Merge branch 'develop' of https://github.com/getgrav/grav into 2.0

getgrav · Nov 6, 2017 · b31490e · b31490e
2 parents 980b2b6 + 0fd22ad
commit b31490e
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 23 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -22,6 +22,9 @@
     * Dynamically added pages via `Pages::addPage()` were not firing `onPageProcessed()` event causing forms not to be processed
     * Fixed `Page::active()` and `Page::activeChild()` to work with UTF-8 characters in the URL [#1727](https://github.com/getgrav/grav/issues/1727)
     * Fixed typo in `modular.yaml` causing media to be ignored [#1725](https://github.com/getgrav/grav/issues/1725)
+    * Reverted `case_insensitive_urls` option as it was causing issues with taxonomy [#1733](https://github.com/getgrav/grav/pull/1733)
+    * Removed an extra `/` in `CompileFile.php` [#1693](https://github.com/getgrav/grav/pull/1693)
+    * Uri: Encode user and password to prevent issues in browsers
 
 # v1.3.8
 ## 10/26/2017

diff --git a/README.md b/README.md
@@ -86,7 +86,7 @@ $ bin/gpm update
 We appreciate any contribution to Grav, whether it is related to bugs, grammar, or simply a suggestion or improvement! Please refer to the [Contributing guide](CONTRIBUTING.md) for more guidance on this topic.
 
 ## Security issues
-If you discover a possible security issue related to Grav or one of its plugins, please send an email to the core team at contact@getgrav.org and we'll address it as soon as possible.
+If you discover a possible security issue related to Grav or one of its plugins, please email the core team at contact@getgrav.org and we'll address it as soon as possible.
 
 # Getting Started
 
@@ -101,9 +101,11 @@ If you discover a possible security issue related to Grav or one of its plugins,
 
 * Have a look at our [Basic Tutorial](https://learn.getgrav.org/basics/basic-tutorial)
 * Dive into more [advanced](https://learn.getgrav.org/advanced) functions
+* Learn about the [Grav CLI](https://learn.getgrav.org/cli-console/grav-cli)
+* Review examples in the [Grav Cookbook](https://learn.getgrav.org/cookbook)
 
 # Backers
-Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/grav#backer)]
+Support Grav with a monthly donation to help us continue development. [[Become a backer](https://opencollective.com/grav#backer)]
 
 <a href="https://opencollective.com/grav/backer/0/website" target="_blank"><img src="https://opencollective.com/grav/backer/0/avatar.svg"></a>
 <a href="https://opencollective.com/grav/backer/1/website" target="_blank"><img src="https://opencollective.com/grav/backer/1/avatar.svg"></a>

diff --git a/system/blueprints/config/system.yaml b/system/blueprints/config/system.yaml
@@ -1154,17 +1154,6 @@ form:
                     validate:
                         type: bool
 
-                case_insensitive_urls:
-                    type: toggle
-                    label: PLUGIN_ADMIN.CASE_INSENSITIVE_URLS
-                    highlight: 0
-                    help: PLUGIN_ADMIN.CASE_INSENSITIVE_URLS_HELP
-                    options:
-                        1: PLUGIN_ADMIN.YES
-                        0: PLUGIN_ADMIN.NO
-                    validate:
-                        type: bool
-
                 param_sep:
                     type: select
                     size: medium

diff --git a/system/src/Grav/Common/File/CompiledFile.php b/system/src/Grav/Common/File/CompiledFile.php
@@ -27,7 +27,7 @@ public function content($var = null)
             // If nothing has been loaded, attempt to get pre-compiled version of the file first.
             if ($var === null && $this->raw === null && $this->content === null) {
                 $key = md5($this->filename);
-                $file = PhpFile::instance(CACHE_DIR . DS . "compiled/files/{$key}{$this->extension}.php");
+                $file = PhpFile::instance(CACHE_DIR . "compiled/files/{$key}{$this->extension}.php");
 
                 $modified = $this->modified();
 

diff --git a/system/src/Grav/Common/Uri.php b/system/src/Grav/Common/Uri.php
@@ -107,7 +107,9 @@ protected function createFromEnvironment(array $env)
         // Build fragment.
         $this->fragment = null;
 
-        // Filter path and query string.
+        // Filter userinfo, path and query string.
+        $this->user = $this->user !== null ? static::filterUserInfo($this->user) : null;
+        $this->password = $this->password !== null ? static::filterUserInfo($this->password) : null;
         $this->path = empty($this->path) ? '/' : static::filterPath($this->path);
         $this->query = static::filterQuery($this->query);
 
@@ -148,7 +150,9 @@ protected function createFromString($url)
             $this->host = $this->validateHostname($this->host) ? $this->host : 'unknown';
         }
 
-        // Filter path, query string and fragment.
+        // Filter userinfo, path, query string and fragment.
+        $this->user = $this->user !== null ? static::filterUserInfo($this->user) : null;
+        $this->password = $this->password !== null ? static::filterUserInfo($this->password) : null;
         $this->path = empty($this->path) ? '/' : static::filterPath($this->path);
         $this->query = static::filterQuery($this->query);
         $this->fragment = $this->fragment !== null ? static::filterQuery($this->fragment) : null;
@@ -291,11 +295,6 @@ public function init()
 
         $this->url = $this->base . $this->uri;
 
-        // if case insensitive urls is enabled, lowercase the url
-        if( $grav['config']->get('system.case_insensitive_urls') ){
-            $this->url = strtolower($this->url);
-        }
-
         // get any params and remove them
         $uri = str_replace($this->root, '', $this->url);
 
@@ -1177,6 +1176,23 @@ public static function cleanPath($path)
         return $path;
     }
 
+    /**
+     * Filters the user info string.
+     *
+     * @param string $info The raw user or password.
+     * @return string The percent-encoded user or password string.
+     */
+    public static function filterUserInfo($info)
+    {
+        return preg_replace_callback(
+            '/(?:[^a-zA-Z0-9_\-\.~!\$&\'\(\)\*\+,;=]+|%(?![A-Fa-f0-9]{2}))/u',
+            function ($match) {
+                return rawurlencode($match[0]);
+            },
+            $info
+        );
+    }
+
     /**
      * Filter Uri path.
      *
@@ -1192,7 +1208,7 @@ public static function cleanPath($path)
     public static function filterPath($path)
     {
         return preg_replace_callback(
-            '/(?:[^a-zA-Z0-9_\-\.~:@&=\+\$,\/;%]+|%(?![A-Fa-f0-9]{2}))/',
+            '/(?:[^a-zA-Z0-9_\-\.~:@&=\+\$,\/;%]+|%(?![A-Fa-f0-9]{2}))/u',
             function ($match) {
                 return rawurlencode($match[0]);
             },
@@ -1209,7 +1225,7 @@ function ($match) {
     public static function filterQuery($query)
     {
         return preg_replace_callback(
-            '/(?:[^a-zA-Z0-9_\-\.~!\$&\'\(\)\*\+,;=%:@\/\?]+|%(?![A-Fa-f0-9]{2}))/',
+            '/(?:[^a-zA-Z0-9_\-\.~!\$&\'\(\)\*\+,;=%:@\/\?]+|%(?![A-Fa-f0-9]{2}))/u',
             function ($match) {
                 return rawurlencode($match[0]);
             },