Utils::toAscii()
method clockwork-web
plugin)Utils::url()
such as mailto:
, tel:
, etc.GRAV_ROOT
or GRAV_WEBROOT
when /
#3667MediaUploadTrait::checkFileMetadata()
on_events
REGEX pattern of Security::detectXss()
as it was not matching correctly.read_file()
Twig function could be used nefariously in content #GHSA-f8v5-jmfh-pr69decoding
attribute #3796bin/composer.phar
to latest 2.7.2
v3.6.4
#3713v1.0.7
that addresses an XSS issue bin/composer.phar
to latest 2.6.6
Inflector::ordinalize()
not working as expected #3759UserGroupObject
#3724Property 'jsmodule_pipeline_include_externals' does not exist in object
#3661too few arguments exception
in FlexObjects #3658modified
timestamp via a modified:
frontmatter entryphar
in the list of security.uploads_dangerous_extensions
system.languages.debug
now dumps Key -> Value to debugger #37522.6.4
#3748@import
to ensure paths are rewritten correctly in CSS pipeline #3750Utils::isDangerousFunction
, handle double \\
in |map
twig filter to mitigate SSTI attackValidatoin::typeEmail()
isDangerousFunction
when $name
was a closure #3727system.languages.debug
option that adds a <span class="translate-debug"></span>
around strings translated with |t
. This can be styled by the theme as needed.filter
, map
, and reduce
Twig filters and functionsUtils::isDangerousFunction()
|map()
allowing code execution|reduce()
allowing code execution{% cache 'my-key' 600 %}
Truncator
class #3716FILTER_SANITIZE_STRING
input filter in favor of htmlspecialchars(strip_tags())
for PHP 8.2+GRAV_SANITIZE_STRING
constant to replace FILTER_SANITIZE_STRING
for PHP 8.2+Parsedown
class via ParseDownGravTrait
for PHP 8.2+Truncator
to not use deprecated mb_convert_encoding()
for PHP 8.2+mb_strpos()
deprecated for PHP 8.2+TwigDeferredExtension
to be PHP 8.2+ compatiblegetgrav/image
fork to take advantage of various PHP 8.2+ fixesUserGroupObject::groupNames
method in blueprints for PHP 8.2+files-upload
deprecated message as this is not going to be removedTwig
class variables used by admin to address deprecated messages for PHP 8.2+parse_url
to list of PHP functions supported in Twig ExtensionParsedown
to stop deprecation messages in PHP 8.2+account.yaml
that caused username to be disabled admin#2344email
validation that was failing on UTF-8 characters. Following best practices and now only check for @
and length.