If a website has a Service Worker installed it would load and register before a User tries to login to the backend causing a "Invalid security token" message. This PR unregisters any installed Service Worker when a User opens the backend Signin webpage.
I have also added the NEW Security Headers to add Protection to October's Cache and Cookies. This includes two new Middleware that first clears any bad cached data before a User tries to login and the second Middleware will clear all the sensitive User Data when a User signs out of the Backend.
For more info on the new Security Header 'Clear Site Data' you can see the spec found here: https://www.w3.org/TR/clear-site-data/Fixes#4076, fixes#3707.
Fixes#4046
It is possible that the user model gets fetched using the SoftDelete
trait before the relevant migrations were applied during an update.
To fix this edge case the user model is always fetched using the
withTrashed scope and the deleted_at check is done manually afterwards.
@see https://github.com/octobercms/october/issues/3999
This enables complex FormWidgets that need to know what Form widget they belong to to access that information with $this->formField->form; This also enables a fix for: https://github.com/rainlab/location-plugin/issues/48
There are no `form` elements in the preview context of a form, so this adds an alternative selector to use when no common `form` elements are found for the Input Trigger API to use. Credit to @fansaien
Credit to @fansaien.
The keydown event can not capture the Backspace(Delete) and Enter key event.
Moved the binding keydown function into froalaEditor.initialized event to solve this issue. Please review this Froala Editor issue: https://github.com/froala/wysiwyg-editor/issues/1879
The editor.events doesn't support off function. So, can not call off function in the unregisterHandlers()
Credit to @fansaien.
Reference: https://github.com/octobercms/october/pull/3793. This commit added the e() function for translation results.
Because the filter is using the mustache template, and the manual said: All variables are HTML escaped by default. If you want to return unescaped HTML, use the triple mustache: {{{name}}} (https://mustache.github.io/mustache.5.html)
That means the string will be escaped twice. So, I removed the e().
Ayumi Hamasaki
Ben Thomson
Luke Towers
Mohamed Ali Behiry
BenjaminMINK
fansaien
Panagiotis Koursaris
Ben Thomson
Mahmut Namli
Szabó Gergő
Antonie Hogewoning
Denis Denisov
Farrow
Tobias Kündig
Nathan van der Werf
Anže Časar