Merge branch 'develop' into wip/laravel-6
This commit is contained in:
Luke Towers
commit
0a9c751e1b
|
|
@ -522,7 +522,7 @@ class Lists extends WidgetBase
|
|||
/*
|
||||
* Apply sorting
|
||||
*/
|
||||
if (($sortColumn = $this->getSortColumn()) && !$this->showTree) {
|
||||
if (($sortColumn = $this->getSortColumn()) && !$this->showTree && in_array($sortColumn, array_keys($this->getVisibleColumns()))) {
|
||||
if (($column = array_get($this->allColumns, $sortColumn)) && $column->valueFrom) {
|
||||
$sortColumn = $this->isColumnPivot($column)
|
||||
? 'pivot_' . $column->valueFrom
|
||||
|
|
|
|||
|
|
@ -285,9 +285,22 @@ class Asset extends Extendable
|
|||
$fileName = $this->fileName;
|
||||
}
|
||||
|
||||
// Limit paths to those under the assets directory
|
||||
$directory = $this->theme->getPath() . '/' . $this->dirName . '/';
|
||||
$path = realpath($directory . $fileName);
|
||||
$filePath = $directory . $fileName;
|
||||
$path = realpath($filePath);
|
||||
|
||||
/**
|
||||
* If the path doesn't exist yet, then create it temporarily
|
||||
* in order to run realpath() resolution on it to verify the
|
||||
* final destination and then remove the temporary file.
|
||||
*/
|
||||
if (!$path) {
|
||||
touch($filePath);
|
||||
$path = realpath($filePath);
|
||||
unlink($filePath);
|
||||
}
|
||||
|
||||
// Limit paths to those under the theme's assets directory
|
||||
if (!starts_with($path, $directory)) {
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5805,7 +5805,8 @@ TextEditor.prototype.getPopupContent=function(){return'<form>
|
|||
<div class="modal-body"> \
|
||||
<div class="form-group"> \
|
||||
<p class="inspector-field-comment"></p> \
|
||||
<textarea class="form-control size-small field-textarea" name="name" value=""/> \
|
||||
<textarea class="form-control size-small field-textarea" name="name"> \
|
||||
</textarea> \
|
||||
</div> \
|
||||
</div> \
|
||||
<div class="modal-footer"> \
|
||||
|
|
|
|||
Loading…
Reference in New Issue