Merge branch 'release/2.4.2'

getgrav · Sep 29, 2017 · 244cfd2 · 244cfd2
2 parents 6af1cf0 + 4a034d4
commit 244cfd2
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,10 @@
+# v2.4.2
+## 09/29/2017
+
+1. [](#bugfix)
+ * Fixed issue with protected page media without access [#132](https://github.com/getgrav/grav-plugin-login/issues/132)
+ * Improved validation of email to support RFC5322 [Grav#1648](https://github.com/getgrav/grav/issues/1648)
+
 # v2.4.1
 ## 09/12/2017
 

diff --git a/blueprints.yaml b/blueprints.yaml
@@ -1,5 +1,5 @@
 name: Login
-version: 2.4.1
+version: 2.4.2
 description: Enables user authentication and login screen.
 icon: sign-in
 author:

diff --git a/cli/NewUserCommand.php b/cli/NewUserCommand.php
@@ -282,7 +282,7 @@ protected function validate($type, $value, $extra = '')
  break;
 
  case 'email':
- if (!preg_match('/^([a-z0-9_\.-]+)@([\da-z\.-]+)\.([a-z\.]{2,6})$/', $value)) {
+ if (!filter_var($value, FILTER_VALIDATE_EMAIL)) {
  throw new \RuntimeException('Not a valid email address');
  }
 

diff --git a/login.php b/login.php
@@ -478,6 +478,7 @@ public function authorizeFallBackUrl()
  if ($this->config->get('plugins.login.protect_protected_page_media', false)) {
  $page_url = dirname($this->grav['uri']->path());
  $page = $this->grav['pages']->find($page_url);
+ unset($this->grav['page']);
  $this->grav['page'] = $page;
  $this->authorizePage();
  }
@@ -538,6 +539,15 @@ public function authorizePage()
  }
  }
 
+
+ // If this is not an HTML page request, simply throw a 403 error
+ $uri_extension = $this->grav['uri']->extension('html');
+ $supported_types = $this->config->get('media.types');
+ if ($uri_extension !== 'html' && array_key_exists($uri_extension, $supported_types)) {
+ header('HTTP/1.0 403 Forbidden');
+ exit;
+ }
+
  // User is not logged in; redirect to login page.
  if ($this->redirect_to_login && $this->route && !$user->authenticated) {
  $this->grav->redirect($this->route, 302);
@@ -555,6 +565,7 @@ public function authorizePage()
  if ($this->route) {
  $page = $this->grav['pages']->dispatch($this->route);
  } else {
+
  $page = new Page;
  // $this->grav['session']->redirect_after_login = $this->grav['uri']->path() . ($this->grav['uri']->params() ?: '');