
methods - Fixed user avatar creation for new
Flex Users
when using folder storage - Fixed
Trying to access array offset on value of type null
PHP 7.4 error inPlugin.php
- Fixed Gregwar Image library using
.jpeg
for cached images, rather use.jpg
- Fixed
Flex Pages
with00.home
page not having ordering set - Fixed
Flex Pages
not updating empty content on save #2890 - Fixed creating new Flex User with file storage
- Fixed saving new
Flex Object
with custom key - Fixed broken
Plugin::config()
method
-
- Added
MediaTrait::freeMedia()
method to free media (and memory) - Added
Folder::hasChildren()
method to determine if a folder has child folders
- Added
-
- Save memory when updating large flex indexes
- Better
Content-Encoding
handling in Apache when content compression is disabled #2619
-
- Fixed creating new
Flex User
when folder storage has been selected - Fixed some bugs in Flex root page methods
- Fixed bad default redirect code in
ControllerResponseTrait::createRedirectResponse()
- Fixed issue with PHP
HTTP_X_HTTP_METHOD_OVERRIDE
#2847 - Fixed numeric usernames not working in
Flex Users
- Implemented missing Flex
$page->move()
method
- Fixed creating new
-
- Added
Session::regenerateId()
method to properly prevent session fixation issues - Added configuration option
system.strict_mode.blueprint_compat
to maintain oldvalidation: strict
behavior #1273
- Added
-
- Improved Flex events
- Updated CLI commands to use the new methods to initialize Grav
-
- Fixed Flex Pages having broken
isFirst()
,isLast()
,prevSibling()
,nextSibling()
andadjacentSibling()
- Fixed broken ordering sometimes when saving/moving visible
Flex Page
#2837 - Fixed ordering being lost when saving modular
Flex Page
- Fixed
validation: strict
not working in blueprints (seesystem.strict_mode.blueprint_compat
setting) #1273 - Fixed
Blueprint::extend()
andBlueprint::embed()
not initializing dynamic properties - Fixed fatal error on storing flex flash using new object without a key
- Regression: Fixed unchecking toggleable having no effect in Flex forms
- Fixed changing page template in Flex Pages #2828
- Fixed Flex Pages having broken
-
- Plugins & Themes: Call
$plugin->autoload()
and$theme->autoload()
automatically when object gets initialized - CLI: Added
$grav->initializeCli()
method - Flex Directory: Implemented customizable configuration
- Flex Storages: Added support for renaming directory entries
- Plugins & Themes: Call
-
- Vendor updates to latest
-
- Regression: Fixed fatal error in blueprints #2811
- Regression: Fixed bad method call in FlexDirectory::getAuthorizeRule()
- Regression: Fixed fatal error in admin if the site has custom permissions in
onAdminRegisterPermissions
- Regression: Fixed flex user index with folder storage
- Regression: Fixed fatal error in
bin/plugin
command - Fixed
FlexObject::triggerEvent()
not emitting events #2816 - Grav 1.7: Fixed saving Flex configuration with ignored values becoming null
- Grav 1.7: Fixed
bin/plugin
initialization - Grav 1.7: Fixed Flex Page cache key not taking account active language
-
- Regression: Flex not working in PHP 7.2 or older
- Fixed creating first user from admin not clearing Flex User directory cache #2809
- Fixed Flex Pages allowing root page to be deleted
-
- POTENTIAL BREAKING CHANGE: Upgraded Parsedown to 1.7 for Parsedown-Extra 0.8. Plugins that extend Parsedown may need a fix to render as HTML
- Added
$grav['flex']
to access all registered Flex Directories - Added
$grav->dispatchEvent()
method for PSR-14 events - Added
FlexRegisterEvent
which triggers when$grav['flex']
is being accessed the first time - Added Flex cache configuration options
- Added
PluginsLoadedEvent
which triggers after plugins have been loaded but not yet initialized - Added
SessionStartEvent
which triggers when session is started - Added
PermissionsRegisterEvent
which triggers when$grav['permissions']
is being accessed the first time - Added support for Flex Directory specific configuration
- Added support for more advanced ACL
- Added
flatten_array
filter to form field validation - Added support for
security@: or: [admin.super, admin.pages]
in blueprints (nested AND/OR mode support)
-
- Blueprint validation: Added
validate: value_type: bool|int|float|string|trim
toarray
to filter all the values inside the array - Twig
url()
takes now third parameter (true
) to return URL on non-existing file instead of returning false
- Blueprint validation: Added
-
- Grav 1.7: Fixed blueprint loading issues #2782
- Fixed PHP 7.4 compatibility issue with
Stream
- Fixed new
Flex Users
being stored with wrong filename, login issues #2785 - Fixed
ignore_empty: true
not removing empty values in blueprint filtering - Fixed
{{ false|string }}
twig to return '0' instead of '' - Fixed twig
url()
failing if stream has extra slash in it (e.g.user:///data
) - Fixed
Blueprint::filter()
returning null instead of array if there is nothing to return - Fixed
Cannot use a scalar value as an array
error inUtils::arrayUnflattenDotNotation()
, ignore nested structure instead - Fixed
Route
instance in multi-site setups - Fixed
system.translations: false
breakingInflector
methods - Fixed filtering ignored (eg.
security@: admin.super
) fields causingFlex Objects
to lose data on save - Grav 1.7: Fixed
Flex Pages
unserialize issues if Flex-Objects Plugin has not been installed - Grav 1.7: Require Flex-Objects Plugin to edit Flex Accounts
- Grav 1.7: Fixed bad result on testing
isPage()
when using Flex Pages
-
- Added root page support for
Flex Pages
- Added root page support for
-
- Twig filter
|yaml_serialize
: added support forJsonSerializable
objects and other array-like objects - Added support for returning Flex Page specific permissions for admin and testing
- Updated copyright dates to
2020
- Various vendor updates
- Twig filter
-
- Updated Symfony Components to 4.4
- Added support for page specific CRUD permissions (
Flex Pages
only) - Added new
-r <job-id>
option for Scheduler CLI command to force-run a job #2720 - Added
Utils::isAssoc()
andUtils::isNegative()
helper methods - Changed
UserInterface::authorize()
to returnnull
having the same meaning asfalse
if access is denied because of no matching rule - Changed
FlexAuthorizeInterface::isAuthorized()
to returnnull
having the same meaning asfalse
if access is denied because of no matching rule - Moved all Flex type classes under
Grav\Common\Flex
- DEPRECATED
Grav\Common\User\Group
in favor of$grav['user_groups']
, which contains Flex UserGroup collection - DEPRECATED
$page->modular()
in favor of$page->isModule()
for better readability - Fixed phpstan issues in all code up to level 3
-
- Improved twig
|array
filter to work with iterators and objects withtoArray()
method - Updated Flex
SimpleStorage
code to feature match the other storages - Improved user and group ACL to support deny permissions (
Flex Users
only) - Improved twig
authorize()
function to work better with nested rule parameters - Output the current username that Scheduler is using if crontab not setup
- Translations: rename MODULAR to MODULE everywhere
- Optimized
Flex Pages
collection filtering - Frontend optimizations for
Flex Pages
- Improved twig
-
- Regression: Fixed Grav update bug #2722
- Fixed fatal error when calling
{{ grav.undefined }}
- Grav 1.7: Reverted
$object->getStorageKey()
interface as it was not a good idea, addedgetMasterKey()
for pages - Grav 1.7: Fixed logged in user being able to delete his own account from admin account manager
-
- Added
Flex Pages
to Grav core and removed Flex Objects plugin dependency - Added
Utils::simpleTemplate()
method for very simple variable templating - Added
array_diff()
twig function - Added
template_from_string()
twig function - Updated Symfony Components to 4.3
- Added
-
- Improved
Scheduler
cron command check and more useful CLI information - Improved
Flex Users
: obey blueprints and allow Flex to be used in admin only - Improved
Flex
to support custom site template paths - Changed Twig
{% cache %}
tag to not need unique key, andlifetime
is now optional - Added mime support for file formatters
- Updated built-in
composer.phar
to latest1.9.0
- Updated vendor libraries
- Use
Symfony EventDispatcher
directly and not rockettheme/toolbox wrapper
- Improved
-
- Fixed exception caused by missing template type based on
Accept:
header #2705 - Fixed
Page::untranslatedLanguages()
not being symmetrical toPage::translatedLanguages()
- Fixed
Flex Pages
not callingonPageProcessed
event when cached - Fixed phpstan issues in Framework up to level 7
- Fixed issue with duplicate configuration settings in Flex Directory
- Fixed fatal error if there are numeric folders in
Flex Pages
- Fixed error on missing
Flex
templates in ifFlex Objects
plugin isn't installed - Fixed
PageTranslateTrait::getAllLanguages()
andgetAllLanguages()
to include default language - Fixed multi-language saving issues with default language in
Flex Pages
- Selfupgrade CLI: Fixed broken selfupgrade assets reference #2681
- Grav 1.7: Fixed PHP 7.1 compatibility issues
- Grav 1.7: Fixed fatal error in multi-site setups
- Grav 1.7: Fixed
Flex Pages
routing if using translated slugs orsystem.hide_in_urls
setting - Grav 1.7: Fixed bug where Flex index file couldn't be disabled
- Fixed exception caused by missing template type based on
-
- Flex: Removed extra exists check when creating object (messes up "non-existing" pages)
- Support customizable null character replacement in
CSVFormatter::decode()
-
- Fixed wrong Grav param separator when using
Route
class - Fixed Flex User Avatar not fully backwards compatible with old user
- Grav 1.7: Fixed prev/next page missing pages if pagination was turned on in page header
- Grav 1.7: Reverted setting language for every page during initialization
- Grav 1.7: Fixed numeric language inconsistencies
- Fixed wrong Grav param separator when using
-
- Added a new
{% cache %}
Twig tag eliminating need fortwigcache
extension.
- Added a new
-
- Improved blueprint initialization in Flex Objects (fixes content aware fields)
- Improved Flex FolderStorage class to better hide storage specific logic
- Exception will output a badly formatted line in
CsvFormatter::decode()
-
- Fixed error when activating Flex Accounts in GRAV system configuration (PHP 7.1)
- Fixed Grav parameter handling in
RouteFactory::createFromString()
-
- Added new
Security::sanitizeSVG()
function - Backwards compatibility break:
FlexStorageInterface::getStoragePath()
andgetMediaPath()
can now return null
- Added new
-
- Several FlexObject loading improvements
- Added
bin/grav page-system-validator [-r|--record] [-c|--check]
to test Flex Pages - Improved language support for
Route
class
-
- Regression: Fixed language fallback
- Regression: Fixed translations when language code is used for non-language purposes
- Regression: Allow SVG avatar images for users
- Fixed error in
Session::getFlashObject()
if Flex Form is being used - Fixed broken Twig
dump()
- Fixed
Page::modular()
andPage::modularTwig()
returningnull
for folders and other non-initialized pages - Fixed 404 error when you click to non-routable menu item with children: redirect to the first child instead
- Fixed wrong
Pages::dispatch()
calls (with redirect) when we really meant to callPages::find()
- Fixed avatars not being displayed with flex users #2431
- Fixed initial Flex Object state when creating a new objects in a form
-
- Added experimental support for
Flex Pages
(Flex Objects plugin required)
- Added experimental support for
-
- Improved
bin/grav yamllinter
CLI command by adding an option to find YAML Linting issues from the whole site or custom folder - Added support for not instantiating pages, useful to speed up tasks
- Greatly improved speed of loading Flex collections
- Improved
-
- Fixed
$page->summary()
always striping HTML tags if the summary was set by$page->setSummary()
- Fixed
Flex->getObject()
when using Flex Key - Grav 1.7: Fixed enabling PHP Debug Bar causes fatal error in Gantry #2634
- Grav 1.7: Fixed broken taxonomies #2633
- Grav 1.7: Fixed unpublished blog posts being displayed on the front-end #2650
- Fixed
-
- Added a new
bin/grav server
CLI command to easily run Symfony or PHP built-in webservers - Added
hasFlexFeature()
method to test ifFlexObject
orFlexCollection
implements a given feature - Added
getFlexFeatures()
method to return all features thatFlexObject
orFlexCollection
implements - DEPRECATED
FlexDirectory::update()
andFlexDirectory::remove()
- Added
FlexStorage::getMetaData()
to get updated object meta information for listed keys - Added
Language::getPageExtensions()
to get full list of supported page language extensions - Added
$grav->close()
method to properly terminate the request with a response - Added
Pages::getCollection()
method
- Added a new
-
- Better support for Symfony local server
symfony server:start
- Make
Route
objects immutable FlexDirectory::getObject()
can now be called without any parameters to create a new object- Flex objects no longer return temporary key if they do not have one; empty key is returned instead
- Updated vendor libraries
- Moved
collection()
andevaluate()
logic fromPage
class intoPages
class
- Better support for Symfony local server
-
- Fixed
Form
not to use deleted flash object until the end of the request fixing issues with reset - Fixed
FlexForm
to allow multiple form instances with non-existing objects - Fixed
FlexObject
search by usingkey
- Grav 1.7: Fixed clockwork messages with arrays and objects
- Fixed
-
- Updated with Grav 1.6.12 features, improvements & fixes
- Added new configuration option
system.debugger.censored
to hide potentially sensitive information - Added new configuration option
system.languages.include_default_lang_file_extension
to keep default language in.md
files if set tofalse
- Added configuration option to set fallback content languages individually for every language
-
- Updated Vendor libraries
-
- Fixed
.md
page to be assigned to the default language and to be listed in translated/untranslated page list - Fixed
Language::getFallbackPageExtensions()
to fall back only to default language instead of going through all languages - Fixed
Language::getFallbackPageExtensions()
returning wrong file extensions when passing custom page extension
- Fixed
-
- Fixed Clockwork on Windows machines
- Fixed parent field issues on Windows machines
- Fixed unreliable Clockwork calls in sub-folders
-
- Added support for Clockwork developer tools (now default debugger)
- Added support for Tideways XHProf PHP Extension for profiling method calls
- Added Twig profiling for Clockwork debugger
- Added support for Twig 2.11 (compatible with Twig 1.40+)
- Optimization: Initialize debugbar only after the configuration has been loaded
- Optimization: Combine some early Grav processors into a single one
-
- Fixed
pages
field escaping issues, needs admin update, too admin#1990 - Fix
svg-image
issue with classes applied to all elements #3068
- Fixed
-
- Rollback
samesite
cookie logic as it causes issues with PHP < 7.3 #309 - Fixed issue with
.travis.yml
due to GitHub API deprecated functionality
- Rollback
-
- Added basic support for
user/config/versions.yaml
- Added basic support for
-
- Updated bundled JQuery to latest version
3.5.1
- Forward a
sid
to GPM when downloading a premium package via CLI - Better handling of missing repository index grav-plugin-admin#1916
- Set
grav_cli
as referrer when usingResponse
from CLI - Add option for timeout in
self-upgrade
command #3013 - Allow to set SameSite from system.yaml #3063
- Update media.yaml with some MS Office mimetypes #3070
- Updated bundled JQuery to latest version
-
- Fixed hardcoded system folder in blueprints, config and language streams
- Added
.htaccess
rule to block attempts to use Twig in the request URL - Fix compatibility with Symfony 4.2 and up. #3048
- Fix failing example custom shceduled job. #3050
- Fix for XSS advisory GHSA-cvmr-6428-87w9
- Fix uploads_dangerous_extensions checking #3060
- Remove redundant prefixing of
.
to extension #3060 - Check exact extension in checkFilename utility #3061
-
- Back-ported twig
{% cache %}
tag from Grav 1.7 - Back-ported
Utils::fullPath()
helper function from Grav 1.7 - Back-ported
{{ svg_image() }}
Twig function from Grav 1.7 - Back-ported
Folder::countChildren()
function from Grav 1.7
- Back-ported twig
-
- Use new
{{ theme_var() }}
enhanced logic from Grav 1.7 - Improved
Excerpts
class with fixes and functionality from Grav 1.7 - Ensure
onBlueprintCreated()
is initialized first - Do not cache default
404
error page - Composer update of vendor libraries
- Switched
Caddyfile
to use new Caddy2 syntax + improved usability
- Use new
-
- Fixed Referer reference during GPM calls.
- Fixed fatal error with toggled lists
-
- Added new configuration option to control the supported attributes in markdown links #2882
-
- Added system configuration support for
HTTP_X_Forwarded
headers (host disabled by default) - Updated
PHPUserAgentParser
to 1.0.0 - Bump
Go
to version 1.13 intravis.yaml
- Added system configuration support for
-
- Added support for
X-Forwarded-Host
#2891 - Disable XDebug in Travis builds
- Added support for
-
- Moved
Parsedown
1.6 andParsedownExtra
0.7 intoGrav\Framework\Parsedown
to allow fixes - Added
aliases.php
with references to direct\Parsedown
and\ParsedownExtra
references
- Moved
-
- Upgraded
jQuery
to latest 3.4.1 version #2859
- Upgraded
-
- Fixed PHP 7.4 issue in ParsedownExtra #2832
- Fix for user reported CVE path-based open redirect
- Fix for
stream_set_option
error with PHP 7.4 via Toolbox#28 #2850
-
- Added
Pages::reset()
method
- Added
-
- Updated Negotiation library to address issues #2513
-
- Fixed issue with search plugins not being able to switch between page translations
- Fixed issues with
Pages::baseRoute()
not picking up active language reliably - Reverted
validation: strict
fix as it breaks sites, see #1273
-
- Added
ConsoleCommand::setLanguage()
method to set language to be used from CLI - Added
ConsoleCommand::initializeGrav()
method to properly set up Grav instance to be used from CLI - Added
ConsoleCommand::initializePlugins()
method to properly set up all plugins to be used from CLI - Added
ConsoleCommand::initializeThemes()
method to properly set up current theme to be used from CLI - Added
ConsoleCommand::initializePages()
method to properly set up pages to be used from CLI
- Added
-
- Vendor updates
-
- Fixed
bin/plugin
CLI calling$themes->init()
way too early (removed it, use above methods instead) - Fixed call to
$grav['page']
crashing CLI - Fixed encoding problems when PHP INI setting
default_charset
is notutf-8
#2154
- Fixed
-
- Fixed incorrect routing caused by
str_replace()
inUri::init()
#2754 - Fixed session cookie is being set twice in the HTTP header #2745
- Fixed session not restarting if user was invalid (downgrading from Grav 1.7)
- Fixed filesystem iterator calls with non-existing folders
- Fixed
checkbox
field not being saved, requires also Form v4.0.2 #1225 - Fixed
validation: strict
not working in blueprints #1273 - Fixed
Data::filter()
removing empty fields (such as empty list) by default #2805 - Fixed fatal error with non-integer page param value #2803
- Fixed
Assets::addInlineJs()
parameter type mismatch between v1.5 and v1.6 #2659 - Fixed
site.metadata
saving issues #2615
- Fixed incorrect routing caused by
-
- Catch PHP 7.4 deprecation messages and report them in debugbar instead of throwing fatal error
-
- Fixed fatal error when calling
{{ grav.undefined }}
- Fixed multiple issues when there are no pages in the site
- PHP 7.4 fix for #2750
- Fixed fatal error when calling
-
- Added working ETag (304 Not Modified) support based on the final rendered HTML
-
- Safer file handling + customizable null char replacement in
CsvFormatter::decode()
- Change of Behavior:
Inflector::hyphenize
will now automatically trim dashes at beginning and end of a string. - Change in Behavior for
Folder::all()
so no longer fails if trying to copy non-existent dot file #2581 - renamed composer
test-plugins
script tophpstan-plugins
to be more explicit #2637
- Safer file handling + customizable null char replacement in
-
- Improved robots.txt #2632
-
- Fixed broken markdown Twig tag #2635
- Force Symfony 4.2 in Grav 1.6 to remove a bunch of deprecated messages
-
- Actually include fix for
system\router.php
#2627
- Actually include fix for
-
- Regression fix for
system\router.php
#2627
- Regression fix for
-
- Use new
Utils::getSupportedPageTypes()
to enforcehtml,htm
at the front of the list #2531 - Updated vendor libraries
- Markdown filter is now page-aware so that it works with modular references admin#1731
- Check of
GRAV_USER_INSTANCE
constant is already defined #2621
- Use new
-
- Fixed some potential issues when
$grav['user']
is not set - Fixed error when calling
Media::add($name, null)
- Fixed
url()
returning wrong path if using stream with grav root path in it, eg:user-data://shop
when Grav is in/shop
- Fixed
url()
not returning a path to non-existing file (user-data://shop
=>/user/data/shop
) if it is set to fail gracefully - Fixed
url()
returning false on unknown streams, such asftp://domain.com
, they should be treated as external URL - Fixed Flex User to have permissions to save and delete his own user
- Fixed new Flex User creation not being possible because of username could not be given
- Fixed fatal error 'Expiration date must be an integer, a DateInterval or null, "double" given' #2529
- Fixed non-existing Flex object having a bad media folder
- Fixed collections using
page@.self:
should allow modular pages if requested - Fixed an error when trying to delete a file from non-existing Flex Object
- Fixed
FlexObject::exists()
failing sometimes just after the object has been saved - Fixed CSV formatter not encoding strings with
"
and,
properly - Fixed var order in
Validation.php
#2610
- Fixed some potential issues when
-
- Added
FormTrait::getAllFlashes()
method to get all the available form flash objects for the form - Added creation and update timestamps to
FormFlash
objects
- Added
-
- Added
FormFlashInterface
, changed constructor to take$config
array
- Added
-
- Fixed error in
ImageMedium::url()
if the image cache folder does not exist - Fixed empty form flash name after file upload or form state update
- Fixed a bug in
Route::withParam()
method - Fixed issue with
FormFlash
objects when there is no session initialized
- Fixed error in
-
- Force question to install demo content in theme update #2493
- Fixed GPM errors from blueprints not being logged #2505
- Don't error when IP is invalid #2507
- Fixed regression with
bin/plugin
not listing the plugins available (1c725c0) - Fixed bitwise operator in
TwigExtension::exifFunc()
#2518 - Fixed issue with lang prefix incorrectly identifying as admin #2511
- Fixed issue with
U0ils::pathPrefixedBYLanguageCode()
and trailing slash #2510 - Fixed regresssion issue of
Utils::Url()
not returningfalse
on failure. Added new optionalfail_gracefully
3rd attribute to return string that caused failure #2524
-
- Added
Route::withoutParams()
methods - Added
Pages::setCheckMethod()
method to override page configuration in Admin Plugin - Added
Cache::clearCache('invalidate')
parameter for just invalidating the cache without deleting any cached files - Made
UserCollectionInderface
to extendCountable
to get the count of existing users
- Added
-
- Flex admin: added default search options for flex objects
- Flex collection and object now fall back to the default template if template file doesn't exist
- Updated Vendor libraries including Twig 1.40.1
- Updated language files from
https://crowdin.com/project/grav-core
-
- Fixed
$grav['route']
from being modified when the route instance gets modified - Fixed Assets options array mixed with standalone priority #2477
- Fix for
avatar_url
provided by 3rd party providers - Fixed non standard
lang
code lengths inUtils
andSession
detection - Fixed saving a new object in Flex
SimpleStorage
- Fixed exception in
Flex::getDirectories()
if the first parameter is set - Output correct "Last Updated" in
bin/gpm info
command - Checkbox getting interpreted as string, so created new
Validation::filterCheckbox()
- Fixed backwards compatibility to
select
field withselectize.create
set to true git-sync#141 - Fixed
YamlFormatter::decode()
to always return array #2494 - Fixed empty
$grav['request']->getAttribute('route')->getExtension()
- Fixed
-
- Added
FlexCollection::filterBy()
method
- Added
-
- Revert
Use Null Coalesce Operator
#2466 - Fixed
FormTrait::render()
not providing config variable - Updated
bin/grav clean
to clearcache/compiled
anduser/config/security.yaml
- Revert
-
- Added a new
bin/grav yamllinter
CLI command to find YAML Linting issues #2468
- Added a new
-
- Improve
FormTrait
backwards compatibility with existing forms - Added a new
Utils::getSubnet()
function for IPv4/IPv6 parsing #2465
- Improve
-
FormInterface
now implementsRenderInterface
- Added new
FormInterface::getTask()
method which reads the task fromform.task
in the blueprint
-
- Updated vendor libraries to latest
-
- Rollback
redirect_default_route
logic as it has issues with multi-lang #2459 - Fix potential issue with
|contains
Twig filter on PHP 7.3 - Fixed bug in text field filtering: return empty string if value isn't a string or number #2460
- Force Asset
priority
to be an integer and not throw error if invalid string passed #2461 - Fixed bug in text field filtering: return empty string if value isn't a string or number
- Fixed
FlexForm
missing getter methods for defining form variables
- Rollback
-
- Improved
redirect_default_route
logic as well asUri::toArray()
to take into accountroot_path
andextension
- Rework logic to pull out excluded files from pipeline more reliably #2445
- Better logic in
Utils::normalizePath
to handle externals properly #2216 - Fixed to force all
Page::taxonomy
to be treated as strings #2446 - Fixed issue with
Grav['user']
not being available form#332 - Updated rounding logic for
Utils::parseSize()
#2394 - Fixed Flex simple storage not being properly initialized if used with caching
- Improved
-
- Added
Blueprint::addDynamicHandler()
method to allow custom dynamic handlers, for examplecustom-options@: getCustomOptions
- Added
-
- Improved CSS for the bottom filter bar of DebugBar
-
- Fixed issue with
@import
not being added to top of pipelined css #2440
- Fixed issue with
-
- Set minimum requirements to PHP 7.1.3
- New
Scheduler
functionality for periodic jobs - New
Backup
functionality with multiple backup profiles and scheduler integration - Refactored
Assets Manager
to be more powerful and flexible - Updated Doctrine Collections to 1.6
- Updated Doctrine Cache to 1.8
- Updated Symfony Components to 4.2
- Added new Cache purge functionality old cache manually via CLI/Admin as well as scheduler integration
- Added new
{% throw 404 'Not Found' %}
twig tag (with custom code/message) - Added
Grav\Framework\File
classes for handling YAML, Markdown, JSON, INI and PHP serialized files - Added
Grav\Framework\Collection\AbstractIndexCollection
class - Added
Grav\Framework\Object\ObjectIndex
class - Added
Grav\Framework\Flex
classes - Added support for hiding form fields in blueprints by using dynamic property like
security@: admin.foobar
,scope@: object
orscope-ignore@: object
to any field - New experimental FlexObjects powered
Users
for increased performance and capability (disabled by default) - Added PSR-7 and PSR-15 classes
- Added
Grav\Framework\DI\Container
class - Added
Grav\Framework\RequestHandler\RequestHandler
class - Added
Page::httpResponseCode()
andPage::httpHeaders()
methods - Added
Grav\Framework\Form\Interfaces\FormInterface
- Added
Grav\Framework\Form\Interfaces\FormFactoryInterface
- Added
Grav\Framework\Form\FormTrait
- Added
Page::forms()
method to get normalized list of all form headers defined in the page - Added
onPageAction
,onPageTask
,onPageAction.{$action}
andonPageTask.{$task}
events - Added
Blueprint::processForm()
method to filter form inputs - Move
processMarkdown()
method fromTwigExtension
to more generalUtils
class - Added support to include extra files into
Media
(such as uploaded files) - Added form preview support for
FlexObject
, including a way to render newly uploaded files before saving them - Added
FlexObject::getChanges()
to determine what fields change during an update - Added
arrayDiffMultidimensional
,arrayIsAssociative
,arrayCombine
Util functions - New
$grav['users']
service to allow custom user classes implementingUserInterface
- Added
LogViewer
helper class and CLI command:bin/grav logviewer
- Added
select()
andunselect()
methods toCollectionInterface
and its base classes - Added
orderBy()
andlimit()
methods toObjectCollectionInterface
and its base classes - Added
user-data://
which is a writable stream (user://data
is not and should be avoided) - Added support for
/action:{$action}
(like task but used without nonce when only receiving data) - Added
onAction.{$action}
event - Added
Grav\Framework\Form\FormFlash
class to contain AJAX uploaded files in more reliable way - Added
Grav\Framework\Form\FormFlashFile
class which implementsUploadedFileInterface
from PSR-7 - Added
Grav\Framework\Filesystem\Filesystem
class with methods to manipulate stream URLs - Added new
$grav['filesystem']
service using an instance of the newFilesystem
object - Added
{% render object layout: 'default' with { variable: true } %}
for Flex objects and collections - Added
$grav->setup()
to simplify CLI and custom access points - Added
CsvFormatter
andCsvFile
classes - Added new system config option to
pages.hide_empty_folders
if a folder has no valid.md
file available. Default behavior isfalse
for compatibility. - Added new system config option for
languages.pages_fallback_only
forcing only 'fallback' to find page content through supported languages, default behavior is to display any language found if active language is missing - Added
Utils::arrayFlattenDotNotation()
andUtils::arrayUnflattenDotNotation()
helper methods
-
- Add the page to onMarkdownInitialized event #2412
- Doctrine filecache is now namespaced with prefix to support purging
- Register all page types into
blueprint://pages
stream - Removed
apc
andxcache
support, madeapc
alias ofapcu
- Support admin and regular translations via the
|t
twig filter andt()
twig function - Improved Grav Core installer/updater to run installer script
- Updated vendor libraries including Symfony
4.2.3
- Renamed old
User
class toGrav\Common\User\DataUser\User
with multiple improvements and small fixes User
class now acts as a compatibility layer to older versions of Grav- Deprecated
new User()
,User::load()
,User::find()
andUser::delete()
in favor of$grav['users']
service Media
constructor has now support to not to initialize the media objects- Cleanly handle session corruption due to changing Flex object types
- Added
FlexObjectInterface::getDefaultValue()
andFormInterface::getDefaultValue()
- Added new
onPageContent()
event for every call toPage::content()
- Added phpstan: PHP Static Analysis Tool #2393
- Added
composer test-plugins
to test plugin issues with the current version of Grav - Added
Flex::getObjects()
andFlex::getMixedCollection()
methods for co-mingled collections - Added support to use single Flex key parameter in
Flex::getObject()
method - Added
FlexObjectInterface::search()
andFlexCollectionInterface::search()
methods - Override
system.media.upload_limit
with PHP'spost_max_size
orupload_max_filesize
- Class
Grav\Common\Page\Medium\AbstractMedia
now use array traits instead of extendingGrav\Common\Getters
- Implemented
Grav\Framework\Psr7
classes asNyholm/psr7
decorators - Added a new
cache-clear
scheduled job to go along withcache-purge
- Renamed
Grav\Framework\File\Formatter\FormatterInterface
toGrav\Framework\File\Interfaces\FileFormatterInterface
- Improved
File::save()
to use a temporary file if file isn't locked - Improved
|t
filter to better support admin|tu
style filter if in admin - Update all classes to rely on
PageInterface
instead ofPage
class - Better error checking in
bin/plugin
for existence and enabled - Removed
media.upload_limit
references - Twig
nicenumber
: do not use 0 + string casting hack - Converted Twig tags to use namespaced Twig classes
- Site shows error on page rather than hard-crash when page has invalid frontmatter #2343
- Added
languages.default_lang
option to override the default lang (usually first supported language) - Added
Content-Type: application/json
body support for PSR-7ServerRequest
- Remove PHP time limit in
ZipArchive
- DebugBar: Resolve twig templates in deprecated backtraces in order to help locating Twig issues
- Added
$grav['cache']->getSimpleCache()
method for getting PSR-16 compatible cache - MediaTrait: Use PSR-16 cache
- Improved
Utils::normalizePath()
to support non-protocol URLs - Added ability to reset
Page::metadata
to allow rebuilding from automatically generated values - Added back missing
page.types
field in system content configuration admin#1612 - Console commands: add method for invalidating cache
- Updated languages
- Improved
$page->forms()
call, added$page->addForms()
- Updated languages from crowdin
- Fixed
ImageMedium
constructor warning when file does not exist - Improved
Grav\Common\User
class; added$user->update()
method - Added trim support for text input fields
validate: trim: true
- Improved
Grav\Framework\File\Formatter
classes to have abstract parent class and some useful methods - Support negotiated content types set via the Request
Accept:
header - Support negotiated language types set via the Request
Accept-Language:
header - Cleaned up and sorted the Service
idMap
- Updated
Grav
container object to implement PSR-11ContainerInterface
- Updated Grav
Processor
classes to implement PSR-15MiddlewareInterface
- Make
Data
class to extendJsonSerializable
- Modified debugger icon to use retina space-dude version
- Added missing
Video::preload()
method - Set session name based on
security.salt
rather thanGRAV_ROOT
#2242 - Added option to configure list of
xss_invalid_protocols
inSecurity
config #2250 - Smarter
security.salt
checking now we usesecurity.yaml
for other options - Added apcu autoloader optimization
- Additional helper methods in
Language
,Languages
, andLanguageCodes
classes - Call
onFatalException
event also on internal PHP errors - Built-in PHP Webserver: log requests before handling them
- Added support for syslog and syslog facility logging (default: 'file')
- Improved usability of
System
configuration blueprint with side-tabs
-
- Fixed issue with
Truncator::truncateWords
andTruncator::truncateLetters
when string not wrapped in tags #2432 - Fixed
Undefined method closure::fields()
when getting avatar for user, thanks @Romarain #2422 - Fixed cached images not being updated when source image is modified
- Fixed deleting last list item in the form
- Fixed issue with
Utils::url()
method would append extrabase_url
if URL already included it - Fixed
mkdir(...)
race condition - Fixed
Obtaining write lock failed on file...
- Fixed potential undefined property in
onPageNotFound
event handling - Fixed some potential issues/bugs found by phpstan
- Fixed regression in GPM packages casted to Array (ref, getgrav/grav-plugin-admin@e3fc4ce)
- Fixed session_start(): Setting option 'session.name' failed #2408
- Fixed validation for select field type with selectize
- Fixed validation for boolean toggles
- Fixed non-namespaced exceptions in scheduler
- Fixed trailing slash redirect in multlang environment #2350
- Fixed some issues related to Medium objects losing query string attributes
- Broke out Medium timestamp so it's not cleared on
reset()
s - Fixed issue with
redirect_trailing_slash
losing query string #2269 - Fixed failed login if user attempts to log in with upper case non-english letters
- Removed extra authenticated/authorized fields when saving existing user from a form
- Fixed
Grav\Framework\Route::__toString()
returning relative URL, not relative route - Fixed handling of
append_url_extension
inside ofPage::templateFormat()
#2264 - Fixed a broken language string #2261
- Fixed clearing cache having no effect on Doctrine cache
- Fixed
Medium::relativePath()
for streams - Fixed
Object
serialization breaking if overridingjsonSerialize()
method - Fixed
YamlFormatter::decode()
when callinginit_set()
with integer - Fixed session throwing error in CLI if initialized
- Fixed
Uri::hasStandardPort()
to support reverse proxy configurations #1786 - Use
append_url_extension
from page header to set template format if set #2604 - Fixed some bugs in Grav environment selection logic
- Use login provider User avatar if set
- Fixed
Folder::doDelete($folder, false)
removing symlink when it should not - Fixed asset manager to not add empty assets when they don't exist in the filesystem
- Update
script
andstyle
Twig tags to use the newAssets
classes - Fixed asset pipeline to rewrite remote URLs as well as local #2216
- Fixed issue with
-
- Added new
onPageContent()
event for every call toPage::content()
- Added new
-
- Fixed phpdoc generation
- Updated vendor libraries
- Force Toolbox v1.4.2
-
- EXIF fix for streams
- Fix for User avatar not working due to uppercase or spaces in email #2403
-
- Improved
User
unserialize to not to break the object if serialized data is not what expected - Removed unused parameter #2357
- Improved
-
- Support for AWS Cloudfront forwarded scheme header #2297
-
- Support spaces with filenames in responsive images #2300
-
- Updated InitializeProcessor.php to use lang-safe redirect #2268
- Improved user serialization to use less memory in the session
-
- Register theme prefixes as namespaces in Twig #2210
-
- Propogate error code between 400 and 600 for production sites #2181
-
- Remove hardcoded
302
when redirecting trailing slash #2155
- Remove hardcoded
-
- Updated default page
index.md
with some consistency fixes #2245
- Updated default page
-
- Added
Utils::getMimeByFilename()
,Utils::getMimeByLocalFile()
andUtils::checkFilename()
methods - Added configurable dangerous upload extensions in
security.yaml
- Added
-
- Updated vendor libraries to latest
-
- Added new
Security
class for Grav security functionality including XSS checks - Added new
bin/grav security
command to scan for security issues - Added new
xss()
Twig function to allow for XSS checks on strings and arrays - Added
onHttpPostFilter
event to allow plugins to globally clean up XSS in the forms and tasks - Added
Deprecated
tab to DebugBar to catch future incompatibilities with later Grav versions - Added deprecation notices for features which will be removed in Grav 2.0
- Added new
-
- Updated vendor libraries to latest
-
- Allow
$page->slug()
to be called before$page->init()
without breaking the page - Fix for
Page::translatedLanguages()
to use routes always #2163 - Fixed
nicetime()
twig function - Allow twig tags
{% script %}
,{% style %}
and{% switch %}
to be placed outside of blocks - Session expires in 30 mins independent from config settings login#178
- Allow
-
- Added static
Grav\Common\Yaml
class which should be used instead ofSymfony\Component\Yaml\Yaml
- Added static
-
- Updated deprecated Twig code so it works in both in Twig 1.34+ and Twig 2.4+
- Switched to new Grav Yaml class to support Native + Fallback YAML libraries
-
- Broken handling of user folder in Grav URI object #2151
-
- Set minimum requirements to PHP 5.6.4
- Updated Doctrine Collections to 1.4
- Updated Symfony Components to 3.4 (with compatibility mode to fall back to Symfony YAML 2.8)
- Added
Uri::method()
to get current HTTP method (GET/POST etc) FormatterInterface
: AddedgetSupportedFileExtensions()
andgetDefaultFileExtension()
methods- Added option to disable
SimpleCache
key validation - Added support for multiple repo locations for
bin/grav install
command - Added twig filters for casting values:
|string
,|int
,|bool
,|float
,|array
- Made
ObjectCollection::matching()
criteria expressions to behave more like in Twig - Criteria: Added support for
LENGTH()
,LOWER()
,UPPER()
,LTRIM()
,RTRIM()
andTRIM()
- Added
Grav\Framework\File\Formatter
classes for encoding/decoding YAML, Markdown, JSON, INI and PHP serialized strings - Added
Grav\Framework\Session
class to replaceRocketTheme\Toolbox\Session\Session
- Added
Grav\Common\Media
interfaces and trait; use those inPage
andMedia
classes - Added
Grav\Common\Page
interface to allow custom page types in the future - Added setting to disable sessions from the site #2013
- Added new
strict_mode
settings insystem.yaml
for compatibility
-
- Improved
Utils::url()
to support query strings - Display better exception message if Grav fails to initialize
- Added
muted
andplaysinline
support to videos #2124 - Added
MediaTrait::clearMediaCache()
to allow cache to be cleared - Added
MediaTrait::getMediaCache()
to allow custom caching - Improved session handling, allow all session configuration options in
system.session.options
- Improved
-
- Fix broken form nonce logic #2121
- Fixed issue with uppercase extensions and fallback media URLs #2133
- Fixed theme inheritance issue with
camel-case
that includes numbers #2134 - Typo in demo typography page #2136
- Fix for incorrect plugin order in debugger panel
- Made
|markdown
filter HTML safe - Fixed bug in
ContentBlock
serialization - Fixed
Route::withQueryParam()
to accept array values - Fixed typo in truncate function #1943
- Fixed blueprint field validation: Allow numeric inputs in text fields
-
- Use
getFilename
instead ofgetBasename
#2087
- Use
-
- Manually re-added the improved SSL off-loading that was lost with Grav v1.4.0 merge #1888
- Handle multibyte strings in
truncateLetters()
#2007 - Updated robots.txt to include
/user/images/
folder #2043 - Add getter methods for original and action to the Page object #2005
- Modular template extension follows the master page extension #2044
- Vendor library updates
-
- Handle
errors.display
system property better in admin plugin admin#1452 - Fix classes on non-http based protocol links #2034
- Fixed crash on IIS (Windows) with open_basedir in effect #2053
- Fixed incorrect routing with setup.php based base #1892
- Fixed image resource memory deallocation #2045
- Fixed issue with Errors
display:
option not handling integers properly admin#1452
- Handle
-
- Fixed an issue with some users getting 2FA prompt after upgrade admin#1442
- Do not crash when generating URLs with arrays as parameters #2018
- Utils::truncateHTML removes whitespace when generating summaries #2004
-
- Added support for
Uri::post()
andUri::getConentType()
- Added a new
Medium:thumbnailExists()
function #1966 - Added
authorized
support for 2FA
- Added support for
-
- Use
array_key_exists
instead ofin_array + array_keys
#1991 - Fixed an issue with
custom_base_url
always causing 404 errors - Improve support for regex redirects with query and params #1983
- Changed collection-based date sorting to
SORT_REGULAR
for better server compatibility #1910 - Fix hardcoded string in modular blueprint #1933
- Use
-
- moved Twig
sortArrayByKey
logic intoUtils::
class
- moved Twig
-
- Rolled back Parsedown library to stable
1.6.4
until a better solution for1.8.0
compatibility can fe found - Updated vendor libraries to latest versions
- Rolled back Parsedown library to stable
-
- Fix for bad reference to
ZipArchive
inGPM::Installer
- Fix for bad reference to
-
- Added new
|nicefilesize
Twig filter for pretty file (auto converts to bytes, kB, MB, GB, etc) - Added new
regex_filter()
Twig function to values in arrays
- Added new
-
- Added bosnian to lang codes #1917
- Improved Zip extraction error codes #1922
-
- Fixed an issue with Markdown Video and Audio that broke after Parsedown 1.7.0 Security updates #1924
- Fix for case-sensitive page metadata admin#1370
- Fixed missing composer requirements for the new
Grav\Framework\Uri
classes - Added missing PSR-7 vendor library required for URI additions in Grav 1.4.0
-
- Added
Grav\Framework\Uri
classes extending PSR-7HTTP message UriInterface
implementation - Added
Grav\Framework\Route
classes to allow route/link manipulation - Added
$grav['uri]->getCurrentUri()
method to getGrav\Framework\Uri\Uri
instance for the current URL - Added
$grav['uri]->getCurrentRoute()
method to getGrav\Framework\Route\Route
instance for the current URL - Added ability to have
php
version dependencies in GPM assets - Added new
{% switch %}
twig tag for more elegant if statements - Added new
{% markdown %}
twig tag - Added Route Overrides to the default page blueprint
- Added new
Collection::toExtendedArray()
method that's particularly useful for Json output of data - Added new
|yaml_encode
and|yaml_decode
Twig filter to convert to and from YAML - Added new
read_file()
Twig function to allow you to load and display a file in Twig (Supports streams and regular paths) - Added a new
Medium::exists()
method to check for file existence - Moved Twig
urlFunc()
toUtils::url()
as its so darn handy - Transferred overall copyright from RocketTheme, LLC, to Trilby Media LLC
- Added
theme_var
,header_var
andbody_class
Twig functions for themes - Added
Grav\Framework\Cache
classes providing PSR-16Simple Cache
implementation - Added
Grav\Framework\ContentBlock
classes for nested HTML blocks with CSS/JS assets - Added
Grav\Framework\Object
classes for creating collections of objects - Added
|nicenumber
Twig filter - Added
{% try %} ... {% catch %} Error: {{ e.message }} {% endcatch %}
tag to allow basic exception handling inside Twig - Added
{% script %}
and{% style %}
tags for Twig templates - Deprecated GravTrait
- Added
-
- Improved
Session
initialization - Added ability to set a
theme_var()
option in page frontmatter - Force clearing PHP
clearstatcache
andopcache-reset
onCache::clear()
- Better
Page.collection()
filtering support including ability to have non-published pages in collections - Stopped Chrome from auto-completing admin user profile form #1847
- Support for empty
switch
field like acheckbox
- Made
modular
blueprint more flexible - Code optimizations to
Utils
class #1830 - Objects: Add protected function
getElement()
to get serialized value for a single property ObjectPropertyTrait
: Added protected functionsisPropertyLoaded()
,offsetLoad()
,offsetPrepare()
andoffsetSerialize()
Grav\Framework\Cache
: Allow unlimited TTL- Optimizations & refactoring to the test suite #1779
- Slight modification of Whoops error colors
- Added new configuration option
system.session.initialize
to delay session initialization if needed by a plugin - Updated vendor libraries to latest versions
- Removed constructor from
ObjectInterface
- Make it possible to include debug bar also into non-HTML responses
- Updated built-in JQuery to latest 3.3.1
- Improved
-
- Fixed issue with image alt tag always getting empted out unless set in markdown
- Fixed issue with remote PHP version determination for Grav updates #1883
- Fixed issue with illegal scheme offset in
Uri::convertUrl()
page-inject#8 - Properly validate YAML blueprint fields so admin can save as proper YAML now [addresses many issues]
- Fixed OpenGraph metatags so only Twitter uses
name=
, and all others useproperty=
#1849 - Fixed an issue with
evaluate()
andevaluate_twig()
Twig functions that throws invalid template error - Fixed issue with
|sort_by_key
twig filter if the input was null or not an array - Date ordering should always be numeric #1810
- Fix for base paths containing special characters #1799
- Fix for session cookies in paths containing special characters
- Fix for
vundefined
error for version numbers in GPM form#222 - Fixed
BadMethodCallException
thrown in GPM updates #1784 - NOTE: Parsedown security release now escapes
&
to&
in Markdown links
-
- Reverted GPM Local pull request as it broken admin #1742
-
- Added new core Twig templates for
partials/metadata.html.twig
andpartials/messages.html.twig
- Added ability to work with GPM locally #1742
- Added new HTML5 audio controls #1756
- Added
Medium::copy()
method to create a copy of a medium object - Added new
force_lowercase_urls
functionality on routes and slugs - Added new
item-list
filter type to remove empty items - Added new
setFlashCookieObject()
andgetFlashCookieObject()
methods toSession
object - Added new
intl_enabled
option to disable PHP intl module collation when not needed
- Added new core Twig templates for
-
- Fixed an issue with checkbox field validation form#216
- Fixed issue with multibyte Markdown link URLs #1749
- Fixed issue with multibyte folder names #1751
- Fixed several issues related to
system.custom_base_url
that were broken #1736 - Dynamically added pages via
Pages::addPage()
were not firingonPageProcessed()
event causing forms not to be processed - Fixed
Page::active()
andPage::activeChild()
to work with UTF-8 characters in the URL #1727 - Fixed typo in
modular.yaml
causing media to be ignored #1725 - Reverted
case_insensitive_urls
option as it was causing issues with taxonomy #1733 - Removed an extra
/
inCompileFile.php
#1693 - Uri::Encode user and password to prevent issues in browsers
- Fixed "Invalid AJAX response" When using Built-in PHP Webserver in Windows #1258
- Remove support for
config.user
, it was broken and bad practise - Make sure that
clean cache
uses valid path #1745 - Fixed token creation issue with
Uri
params like/id:3
- Fixed CSS Pipeline failing with Google remote fonts if the file was minified #1261
- Forced
field.multiple: true
to allow use of min/max options incheckboxes.validate
-
- Regression: Ajax error in Nginx admin#1244
- Remove the
_url=$uri
portion of the the Nginxtry_files
command admin#1244
-
- Refactored
URI
class with numerous bug fixes, and optimizations - Override
system.media.upload_limit
with PHP'spost_max_size
orupload_max_filesize
- Updated
bin/grav clean
command to remove unnecessary vendor files (save some bytes) - Added a
http_status_code
Twig function to allow setting HTTP status codes from Twig directly. - Deter XSS attacks via URI path/uri methods (credit:newbthenewbd)
- Added support for
$uri->toArray()
and(string)$uri
- Added support for
type
onAsstes::addInlineJs()
#1683
- Refactored
-
- Fixed method signature error with
GPM\InstallCommand::processPackage()
#1682
- Fixed method signature error with
-
- Added filter support for Page collections (routable/visible/type/access/etc.)
-
- Fixed an issue where fallback was not supporting dynamic page generation
- Fixed issue with Image query string not being fully URL encoded #1622
- Fixed
Page::summary()
when using delimiter and multibyte UTF8 Characters #1644 - Fixed missing
.json
thumbnail throwing error when adding media grav-plugin-admin#1156 - Fixed insecure session cookie initialization #1656
-
- User
authorization
now requires a check forauthenticated
- REQUIRED:Login v2.4.0
- Added options to
Page::summary()
to support size without HTML tags #1554 - Forced
natsort
on plugins to ensure consistent plugin load ordering across platforms #1614 - Use new
multilevel
field to handle Asset Collections #1201 - Added support for redis
password
option #1620 - Use 302 rather than 301 redirects by default #1619
- GPM Installer will try to load alphanumeric version of the class if no standard class found #1630
- Add current page position to
User
class #1632 - Added option to enable case insensitive URLs #1638
- Updated vendor libraries
- Updated
travis.yml
to add support for PHP 7.1 as well as 7.0.21 for test suite
- User
-
- Fixed UTF8 multibyte UTF8 character support in
Page::summary()
#1554
- Fixed UTF8 multibyte UTF8 character support in
-
- Added a new
cache_control
system and page level property #1591 - Added a new
clear_images_by_default
system property to stop cache clear events from removing processed images #1481 - Added new
onTwigLoader()
event to enable utilization of loader methods - Added new
Twig::addPath()
andTwig::prependPath()
methods to wrap loader methods and support namespacing #1604 - Added new
array_key_exists()
Twig function wrapper - Added a new
Collection::intersect()
method #1605
- Added a new
-
- Allow
session.timeout
field to be set to0
via blueprints #1598 - Fixed
Data::exists()
andData::raw()
functions breaking ifData::file()
hasn't been called with non-null value - Fixed parent theme auto-loading in child themes of Gantry 5
- Allow
-
- Fix ordering for Linux + International environments #1574
- Check if medium thumbnail exists before resetting
- Update Travis' auth token
-
- Fixed an undefined variable
$difference
#1563 - Fix broken range slider grav-plugin-admin#1153
- Fix natural sort when > 100 pages #1564
- Fixed an undefined variable
-
- Setting
system.session.timeout
to 0 clears the session when the browser session ends #1538 - Created a
CODE_OF_CONDUCT.md
so everyone knows how to behave :)
- Setting
-
- Renamed new
media()
Twig function tomedia_directory()
to avoid conflict with Page'smedia
object
- Renamed new
-
- Fixed global media files disappearing after a reload #1545
- Fix for broken regex redirects/routes via
site.yaml
- Sanitize the error message in the error handler page
-
- Added
lower
andupper
Twig filters - Added
pathinfo()
Twig function - Added 165 new thumbnail images for use in
media.yaml
- Added
-
- Improved error message when running
bin/grav install
instead ofbin/gpm install
, and also when running on a non-skeleton site #1027 - Updated vendor libraries
- Improved error message when running
-
- Don't rebuild metadata every time, only when file does not exist
- Restore GravTrait in ConsoleTrait grav-plugin-login#119
- Fix Windows routing with built-in server #1502
- Fix #1504
process_twig
andfrontmatter.yaml
- Nicetime fix: 0 seconds from now -> just now #1509
-
- Added new unified
Utils::getPagePathFromToken()
method which is used by various plugins (Admin, Forms, Downloads, etc.)
- Added new unified
-
- Optionally remove unpublished pages from the translated languages, move into untranslated list #1482
- Improved reliability of
hash
file-check method
-
- Added new
media
andvardump
Twig functions
- Added new
-
- Put in various checks to ensure Exif is available before trying to use it
- Add timestamp to configuration settings #1445
-
- Fix an issue saving YAML textarea fields in expert mode #1480
- Moved
onOutputRendered()
back into Grav core
-
- Added support for a single array field in the forms
- Added EXIF support with automatic generation of Page Media metafiles
- Added Twig function to get EXIF data on any image file
- Added
Pages::baseUrl()
,Pages::homeUrl()
andPages::url()
functions - Added
base32_encode
,base32_decode
,base64_encode
,base64_decode
Twig filters - Added
Debugger::getCaller()
to figure out where the method was called from - Added support for custom output providers like Slim Framework
- Added
Grav\Framework\Collection
classes for creating collections
-
- Add more controls over HTML5 video attributes (autoplay, poster, loop controls) #1442
- Removed logging statement for invalid slug #1459
- Groups selection pre-filled in user form
- Improve error handling in
Folder::move()
- Added extra parameter for
Twig::processSite()
to include custom context - Updated RocketTheme Toolbox vendor library
-
- Added optional ignores for
Installer::sophisticatedInstall()
#1447
- Added optional ignores for
-
- Added new
pwd_regex
andusername_regex
system configuration options to allow format modifications - Allow
user/accounts.yaml
overrides and implemented more robust theme initialization - improved
getList()
method to do more powerful things - Fix Typo in GPM #1427
- Added new
-
- Added various
ancestor
helper methods in Page and Pages classes #1362 - Added new
parents
field and switched Page blueprints to use this - Added
isajaxrequest()
Twig function #1400 - Added ability to inline CSS and JS code via Asset manager #1377
- Add query string in lighttpd default config #1393
- Add
--all-yes
and--destination
options forbin/gpm direct-install
#1397
- Added various
-
- Added file upload for user avatar in user/admin blueprint
-
- Analysis fixes
- Switched to stable composer lib versions
-
- Refactored Page re-ordering to handle all siblings at once
- Added
language_codes
to Twig init to allow for easy language name/code/native-name lookup
-
- Added an Admin Overrides section with option to choose the order of children in Pages Management
-
- Fixed loading issues with improperly named themes (use old broken method first) #1373
- Simplified modular/twig processing logic and fixed an issue with system process config #1351
- Cleanup package files via GPM install to make them more windows-friendly #1361
- Fix for page-level debugger override changing the option site-wide
- Allow
url()
twig function to pass-through external links
-
- Updated vendor libraries to latest
- Added the ability to disable debugger on a per-page basis with
debugger: false
in page frontmatter
-
- Added default setting to only allow
direct-installs
from official GPM. Can be configured insystem.yaml
- Added a new
Utils::isValidUrl()
method - Added optional parameter to
|markdown(false)
filter to toggle block/line processing (default|true =block
) - Added new
Page::folderExists()
method
- Added default setting to only allow
-
Twig::evaluate()
now takes current environment and context into account- Genericized
direct-install
so it can be called via Admin plugin
-
- Fixed a minor bug in Number validation #1329
- Fixed exception when trying to find user account and there is no
user://accounts
folder - Fixed issue when setting
Page::expires(0)
Admin #1009 - Removed ID from
nonce_field()
Twig function causing validation errors Form #115
-
- Fix for double extensions getting added during some redirects #1307
- Fix syntax error in PHP 5.3. Move the version check before requiring the autoloaded deps
- Fix Whoops displaying error page if there is PHP core warning or error Admin #980
-
- Exposed the Pages cache ID for use by plugins (e.g. Form) via
Pages::getPagesCacheId()
- Added
Languages::resetFallbackPageExtensions()
regarding #1276
- Exposed the Pages cache ID for use by plugins (e.g. Form) via
-
- Allowed CLI to use non-volatile cache drivers for better integration with CLI and Web caches
- Added Gantry5-compatible query information to Caddy configuration
- Added some missing docblocks and type-hints
- Various code cleanups (return types, missing variables in doclbocks, etc.)
-
- Fix blueprints slug validation getgrav/grav-plugin-admin#955
-
- Added a new
Collection::merge()
method to allow merging of multiple collections #1258 - Added OpenCollective backer/sponsor info to
README.md
- Added a new
-
- Fixed
Page::collection()
returning array and not Collection object when header variable did not exist - Revert
Content-Encoding: identity
fix, and let you setcache: allow_webserver_gzip:
option to switch toidentity
#548
- Fixed
-
- Added new
never_cache_twig
page option insystem.yaml
and frontmatter. Allows dynamic Twig logic in regular and modular Twig templates #1244
- Added new
-
- Several improvements to aid theme development #232
- Added
hash
cache check option and made dropdown more descriptive Admin #923
-
- Fixed cross volume file system operations #635
- Fix issue with pages folders validation not accepting uppercase letters
- Fix renaming the folder name if the page, in the default language, had a custom slug set in its header
- Fixed issue with
Content-Encoding: none
. It should really beContent-Encoding: identity
instead - Fixed broken
hash
method on page modifications detection - Fixed issue with multi-lang pages not caching independently without unique
.md
file #1211 - Fixed all
$_GET
parameters missing in Nginx (please update your nginx.conf) #1245 - Fixed issue in trying to process broken symlink #1254
-
- Fixed issue with JSON calls throwing errors due to debugger enabled #1227
-
- Fall back properly to HTML if template type not found
-
- Fix issue with modular pages folders validation #900
-
- Fixed case where extracting a package would cause an error during rename
- Fix issue with using
Yaml::parse
direcly on a filename, now deprecated - Add pattern for frontend validation of folder slugs #891
- Fix issue with Inflector when translation is disabled SimpleSearch #87
- Explicitly expose
array_unique
Twig filter Admin #897
-
- RC released as stable
-
- Better error handling in cache clear
- YAML syntax fixes for the future compatibility
- Added new parameter
remove
foronBeforeCacheClear
event - Add support for calling Media object as function to get medium by filename
-
- Added checks before accessing admin reference during
Page::blueprints()
call. Allows to accesspage.blueprints
from Twig in the frontend
- Added checks before accessing admin reference during
-
- Add
ignore_empty
property to be used on array fields, if positive only save options with a value - Use new
permissions
field in user account - Add
range(int start, int end, int step)
twig function to generate an array of numbers between start and end, inclusive - New retina Media image derivatives array support (
![](image.jpg?derivatives=[640,1024,1440])
) #1147 - Added stream support for images (
![Sepia Image](image://image.jpg?sepia)
) - Added stream support for links (
[Download PDF](user://data/pdf/my.pdf)
) - Added new
onBeforeCacheClear
event to add custom paths to cache clearing process
- Add
-
- Added alias
selfupdate
to theself-upgrade
bin/gpm
CLI command - Synced
webserver-configs/htaccess.txt
with.htaccess
- Use permissions field in group details.
- Updated vendor libraries
- Added a warning on GPM update to update Grav first if needed #1194
- Added alias
-
- Added two new sort order options for pages:
publish_date
andunpublish_date
#1173)
- Added two new sort order options for pages:
-
- Multisite: Create image cache folder if it doesn't exist
- Add 2 new language values for French #1174
-
- Fixed issue when we have a meta file without corresponding media #1179
- Update class namespace for Admin class Admin #874
-
- Added a
CompiledJsonFile
object to better handle Json files. - Added Base32 encode/decode class
- Added a new
User::find()
method
- Added a
-
- Moved
messages
object into core Grav from login plugin - Added
getTaxonomyItemKeys
to the Taxonomy object #1124 - Added a
redirect_me
Twig function #1124 - Added a Caddyfile for newer Caddy versions #1115
- Allow to override sorting flags for page header-based or default ordering. If the
intl
PHP extension is loaded, only these flags are available: https://secure.php.net/manual/en/collator.asort.php. Otherwise, you can use the PHP standard sorting flags (https://secure.php.net/manual/en/array.constants.php) #1169
- Moved
-
- Fixed an issue with site redirects/routes, not processing with extension (.html, .json, etc.)
- Don't truncate HTML if content length is less than summary size #1125
- Return max available number when calling random() on a collection passing an int > available items #1135
- Use correct ratio when applying image filters to image alternatives #1147
- Fixed URI path in multi-site when query parameters were used in front page
-
- Fixed warning with unset
ssl
option when using GPM #1132
- Fixed warning with unset
-
- Improved the capabilities of Image derivatives #1107
-
- Only pass verify_peer settings to cURL and fopen if the setting is disabled #1120
-
- Added ability for Page to override the output format (
html
,xml
, etc..) #1067 - Added
Utils::getExtensionByMime()
and cleaned upUtils::getMimeByExtension
+ tests - Added a
cache.check.method: 'hash'
option insystem.yaml
that checks all files + dates inclusively - Include jQuery 3.x in the Grav assets
- Added the option to automatically fix orientation on images based on their Exif data, by enabling
system.images.auto_fix_orientation
.
- Added ability for Page to override the output format (
-
- Add
batch()
function to Page Collection class - Added new
cache.redis.socket
setting that allow to pass a UNIX socket as redis server - It is now possible to opt-out of the SSL verification via the new
system.gpm.verify_peer
setting. This is sometimes necessary when receiving a "GPM Unable to Connect" error. More details in (#1053) - It is now possible to force the use of either
curl
orfopen
asResponse
connection method, via the newsystem.gpm.method
setting. By default this is set to 'auto' and gives priority to 'fopen' first, curl otherwise. - InstallCommand can now handle Licenses
- Uses more helpful
1x
,2x
,3x
, etc names in the Retina derivatives cache files. - Added new method
Plugins::isPluginActiveAdmin()
to check if plugin route is active in Admin plugin - Added new
Cache::setEnabled
andCache::getEnabled
to enable outside control of cache - Updated vendor libs including Twig
1.25.0
- Avoid git ignoring any vendor folder in a Grav site subfolder (but still ignore the main
vendor/
folder) - Added an option to get just a route back from
Uri::convertUrl()
function - Added option to control split session #1096
- Added new
verbosity
levels tosystem.error.display
to allow for system error messages #1091 - Improved the API for Grav plugins to access the Parsedown parser directly #1062
- Add
-
- Fixed missing
progress
method in the DirectInstall Command Response
class now handles better unsuccessful requests such as 404 and 401- Fixed saving of
external
page types Admin #789 - Fixed issue deleting parent folder of folder with
param_sep
in the folder name admin #796 - Fixed an issue with streams in
bin/plugin
- Fixed
jpeg
file format support in Media
- Fixed missing
-
- Added new
bin/gpm direct-install
command to install local and remote zip archives
- Added new
-
- Refactored
onPageNotFound
event to fire afteronPageInitialized
- Follow symlinks in
Folder::all()
- Twig variable
base_url
now supports multi-site by path feature - Improved
bin/plugin
to list plugins with commands faster by limiting the depth of recursion
- Refactored
-
- Quietly skip missing streams in
Cache::clearCache()
- Fix issue in calling page.summary when no content is present in a page
- Fix for HUGE session timeouts #1050
- Quietly skip missing streams in
-
- Added new
tmp
folder at root. Accessible via streamtmp://
. Can be cleared withbin/grav clear --tmp-only
as well as--all
. - Added support for RTL in
LanguageCodes
so you can determine if a language is RTL or not - Ability to set
custom_base_url
in system configuration - Added
override
andforce
options for Streams setup
- Added new
-
- Important vendor updates to provide PHP 7.1 beta support!
- Added a
Util::arrayFlatten()
static function - Added support for 'external_url' page header to enable easier external URL based menu items
- Improved the UI for CLI GPM Index view to use a table
- Added
@page.modular
Collection type #988 - Added support for
self@
,page@
,taxonomy@
,root@
Collection syntax for cleaner YAML compatibility - Improved GPM commands to allow for
-y
to automate yes responses and-o
for update and selfupgrade to overwrite installations #985 - Added randomization to
safe_email
Twig filter for greater security #998 - Allow
Utils::setDotNotation
to merge data, rather than just set - Moved default
Image::filter()
to thesave
action to ensure they are applied last #984 - Improved the
Truncator
code to be more reliable #1019 - Moved media blueprints out of core (now in Admin plugin)
-
- Removed 307 redirect code option as it is not well supported #743
- Fixed issue with folders with name
*.md
are not confused with pages #995 - Fixed an issue when filtering collections causing null key
- Fix for invalid HTML when rendering GIF and Vector media #1001
- Use pages.markdown.extra in the user's system.yaml #1007
- Fix for
Memcached
connection #1020
-
- Fix for lightbox media function throwing error #981
-
- Allow forcing SSL by setting
system.force_ssl
(Force SSL in the Admin System Config) #899
- Allow forcing SSL by setting
-
- Fixed
Folder::delete
method to recursively remove files and folders and causing Upgrade to fail. - Fix #952 hyphenize the session name.
- If no parent is set and siblings collection is called, return a new and empty collection grav-plugin-sitemap/issues/22
- Prevent exception being thrown when calling the Collator constructor failed in a Windows environment with the Intl PHP Extension enabled #961
- Fix for markdown images not properly rendering
id
attribute #956
- Fixed
-
- Made
paramsRegex()
static to allow it to be called statically
- Made
-
- Fixed backup when using very long site titles with invalid characters grav-plugin-admin#701
- Fixed a typo in the
webserver-configs/nginx.conf
example
-
- Added support for validation of multiple email in the
type: email
field grav-plugin-email#31 - Unified PHP code header styling
- Added 6 more languages and updated language codes
- set default "releases" option to
stable
- Added support for validation of multiple email in the
-
- Fix backend validation for file fields marked as required grav-plugin-form#78
-
- Take asset modification timestamp into consideration in pipelining #917 - @Sommerregen
-
- Added getters and setters for Assets to allow manipulation of CSS/JS/Collection based assets via plugins #876
-
- Pass the exception to the
onFatalException()
event - Updated to latest jQuery 2.2.4 release
- Moved list items in
system/config/media.yaml
config into atypes:
key which allows you delete default items. - Updated
webserver-configs/nginx.conf
withtry_files
fix from @mrhein and @rondlite #743 - Updated cache references to include
memecache
andredis
#887 - Updated composer libraries
- Pass the exception to the
-
- Fixed
Utils::normalizePath()
that was truncating 0's #882
- Fixed
-
- GPM installation of plugins and themes into correct multisite folders #841
- Use
Page::rawRoute()
in blueprints for more reliable mulit-language support
-
- Fixes for
zlib.output_compression
as well asmod_deflate
GZIP compression - Fix for corner-case redirect logic causing infinite loops and out-of-memory errors
- Fix for saving fields in expert mode that have no
Validation::typeX()
methods #626 - Detect if user really meant to extend parent blueprint, not another one (fixes old page type blueprints)
- Fixed a bug in
Page::relativePagePath()
whenPage::$name
is not defined - Fix for poor handling of params + query element in
Uri::processParams()
#859 - Fix for double encoding in markdown links #860
- Correctly handle language strings to determine if it's in admin or not #627
- Fixes for
-
- Updated jQuery from 2.2.0 to 2.2.3
- Set
Uri::ip()
to static by default so it can be used in form fields - Improved
Session
class with flash storage Page::getContentMeta()
now supports an optional key.
-
- Fixed "Invalid slug set in YAML frontmatter" when setting
Page::slug()
with empty string #580 - Only
.gitignore
Grav's vendor folder - Fix trying to remove Grav with
GPM uninstall
of a plugin with Grav dependency - Fix Page Type blueprints not being able to extend their parents
filterFile
validation method always returns an array of files, behaving likemultiple="multiple"
- Fixed #835 check for empty image file first to prevent getimagesize() fatal error
- Avoid throwing an error when Grav's Gzip and mod_deflate are enabled at the same time on a non php-fpm setup
- Fixed "Invalid slug set in YAML frontmatter" when setting
-
- Drop dependencies calculations if plugin is installed via symlink
- Drop Grav from dependencies calculations
- Send slug name as part of installed packages
- Fix for summary entities not being properly decoded #825
-
- Pass the Page type when calling
onBlueprintCreated
- Changed
Page::cachePageContent()
form private to public so a page can be recached via plugin
- Pass the Page type when calling
-
- Fixed handling of
{'loading':'async'}
with Assets Pipeline - Fix for new modular page modal
Page
field requiring a value #529 - Fix for broken
bin/gpm version
command - Fix handling "grav" as a dependency
- Fix when installing multiple packages and one is the dependency of another, don't try to install it twice
- Fix using name instead of the slug to determine a package folder. Broke for packages whose name was 2+ words
- Fixed handling of
-
- Added new
Plugin::getBlueprint()
andTheme::getBlueprint()
method - Allow page blueprints to be added via Plugins.
- Added new
-
- Moved to new
data-*@
format in blueprints - Updated composer-based libraries
- Moved some hard-coded
CACHE_DIR
references to use locator - Set
twig.debug: true
by default
- Moved to new
-
- Blueprint Improvements: The main improvements to Grav take the form of a major rewrite of our blueprint functionality. Blueprints are an essential piece of functionality within Grav that helps define configuration fields. These allow us to create a definition of a form field that can be rendered in the administrator plugin and allow the input, validation, and storage of values into the various configuration and page files that power Grav. Grav 1.0 had extensive support for building and extending blueprints, but Grav 1.1 takes this even further and adds improvements to our existing system.
- Extending Blueprints: You could extend forms in Grav 1.0, but now you can use a newer
extends@:
default syntax rather than the previous'@extends'
string that needed to be quoted in YAML. Also this new format allows for the defining of acontext
which lets you define where to look for the base blueprint. Another new feature is the ability to extend from multiple blueprints. - Embedding/Importing Blueprints: One feature that has been requested is the ability to embed or import one blueprint into another blueprint. This allows you to share fields or sub-form between multiple forms. This is accomplished via the
import@
syntax. - Removing Existing Fields and Properties: Another new feature is the ability to remove completely existing fields or properties from an extended blueprint. This allows the user a lot more flexibility when creating custom forms by simply using the new
unset@: true
syntax. To remove a field property you would useunset-<property>@: true
in your extended field definition, for example:unset-options@: true
. - Replacing Existing Fields and Properties: Similar to removing, you can now replace an existing field or property with the
replace@: true
syntax for the whole field, andreplace-<property>@: true
for a specific property. - Field Ordering: Probably the most frequently requested blueprint functionality that we have added is the ability to change field ordering. Imagine that you want to extend the default page blueprint but add a new tab. Previously, this meant your tab would be added at the end of the form, but now you can define that you wish the new tab to be added right after the
content
tab. This works for any field too, so you can extend a blueprint and add your own custom fields anywhere you wish! This is accomplished by using the newordering@:
syntax with either an existing property name or an integer. - Configuration Properties: Another useful new feature is the ability to directly access Grav configuration in blueprints with
config-<property>@
syntax. For example you can set a default for a field viaconfig-default@: site.author.name
which will use the author.name value from thesite.yaml
file as thedefault
value for this field. - Function Calls: The ability to call PHP functions for values has been improved in Grav 1.1 to be more powerful. You can use the
data-<property>@
syntax to call static methods to obtain values. For example:data-default@: '\Grav\Plugin\Admin::route'
. You can now even pass parameters to these methods. - Validation Rules: You can now define a custom blueprint-level validation rule and assign this rule to a form field.
- Custom Form Field Types: This advanced new functionality allows you to create a custom field type via a new plugin event called getFormFieldTypes(). This allows you to provide extra functionality or instructions on how to handle the form form field.
- GPM Versioning: A new feature that we have wanted to add to our GPM package management system is the ability to control dependencies by version. We have opted to use a syntax very similar to the Composer Package Manager that is already familiar to most PHP developers. This new versioning system allows you to define specific minimum version requirements of dependent packages within Grav. This should ensure that we have less (hopefully none!) issues when you update one package that also requires a specific minimum version of another package. The admin plugin for example may have an update that requires a specific version of Grav itself.
- GPM Testing Channel: GPM repository now comes with both a
stable
andtesting
channel. A new setting insystem.gpm.releases
allow to switch between the two channels. Developers will be able to decide whether their resource is going to be in a pre-release state or stable. Only users who switch to the testing channel will be able to install a pre-release version. - GPM Events: Packages (plugins and themes) can now add event handlers to hook in the package GPM events: install, update, uninstall. A package can listen for events before and after each of these events, and can execute any PHP code, and optionally halt the procedure or return a message.
- Refactor of the process chain breaking out
Processors
into individual classes to allow for easier modification and addition. Thanks to toovy for this work. - #745 - Added multipart downloads, resumable downloads, download throttling, and video streaming in the
Utils::download()
method. - Added optional config to allow Twig processing in page frontmatter - #788
- Added the ability to provide blueprints via a plugin (previously limited to Themes only).
- Added Developer CLI Tools to easily create a new theme or plugin
- Allow authentication for proxies - #698
- Allow to override the default Parsedown behavior - #747
- Added an option to allow to exclude external files from the pipeline, and to render the pipeline before/after excluded files
- Added the possibility to store translations of themes in separate files inside the
languages
folder - Added a method to the Uri class to return the base relative URL including the language prefix, or the base relative url if multilanguage is not enabled
- Added a shortcut for pages.find() alias
-
- Now supporting hostnames with localhost environments for better vhost support/development
- Refactor hard-coded paths to use PHP Streams that allow a setup file to configure where certain parts of Grav are stored in the physical filesystem.
- If multilanguage is active, include the Intl Twig Extension to allow translating dates automatically (http://twig.sensiolabs.org/doc/extensions/intl.html)
- Allow having local themes with the same name as GPM themes, by adding
gpm: false
to the theme blueprint - #767 - Caddyfile and Lighttpd config files updated
- Removed
node_modules
folder from backups to make them faster - Display error when
bin/grav install
hasn't been run instead of throwing exception. Prevents "white page" errors if error display is off - Improved command line flow when installing multiple packages: don't reinstall packages if already installed, ask once if should use symlinks if symlinks are found
- Added more tests to our testing suite
- Added x-ua-compatible to http_equiv metadata processing
- Added ability to have a per-page
frontmatter.yaml
file to set header frontmatter defaults. Especially useful for multilang scenarios - #775 - Removed deprecated
bin/grav newuser
CLI command. usebin/plugin login newuser
instead. - Added
webm
andogv
video types to the default media types list.
-
- Fix Zend Opcache
opcache.validate_timestamps=0
not detecting changes in compiled yaml and twig files - Avoid losing params, query and fragment from the URL when auto-redirecting to a language-specific route - #759
- Fix for non-pipeline assets getting lost when pipeline is cached to filesystem
- Fix for double encoding resulting from Markdown Extra
- Fix for a remote link breaking all CSS rewrites for pipeline
- Fix an issue with Retina alternatives not clearing properly between repeat uses
- Fix for non standard http/s external markdown links - #738
- Fix for
find()
calling redirects viadispatch()
causing infinite loops - #781
- Fix Zend Opcache
-
- Added new
Page::contentMeta()
mechanism to store content-level meta data alongside content - Added Japanese language translation
- Added new
-
- Updated some vendor libraries
-
- Hide
streams
blueprint from Admin plugin - Fix translations of languages with
---
in YAML files
- Hide
-
- New Unit Testing via Codeception http://codeception.com/
- New page-level SSL functionality when using
absolute_urls
- Added
reverse_proxy
config option for issues with non-standard ports - Added
proxy_url
config option to support GPM behind proxy servers #639 - New
Pages::parentsRawRoutes()
method - Enhanced
bin/gpm info
CLI command with Changelog support #559 - Ability to add empty Folder via admin plugin
- Added latest
jQuery 2.2.0
library to core - Added translations from Crowdin
-
- [BC] Metadata now supports only flat arrays. To use open graph metas and the likes (ie, 'og:title'), simply specify it in the key.
- Refactored
Uri::convertUrl()
method to be more reliable + tests created - Date for last update of a modular sub-page sets modified date of modular page itself
- Split configuration up into two steps
- Moved Grav-based
base_uri
variables intoUri::init()
- Refactored init in
URI
to better support testing - Allow
twig_vars
to be exposed earlier and merged later - Avoid setting empty metadata
- Accept single group access as a string rather than requiring an array
- Return
$this
in Page constructor and init to allow chaining - Added
ext-*
PHP requirements tocomposer.json
- Use Whoops 2.0 library while supporting old style
- Removed redundant old default-hash fallback mechanisms
- Commented out default redirects and routes in
site.yaml
- Added
/tests
folder to deny's of allwebserver-configs/*
files - Various PS and code style fixes
-
- Fix default generator metadata
- Fix for broken image processing caused by
Uri::convertUrl()
bugs - Fix loading JS and CSS from collections #623
- Fix stream overriding
- Remove the URL extension for home link
- Fix permissions when the user has no access level set at all
- Fix issue with user with multiple groups getting denied on first group
- Fixed an issue with
Pages()
internal cache lookup not being unique enough - Fix for bug with
site.redirects
andsite.routes
being an empty list - [Markdown] Don't process links for special protocols
- [Whoops] serve JSON errors when request is JSON
-
- Added
rotate
,flip
andfixOrientation
image medium methods
- Added
-
- Removed IP from Nonce generation. Should be more reliable in a variety of scenarios
-
- Added
composer create-project
as an additional installation method #585 - New optional system config setting to strip home from page routs and urls #561
- Added Greek, Finnish, Norwegian, Polish, Portuguese, and Romanian languages
- Added new
Page->topParent()
method to return top most parent of a page - Added plugins configuration tab to debugger
- Added support for APCu and PHP7.0 via new Doctrine Cache release
- Added global setting for
twig_first
processing (false by default) - New configuration options for Session settings #553
- Added
-
- Switched to SSL for GPM calls
- Use
URI->host()
for session domain - Add support for
open_basedir
when installing packages via GPM - Improved
Utils::generateNonceString()
method to handle reverse proxies - Optimized core thumbnails saving 38% in file size
- Added new
bin/gpm index --installed-only
option - Improved GPM errors to provider more helpful diagnostic of issues
- Removed old hardcoded PHP version references
- Moved
onPageContentProcessed()
event so it's fired more reliably - Maintain md5 keys during sorting of Assets #566
- Update to Caddyfile for Caddy web server
-
- Fixed an issue with cache/config checksum not being set on cache load
- Fix for page blueprint and theme inheritance issue #534
- Set
ZipBackup
timeout to 10 minutes if possible - Fix case where we only have inline data for CSS or JS #565
- Fix
bin/grav sandbox
command to work with newwebserver-config
folder - Fix for markdown attributes on external URLs
- Fixed issue where
data:
page header was acting aspublish_date:
- Fix for special characters in URL parameters (e.g. /tag:c++) #541
- Safety check for an array of nonces to only use the first one
-
- Set minimum requirements to PHP 5.5.9
- Added
saveConfig
to Themes
-
- Updated Whoops to new 2.0 version (PHP 7.0 compatible)
- Moved sample web server configs into dedicated directory
- FastCGI will use Apache's
mod_deflate
if gzip turned off
-
- Fix broken media image operators
- Only call extra method of blueprints if blueprints exist
- Fix lang prefix in url twig variables #523
- Fix case insensitive HTTPS check #535
- Field field validation handles case
multiple
missing
-
- Add ability to extend markdown with plugins
- Added support for plugins to have individual language files
- Added
7z
to media formats - Use Grav's fork of Parsedown until PR is merged
- New function to persist plugin configuration to disk
- GPM
selfupgrade
will now check PHP version requirements
-
- If the field allows multiple files, return array
- Handle non-array values in file validation
-
- Fix when looping
fields
param in alist
field - Properly convert commas to spaces for media attributes
- Forcing Travis VM to HI timezone to address future files in zip file
- Fix when looping
-
- Reduced package sizes by removing extra vendor dev bits
-
- Fix issue when you enable debugger from admin plugin
-
- Add new link attributes via markdown media
- Added setters to set state of CSS/JS pipelining
- Added
user/accounts
to.gitignore
- Added configurable permissions option for Image cache
-
- Hungarian translation updated
- Refactored Theme initialization for improved flexibility
- Wrapped security section of account blueprints in an 'super user' authorize check
- Minor performance optimizations
- Updated core page blueprints with markdown preview option
- Added useful cache info output to Debugbar
- Added
iconv
polyfill library used by Symfony 2.8 - Force lowercase of username in a few places for case sensitive filesystems
-
- Fix for GPM problems "Call to a member function set() on null"
- Fix for individual asset pipeline values not functioning
- Fix
Page::copy()
andPage::move()
to support multiple moves at once - Fixed page moving of a page with no content
- Fix for wrong ordering when moving many pages
- Escape root path in page medium files to work with special characters
- Add missing parent constructor to Themes class
- Fix missing file error in
bin/grav sandbox
command - Fixed changelog differ when upgrading Grav
- Fixed a logic error in
Validation->validate()
- Make
$container
available insetup.php
to fix multi-site
-
- Refactor Config classes for improved performance!
- Refactor Data classes to use
NestedArrayAccess
instead ofDataMutatorTrait
- Added support for
classes
andid
on medium objects to set CSS values - Data objects: Allow function call chaining
- Data objects: Lazy load blueprints only if needed
- Automatically create unique security salt for each configuration
- Added Hungarian translation
- Added support for User groups
-
- Improved robots.txt to disallow crawling of non-user folders
- Nonces only generated once per action and process
- Added IP into Nonce string calculation
- Nonces now use random string with random salt to improve performance
- Improved list form handling #475
- Vendor library updates
-
- Fixed help output for
bin/plugin
- Fix for nested logic for lists and form parsing #273
- Fix for array form fields and last entry not getting deleted
- Should not be able to set parent to self #308
- Fixed help output for
-
- Added nonce functionality for all admin forms for improved security
- Implemented the ability for Plugins to provide their own CLI commands through
bin/plugin
- Added Croatian translation
- Added missing
umask_fix
property tosystem.yaml
- Added current theme's config to global config. E.g.
config.theme.dropdown_enabled
- Added
append_url_extension
option to system config & page headers - Users have a new
state
property to allow disabling/banning - Added new
Page.relativePagePath()
helper method - Added new
|pad
Twig filter for strings (usesstr_pad()
) - Added
lighttpd.conf
for Lightly web server
-
- Clear previously applied operations when doing a reset on image media
- Password no longer required when editing user
- Improved support for trailing
/
URLs - Improved
.nginx.conf
configuration file - Improved
.htaccess
security - Updated vendor libs
- Updated
composer.phar
- Use streams instead of paths for
clearCache()
- Use PCRE_UTF8 so unicode strings can be regexed in Truncator
- Handle case when login plugin is disabled
- Improved
quality
functionality in media handling - Added some missing translation strings
- Deprecated
bin/grav newuser
in favor ofbin/plugin login new-user
- Moved fallback types to use any valid media type
- Renamed
system.pages.fallback_types
tosystem.media.allowed_fallback_types
- Removed version number in default
generator
meta tag - Disable time limit in case of slow downloads
- Removed default hash in
system.yaml
-
- Fix for media using absolute URLs causing broken links
- Fix theme auto-loading #432
- Don't create empty
<style>
or<script>
scripts if no data - Code cleanups
- Fix undefined variable in Config class
- Fix exception message when label is not set
- Check in
Plugins::get()
to ensure plugins exists - Fixed GZip compression making output buffering work correctly with all servers and browsers
- Fixed date representation in system config
-
- New Page collection options!
@self.parent, @self.siblings, @self.descendants
+ more - White list of file types for fallback route functionality (images by default)
- New Page collection options!
-
- Assets switched from defines to streams
-
- README.md typos fixed
- Fixed issue with routes that have lang string in them (
/en/english
) - Trim strings before validation so whitespace is not satisfy 'required'
-
- Added support for CSS Asset groups
- Added a
wrapped_site
system option for themes/plugins to use - Pass
Page
object as event toonTwigPageVariables()
event hook - New
Data.items()
method to get all items
-
- Missing pipelined remote asset will now fail quietly
- More reliably handle inline JS and CSS to remove only surrounding HTML tags
Medium.meta
returns new Data object so null checks are possible- Improved Medium metadata merging to allow for automatic title/alt/class attributes
- Moved Grav object to global variable rather than template variable (useful for macros)
- German language improvements
- Updated bundled composer
-
- Accept variety of
true
values inUser.authorize()
method - Fix for
Validation
throwing an error if no label set
- Accept variety of
-
- Use native PECL YAML parser if installed for 4X speed boost in parsing YAML files
- Support for inherited theme class
- Added new default language prepend system configuration option
- New
|evaluate
Twig filter to evaluate a string as twig - New system option to ignore all hidden files and folders
- New system option for default redirect code
- Added ability to append specific
[30x]
codes to redirect URLs - Added
url_taxonomy_filters
for page collections - Added
@root
page andrecurse
flag for page collections - Support for multiple page collection types as an array
- Added Dutch language file
- Added Russian language file
- Added
remove
method to User object
-
- Moved hardcoded mimetypes to
media.yaml
to be treated as Page media files - Set
errors: display: false
by default insystem.yaml
- Strip out extra slashes in the URI
- Validate hostname to ensure it is valid
- Ignore more SCM folders in Backups
- Removed
home_redirect
settings fromsystem.yaml
- Added Page
media
as root twig object for consistency - Updated to latest vendor libraries
- Optimizations to Asset pipeline logic for minor speed increase
- Block direct access to a variety of files in
.htaccess
for increased security - Debugbar vendor library update
- Always fallback to english if other translations are not available
- Moved hardcoded mimetypes to
-
- Fix for redirecting external URL with multi-language
- Fix for Asset pipeline not respecting asset groups
- Fix language files with child/parent theme relationships
- Fixed a regression issue resulting in incorrect default language
- Ensure error handler is initialized before URI is processed
- Use default language in Twig if active language is not set
- Fixed issue with
safeEmailFilter()
Twig filter not separating with;
properly - Fixed empty YAML file causing error with native PECL YAML parser
- Fixed
SVG
mimetype - Fixed incorrect
Cache-control: max-age
value format
-
- Added Redis back as a supported cache mechanism
- Allow Twig
nicetime
translations - Added
-y
option for 'Yes to all' inbin/gpm update
- Added CSS
media
attribute to the Assets manager - New German language support
- New Czech language support
- New French language support
- Added
modulus
twig filter
-
- URL decode in medium actions to allow complex syntax
- Take into account
HTTP_HOST
beforeSERVER_NAME
(helpful with Nginx) - More friendly cache naming to ease manual management of cache systems
- Added default Apache resource for
DirectoryIndex
-
- Fix GPM failure when offline
- Fix
open_basedir
error inbin/gpm install
- Fix an HHVM error in Truncator
- Fix for XSS vulnerability with params
- Fix chaining for responsive size derivatives
- Fix for saving pages when removing the page title and all other header elements
- Fix when saving array fields
- Fix for ports being included in
HTTP_HOST
- Fix for Truncator to handle PHP tags gracefully
- Fix for locate style lang codes in
getNativeName()
- Urldecode image basenames in markdown
-
- Added new
AudioMedium
for HTML5 audio - Added ability for Assets to be added and displayed in separate groups
- New support for responsive image derivative sizes
- Added new
-
- GPM theme install now uses a
copy
method so new files are not lost (e.g./css/custom.css
) - Code analysis improvements and cleanup
- Removed Twig panel from debugger (no longer supported in Twig 1.20)
- Updated composer packages
- Prepend active language to
convertUrl()
when used in markdown links - Added some pre/post flight options for installer via blueprints
- Hyphenize the site name in the backup filename
- GPM theme install now uses a
-
- Fix broken routable logic
- Check for
phpinfo()
method in case it is restricted by hosting provider - Fixes for windows when running GPM
- Fix for ampersand (
&
) causing error intruncateHtml()
viaPage.summary()
-
- New and improved multibyte-safe TruncateHTML function and filter
- Added support for custom page date format
- Added a
string
Twig filter to render as json_encoded string - Added
authorize
Twig filter - Added support for theme inheritance in the admin
- Support for multiple content collections on a page
- Added configurable files/folders ignores for pages
- Added the ability to set the default PHP locale and override via multi-lang configuration
- Added ability to save as YAML via admin
- Added check for
mbstring
support - Added new
redirect
header for pages
-
- Changed dependencies from
develop
tomaster
- Updated logging to log everything from
debug
level on (waswarning
) - Added missing
accounts/
folder - Default to performing a 301 redirect for URIs with trailing slashes
- Improved Twig error messages
- Allow validating of forms from anywhere such as plugins
- Added logic so modular pages are by default non-routable
- Hide password input in
bin/grav newuser
command
- Changed dependencies from
-
- Fixed
Pages.all()
not returning modular pages - Fix for modular template types not getting found
- Fix for
markdown_extra:
overridingmarkdown:extra:
setting - Fix for multi-site routing
- Fix for multi-lang page name error
- Fixed a redirect loop in
URI
class - Fixed a potential error when
unsupported_inline_types
is empty - Correctly generate 2x retina image
- Typo fixes in page publish/unpublish blueprint
- Fixed
-
- Added some new Twig filters:
defined
,rtrim
,ltrim
- Admin support for customizable page file name + template override
- Added some new Twig filters:
-
- Better message for incompatible/unsupported Twig template
- Improved User blueprints with better help
- Switched to composer install rather than update by default
- Admin autofocus on page title
.htaccess
hardening (.htaccess
&htaccess.txt
)- Cache safety checks for missing folders
-
- Fixed issue with unescaped
o
character in date formats
- Fixed issue with unescaped
-
- Added
language
to user blueprint - Added translations to blueprints
- New extending logic for blueprints
- Blueprints are now loaded with Streams to allow for better overrides
- Added new Symfony
dump()
method
- Added
-
- Catch YAML header parse exception so site doesn't die
- Better
Page.parent()
logic - Improved GPM display layout
- Tweaked default page layout
- Unset route and slug for improved reliability of route changes
- Added requirements to README.md
- Updated various libraries
- Allow use of custom page date field for dateRange collections
-
- Slug fixes with GPM
- Unset plaintext password on save
- Fix for trailing
/
not matching active children
-
- Fixed issue when saving
header.process
in page forms via the admin plugin - Fixed error due to use of
set_time_limit
that might be disabled on some hosts
- Fixed issue when saving
-
- Added a new
newuser
CLI command to create user accounts - Added
default
blueprint for all templates - Support
user
andsystem
language translation merging
- Added a new
-
- Added isSymlink method in GPM to determine if Grav is symbolically linked or not
- Refactored page recursing
- Updated blueprints to use new toggles
- Updated blueprints to use current date for date format fields
- Updated composer.phar
- Use sessions for admin even when disabled for site
- Use
GRAV_ROOT
in session identifier
-
- Added
body_classes
field - Added
visiblity
toggle and help tooltips on new page form - Added new
Page.unsetRoute()
method to allow admin to regenerate the route
- Added
-
- User save no longer stores username each time
- Page list form field now shows all pages except root
- Removed required option from page title
- Added configuration settings for running Nginx in sub directory
-
- Fixed deep translation merging
- Fixed broken metadata merging with site defaults
- Fixed broken summary field
- Fixed broken robots field
- Fixed GPM issue when using cURL, throwing an
Undefined offset: 1
exception - Removed duplicate hidden page
type
field
-
- Added new
cache_all
system setting + mediacache()
method - Added base languages configuration
- Added property language to page to help plugins identify page language
- New
Utils::arrayFilterRecursive()
method
- Added new
-
- Improved Session handling to support site and admin independently
- Allow Twig variables to be modified in other events
- Blueprint updates in preparation for Admin plugin
- Changed
Inflector
from static to object and added multi-language support - Support for admin override of a page's blueprints
-
- Removed unused
use
inVideoMedium
that was causing error - Array fix in
User.authorise()
method - Fix for typo in
translations_fallback
- Fixed moving page to the root
- Removed unused
-
- Added new
onImageMediumSaved()
event (useful for post-image processing) - Added
Vary: Accept-Encoding
option
- Added new
-
- Multilang-safe delimiter position
- Refactored Twig classes and added optional umask setting
- Removed
pageinit()
timing Page->routable()
now takespublished()
state into account- Improved how page extension is set
- Support
Language->translate()
method taking string and array
-
- Fixed
backup
command to include empty folders
- Fixed
-
- Detect users preferred language via
http_accept_language
setting - Added new
translateArray()
language method
- Detect users preferred language via
-
- Support
en
translations by default for plugins & themes - Improved default generator tag
- Minor language tweaks and fixes
- Support
-
- Fix for session active language and homepage redirects
- Ignore root-level page rather than throwing error
-
- Added xml, json, css and js to valid media file types
-
- Better handling of unsupported media type downloads
- Improved
bin/grav backup
command to mimic admin plugin location/name
-
- Critical fix for broken language translations
- Fix for Twig markdown filter error
- Safety check for download extension
-
- BIG NEWS! Extensive Multi-Language support is all new in 0.9.30!
- Translation support via Twig filter/function and PHP method
- Page specific default route
- Page specific route aliases
- Canonical URL route support
- Added built-in session support
- New
Page.rawRoute()
to get a consistent folder-based route to a page - Added option to always redirect to default page on alias URL
- Added language safe redirect function for use in core and plugins
-
- Improved
Page.active()
andPage.activeChild()
methods to support route aliases - Various spelling corrections in
.php
comments,.md
and.yaml
files Utils::startsWith()
andUtils::endsWith()
now support needle arrays- Added a new timer around
pageInitialized
event - Updated jQuery library to v2.1.4
- Improved
-
- In-page CSS and JS files are now handled properly
- Fix for
enable_media_timestamp
not working properly
-
- New and improved Regex-powered redirect and route alias logic
- Added new
onBuildPagesInitialized
event for memory critical or time-consuming plugins - Added a
setSummary()
method for pages
-
- Improved
MergeConfig()
logic for more control - Travis skeleton build trigger implemented
- Set composer.json versions to stable versions where possible
- Disabled
last_modified
andetag
page headers by default (causing too much page caching)
- Improved
-
- Preload classes during
bin/gpm selfupgrade
to avoid issues with updated classes - Fix for directory relative down links
- Preload classes during
-
- Added method to set raw markdown on a page
- Added ability to enabled system and page level
etag
andlast_modified
headers
-
- Improved image path processing
- Improved query string handling
- Optimization to image handling supporting URL encoded filenames
- Use global
composer
when available rather than Grv provided one - Use
PHP_BINARY
constant rather thanphp
executable - Updated Doctrine Cache library
- Updated Symfony libraries
- Moved
convertUrl()
method to Uri object
-
- Fix incorrect slug causing problems with CLI
uninstall
- Fix Twig runtime error with assets pipeline in sufolder installations
- Fix for
+
in image filenames - Fix for dot files causing issues with page processing
- Fix for Uri path detection on Windows platform
- Fix for alternative media resolutions
- Fix for modularTypes key properties
- Fix incorrect slug causing problems with CLI
-
- Added new composer CLI command
- Added page-level summary header overrides
- Added
size
back for Media objects - Refactored Backup command in preparation for admin plugin
- Added a new
parseLinks
method to Plugins class - Added
starts_with
andends_with
Twig filters
-
- Optimized install of vendor libraries for speed improvement
- Improved configuration handling in preparation for admin plugin
- Cache optimization: Don't cache Twig templates when you pass dynamic params
- Moved
Utils::rcopy
toFolder::rcopy
- Improved
Folder::doDelete
- Added check for required Curl in GPM
- Updated included composer.phar to latest version
- Various blueprint fixes for admin plugin
- Various PSR and code cleanup tasks
-
- Fix issue with Gzip not working with
onShutDown()
event - Fix for URLs with trailing slashes
- Handle condition where certain errors resulted in blank page
- Fix for issue with theme name equal to base_url and asset pipeline
- Fix to properly normalize font rewrite path
- Fix for absolute URLs below the current page
- Fix for
..
page references
- Fix issue with Gzip not working with
-
- Added support for E-Tag, Last-Modified, Cache-Control and Page-based expires headers
-
- Refactored media image handling to make it more flexible and support absolute paths
- Refactored page modification check process to make it faster
- User account improvements in preparation for admin plugin
- Protect against timing attacks
- Reset default system expires time to 0 seconds (can override if you need to)
-
- Fix issues with spaces in webroot when using
bin/grav install
- Fix for spaces in relative directory
- Bug fix in collection filtering
- Fix issues with spaces in webroot when using
-
- Added support for chunked downloads of Assets
- Added new
onBeforeDownload()
event - Added new
download()
andgetMimeType()
methods to Utils class - Added configuration option for supported page types
- Added assets and media timestamp options (off by default)
- Added page expires configuration option
-
- Fixed issue with Nginx/Gzip and
ob_flush()
throwing error - Fixed assets actions on 'direct media' URLs
- Fix for 'direct assets` with any parameters
- Fixed issue with Nginx/Gzip and
-
- Fix for broken GPM
selfupgrade
(Grav 0.9.21 and 0.9.22 will need to manually upgrade to this version)
- Fix for broken GPM
-
- Fix to normalize GRAV_ROOT path for Windows
- Fix to normalize Media image paths for Windows
- Fix for GPM
selfupgrade
when you are on latest version
-
- Major Media functionality enhancements: SVG, Animated GIF, Video support!
- Added ability to configure default image quality in system configuration
- Added
sizes
attributes for custom retina image breakpoints
-
- Don't scale @1x retina images
- Add filter to Iterator class
- Updated various composer packages
- Various PSR fixes
-
- Added
addAsyncJs()
andaddDeferJs()
to Assets manager - Added support for extranal URL redirects
- Added
-
- Fix unpredictable asset ordering when set from plugin/system
- Updated
nginx.conf
to ensure system assets are accessible - Ensure images are served as static files in Nginx
- Updated vendor libraries to latest versions
- Updated included composer.phar to latest version
-
- Fixed issue with markdown links to
#
breaking HTML
- Fixed issue with markdown links to
-
- Added named assets capability and bundled jQuery into Grav core
- Added
first()
andlast()
toIterator
class
-
- Improved page modification routine to skip dot files
- Only use files to calculate page modification dates
- Broke out Folder iterators into their own classes
- Various Sensiolabs Insight fixes
-
- Fixed
Iterator.nth()
method
- Fixed
-
- Added ability for GPM
install
to automatically install_demo
content if found (w/backup) - Added ability for themes and plugins to have dependencies required to install via GPM
- Added ability to override the system timezone rather than relying on server setting only
- Added new Twig filter
random_string
for generating random id values - Added new Twig filter
markdown
for on-the-fly markdown processing - Added new Twig filter
absoluteUrl
to convert relative to absolute URLs - Added new
processTemplate()
method to Twig object for on-the-fly processing of twig template - Added
rcopy()
andcontains()
helper methods in Utils
- Added ability for GPM
-
- Provided new
param_sep
variable to better support Apache on Windows - Moved parsedown configuration into the trait
- Added optional deep-copy option to
mergeConfig()
for plugins - Updated bundled
composer.phar
package - Various Sensiolabs Insight fixes - Silver level now!
- Various PSR Fixes
- Provided new
-
- Fix for windows platforms not displaying installed themes/plugins via GPM
- Fix page IDs not picking up folder-only pages
-
- Added full HHVM support! Get your speed on with Facebook's crazy fast PHP JIT compiler
-
- More flexible page summary control
- Support CamelCase plugin and theme class names. Replaces dashes and underscores
- Moved summary delimiter into
site.yaml
so it can be configurable - Various PSR fixes
-
- Fix for
mergeConfig()
not falling back to defaults - Fix for
addInlineCss()
andaddInlineJs()
Assets not working between Twig tags - Fix for Markdown adding HTML tags into inline CSS and JS
- Fix for
-
- Added Retina and Responsive image support via Grav media and
srcset
image attribute - Added image debug option that overlays responsive resolution
- Added a new image cache stream
- Added Retina and Responsive image support via Grav media and
-
- Improved the markdown Lightbox functionality to better mimic Twig version
- Fullsize Lightbox can now have filters applied
- Added a new
mergeConfig()
method to Plugin class to merge system + page header configuration - Added a new
disable()
method to Plugin class to programmatically disable a plugin - Updated Parsedown and Parsedown Extra to address bugs
- Various PSR fixes
-
- Fix bug with image dispatch in traditionally non-routable pages
- Fix for markdown link not working on non-current pages
- Fix for markdown images not being found on homepage
-
- Typo in video mime types
- Fix for old
markdown_extra
system setting not getting picked up - Fix in regex for Markdown links with numeric values in path
- Fix for broken image routing mechanism that got broken at some point
- Fix for markdown images/links in pages with page slug override
-
- Added GZip support
- Added multiple configurations via
setup.php
- Added base structure for unit tests
- New
onPageContentRaw()
plugin event that processes before any page processing - Added ability to dynamically set Metadata on page
- Added ability to dynamically configure Markdown processing via Parsedown options
-
- Refactored
page.content()
method to be more flexible and reliable - Various updates and fixes for streams resulting in better multi-site support
- Updated Twig, Parsedown, ParsedownExtra, DoctrineCache libraries
- Refactored Parsedown trait
- Force modular pages to be non-visible in menus
- Moved RewriteBase before Exploits in
.htaccess
- Added standard video formats to Media support
- Added priority for inline assets
- Check for uniqueness when adding multiple inline assets
- Improved support for Twig-based URLs inside Markdown links and images
- Improved Twig
url()
function
- Refactored
-
- Fix for HTML entities quotes in Metadata values
- Fix for
published
setting to have precedent ofpublish_date
andunpublish_date
- Fix for
onShutdown()
events not closing connections properly in php-fpm environments
-
- Added new published
true|false
state in page headers - Added
publish_date
in page headers to automatically publish page - Added
unpublish_date
in page headers to automatically unpublish page - Added
dateRange()
capability for collections - Added ability to dynamically control Cache lifetime programmatically
- Added ability to sort by anything in the page header. E.g.
sort: header.taxonomy.year
- Added various helper methods to collections:
copy, nonVisible, modular, nonModular, published, nonPublished, nonRoutable
- Added new published
-
- Modified all Collection methods so they can be chained together:
$collection->published()->visible()
- Set default Cache lifetime to default of 1 week (604800 seconds) - was infinite
- House-cleaning of some unused methods in Pages object
- Modified all Collection methods so they can be chained together:
-
- Fix
uninstall
GPM command that was broken in last release - Fix for intermittent
undefined index
error when working with Collections - Fix for date of some pages being set to incorrect future timestamps
- Fix
-
- Added an all-access robots.txt file for search engines
- Added new GPM
uninstall
command - Added support for in-page Twig processing in modular pages
- Added configurable support for
undefined
Twig functions and filters
-
- Fall back to default
.html
template if error occurs on non-html pages - Added ability to have PSR-1 friendly plugin names (CamelCase, no-dashes)
- Fix to
composer.json
to deter API rate-limit errors - Added non-exception-throwing handler for undefined methods on
Medium
objects
- Fall back to default
-
- Fix description for
self-upgrade
method of GPM command - Fix for incorrect version number when performing GPM
update
- Fix for argument description of GPM
install
command - Fix for recalcitrant CodeKit mac application
- Fix description for
-
- Added support for simple redirects as well as routes
-
- Handle Twig errors more cleanly
-
- Fix for error caused by invalid or missing user agent string
- Fix for directory relative links and URL fragments (#pagelink)
- Fix for relative links with no subfolder in
base_url
-
- Added Facebook-style
nicetime
date Twig filter
- Added Facebook-style
-
- Moved
clear-cache
functionality into Cache object required for Admin plugin
- Moved
-
- Fix for undefined index with previous/next buttons
-
- Added new
@page
collection type - Added
ksort
andcontains
Twig filters - Added
gist
Twig function
- Added new
-
- Refactored Page previous/next/adjacent functionality
- Updated to Symfony 2.6 for yaml/console/event-dispatcher libraries
- More PSR code fixes
-
- Fix for over-escaped apostrophes in YAML
-
- Added configuration option to set default lifetime on cache saves
- Added ability to set HTTP status code from page header
- Implemented simple wild-card custom routing
-
- Fixed elusive double load to fully cache issue (crossing fingers...)
- Ensure Twig tags are treated as block items in markdown
- Removed some older deprecated methods
- Ensure onPageContentProcessed() event only fires when not cached
- More PSR code fixes
-
- Fix issue with miscalculation of blog separator location
===
- Fix issue with miscalculation of blog separator location
-
- Nginx configuration updated
- Added gitter.im badge to README
- Removed
set_time_limit()
and put checks aroundignore_user_abort
- More PSR code fixes
-
- Fix issue with non-valid asset path showing up when they shouldn't
- Fix for JS asset pipeline and scripts that don't end in
;
- Fix for schema-based markdown URLs broken routes (eg
mailto:
)
-
- Moved base_url variables into Grav container
- Forced media sorting to use natural sort order by default
- Various PSR code tidying
- Added filename, extension, thumb to all medium objects
-
- Fix for infinite loop in page.content()
- Fix hostname for configuration overrides
- Fix for cached configuration
- Fix for relative URLs in markdown on installs with no base_url
- Fix for page media images with uppercase extension
-
- Added quality setting to medium for compression configuration of images
- Added new onPageContentProcessed() event that is post-content processing but pre-caching
-
- Added support for AND and OR taxonomy filtering. AND by default (was OR)
- Added specific clearing options for CLI clear-cache command
- Moved environment method to URI so it can be accessible in plugins and themes
- Set Grav's output variable to public so it can be manipulated in onOutputGenerated event
- Updated vendor libraries to latest versions
- Better handing of 'home' in active menu state detection
- Various PSR code tidying
- Improved some error messages and notices
-
- Force route rebuild when configuration changes
- Fix for 'installed undefined' error in CLI versions command
- Do not remove the JSON/Text error handlers
- Fix for supporting inline JS and CSS when Asset pipeline enabled
- Fix for Data URLs in CSS being badly formed
- Fix Markdown links with fragment and query elements
-
- New improved Debugbar with messages, timing, config, twig information
- New exception handling system utilizing Whoops
- New logging system utilizing Monolog
- Support for auto-detecting environment configuration
- New version command for CLI
- Integrate Twig dump() calls into Debugbar
-
- Selfupgrade now clears cache on successful upgrade
- Selfupgrade now supports files without extensions
- Improved error messages when plugin is missing
- Improved security in .htaccess
- Support CSS/JS/Image assets in vendor/system folders via .htaccess
- Add support for system timers
- Improved and optimized configuration loading
- Automatically disable Debugbar on non-HTML pages
- Disable Debugbar by default
-
- More YAML blueprint fixes
- Fix potential double // in assets
- Load debugger as early as possible
-
- GPM (Grav Package Manager) Added
- Support for multiple Grav configurations
- Dynamic media support via URL
- Added inlineCss and inlineJs support for Assets
-
- YAML caching for increased performance
- Use stream wrapper in pages, plugins and themes
- Switched to RocketTheme toolbox for some core functionality
- Renamed
setup
CLI command tosandbox
- Broke cache types out into multiple directories in the cache folder
- Removed vendor libs from github repository
- Various PSR cleanup of code
- Various Blueprint updates to support upcoming admin plugin
- Added ability to filter page children for normal/modular/all
- Added
sort_by_key
twig filter - Added
visible()
androutable()
filters to page collections - Use session class in shutdown process
- Improvements to modular page loading
- Various code cleanup and optimizations
-
- Fixed file checking not updating the last modified time. For real this time!
- Switched debugger to PRODUCTION mode by default
- Various fixes in URI class for increased reliability
-
- New flexible site and page metadata support including ObjectGraph and Facebook
- New method to get user IP address in URI object
- Added new onShutdown() event that fires after connection is closed for Async features
-
- Skip assets pipeline minify on Windows platforms by default due to PHP issue 47689
- Fixed multiple level menus not highlighting correctly
- Updated some blueprints in preparation for admin plugin
- Fail gracefully when theme does not exist
- Add stream support into ResourceLocator::addPath()
- Separate themes from plugins, add themes:// stream and onTask events
- Added barDump() to Debugger
- Removed stray test page
- Override modified only if a non-markdown file was modified
- Added assets attributes support
- Auto-run composer install when running the Grav CLI
- Vendor folder removed from repository
- Minor configuration performance optimizations
- Minor debugger performance optimizations
-
- Fix url() twig function when Grav isn't installed at root
- Workaround for PHP bug 52065
- Fixed getList() method on Pages object that was not working
- Fix for open_basedir error
- index.php now warns if not running on PHP 5.4
- Removed memcached option (redundant)
- Removed memcache from auto setup, added memcache server configuration option
- Fix broken password validation
- Back to proper PSR-4 Autoloader
-
- Added new
theme://
PHP stream for current theme
- Added new
-
- Default to new
file
modification checking rather thanfolder
- Added support for various markdown link formats to convert to Grav-friendly URLs
- Moved configure() from Theme to Themes class
- Fix autoloading without composer update -o
- Added support for Twig url method
- Minor code cleanup
- Default to new
-
- Fixed issue with page changes not being picked up
- Fixed Minify to provide
@supports
tag compatibility - Fixed ResourceLocator not working with multiple paths
- Fixed issue with Markdown process not stripping LFs
- Restrict file type extensions for added security
- Fixed template inheritance
- Moved Browser class to proper location
-
- Addition of Dependency Injection Container
- Refactored plugins to use Symfony Event Dispatcher
- New Asset Manager to provide unified management of JavaScript and CSS
- Asset Pipelining to provide unification, minify, and optimization of JavaScript and CSS
- Grav Media support directly in Markdown syntax
- Additional Grav Generator meta tag in default themes
- Added support for PHP Stream Wrapper for resource location
- Markdown Extra support
- Browser object for fast browser detection
-
- PSR-4 Autoloader mechanism
- Tracy Debugger new
detect
option to detect running environment - Added new
random
collection sort option - Make media images progressive by default
- Additional URI filtering for improved security
- Safety checks to ensure PHP 5.4.0+
- Move to Slidebars side navigation in default Antimatter theme
- Updates to
.htaccess
including section onRewriteBase
which is needed for some hosting providers
-
- Fixed issue when installing in an apache userdir (~username) folder
- Various mobile CSS issues in default themes
- Various minor bug fixes