Permalink
Commits on Aug 15, 2018
  1. Extra semicolon

    rhukster committed Aug 15, 2018
  2. Fix for plugin order

    rhukster committed Aug 15, 2018
Commits on Aug 9, 2018
  1. Fix broken nounce handling (#2121)

    gn-jgeerds authored and rhukster committed Aug 9, 2018
    * Remove deprecated "getNonceOldStyle" function
    
    This commit removes the following functions:
    
    - getNonceOldStyle
    - generateNonceStringOldStyle
    
    The functions have been replaced in newer versions of
    grav. It seems to me that they only existed in order to make a
    upgrade to a newer version of grav painless (i.e. accept both types of
    nonce tokens). Nowadays, existing old style nonces are expired long
    time ago so it should be save to delete the deprecated funtions.
    
    * Fix caching of nonces in static class variable
    
    Currently, the behavior of `getNonce` is broken because it saves the
    generated nonce in an array and only use the $action as the
    key. However, the generated nonce does not only depend on the $action,
    but also on $plusOneTick.
    
    * Fix broken "plusOneTick" for nonces
    
    It looks to me that there is a bug in the current implemention of
    verifyNonce. Here is an example:
    
    - 2018-08-01 10:00: We respond to a request and generate a nonce. The
      current tick is at 35489
    
    - 2018-08-01 10:05: We use the previously generated nonce to make
      another request. We compare the given nounce with a new generated
      one (based on the same tick). The result is exactly the same and the
      request succeeds.
    
    - 2018-08-01 14:00: We're now one tick ahead. Remember: A day (24
      hours) is separated into two ticks (each 12 hours). A request comes
      in, we compare the given nounce with a newly generated one based on
      the current tick (now at 35490). They don't match (which is totally
      okay).
    
      If the comparison fails, we then compare the given nounce with a
      another, newly generated one. This time, we pass "plusOneTick", to
      the function, which increases the current tick by one. Our tick is
      now at 35491. We generate a nonce based on that tick and of course,
      it still does not match the given nonce.
    
      Instead of increasing the tick, we should rather decreasing it by
      one (i.e. use the previous tick). If the first comparison fails, we
      use the current tick (35490), decrease it by one (35489) and then
      compare it again. 35489 is the same tick as in the very first
      request.
    
    This bug leads to a maximum life time of 12 hours for a nonce and in
    worst case only a few seconds (!)
    
    I would like to prove the bug with an unit test but I'm too unexperienced
    in PHP. Furthermore it seems that we need some kind of library which
    is able to mock builtin functions (like "time"). Maybe
    <https://github.com/Codeception/AspectMock> would be a good canditate?
  2. Add muted and playsinline attributes (#2124)

    lucaswillering authored and rhukster committed Aug 9, 2018
    Fixes: #2099
    
    To be able to add videos to sites that behave as GIFs, two attributes are needed for the videos to be properly handled on iOS and in Chrome: muted and playsinline.
    
    Muted
    Chrome only allows videos to autoplay when the contain the muted attribute. Non-muted videos will not autoplay unless the user has interacted with the site. More details here:  https://developers.google.com/web/updates/2017/09/autoplay-policy-changes#new-behaviors
    
    Playsinline
    The playsinline attribute allows developers to specify videos on iPhone should play inline and not automatically enter fullscreen mode when playback begins. More details here: https://developers.google.com/web/updates/2017/09/autoplay-policy-changes#new-behaviors
Commits on Jul 31, 2018
  1. Merge tag '1.4.8' into develop

    rhukster committed Jul 31, 2018
    Release v1.4.8
  2. Prepare for release

    rhukster committed Jul 31, 2018
  3. vendor updates

    rhukster committed Jul 31, 2018
  4. update changelog

    rhukster committed Jul 31, 2018
Commits on Jul 27, 2018
Commits on Jul 19, 2018
Commits on Jul 13, 2018
  1. Merge tag '1.4.7' into develop

    rhukster committed Jul 13, 2018
    Release v1.4.7
  2. Prepare for release

    rhukster committed Jul 13, 2018
  3. update changelog

    rhukster committed Jul 13, 2018
Commits on Jul 5, 2018
  1. Change getBasename to getFilename where possible (#2087)

    tcyrus authored and rhukster committed Jul 5, 2018
    * Update Pages.php
    
    * Update Themes.php
    
    * Update Installer.php
    
    * Update Plugins.php
    
    * Update ConfigFileFinder.php
Commits on Jul 2, 2018
Commits on Jun 22, 2018
Commits on Jun 20, 2018
  1. Merge tag '1.4.6' into develop

    rhukster committed Jun 20, 2018
    Release v1.4.6
  2. Prepare for release

    rhukster committed Jun 20, 2018
Commits on Jun 19, 2018
  1. Merge tag '1.4.6' into develop

    rhukster committed Jun 19, 2018
    Release v1.4.6
  2. Prepare for release

    rhukster committed Jun 19, 2018
  3. Updated changelog

    rhukster committed Jun 19, 2018
Commits on Jun 15, 2018