Merge branch 'release/1.0.0-rc.6'

.gitignore

@@ -22,6 +22,7 @@ user/plugins/*
 !user/plugins/.*
 user/themes/*
 !user/themes/.*
+user/localhost/config/security.yaml
 
 # OS Generated
 .DS_Store*

.htaccess

@@ -54,7 +54,7 @@ RewriteRule \.md$ error [F]
 # Block all direct access to files and folders beginning with a dot
 RewriteRule (^\.|/\.) - [F]
 # Block access to specific files in the root folder
-RewriteRule ^(LICENSE|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess)$ error [F]
+RewriteRule ^(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess)$ error [F]
 ## End - Security
 
 </IfModule>

CHANGELOG.md

@@ -1,3 +1,28 @@
+# v1.0.0-rc.6
+## 12/01/2015
+
+1. [](#new)
+    * Refactor Config classes for improved performance!
+    * Refactor Data classes to use `NestedArrayAccess` instead of `DataMutatorTrait`
+    * Added support for `classes` and `id` on medium objects to set CSS values
+    * Data objects: Allow function call chaining
+    * Data objects: Lazy load blueprints only if needed
+    * Automatically create unique security salt for each configuration
+    * Added Hungarian translation
+    * Added support for User groups
+1. [](#improved)   
+    * Improved robots.txt to disallow crawling of non-user folders
+    * Nonces only generated once per action and process
+    * Added IP into Nonce string calculation
+    * Nonces now use random string with random salt to improve performance
+    * Improved list form handling #475
+    * Vendor library updates
+1. [](#bugfix)
+    * Fixed help output for `bin/plugin`
+    * Fix for nested logic for lists and form parsing #273
+    * Fix for array form fields and last entry not getting deleted
+    * Should not be able to set parent to self #308
+
 # v1.0.0-rc.5
 ## 11/20/2015
 
@@ -6,7 +31,7 @@
     * Implemented the ability for Plugins to provide their own CLI commands through `bin/plugin`
     * Added Croatian translation
     * Added missing `umask_fix` property to `system.yaml`
-    * Added current theme's config to global config. E.g. `config.theme.dropdown_enabled` 
+    * Added current theme's config to global config. E.g. `config.theme.dropdown_enabled`
     * Added `append_url_extension` option to system config & page headers
     * Users have a new `state` property to allow disabling/banning
     * Added new `Page.relativePagePath()` helper method
@@ -78,7 +103,7 @@
     * German language improvements
     * Updated bundled composer
 1. [](#bugfix)
-    * Accept variety of `true` values in `User.authorize()` method 
+    * Accept variety of `true` values in `User.authorize()` method
     * Fix for `Validation` throwing an error if no label set
 
 # v1.0.0-rc.1

bin/plugin

@@ -44,7 +44,7 @@ $grav['plugins']->init();
 $grav['themes']->init();
 
 $app     = new Application('Grav Plugins Commands', GRAV_VERSION);
-$pattern = '/([A-Z]\w+Command\.php)$/usm';
+$pattern = '([A-Z]\w+Command\.php)';
 
 // get arguments and  strip the application name
 if (null === $argv) {
@@ -70,7 +70,7 @@ if (!$name) {
     $output->writeln('');
     $output->writeln("<red>Example:</red>");
     $output->writeln("  {$bin} error log -l 1 --trace");
-    $list = Folder::all('plugins://', ['compare' => 'Pathname', 'pattern' => '\/cli\/' . $pattern]);
+    $list = Folder::all('plugins://', ['compare' => 'Pathname', 'pattern' => '/\/cli\/' . $pattern . '$/usm']);
 
     if (count($list)) {
         $available = [];
@@ -101,7 +101,7 @@ if ($plugin === null) {
 $path = 'plugins://' . $name . '/cli';
 
 try {
-    $commands = Folder::all($path, ['compare' => 'Filename', 'pattern' => $pattern]);
+    $commands = Folder::all($path, ['compare' => 'Filename', 'pattern' => '/' . $pattern . '$/usm']);
 } catch (\RuntimeException $e) {
     $output->writeln("<red>No Console Commands for <white>'{$name}'</white> where found in <white>'{$path}'</white></red>");
     exit;

composer.json

@@ -21,7 +21,7 @@
         "mrclay/minify": "~2.2",
         "donatj/phpuseragentparser": "~0.3",
         "pimple/pimple": "~3.0",
-        "rockettheme/toolbox": "1.1.*",
+        "rockettheme/toolbox": "~1.2",
         "maximebf/debugbar": "~1.10"
     },
     "autoload": {

htaccess.txt

@@ -54,7 +54,7 @@ RewriteRule \.md$ error [F]
 # Block all direct access to files and folders beginning with a dot
 RewriteRule (^\.|/\.) - [F]
 # Block access to specific files in the root folder
-RewriteRule ^(LICENSE|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess)$ error [F]
+RewriteRule ^(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess)$ error [F]
 ## End - Security
 
 </IfModule>

lighttpd.conf

@@ -27,7 +27,7 @@ url.rewrite-if-not-file = (
 )
 
 #IMPROVING SECURITY
-$HTTP["url"] =~ "^/grav_path/(LICENSE|composer.json|composer.lock|nginx.conf|web.config)$" {
+$HTTP["url"] =~ "^/grav_path/(LICENSE.txt|composer.json|composer.lock|nginx.conf|web.config)$" {
     url.access-deny = ("")
 }
 $HTTP["url"] =~ "^/grav_path/(.git|cache|bin|logs|backup)/(.*)" {

nginx.conf

@@ -38,7 +38,7 @@ server {
     # deny running scripts inside user folder
     location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
     # deny access to specific files in the root folder
-    location ~ /(LICENSE|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
+    location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
     ## End - Security
 }
 

robots.txt

@@ -1,2 +1,11 @@
 User-agent: *
-Disallow:
+Disallow: /backup/
+Disallow: /bin/
+Disallow: /cache/
+Disallow: /grav/
+Disallow: /logs/
+Disallow: /system/
+Disallow: /vendor/
+Disallow: /user/
+Allow: /user/pages/
+Allow: /user/themes/