Merge branch 'release/1.7.36'

Release v1.7.35

.editorconfig

@@ -7,11 +7,11 @@ root = true
 [*]
 charset = utf-8
 end_of_line = lf
-trim_trailing_whitespace = true
 insert_final_newline = true
 indent_style = space
 indent_size = 4
+trim_trailing_whitespace = true
 
 # 2 space indentation
-[*.{yaml,yml}]
+[*.{yaml,yml,vue,js,css}]
 indent_size = 2

.github/workflows/build.yaml

@@ -0,0 +1,71 @@
+name: Release Builds
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build:
+    if: "!github.event.release.prerelease"
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Extract Tag
+        run: echo "PACKAGE_VERSION=${{ github.ref }}" >> $GITHUB_ENV
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 7.3
+          extensions: opcache, gd
+          tools: composer:v2
+          coverage: none
+        env:
+          COMPOSER_TOKEN: ${{ secrets.GLOBAL_TOKEN }}
+
+      - name: Install Dependencies
+        run: |
+          sudo apt-get -y update -qq  < /dev/null > /dev/null
+          sudo apt-get -y install -qq git zip < /dev/null > /dev/null
+
+      - name: Retrieval of Builder Scripts
+        run: |
+          # Real Grav URL
+          curl --silent -H "Authorization: token ${{ secrets.GLOBAL_TOKEN }}" -H "Accept: application/vnd.github.v3.raw" ${{ secrets.BUILD_SCRIPT_URL }} --output build-grav.sh
+
+          # Development Local URL
+          # curl ${{ secrets.BUILD_SCRIPT_URL }} --output build-grav.sh
+
+      - name: Grav Builder
+        run: |
+          bash ./build-grav.sh
+
+      - name: Upload packages to release
+        uses: svenstaro/upload-release-action@v2
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ env.PACKAGE_VERSION }}
+          file: ./grav-dist/*.zip
+          overwrite: true
+          file_glob: true
+
+  slack:
+    name: Slack
+    needs: build
+    runs-on: ubuntu-latest
+    if: always()
+    steps:
+      - uses: technote-space/workflow-conclusion-action@v2
+      - uses: 8398a7/action-slack@v3
+        with:
+          status: failure
+          fields: repo,message,author,action
+          icon_emoji: ':octocat:'
+          author_name: 'Github Action Build'
+          text: '🚚 Automated Build Failure'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GLOBAL_TOKEN }}
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+        if: env.WORKFLOW_CONCLUSION == 'failure'

.github/workflows/tests.yaml

@@ -0,0 +1,73 @@
+name: PHP Tests
+
+on:
+  push:
+    branches: [ develop ]
+  pull_request:
+    branches: [ develop ]
+
+jobs:
+
+  unit-tests:
+
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        php: [ 8.1, 8.0, 7.4, 7.3]
+        os: [ubuntu-latest]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extensions: opcache, gd
+          tools: composer:v2
+          coverage: none
+        env:
+          COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+#      - name: Update composer
+#        run: composer update
+#
+#      - name: Validate composer.json and composer.lock
+#        run: composer validate
+
+      - name: Get composer cache directory
+        id: composer-cache
+        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+
+      - name: Cache dependencies
+        uses: actions/cache@v2
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress
+
+      - name: Run test suite
+        run: vendor/bin/codecept run
+
+#  slack:
+#      name: Slack
+#      needs: unit-tests
+#      runs-on: ubuntu-latest
+#      if: always()
+#      steps:
+#        - uses: technote-space/workflow-conclusion-action@v2
+#        - uses: 8398a7/action-slack@v3
+#          with:
+#             status: failure
+#             fields: repo,message,author,action
+#             icon_emoji: ':octocat:'
+#             author_name: 'Github Action Tests'
+#             text: '💥 Automated Test Failure'
+#          env:
+#            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+#            SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+#          if: env.WORKFLOW_CONCLUSION == 'failure'

.github/workflows/trigger-skeletons.yml

@@ -0,0 +1,45 @@
+name: Trigger Skeletons Build
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Which Grav release to use'
+        required: true
+        default: 'latest'
+      admin:
+        description: 'Create also a package with Admin'
+        required: true
+        default: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      WORKFLOW: "build-skeleton.yml"
+      AUTH: ":${{secrets.GLOBAL_TOKEN}}"
+    steps:
+      - uses: actions/checkout@v2
+      - name: Make it rain ☔️
+        run: |
+          SKELETONS=`curl -s "${{secrets.SKELETONS_JSON_LIST}}"`
+          echo "$SKELETONS" | jq -cr '.[]' | while read SKELETON; do
+            KEY=$(echo "$SKELETON" | jq -cr 'keys[0]')
+            VERSION=$(echo "$SKELETON" | jq -cr '.[]')
+            URL="https://api.github.com/repos/${KEY}/actions/workflows/${WORKFLOW}/dispatches"
+
+            curl -X POST \
+            -u "${AUTH}" \
+            -H "Accept: application/vnd.github.everest-preview+json" \
+            -H "Content-Type: application/json" \
+            -sS \
+            ${URL} \
+            --data '{ "ref": "develop", 
+                      "inputs": { 
+                        "tag": "'"$VERSION"'", 
+                        "version": "'"$INPUT_VERSION"'", 
+                        "admin": "'"$INPUT_ADMIN"'" 
+                      } 
+                    }' > /dev/null
+            echo "Dispatched Worfklow for ${KEY}@$VERSION"
+          done

.gitignore

@@ -44,3 +44,5 @@ tests/_support/_generated/*
 tests/cache/*
 tests/error.log
 system/templates/testing/*
+/user/config/versions.yaml
+/user/cli/config/security.yaml

.htaccess

@@ -27,6 +27,9 @@ RewriteEngine On
 # If you experience problems on your site block out the operations listed below
 # This attempts to block the most common type of exploit `attempts` to Grav
 #
+# Block out any script trying to use twig tags in URL.
+RewriteCond %{REQUEST_URI} ({{|}}|{%|%}) [OR]
+RewriteCond %{QUERY_STRING} ({{|}}|{%25|%25}) [OR]
 # Block out any script trying to base64_encode data within the URL.
 RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
 # Block out any script that includes a <script> tag in URL.
@@ -56,9 +59,9 @@ RewriteRule .* index.php [L]
 # Block all direct access for these folders
 RewriteRule ^(\.git|cache|bin|logs|backup|webserver-configs|tests)/(.*) error [F]
 # Block access to specific file types for these system folders
-RewriteRule ^(system|vendor)/(.*)\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ error [F]
+RewriteRule ^(system|vendor)/(.*)\.(txt|xml|md|html|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ error [F]
 # Block access to specific file types for these user folders
-RewriteRule ^(user)/(.*)\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ error [F]
+RewriteRule ^(user)/(.*)\.(txt|md|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ error [F]
 # Block all direct access to .md files:
 RewriteRule \.md$ error [F]
 # Block all direct access to files and folders beginning with a dot

.travis.yml

@@ -6,8 +6,6 @@ php:
   - '7.4'
 branches:
   only:
-    - develop
-    - master
     - build_test
 notifications:
   email:
@@ -46,10 +44,11 @@ before_install:
   - if [ $TRAVIS_BRANCH == 'develop' ] || [ $TRAVIS_PULL_REQUEST != 'false' ]; then
         composer install --dev --prefer-dist;
     fi
-  - if [ $TRAVIS_BRANCH != 'develop' ] && [ $TRAVIS_PHP_VERSION == "7.1" ] && [ $TRAVIS_PULL_REQUEST == "false" ]; then
-        export TRAVIS_TAG=$(curl --fail --user "${GH_API_USER}" -s https://api.github.com/repos/getgrav/grav/releases/latest | grep tag_name | head -n 1 | cut -d '"' -f 4);
-        eval "$(curl -sL https://raw.githubusercontent.com/travis-ci/gimme/master/gimme | GIMME_GO_VERSION=1.8 bash)";
-        go get github.com/aktau/github-release;
+  - |
+    if [ $TRAVIS_BRANCH != 'develop' ] && [ $TRAVIS_PHP_VERSION == "7.1" ] && [ $TRAVIS_PULL_REQUEST == "false" ]; then
+        export TRAVIS_TAG=$(curl -H "Authorization: token ${GH_TOKEN}" --fail -s https://api.github.com/repos/getgrav/grav/releases/latest | grep tag_name | head -n 1 | cut -d '"' -f 4);
+        eval "$(curl -sL https://raw.githubusercontent.com/travis-ci/gimme/master/gimme | GIMME_GO_VERSION=1.13 bash)";
+        go get github.com/github-release/github-release;
         git clone --quiet --depth=50 --branch=master https://${BB_TOKEN}bitbucket.org/rockettheme/grav-devtools.git $RT_DEVTOOLS  &>/dev/null;
         if [ ! -z "$TRAVIS_TAG" ]; then
             cd ${RT_DEVTOOLS};

CHANGELOG.md

@@ -1,3 +1,834 @@
+# v1.7.36
+## 09/08/2022
+
+1. [](#new)
+    * Added `authorize-*@:` support for Flex blueprints, e.g. `authorize-disabled@: not delete` disables the field if user does not have access to delete object
+    * Added support for `flex-ignore@` to hide all the nested fields in the blueprint
+1. [](#bugfix)
+    * Fixed loggin with a capitalised email address when using old users [getgrav/grav-plugin-login#229](https://github.com/getgrav/grav-plugin-login/issues/229)
+
+# v1.7.35
+## 08/04/2022
+
+1. [](#new)
+   * Added support for `multipart/form-data` content type in PUT and PATCH requests
+   * Added support for object relationships
+   * Added variables `$environment` (string), `$request` (PSR-7 ServerRequestInterface|null) and `$uri` (PSR-7 Uri|null) to be used in `setup.php`
+1. [](#improved)
+   * Minor vendor updates
+
+# v1.7.34
+## 06/14/2022
+
+1. [](#new)
+    * Added back Yiddish to Language Codes [#3336](https://github.com/getgrav/grav/pull/3336)
+    * Ignore upcoming `media.json` file in media
+1. [](#bugfix)
+    * Regression: Fixed saving page with a new language causing cache corruption [getgrav/grav-plugin-admin#2282](https://github.com/getgrav/grav-plugin-admin/issues/2282)
+    * Fixed a potential fatal error when using watermark in images
+    * Fixed `bin/grav install` command with arbitrary destination folder name
+    * Fixed Twig `|filter()` allowing code execution
+    * Fixed login and user search by email not being case-insensitive when using Flex Users
+
+# v1.7.33
+## 04/25/2022
+
+1. [](#improved)
+    * When saving yaml and markdown, create also a cached version of the file and recompile it in opcache
+2. [](#bugfix)
+    * Fixed missing changes in **yaml** & **markdown** files if saved multiple times during the same second because of a caching issue
+    * Fixed XSS check not detecting onX events without quotes
+    * Fixed default collection ordering in pages admin
+
+# v1.7.32
+## 03/28/2022
+
+1. [](#new)
+    * Added `|replace_last(search, replace)` filter
+    * Added `parseurl` Twig function to expose PHP's `parse_url` function
+2. [](#improved)
+    * Added multi-language support for page routes in `Utils::url()`
+    * Set default maximum length for text fields
+      - `password`: 256
+      - `email`: 320
+      - `text`, `url`, `hidden`, `commalist`: 2048
+      - `text` (multiline), `textarea`: 65536
+3. [](#bugfix)
+   * Fixed issue with `system.cache.gzip: true` resulted in "Fetch Failed" for PHP 8.0.17 and PHP 8.1.4 [PHP issue #8218](https://github.com/php/php-src/issues/8218)
+   * Fix for multi-lang issues with Security Report
+   * Fixed page search not working with selected language [#3316](https://github.com/getgrav/grav/issues/3316)
+
+# v1.7.31
+## 03/14/2022
+
+1. [](#new)
+   * Added new local Multiavatar (local generation). **This will be default in Grav 1.8**
+   * Added support to get image size for SVG vector images [#3533](https://github.com/getgrav/grav/pull/3533)
+   * Added XSS check for uploaded SVG files before they get stored
+   * Fixed phpstan issues (All level 2, Framework level 5)
+2. [](#improved)
+   * Moved Accounts out of Experimental section of System configuration to new "Accounts" tab
+3. [](#bugfix)
+   * Fixed `'mbstring' extension is not loaded` error, use Polyfill instead [#3504](https://github.com/getgrav/grav/pull/3504)
+   * Fixed new `Utils::pathinfo()` and `Utils::basename()` being too strict for legacy use [#3542](https://github.com/getgrav/grav/issues/3542)
+   * Fixed non-standard video html atributes generated by `{{ media.html() }}` [#3540](https://github.com/getgrav/grav/issues/3540)
+   * Fixed entity sanitization for XSS detection
+   * Fixed avatar save location when `account://` stream points to custom directory
+   * Fixed bug in `Utils::url()` when path contains part of root
+
+# v1.7.30
+## 02/07/2022
+
+1. [](#new)
+    * Added twig filter `|field_parent` to get parent field name
+2. [](#bugfix)
+    * Fixed error while deleting retina image in admin
+    * Fixed "Page Authors" field in Security tab, wrongly loading and saving the value [#3525](https://github.com/getgrav/grav/issues/3525)
+    * Fixed accounts filter only matches against email address [getgrav/grav-plugin-admin#2224](https://github.com/getgrav/grav-plugin-admin/issues/2224)
+
+# v1.7.29.1
+## 01/31/2022
+
+1. [](#bugfix)
+    * Fixed `Call to undefined method` error when upgrading from Grav 1.6 [#3523](https://github.com/getgrav/grav/issues/3523)
+
+# v1.7.29
+## 01/28/2022
+
+1. [](#new)
+    * Added support for registering assets from `HtmlBlock`
+    * Added unicode-safe `Utils::basename()` and `Utils::pathinfo()` methods
+2. [](#improved)
+    * Improved `Filesystem::basename()` and `Filesystem::pathinfo()` to be unicode-safe
+    * Made path handling unicode-safe, use new `Utils::basename()` and `Utils::pathinfo()` everywhere
+3. [](#bugfix)
+    * Fixed error on thumbnail image creation
+    * Fixed MimeType for `gzip` (`application/x-gzip`)
+
+# v1.7.28
+## 01/24/2022
+
+1. [](#new)
+    * Added links and modules support to `HtmlBlock` class
+    * Added module support for twig script tag: `{% script module 'theme://js/module.mjs' %}`
+    * Added twig tag for links: `{% link icon 'theme://images/favicon.png' priority: 20 with { type: 'image/png' } %}`
+    * Added `HtmlBlock` support for `{% style %}`, `{% script %}` and `{% link %}` tags
+    * Support for page-level `redirect_default_route` frontmatter header override
+3. [](#bugfix)
+    * Fixed XSS check not detecting escaped `&#58`
+
+# v1.7.27.1
+## 01/12/2022
+
+3. [](#bugfix)
+   * Fixed a typo in CSS Asset pipeline that was erroneously joining files with `;`
+
+# v1.7.27
+## 01/12/2022
+
+1. [](#new)
+   * Support for `YubiKey OTP` 2-Factor authenticator
+   * Added support for generic `assets.link()` for external references. No pipeline support
+   * Added support for `assets.addJsModule()` with full pipeline support
+   * Added `Utils::getExtensionsByMime()` method to get all the registered extensions for the specific mime type
+   * Added `Media::getRoute()` and `Media::getRawRoute()` methods to get page route if available
+   * Added `Medium::getAlternatives()` to be able to list all the retina sizes
+2. [](#improved)
+   * Improved `Utils::download()` method to allow overrides on download name, mime and expires header
+   * Improved `onPageFallBackUrl` event
+   * Reorganized the Asset system configuration blueprint for clarity
+3. [](#bugfix)
+   * Fixed CLI `--env` and `--lang` options having no effect if they aren't added before all the other options
+   * Fixed scaled image medium filename when using non-existing retina file
+   * Fixed an issue with JS `imports` and pipelining Assets
+
+# v1.7.26.1
+## 01/04/2022
+
+3. [](#bugfix)
+   * Fixed `UserObject::getAccess()` after cloning the object
+
+# v1.7.26
+## 01/03/2022
+
+1. [](#new)
+    * Made `Grav::redirect()` to accept `Route` class
+    * Added `translated()` method to `PageTranslateInterface`
+    * Added second parameter to `UserObject::isMyself()` method
+    * Added `UserObject::$isAuthorizedCallable` to allow `$user->isAuthorized()` customization
+    * Use secure session cookies in HTTPS by default (`system.session.secure_https: true`)
+    * Added new `Plugin::inheritedConfigOption()` function to access plugin specific functions for page overrides
+2. [](#improved)
+   * Upgraded vendor libs for PHP 8.1 compatibility
+   * Upgraded to **composer v2.1.14** for PHP 8.1 compatibility
+   * Added third `$name` parameter to `Blueprint::flattenData()` method, useful for flattening repeating data
+   * `ControllerResponseTrait`: Redirect response should be json if the extension is .json
+   * When symlinking Grav install, include also tests
+   * Updated copyright year to `2022`
+3. [](#bugfix)
+   * Fixed bad key lookup in `FlexRelatedDirectoryTrait::getCollectionByProperty()`
+   * Fixed RequestHandlers `NotFoundException` having empty request
+   * Block `.json` files in web server configs
+   * Disabled pretty debug info for Flex as it slows down Twig rendering
+   * Fixed Twig being very slow when template overrides do not exist
+   * Fixed `UserObject::$authorizeCallable` binding to the user object
+   * Fixed `FlexIndex::call()` to return null instead of failing to call undefined method
+   * Fixed Flex directory configuration creating environment configuration when it should not
+
+# v1.7.25
+## 11/16/2021
+
+1. [](#new)
+    * Updated phpstan to v1.0
+    * Added `FlexObject::getDiff()` to see difference to the saved object
+2. [](#improved)
+    * Use Symfony `dump` instead of PHP's `vardump` in side the `{{ vardump(x) }}` Twig vardump function
+    * Added `route` and `request` to `onPagesInitialized` event
+    * Improved page cloning, added method `Page::initialize()`
+    * Improved `FlexObject::getChanges()`: return changed lists and arrays as whole instead of just changed keys/values
+    * Improved form validation JSON responses to contain list of failed fields with their error messages
+    * Improved redirects: send redirect response in JSON if the request was in JSON
+3. [](#bugfix)
+    * Fixed path traversal vulnerability when using `bin/grav server`
+    * Fixed unescaped error messages in JSON error responses
+    * Fixed `|t(variable)` twig filter in admin
+    * Fixed `FlexObject::getChanges()` always returning empty array
+    * Fixed form validation exceptions to use `400 Bad Request` instead of `500 Internal Server Error`
+
+# v1.7.24
+## 10/26/2021
+
+1. [](#new)
+    * Added support for image watermarks
+    * Added support to disable a form, making it readonly
+2. [](#improved)
+    * Flex `$user->authorize()` now checks user groups before `admin.super`, allowing deny rules to work properly
+3. [](#bugfix)
+    * Fixed a bug in `PermissionsReader` in PHP 7.3
+    * Fixed `session_store_active` language option (#3464)
+    * Fixed deprecated warnings on `ArrayAccess` in PHP 8.1
+    * Fixed XSS detection with `:`
+
+# v1.7.23
+## 09/29/2021
+
+1. [](#new)
+    * Added method `Pages::referrerRoute()` to get the referrer route and language
+    * Added true unique `Utils::uniqueId()` / `{{ unique_id() }}` utilities  with length, prefix, and suffix support
+    * Added `UserObject::isMyself()` method to check if flex user is currently logged in
+    * Added support for custom form field options validation with `validate: options: key|ignore`
+2. [](#improved)
+   * Replaced GPL `SVG-Sanitizer` with MIT licensed `DOM-Sanitizer`
+   * `Uri::referrer()` now accepts third parameter, if set to `true`, it returns route without base or language code [#3411](https://github.com/getgrav/grav/issues/3411)
+   * Updated vendor libs with latest
+   * Updated with latest language strings via Crowdin.com
+3. [](#bugfix)
+    * Fixed `Folder::move()` throwing an error when target folder is changed by only appending characters to the end [#3445](https://github.com/getgrav/grav/issues/3445)
+    * Fixed some phpstan issues (all code back to level 1, Framework level 3)
+    * Fixed form reset causing image uploads to fail when using Flex
+
+# v1.7.22
+## 09/16/2021
+
+1. [](#new)
+    * Register plugin autoloaders into plugin objects
+2. [](#improved)
+    * Improve Twig 2 compatibility
+    * Update to customized version of Twig DeferredExtension (Twig 1/2 compatible)
+3. [](#bugfix)
+    * Fixed conflicting `$_original` variable in `Flex Pages`
+
+# v1.7.21
+## 09/14/2021
+
+1. [](#new)
+    * Added `|yaml` filter to convert input to YAML
+    * Added `route` and `request` to `onPageNotFound` event
+    * Added file upload/remove support for `Flex Forms`
+    * Added support for `flex-required@: not exists` and `flex-required@: '!exists'` in blueprints
+    * Added `$object->getOriginalData()` to get flex objects data before it was modified with `update()`
+    * Throwing exceptions from Twig templates fires `onDisplayErrorPage.[code]` event allowing better error pages
+2. [](#improved)
+    * Use a simplified text-based `cron` field for scheduler
+    * Add timestamp to logging output of scheduler jobs to see when they ran
+3. [](#bugfix)
+    * Fixed escaping in PageIndex::getLevelListing()
+    * Fixed validation of `number` type [#3433](https://github.com/getgrav/grav/issues/3433)
+    * Fixed excessive `security.yaml` file creation [#3432](https://github.com/getgrav/grav/issues/3432)
+    * Fixed incorrect port :0 with nginx unix socket setup [#3439](https://github.com/getgrav/grav/issues/3439)
+    * Fixed `Session::setFlashCookieObject()` to use the same options as the main session cookie
+
+# v1.7.20
+## 09/01/2021
+
+2. [](#improved)
+    * Added support for `task` and `action` inside JSON request body
+
+# v1.7.19
+## 08/31/2021
+
+1. [](#new)
+    * Include active form and request in `onPageTask` and `onPageAction` events (defaults to `null`)
+    * Added `UserObject::$authorizeCallable` to allow `$user->authorize()` customization
+2. [](#improved)
+    * Added meta support for `UploadedFile` class
+    * Added support for multiple mime-types per file extension [#3422](https://github.com/getgrav/grav/issues/3422)
+    * Added `setCurrent()` method to Page Collection [#3398](https://github.com/getgrav/grav/pull/3398)
+    * Initialize `$grav['uri']` before session
+3. [](#bugfix)
+    * Fixed `Warning: Undefined array key "SERVER_SOFTWARE" in index.php` [#3408](https://github.com/getgrav/grav/issues/3408)
+    * Fixed error in `loadDirectoryConfig()` if configuration hasn't been saved [#3409](https://github.com/getgrav/grav/issues/3409)
+    * Fixed GPM not using non-standard cache path [#3410](https://github.com/getgrav/grav/issues/3410)
+    * Fixed broken `environment://` stream when it doesn't have configuration
+    * Fixed `Flex Object` missing key field value when using `FolderStorage`
+    * Fixed broken Twig try tag when catch has not been defined or is empty
+    * Fixed `FlexForm` serialization
+    * Fixed form validation for numeric values in PHP 8
+    * Fixed `flex-options@` in blueprints duplicating items in array
+    * Fixed wrong form issue with flex objects after cache clear
+    * Fixed Flex object types not implementing `MediaInterface`
+    * Fixed issue with `svgImageFunction()` that was causing broken output
+
+# v1.7.18
+## 07/19/2021
+
+1. [](#improved)
+    * Added support for loading Flex Directory configuration from main configuration
+    * Move SVGs that cannot be sanitized to quarantine folder under `log://quarantine`
+    * Added support for CloudFlare-forwarded client IP in the `URI::ip()` method
+1. [](#bugfix)
+    * Fixed error when using Flex `SimpleStorage` with no entries
+    * Fixed page search to include slug field [#3316](https://github.com/getgrav/grav/issues/3316)
+    * Fixed Admin becoming unusable when GPM cannot be reached [#3383](https://github.com/getgrav/grav/issues/3383)
+    * Fixed `Failed to save entry: Forbidden` when moving a page to a visible page [#3389](https://github.com/getgrav/grav/issues/3389)
+    * Better support for Symfony local server on linux [#3400](https://github.com/getgrav/grav/pull/3400)
+    * Fixed `open_basedir()` error with some forms
+
+# v1.7.17
+## 06/15/2021
+
+1. [](#new)
+    * Interface `FlexDirectoryInterface` now extends `FlexAuthorizeInterface`
+1. [](#improved)
+    * Allow to unset an asset attribute by specifying null (ie, `'defer': null`)
+    * Support specifying custom attributes to assets in a collection [Read more](https://learn.getgrav.org/17/themes/asset-manager#collections-with-attributes?target=_blank) [#3358](https://github.com/getgrav/grav/issues/3358)
+    * File `frontmatter.yaml` isn't part of media, ignore it
+    * Switched default `JQuery` collection to use 3.x rather than 2.x
+1. [](#bugfix)
+    * Fixed missing styles when CSS/JS Pipeline is used and `asset://` folder is missing
+    * Fixed permission check when moving a page [#3382](https://github.com/getgrav/grav/issues/3382)
+
+# v1.7.16
+## 06/02/2021
+
+1. [](#new)
+    * Added 'addFrame()' method to ImageMedium [#3323](https://github.com/getgrav/grav/pull/3323)
+1. [](#improved)
+    * Set `cache.clear_images_by_default` to `false` by default
+    * Improve error on bad nested form data [#3364](https://github.com/getgrav/grav/issues/3364)
+1. [](#bugfix)
+    * Improve Plugin and Theme initialization to fix PHP8 bug [#3368](https://github.com/getgrav/grav/issues/3368)
+    * Fixed `pathinfo()` twig filter in PHP7
+    * Fixed the first visible child page getting ordering number `999999.` [#3365](https://github.com/getgrav/grav/issues/3365)
+    * Fixed flex pages search using only folder name [#3316](https://github.com/getgrav/grav/issues/3316)
+    * Fixed flex pages using wrong type in `onBlueprintCreated` event [#3157](https://github.com/getgrav/grav/issues/3157)
+    * Fixed wrong SRI paths invoked when Grav instance as a sub folder [#3358](https://github.com/getgrav/grav/issues/3358)
+    * Fixed SRI trying to calculate remote assets, only ever set integrity for local files. Use the SRI provided by the remote source and manually add it in the `addJs/addCss` call for remote support. [#3358](https://github.com/getgrav/grav/issues/3358)
+    * Fix for weird regex issue with latest PHP versions on Intel Macs causing params to not parse properly in URI object
+
+# v1.7.15
+## 05/19/2021
+
+1. [](#improved)
+    * Allow optional start date in page collections [#3350](https://github.com/getgrav/grav/pull/3350)
+    * Added `page` and `output` properties to `onOutputGenerated` and `onOutputRendered` events
+1. [](#bugfix)
+    * Fixed twig deprecated TwigFilter messages [#3348](https://github.com/getgrav/grav/issues/3348)
+    * Fixed fatal error with some markdown links [getgrav/grav-premium-issues#95](https://github.com/getgrav/grav-premium-issues/issues/95)
+    * Fixed markdown media operations not working when using `image://` stream [#3333](https://github.com/getgrav/grav/issues/3333) [#3349](https://github.com/getgrav/grav/issues/3349)
+    * Fixed copying page without changing the slug [getgrav/grav-plugin-admin#2135](https://github.com/getgrav/grav-plugin-admin/issues/2139)
+    * Fixed missing and commonly used methods when using `system.twig.undefined_functions = false` [getgrav/grav-plugin-admin#2138](https://github.com/getgrav/grav-plugin-admin/issues/2138)
+    * Fixed uploading images into Flex Object if field destination is not set
+
+# v1.7.14
+## 04/29/2021
+
+1. [](#new)
+    * Added `MediaUploadTrait::checkFileMetadata()` method
+1. [](#improved)
+    * Updating a theme should always keep the custom files [getgrav/grav-plugin-admin#2135](https://github.com/getgrav/grav-plugin-admin/issues/2135)
+1. [](#bugfix)
+    * Fixed broken numeric language codes in Flex Pages [#3332](https://github.com/getgrav/grav/issues/3332)
+    * Fixed broken `exif_imagetype()` twig function
+
+# v1.7.13
+## 04/23/2021
+
+1. [](#new)
+    * Added support for getting translated collection of Flex Pages using `$collection->withTranslated('de')`
+1. [](#improved)
+    * Moved `gregwar/Image` and `gregwar/Cache` in-house to official `getgrav/Image` and `getgrav/Cache` packagist packages. This will help environments with very strict proxy setups that don't allow VCS setup. [#3289](https://github.com/getgrav/grav/issues/3289)
+    * Improved XSS Invalid Protocol detection regex [#3298](https://github.com/getgrav/grav/issues/3298)
+    * Added support for user provided folder in Flex `$page->copy()`
+1. [](#bugfix)
+    * Fixed `The "Grav/Common/Twig/TwigExtension" extension is not enabled` when using markdown twig tag [#3317](https://github.com/getgrav/grav/issues/3317)
+    * Fixed text field maxlength validation newline issue [#3324](https://github.com/getgrav/grav/issues/3324)
+    * Fixed a bug in Flex Object `refresh()` method
+
+# v1.7.12
+## 04/15/2021
+
+1. [](#improved)
+    * Improve JSON support for the request
+1. [](#bugfix)
+    * Fixed absolute path support for Windows [#3297](https://github.com/getgrav/grav/issues/3297)
+    * Fixed adding tags in admin after upgrading Grav [#3315](https://github.com/getgrav/grav/issues/3315)
+
+# v1.7.11
+## 04/13/2021
+
+1. [](#new)
+    * Added configuration options to allow PHP methods to be used in Twig functions (`system.twig.safe_functions`) and filters (`system.twig.safe_filters`)
+    * Deprecated using PHP methods in Twig without them being in the safe lists
+    * Prevent dangerous PHP methods from being used as Twig functions and filters
+    * Restrict filesystem Twig functions to accept only local filesystem and grav streams
+1. [](#improved)
+    * Better GPM detection of unauthorized installations
+1. [](#bugfix)
+  * **IMPORTANT** Fixed security vulnerability with Twig allowing dangerous PHP functions by default [GHSA-g8r4-p96j-xfxc](https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc)
+    * Fixed nxinx appending repeating `?_url=` in some redirects
+    * Fixed deleting page with language code not removing the folder if it was the last language [#3305](https://github.com/getgrav/grav/issues/3305)
+    * Fixed fatal error when using markdown links with `image://` stream [#3285](https://github.com/getgrav/grav/issues/3285)
+    * Fixed `system.languages.session_store_active` not having any effect [#3269](https://github.com/getgrav/grav/issues/3269)
+    * Fixed fatal error if `system.pages.types` is not an array [#2984](https://github.com/getgrav/grav/issues/2984)
+
+# v1.7.10
+## 04/06/2021
+
+1. [](#new)
+    * Added initial support for running Grav library from outside the webroot [#3297](https://github.com/getgrav/grav/issues/3297)
+1. [](#improved)
+    * Improved password handling when saving a user
+1. [](#bugfix)
+    * Ignore errors when using `set_time_limit` in `Archiver` and `GPM\Response` classes [#3023](https://github.com/getgrav/grav/issues/3023)
+    * Fixed `Folder::move()` deleting the folder if you move folder into itself, created empty file instead
+    * Fixed moving `Flex Page` to itself causing the page to be lost [#3227](https://github.com/getgrav/grav/issues/3227)
+    * Fixed `PageStorage` from detecting files as pages
+    * Fixed `UserIndex` not implementing `UserCollectionInterface`
+    * Fixed missing `onAdminAfterDelete` event call in `Flex Pages`
+    * Fixed system templates not getting scanned [#3296](https://github.com/getgrav/grav/issues/3296)
+    * Fixed incorrect routing if url path looks like a domain name [#2184](https://github.com/getgrav/grav/issues/2184)
+
+# v1.7.9
+## 03/19/2021
+
+1. [](#new)
+    * Added `Media::hide()` method to hide files from media
+    * Added `Utils::getPathFromToken()` method which works also with `Flex Objects`
+    * Added `FlexMediaTrait::getMediaField()`, which can be used to access custom media set in the blueprint fields
+    * Added `FlexMediaTrait::getFieldSettings()`, which can be used to get media field settings
+1. [](#improved)
+    * Method `Utils::getPagePathFromToken()` now calls the more generic `Utils::getPathFromToken()`
+    * Updated `SECURITY.md` to use security@getgrav.org
+1. [](#bugfix)
+    * Fixed broken media upload in `Flex` with `@self/path`, `@page` and `@theme` destinations [#3275](https://github.com/getgrav/grav/issues/3275)
+    * Fixed media fields excluding newly deleted files before saving the object
+    * Fixed method `$pages->find()` should never redirect [#3266](https://github.com/getgrav/grav/pull/3266)
+    * Fixed `Page::activeChild()` throwing an error [#3276](https://github.com/getgrav/grav/issues/3276)
+    * Fixed `Flex Page` CRUD ACL when creating a new page (needs Flex Objects plugin update) [grav-plugin-flex-objects#115](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/115)
+    * Fixed the list of pages not showing up in admin [#3280](https://github.com/getgrav/grav/issues/3280)
+    * Fixed text field min/max validation for UTF8 characters [#3281](https://github.com/getgrav/grav/issues/3281)
+    * Fixed redirects using wrong redirect code
+
+# v1.7.8
+## 03/17/2021
+
+1. [](#new)
+    * Added `ControllerResponseTrait::createDownloadResponse()` method
+    * Added full blueprint support to theme if you move existing files in `blueprints/` to `blueprints/pages/` folder [#3255](https://github.com/getgrav/grav/issues/3255)
+    * Added support for `Theme::getFormFieldTypes()` just like in plugins
+1. [](#improved)
+    * Optimized `Flex Pages` for speed
+    * Optimized saving visible/ordered pages when there are a lot of siblings [#3231](https://github.com/getgrav/grav/issues/3231)
+    * Clearing cache now deletes all clockwork files
+    * Improved `system.pages.redirect_default_route` and `system.pages.redirect_trailing_slash` configuration options to accept redirect code
+1. [](#bugfix)
+    * Fixed clockwork error when clearing cache
+    * Fixed missing method `translated()` in `Flex Pages`
+    * Fixed missing `Flex Pages` in site if multi-language support has been enabled
+    * Fixed Grav using blueprints and form fields from disabled plugins
+    * Fixed `FlexIndex::sortBy(['key' => 'ASC'])` having no effect
+    * Fixed default Flex Pages collection ordering to order by filesystem path
+    * Fixed disappearing pages on save if `pages://` stream resolves to multiple folders where the preferred folder doesn't exist
+    * Fixed Markdown image attribute `loading` [#3251](https://github.com/getgrav/grav/pull/3251)
+    * Fixed `Uri::isValidExtension()` returning false positives
+    * Fixed `page.html` returning duplicated content with `system.pages.redirect_default_route` turned on [#3130](https://github.com/getgrav/grav/issues/3130)
+    * Fixed site redirect with redirect code failing when redirecting to sub-pages [#3035](https://github.com/getgrav/grav/pull/3035/files)
+    * Fixed `Uncaught ValueError: Path cannot be empty` when failing to upload a file [#3265](https://github.com/getgrav/grav/issues/3265)
+    * Fixed `Path cannot be empty` when viewing non-existent log file [#3270](https://github.com/getgrav/grav/issues/3270)
+    * Fixed `onAdminSave` original page having empty header [#3259](https://github.com/getgrav/grav/issues/3259)
+
+# v1.7.7
+## 02/23/2021
+
+1. [](#new)
+    * Added `Utils::arrayToQueryParams()` to convert an array into query params
+1. [](#improved)
+    * Added original image support for all flex objects and media fields
+    * Improved `Pagination` class to allow custom pagination query parameter
+1. [](#bugfix)
+    * Fixed avatar of the user not being saved [grav-plugin-flex-objects#111](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/111)
+    * Replaced special space character with regular space in `system/blueprints/user/account_new.yaml`
+
+# v1.7.6
+## 02/17/2021
+
+1. [](#new)
+    * Added `Medium::attribute()` to pass arbitrary attributes [#3065](https://github.com/getgrav/grav/pull/3065)
+    * Added `Plugins::getPlugins()` and `Plugins::getPlugin($name)` to make it easier to access plugin instances [#2277](https://github.com/getgrav/grav/pull/2277)
+    * Added `regex_match` and `regex_split` twig functions [#2788](https://github.com/getgrav/grav/pull/2788)
+    * Updated all languages from [Crowdin](https://crowdin.com/project/grav-core) - Please update any translations here
+1. [](#improved)
+    * Added abstract `FlexObject`, `FlexCollection` and `FlexIndex` classes to `\Grav\Common\Flex` namespace (extend those instead of Framework or Generic classes)
+    * Updated bundled `composer.phar` binary to latest version `2.0.9`
+    * Improved session fixation handling in PHP 7.4+ (cannot fix it in PHP 7.3 due to PHP bug)
+    * Added optional password/database attributes for redis in `system.yaml`
+    * Added ability to filter enabled or disabled with bin/gpm index [#3187](https://github.com/getgrav/grav/pull/3187)
+    * Added `$grav->getVersion()` or `grav.version` in twig to get the current Grav version [#3142](https://github.com/getgrav/grav/issues/3142)
+    * Added second parameter to `$blueprint->flattenData()` to include every field, including those which have no data
+    * Added support for setting session domain [#2040](https://github.com/getgrav/grav/pull/2040)
+    * Better support inheriting languages when using child themes [#3226](https://github.com/getgrav/grav/pull/3226)
+    * Added option for `FlexForm` constructor to reset the form
+1. [](#bugfix)
+    * Fixed issue with `content-security-policy` not being properly supported with `http-equiv` + support single quotes
+    * Fixed CLI progressbar in `backup` and `security` commands to use styled output [#3198](https://github.com/getgrav/grav/issues/3198)
+    * Fixed page save failing because of uploaded images [#3191](https://github.com/getgrav/grav/issues/3191)
+    * Fixed `Flex Pages` using only default language in frontend [#106](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/106)
+    * Fixed empty `route()` and `raw_route()` when getting translated pages [#3184](https://github.com/getgrav/grav/pull/3184)
+    * Fixed error on `bin/gpm plugin uninstall` [#3207](https://github.com/getgrav/grav/issues/3207)
+    * Fixed broken min/max validation for field `type: int`
+    * Fixed lowering uppercase characters in usernames when saving from frontend [#2565](https://github.com/getgrav/grav/pull/2565)
+    * Fixed save error when editing accounts that have been created with capital letters in their username [#3211](https://github.com/getgrav/grav/issues/3211)
+    * Fixed renaming flex objects key when using file storage
+    * Fixed wrong values in Admin pages list [#3214](https://github.com/getgrav/grav/issues/3214)
+    * Fixed pipelined asset using different hash when extra asset is added to before/after position [#2781](https://github.com/getgrav/grav/issues/2781)
+    * Fixed trailing slash redirect to only apply to GET/HEAD requests and use 301 status code [#3127](https://github.com/getgrav/grav/issues/3127)
+    * Fixed root page to always contain trailing slash [#3127](https://github.com/getgrav/grav/issues/3127)
+    * Fixed `<meta name="flattr:*" content="*">` to use name instead property [#3010](https://github.com/getgrav/grav/pull/3010)
+    * Fixed behavior of opposite filters in `Pages::getCollection()` to match Grav 1.6 [#3216](https://github.com/getgrav/grav/pull/3216)
+    * Fixed modular content with missing template file ending up using non-modular template [#3218](https://github.com/getgrav/grav/issues/3218)
+    * Fixed broken attachment image in Flex Objects Admin when `destination: self@` used [#3225](https://github.com/getgrav/grav/issues/3225)
+    * Fixed bug in page content with both markdown and twig enabled [#3223](https://github.com/getgrav/grav/issues/3223)
+
+# v1.7.5
+## 02/01/2021
+
+1. [](#bugfix)
+    * Revert: Fixed page save failing because of uploaded images [#3191](https://github.com/getgrav/grav/issues/3191) - breaking save
+
+# v1.7.4
+## 02/01/2021
+
+1. [](#new)
+    * Added `FlexForm::setSubmitMethod()` to customize form submit action
+1. [](#improved)
+    * Improved GPM error handling
+1. [](#bugfix)
+    * Fixed `bin/gpm uninstall` script not working because of bad typehint [#3172](https://github.com/getgrav/grav/issues/3172)
+    * Fixed `login: visibility_requires_access` not working in pages [#3176](https://github.com/getgrav/grav/issues/3176)
+    * Fixed cannot change image format [#3173](https://github.com/getgrav/grav/issues/3173)
+    * Fixed saving page in expert mode [#3174](https://github.com/getgrav/grav/issues/3174)
+    * Fixed exception in `$flexPage->frontmatter()` method when setting value
+    * Fixed `onBlueprintCreated` event being called multiple times in `Flex Pages` [grav-plugin-flex-objects#97](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/97)
+    * Fixed wrong ordering in page collections if `intl` extension has been enabled [#3167](https://github.com/getgrav/grav/issues/3167)
+    * Fixed page redirect to the first visible child page (needs to be routable and published, too)
+    * Fixed untranslated module pages showing up in the menu
+    * Fixed page save failing because of uploaded images [#3191](https://github.com/getgrav/grav/issues/3191)
+    * Fixed incorrect config lookup for loading in `ImageLoadingTrait` [#3192](https://github.com/getgrav/grav/issues/3192)
+
+# v1.7.3
+## 01/21/2021
+
+1. [](#improved)
+    * IMPORTANT - Please [checkout the process](https://getgrav.org/blog/grav-170-cli-self-upgrade-bug) to `self-upgrade` from CLI if you are on **Grav 1.7.0 or 1.7.1**
+    * Added support for symlinking individual plugins and themes by using `bin/grav install -p myplugin` or `-t mytheme`
+    * Added support for symlinking plugins and themes with `hebe.json` file to support custom folder structures
+    * Added support for running post-install scripts in `bin/gpm selfupgrade` if Grav was updated manually
+1. [](#bugfix)
+    * Fixed default GPM Channel back to 'stable' - this was inadvertently left as 'testing' [#3163](https://github.com/getgrav/grav/issues/3163)
+    * Fixed broken stream initialization if `environment://` paths aren't streams
+    * Fixed Clockwork debugger in sub-folder multi-site setups
+    * Fixed `Unsupported option "curl" passed to "Symfony\Component\HttpClient\CurlHttpClient"` in `bin/gpm selfupgrade` [#3165](https://github.com/getgrav/grav/issues/3165)
+
+# v1.7.2
+## 01/21/2021
+
+1. [](#improved)
+    * This release was pulled due to a bug in the installer, 1.7.3 replaces it.
+
+# v1.7.1
+## 01/20/2021
+
+1. [](#bugfix)
+    * Fixed fatal error when `site.taxonomies` contains a bad value
+    * Sanitize valid Page extensions from `Page::template_format()`
+    * Fixed `bin/gpm index` erroring out [#3158](https://github.com/getgrav/grav/issues/3158)
+    * Fixed `bin/gpm selfupgrade` failing to report failed Grav update [#3116](https://github.com/getgrav/grav/issues/3116)
+    * Fixed `bin/gpm selfupgrade` error on `Call to undefined method` [#3160](https://github.com/getgrav/grav/issues/3160)
+    * Flex Pages: Fixed fatal error when trying to move a page to Root (/) [#3161](https://github.com/getgrav/grav/issues/3161)
+    * Fixed twig parsing errors in pages where twig is parsed after markdown [#3162](https://github.com/getgrav/grav/issues/3162)
+    * Fixed `lighttpd.conf` access-deny rule [#1876](https://github.com/getgrav/grav/issues/1876)
+    * Fixed page metadata being double-escaped [#3121](https://github.com/getgrav/grav/issues/3121)
+
+# v1.7.0
+## 01/19/2021
+
+1. [](#new)
+    * Requires **PHP 7.3.6**
+    * Read about this release in the [Grav 1.7 Released](https://getgrav.org/blog/grav-1.7-released) blog post
+    * Read the full list of all changes in the [Changelog on GitHub](https://github.com/getgrav/grav/blob/1.7.0/CHANGELOG.md)
+    * Please read [Grav 1.7 Upgrade Guide](https://learn.getgrav.org/17/advanced/grav-development/grav-17-upgrade-guide) before upgrading!
+    * Added support for overriding configuration by using environment variables
+    * Use PHP 7.4 serialization (the old `Serializable` methods are now final and cannot be overridden)
+    * Enabled `ETag` setting by default for 304 responses
+    * Added `FlexCollection::getDistinctValues()` to get all the assigned values from the field
+    * `Flex Pages` method `$page->header()` returns `\Grav\Common\Page\Header` object, old `Page` class still returns `stdClass`
+1. [](#improved)
+    * Make it possible to use an absolute path when loading a blueprint
+    * Make serialize methods final in `ContentBlock`, `AbstractFile`, `FormTrait`, `ObjectCollectionTrait` and `ObjectTrait`
+    * Added support for relative paths in `PageObject::getLevelListing()` [#3110](https://github.com/getgrav/grav/issues/3110)
+    * Better `--env` and `--lang` support for `bin/grav`, `bin/gpm` and `bin/plugin` console commands
+      * **BC BREAK** Shorthand for `--env`: `-e` will not work anymore as it conflicts with some plugins
+    * Added support for locking the `start` and `limit` in a Page Collection
+1. [](#bugfix)
+    * Fixed port issue with `system.custom_base_url`
+    * Hide errors with `exif_read_data` in `ImageFile`
+    * Fixed unserialize in `MarkdownFormatter` and `Framework\File` classes
+    * Fixed pages with session messages should never be cached [#3108](https://github.com/getgrav/grav/issues/3108)
+    * Fixed `Filesystem::normalize()` with dot-dot paths
+    * Fixed Flex sorting issues [grav-plugin-flex-objects#92](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/92)
+    * Fixed Clockwork missing dumped arrays and objects
+    * Fixed fatal error in PHP 8 when trying to access root page
+    * Fixed Array->String conversion error when `languages:translations: false` [admin#1896](https://github.com/getgrav/grav-plugin-admin/issues/1896)
+    * Fixed `Inflector` methods when translation is missing `GRAV.INFLECTOR_*` translations
+    * Fixed exception when changing parent of new page [grav-plugin-admin#2018](https://github.com/getgrav/grav-plugin-admin/issues/2018)
+    * Fixed ordering issue with moving pages [grav-plugin-admin#2015](https://github.com/getgrav/grav-plugin-admin/issues/2015)
+    * Fixed Flex Pages cache not invalidating if saving an old `Page` object [#3152](https://github.com/getgrav/grav/issues/3152)
+    * Fixed multiple issues with `system.language.translations: false`
+    * Fixed page collections containing dummy items for untranslated default language [#2985](https://github.com/getgrav/grav/issues/2985)
+    * Fixed streams in `setup.php` being overridden by `system/streams.yaml` [#2450](https://github.com/getgrav/grav/issues/2450)
+    * Fixed `ERR_TOO_MANY_REDIRECTS` with HTTPS = 'On' [#3155](https://github.com/getgrav/grav/issues/3155)
+    * Fixed page collection pagination not behaving as it did in Grav 1.6
+
+# v1.7.0-rc.20
+## 12/15/2020
+
+1. [](#new)
+    * Update phpstan to version 0.12
+    * Auto-Escape enabled by default. Manually enable **Twig Compatibility** and disable **Auto-Escape** to use the old setting.
+    * Updated unit tests to use codeception 4.1
+    * Added support for setting `GRAV_ENVIRONMENT` by using environment variable or a constant
+    * Added support for setting `GRAV_SETUP_PATH` by using environment variable (constant already worked)
+    * Added support for setting `GRAV_ENVIRONMENTS_PATH` by using environment variable or a constant
+    * Added support for setting `GRAV_ENVIRONMENT_PATH` by using environment variable or a constant
+1. [](#improved)
+    * Improved `bin/grav install` command
+1. [](#bugfix)
+    * Fixed potential error when upgrading Grav
+    * Fixed broken list in `bin/gpm index` [#3092](https://github.com/getgrav/grav/issues/3092)
+    * Fixed CLI/GPM command failures returning 0 (success) value [#3017](https://github.com/getgrav/grav/issues/3017)
+    * Fixed unimplemented `PageObject::getOriginal()` call [#3098](https://github.com/getgrav/grav/issues/3098)
+    * Fixed `Argument 1 passed to Grav\Common\User\DataUser\User::filterUsername() must be of the type string` [#3101](https://github.com/getgrav/grav/issues/3101)
+    * Fixed broken check if php exif module is enabled in `ImageFile::fixOrientation()`
+    * Fixed `StaticResizeTrait::resize()` bad image height/width attributes if `null` values are passed to the method
+    * Fixed twig script/style tag `{% script 'file.js' at 'bottom' %}`, replaces broken `in` operator [#3084](https://github.com/getgrav/grav/issues/3084)
+    * Fixed dropped query params when `?` is preceded with `/` [#2964](https://github.com/getgrav/grav/issues/2964)
+
+# v1.7.0-rc.19
+## 12/02/2020
+
+1. [](#bugfix)
+    * Updated composer libraries with latest Toolbox v1.5.6 that contains critical fixes
+
+# v1.7.0-rc.18
+## 12/02/2020
+
+1. [](#new)
+    * Set minimum requirements to **PHP 7.3.6**
+    * Updated Clockwork to v5.0
+    * Added `FlexDirectoryInterface` interface
+    * Renamed `PageCollectionInterface::nonModular()` into `PageCollectionInterface::pages()` and deprecated the old method
+    * Renamed `PageCollectionInterface::modular()` into `PageCollectionInterface::modules()` and deprecated the old method'
+    * Upgraded `bin/composer.phar` to `2.0.2` which is all new and much faster
+    * Added search option `same_as` to Flex Objects
+    * Added PHP 8 compatible `function_exists()`: `Utils::functionExists()`
+    * New sites have `compatibility` features turned off by default, upgrading from older versions will keep the settings on
+1. [](#improved)
+    * Updated bundled JQuery to latest version `3.5.1`
+    * Forward a `sid` to GPM when downloading a premium package via CLI
+    * Allow `JsonFormatter` options to be passed as a string
+    * Hide Flex Pages frontend configuration (not ready for production use)
+    * Improve Flex configuration: gather views together in blueprint
+    * Added XSS detection to all forms. See [documentation](https://learn.getgrav.org/17/forms/forms/form-options#xss-checks)
+    * Better handling of missing repository index [grav-plugin-admin#1916](https://github.com/getgrav/grav-plugin-admin/issues/1916)
+    * Added support for having all sites / environments under `user/env` folder [#3072](https://github.com/getgrav/grav/issues/3072)
+    * Added `FlexObject::refresh()` method to make sure object is up to date
+1. [](#bugfix)
+    * *Menu Visibility Requires Access* Security option setting wrong frontmatter [login#265](https://github.com/getgrav/grav-plugin-login/issues/265)
+    * Accessing page with unsupported file extension (jpg, pdf, xsl) will use wrong mime type [#3031](https://github.com/getgrav/grav/issues/3031)
+    * Fixed media crashing on a bad image
+    * Fixed bug in collections where filter `type: false` did not work
+    * Fixed `print_r()` in twig
+    * Fixed sorting by groups in `Flex Users`
+    * Changing `Flex Page` template causes the other language versions of that page to lose their content [admin#1958](https://github.com/getgrav/grav-plugin-admin/issues/1958)
+    * Fixed plugins getting initialized multiple times (by CLI commands for example)
+    * Fixed `header.admin.children_display_order` in Flex Pages to work just like with regular pages
+    * Fixed `Utils::isFunctionDisabled()` method if there are spaces in `disable_functions` [#3023](https://github.com/getgrav/grav/issues/3023)
+    * Fixed potential fatal error when creating flex index using cache [#3062](https://github.com/getgrav/grav/issues/3062)
+    * Fixed fatal error in `CompiledFile` if the cached version is broken
+    * Fixed updated media missing from media when editing Flex Object after page reload
+    * Fixed issue with `config-default@` breaking on set [#1972](https://github.com/getgrav/grav-plugin-admin/issues/1971)
+    * Escape titles in Flex pages list [flex-objects#84](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/84)
+    * Fixed Purge successful message only working in Scheduler but broken in CLI and Admin [#1935](https://github.com/getgrav/grav-plugin-admin/issues/1935)
+    * Fixed `system://` stream is causing issues in Admin, making Media tab to disappear and possibly causing other issues [#3072](https://github.com/getgrav/grav/issues/3072)
+    * Fixed CLI self-upgrade from Grav 1.6 [#3079](https://github.com/getgrav/grav/issues/3079)
+    * Fixed `bin/grav yamllinter -a` and `-f` not following symlinks [#3080](https://github.com/getgrav/grav/issues/3080)
+    * Fixed `|safe_email` filter to return safe and escaped UTF-8 HTML [#3072](https://github.com/getgrav/grav/issues/3072)
+    * Fixed exception in CLI GPM and backup commands when `php-zip` is not enabled [#3075](https://github.com/getgrav/grav/issues/3075)
+    * Fix for XSS advisory [GHSA-cvmr-6428-87w9](https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9)
+    * Fixed Flex and Page ordering to be natural and case insensitive [flex-objects#87](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/87)
+    * Fixed plugin/theme priority ordering to be numeric
+
+# v1.7.0-rc.17
+## 10/07/2020
+
+1. [](#new)
+    * Added a `Uri::getAllHeaders()` compatibility function
+1. [](#improved)
+    * Fall back through various templates scenarios if they don't exist in theme to avoid unhelpful error.
+    * Added default templates for `external.html.twig`, `default.html.twig`, and `modular.html.twig`
+    * Improve Media classes
+    * _POTENTIAL BREAKING CHANGE:_ Added reload argument to `FlexStorageInterface::getMetaData()`
+1. [](#bugfix)
+    * Fixed `Security::sanitizeSVG()` creating an empty file if SVG file cannot be parsed
+    * Fixed infinite loop in blueprints with `extend@` to a parent stream
+    * Added missing `Stream::create()` method
+    * Added missing `onBlueprintCreated` event for Flex Pages
+    * Fixed `onBlueprintCreated` firing multiple times recursively
+    * Fixed media upload failing with custom folders
+    * Fixed `unset()` in `ObjectProperty` class
+    * Fixed `FlexObject::freeMedia()` method causing media to become null
+    * Fixed bug in `Flex Form` making it impossible to set nested values
+    * Fixed `Flex User` avatar when using folder storage, also allow multiple images
+    * Fixed Referer reference during GPM calls.
+    * Fixed fatal error with toggled lists
+
+# v1.7.0-rc.16
+## 09/01/2020
+
+1. [](#new)
+    * Added a new `svg_image()` twig function to make it easier to 'include' SVG source in Twig
+    * Added a helper `Utils::fullPath()` to get the full path to a file be it stream, relative, etc.
+1. [](#improved)
+    * Added `themes` to cached blueprints and configuration
+1. [](#bugfix)
+    * Fixed `Flex Pages` issue with `getRoute()` returning path with language prefix for default language if set not to do that
+    * Fixed `Flex Pages` bug where reordering pages causes page content to disappear if default language uses wrong extension (`.md` vs `.en.md`)
+    * Fixed `Flex Pages` bug where `onAdminSave` passes page as `$event['page']` instead of `$event['object']` [#2995](https://github.com/getgrav/grav/issues/2995)
+    * Fixed `Flex Pages` bug where changing a modular page template added duplicate file [admin#1899](https://github.com/getgrav/grav-plugin-admin/issues/1899)
+    * Fixed `Flex Pages` bug where renaming slug causes bad ordering range after save [#2997](https://github.com/getgrav/grav/issues/2997)
+
+# v1.7.0-rc.15
+## 07/22/2020
+
+1. [](#bugfix)
+    * Fixed Flex index file caching [#2962](https://github.com/getgrav/grav/issues/2962)
+    * Fixed various issues with Exif data reading and images being incorrectly rotated [#1923](https://github.com/getgrav/grav-plugin-admin/issues/1923)
+
+# v1.7.0-rc.14
+## 07/09/2020
+
+1. [](#improved)
+    * Added ability to `noprocess` specific items only in Link/Image Excerpts, e.g. `http://foo.com/page?id=foo&target=_blank&noprocess=id` [#2954](https://github.com/getgrav/grav/pull/2954)
+1. [](#bugfix)
+    * Regression: Default language fix broke `Language::getLanguageURLPrefix()` and `Language::isIncludeDefaultLanguage()` methods when not using multi-language
+    * Reverted `Language::getDefault()` and `Language::getLanguage()` to return false again because of plugin compatibility (updated docblocks)
+    * Fixed UTF-8 issue in `Excerpts::getExcerptsFromHtml`
+    * Fixed some compatibility issues with recent Changes to `Assets` handling
+    * Fixed issue with `CSS_IMPORTS_REGEX` breaking with complex URLs [#2958](https://github.com/getgrav/grav/issues/2958)
+    * Moved duplicated `CSS_IMPORT_REGEX` to local variable in `AssetUtilsTrait::moveImports()`
+    * Fixed page media only accepting images [#2943](https://github.com/getgrav/grav/issues/2943)
+
+# v1.7.0-rc.13
+## 07/01/2020
+
+1. [](#new)
+    * Added support for uploading and deleting images directly in `Media`
+    * Added new `onAfterCacheClear` event
+1. [](#improved)
+    * Improved `CvsFormatter` to attempt to encode non-scalar variables into JSON before giving up
+    * Moved image loading into its own trait to be used by images+static images
+    * Adjusted asset types to enable extension of assets in class [#2937](https://github.com/getgrav/grav/pull/2937)
+    * Composer update for vendor library updates
+    * Updated bundled `composer.phar` to `2.0.0-dev`
+1. [](#bugfix)
+    * Fixed `MediaUploadTrait::copyUploadedFile()` not adding uploaded media to the collection
+    * Fixed regression in saving media to a new Flex Object [admin#1867](https://github.com/getgrav/grav-plugin-admin/issues/1867)
+    * Fixed `Trying to get property 'username' of non-object` error in Flex [flex-objects#62](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/62)
+    * Fixed retina images not working in Flex [flex-objects#64](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/64)
+    * Fixed plugin initialization in CLI
+    * Fixed broken logic in `Page::topParent()` when dealing with first-level pages
+    * Fixed broken `Flex Page` authorization for groups
+    * Fixed missing `onAdminSave` and `onAdminAfterSave` events when using `Flex Pages` and `Flex Users` [flex-objects#58](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/58)
+    * Fixed new `User Group` allowing bad group name to be saved [admin#1917](https://github.com/getgrav/grav-plugin-admin/issues/1917)
+    * Fixed `Language::getDefault()` returning false and not 'en'
+    * Fixed non-text links in `Excerpts::getExcerptFromHtml`
+    * Fixed CLI commands not properly intializing Plugins so events can fire
+
+# v1.7.0-rc.12
+## 06/08/2020
+
+1. [](#improved)
+    * Changed `Folder::hasChildren` to `Folder::countChildren`
+    * Added `Content Editor` option to user account blueprint
+1. [](#bugfix)
+    * Fixed new `Flex Page` not having correct form fields for the page type
+    * Fixed new `Flex User` erroring out on save (thanks @mikebi42)
+    * Fixed `Flex Object` request cache clear when saving object
+    * Fixed blueprint value filtering in lists [#2923](https://github.com/getgrav/grav/issues/2923)
+    * Fixed blueprint for `system.pages.hide_empty_folders` [#1925](https://github.com/getgrav/grav/issues/2925)
+    * Fixed file field in `Flex Objects` (use `Grav\Common\Flex\Types\GenericObject` instead of `FlexObject`) [flex-objects#37](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/37)
+    * Fixed saving nested file fields in `Flex Objects` [flex-objects#34](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/34)
+    * JSON Route of homepage with no ‘route’ set is valid [form#425](https://github.com/getgrav/grav-plugin-form/issues/425)
+
+# v1.7.0-rc.11
+## 05/14/2020
+
+1. [](#new)
+    * Added support for native `loading=lazy` attributes on images.  Can be set in `system.images.defaults` or per md image with `?loading=lazy` [#2910](https://github.com/getgrav/grav/issues/2910)
+1. [](#improved)
+    * Added `PageCollection::all()` to mimic Pages class
+    * Added system configuration support for `HTTP_X_Forwarded` headers (host disabled by default)
+    * Updated `PHPUserAgentParser` to 1.0.0
+    * Improved docblocks
+    * Fixed some phpstan issues
+    * Tighten vendor requirements
+1. [](#bugfix)
+    * Fix for uppercase image extensions
+    * Fix for `&` errors in HTML when passed to `Excerpts.php`
+
+# v1.7.0-rc.10
+## 04/30/2020
+
+1. [](#new)
+    * Changed `Response::get()` used by **GPM/Admin** to use [Symfony HttpClient v4.4](https://symfony.com/doc/current/components/http_client.html) (`composer install --nodev` required for Git installations)
+    * Added new `Excerpts::processLinkHtml()` method
+1. [](#bugfix)
+    * Fixed `Flex Pages` admin with PHP `intl` extension enabled when using custom page order
+    * Fixed saving non-numeric-prefix `Flex Page` changing to numeric-prefix [flex-objects#56](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/56)
+    * Copying `Flex Page` in admin does nothing [flex-objects#55](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/55)
+    * Force GPM progress to be between 0-100%
+
 # v1.7.0-rc.9
 ## 04/27/2020
 
@@ -338,6 +1169,90 @@
     * Optimization: Initialize debugbar only after the configuration has been loaded
     * Optimization: Combine some early Grav processors into a single one
 
+# v1.6.31
+## 12/14/2020
+
+1. [](#improved)
+    * Allow all CSS and JS via `robots.txt` [#2006](https://github.com/getgrav/grav/issues/2006) [#3067](https://github.com/getgrav/grav/issues/3067)
+1. [](#bugfix)
+    * Fixed `pages` field escaping issues, needs admin update, too [admin#1990](https://github.com/getgrav/grav-plugin-admin/issues/1990)
+    * Fix `svg-image` issue with classes applied to all elements [#3068](https://github.com/getgrav/grav/issues/3068)
+
+# v1.6.30
+## 12/03/2020
+
+1. [](#bugfix)
+    * Rollback `samesite` cookie logic as it causes issues with PHP < 7.3 [#309](https://github.com/getgrav/grav/issues/3089)
+    * Fixed issue with `.travis.yml` due to GitHub API deprecated functionality
+
+# v1.6.29
+## 12/02/2020
+
+1. [](#new)
+    * Added basic support for `user/config/versions.yaml`
+1. [](#improved)
+    * Updated bundled JQuery to latest version `3.5.1`
+    * Forward a `sid` to GPM when downloading a premium package via CLI
+    * Better handling of missing repository index [grav-plugin-admin#1916](https://github.com/getgrav/grav-plugin-admin/issues/1916)
+    * Set `grav_cli` as referrer when using `Response` from CLI
+    * Add option for timeout in `self-upgrade` command [#3013](https://github.com/getgrav/grav/pull/3013)
+    * Allow to set SameSite from system.yaml [#3063](https://github.com/getgrav/grav/pull/3063)
+    * Update media.yaml with some MS Office mimetypes [#3070](https://github.com/getgrav/grav/pull/3070)
+1. [](#bugfix)
+    * Fixed hardcoded system folder in blueprints, config and language streams
+    * Added `.htaccess` rule to block attempts to use Twig in the request URL
+    * Fix compatibility with Symfony 4.2 and up. [#3048](https://github.com/getgrav/grav/pull/3048)
+    * Fix failing example custom shceduled job. [#3050](https://github.com/getgrav/grav/pull/3050)
+    * Fix for XSS advisory [GHSA-cvmr-6428-87w9](https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9)
+    * Fix uploads_dangerous_extensions checking [#3060](https://github.com/getgrav/grav/pull/3060)
+    * Remove redundant prefixing of `.` to extension [#3060](https://github.com/getgrav/grav/pull/3060)
+    * Check exact extension in checkFilename utility [#3061](https://github.com/getgrav/grav/pull/3061)
+
+# v1.6.28
+## 10/07/2020
+
+1. [](#new)
+    * Back-ported twig `{% cache %}` tag from Grav 1.7
+    * Back-ported `Utils::fullPath()` helper function from Grav 1.7
+    * Back-ported `{{ svg_image() }}` Twig function from Grav 1.7
+    * Back-ported `Folder::countChildren()` function from Grav 1.7
+1. [](#improved)
+    * Use new `{{ theme_var() }}` enhanced logic from Grav 1.7
+    * Improved `Excerpts` class with fixes and functionality from Grav 1.7
+    * Ensure `onBlueprintCreated()` is initialized first
+    * Do not cache default `404` error page
+    * Composer update of vendor libraries
+    * Switched `Caddyfile` to use new Caddy2 syntax + improved usability
+1. [](#bugfix)
+    * Fixed Referer reference during GPM calls.
+    * Fixed fatal error with toggled lists
+
+# v1.6.27
+## 09/01/2020
+
+1. [](#improved)
+    * Right trim route for safety
+    * Use the proper ellipsis for summary [#2939](https://github.com/getgrav/grav/pull/2939)
+    * Left pad schedule times with zeros [#2921](https://github.com/getgrav/grav/pull/2921)
+
+# v1.6.26
+## 06/08/2020
+
+1. [](#improved)
+    * Added new configuration option to control the supported attributes in markdown links [#2882](https://github.com/getgrav/grav/issues/2882)
+1. [](#bugfix)
+    * Fixed blueprint for `system.pages.hide_empty_folders` [#1925](https://github.com/getgrav/grav/issues/2925)
+    * JSON Route of homepage with no ‘route’ set is valid
+    * Fix case-insensitive search of location header [form#425](https://github.com/getgrav/grav-plugin-form/issues/425)
+
+# v1.6.25
+## 05/14/2020
+
+1. [](#improved)
+    * Added system configuration support for `HTTP_X_Forwarded` headers (host disabled by default)
+    * Updated `PHPUserAgentParser` to 1.0.0
+    * Bump `Go` to version 1.13 in `travis.yaml`
+
 # v1.6.24
 ## 04/27/2020
 

CODE_OF_CONDUCT.md

@@ -1,46 +1,133 @@
+
 # Contributor Covenant Code of Conduct
 
 ## Our Pledge
 
-In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
 
 ## Our Standards
 
-Examples of behavior that contributes to creating a positive environment include:
+Examples of behavior that contributes to a positive environment for our
+community include:
 
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
 
-Examples of unacceptable behavior by participants include:
+Examples of unacceptable behavior include:
 
-* The use of sexualized language or imagery and unwelcome sexual attention or advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
 * Public or private harassment
-* Publishing others' private information, such as a physical or electronic address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a professional setting
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
 
-## Our Responsibilities
+## Enforcement Responsibilities
 
-Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
 
-Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
 
 ## Scope
 
-This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
 
 ## Enforcement
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at contact@getgrav.org. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+All complaints will be reviewed and investigated promptly and fairly.
 
-Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
 
 ## Attribution
 
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0].
 
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available
+at [https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2018 Grav
+Copyright (c) 2021 Grav
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,29 +1,32 @@
 # ![](https://avatars1.githubusercontent.com/u/8237355?v=2&s=50) Grav
 
 [![PHPStan](https://img.shields.io/badge/PHPStan-enabled-brightgreen.svg?style=flat)](https://github.com/phpstan/phpstan)
-[![SensioLabsInsight](https://insight.sensiolabs.com/projects/cfd20465-d0f8-4a0a-8444-467f5b5f16ad/mini.png)](https://insight.sensiolabs.com/projects/cfd20465-d0f8-4a0a-8444-467f5b5f16ad)
 [![Discord](https://img.shields.io/discord/501836936584101899.svg?logo=discord&colorB=728ADA&label=Discord%20Chat)](https://chat.getgrav.org)
- [![Build Status](https://travis-ci.org/getgrav/grav.svg?branch=develop)](https://travis-ci.org/getgrav/grav) [![OpenCollective](https://opencollective.com/grav/backers/badge.svg)](#backers) [![OpenCollective](https://opencollective.com/grav/sponsors/badge.svg)](#sponsors)
+ [![PHP Tests](https://github.com/getgrav/grav/workflows/PHP%20Tests/badge.svg?branch=develop)](https://github.com/getgrav/grav/actions?query=workflow%3A%22PHP+Tests%22) [![OpenCollective](https://opencollective.com/grav/tiers/backers/badge.svg?label=Backers&color=brightgreen)](#backers) [![OpenCollective](https://opencollective.com/grav/tiers/supporters/badge.svg?label=Supporters&color=brightgreen)](#supporters) [![OpenCollective](https://opencollective.com/grav/tiers/sponsors/badge.svg?label=Sponsors&color=brightgreen)](#sponsors)
 
 Grav is a **Fast**, **Simple**, and **Flexible**, file-based Web-platform.  There is **Zero** installation required.  Just extract the ZIP archive, and you are already up and running.  It follows similar principles to other flat-file CMS platforms, but has a different design philosophy than most. Grav comes with a powerful **Package Management System** to allow for simple installation and upgrading of plugins and themes, as well as simple updating of Grav itself.
 
 The underlying architecture of Grav is designed to use well-established and _best-in-class_ technologies to ensure that Grav is simple to use and easy to extend. Some of these key technologies include:
 
-* [Twig Templating](https://twig.sensiolabs.org/): for powerful control of the user interface
+* [Twig Templating](https://twig.symfony.com/): for powerful control of the user interface
 * [Markdown](https://en.wikipedia.org/wiki/Markdown): for easy content creation
 * [YAML](https://yaml.org): for simple configuration
 * [Parsedown](https://parsedown.org/): for fast Markdown and Markdown Extra support
 * [Doctrine Cache](https://www.doctrine-project.org/projects/doctrine-orm/en/latest/reference/caching.html): layer for performance
-* [Pimple Dependency Injection Container](https://pimple.sensiolabs.org/): for extensibility and maintainability
+* [Pimple Dependency Injection Container](https://github.com/silexphp/Pimple): for extensibility and maintainability
 * [Symfony Event Dispatcher](https://symfony.com/doc/current/components/event_dispatcher/introduction.html): for plugin event handling
 * [Symfony Console](https://symfony.com/doc/current/components/console/introduction.html): for CLI interface
 * [Gregwar Image Library](https://github.com/Gregwar/Image): for dynamic image manipulation
 
 # Requirements
 
-- PHP 7.1.3 or higher. Check the [required modules list](https://learn.getgrav.org/basics/requirements#php-requirements)
+- PHP 7.3.6 or higher. Check the [required modules list](https://learn.getgrav.org/basics/requirements#php-requirements)
 - Check the [Apache](https://learn.getgrav.org/basics/requirements#apache-requirements) or [IIS](https://learn.getgrav.org/basics/requirements#iis-requirements) requirements
 
+# Documentation
+
+The full documentation can be found from [learn.getgrav.org](https://learn.getgrav.org).
+
 # QuickStart
 
 These are the options to get Grav:
@@ -84,6 +87,11 @@ To update plugins and themes:
 $ bin/gpm update
 ```
 
+## Upgrading from older version
+
+* [Upgrading to Grav 1.7](https://learn.getgrav.org/16/advanced/grav-development/grav-17-upgrade-guide)
+* [Upgrading to Grav 1.6](https://learn.getgrav.org/16/advanced/grav-development/grav-16-upgrade-guide)
+* [Upgrading from Grav <1.6](https://learn.getgrav.org/16/advanced/grav-development/grav-15-upgrade-guide)
 
 # Contributing
 We appreciate any contribution to Grav, whether it is related to bugs, grammar, or simply a suggestion or improvement! Please refer to the [Contributing guide](CONTRIBUTING.md) for more guidance on this topic.
@@ -109,12 +117,19 @@ If you discover a possible security issue related to Grav or one of its plugins,
 * More [Awesome Grav Stuff](https://github.com/getgrav/awesome-grav)
 
 # Backers
-Support Grav with a monthly donation to help us continue development. [[Become a backer](https://opencollective.com/grav#backer)]
+Support Grav with a monthly donation to help us continue development. [[Become a backer](https://opencollective.com/grav/contribute)]
 
 <img src="https://opencollective.com/grav/tiers/backers.svg?avatarHeight=36&width=600" />
 
+
+# Supporters
+Support Grav with a monthly donation to help us continue development. [[Become a supporter](https://opencollective.com/grav/contribute)]
+
+<img src="https://opencollective.com/grav/tiers/supporters.svg?avatarHeight=36&width=600" />
+
+
 # Sponsors
-Become a sponsor and get your logo on our README on Github with a link to your site. [[Become a sponsor](https://opencollective.com/grav#sponsor)]
+Support Grav with a yearly donation to help us continue development. [[Become a sponsor](https://opencollective.com/grav/contribute)]
 
 <img src="https://opencollective.com/grav/tiers/sponsors.svg?avatarHeight=36&width=600" />
 
@@ -128,7 +143,14 @@ See [LICENSE](LICENSE.txt)
 
 # Running Tests
 
-First install the dev dependencies by running `composer update` from the Grav root.
+First install the dev dependencies by running `composer install` from the Grav root.
+
 Then `composer test` will run the Unit Tests, which should be always executed successfully on any site.
 Windows users should use the `composer test-windows` command.
 You can also run a single unit test file, e.g. `composer test tests/unit/Grav/Common/AssetsTest.php`
+
+To run phpstan tests, you should run:
+
+* `composer phpstan` for global tests
+* `composer phpstan-framework` for more strict tests
+* `composer phpstan-plugins` to test all installed plugins

SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+We are focusing our security updates on the following versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.7.x   | :white_check_mark: |
+| 1.6.x   | :warning:          |
+| < 1.6   | :x:                |
+
+## :warning: Versions
+
+Versions with :warning: will be supported for security issues, however you won't be able to update to them, you will need to manually update through the [`direct-install` command](https://learn.getgrav.org/17/admin-panel/tools).
+
+If you cannot update to the latest stable version available because, for example, your server does not meet the minimum PHP requirements, you can manually install a previous version by downloading the package from our Releases directory (https://github.com/getgrav/grav/releases).
+
+## Reporting a Vulnerability
+
+Please contact security@getgrav.org with a detailed explaination of the security issue found and we will work with you to get it resolved as fast as possible.

UPGRADE-1.7.md

@@ -1,308 +0,0 @@
-# UPGRADE FROM 1.6 TO 1.7
-
-## ADMINISTRATORS
-
-### YAML files
-
-* Please run `bin/grav yamllinter` to find any YAML parsing errors in your site. You should run this command before and after upgrade. Grav falls back to older YAML parser if it detects an error, but it will slow down your site.
-
-## Forms
-
-* **BC BREAK** Fixed `validation: strict`. Please search through all your forms if you were using this feature. If you were, either remove the line or test if the form still works.
-* Added configuration option `system.strict_mode.blueprint_compat` to maintain old `validation: strict` behavior
-  * If you disable compatibiity, form validation will be much more strict (recommended, but may break existing forms)
-
-### Pages
-
-* **BC BREAK** Fixed 404 error page when you go to non-routable page with routable child pages under it. Now you get redirected to the first routable child page instead. This is probably what you wanted in the first place. If you do not want this new behavior, you need to **TODO**
-
-### Multi-language
-
-* Improved language support
-* **BC BREAK** Please check that your fallback languages are correct. Old implementation had a fallback to any other language, now only default language is being used unless you use `system.languages.content_fallback` configuration option to override the default behavior.
-
-### Admin
-
-* If you upgrade from older 1.7 RC, you need to go to Flex Objects plugin settings and turn on `Pages`, `User Accounts` and `User Groups` directories (upgrading 1.6 automatically turns them on)
-* Disabling `User Accounts` and `User Groups` directories in Flex Objects plugin should be kept enabled; fine tuned **ACL** may not work without
-
-### Sessions
-
-* Session ID now changes on login to prevent session fixation issues
-
-### CLI
-
-* Added new `bin/grav server` CLI command to easily run Symfony or PHP built-in web servers
-* Added new `bin/grav page-system-validator [-r|--record] [-c|--check]` CLI command to test Flex Pages
-* Improved `Scheduler` cron command check and more useful CLI information
-* Added new `-r <job-id>` option for Scheduler CLI command to force-run a job
-* Improved `bin/grav yamllinter` CLI command by adding an option to find YAML Linting issues from the whole site or custom folder
-
-### Configuration
-
-* Added new configuration option `system.debugger.provider` to choose between debugbar and clockwork
-* Added new configuration option `system.debugger.censored` to hide potentially sensitive information
-* Added new configuration option `system.pages.type` to enable Flex Pages
-* Added new configuration option `system.languages.include_default_lang_file_extension` to keep default language in `.md` files if set to `false`
-* Added new configuration option `system.languages.content_fallback` to set fallback content languages individually for every language
-* Added new configuration option `security.sanitize_svg` to remove potentially dangerous code from SVG files
-
-### Debugging
-
-* Added support for [Clockwork](https://underground.works/clockwork) developer tools (now default debugger)
-* Added support for [Tideways XHProf](https://github.com/tideways/php-xhprof-extension) PHP Extension for profiling method calls
-* Added Twig profiling for Clockwork debugger
-
-## DEVELOPERS
-
-### Use composer autoloader
-
-* Please add `composer.json` file to your plugin and run `composer update --no-dev` (and remember to keep it updated):
-
-    composer.json
-    ```json
-    {
-        "name": "getgrav/grav-plugin-example",
-        "type": "grav-plugin",
-        "description": "Example plugin for Grav CMS",
-        "keywords": ["example", "plugin"],
-        "homepage": "https://github.com/getgrav/grav-plugin-example",
-        "license": "MIT",
-        "authors": [
-            {
-                "name": "...",
-                "email": "...",
-                "homepage": "...",
-                "role": "Developer"
-            }
-        ],
-        "support": {
-            "issues": "https://github.com/getgrav/grav-plugin-example/issues",
-            "docs": "https://github.com/getgrav/grav-plugin-example/blob/master/README.md"
-        },
-        "require": {
-            "php": ">=7.1.3"
-        },
-        "autoload": {
-            "psr-4": {
-                "Grav\\Plugin\\Example\\": "classes/",
-                "Grav\\Plugin\\Console\\": "cli/"
-            },
-            "classmap":  [
-                "example.php"
-            ]
-        },
-        "config": {
-            "platform": {
-                "php": "7.1.3"
-            }
-        }
-    }
-    ```
-
-  See [Composer schema](https://getcomposer.org/doc/04-schema.md)
-
-* Please use autoloader instead of `require` in the code:
-
-    example.php
-    ```php
-      /**
-       * @return array
-       */
-      public static function getSubscribedEvents(): array
-      {
-          return [
-              'onPluginsInitialized' => [
-                  // This is only required in Grav 1.6. Grav 1.7 automatically calls $plugin->autolaod() method.
-                  ['autoload', 100000],
-              ]
-          ];
-      }
-
-      /**
-       * Composer autoload.
-       *
-       * @return \Composer\Autoload\ClassLoader
-       */
-      public function autoload(): \Composer\Autoload\ClassLoader
-      {
-          return require __DIR__ . '/vendor/autoload.php';
-      }
-    ```
-
-* Plugins & Themes: Call `$plugin->autoload()` and `$theme->autoload()` automatically when object gets initialized
-* Make sure your code does not use `require` or `include` for loading classes
-
-### Plugin/Theme Blueprints (`blueprints.yaml`)
-
-* Please add:
-    ```yaml
-    slug: folder-name
-    type: plugin|theme
-    ```
-* Make sure you update your dependencies. I recommend setting Grav to either 1.6 or 1.7 and update your code/vendor to PHP 7.1
-    ```yaml
-    dependencies:
-        - { name: grav, version: '>=1.6.0' }
-    ```
-
-### ACL
-
-* `user.authorize()` now requires user to be authorized (passed 2FA check), unless the rule contains `login` in its name.
-* Added support for more advanced ACL (CRUD)
-
-* **BC BREAK** `user.authorize()` and Flex `object.isAuthorized()` now have two deny states: `false` and `null`.
-
-    Make sure you do not have strict checks against false: `$user->authorize($action) === false` (PHP)  or `user.authorize(action) is same as(false)` (Twig).
-
-    For the negative checks you should be using `!user->authorize($action)` (PHP) or `not user.authorize(action)` (Twig).
-
-    The change has been done to allow strong deny rules by chaining the actions if previous ones do not match: `user.authorize(action1) ?? user.authorize(action2) ?? user.authorize(action3)`.
-
-    Note that Twig function `authorize()` will still **keeps** the old behavior!
-
-### Pages
-
-* Added experimental support for `Flex Pages`
-* Added page specific permissions support for `Flex Pages`
-* Added root page support for `Flex Pages`
-* Fixed wrong `Pages::dispatch()` calls (with redirect) when we really meant to call `Pages::find()`
-* Added `Pages::getCollection()` method
-* Moved `collection()` and `evaluate()` logic from `Page` class into `Pages` class
-* **DEPRECATED** `$page->modular()` in favor of `$page->isModule()`
-* **BC BREAK** Fixed `Page::modular()` and `Page::modularTwig()` returning `null` for folders and other non-initialized pages. Should not affect your code unless you were checking against `false` or `null`.
-* **BC BREAK** Always use `\Grav\Common\Page\Interfaces\PageInterface` instead of `\Grav\Common\Page\Page` in method signatures
-* Admin now uses `Flex Pages` by default, collection will behave in slightly different way
-
-### Markdown
-
-* **BC BREAK** Upgraded Parsedown to 1.7 for Parsedown-Extra 0.8. Plugins that extend Parsedown may need a fix to render as HTML
-
-### Users
-
-* Improved `Flex Users`: obey blueprints and allow Flex to be used in admin only
-* Improved `Flex Users`: user and group ACL now supports deny permissions
-* Changed `UserInterface::authorize()` to return `null` having the same meaning as `false` if access is denied because of no matching rule
-* **DEPRECATED** `\Grav\Common\User\Group` in favor of `$grav['user_groups']`, which contains Flex UserGroup collection
-* **BC BREAK** Always use `\Grav\Common\User\Interfaces\UserInterface` instead of `\Grav\Common\User\User` in method signatures
-
-### Flex
-
-* Added `$grav['flex']` to access all registered Flex Directories
-  * Added `FlexRegisterEvent` which triggers when `$grav['flex']` is being accessed the first time
-* Added `hasFlexFeature()` method to test if `FlexObject` or `FlexCollection` implements a given feature
-* Added `getFlexFeatures()` method to return all features that `FlexObject` or `FlexCollection` implements
-* Added `FlexStorage::getMetaData()` to get updated object meta information for listed keys
-* `FlexDirectory::getObject()` can now be called without any parameters to create a new object
-* **DEPRECATED** `FlexDirectory::update()` and `FlexDirectory::remove()`
-* **BC BREAK** Moved all Flex type classes under `Grav\Common\Flex`
-* **BC BREAK** `FlexStorageInterface::getStoragePath()` and `getMediaPath()` can now return null
-* **BC BREAK** Flex objects no longer return temporary key if they do not have one; empty key is returned instead
-
-### Templating
-
-* Added support for Twig 2.12 (still using Twig 1.42)
-* Added a new `{% cache %}` Twig tag eliminating need for `twigcache` extension.
-* Added `array_diff()` twig function
-* Added `template_from_string()` twig function
-* Improved `url()` twig function to take third parameter (`true`) to return URL on non-existing file instead of returning false
-* Improved `|array` twig filter to work with iterators and objects with `toArray()` method
-* Improved `authorize()` twig function to work better with nested rule parameters
-* Improved `|yaml_serialize` twig filter: added support for `JsonSerializable` objects and other array-like objects
-
-### Multi-language
-
-* Improved language support for `Route` class
-* Translations: rename MODULAR to MODULE everywhere
-* Added `Language::getPageExtensions()` to get full list of supported page language extensions
-* **BC BREAK** Fixed `Language::getFallbackPageExtensions()` to fall back only to default language instead of going through all languages
-
-### Blueprints
-
-* Added `flatten_array` filter to form field validation
-* Added support for `security@: or: [admin.super, admin.pages]` in blueprints (nested AND/OR mode support)
-* Blueprint validation: Added `validate: value_type: bool|int|float|string|trim` to `array` to filter all the values inside the array
-* If your plugins has blueprints folder, initializing it in the event will be too late. Do this instead:
-
-    ```php
-    class MyPlugin extends Plugin
-    {
-        /** @var array */
-        public $features = [
-            'blueprints' => 0, // Use priority 0
-        ];
-    }
-    ```
-
-### Events
-
-* Use `Symfony EventDispatcher` directly instead of `rockettheme/toolbox` wrapper.
-* Added `$grav->dispatchEvent()` method for PSR-14 events
-* Added `PluginsLoadedEvent` which triggers after plugins have been loaded but not yet initialized
-* Added `SessionStartEvent` which triggers when session is started
-* Added `FlexRegisterEvent` which triggers when `$grav['flex']` is being accessed the first time
-* Added `PermissionsRegisterEvent` which triggers when `$grav['permissions']` is being accessed the first time
-* Check `onAdminTwigTemplatePaths` event, it should NOT be:
-
-    ```php
-    public function onAdminTwigTemplatePaths($event)
-    {
-        // This code breaks all the other plugins in admin, including Flex Objects
-        $event['paths'] = [__DIR__ . '/admin/themes/grav/templates'];
-    }
-    ```
-    but:
-    ```php
-    public function onAdminTwigTemplatePaths($event)
-    {
-        // Add plugin template path for admin.
-        $paths = $event['paths'];
-        $paths[] = __DIR__ . '/admin/themes/grav/templates';
-        $event['paths'] = $paths;
-    }
-    ```
-
-### Misc
-
-* Added `Utils::isAssoc()` and `Utils::isNegative()` helper methods
-* Added `Utils::simpleTemplate()` method for very simple variable templating
-* Support customizable null character replacement in `CSVFormatter::decode()`
-* Added new `Security::sanitizeSVG()` function
-* Added `$grav->close()` method to properly terminate the request with a response
-* **BC BREAK** Make `Route` objects immutable. This means that you need to do: `{% set route = route.withExtension('.html') %}` (for all `withX` methods) to keep the updated version.
-
-### CLI
-
-* **BC BREAK** Many plugins initialize Grav in a wrong way, it is not safe to initialize plugins and theme by yourself
-    * Following calls require Grav 1.6.21 or later, so it is recommended to set Grav dependency to that version
-    * Inside `serve()` method:
-    * Call `$this->setLanguage($langCode);` before doing anything else if you want to set the language (or use default)
-    * Call one of following:
-        * `$this->initializeGrav();` Already called if you're in `bin/plugin`, otherwise you may need to call this one
-        * `$this->initializePlugins();` This initializes grav, plugins (up to `onPluginsInitialized`)
-        * `$this->initializeThemes();` This initializes grav, plugins and theme
-        * `$this->initializePages();` This initializes grav, plugins, theme and everything needed by pages
-* It is a good idea to prefix your CLI command classes with your plugin name, otherwise there may be naming conflicts (we already have some!)
-
-### Composer dependencies
-
-* Updated Symfony Components to 4.4, please update any deprecated features in your code
-* **BC BREAK** Please run `bin/grav yamllinter -f user://` to find any YAML parsing errors in your site (including your plugins and themes).
-
-## PLUGINS
-
-### Admin
-
-* **BC BREAK** Admin will not initialize frontend pages anymore, this has been done to greatly speed up Admin plugin.
-
-    Please call `$grav['admin']->enablePages()` or `{% do admin.enablePages() %}` if you need to access frontend pages. This call can be safely made multiple times.
-
-    If you're using `Flex Pages`, please use Flex Directory instead, it will make your code so much faster.
-
-* Admin now uses Flex for editing `Accounts` and `Pages`. If your plugin hooks into either of those, please make sure they still work.
-
-* Admin cache is enabled by default, make sure your plugin clears cache when needed. Please avoid clearing all cache!
-
-### Shortcode Core
-
-* **DEPRECATED** Every shortcode needs to have `init()` method, classes without it will stop working in the future.

assets/.gitkeep

@@ -0,0 +1 @@
+/* @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved. */

backup/.gitkeep

@@ -0,0 +1 @@
+/* @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved. */

bin/gpm

@@ -1,9 +1,14 @@
 #!/usr/bin/env php
 <?php
 
+/**
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
+ * @license    MIT License; see LICENSE file for details.
+ */
+
 use Grav\Common\Composer;
-use Symfony\Component\Console\Application;
 use Grav\Common\Grav;
+use Grav\Console\Application\GpmApplication;
 
 \define('GRAV_CLI', true);
 \define('GRAV_REQUEST_TIME', microtime(true));
@@ -20,18 +25,10 @@ if (!file_exists(__DIR__ . '/../vendor/autoload.php')){
 
 $autoload = require __DIR__ . '/../vendor/autoload.php';
 
-if (version_compare($ver = PHP_VERSION, $req = GRAV_PHP_MIN, '<')) {
-    exit(sprintf("You are running PHP %s, but Grav needs at least PHP %s to run.\n", $ver, $req));
-}
-
-if (!ini_get('date.timezone')) {
-    date_default_timezone_set('UTC');
-}
+// Set timezone to default, falls back to system if php.ini not set
+date_default_timezone_set(@date_default_timezone_get());
 
 // Set internal encoding.
-if (!\extension_loaded('mbstring')) {
-    die("'mbstring' extension is not loaded.  This is required for Grav to run correctly");
-}
 @ini_set('default_charset', 'UTF-8');
 mb_internal_encoding('UTF-8');
 
@@ -43,37 +40,7 @@ if (!function_exists('curl_version')) {
     exit('FATAL: GPM requires PHP Curl module to be installed');
 }
 
-$climate = new League\CLImate\CLImate;
-$climate->arguments->add([
-    'environment' => [
-        'prefix'        => 'e',
-        'longPrefix'    => 'env',
-        'description'   => 'Configuration Environment',
-        'defaultValue'  => 'localhost'
-    ]
-]);
-$climate->arguments->parse();
-
-// Set up environment based on params.
-$environment = $climate->arguments->get('environment');
-
 $grav = Grav::instance(array('loader' => $autoload));
-$grav->setup($environment);
-
-$grav['config']->init();
-$grav['uri']->init();
-$grav['accounts'];
-
-$app = new Application('Grav Package Manager', GRAV_VERSION);
-$app->addCommands(array(
-    new \Grav\Console\Gpm\IndexCommand(),
-    new \Grav\Console\Gpm\VersionCommand(),
-    new \Grav\Console\Gpm\InfoCommand(),
-    new \Grav\Console\Gpm\InstallCommand(),
-    new \Grav\Console\Gpm\UninstallCommand(),
-    new \Grav\Console\Gpm\UpdateCommand(),
-    new \Grav\Console\Gpm\SelfupgradeCommand(),
-    new \Grav\Console\Gpm\DirectInstallCommand(),
-));
 
+$app = new GpmApplication('Grav Package Manager', GRAV_VERSION);
 $app->run();

bin/grav

@@ -1,10 +1,14 @@
 #!/usr/bin/env php
 <?php
 
+/**
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
+ * @license    MIT License; see LICENSE file for details.
+ */
+
 use Grav\Common\Composer;
 use Grav\Common\Grav;
-use Grav\Console\Cli;
-use Symfony\Component\Console\Application;
+use Grav\Console\Application\GravApplication;
 
 \define('GRAV_CLI', true);
 \define('GRAV_REQUEST_TIME', microtime(true));
@@ -21,56 +25,18 @@ if (!file_exists(__DIR__ . '/../vendor/autoload.php')){
 
 $autoload = require __DIR__ . '/../vendor/autoload.php';
 
-if (version_compare($ver = PHP_VERSION, $req = GRAV_PHP_MIN, '<')) {
-    exit(sprintf("You are running PHP %s, but Grav needs at least PHP %s to run.\n", $ver, $req));
-}
-
-if (!ini_get('date.timezone')) {
-    date_default_timezone_set('UTC');
-}
+// Set timezone to default, falls back to system if php.ini not set
+date_default_timezone_set(@date_default_timezone_get());
 
 // Set internal encoding.
-if (!\extension_loaded('mbstring')) {
-    die("'mbstring' extension is not loaded.  This is required for Grav to run correctly");
-}
 @ini_set('default_charset', 'UTF-8');
 mb_internal_encoding('UTF-8');
 
-$climate = new League\CLImate\CLImate;
-$climate->arguments->add([
-    'environment' => [
-        'prefix'        => 'e',
-        'longPrefix'    => 'env',
-        'description'   => 'Configuration Environment',
-        'defaultValue'  => 'localhost'
-    ]
-]);
-$climate->arguments->parse();
-
-// Set up environment based on params.
-$environment = $climate->arguments->get('environment');
-
 $grav = Grav::instance(array('loader' => $autoload));
-$grav->setup($environment);
 
 if (!file_exists(GRAV_ROOT . '/index.php')) {
     exit('FATAL: Must be run from ROOT directory of Grav!');
 }
 
-$app = new Application('Grav CLI Application', GRAV_VERSION);
-$app->addCommands(array(
-    new Cli\InstallCommand(),
-    new Cli\ComposerCommand(),
-    new Cli\SandboxCommand(),
-    new Cli\CleanCommand(),
-    new Cli\ClearCacheCommand(),
-    new Cli\BackupCommand(),
-    new Cli\NewProjectCommand(),
-    new Cli\SchedulerCommand(),
-    new Cli\SecurityCommand(),
-    new Cli\LogViewerCommand(),
-    new Cli\YamlLinterCommand(),
-    new Cli\ServerCommand(),
-    new Cli\PageSystemValidatorCommand(),
-));
+$app = new GravApplication('Grav CLI Application', GRAV_VERSION);
 $app->run();

bin/plugin

@@ -1,13 +1,14 @@
 #!/usr/bin/env php
 <?php
 
+/**
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
+ * @license    MIT License; see LICENSE file for details.
+ */
+
 use Grav\Common\Composer;
-use Symfony\Component\Console\Application;
-use Symfony\Component\Console\Input\ArgvInput;
-use Symfony\Component\Console\Output\ConsoleOutput;
-use Symfony\Component\Console\Formatter\OutputFormatterStyle;
 use Grav\Common\Grav;
-use Grav\Common\Filesystem\Folder;
+use Grav\Console\Application\PluginApplication;
 
 \define('GRAV_CLI', true);
 \define('GRAV_REQUEST_TIME', microtime(true));
@@ -24,18 +25,10 @@ if (!file_exists(__DIR__ . '/../vendor/autoload.php')){
 
 $autoload = require __DIR__ . '/../vendor/autoload.php';
 
-if (version_compare($ver = PHP_VERSION, $req = GRAV_PHP_MIN, '<')) {
-    exit(sprintf("You are running PHP %s, but Grav needs at least PHP %s to run.\n", $ver, $req));
-}
-
-if (!ini_get('date.timezone')) {
-    date_default_timezone_set('UTC');
-}
+// Set timezone to default, falls back to system if php.ini not set
+date_default_timezone_set(@date_default_timezone_get());
 
 // Set internal encoding.
-if (!\extension_loaded('mbstring')) {
-    die("'mbstring' extension is not loaded.  This is required for Grav to run correctly");
-}
 @ini_set('default_charset', 'UTF-8');
 mb_internal_encoding('UTF-8');
 
@@ -43,112 +36,8 @@ if (!file_exists(GRAV_ROOT . '/index.php')) {
     exit('FATAL: Must be run from ROOT directory of Grav!');
 }
 
-$climate = new League\CLImate\CLImate;
-$climate->arguments->add([
-    'environment' => [
-        'prefix'        => 'e',
-        'longPrefix'    => 'env',
-        'description'   => 'Configuration Environment',
-        'defaultValue'  => 'localhost'
-    ]
-]);
-$climate->arguments->parse();
-
-$environment = $climate->arguments->get('environment');
-
 // Bootstrap Grav container.
 $grav = Grav::instance(array('loader' => $autoload));
-$grav->setup($environment);
-$grav->initializeCli();
 
-$app     = new Application('Grav Plugins Commands', GRAV_VERSION);
-$pattern = '([A-Z]\w+Command\.php)';
-
-// get arguments and  strip the application name
-if (null === $argv) {
-    $argv = $_SERVER['argv'];
-}
-
-$bin  = array_shift($argv);
-$name = array_shift($argv);
-$argv = array_merge([$bin], $argv);
-
-$input = new ArgvInput($argv);
-
-/** @var \Grav\Common\Data\Data $plugin */
-$plugin = $grav['plugins']->get($name);
-
-$output = new ConsoleOutput();
-$output->getFormatter()->setStyle('red', new OutputFormatterStyle('red', null, array('bold')));
-$output->getFormatter()->setStyle('white', new OutputFormatterStyle('white', null, array('bold')));
-
-if (!$name) {
-    $output->writeln('');
-    $output->writeln('<red>Usage:</red>');
-    $output->writeln("  {$bin} [slug] [command] [arguments]");
-    $output->writeln('');
-    $output->writeln('<red>Example:</red>');
-    $output->writeln("  {$bin} error log -l 1 --trace");
-    $list = Folder::all('plugins://', ['compare' => 'Pathname', 'pattern' => '/\/cli\/' . $pattern . '$/usm', 'levels' => 2]);
-
-    $total = 0;
-    if (count($list)) {
-        $available = [];
-        $output->writeln('');
-        $output->writeln('<red>Plugins with CLI available:</red>');
-        foreach ($list as $index => $entry) {
-            $split = explode('/', $entry);
-            $entry = array_shift($split);
-            $index = str_pad($index++ + 1, 2, '0', STR_PAD_LEFT);
-            $total = str_pad($total++ + 1, 2, '0', STR_PAD_LEFT);
-            if (\in_array($entry, $available, true)) {
-                $total--;
-                continue;
-            }
-
-            $available[] = $entry;
-            $commands_count = $index - $total + 1;
-            $output->writeln('  ' . $total . '. <red>' . str_pad($entry, 15) . "</red> <white>{$bin} {$entry} list</white>");
-        }
-    }
-
-    exit;
-}
-
-if (null === $plugin) {
-    $output->writeln('');
-    $output->writeln("<red>$name plugin not found</red>");
-    die;
-}
-
-if (!$plugin->enabled) {
-    $output->writeln('');
-    $output->writeln("<red>$name not enabled</red>");
-    die;
-}
-
-
-if ($plugin === null) {
-    $output->writeln("<red>Grav Plugin <white>'{$name}'</white> is not installed</red>");
-    exit;
-}
-
-$path = 'plugins://' . $name . '/cli';
-
-try {
-    $commands = Folder::all($path, ['compare' => 'Filename', 'pattern' => '/' . $pattern . '$/usm', 'levels' => 1]);
-} catch (\RuntimeException $e) {
-    $output->writeln("<red>No Console Commands for <white>'{$name}'</white> where found in <white>'{$path}'</white></red>");
-    exit;
-}
-
-foreach ($commands as $command_path) {
-    $full_path = $grav['locator']->findResource("plugins://{$name}/cli/{$command_path}");
-    require_once $full_path;
-
-    $command_class = 'Grav\Plugin\Console\\' . preg_replace('/.php$/', '', $command_path);
-    $command = new $command_class();
-    $app->add($command);
-}
-
-$app->run($input);
+$app = new PluginApplication('Grav Plugins Commands', GRAV_VERSION);
+$app->run();

cache/.gitkeep

@@ -0,0 +1 @@
+/* @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved. */

codeception.yml

@@ -1,4 +1,5 @@
 actor: Tester
+bootstrap: _bootstrap.php
 paths:
     tests: tests
     log: tests/_output
@@ -6,7 +7,6 @@ paths:
     support: tests/_support
     envs: tests/_envs
 settings:
-    bootstrap: _bootstrap.php
     colors: true
     memory_limit: 1024M
 extensions:

composer.json

@@ -12,89 +12,102 @@
     "homepage": "https://getgrav.org",
     "license": "MIT",
     "require": {
-        "php": ">=7.1.3",
+        "php": "^7.3.6 || ^8.0",
         "ext-json": "*",
-        "ext-mbstring": "*",
         "ext-openssl": "*",
         "ext-curl": "*",
         "ext-zip": "*",
         "ext-dom": "*",
-        "symfony/polyfill-iconv": "^1.9",
-        "symfony/polyfill-php72": "^1.9",
-        "symfony/polyfill-php73": "^1.9",
+        "ext-libxml": "*",
+        "symfony/polyfill-mbstring": "~1.23",
+        "symfony/polyfill-iconv": "^1.23",
+        "symfony/polyfill-php74": "^1.23",
+        "symfony/polyfill-php80": "^1.23",
+        "symfony/polyfill-php81": "^1.23",
         "psr/simple-cache": "^1.0",
         "psr/http-message": "^1.0",
         "psr/http-server-middleware": "^1.0",
-        "kodus/psr7-server": "*",
-        "nyholm/psr7": "^1.0",
-        "twig/twig": "~1.0",
+        "psr/container": "~1.1.0",
+        "nyholm/psr7-server": "^1.0",
+        "nyholm/psr7": "^1.3",
+        "twig/twig": "~v1.44",
         "erusev/parsedown": "^1.7",
         "erusev/parsedown-extra": "~0.8",
-        "symfony/contracts": "~1.0",
-        "symfony/yaml": "~4.4.0",
-        "symfony/console": "~4.4.0",
-        "symfony/event-dispatcher": "~4.4.0",
-        "symfony/var-dumper": "~4.4.0",
-        "symfony/process": "~4.4.0",
-        "doctrine/cache": "^1.8",
-        "doctrine/collections": "^1.5",
-        "guzzlehttp/psr7": "^1.4",
-        "filp/whoops": "~2.2",
+        "symfony/contracts": "~1.1",
+        "symfony/yaml": "~4.4",
+        "symfony/console": "~4.4",
+        "symfony/event-dispatcher": "~4.4",
+        "symfony/var-dumper": "~4.4",
+        "symfony/process": "~4.4",
+        "doctrine/cache": "^1.10",
+        "doctrine/collections": "^1.6",
+        "guzzlehttp/psr7": "^1.7",
+        "filp/whoops": "~2.9",
         "matthiasmullie/minify": "^1.3",
-        "monolog/monolog": "~1.0",
-        "gregwar/image": "~2.0",
-        "donatj/phpuseragentparser": "~0.10",
-        "pimple/pimple": "~3.2",
+        "monolog/monolog": "~1.25",
+        "getgrav/image": "^3.0",
+        "getgrav/cache": "^2.0",
+        "donatj/phpuseragentparser": "~1.1",
+        "pimple/pimple": "~3.5.0",
         "rockettheme/toolbox": "~1.5",
-        "maximebf/debugbar": "~1.0",
-        "league/climate": "^3.4",
-        "antoligy/dom-string-iterators": "^1.0",
-        "miljar/php-exif": "^0.6.4",
-        "composer/ca-bundle": "^1.0",
+        "maximebf/debugbar": "~1.16",
+        "league/climate": "^3.6",
+        "miljar/php-exif": "^0.6",
+        "composer/ca-bundle": "^1.2",
         "dragonmantank/cron-expression": "^1.2",
-        "phive/twig-extensions-deferred": "^1.0",
-        "willdurand/negotiation": "2.x-dev",
-        "itsgoingd/clockwork": "@beta",
-        "enshrined/svg-sanitize": "~0.1"
+        "willdurand/negotiation": "^3.0",
+        "itsgoingd/clockwork": "^5.0",
+        "symfony/http-client": "^4.4",
+        "composer/semver": "^1.4",
+        "rhukster/dom-sanitizer": "^1.0",
+        "multiavatar/multiavatar-php": "^1.0"
     },
     "require-dev": {
-        "codeception/codeception": "^2.4",
-        "phpstan/phpstan": "^0.11",
-        "phpstan/phpstan-deprecation-rules": "^0.11",
-        "phpunit/php-code-coverage": "~6.0",
-        "fzaninotto/faker": "^1.8",
-        "victorjonsson/markdowndocs": "dev-master"
+        "codeception/codeception": "^4.1",
+        "phpstan/phpstan": "^1.8",
+        "phpstan/phpstan-deprecation-rules": "^1.0",
+        "phpunit/php-code-coverage": "~9.2",
+        "getgrav/markdowndocs": "^2.0",
+        "codeception/module-asserts": "^1.3",
+        "codeception/module-phpbrowser": "^1.0",
+        "symfony/service-contracts": "*"
+    },
+    "replace": {
+        "symfony/polyfill-php72": "*",
+        "symfony/polyfill-php73": "*"
     },
     "suggest": {
+        "ext-mbstring": "Recommended for better performance",
+        "ext-iconv": "Recommended for better performance",
         "ext-zend-opcache": "Recommended for better performance",
         "ext-intl": "Recommended for multi-language sites",
         "ext-memcache": "Needed to support Memcache servers",
         "ext-memcached": "Needed to support Memcached servers",
-        "ext-redis": "Needed to support Redis servers"
+        "ext-redis": "Needed to support Redis servers",
+        "ext-exif": "Needed to use exif data from images."
     },
     "config": {
         "apcu-autoloader": true,
         "platform": {
-            "php": "7.1.3"
+            "php": "7.3.6"
         }
     },
-    "repositories": [{
-            "type": "vcs",
-            "url": "https://github.com/trilbymedia/PHP-Markdown-Documentation-Generator"
-        },
-        {
-            "type": "vcs",
-            "url": "https://github.com/itsgoingd/clockwork"
-        }
-    ],
     "autoload": {
         "psr-4": {
-            "Grav\\": "system/src/Grav"
+            "Grav\\": "system/src/Grav",
+            "Twig\\": "system/src/Twig"
         },
         "files": [
-            "system/defines.php"
+            "system/defines.php",
+            "system/src/DOMLettersIterator.php",
+            "system/src/DOMWordsIterator.php"
         ]
     },
+    "autoload-dev": {
+        "psr-4": {
+            "PHPStan\\": "tests/phpstan/classes"
+        }
+    },
     "archive": {
         "exclude": [
             "VERSION"
@@ -102,12 +115,10 @@
     },
     "scripts": {
         "api-17": "vendor/bin/phpdoc-md generate system/src > user/pages/14.api/default.17.md",
-        "api-16": "vendor/bin/phpdoc-md generate system/src > user/pages/14.api/default.16.md",
-        "api-15": "vendor/bin/phpdoc-md generate system/src > user/pages/14.api/default.md",
         "post-create-project-cmd": "bin/grav install",
-        "phpstan": "vendor/bin/phpstan analyse -l 3 -c ./tests/phpstan/phpstan.neon system/src --memory-limit=340M",
-        "phpstan-framework": "vendor/bin/phpstan analyse -l 7 -c ./tests/phpstan/phpstan.neon system/src/Grav/Framework --memory-limit=128M",
-        "phpstan-plugins": "vendor/bin/phpstan analyse -l 1 -c ./tests/phpstan/plugins.neon user/plugins --memory-limit=300M",
+        "phpstan": "vendor/bin/phpstan analyse -l 2 -c ./tests/phpstan/phpstan.neon --memory-limit=720M system/src",
+        "phpstan-framework": "vendor/bin/phpstan analyse -l 5 -c ./tests/phpstan/phpstan.neon --memory-limit=480M system/src/Grav/Framework system/src/Grav/Events system/src/Grav/Installer",
+        "phpstan-plugins": "vendor/bin/phpstan analyse -l 1 -c ./tests/phpstan/plugins.neon --memory-limit=400M user/plugins",
         "test": "vendor/bin/codecept run unit",
         "test-windows": "vendor\\bin\\codecept run unit"
     },

images/.gitkeep

@@ -0,0 +1 @@
+/* @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved. */

index.php

@@ -3,37 +3,23 @@
 /**
  * @package    Grav.Core
  *
- * @copyright  Copyright (C) 2015 - 2018 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
 namespace Grav;
 
 \define('GRAV_REQUEST_TIME', microtime(true));
-\define('GRAV_PHP_MIN', '7.1.3');
-
-if (version_compare($ver = PHP_VERSION, $req = GRAV_PHP_MIN, '<')) {
-    die(sprintf('You are running PHP %s, but Grav needs at least <strong>PHP %s</strong> to run.', $ver, $req));
-}
+\define('GRAV_PHP_MIN', '7.3.6');
 
 if (PHP_SAPI === 'cli-server') {
-    $symfony_server = stripos(getenv('_'), 'symfony') !== false || stripos($_SERVER['SERVER_SOFTWARE'], 'symfony
-') !== false;
+    $symfony_server = stripos(getenv('_'), 'symfony') !== false || stripos($_SERVER['SERVER_SOFTWARE'] ?? '', 'symfony') !== false || stripos($_ENV['SERVER_SOFTWARE'] ?? '', 'symfony') !== false;
+
     if (!isset($_SERVER['PHP_CLI_ROUTER']) && !$symfony_server) {
         die("PHP webserver requires a router to run Grav, please use: <pre>php -S {$_SERVER['SERVER_NAME']}:{$_SERVER['SERVER_PORT']} system/router.php</pre>");
     }
 }
 
-// Set timezone to default, falls back to system if php.ini not set
-date_default_timezone_set(@date_default_timezone_get());
-
-// Set internal encoding.
-if (!\extension_loaded('mbstring')) {
-    die("'mbstring' extension is not loaded.  This is required for Grav to run correctly");
-}
-@ini_set('default_charset', 'UTF-8');
-mb_internal_encoding('UTF-8');
-
 // Ensure vendor libraries exist
 $autoload = __DIR__ . '/vendor/autoload.php';
 if (!is_file($autoload)) {
@@ -43,23 +29,23 @@ if (!is_file($autoload)) {
 // Register the auto-loader.
 $loader = require $autoload;
 
+// Set timezone to default, falls back to system if php.ini not set
+date_default_timezone_set(@date_default_timezone_get());
+
+// Set internal encoding.
+@ini_set('default_charset', 'UTF-8');
+mb_internal_encoding('UTF-8');
+
 use Grav\Common\Grav;
 use RocketTheme\Toolbox\Event\Event;
 
 // Get the Grav instance
-$grav = Grav::instance(
-    array(
-        'loader' => $loader
-    )
-);
+$grav = Grav::instance(array('loader' => $loader));
 
 // Process the page
 try {
     $grav->process();
-} catch (\Error $e) {
-    $grav->fireEvent('onFatalException', new Event(array('exception' => $e)));
-    throw $e;
-} catch (\Exception $e) {
+} catch (\Error|\Exception $e) {
     $grav->fireEvent('onFatalException', new Event(array('exception' => $e)));
     throw $e;
 }

logs/.gitkeep

@@ -0,0 +1 @@
+/* @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved. */

now.json

@@ -1,4 +1,4 @@
-    {
+{
   "version": 2,
   "builds": [{ "src": "*.php", "use": "@now/php" }]
 }

robots.txt

@@ -11,3 +11,6 @@ Allow: /user/pages/
 Allow: /user/themes/
 Allow: /user/images/
 Allow: /
+Allow: *.css$
+Allow: *.js$
+Allow: /system/*.js$

system/blueprints/config/scheduler.yaml

@@ -39,14 +39,16 @@ form:
             .command:
               type: text
               label: PLUGIN_ADMIN.COMMAND
-              placeholder: 'cd ~;ls -lah;'
+              placeholder: 'ls'
               validate:
                   required: true
             .args:
               type: text
               label: PLUGIN_ADMIN.EXTRA_ARGUMENTS
+              placeholder: '-lah'
             .at:
-              type: cron
+              type: text
+              wrapper_classes: cron-selector
               label: PLUGIN_ADMIN.SCHEDULER_RUNAT
               help: PLUGIN_ADMIN.SCHEDULER_RUNAT_HELP
               placeholder: '* * * * *'

system/blueprints/config/system.yaml

@@ -177,39 +177,47 @@ form:
               label: PLUGIN_ADMIN.APPEND_URL_EXT
               help: PLUGIN_ADMIN.APPEND_URL_EXT_HELP
 
-            pages.redirect_default_route:
-              type: toggle
-              label: PLUGIN_ADMIN.REDIRECT_DEFAULT_ROUTE
-              help: PLUGIN_ADMIN.REDIRECT_DEFAULT_ROUTE_HELP
-              highlight: 0
-              options:
-                1: PLUGIN_ADMIN.YES
-                0: PLUGIN_ADMIN.NO
-              validate:
-                type: bool
-
             pages.redirect_default_code:
               type: select
               size: medium
               classes: fancy
               label: PLUGIN_ADMIN.REDIRECT_DEFAULT_CODE
               help: PLUGIN_ADMIN.REDIRECT_DEFAULT_CODE_HELP
+              default: 302
               options:
-                301: 301 - Permanent
-                302: 302 - Found
-                303: 303 - Other
-                304: 304 - Not Modified
+                301: PLUGIN_ADMIN.REDIRECT_OPTION_301
+                302: PLUGIN_ADMIN.REDIRECT_OPTION_302
+                303: PLUGIN_ADMIN.REDIRECT_OPTION_303
+
+            pages.redirect_default_route:
+              type: select
+              size: medium
+              classes: fancy
+              label: PLUGIN_ADMIN.REDIRECT_DEFAULT_ROUTE
+              help: PLUGIN_ADMIN.REDIRECT_DEFAULT_ROUTE_HELP
+              default: 0
+              options:
+                0: PLUGIN_ADMIN.REDIRECT_OPTION_NO_REDIRECT
+                1: PLUGIN_ADMIN.REDIRECT_OPTION_DEFAULT_REDIRECT
+                301: PLUGIN_ADMIN.REDIRECT_OPTION_301
+                302: PLUGIN_ADMIN.REDIRECT_OPTION_302
+              validate:
+                type: int
 
             pages.redirect_trailing_slash:
-              type: toggle
+              type: select
+              size: medium
+              classes: fancy
               label: PLUGIN_ADMIN.REDIRECT_TRAILING_SLASH
               help: PLUGIN_ADMIN.REDIRECT_TRAILING_SLASH_HELP
-              highlight: 1
+              default: 1
               options:
-                1: PLUGIN_ADMIN.YES
-                0: PLUGIN_ADMIN.NO
+                0: PLUGIN_ADMIN.REDIRECT_OPTION_NO_REDIRECT
+                1: PLUGIN_ADMIN.REDIRECT_OPTION_DEFAULT_REDIRECT
+                301: PLUGIN_ADMIN.REDIRECT_OPTION_301
+                302: PLUGIN_ADMIN.REDIRECT_OPTION_302
               validate:
-                type: bool
+                type: int
 
             pages.ignore_hidden:
               type: toggle
@@ -241,13 +249,15 @@ form:
                 type: commalist
 
             pages.hide_empty_folders:
-              type: selectize
-              size: large
+              type: toggle
               label: PLUGIN_ADMIN.HIDE_EMPTY_FOLDERS
               help: PLUGIN_ADMIN.HIDE_EMPTY_FOLDERS_HELP
-              classes: fancy
+              highlight: 0
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
               validate:
-                type: commalist
+                type: bool
 
             pages.url_taxonomy_filters:
               type: toggle
@@ -544,6 +554,15 @@ form:
                 0: PLUGIN_ADMIN.NO
               validate:
                 type: bool
+            pages.markdown.valid_link_attributes:
+              type: selectize
+              size: large
+              label: PLUGIN_ADMIN.VALID_LINK_ATTRIBUTES
+              help: PLUGIN_ADMIN.VALID_LINK_ATTRIBUTES_HELP
+              placeholder: "rel, target, id, class, classes"
+              classes: fancy
+              validate:
+                type: commalist
 
         caching:
           type: tab
@@ -627,7 +646,7 @@ form:
               type: toggle
               label: PLUGIN_ADMIN.CLEAR_IMAGES_BY_DEFAULT
               help: PLUGIN_ADMIN.CLEAR_IMAGES_BY_DEFAULT_HELP
-              highlight: 1
+              highlight: 0
               options:
                 1: PLUGIN_ADMIN.YES
                 0: PLUGIN_ADMIN.NO
@@ -730,6 +749,74 @@ form:
               size: small
               label: PLUGIN_ADMIN.REDIS_PASSWORD
 
+            cache.redis.database:
+              type: text
+              size: medium
+              label: PLUGIN_ADMIN.REDIS_DATABASE
+              help: PLUGIN_ADMIN.REDIS_DATABASE_HELP
+              placeholder: "0"
+              validate:
+                type: number
+                min: 0
+
+            flex_caching:
+              type: section
+              title: PLUGIN_ADMIN.FLEX_CACHING
+
+            flex.cache.index.enabled:
+              type: toggle
+              label: PLUGIN_ADMIN.FLEX_INDEX_CACHE_ENABLED
+              highlight: 1
+              default: 1
+              options:
+                1: PLUGIN_ADMIN.ENABLED
+                0: PLUGIN_ADMIN.DISABLED
+              validate:
+                type: bool
+
+            flex.cache.index.lifetime:
+              type: text
+              label: PLUGIN_ADMIN.FLEX_INDEX_CACHE_LIFETIME
+              default: 60
+              validate:
+                type: int
+
+            flex.cache.object.enabled:
+              type: toggle
+              label: PLUGIN_ADMIN.FLEX_OBJECT_CACHE_ENABLED
+              highlight: 1
+              default: 1
+              options:
+                1: PLUGIN_ADMIN.ENABLED
+                0: PLUGIN_ADMIN.DISABLED
+              validate:
+                type: bool
+
+            flex.cache.object.lifetime:
+              type: text
+              label: PLUGIN_ADMIN.FLEX_OBJECT_CACHE_LIFETIME
+              default: 600
+              validate:
+                type: int
+
+            flex.cache.render.enabled:
+              type: toggle
+              label: PLUGIN_ADMIN.FLEX_RENDER_CACHE_ENABLED
+              highlight: 1
+              default: 1
+              options:
+                1: PLUGIN_ADMIN.ENABLED
+                0: PLUGIN_ADMIN.DISABLED
+              validate:
+                type: bool
+
+            flex.cache.render.lifetime:
+              type: text
+              label: PLUGIN_ADMIN.FLEX_RENDER_CACHE_LIFETIME
+              default: 600
+              validate:
+                type: int
+
         twig:
           type: tab
           title: PLUGIN_ADMIN.TWIG_TEMPLATING
@@ -777,7 +864,8 @@ form:
               type: toggle
               label: PLUGIN_ADMIN.AUTOESCAPE_VARIABLES
               help: PLUGIN_ADMIN.AUTOESCAPE_VARIABLES_HELP
-              highlight: 0
+              highlight: 1
+              default: 1
               options:
                 1: PLUGIN_ADMIN.YES
                 0: PLUGIN_ADMIN.NO
@@ -800,9 +888,45 @@ form:
           title: PLUGIN_ADMIN.ASSETS
 
           fields:
-            assets_section:
+            general_config_section:
               type: section
-              title: PLUGIN_ADMIN.ASSETS
+              title: PLUGIN_ADMIN.GENERAL_CONFIG
+              underline: true
+
+            assets.enable_asset_timestamp:
+              type: toggle
+              label: PLUGIN_ADMIN.ENABLED_TIMESTAMPS_ON_ASSETS
+              help: PLUGIN_ADMIN.ENABLED_TIMESTAMPS_ON_ASSETS_HELP
+              highlight: 0
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+            assets.enable_asset_sri:
+              type: toggle
+              label: PLUGIN_ADMIN.ENABLED_SRI_ON_ASSETS
+              help: PLUGIN_ADMIN.ENABLED_SRI_ON_ASSETS_HELP
+              highlight: 0
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+            assets.collections:
+              type: multilevel
+              label: PLUGIN_ADMIN.COLLECTIONS
+              placeholder_key: collection_name
+              placeholder_value: collection_path
+              validate:
+                type: array
+
+
+            css_assets_section:
+              type: section
+              title: PLUGIN_ADMIN.CSS_ASSETS
               underline: true
 
             assets.css_pipeline:
@@ -871,6 +995,11 @@ form:
               validate:
                 type: bool
 
+            js_assets_section:
+              type: section
+              title: PLUGIN_ADMIN.JS_ASSETS
+              underline: true
+
             assets.js_pipeline:
               type: toggle
               label: PLUGIN_ADMIN.JAVASCRIPT_PIPELINE
@@ -915,10 +1044,15 @@ form:
               validate:
                 type: bool
 
-            assets.enable_asset_timestamp:
+            js_module_assets_section:
+              type: section
+              title: PLUGIN_ADMIN.JS_MODULE_ASSETS
+              underline: true
+
+            assets.js_module_pipeline:
               type: toggle
-              label: PLUGIN_ADMIN.ENABLED_TIMESTAMPS_ON_ASSETS
-              help: PLUGIN_ADMIN.ENABLED_TIMESTAMPS_ON_ASSETS_HELP
+              label: PLUGIN_ADMIN.JAVASCRIPT_MODULE_PIPELINE
+              help: PLUGIN_ADMIN.JAVASCRIPT_MODULE_PIPELINE_HELP
               highlight: 0
               options:
                 1: PLUGIN_ADMIN.YES
@@ -926,13 +1060,29 @@ form:
               validate:
                 type: bool
 
-            assets.collections:
-              type: multilevel
-              label: PLUGIN_ADMIN.COLLECTIONS
-              placeholder_key: collection_name
-              placeholder_value: collection_path
+            assets.js_module_pipeline_include_externals:
+              type: toggle
+              label: PLUGIN_ADMIN.JAVASCRIPT_MODULE_PIPELINE_INCLUDE_EXTERNALS
+              help: PLUGIN_ADMIN.JAVASCRIPT_MODULE_PIPELINE_INCLUDE_EXTERNALS_HELP
+              highlight: 1
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
               validate:
-                type: array
+                type: bool
+
+            assets.js_module_pipeline_before_excludes:
+              type: toggle
+              label: PLUGIN_ADMIN.JAVASCRIPT_MODULE_PIPELINE_BEFORE_EXCLUDES
+              help: PLUGIN_ADMIN.JAVASCRIPT_MODULE_PIPELINE_BEFORE_EXCLUDES_HELP
+              highlight: 1
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+
 
         errors:
           type: tab
@@ -1006,6 +1156,13 @@ form:
                 local6: local6
                 local7: local7
 
+            log.syslog.tag:
+              type: text
+              size: small
+              label: PLUGIN_ADMIN.SYSLOG_TAG
+              help: PLUGIN_ADMIN.SYSLOG_TAG_HELP
+              placeholder: "grav"
+
         debugger:
           type: tab
           title: PLUGIN_ADMIN.DEBUGGER
@@ -1114,13 +1271,24 @@ form:
               type: toggle
               label: PLUGIN_ADMIN.IMAGES_AUTO_FIX_ORIENTATION
               help: PLUGIN_ADMIN.IMAGES_AUTO_FIX_ORIENTATION_HELP
-              highlight: 0
+              highlight: 1
               options:
                 1: PLUGIN_ADMIN.YES
                 0: PLUGIN_ADMIN.NO
               validate:
                 type: bool
 
+            images.defaults.loading:
+              type: select
+              size: small
+              label: PLUGIN_ADMIN.IMAGES_LOADING
+              help: PLUGIN_ADMIN.IMAGES_LOADING_HELP
+              highlight: auto
+              options:
+                auto: Auto
+                lazy: Lazy
+                eager: Eager
+
             images.seofriendly:
               type: toggle
               label: PLUGIN_ADMIN.IMAGES_SEOFRIENDLY
@@ -1154,7 +1322,6 @@ form:
               validate:
                 type: bool
 
-
             media.allowed_fallback_types:
               type: selectize
               size: large
@@ -1173,6 +1340,45 @@ form:
               validate:
                 type: commalist
 
+            section_images_cls:
+              type: section
+              title: PLUGIN_ADMIN.IMAGES_CLS_TITLE
+              underline: true
+
+            images.cls.auto_sizes:
+              type: toggle
+              label: PLUGIN_ADMIN.IMAGES_CLS_AUTO_SIZES
+              help: PLUGIN_ADMIN.IMAGES_CLS_AUTO_SIZES_HELP
+              highlight: 0
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+            images.cls.aspect_ratio:
+              type: toggle
+              label: PLUGIN_ADMIN.IMAGES_CLS_ASPECT_RATIO
+              help: PLUGIN_ADMIN.IMAGES_CLS_ASPECT_RATIO_HELP
+              highlight: 0
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+            images.cls.retina_scale:
+              type: select
+              label: PLUGIN_ADMIN.IMAGES_CLS_RETINA_SCALE
+              help: PLUGIN_ADMIN.IMAGES_CLS_RETINA_SCALE_HELP
+              size: small
+              highlight: 1
+              options:
+                1: 1X
+                2: 2X
+                3: 3X
+                4: 4X
+
         session:
           type: tab
           title: PLUGIN_ADMIN.SESSION
@@ -1246,6 +1452,18 @@ form:
               validate:
                 type: bool
 
+            session.secure_https:
+              type: toggle
+              label: PLUGIN_ADMIN.SESSION_SECURE_HTTPS
+              help: PLUGIN_ADMIN.SESSION_SECURE_HTTPS_HELP
+              highlight: 1
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              default: true
+              validate:
+                type: bool
+
             session.httponly:
               type: toggle
               label: PLUGIN_ADMIN.SESSION_HTTPONLY
@@ -1258,12 +1476,24 @@ form:
               validate:
                 type: bool
 
+            session.domain:
+              type: text
+              size: small
+              label: PLUGIN_ADMIN.SESSION_DOMAIN
+              help: PLUGIN_ADMIN.SESSION_DOMAIN_HELP
+
             session.path:
               type: text
               size: small
               label: PLUGIN_ADMIN.SESSION_PATH
               help: PLUGIN_ADMIN.SESSION_PATH_HELP
 
+            session.samesite:
+              type: text
+              size: small
+              label: PLUGIN_ADMIN.SESSION_SAMESITE
+              help: PLUGIN_ADMIN.SESSION_SAMESITE_HELP
+
             session.split:
               type: toggle
               label: PLUGIN_ADMIN.SESSION_SPLIT
@@ -1286,6 +1516,10 @@ form:
               title: PLUGIN_ADMIN.ADVANCED
               underline: true
 
+            gpm_section:
+              type: section
+              title: PLUGIN_ADMIN.GPM_SECTION
+
             gpm.releases:
               type: toggle
               label: PLUGIN_ADMIN.GPM_RELEASES
@@ -1295,23 +1529,6 @@ form:
                 stable: PLUGIN_ADMIN.STABLE
                 testing: PLUGIN_ADMIN.TESTING
 
-            gpm.proxy_url:
-              type: text
-              size: medium
-              placeholder: "e.g. 127.0.0.1:3128"
-              label: PLUGIN_ADMIN.PROXY_URL
-              help: PLUGIN_ADMIN.PROXY_URL_HELP
-
-            gpm.method:
-              type: toggle
-              label: PLUGIN_ADMIN.GPM_METHOD
-              highlight: auto
-              help: PLUGIN_ADMIN.GPM_METHOD_HELP
-              options:
-                auto: PLUGIN_ADMIN.AUTO
-                fopen: PLUGIN_ADMIN.FOPEN
-                curl: PLUGIN_ADMIN.CURL
-
             gpm.official_gpm_only:
               type: toggle
               label: PLUGIN_ADMIN.GPM_OFFICIAL_ONLY
@@ -1324,17 +1541,80 @@ form:
               validate:
                 type: bool
 
-            gpm.verify_peer:
+            http_section:
+              type: section
+              title: PLUGIN_ADMIN.HTTP_SECTION
+
+            http.method:
               type: toggle
-              label: PLUGIN_ADMIN.GPM_VERIFY_PEER
+              label: PLUGIN_ADMIN.GPM_METHOD
+              highlight: auto
+              help: PLUGIN_ADMIN.GPM_METHOD_HELP
+              options:
+                auto: PLUGIN_ADMIN.AUTO
+                fopen: PLUGIN_ADMIN.FOPEN
+                curl: PLUGIN_ADMIN.CURL
+
+            http.enable_proxy:
+              type: toggle
+              label: PLUGIN_ADMIN.SSL_ENABLE_PROXY
               highlight: 1
-              help: PLUGIN_ADMIN.GPM_VERIFY_PEER_HELP
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              default: false
+              validate:
+                type: bool
+
+            http.proxy_url:
+              type: text
+              size: medium
+              placeholder: "e.g. 127.0.0.1:3128"
+              label: PLUGIN_ADMIN.PROXY_URL
+              help: PLUGIN_ADMIN.PROXY_URL_HELP
+
+            http.proxy_cert_path:
+              type: text
+              size: medium
+              placeholder: "e.g. /Users/bob/certs/"
+              label: PLUGIN_ADMIN.PROXY_CERT
+              help: PLUGIN_ADMIN.PROXY_CERT_HELP
+
+            http.verify_peer:
+              type: toggle
+              label: PLUGIN_ADMIN.SSL_VERIFY_PEER
+              highlight: 1
+              help: PLUGIN_ADMIN.SSL_VERIFY_PEER_HELP
               options:
                 1: PLUGIN_ADMIN.YES
                 0: PLUGIN_ADMIN.NO
               validate:
                 type: bool
 
+            http.verify_host:
+              type: toggle
+              label: PLUGIN_ADMIN.SSL_VERIFY_HOST
+              highlight: 1
+              help: PLUGIN_ADMIN.SSL_VERIFY_HOST_HELP
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+            http.concurrent_connections:
+              type: number
+              size: x-small
+              label: PLUGIN_ADMIN.HTTP_CONNECTIONS
+              help: PLUGIN_ADMIN.HTTP_CONNECTIONS_HELP
+              validate:
+                min: 1
+                max: 20
+
+            misc_section:
+              type: section
+              title: PLUGIN_ADMIN.MISC_SECTION
+
             reverse_proxy_setup:
               type: toggle
               label: PLUGIN_ADMIN.REVERSE_PROXY
@@ -1432,17 +1712,56 @@ form:
               label: PLUGIN_ADMIN.CUSTOM_BASE_URL
               help: PLUGIN_ADMIN.CUSTOM_BASE_URL_HELP
 
-            accounts.type:
-              type: hidden
+            http_x_forwarded.protocol:
+              type: toggle
+              label: HTTP_X_FORWARDED_PROTO Enabled
+              highlight: 1
+              default: 1
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+            http_x_forwarded.host:
+              type: toggle
+              label: HTTP_X_FORWARDED_HOST Enabled
+              highlight: 0
+              default: 0
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+            http_x_forwarded.port:
+              type: toggle
+              label: HTTP_X_FORWARDED_PORT Enabled
+              highlight: 1
+              default: 1
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+            http_x_forwarded.ip:
+              type: toggle
+              label: HTTP_X_FORWARDED IP Enabled
+              highlight: 1
+              default: 1
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
 
-            accounts.storage:
-              type: hidden
 
             strict_mode.blueprint_compat:
               type: toggle
               label: PLUGIN_ADMIN.STRICT_BLUEPRINT_COMPAT
-              highlight: 1
-              default: 1
+              highlight: 0
+              default: 0
               help: PLUGIN_ADMIN.STRICT_BLUEPRINT_COMPAT_HELP
               options:
                 1: PLUGIN_ADMIN.YES
@@ -1453,8 +1772,8 @@ form:
             strict_mode.yaml_compat:
               type: toggle
               label: PLUGIN_ADMIN.STRICT_YAML_COMPAT
-              highlight: 1
-              default: 1
+              highlight: 0
+              default: 0
               help: PLUGIN_ADMIN.STRICT_YAML_COMPAT_HELP
               options:
                 1: PLUGIN_ADMIN.YES
@@ -1465,8 +1784,8 @@ form:
             strict_mode.twig_compat:
               type: toggle
               label: PLUGIN_ADMIN.STRICT_TWIG_COMPAT
-              highlight: 1
-              default: 1
+              highlight: 0
+              default: 0
               help: PLUGIN_ADMIN.STRICT_TWIG_COMPAT_HELP
               options:
                 1: PLUGIN_ADMIN.YES
@@ -1474,32 +1793,15 @@ form:
               validate:
                 type: bool
 
-        experimental:
+
+        accounts:
           type: tab
-          title: PLUGIN_ADMIN.EXPERIMENTAL
+          title: PLUGIN_ADMIN.ACCOUNTS
 
           fields:
-            experimental_section:
-              type: section
-              title: PLUGIN_ADMIN.EXPERIMENTAL
-              underline: true
-
-            flex_pages:
-              type: section
-              title: Flex Pages
-
-            pages.type:
-              type: select
-              label: PLUGIN_ADMIN.PAGES_TYPE
-              highlight: stable
-              help: PLUGIN_ADMIN.PAGES_TYPE_HELP
-              options:
-                regular: PLUGIN_ADMIN.REGULAR
-                flex: PLUGIN_ADMIN.FLEX
-
             flex_accounts:
               type: section
-              title: Flex Accounts
+              title: User Accounts
 
             accounts.type:
               type: select
@@ -1519,60 +1821,40 @@ form:
                 file: PLUGIN_ADMIN.FILE
                 folder: PLUGIN_ADMIN.FOLDER
 
-            flex_caching:
-              type: section
-              title: PLUGIN_ADMIN.FLEX_CACHING
-
-            flex.cache.index.enabled:
-              type: toggle
-              label: PLUGIN_ADMIN.FLEX_INDEX_CACHE_ENABLED
-              highlight: 1
-              default: 1
+            accounts.avatar:
+              type: select
+              label: PLUGIN_ADMIN.AVATAR
+              default: gravatar
+              help: PLUGIN_ADMIN.AVATAR_HELP
               options:
-                1: PLUGIN_ADMIN.ENABLED
-                0: PLUGIN_ADMIN.DISABLED
-              validate:
-                type: bool
+                multiavatar: Multiavatar [local]
+                gravatar: Gravatar [external]
 
-            flex.cache.index.lifetime:
-              type: text
-              label: PLUGIN_ADMIN.FLEX_INDEX_CACHE_LIFETIME
-              default: 60
-              validate:
-                type: int
+#        experimental:
+#          type: tab
+#          title: PLUGIN_ADMIN.EXPERIMENTAL
+#
+#          fields:
+#            experimental_section:
+#              type: section
+#              title: PLUGIN_ADMIN.EXPERIMENTAL
+#              underline: true
+#
+#            flex_pages:
+#              type: section
+#              title: Flex Pages
+#
+#            pages.type:
+#              type: select
+#              label: PLUGIN_ADMIN.PAGES_TYPE
+#              highlight: regular
+#              help: PLUGIN_ADMIN.PAGES_TYPE_HELP
+#              options:
+#                regular: PLUGIN_ADMIN.REGULAR
+#                flex: PLUGIN_ADMIN.FLEX
+#
+#            pages.type:
+#              type: hidden
 
-            flex.cache.object.enabled:
-              type: toggle
-              label: PLUGIN_ADMIN.FLEX_OBJECT_CACHE_ENABLED
-              highlight: 1
-              default: 1
-              options:
-                1: PLUGIN_ADMIN.ENABLED
-                0: PLUGIN_ADMIN.DISABLED
-              validate:
-                type: bool
 
-            flex.cache.object.lifetime:
-              type: text
-              label: PLUGIN_ADMIN.FLEX_OBJECT_CACHE_LIFETIME
-              default: 600
-              validate:
-                type: int
 
-            flex.cache.render.enabled:
-              type: toggle
-              label: PLUGIN_ADMIN.FLEX_RENDER_CACHE_ENABLED
-              highlight: 1
-              default: 1
-              options:
-                1: PLUGIN_ADMIN.ENABLED
-                0: PLUGIN_ADMIN.DISABLED
-              validate:
-                type: bool
-
-            flex.cache.render.lifetime:
-              type: text
-              label: PLUGIN_ADMIN.FLEX_RENDER_CACHE_LIFETIME
-              default: 600
-              validate:
-                type: int

system/blueprints/flex/accounts.yaml

@@ -2,7 +2,7 @@ title: Flex User Accounts
 description: Manage your User Accounts in Flex.
 type: flex-objects
 
-# Deprecated in Grav 1.7.0-rc.4: file was renamed.
+# Deprecated in Grav 1.7.0-rc.4: file was renamed to user-accounts.yaml
 extends@:
   type: user-accounts
   context: blueprints://flex

system/blueprints/flex/configure/compat.yaml

@@ -0,0 +1,17 @@
+form:
+  compatibility:
+    type: tab
+    title: Compatibility
+    fields:
+      object.compat.events:
+        type: toggle
+        toggleable: true
+        label: Admin event compatibility
+        help: Enables onAdminSave and onAdminAfterSave events for plugins
+        highlight: 1
+        default: 1
+        options:
+          1: PLUGIN_ADMIN.ENABLED
+          0: PLUGIN_ADMIN.DISABLED
+        validate:
+          type: bool

system/blueprints/flex/pages.yaml

@@ -103,6 +103,9 @@ config:
           label: PLUGIN_ADMIN.ADD
 
     edit:
+      title:
+        template: "{% if object.root %}Root <small>( &lt;root&gt; )</small>{% else %}{{ (form.value('header.title') ?? form.value('folder'))|e }} <small>( {{ (object.getRoute().toString(false) ?: '/')|e }} )</small>{% endif %}"
+
       # TODO: not used yet
       buttons:
         back:
@@ -173,7 +176,7 @@ config:
         indexed: true
     # Set default ordering of the pages
     ordering:
-      key: ASC
+      storage_key: ASC
     search:
        # Search options
       options:
@@ -181,9 +184,16 @@ config:
       # Fields to be searched
       fields:
         - key
+        - slug
         - menu
         - title
-        - name
+
+blueprints:
+  configure:
+    fields:
+      import@:
+        type: configure/compat
+        context: blueprints://flex
 
 # Regular form definition
 form:

system/blueprints/flex/user-accounts.yaml

@@ -56,6 +56,8 @@ config:
         username:
           link: edit
           search: true
+          field:
+            label: PLUGIN_ADMIN.USERNAME
         email:
           search: true
         fullname:
@@ -113,12 +115,33 @@ config:
         pattern: '{FOLDER}/{KEY}{EXT}'
         indexed: true
         key: username
+        case_sensitive: false
     search:
       options:
         contains: 1
       fields:
         - key
         - email
+        - username
+        - fullname
+
+  relationships:
+    media:
+      type: media
+      cardinality: to-many
+    avatar:
+      type: media
+      cardinality: to-one
+#    roles:
+#      type: user-groups
+#      cardinality: to-many
+
+blueprints:
+  configure:
+    fields:
+      import@:
+        type: configure/compat
+        context: blueprints://flex
 
 # Regular form definition
 form:

system/blueprints/flex/user-groups.yaml

@@ -18,6 +18,7 @@ config:
         configure:
           path: '/accounts/configure'
       redirects:
+        '/groups': '/accounts/groups'
         '/accounts': '/accounts/groups'
 
     # Permissions
@@ -112,4 +113,12 @@ config:
       fields:
         - key
         - groupname
+        - readableName
         - description
+
+blueprints:
+  configure:
+    fields:
+      import@:
+        type: configure/compat
+        context: blueprints://flex

system/blueprints/pages/default.yaml

@@ -121,7 +121,7 @@ form:
                       underline: true
 
                     folder:
-                      type: text
+                      type: folder-slug
                       label: PLUGIN_ADMIN.FOLDER_NAME
                       validate:
                         rule: slug
@@ -320,6 +320,18 @@ form:
 
               fields:
 
+                header.redirect_default_route:
+                  type: toggle
+                  toggleable: true
+                  label: PLUGIN_ADMIN.REDIRECT_DEFAULT_ROUTE
+                  help: PLUGIN_ADMIN.REDIRECT_DEFAULT_ROUTE_HELP
+                  config-highlight@: system.pages.redirect_default_route
+                  options:
+                    1: PLUGIN_ADMIN.YES
+                    0: PLUGIN_ADMIN.NO
+                  validate:
+                    type: bool
+
                 header.routes.default:
                   type: text
                   toggleable: true

system/blueprints/pages/external.yaml

@@ -1,7 +1,7 @@
-title: PLUGIN_ADMIN:EXTERNAL
+title: PLUGIN_ADMIN.EXTERNAL
 extends@:
-    type: default
-    context: blueprints://pages
+  type: default
+  context: blueprints://pages
 
 form:
   validation: loose
@@ -29,16 +29,16 @@ form:
               unset@: true
 
             header.external_url:
-                type: text
-                label: PLUGIN_ADMIN.EXTERNAL_URL
-                placeholder: https://getgrav.org
-                validate:
-                    required: true
+              type: text
+              label: PLUGIN_ADMIN.EXTERNAL_URL
+              placeholder: https://getgrav.org
+              validate:
+                required: true
+
         options:
           fields:
 
             publishing:
-
               fields:
 
                 header.date:

system/blueprints/pages/partials/security.yaml

@@ -7,7 +7,7 @@ form:
 
       fields:
 
-        header.visibility_requires_access:
+        header.login.visibility_requires_access:
           type: toggle
           toggleable: true
           label: PLUGIN_ADMIN.PAGE_VISIBILITY_REQUIRES_ACCESS
@@ -51,17 +51,13 @@ form:
             type: bool
 
         header.permissions.authors:
-          type: list
+          type: array
           toggleable: true
+          value_only: true
+          placeholder_value: PLUGIN_ADMIN.USERNAME
           label: PLUGIN_ADMIN.PAGE_AUTHORS
           help: PLUGIN_ADMIN.PAGE_AUTHORS_HELP
 
-          fields:
-            value:
-              type: text
-              placeholder: PLUGIN_ADMIN.USERNAME
-              style: vertical
-
         header.permissions.groups:
           ignore@: true
           type: acl_picker

system/blueprints/user/account.yaml

@@ -11,10 +11,21 @@ form:
         avatar:
             type: file
             size: large
-            destination: 'user://accounts/avatars'
+            destination: 'account://avatars'
             multiple: false
             random_name: true
 
+        multiavatar_only:
+          type: conditional
+          condition: config.system.accounts.avatar == 'multiavatar'
+          fields:
+            avatar_hash:
+                type: text
+                label: ''
+                placeholder: 'e.g. dceaadcfda491f4e45'
+                description: PLUGIN_ADMIN.AVATAR_HASH
+                size: large
+
         content:
             type: section
             title: PLUGIN_ADMIN.ACCOUNT
@@ -67,6 +78,15 @@ form:
             default: 'en'
             help: PLUGIN_ADMIN.LANGUAGE_HELP
 
+        content_editor:
+            type: select
+            label: PLUGIN_ADMIN.CONTENT_EDITOR
+            size: medium
+            classes: fancy
+            data-options@: 'Grav\Plugin\Admin\Admin::contentEditor'
+            default: 'default'
+            help: PLUGIN_ADMIN.CONTENT_EDITOR_HELP
+
         twofa_check:
             type: conditional
             condition: config.plugins.admin.twofa_enabled
@@ -98,6 +118,14 @@ form:
                     label: PLUGIN_ADMIN.2FA_SECRET
                     sublabel: PLUGIN_ADMIN.2FA_SECRET_HELP
 
+                yubikey_id:
+                    type: text
+                    label: PLUGIN_ADMIN.YUBIKEY_ID
+                    description: PLUGIN_ADMIN.YUBIKEY_HELP
+                    size: small
+                    maxlength: 12
+
+
 
         security:
             security@: admin.super

system/blueprints/user/account_new.yaml

@@ -13,6 +13,6 @@ form:
       label: PLUGIN_ADMIN.USERNAME
       help: PLUGIN_ADMIN.USERNAME_HELP
       unset-disabled@: true
-      unset-readonly@: true
+      unset-readonly@: true
       validate:
         required: true

system/blueprints/user/group.yaml

@@ -1,48 +1,55 @@
 title: Group
+rules:
+  slug:
+    pattern: '[a-zA-Zа-яA-Я0-9_\-]+'
+    min: 1
+    max: 200
+
 form:
-    validation: loose
+  validation: loose
 
-    fields:
-        groupname:
-            type: text
-            size: large
-            label: PLUGIN_ADMIN.GROUP_NAME
-            flex-disabled@: exists
-            flex-readonly@: exists
-            validate:
-              required: true
+  fields:
+    groupname:
+      type: text
+      size: large
+      label: PLUGIN_ADMIN.GROUP_NAME
+      flex-disabled@: exists
+      flex-readonly@: exists
+      validate:
+        required: true
+        rule: slug
 
-        readableName:
-            type: text
-            size: large
-            label: PLUGIN_ADMIN.DISPLAY_NAME
+    readableName:
+      type: text
+      size: large
+      label: PLUGIN_ADMIN.DISPLAY_NAME
 
-        description:
-            type: text
-            size: large
-            label: PLUGIN_ADMIN.DESCRIPTION
+    description:
+      type: text
+      size: large
+      label: PLUGIN_ADMIN.DESCRIPTION
 
-        icon:
-            type: text
-            size: small
-            label: PLUGIN_ADMIN.ICON
+    icon:
+      type: text
+      size: small
+      label: PLUGIN_ADMIN.ICON
 
-        enabled:
-            type: toggle
-            label: PLUGIN_ADMIN.ENABLED
-            highlight: 1
-            default: 1
-            options:
-              1: PLUGIN_ADMIN.YES
-              0: PLUGIN_ADMIN.NO
-            validate:
-              type: bool
+    enabled:
+      type: toggle
+      label: PLUGIN_ADMIN.ENABLED
+      highlight: 1
+      default: 1
+      options:
+        1: PLUGIN_ADMIN.YES
+        0: PLUGIN_ADMIN.NO
+      validate:
+        type: bool
 
-        access:
-            type: permissions
-            check_authorize: false
-            label: PLUGIN_ADMIN.PERMISSIONS
-            ignore_empty: true
-            validate:
-                type: array
-                value_type: bool
+    access:
+      type: permissions
+      check_authorize: false
+      label: PLUGIN_ADMIN.PERMISSIONS
+      ignore_empty: true
+      validate:
+        type: array
+        value_type: bool

system/blueprints/user/group_new.yaml

@@ -1,5 +1,11 @@
 title: PLUGIN_ADMIN_PRO.ADD_GROUP
 
+rules:
+  slug:
+    pattern: '[a-zA-Zа-яA-Я0-9_\-]+'
+    min: 1
+    max: 200
+
 form:
   validation: loose
   fields:
@@ -14,3 +20,4 @@ form:
       help: PLUGIN_ADMIN_PRO.GROUP_NAME_HELP
       validate:
         required: true
+        rule: slug

system/config/media.yaml

@@ -28,6 +28,10 @@ types:
     type: image
     thumb: media/thumb-webp.png
     mime: image/webp
+  avif:
+    type: image
+    thumb: media/thumb.png
+    mime: image/avif
   gif:
     type: animated
     thumb: media/thumb-gif.png
@@ -91,7 +95,7 @@ types:
   aif:
     type: audio
     thumb: media/thumb-aif.png
-    mime: audio/aif
+    mime: audio/aiff
   txt:
     type: file
     thumb: media/thumb-txt.png
@@ -107,7 +111,7 @@ types:
   docx:
     type: file
     thumb: media/thumb-docx.png
-    mime: application/msword
+    mime: application/vnd.openxmlformats-officedocument.wordprocessingml.document
   xls:
     type: file
     thumb: media/thumb-xls.png
@@ -115,7 +119,7 @@ types:
   xlsx:
     type: file
     thumb: media/thumb-xlsx.png
-    mime: application/vnd.ms-excel
+    mime: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
   ppt:
     type: file
     thumb: media/thumb-ppt.png
@@ -123,7 +127,7 @@ types:
   pptx:
     type: file
     thumb: media/thumb-pptx.png
-    mime: application/vnd.ms-powerpoint
+    mime: application/vnd.openxmlformats-officedocument.presentationml.presentation
   pps:
     type: file
     thumb: media/thumb-pps.png
@@ -195,7 +199,7 @@ types:
   gz:
     type: file
     thumb: media/thumb-gz.png
-    mime: application/gzip
+    mime: application/x-gzip
   tar:
     type: file
     thumb: media/thumb-tar.png
@@ -207,7 +211,7 @@ types:
   js:
     type: file
     thumb: media/thumb-js.png
-    mime: application/javascript
+    mime: text/javascript
   json:
     type: file
     thumb: media/thumb-json.png

system/config/streams.yaml

@@ -1,16 +0,0 @@
-schemes:
-  image:
-    type: Stream
-    paths:
-      - user://images
-      - system://images
-
-  page:
-    type: ReadOnlyStream
-    paths:
-      - user://pages
-
-  account:
-    type: ReadOnlyStream
-    paths:
-      - user://accounts

system/config/system.yaml

@@ -10,18 +10,24 @@ custom_base_url: ''                              # Set the base_url manually, e.
 username_regex: '^[a-z0-9_-]{3,16}$'             # Only lowercase chars, digits, dashes, underscores. 3 - 16 chars
 pwd_regex: '(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}' # At least one number, one uppercase and lowercase letter, and be at least 8+ chars
 intl_enabled: true                               # Special logic for PHP International Extension (mod_intl)
+http_x_forwarded:                                # Configuration options for the various HTTP_X_FORWARD headers
+  protocol: true
+  host: false
+  port: true
+  ip: true
 
 languages:
   supported: []                                  # List of languages supported. eg: [en, fr, de]
   default_lang:                                  # Default is the first supported language. Must be one of the supported languages
   include_default_lang: true                     # Include the default lang prefix in all URLs
   include_default_lang_file_extension: true      # If true, include language code for the default language in file extension: default.en.md
-  pages_fallback_only: false                     # Only fallback to find page content through supported languages
   translations: true                             # If false, translation keys are used instead of translated strings
   translations_fallback: true                    # Fallback through supported translations if active lang doesn't exist
   session_store_active: false                    # Store active language in session
   http_accept_language: false                    # Attempt to set the language based on http_accept_language header in the browser
   override_locale: false                         # Override the default or system locale with language specific one
+  content_fallback: {}                           # Custom language fallbacks. eg: {fr: ['fr', 'en']}
+  pages_fallback_only: false                     # DEPRECATED: Use `content_fallback` instead
 
 home:
   alias: '/home'                                 # Default path for home, ie /
@@ -56,16 +62,22 @@ pages:
     special_chars:                               # List of special characters to automatically convert to entities
       '>': 'gt'
       '<': 'lt'
+    valid_link_attributes:                       # Valid attributes to pass through via markdown links
+      - rel
+      - target
+      - id
+      - class
+      - classes
   types: [html,htm,xml,txt,json,rss,atom]        # list of valid page types
   append_url_extension: ''                       # Append page's extension in Page urls (e.g. '.html' results in /path/page.html)
   expires: 604800                                # Page expires time in seconds (604800 seconds = 7 days)
   cache_control:                                 # Can be blank for no setting, or a valid `cache-control` text value
   last_modified: false                           # Set the last modified date header based on file modification timestamp
-  etag: false                                    # Set the etag header tag
+  etag: true                                     # Set the etag header tag
   vary_accept_encoding: false                    # Add `Vary: Accept-Encoding` header
-  redirect_default_route: false                  # Automatically redirect to a page's default route
-  redirect_default_code: 302                     # Default code to use for redirects
-  redirect_trailing_slash: true                  # Handle automatically or 302 redirect a trailing / URL
+  redirect_default_code: 302                     # Default code to use for redirects: 301|302|303
+  redirect_trailing_slash: 1                     # Always redirect trailing slash with redirect code 0|1|301|302 (0: no redirect, 1: use default code)
+  redirect_default_route: 0                      # Always redirect to page's default route using code 0|1|301|302, also removes .htm and .html extensions
   ignore_files: [.DS_Store]                      # Files to ignore in Pages
   ignore_folders: [.git, .idea]                  # Folders to ignore in Pages
   ignore_hidden: true                            # Ignore all Hidden files and folders
@@ -84,21 +96,25 @@ cache:
   purge_at: '0 4 * * *'                          # How often to purge old file cache (using new scheduler)
   clear_at: '0 3 * * *'                           # How often to clear cache (using new scheduler)
   clear_job_type: 'standard'                     # Type to clear when processing the scheduled clear job `standard`|`all`
-  clear_images_by_default: true                  # By default grav will include processed images in cache clear, this can be disabled
+  clear_images_by_default: false                 # By default grav does not include processed images in cache clear, this can be enabled
   cli_compatibility: false                       # Ensures only non-volatile drivers are used (file, redis, memcache, etc.)
   lifetime: 604800                               # Lifetime of cached data in seconds (0 = infinite)
   gzip: false                                    # GZip compress the page output
   allow_webserver_gzip: false                    # If true, `content-encoding: identity` but connection isn't closed before `onShutDown()` event
   redis:
     socket: false                                # Path to redis unix socket (e.g. /var/run/redis/redis.sock), false = use server and port to connect
+    password:                                    # Optional password
+    database:                                    # Optional database ID
 
 twig:
   cache: true                                    # Set to true to enable Twig caching
   debug: true                                    # Enable Twig debug
   auto_reload: true                              # Refresh cache on changes
-  autoescape: false                              # Autoescape Twig vars (DEPRECATED, always enabled in strict mode)
+  autoescape: true                               # Autoescape Twig vars (DEPRECATED, always enabled in strict mode)
   undefined_functions: true                      # Allow undefined functions
   undefined_filters: true                        # Allow undefined filters
+  safe_functions: []                             # List of PHP functions which are allowed to be used as Twig functions
+  safe_filters: []                               # List of PHP functions which are allowed to be used as Twig filters
   umask_fix: false                               # By default Twig creates cached files as 755, fix switches this to 775
 
 assets:                                          # Configuration for Assets Manager (JS, CSS)
@@ -111,10 +127,14 @@ assets:                                          # Configuration for Assets Mana
   js_pipeline: false                             # The JS pipeline is the unification of multiple JS resources into one file
   js_pipeline_include_externals: true            # Include external URLs in the pipeline by default
   js_pipeline_before_excludes: true              # Render the pipeline before any excluded files
+  js_module_pipeline: false                      # The JS Module pipeline is the unification of multiple JS Module resources into one file
+  js_module_pipeline_include_externals: true     # Include external URLs in the pipeline by default
+  js_module_pipeline_before_excludes: true       # Render the pipeline before any excluded files
   js_minify: true                                # Minify the JS during pipelining
   enable_asset_timestamp: false                  # Enable asset timestamps
+  enable_asset_sri: false                        # Enable asset SRI
   collections:
-    jquery: system://assets/jquery/jquery-2.x.min.js
+    jquery: system://assets/jquery/jquery-3.x.min.js
 
 errors:
   display: 0                                     # Display either (1) Full backtrace | (0) Simple Error | (-1) System Error
@@ -124,6 +144,7 @@ log:
   handler: file                                 # Log handler. Currently supported: file | syslog
   syslog:
     facility: local6                            # Syslog facilities output
+    tag: grav                                   # Syslog tag. Default: "grav".
 
 debugger:
   enabled: false                                 # Enable Grav debugger and following settings
@@ -137,8 +158,20 @@ images:
   cache_all: false                               # Cache all image by default
   cache_perms: '0755'                            # MUST BE IN QUOTES!! Default cache folder perms. Usually '0755' or '0775'
   debug: false                                   # Show an overlay over images indicating the pixel depth of the image when working with retina for example
-  auto_fix_orientation: false                    # Automatically fix the image orientation based on the Exif data
+  auto_fix_orientation: true                     # Automatically fix the image orientation based on the Exif data
   seofriendly: false                             # SEO-friendly processed image names
+  cls:                                           # Cumulative Layout Shift: See https://web.dev/optimize-cls/
+    auto_sizes: false                            # Automatically add height/width to image
+    aspect_ratio: false                          # Reserve space with aspect ratio style
+    retina_scale: 1                              # scale to adjust auto-sizes for better handling of HiDPI resolutions
+  defaults:
+    loading: auto                                # Let browser pick [auto|lazy|eager]
+  watermark:
+    image: 'system://images/watermark.png'       # Path to a watermark image
+    position_y: 'center'                         # top|center|bottom
+    position_x: 'center'                         # left|center|right
+    scale: 33                                    # percentage of watermark scale
+    watermark_all: false                         # automatically watermark all images
 
 media:
   enable_media_timestamp: false                  # Enable media timestamps
@@ -153,20 +186,30 @@ session:
   name: grav-site                                # Name prefix of the session cookie. Use alphanumeric, dashes or underscores only. Do not use dots in the session name
   uniqueness: path                               # Should sessions be `path` based or `security.salt` based
   secure: false                                  # Set session secure. If true, indicates that communication for this cookie must be over an encrypted transmission. Enable this only on sites that run exclusively on HTTPS
+  secure_https: true                             # Set session secure on HTTPS but not on HTTP. Has no effect if you have `session.secure: true`. Set to false if your site jumps between HTTP and HTTPS.
   httponly: true                                 # Set session HTTP only. If true, indicates that cookies should be used only over HTTP, and JavaScript modification is not allowed.
+  samesite: Lax                                  # Set session SameSite. Possible values are Lax, Strict and None. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
   split: true                                    # Sessions should be independent between site and plugins (such as admin)
-  path:
+  domain:                                        # Domain used by sessions.
+  path:                                          # Path used by sessions.
 
 gpm:
-  releases: testing                              # Set to either 'stable' or 'testing'
-  proxy_url:                                     # Configure a manual proxy URL for GPM (eg 127.0.0.1:3128)
-  method: 'auto'                                 # Either 'curl', 'fopen' or 'auto'. 'auto' will try fopen first and if not available cURL
-  verify_peer: true                              # Sometimes on some systems (Windows most commonly) GPM is unable to connect because the SSL certificate cannot be verified. Disabling this setting might help.
+  releases: stable                               # Set to either 'stable' or 'testing'
   official_gpm_only: true                        # By default GPM direct-install will only allow URLs via the official GPM proxy to ensure security
 
+http:
+  method: auto                                   # Either 'curl', 'fopen' or 'auto'. 'auto' will try fopen first and if not available cURL
+  enable_proxy: true                             # Enable proxy server configuration
+  proxy_url:                                     # Configure a manual proxy URL for GPM (eg 127.0.0.1:3128)
+  proxy_cert_path:                               # Local path to proxy certificate folder containing pem files
+  concurrent_connections: 5                      # Concurrent HTTP connections when multiplexing
+  verify_peer: true                              # Enable/Disable SSL verification of peer certificates
+  verify_host: true                              # Enable/Disable SSL verification of host certificates
+
 accounts:
   type: regular                                  # EXPERIMENTAL: Account type: regular or flex
   storage: file                                  # EXPERIMENTAL: Flex storage type: file or folder
+  avatar: gravatar                               # Avatar generator [multiavatar|gravatar]
 
 flex:
   cache:
@@ -181,6 +224,6 @@ flex:
       lifetime: 600                             # Lifetime of cached HTML in seconds (0 = infinite)
 
 strict_mode:
-  yaml_compat: true                              # Grav 1.5+: Enables YAML backwards compatibility
-  twig_compat: true                              # Grav 1.5+: Enables deprecated Twig autoescape setting (autoescape: false)
-  blueprint_compat: true                         # Grav 1.7+: Enables backward compatible strict support for blueprints
+  yaml_compat: false                            # Set to true to enable YAML backwards compatibility
+  twig_compat: false                            # Set to true to enable deprecated Twig settings (autoescape: false)
+  blueprint_compat: false                       # Set to true to enable backward compatible strict support for blueprints

system/defines.php

@@ -1,42 +1,90 @@
 <?php
+
 /**
  * @package    Grav\Core
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
 // Some standard defines
 define('GRAV', true);
-define('GRAV_VERSION', '1.7.0-rc.9');
-define('GRAV_TESTING', true);
-define('DS', '/');
+define('GRAV_VERSION', '1.7.36');
+define('GRAV_SCHEMA', '1.7.0_2020-11-20_1');
+define('GRAV_TESTING', false);
 
+// PHP minimum requirement
 if (!defined('GRAV_PHP_MIN')) {
-    define('GRAV_PHP_MIN', '7.1.3');
+    define('GRAV_PHP_MIN', '7.3.6');
 }
 
-// Directories and Paths
-if (!defined('GRAV_ROOT')) {
-    define('GRAV_ROOT', str_replace(DIRECTORY_SEPARATOR, DS, getcwd()));
+// Directory separator
+if (!defined('DS')) {
+    define('DS', '/');
 }
-define('ROOT_DIR', GRAV_ROOT . '/');
-define('USER_PATH', 'user/');
-define('USER_DIR', ROOT_DIR . USER_PATH);
-define('CACHE_DIR', ROOT_DIR . 'cache/');
+
+// Absolute path to Grav root. This is where Grav is installed into.
+if (!defined('GRAV_ROOT')) {
+    $path = rtrim(str_replace(DIRECTORY_SEPARATOR, DS, getenv('GRAV_ROOT') ?: getcwd()), DS);
+    define('GRAV_ROOT', $path);
+}
+// Absolute path to Grav webroot. This is the path where your site is located in.
+if (!defined('GRAV_WEBROOT')) {
+    $path = rtrim(getenv('GRAV_WEBROOT') ?: GRAV_ROOT, DS);
+    define('GRAV_WEBROOT', $path);
+}
+// Relative path to user folder. This path needs to be located under GRAV_WEBROOT.
+if (!defined('GRAV_USER_PATH')) {
+    $path = rtrim(getenv('GRAV_USER_PATH') ?: 'user', DS);
+    define('GRAV_USER_PATH', $path);
+}
+// Absolute or relative path to system folder. Defaults to GRAV_ROOT/system
+// If system folder is outside of webroot, see https://github.com/getgrav/grav/issues/3297#issuecomment-810294972
+if (!defined('GRAV_SYSTEM_PATH')) {
+    $path = rtrim(getenv('GRAV_SYSTEM_PATH') ?: 'system', DS);
+    define('GRAV_SYSTEM_PATH', $path);
+}
+// Absolute or relative path to cache folder. Defaults to GRAV_ROOT/cache
+if (!defined('GRAV_CACHE_PATH')) {
+    $path = rtrim(getenv('GRAV_CACHE_PATH') ?: 'cache', DS);
+    define('GRAV_CACHE_PATH', $path);
+}
+// Absolute or relative path to logs folder. Defaults to GRAV_ROOT/logs
+if (!defined('GRAV_LOG_PATH')) {
+    $path = rtrim(getenv('GRAV_LOG_PATH') ?: 'logs', DS);
+    define('GRAV_LOG_PATH', $path);
+}
+// Absolute or relative path to tmp folder. Defaults to GRAV_ROOT/tmp
+if (!defined('GRAV_TMP_PATH')) {
+    $path = rtrim(getenv('GRAV_TMP_PATH') ?: 'tmp', DS);
+    define('GRAV_TMP_PATH', $path);
+}
+// Absolute or relative path to backup folder. Defaults to GRAV_ROOT/backup
+if (!defined('GRAV_BACKUP_PATH')) {
+    $path = rtrim(getenv('GRAV_BACKUP_PATH') ?: 'backup', DS);
+    define('GRAV_BACKUP_PATH', $path);
+}
+unset($path);
+
+// INTERNAL: Do not use!
+define('USER_DIR', GRAV_WEBROOT . '/' . GRAV_USER_PATH . '/');
+define('CACHE_DIR', (!preg_match('`^(/|[a-z]:[\\\/])`ui', GRAV_CACHE_PATH) ? GRAV_ROOT . '/' : '') . GRAV_CACHE_PATH . '/');
 
 // DEPRECATED: Do not use!
-define('ASSETS_DIR', ROOT_DIR . 'assets/');
-define('IMAGES_DIR', ROOT_DIR . 'images/');
-define('ACCOUNTS_DIR', USER_DIR .'accounts/');
-define('PAGES_DIR', USER_DIR .'pages/');
-define('DATA_DIR', USER_DIR .'data/');
-define('SYSTEM_DIR', ROOT_DIR .'system/');
-define('LIB_DIR', SYSTEM_DIR .'src/');
-define('PLUGINS_DIR', USER_DIR .'plugins/');
-define('THEMES_DIR', USER_DIR .'themes/');
-define('VENDOR_DIR', ROOT_DIR .'vendor/');
-define('LOG_DIR', ROOT_DIR .'logs/');
+define('CACHE_PATH', GRAV_CACHE_PATH . DS);
+define('USER_PATH', GRAV_USER_PATH . DS);
+define('ROOT_DIR', GRAV_ROOT . DS);
+define('ASSETS_DIR', GRAV_WEBROOT . '/assets/');
+define('IMAGES_DIR', GRAV_WEBROOT . '/images/');
+define('ACCOUNTS_DIR', USER_DIR . 'accounts/');
+define('PAGES_DIR', USER_DIR . 'pages/');
+define('DATA_DIR', USER_DIR . 'data/');
+define('PLUGINS_DIR', USER_DIR . 'plugins/');
+define('THEMES_DIR', USER_DIR . 'themes/');
+define('SYSTEM_DIR', (!preg_match('`^(/|[a-z]:[\\\/])`ui', GRAV_SYSTEM_PATH) ? GRAV_ROOT . '/' : '') . GRAV_SYSTEM_PATH . '/');
+define('LIB_DIR', SYSTEM_DIR . 'src/');
+define('VENDOR_DIR', GRAV_ROOT . '/vendor/');
+define('LOG_DIR', (!preg_match('`^(/|[a-z]:[\\\/])`ui', GRAV_LOG_PATH) ? GRAV_ROOT . '/' : '') . GRAV_LOG_PATH . '/');
 // END DEPRECATED
 
 // Some extensions

system/install.php

@@ -2,7 +2,7 @@
 /**
  * @package    Grav\Core
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 

system/languages/ar.yaml

@@ -1,6 +1,17 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\nالعنوان: %1$s\n---\n# خطأ: مادة أمامية غير صحيحة\n\nمسار: '%2$s'\n\n**%3$s**\n\n, , ,\n\n%4$s\n, , ,"
+  INFLECTOR_UNCOUNTABLE:
+    - 'معدّات'
+    - 'معلومات'
+    - 'أرز'
+    - 'مال'
+    - 'نوع'
+    - 'سلسلة'
+    - 'سمك'
+    - 'خروف'
+  INFLECTOR_IRREGULAR:
+    'person': 'أشخاص'
   NICETIME:
     NO_DATE_PROVIDED: لم يتم تقديم التاريخ
     BAD_DATE: تاريخ خاطئ
@@ -37,9 +48,10 @@ GRAV:
     YR_PLURAL: سنوات
     DEC_PLURAL: عقود
   FORM:
-    VALIDATION_FAIL: <b>فشل التحقق من صحة:</b>
-    INVALID_INPUT: إدخال غير صحيح في
+    VALIDATION_FAIL: '<b>فشل التحقق من صحة:</b>'
+    INVALID_INPUT: 'إدخال غير صحيح في'
     MISSING_REQUIRED_FIELD: 'حقل مطلوب مفقود:'
+    XSS_ISSUES: "مشاكل XSS محتملة تم اكتشافها في حقل '%s' '"
   MONTHS_OF_THE_YEAR:
     - 'كانون الثاني'
     - 'شباط'
@@ -61,3 +73,21 @@ GRAV:
     - 'الجمعة'
     - 'السبت'
     - 'الأحد'
+  YES: "نعم"
+  NO: "لا"
+  CRON:
+    EVERY: كل
+    EVERY_HOUR: كل ساعة
+    EVERY_MINUTE: كل دقيقة
+    EVERY_DAY_OF_WEEK: كل يوم في الأسبوع
+    EVERY_DAY_OF_MONTH: كل يوم في الشهر
+    EVERY_MONTH: ' كل شهر'
+    TEXT_PERIOD: كل <b />
+    TEXT_MINS: ' في <b /> دقيقة(دقائق) بعد الساعة'
+    TEXT_TIME: ' في <b />:<b />'
+    TEXT_DOW: ' في <b />'
+    TEXT_MONTH: ' من <b />'
+    TEXT_DOM: ' في <b />'
+    ERROR1: الوسم %s غير مدعوم!
+    ERROR2: عدد عناصر غير صالح.
+    ERROR4: تعبير غير معروف

system/languages/bg.yaml

@@ -36,8 +36,8 @@ GRAV:
     YR_PLURAL: г
     DEC_PLURAL: дстлт
   FORM:
-    VALIDATION_FAIL: <b>Неуспешна проверка:</b>
-    INVALID_INPUT: Невалидно въвеждане в
+    VALIDATION_FAIL: '<b>Неуспешна проверка:</b>'
+    INVALID_INPUT: 'Невалидно въвеждане в'
     MISSING_REQUIRED_FIELD: 'Липсва задължително поле:'
   MONTHS_OF_THE_YEAR:
     - 'януари'

system/languages/ca.yaml

@@ -1,11 +1,21 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\ntitle: %1$s\n---\n\n# S'ha produït un error: Frontmatter invàlid\n\nRuta: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_UNCOUNTABLE:
+    - 'equipment'
+    - 'informació'
+    - 'rice'
+    - 'money'
+    - 'species'
+    - 'series'
+    - 'fish'
+    - 'sheep'
   NICETIME:
     NO_DATE_PROVIDED: No s'ha proporcionat data
     BAD_DATE: Data invàlida
     AGO: abans
     FROM_NOW: des d'ara
+    JUST_NOW: Ara mateix
     SECOND: segon
     MINUTE: minut
     HOUR: hora
@@ -36,9 +46,10 @@ GRAV:
     YR_PLURAL: anys
     DEC_PLURAL: dèc.
   FORM:
-    VALIDATION_FAIL: <b>Ha fallat la validació:</b>
-    INVALID_INPUT: Entrada no vàlida a
+    VALIDATION_FAIL: '<b>Ha fallat la validació:</b>'
+    INVALID_INPUT: 'Entrada no vàlida a'
     MISSING_REQUIRED_FIELD: 'Falta camp obligatori:'
+    XSS_ISSUES: "Detectats potencials problemes XSS al camp '%s'"
   MONTHS_OF_THE_YEAR:
     - 'Gener'
     - 'Febrer'
@@ -60,3 +71,17 @@ GRAV:
     - 'Divendres'
     - 'Dissabte'
     - 'Diumenge'
+  YES: "Sí"
+  NO: "No"
+  CRON:
+    EVERY: cada
+    EVERY_HOUR: cada hora
+    EVERY_MINUTE: cada minut
+    EVERY_DAY_OF_WEEK: cada dia de la setmana
+    EVERY_DAY_OF_MONTH: cada dia del mes
+    EVERY_MONTH: cada mes
+    TEXT_PERIOD: Cada <b />
+    ERROR1: L'etiqueta %s no està suportada!
+    ERROR2: Nombre d'elements incorrecte
+    ERROR3: El jquery_element s'ha d'establir a la configuració de jqCron
+    ERROR4: Expressió no reconeguda

system/languages/cs.yaml

@@ -101,9 +101,10 @@ GRAV:
     YR_PLURAL: r
     DEC_PLURAL: dek
   FORM:
-    VALIDATION_FAIL: <b>Ověření se nezdařilo:</b>
-    INVALID_INPUT: Neplatný vstup v
+    VALIDATION_FAIL: '<b>Ověření se nezdařilo:</b>'
+    INVALID_INPUT: 'Neplatný vstup v'
     MISSING_REQUIRED_FIELD: 'Chybí požadované pole:'
+    XSS_ISSUES: "Byly zjištěny možné problémy XSS v poli '%s'"
   MONTHS_OF_THE_YEAR:
     - 'leden'
     - 'únor'
@@ -125,6 +126,8 @@ GRAV:
     - 'pátek'
     - 'sobota'
     - 'neděle'
+  YES: "Ano"
+  NO: "Ne"
   CRON:
     EVERY: každý
     EVERY_HOUR: každou hodinu

system/languages/da.yaml

@@ -1,11 +1,27 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\nTitel: %1$s\n---\n\n# Fejl: Ugyldigt frontmatter\n\nSti: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_UNCOUNTABLE:
+    - 'udstyr'
+    - 'information'
+    - 'ris'
+    - 'penge'
+    - 'arter'
+    - 'Serier'
+    - 'fisk'
+    - 'får'
+  INFLECTOR_IRREGULAR:
+    'person': 'personer'
+    'man': 'mænd'
+    'child': 'børn'
+    'sex': 'køn'
+    'move': 'flyt'
   NICETIME:
     NO_DATE_PROVIDED: Ingen dato angivet
     BAD_DATE: Ugyldig dato
     AGO: siden
     FROM_NOW: fra nu
+    JUST_NOW: lige nu
     SECOND: sekund
     MINUTE: minut
     HOUR: time
@@ -15,6 +31,7 @@ GRAV:
     YEAR: år
     DECADE: årti
     SEC: sek
+    MIN: min.
     HR: t
     WK: u
     MO: md
@@ -36,8 +53,8 @@ GRAV:
     YR_PLURAL: år
     DEC_PLURAL: årtier
   FORM:
-    VALIDATION_FAIL: <b>Validering mislykkedes:</b>
-    INVALID_INPUT: Ugyldigt input i
+    VALIDATION_FAIL: '<b>Validering mislykkedes:</b>'
+    INVALID_INPUT: 'Ugyldigt input i'
     MISSING_REQUIRED_FIELD: 'Mangler obligatorisk felt:'
   MONTHS_OF_THE_YEAR:
     - 'januar'
@@ -60,3 +77,14 @@ GRAV:
     - 'fredag'
     - 'lørdag'
     - 'søndag'
+  CRON:
+    EVERY: hver
+    EVERY_HOUR: hver time
+    EVERY_MINUTE: hvert minut
+    EVERY_DAY_OF_WEEK: alle ugens dage
+    EVERY_DAY_OF_MONTH: alle dage i måneden
+    EVERY_MONTH: hver måned
+    TEXT_PERIOD: Hver <b />
+    TEXT_MINS: ' ved <b /> minut(ter) over timen'
+    ERROR1: Tagget %s understøttes ikke!
+    ERROR2: Ugyldigt antal elementer

system/languages/de.yaml

@@ -101,9 +101,10 @@ GRAV:
     YR_PLURAL: Jahre
     DEC_PLURAL: Jahrzehnten
   FORM:
-    VALIDATION_FAIL: <b>Überprüfung fehlgeschlagen:</b>
-    INVALID_INPUT: Ungültige Eingabe in
+    VALIDATION_FAIL: '<b>Überprüfung fehlgeschlagen:</b>'
+    INVALID_INPUT: 'Ungültige Eingabe in'
     MISSING_REQUIRED_FIELD: 'Erforderliches Feld fehlt:'
+    XSS_ISSUES: "Potenzielle XSS-Probleme im Feld '%s' erkannt"
   MONTHS_OF_THE_YEAR:
     - 'Januar'
     - 'Februar'
@@ -125,6 +126,8 @@ GRAV:
     - 'Freitag'
     - 'Samstag'
     - 'Sonntag'
+  YES: "Ja"
+  NO: "Nein"
   CRON:
     EVERY: jede
     EVERY_HOUR: jede Stunde

system/languages/el.yaml

@@ -1,11 +1,75 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\nΤίτλος: %1$s\n---\n\n# Σφάλμα: Μη έγκυρη διαδρομή Frontmatter\n\nΔιαδρομή: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1zes'
+    '/^(ox)$/i': '\1en'
+    '/([m|l])ouse$/i': '\1ice'
+    '/(matr|vert|ind)ix|ex$/i': '\1ices'
+    '/(x|ch|ss|sh)$/i': '\1es'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([^aeiouy]|qu)y$/i': '\1ies'
+    '/(hive)$/i': '\1s'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2ves'
+    '/sis$/i': 'ses'
+    '/([ti])um$/i': '\1a'
+    '/(buffal|tomat)o$/i': '\1oes'
+    '/(bu)s$/i': '\1ses'
+    '/(alias|status)/i': '\1es'
+    '/(octop|vir)us$/i': '\1i'
+    '/(ax|test)is$/i': '\1es'
+    '/s$/i': 's'
+    '/$/': 's'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/(matr)ices$/i': '\1ix'
+    '/(vert|ind)ices$/i': '\1ex'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1us'
+    '/(cris|ax|test)es$/i': '\1is'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1ouse'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1ovie'
+    '/(s)eries$/i': '\1eries'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([lr])ves$/i': '\1f'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1fe'
+    '/(^analy)ses$/i': '\1sis'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2sis'
+    '/([ti])a$/i': '\1um'
+    '/(n)ews$/i': '\1ews'
+  INFLECTOR_UNCOUNTABLE:
+    - 'εξοπλισμός'
+    - 'πληροφοριες'
+    - 'rice'
+    - 'χρήματα'
+    - 'είδη'
+    - 'σειρές'
+    - 'ψάρι'
+    - 'πρόβατο'
+  INFLECTOR_IRREGULAR:
+    'person': 'άνθρωποι'
+    'man': 'άνδρες'
+    'child': 'παιδιά'
+    'sex': 'φύλο'
+    'move': 'κινήσεις'
+  INFLECTOR_ORDINALS:
+    'default': 'th'
+    'first': 'st'
+    'second': 'nd'
+    'third': 'rd'
   NICETIME:
     NO_DATE_PROVIDED: Δεν δόθηκε καμία ημερομηνία
     BAD_DATE: Εσφαλμένη ημερομηνία
     AGO: πρίν
     FROM_NOW: από τώρα
+    JUST_NOW: μόλις τώρα
     SECOND: δευτερόλεπτο
     MINUTE: λεπτό
     HOUR: ώρα
@@ -37,8 +101,8 @@ GRAV:
     YR_PLURAL: έτη
     DEC_PLURAL: δεκαετίες
   FORM:
-    VALIDATION_FAIL: <b>Η επικύρωση απέτυχε:</b>
-    INVALID_INPUT: Μη έγκυρα δεδομένα σε
+    VALIDATION_FAIL: '<b>Η επικύρωση απέτυχε:</b>'
+    INVALID_INPUT: 'Μη έγκυρα δεδομένα σε'
     MISSING_REQUIRED_FIELD: 'Λείπει το απαιτούμενο πεδίο:'
   MONTHS_OF_THE_YEAR:
     - 'Ιανουάριος'
@@ -61,3 +125,20 @@ GRAV:
     - 'Παρασκευή'
     - 'Σάββατο'
     - 'Κυριακή'
+  CRON:
+    EVERY: κάθε
+    EVERY_HOUR: κάθε ώρα
+    EVERY_MINUTE: κάθε λεπτό
+    EVERY_DAY_OF_WEEK: κάθε μέρα της εβδομάδος
+    EVERY_DAY_OF_MONTH: κάθε μέρα του μήνα
+    EVERY_MONTH: κάθε μήνα
+    TEXT_PERIOD: Κάθε <b />
+    TEXT_MINS: ' κατά <b /> λεπτό(ά) μετά την ώρα'
+    TEXT_TIME: ' στο <b />:<b />'
+    TEXT_DOW: ' στις <b />'
+    TEXT_MONTH: ' από <b />'
+    TEXT_DOM: ' στις <b />'
+    ERROR1: Η ετικέτα %s δεν υποστηρίζεται!
+    ERROR2: Μη έγκυρος αριθμός στοιχείων
+    ERROR3: Το jquery_element θα έπρεπε να οριστεί στις ρυθμίσεις του jqCron
+    ERROR4: Μη αναγνωρισμένη έκφραση

system/languages/en.yaml

@@ -94,9 +94,10 @@ GRAV:
         YR_PLURAL: yrs
         DEC_PLURAL: decs
     FORM:
-        VALIDATION_FAIL: <b>Validation failed:</b>
-        INVALID_INPUT: Invalid input in
-        MISSING_REQUIRED_FIELD: Missing required field:
+        VALIDATION_FAIL: '<b>Validation failed:</b>'
+        INVALID_INPUT: 'Invalid input in'
+        MISSING_REQUIRED_FIELD: 'Missing required field:'
+        XSS_ISSUES: "Potential XSS issues detected in '%s' field"
     MONTHS_OF_THE_YEAR: ['January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December']
     DAYS_OF_THE_WEEK: ['Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday', 'Sunday']
     YES: "Yes"

system/languages/es.yaml

@@ -1,19 +1,25 @@
 ---
 GRAV:
-  FRONTMATTER_ERROR_PAGE: "---\ntítulo: %1$s\n---\n\n# Error: Frontmatter no válido\n\nRuta: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  FRONTMATTER_ERROR_PAGE: "---\ntítulo: %1$s\n---\n\n# Error: Prefacio no válido\n\nRuta: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1ios'
+    '/s$/i': 's'
+    '/$/': 's'
   INFLECTOR_UNCOUNTABLE:
-    - 'equipo'
+    - 'equipamiento'
     - 'información'
-    - 'rice'
+    - 'arroz'
     - 'dinero'
-    - 'species'
+    - 'especies'
     - 'series'
     - 'pescado'
     - 'oveja'
   INFLECTOR_IRREGULAR:
+    'person': 'personas'
     'man': 'hombres'
     'child': 'niños'
     'sex': 'sexos'
+    'move': 'movido'
   INFLECTOR_ORDINALS:
     'first': 'ro'
     'second': 'do'
@@ -33,10 +39,12 @@ GRAV:
     YEAR: año
     DECADE: década
     SEC: seg
+    MIN: min
     HR: h
     WK: sem
     MO: mes
     YR: año
+    DEC: déc
     SECOND_PLURAL: segundos
     MINUTE_PLURAL: minutos
     HOUR_PLURAL: horas
@@ -46,6 +54,7 @@ GRAV:
     YEAR_PLURAL: años
     DECADE_PLURAL: décadas
     SEC_PLURAL: segs
+    MIN_PLURAL: mins
     HR_PLURAL: hs
     WK_PLURAL: sem
     MO_PLURAL: mes
@@ -55,6 +64,7 @@ GRAV:
     VALIDATION_FAIL: '<b>Falló la validación: </b>'
     INVALID_INPUT: 'Dato inválido en: '
     MISSING_REQUIRED_FIELD: 'Falta el campo requerido: '
+    XSS_ISSUES: "Se detectaron potenciales problemas XSS en el campo '%s'"
   MONTHS_OF_THE_YEAR:
     - 'Enero'
     - 'Febrero'
@@ -76,6 +86,8 @@ GRAV:
     - 'Viernes'
     - 'Sábado'
     - 'Domingo'
+  YES: "Sí"
+  NO: "No"
   CRON:
     EVERY: cada
     EVERY_HOUR: cada hora
@@ -84,12 +96,12 @@ GRAV:
     EVERY_DAY_OF_MONTH: cada día del mes
     EVERY_MONTH: cada mes
     TEXT_PERIOD: Cada <b />
-    TEXT_MINS: ' a <b /> minuto(s) despues de la hora'
+    TEXT_MINS: ' a <b /> minuto(s) después de la hora'
     TEXT_TIME: ' a <b />:<b />'
     TEXT_DOW: ' en <b />'
     TEXT_MONTH: ' de<b />'
     TEXT_DOM: ' en<b />'
-    ERROR1: La etiqueta %s no está soportada!
-    ERROR2: El número de elementos es erroneo
+    ERROR1: '¡La etiqueta %s no está soportada!'
+    ERROR2: El número de elementos es erróneo
     ERROR3: El jquery_element debería establecerse en la configuración del jqCron
     ERROR4: Expresión no reconocida

system/languages/et.yaml

@@ -1,11 +1,22 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\npealkiri: %1$s\n---\n\n# Viga: vigane Frontmatter'i\n\nasukoht: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(octop|vir)us$/i': '\1i'
+  INFLECTOR_SINGULAR:
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
   INFLECTOR_UNCOUNTABLE:
     - 'equipment'
     - 'informatsioon'
-    - 'rice'
-    - 'money'
+    - 'riis'
+    - 'raha'
     - 'species'
     - 'series'
     - 'kala'
@@ -34,6 +45,7 @@ GRAV:
     YEAR: aasta
     DECADE: 10 aastat
     SEC: sek
+    MIN: min
     HR: t
     WK: näd
     MO: k.
@@ -55,7 +67,7 @@ GRAV:
     YR_PLURAL: aastat
     DEC_PLURAL: dek.
   FORM:
-    VALIDATION_FAIL: <b>Kinnitamine nurjus:</b>
+    VALIDATION_FAIL: '<b>Kinnitamine nurjus:</b>'
     INVALID_INPUT: 'Vigane sisend:'
     MISSING_REQUIRED_FIELD: 'Nõutud väli puudub:'
   MONTHS_OF_THE_YEAR:
@@ -81,5 +93,12 @@ GRAV:
     - 'pühapäev'
   CRON:
     EVERY: iga
+    EVERY_HOUR: iga tund
+    EVERY_MINUTE: iga minut
+    EVERY_DAY_OF_WEEK: iga nädala päev
     EVERY_MONTH: iga kuu
     TEXT_PERIOD: Iga <b />
+    ERROR1: Silt %s pole toetatud!
+    ERROR2: Vale elementide arv
+    ERROR3: jqCron seadetes peaks olema määratud jquery_element
+    ERROR4: Tundmatu väljend

system/languages/eu.yaml

@@ -36,8 +36,8 @@ GRAV:
     YR_PLURAL: urt
     DEC_PLURAL: ham
   FORM:
-    VALIDATION_FAIL: <b>Balidazioak huts egin du</b>
-    INVALID_INPUT: Baliogabeko sarrera
+    VALIDATION_FAIL: '<b>Balidazioak huts egin du</b>'
+    INVALID_INPUT: 'Baliogabeko sarrera'
     MISSING_REQUIRED_FIELD: 'Derrigorrezko eremua bete gabe:'
   MONTHS_OF_THE_YEAR:
     - 'Urtarrila'

system/languages/fa.yaml

@@ -36,8 +36,8 @@ GRAV:
     YR_PLURAL: سال
     DEC_PLURAL: دهه
   FORM:
-    VALIDATION_FAIL: <b>سنجش اعتبار ناموفق بود</b>
-    INVALID_INPUT: ورودی نامعتبر در
+    VALIDATION_FAIL: '<b>سنجش اعتبار ناموفق بود</b>'
+    INVALID_INPUT: 'ورودی نامعتبر در'
     MISSING_REQUIRED_FIELD: 'قسمت ضروری جا افتاده:'
   MONTHS_OF_THE_YEAR:
     - 'ژانویه'

system/languages/fi.yaml

@@ -100,8 +100,8 @@ GRAV:
     YR_PLURAL: v
     DEC_PLURAL: vuosikymmentä
   FORM:
-    VALIDATION_FAIL: <b>Vahvistus epäonnistui:</b>
-    INVALID_INPUT: Syöte ei kelpaa
+    VALIDATION_FAIL: '<b>Vahvistus epäonnistui:</b>'
+    INVALID_INPUT: 'Syöte ei kelpaa'
     MISSING_REQUIRED_FIELD: 'Puuttuva pakollinen kenttä:'
   MONTHS_OF_THE_YEAR:
     - 'Tammikuu'

system/languages/fr.yaml

@@ -16,6 +16,7 @@ GRAV:
     '/(buffal|tomat)o$/i': '\1es'
     '/(bu)s$/i': 'Bus'
     '/(alias|status)/i': 'alias|status'
+    '/(octop|vir)us$/i': 'virus'
     '/(ax|test)is$/i': '\1s'
     '/s$/i': 's'
     '/$/': 's'
@@ -23,6 +24,7 @@ GRAV:
     '/(quiz)zes$/i': '\1'
     '/(alias|status)es$/i': '\1'
     '/([octop|vir])i$/i': '\1us'
+    '/(n)ews$/i': '\1ouvelles'
   INFLECTOR_UNCOUNTABLE:
     - 'équipement'
     - 'information'
@@ -57,10 +59,10 @@ GRAV:
     MONTH: mois
     YEAR: année
     DECADE: décennie
-    SEC: s
-    MIN: m
-    HR: h
-    WK: sem
+    SEC: sec.
+    MIN: min.
+    HR: hr.
+    WK: sem.
     MO: m
     YR: an
     DEC: déc
@@ -80,30 +82,33 @@ GRAV:
     YR_PLURAL: a
     DEC_PLURAL: décs
   FORM:
-    VALIDATION_FAIL: <b>La validation a échoué :</b>
-    INVALID_INPUT: Saisie non valide
+    VALIDATION_FAIL: '<b>La validation a échoué :</b>'
+    INVALID_INPUT: 'Saisie non valide'
     MISSING_REQUIRED_FIELD: 'Champ obligatoire manquant :'
+    XSS_ISSUES: "Erreurs XSS probablement détectées dans le champ '%s'"
   MONTHS_OF_THE_YEAR:
-    - 'Janvier'
-    - 'Février'
-    - 'Mars'
-    - 'Avril'
-    - 'Mai'
-    - 'Juin'
-    - 'Juillet'
-    - 'Août'
-    - 'Septembre'
-    - 'Octobre'
-    - 'Novembre'
-    - 'Décembre'
+    - 'janvier'
+    - 'février'
+    - 'mars'
+    - 'avril'
+    - 'mai'
+    - 'juin'
+    - 'juillet'
+    - 'août'
+    - 'septembre'
+    - 'octobre'
+    - 'novembre'
+    - 'décembre'
   DAYS_OF_THE_WEEK:
-    - 'Lundi'
-    - 'Mardi'
-    - 'Mercredi'
-    - 'Jeudi'
-    - 'Vendredi'
-    - 'Samedi'
-    - 'Dimanche'
+    - 'lundi'
+    - 'mardi'
+    - 'mercredi'
+    - 'jeudi'
+    - 'vendredi'
+    - 'samedi'
+    - 'dimanche'
+  YES: "Oui"
+  NO: "Non"
   CRON:
     EVERY: chaque
     EVERY_HOUR: toutes les heures
@@ -117,7 +122,7 @@ GRAV:
     TEXT_DOW: ' sur <b/>'
     TEXT_MONTH: ' de <b />'
     TEXT_DOM: ' sur <b/>'
-    ERROR1: La balise %s n'est pas supportée!
+    ERROR1: La balise %s n'est pas prise en charge !
     ERROR2: Nombre invalide d'éléments
     ERROR3: L'élément jquery_element doit être défini dans les paramètres jqCron
     ERROR4: Expression non reconnue

system/languages/gl.yaml

@@ -0,0 +1,147 @@
+---
+GRAV:
+  FRONTMATTER_ERROR_PAGE: "---\ntítulo: %1$s\n---\n\n# Erro: Limiar incorrecto\n\nRuta: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1zes'
+    '/^(ox)$/i': '\1en'
+    '/([m|l])ouse$/i': '\1ice'
+    '/(matr|vert|ind)ix|ex$/i': '\1ices'
+    '/(x|ch|ss|sh)$/i': '\1es'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([^aeiouy]|qu)y$/i': '\1ies'
+    '/(hive)$/i': '\1s'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2ves'
+    '/sis$/i': 'ses'
+    '/([ti])um$/i': '\1a'
+    '/(buffal|tomat)o$/i': '\1oes'
+    '/(bu)s$/i': '\1ses'
+    '/(alias|status)/i': '\1'
+    '/(octop|vir)us$/i': '\1'
+    '/(ax|test)is$/i': '\1es'
+    '/s$/i': 's'
+    '/$/': 's'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1ces'
+    '/(matr)ices$/i': '\1ix'
+    '/(vert|ind)ices$/i': '\1ex'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1'
+    '/(cris|ax|test)es$/i': '\1es'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1ouse'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1ovie'
+    '/(s)eries$/i': '\1eries'
+    '/([^aeiouy]|qu)ies$/i': '\1'
+    '/([lr])ves$/i': '\1f'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1fe'
+    '/(^analy)ses$/i': '\1se'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2se'
+    '/([ti])a$/i': '\1um'
+    '/(n)ews$/i': '\1ews'
+  INFLECTOR_UNCOUNTABLE:
+    - 'equipo'
+    - 'información'
+    - 'arroz'
+    - 'diñeiro'
+    - 'especies'
+    - 'series'
+    - 'peixe'
+    - 'ovella'
+  INFLECTOR_IRREGULAR:
+    'person': 'xente'
+    'man': 'home'
+    'child': 'neno'
+    'sex': 'sexos'
+    'move': 'move'
+  INFLECTOR_ORDINALS:
+    'default': 'º'
+    'first': 'º'
+    'second': 'º'
+    'third': 'º'
+  NICETIME:
+    NO_DATE_PROVIDED: Non fornece unha data
+    BAD_DATE: Data errada
+    AGO: hai
+    FROM_NOW: dende agora
+    JUST_NOW: xusto agora
+    SECOND: segundo
+    MINUTE: minuto
+    HOUR: hora
+    DAY: día
+    WEEK: semana
+    MONTH: mes
+    YEAR: ano
+    DECADE: década
+    SEC: seg
+    MIN: min
+    HR: hr 
+    WK: Sem
+    MO: m
+    YR: a
+    DEC: dec
+    SECOND_PLURAL: segundos
+    MINUTE_PLURAL: minutos
+    HOUR_PLURAL: horas
+    DAY_PLURAL: días
+    WEEK_PLURAL: semanas
+    MONTH_PLURAL: meses
+    YEAR_PLURAL: anos
+    DECADE_PLURAL: décadas
+    SEC_PLURAL: segs
+    MIN_PLURAL: mins
+    HR_PLURAL: hrs
+    WK_PLURAL: sem
+    MO_PLURAL: mes
+    YR_PLURAL: a
+    DEC_PLURAL: deca
+  FORM:
+    VALIDATION_FAIL: '<b>Fallou a validación:</b>'
+    INVALID_INPUT: 'Entrada incorrecta en'
+    MISSING_REQUIRED_FIELD: 'Falta un campo requirido:'
+    XSS_ISSUES: "Detectáronse posibles problemas XSS no campo '% s'"
+  MONTHS_OF_THE_YEAR:
+    - 'xaneiro'
+    - 'febreiro'
+    - 'marzo'
+    - 'abril'
+    - 'maio'
+    - 'xuño'
+    - 'xullo'
+    - 'agosto'
+    - 'setembro'
+    - 'outubro'
+    - 'novembro'
+    - 'decembro'
+  DAYS_OF_THE_WEEK:
+    - 'luns'
+    - 'martes'
+    - 'mércores'
+    - 'xoves'
+    - 'venres'
+    - 'sábado'
+    - 'domingo'
+  YES: "Si"
+  NO: "Non"
+  CRON:
+    EVERY: cada
+    EVERY_HOUR: Cada hora
+    EVERY_MINUTE: Cada minuto
+    EVERY_DAY_OF_WEEK: cada día da semana
+    EVERY_DAY_OF_MONTH: cada día do mes
+    EVERY_MONTH: cada mes
+    TEXT_PERIOD: Cada <b />
+    TEXT_MINS: ' dentro de <b /> minuto(s) despois da hora'
+    TEXT_TIME: ' dentro <b />:<b />'
+    TEXT_DOW: ' o <b />'
+    TEXT_MONTH: ' de <b />'
+    TEXT_DOM: ' o <b />'
+    ERROR1: A etiqueta %s non é compatíbel!
+    ERROR2: Mal número de elementos
+    ERROR3: O jquery_element debería estar determinado na configuración de jqCron
+    ERROR4: Expresión non recoñecida

system/languages/he.yaml

@@ -37,8 +37,8 @@ GRAV:
     YR_PLURAL: שני'
     DEC_PLURAL: עש'
   FORM:
-    VALIDATION_FAIL: <b>האימות נכשל:</b>
-    INVALID_INPUT: קלט לא חוקי
+    VALIDATION_FAIL: '<b>האימות נכשל:</b>'
+    INVALID_INPUT: 'קלט לא חוקי'
     MISSING_REQUIRED_FIELD: 'שדות חובה חסרים:'
   MONTHS_OF_THE_YEAR:
     - 'ינואר'

system/languages/hr.yaml

@@ -50,8 +50,8 @@ GRAV:
     YR_PLURAL: g
     DEC_PLURAL: des
   FORM:
-    VALIDATION_FAIL: <b>Validacija nije uspjela:</b>
-    INVALID_INPUT: Pogrešan unos u
+    VALIDATION_FAIL: '<b>Validacija nije uspjela:</b>'
+    INVALID_INPUT: 'Pogrešan unos u'
     MISSING_REQUIRED_FIELD: 'Nedostaje obavezno polje:'
   MONTHS_OF_THE_YEAR:
     - 'Siječanj'

system/languages/hu.yaml

@@ -58,7 +58,7 @@ GRAV:
     YR_PLURAL: év
     DEC_PLURAL: évt
   FORM:
-    VALIDATION_FAIL: <b>Érvényesítés nem sikerült:</b>
+    VALIDATION_FAIL: '<b>Érvényesítés nem sikerült:</b>'
     INVALID_INPUT: 'A megadott érték érvénytelen:'
     MISSING_REQUIRED_FIELD: 'Ez a kötelező mező nincs kitöltve:'
   MONTHS_OF_THE_YEAR:

system/languages/id.yaml

@@ -1,26 +1,74 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\ntitle: %1$s\n---\n\n# Error: Frontmatter tidak valid\n\nLokasi: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1zes'
+    '/^(ox)$/i': '\1en'
+    '/([m|l])ouse$/i': '\1ice'
+    '/(matr|vert|ind)ix|ex$/i': '\1ices'
+    '/(x|ch|ss|sh)$/i': '\1es'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([^aeiouy]|qu)y$/i': '\1ies'
+    '/(hive)$/i': '\1s'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2ves'
+    '/sis$/i': 'ses'
+    '/([ti])um$/i': '\1a'
+    '/(buffal|tomat)o$/i': '\1oes'
+    '/(bu)s$/i': '\1ses'
+    '/(alias|status)/i': '\1es'
+    '/(octop|vir)us$/i': '\1i'
+    '/(ax|test)is$/i': '\1es'
+    '/s$/i': 's'
+    '/$/': 's'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/(matr)ices$/i': '\1ix'
+    '/(vert|ind)ices$/i': '\1ex'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1us'
+    '/(cris|ax|test)es$/i': '\1is'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1ouse'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1ovie'
+    '/(s)eries$/i': '\1eries'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([lr])ves$/i': '\1f'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1fe'
+    '/(^analy)ses$/i': '\1sis'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2sis'
+    '/([ti])a$/i': '\1um'
+    '/(n)ews$/i': '\1ews'
   INFLECTOR_UNCOUNTABLE:
-    - 'peralatan'
-    - 'informasi'
-    - 'nasi'
-    - 'uang'
-    - 'spesies'
-    - 'rangkaian'
-    - 'ikan'
-    - 'domba'
+    - 'Peralatan'
+    - 'Informasi '
+    - 'Nasi'
+    - 'Uang'
+    - 'Jenis'
+    - 'Seri'
+    - 'Ikan'
+    - 'Domba'
   INFLECTOR_IRREGULAR:
-    'person': 'orang-orang'
-    'man': 'laki-laki'
-    'child': 'anak-anak'
-    'sex': 'jenis kelamin'
+    'person': 'Orang-orang'
+    'man': 'Pria'
+    'child': 'Balita'
+    'sex': 'Jenis Kelamin'
     'move': 'pindahkan'
+  INFLECTOR_ORDINALS:
+    'default': 'ke'
+    'first': 'pertama'
+    'second': 'nd'
+    'third': 'rd'
   NICETIME:
-    NO_DATE_PROVIDED: Tanggal tidak tersedia
+    NO_DATE_PROVIDED: Tidak ada tanggal yang disediakan
     BAD_DATE: Format tanggal salah
     AGO: yang lalu
-    FROM_NOW: dari saat ini
+    FROM_NOW: dari sekarang
     JUST_NOW: baru saja
     SECOND: detik
     MINUTE: menit
@@ -30,12 +78,12 @@ GRAV:
     MONTH: bulan
     YEAR: tahun
     DECADE: dekade
-    SEC: dtk
-    MIN: mnt
-    HR: j
-    WK: mng
-    MO: bln
-    YR: thn
+    SEC: detik
+    MIN: menit
+    HR: ' jam'
+    WK: minggu
+    MO: bulan
+    YR: tahun
     DEC: desimal
     SECOND_PLURAL: detik
     MINUTE_PLURAL: menit
@@ -45,17 +93,18 @@ GRAV:
     MONTH_PLURAL: bulan
     YEAR_PLURAL: tahun
     DECADE_PLURAL: dekade
-    SEC_PLURAL: dtk
-    MIN_PLURAL: mnt
-    HR_PLURAL: j
-    WK_PLURAL: mgg
-    MO_PLURAL: bln
-    YR_PLURAL: thn
+    SEC_PLURAL: detik
+    MIN_PLURAL: menit
+    HR_PLURAL: jam
+    WK_PLURAL: minggu
+    MO_PLURAL: bulan
+    YR_PLURAL: tahun
     DEC_PLURAL: dekade
   FORM:
-    VALIDATION_FAIL: <b>Validasi gagal:</b>
-    INVALID_INPUT: Input tidak valid di
+    VALIDATION_FAIL: '<b>Validasi gagal:</b>'
+    INVALID_INPUT: 'Input tidak valid di'
     MISSING_REQUIRED_FIELD: 'Data yang diperlukan belum terisi:'
+    XSS_ISSUES: "Isu berpotensial XSS terdeteksi dalam baris %s"
   MONTHS_OF_THE_YEAR:
     - 'Januari'
     - 'Februari'
@@ -74,22 +123,25 @@ GRAV:
     - 'Selasa'
     - 'Rabu'
     - 'Kamis'
-    - 'Jumat'
+    - 'Jum''at'
     - 'Sabtu'
     - 'Minggu'
+  YES: "Ya"
+  NO: "Tidak"
   CRON:
     EVERY: Setiap
     EVERY_HOUR: Setiap jam
     EVERY_MINUTE: Setiap menit
     EVERY_DAY_OF_WEEK: Setiap hari selama seminggu
-    EVERY_DAY_OF_MONTH: pada tanggal setiap bulannya
+    EVERY_DAY_OF_MONTH: Setiap hari dalam sebulan
     EVERY_MONTH: setiap bulan
     TEXT_PERIOD: Setiap <b />
+    TEXT_MINS: 'dalam <b />  menit setelah jam yang lalu'
     TEXT_TIME: ' pada <b />:<b />'
     TEXT_DOW: ' pada <b />'
     TEXT_MONTH: ' pada <b />'
     TEXT_DOM: ' pada <b />'
     ERROR1: Tag %s tidak didukung!
-    ERROR2: Jumlah elemen tidak valid
-    ERROR3: jquery_element harus ditetapkan ke pengaturan jqCron
-    ERROR4: Ekspresi tidak dikenali
+    ERROR2: Jumlah elemen yang buruk
+    ERROR3: jquery_element harus diatur ke dalam pengaturan jqCron
+    ERROR4: Ekspresi tidak dikenal

system/languages/is.yaml

@@ -46,8 +46,8 @@ GRAV:
     YR_PLURAL: árum
     DEC_PLURAL: árat
   FORM:
-    VALIDATION_FAIL: <b>Sannvottun mistókst:</b>
-    INVALID_INPUT: Ógilt inntak í
+    VALIDATION_FAIL: '<b>Sannvottun mistókst:</b>'
+    INVALID_INPUT: 'Ógilt inntak í'
     MISSING_REQUIRED_FIELD: 'Vantar nauðsynlegan reit:'
   MONTHS_OF_THE_YEAR:
     - 'janúar'

system/languages/it.yaml

@@ -1,6 +1,49 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---Titolo: %1$s---# Errore: Frontmatter non valido: '%2$s' * *%3$s * * ' '%4$s ' '"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1'
+    '/^(ox)$/i': '\1en'
+    '/([m|l])ouse$/i': '\1ice'
+    '/(matr|vert|ind)ix|ex$/i': '\1ices'
+    '/(x|ch|ss|sh)$/i': '\1es'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([^aeiouy]|qu)y$/i': '\1ies'
+    '/(hive)$/i': '\1s'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2ves'
+    '/sis$/i': 'ses'
+    '/([ti])um$/i': '\1a'
+    '/(buffal|tomat)o$/i': '\1oes'
+    '/(bu)s$/i': '\1ses'
+    '/(alias|status)/i': '\1es'
+    '/(octop|vir)us$/i': '\1i'
+    '/(ax|test)is$/i': '\1es'
+    '/s$/i': 's'
+    '/$/': 's'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/(matr)ices$/i': '\1ix'
+    '/(vert|ind)ices$/i': '\1ex'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1us'
+    '/(cris|ax|test)es$/i': '\1is'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1ouse'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1ovie'
+    '/(s)eries$/i': '\1eries'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([lr])ves$/i': '\1f'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1fe'
+    '/(^analy)ses$/i': '\1sis'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2sis'
+    '/([ti])a$/i': '\1um'
+    '/(n)ews$/i': '\1ews'
   INFLECTOR_UNCOUNTABLE:
     - 'dotazione'
     - 'informazione'
@@ -58,9 +101,10 @@ GRAV:
     YR_PLURAL: anni
     DEC_PLURAL: decenni
   FORM:
-    VALIDATION_FAIL: <b>Validazione fallita:</b>
-    INVALID_INPUT: Input non valido in
+    VALIDATION_FAIL: '<b>Validazione fallita:</b>'
+    INVALID_INPUT: 'Input non valido in'
     MISSING_REQUIRED_FIELD: 'Campo richiesto mancante:'
+    XSS_ISSUES: "Rilevati potenziali problemi di XSS nel campo '%s'"
   MONTHS_OF_THE_YEAR:
     - 'Gennaio'
     - 'Febbraio'
@@ -82,6 +126,8 @@ GRAV:
     - 'Venerdì'
     - 'Sabato'
     - 'Domenica'
+  YES: "Sì"
+  NO: "No"
   CRON:
     EVERY: ogni
     EVERY_HOUR: ogni ora

system/languages/ja.yaml

@@ -1,11 +1,22 @@
 ---
 GRAV:
+  INFLECTOR_UNCOUNTABLE:
+    - 'equipment'
+    - '情報'
+    - 'rice'
+    - 'お金'
+    - 'species'
+    - 'series'
+    - '魚'
+    - 'ヒツジ'
   INFLECTOR_IRREGULAR:
     'person': 'みんな'
     'man': '人'
     'child': '子供'
     'sex': '性別'
     'move': '移動'
+  INFLECTOR_ORDINALS:
+    'first': '番目'
   NICETIME:
     NO_DATE_PROVIDED: 日付が設定されていません
     BAD_DATE: 不正な日付
@@ -40,8 +51,8 @@ GRAV:
     YR_PLURAL: 年
     DEC_PLURAL: 10年
   FORM:
-    VALIDATION_FAIL: <b>バリデーション失敗 :</b>
-    INVALID_INPUT: 不正な入力：
+    VALIDATION_FAIL: '<b>バリデーション失敗 :</b>'
+    INVALID_INPUT: '不正な入力：'
     MISSING_REQUIRED_FIELD: '必須項目が入力されていません:'
   MONTHS_OF_THE_YEAR:
     - '1月'
@@ -64,3 +75,7 @@ GRAV:
     - '金'
     - '土'
     - '日'
+  CRON:
+    EVERY: 毎
+    EVERY_MONTH: 毎月
+    ERROR1: 共有タイプ %s はサポートされていません

system/languages/ko.yaml

@@ -37,8 +37,8 @@ GRAV:
     YR_PLURAL: 년
     DEC_PLURAL: 년간
   FORM:
-    VALIDATION_FAIL: <b>유효성 검사 실패:</b>
-    INVALID_INPUT: 잘못된 입력
+    VALIDATION_FAIL: '<b>유효성 검사 실패:</b>'
+    INVALID_INPUT: '잘못된 입력'
     MISSING_REQUIRED_FIELD: '누락 된 필수 필드:'
   MONTHS_OF_THE_YEAR:
     - '일월'

system/languages/lt.yaml

@@ -52,8 +52,8 @@ GRAV:
     YR_PLURAL: m.
     DEC_PLURAL: dešimtmečiai
   FORM:
-    VALIDATION_FAIL: <b>Patvirtinimas nepavyko:</b>
-    INVALID_INPUT: Neteisingai įvesta į
+    VALIDATION_FAIL: '<b>Patvirtinimas nepavyko:</b>'
+    INVALID_INPUT: 'Neteisingai įvesta į'
     MISSING_REQUIRED_FIELD: 'Būtina užpildyti laukelį:'
   MONTHS_OF_THE_YEAR:
     - 'Sausis'

system/languages/mn.yaml

@@ -0,0 +1,147 @@
+---
+GRAV:
+  FRONTMATTER_ERROR_PAGE: "---\nГарчиг: %1$s\n---\n\n# Алдаа: Буруу Формат\n\nЗам: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1зүүд'
+    '/^(ox)$/i': '\1ууд'
+    '/([m|l])ouse$/i': '\1ууд'
+    '/(matr|vert|ind)ix|ex$/i': '\1иксүүд'
+    '/(x|ch|ss|sh)$/i': '\1үүд'
+    '/([^aeiouy]|qu)ies$/i': '\1үүд'
+    '/([^aeiouy]|qu)y$/i': '\1үүд'
+    '/(hive)$/i': '\1үүд'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2үүд'
+    '/sis$/i': 'үүд'
+    '/([ti])um$/i': '\1үүд'
+    '/(buffal|tomat)o$/i': '\1үүд'
+    '/(bu)s$/i': '\1үүд'
+    '/(alias|status)/i': '\1үүд'
+    '/(octop|vir)us$/i': '\1үүд'
+    '/(ax|test)is$/i': '\1үүд'
+    '/s$/i': 'үүд'
+    '/$/': 'үүд'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/(matr)ices$/i': '\1икс'
+    '/(vert|ind)ices$/i': '\1икс'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1'
+    '/(cris|ax|test)es$/i': '\1'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1'
+    '/(s)eries$/i': '\1'
+    '/([^aeiouy]|qu)ies$/i': '\1үүд'
+    '/([lr])ves$/i': '\1'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1'
+    '/(^analy)ses$/i': '\1'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2үүд'
+    '/([ti])a$/i': '\1'
+    '/(n)ews$/i': '\1'
+  INFLECTOR_UNCOUNTABLE:
+    - 'тоног төхөөрөмж'
+    - 'Мэдээлэл'
+    - 'будаа'
+    - 'мөнгө'
+    - 'төрөл зүйл'
+    - 'цуврал'
+    - 'загас'
+    - 'хонь'
+  INFLECTOR_IRREGULAR:
+    'person': 'хүмүүс'
+    'man': 'эрчүүд'
+    'child': 'хүүхэд'
+    'sex': 'хүйс'
+    'move': 'хөдөлгөөн'
+  INFLECTOR_ORDINALS:
+    'default': 'th'
+    'first': 'st'
+    'second': 'nd'
+    'third': 'rd'
+  NICETIME:
+    NO_DATE_PROVIDED: Огноо алга
+    BAD_DATE: Буруу огноо
+    AGO: өмнө 
+    FROM_NOW: одооноос
+    JUST_NOW: дөнгөж сая
+    SECOND: секунд
+    MINUTE: минут
+    HOUR: цаг
+    DAY: өдөр
+    WEEK: долоо хоног
+    MONTH: сар
+    YEAR: он
+    DECADE: арван жил
+    SEC: сек
+    MIN: мин
+    HR: цаг
+    WK: д.х.
+    MO: сар
+    YR: он
+    DEC: арван жил
+    SECOND_PLURAL: секунд
+    MINUTE_PLURAL: минут
+    HOUR_PLURAL: цаг
+    DAY_PLURAL: өдрүүд
+    WEEK_PLURAL: долоо хоногууд
+    MONTH_PLURAL: сарууд
+    YEAR_PLURAL: онууд
+    DECADE_PLURAL: арван жилүүд
+    SEC_PLURAL: сек.-үүд
+    MIN_PLURAL: мин.-ууд
+    HR_PLURAL: цагууд
+    WK_PLURAL: д.х.-ууд
+    MO_PLURAL: сарууд
+    YR_PLURAL: жилүүд
+    DEC_PLURAL: арван жилүүд
+  FORM:
+    VALIDATION_FAIL: '<b>Баталгаажуулалт амжилтгүй боллоо:</b>'
+    INVALID_INPUT: 'Буруу өгөгдөл дараахид'
+    MISSING_REQUIRED_FIELD: 'Шаардлагатай талбар дутуу байна:'
+    XSS_ISSUES: "'%s' талбарт XSS -ийн болзошгүй асуудлууд илэрсэн"
+  MONTHS_OF_THE_YEAR:
+    - '1-р сар'
+    - '2-р сар'
+    - '3-р сар'
+    - '4-р сар'
+    - '5 сар'
+    - '6 сар'
+    - '7 сар'
+    - '8 сар'
+    - '9 сар'
+    - '10 сар'
+    - '11 сар'
+    - '12 сар'
+  DAYS_OF_THE_WEEK:
+    - 'Даваа гараг'
+    - 'Мягмар гараг'
+    - 'Лхагва гараг'
+    - 'Пүрэв гараг'
+    - 'Баасан гараг'
+    - 'Бямба гараг'
+    - 'Ням гараг'
+  YES: "Тийм"
+  NO: "Үгүй"
+  CRON:
+    EVERY: бүрийн
+    EVERY_HOUR: цаг бүрийн
+    EVERY_MINUTE: минут бүрийн
+    EVERY_DAY_OF_WEEK: долоо хоногийн өдөр болгонд
+    EVERY_DAY_OF_MONTH: сарын өдөр болгонд
+    EVERY_MONTH: сар болгон
+    TEXT_PERIOD: Бүрийн  <b />
+    TEXT_MINS: '  <b /> энэ сүүлийн цагийн минутад'
+    TEXT_TIME: '  <b />:<b /> -д'
+    TEXT_DOW: '  <b /> -д'
+    TEXT_MONTH: '  <b /> -ын'
+    TEXT_DOM: '  <b /> -т'
+    ERROR1: '%s -н утга нь дэмжигддэггүй!'
+    ERROR2: Элементүүдийн тоо хэмжээ буруу
+    ERROR3: jquery_element нь jqCron тохиргоонд хийгдсэн байх ёстой
+    ERROR4: Танигдаагүй илэрхийлэл

system/languages/nl.yaml

@@ -101,8 +101,8 @@ GRAV:
     YR_PLURAL: jaren
     DEC_PLURAL: decennia
   FORM:
-    VALIDATION_FAIL: <b>Validatie mislukt:</b>
-    INVALID_INPUT: Ongeldige invoer in
+    VALIDATION_FAIL: '<b>Validatie mislukt:</b>'
+    INVALID_INPUT: 'Ongeldige invoer in'
     MISSING_REQUIRED_FIELD: 'Ontbrekend verplicht veld:'
   MONTHS_OF_THE_YEAR:
     - 'Januari'

system/languages/no.yaml

@@ -21,6 +21,7 @@ GRAV:
     BAD_DATE: Ugyldig dato
     AGO: siden
     FROM_NOW: fra nå
+    JUST_NOW: akkurat nå
     SECOND: sekund
     MINUTE: minutt
     HOUR: time
@@ -51,8 +52,8 @@ GRAV:
     YR_PLURAL: år
     DEC_PLURAL: årtier
   FORM:
-    VALIDATION_FAIL: <b>Godkjenning mislyktes:</b>
-    INVALID_INPUT: Ugyldig innhold i
+    VALIDATION_FAIL: '<b>Godkjenning mislyktes:</b>'
+    INVALID_INPUT: 'Ugyldig innhold i'
     MISSING_REQUIRED_FIELD: 'Mangler påkrevd felt:'
   MONTHS_OF_THE_YEAR:
     - 'januar'
@@ -75,3 +76,7 @@ GRAV:
     - 'fredag'
     - 'lørdag'
     - 'søndag'
+  CRON:
+    EVERY: hver
+    EVERY_HOUR: hver time
+    EVERY_MINUTE: hvert minutt

system/languages/pl.yaml

@@ -1,11 +1,32 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\ntitle: %1$s\n---\n\n# Error: Nieprawidłowy Frontmatter\n\nPath: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_SINGULAR:
+    '/(alias|status)es$/i': '\1'
+  INFLECTOR_UNCOUNTABLE:
+    - 'wyposażenie'
+    - 'informacja'
+    - 'rice'
+    - 'pieniądze'
+    - 'species'
+    - 'series'
+    - 'ryba'
+    - 'owca'
+  INFLECTOR_IRREGULAR:
+    'person': 'człowiek'
+    'man': 'mężczyźni'
+    'child': 'dzieci'
+    'sex': 'płci'
+  INFLECTOR_ORDINALS:
+    'first': 'pierwszy'
+    'second': 'drugi'
+    'third': 'trzeci'
   NICETIME:
     NO_DATE_PROVIDED: Nie podano daty
     BAD_DATE: Zła data
     AGO: temu
     FROM_NOW: od teraz
+    JUST_NOW: właśnie teraz
     SECOND: sekunda
     MINUTE: minuta
     HOUR: godzina
@@ -15,6 +36,7 @@ GRAV:
     YEAR: rok
     DECADE: dekada
     SEC: sek
+    MIN: minuta
     HR: godz
     WK: tydz
     MO: m-c
@@ -36,9 +58,10 @@ GRAV:
     YR_PLURAL: lat
     DEC_PLURAL: dekad
   FORM:
-    VALIDATION_FAIL: <b>Weryfikacja nie powiodła się:</b>
-    INVALID_INPUT: Nieprawidłowe dane wejściowe
+    VALIDATION_FAIL: '<b>Weryfikacja nie powiodła się:</b>'
+    INVALID_INPUT: 'Nieprawidłowe dane wejściowe'
     MISSING_REQUIRED_FIELD: 'Opuszczono wymagane pole:'
+    XSS_ISSUES: "Potencjalne problemy XSS wykryte w polu '%s'"
   MONTHS_OF_THE_YEAR:
     - 'Styczeń'
     - 'Luty'
@@ -60,3 +83,18 @@ GRAV:
     - 'Piątek'
     - 'Sobota'
     - 'Niedziela'
+  YES: "Tak"
+  NO: "Nie"
+  CRON:
+    EVERY: każdy
+    EVERY_HOUR: każdą godzinę
+    EVERY_MINUTE: każdą minutę
+    EVERY_DAY_OF_WEEK: każdego dnia tygodnia
+    EVERY_DAY_OF_MONTH: każdego dnia miesiące
+    EVERY_MONTH: każdego miesiąca
+    TEXT_PERIOD: Każdego <b />
+    TEXT_MINS: 'o <b /> minut po godzinie'
+    TEXT_TIME: 'o <b />:<b />'
+    ERROR1: Znacznik %s nie jest wspierany!
+    ERROR2: Nieprawidłowa liczba elementów
+    ERROR4: Wyrażenie nierozpoznane

system/languages/pt.yaml

@@ -1,8 +1,75 @@
 ---
 GRAV:
+  FRONTMATTER_ERROR_PAGE: "---\ntitle: %1$s\n---\n\n# Erro: Frontmatter Inválido\n\nLocalização: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1zes'
+    '/^(ox)$/i': '\1en'
+    '/([m|l])ouse$/i': '\1ice'
+    '/(matr|vert|ind)ix|ex$/i': '\1ices'
+    '/(x|ch|ss|sh)$/i': '\1es'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([^aeiouy]|qu)y$/i': '\1ies'
+    '/(hive)$/i': '\1s'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2ves'
+    '/sis$/i': 'ses'
+    '/([ti])um$/i': '\1a'
+    '/(buffal|tomat)o$/i': '\1oes'
+    '/(bu)s$/i': '\1ses'
+    '/(alias|status)/i': '\1es'
+    '/(octop|vir)us$/i': '\1i'
+    '/(ax|test)is$/i': '\1es'
+    '/s$/i': 's'
+    '/$/': 's'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/(matr)ices$/i': '\1ix'
+    '/(vert|ind)ices$/i': '\1ex'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1us'
+    '/(cris|ax|test)es$/i': '\1is'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1ouse'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1ovie'
+    '/(s)eries$/i': '\1eries'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([lr])ves$/i': '\1f'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1fe'
+    '/(^analy)ses$/i': '\1sis'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2sis'
+    '/([ti])a$/i': '\1um'
+    '/(n)ews$/i': '\1ews'
+  INFLECTOR_UNCOUNTABLE:
+    - 'equipamento'
+    - 'informação'
+    - 'arroz'
+    - 'dinheiro'
+    - 'espécie'
+    - 'série'
+    - 'peixe'
+    - 'ovelha'
+  INFLECTOR_IRREGULAR:
+    'person': 'pessoas'
+    'man': 'homens'
+    'child': 'crianças'
+    'sex': 'sexos'
+    'move': 'movimentos'
+  INFLECTOR_ORDINALS:
+    'default': 'º'
+    'first': 'º'
+    'second': 'º'
+    'third': 'º'
   NICETIME:
     NO_DATE_PROVIDED: Nenhuma data fornecida
+    BAD_DATE: Data inválida
     AGO: atrás
+    FROM_NOW: a partir de agora
+    JUST_NOW: mesmo agora
     SECOND: segundo
     MINUTE: minuto
     HOUR: hora
@@ -11,17 +78,33 @@ GRAV:
     MONTH: mês
     YEAR: ano
     DECADE: década
-    SEC: segundos
-    MIN: minutos
+    SEC: seg
+    MIN: min
+    HR: hora
+    WK: semana
+    MO: mês
+    YR: ano
+    DEC: década
+    SECOND_PLURAL: segundos
     MINUTE_PLURAL: minutos
+    HOUR_PLURAL: horas
     DAY_PLURAL: dias
     WEEK_PLURAL: semanas
     MONTH_PLURAL: meses
     YEAR_PLURAL: anos
-    DECADE_PLURAL: decadas
+    DECADE_PLURAL: décadas
+    SEC_PLURAL: segs
+    MIN_PLURAL: mins
+    HR_PLURAL: hrs
+    WK_PLURAL: sems
+    MO_PLURAL: meses
+    YR_PLURAL: anos
+    DEC_PLURAL: décadas
   FORM:
-    VALIDATION_FAIL: <b>Falha na validação!</b>
-    MISSING_REQUIRED_FIELD: 'Campo obrigatório requerido:'
+    VALIDATION_FAIL: '<b>Falha na validação:</b>'
+    INVALID_INPUT: 'Dados inseridos são inválidos em'
+    MISSING_REQUIRED_FIELD: 'Campo obrigatório em falta:'
+    XSS_ISSUES: "Potenciais problemas de XSS detectados no campo '%s'"
   MONTHS_OF_THE_YEAR:
     - 'Janeiro'
     - 'Fevereiro'
@@ -35,12 +118,30 @@ GRAV:
     - 'Outubro'
     - 'Novembro'
     - 'Dezembro'
-  INFLECTOR_UNCOUNTABLE:
-    - 'equipment'
-    - 'information'
-    - 'arroz'
-    - 'money'
-    - 'species'
-    - 'series'
-    - 'fish'
-    - 'sheep'
+  DAYS_OF_THE_WEEK:
+    - 'Segunda-feira'
+    - 'Terça-feira'
+    - 'Quarta-feira'
+    - 'Quinta-feira'
+    - 'Sexta-feira'
+    - 'Sábado'
+    - 'Domingo'
+  YES: "Sim"
+  NO: "Não"
+  CRON:
+    EVERY: cada
+    EVERY_HOUR: cada hora
+    EVERY_MINUTE: cada minuto
+    EVERY_DAY_OF_WEEK: todos os dias da semana
+    EVERY_DAY_OF_MONTH: todos os dias do mês
+    EVERY_MONTH: todos os meses
+    TEXT_PERIOD: Cada <b />
+    TEXT_MINS: ' em <b /> minuto(s) após a hora'
+    TEXT_TIME: ' em <b />:<b />'
+    TEXT_DOW: ' em <b />'
+    TEXT_MONTH: ' de <b />'
+    TEXT_DOM: ' em <b />'
+    ERROR1: A tag %s não é suportada!
+    ERROR2: Número de elementos inválido
+    ERROR3: O jquery_element deve ser definido nas configurações do jqCron
+    ERROR4: Expressão não reconhecida

system/languages/ro.yaml

@@ -53,8 +53,8 @@ GRAV:
     YR_PLURAL: ani
     DEC_PLURAL: decenii
   FORM:
-    VALIDATION_FAIL: <b>Validare nereușită</b>
-    INVALID_INPUT: Date incorecte în
+    VALIDATION_FAIL: '<b>Validare nereușită</b>'
+    INVALID_INPUT: 'Date incorecte în'
     MISSING_REQUIRED_FIELD: 'Câmp obligatoriu lipsă:'
   MONTHS_OF_THE_YEAR:
     - 'Ianuarie'

system/languages/ru.yaml

@@ -13,7 +13,7 @@ GRAV:
   INFLECTOR_IRREGULAR:
     'person': 'люди'
     'man': 'человек'
-    'child': 'ребенок'
+    'child': 'дети'
     'sex': 'пол'
     'move': 'движется'
   INFLECTOR_ORDINALS:
@@ -58,9 +58,10 @@ GRAV:
     YR_PLURAL: г
     DEC_PLURAL: дстлт
   FORM:
-    VALIDATION_FAIL: <b>Проверка не удалась:</b>
-    INVALID_INPUT: Неверный ввод в
+    VALIDATION_FAIL: '<b>Проверка не удалась:</b>'
+    INVALID_INPUT: 'Неверный ввод в'
     MISSING_REQUIRED_FIELD: 'Отсутствует необходимое поле:'
+    XSS_ISSUES: "Обнаружены потенциальные XSS проблемы в поле '%s'"
   MONTHS_OF_THE_YEAR:
     - 'январь'
     - 'февраль'
@@ -68,12 +69,12 @@ GRAV:
     - 'апрель'
     - 'май'
     - 'июнь'
-    - 'Июль'
-    - 'Август'
-    - 'Сентябрь'
-    - 'Октябрь'
-    - 'Ноябрь'
-    - 'Декабрь'
+    - 'июль'
+    - 'август'
+    - 'сентябрь'
+    - 'октябрь'
+    - 'ноябрь'
+    - 'декабрь'
   DAYS_OF_THE_WEEK:
     - 'понедельник'
     - 'вторник'
@@ -82,6 +83,8 @@ GRAV:
     - 'пятница'
     - 'суббота'
     - 'воскресенье'
+  YES: "Да"
+  NO: "Нет"
   CRON:
     EVERY: раз в
     EVERY_HOUR: раз в час

system/languages/si.yaml

@@ -0,0 +1,9 @@
+---
+GRAV:
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/(x|ch|ss|sh)es$/i': '\1'

system/languages/sk.yaml

@@ -101,8 +101,8 @@ GRAV:
     YR_PLURAL: rokov
     DEC_PLURAL: dekád
   FORM:
-    VALIDATION_FAIL: <b>Overenie zlyhalo:</b>
-    INVALID_INPUT: Neplatný vstup v
+    VALIDATION_FAIL: '<b>Overenie zlyhalo:</b>'
+    INVALID_INPUT: 'Neplatný vstup v'
     MISSING_REQUIRED_FIELD: 'Chýba vyžadované pole:'
   MONTHS_OF_THE_YEAR:
     - 'Január'

system/languages/sl.yaml

@@ -36,8 +36,8 @@ GRAV:
     YR_PLURAL: l
     DEC_PLURAL: des
   FORM:
-    VALIDATION_FAIL: <b>Preverjanje veljavnosti ni uspelo:</b>
-    INVALID_INPUT: Neveljaven vnos v
+    VALIDATION_FAIL: '<b>Preverjanje veljavnosti ni uspelo:</b>'
+    INVALID_INPUT: 'Neveljaven vnos v'
     MISSING_REQUIRED_FIELD: 'Manjka obvezno polje:'
   MONTHS_OF_THE_YEAR:
     - 'Januar'

system/languages/sr.yaml

@@ -0,0 +1,144 @@
+---
+GRAV:
+  FRONTMATTER_ERROR_PAGE: "---\nнаслов: %1$s\n---\n\n# Грешка: неисправан Frontmatter\n\nПутања: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1zes'
+    '/^(ox)$/i': '\1en'
+    '/([m|l])ouse$/i': '\1ice'
+    '/(matr|vert|ind)ix|ex$/i': '\1ices'
+    '/(x|ch|ss|sh)$/i': '\1es'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([^aeiouy]|qu)y$/i': '\1ies'
+    '/(hive)$/i': '\1s'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2ves'
+    '/sis$/i': 'ses'
+    '/([ti])um$/i': '\1a'
+    '/(buffal|tomat)o$/i': '\1oes'
+    '/(bu)s$/i': '\1ses'
+    '/(alias|status)/i': '\1es'
+    '/(octop|vir)us$/i': '\1i'
+    '/(ax|test)is$/i': '\1es'
+    '/s$/i': 's'
+    '/$/': 's'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/(matr)ices$/i': '\1ix'
+    '/(vert|ind)ices$/i': '\1ex'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1us'
+    '/(cris|ax|test)es$/i': '\1is'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1ouse'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1ovie'
+    '/(s)eries$/i': '\1eries'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([lr])ves$/i': '\1f'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1fe'
+    '/(^analy)ses$/i': '\1sis'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2sis'
+    '/([ti])a$/i': '\1um'
+    '/(n)ews$/i': '\1ews'
+  INFLECTOR_UNCOUNTABLE:
+    - 'опрема'
+    - 'информација'
+    - 'пиринач'
+    - 'новац'
+    - 'врсте'
+    - 'серије'
+    - 'риба'
+    - 'овца'
+  INFLECTOR_IRREGULAR:
+    'person': 'особе'
+    'man': 'људи'
+    'child': 'деца'
+    'sex': 'полови'
+    'move': 'помери'
+  INFLECTOR_ORDINALS:
+    'default': 'ти'
+    'first': 'први'
+    'second': 'други'
+    'third': 'трећи'
+  NICETIME:
+    NO_DATE_PROVIDED: Нема датума
+    BAD_DATE: Погрешан датум
+    AGO: од пре
+    FROM_NOW: од сада
+    JUST_NOW: управо сада
+    SECOND: секунда
+    MINUTE: минута
+    HOUR: сат
+    DAY: дан
+    WEEK: недеља
+    MONTH: месец
+    YEAR: година
+    DECADE: декада
+    SEC: сек
+    MIN: мин
+    HR: сат
+    WK: нед
+    MO: мес
+    YR: год
+    DEC: дек
+    SECOND_PLURAL: секунди
+    MINUTE_PLURAL: минута
+    HOUR_PLURAL: сати
+    DAY_PLURAL: дана
+    WEEK_PLURAL: недеља
+    MONTH_PLURAL: месеци
+    YEAR_PLURAL: године(а)
+    DECADE_PLURAL: декаде(а)
+    SEC_PLURAL: сек
+    MIN_PLURAL: мин
+    HR_PLURAL: сати
+    WK_PLURAL: недеља
+    MO_PLURAL: месеци
+    YR_PLURAL: година
+    DEC_PLURAL: декада
+  FORM:
+    VALIDATION_FAIL: '<b>Провера неуспела:</b>'
+    INVALID_INPUT: 'Неисправан унос у'
+    MISSING_REQUIRED_FIELD: 'Недостаје обавезн поље:'
+  MONTHS_OF_THE_YEAR:
+    - 'Јануар'
+    - 'Фебруар'
+    - 'Март'
+    - 'Април'
+    - 'Мај'
+    - 'Јуни'
+    - 'Јули'
+    - 'Август'
+    - 'Септембар'
+    - 'Октобар'
+    - 'Новембар'
+    - 'Децембар'
+  DAYS_OF_THE_WEEK:
+    - 'Понедељак'
+    - 'Уторак'
+    - 'Среда'
+    - 'Четвртак'
+    - 'Петак'
+    - 'Субота'
+    - 'Недеља'
+  CRON:
+    EVERY: сваки
+    EVERY_HOUR: сваки сат
+    EVERY_MINUTE: сваки минут
+    EVERY_DAY_OF_WEEK: сваки дан у недељи
+    EVERY_DAY_OF_MONTH: сваки дан у месецу
+    EVERY_MONTH: сваки месец
+    TEXT_PERIOD: Сваки <b />
+    TEXT_MINS: ' у <b /> минути(а) прошлог сата'
+    TEXT_TIME: ' у <b />:<b />'
+    TEXT_DOW: ' на <b />'
+    TEXT_MONTH: ' од <b />'
+    TEXT_DOM: ' на <b />'
+    ERROR1: Таг %s није подржан!
+    ERROR2: Погрешан број елемената
+    ERROR3: јquery_element би требао да буде постављен у jqCron подешавању
+    ERROR4: Непрепознат израз

system/languages/sv.yaml

@@ -12,11 +12,21 @@ GRAV:
     - 'får'
   INFLECTOR_IRREGULAR:
     'person': 'personer'
+    'man': 'män'
+    'child': 'barn'
+    'sex': 'kön'
+    'move': 'flytta'
+  INFLECTOR_ORDINALS:
+    'default': ':e'
+    'first': ':a'
+    'second': ':a'
+    'third': ':e'
   NICETIME:
     NO_DATE_PROVIDED: Inget datum har angivits
     BAD_DATE: Ogiltigt datum
     AGO: sedan
     FROM_NOW: fr.o.m nu
+    JUST_NOW: just nu
     SECOND: sekund
     MINUTE: minut
     HOUR: timme
@@ -26,10 +36,12 @@ GRAV:
     YEAR: år
     DECADE: årtionde
     SEC: sek
+    MIN: min
     HR: t
     WK: v
     MO: m
     YR: år
+    DEC: dec
     SECOND_PLURAL: sekunder
     MINUTE_PLURAL: minuter
     HOUR_PLURAL: timmar
@@ -46,8 +58,8 @@ GRAV:
     YR_PLURAL: år
     DEC_PLURAL: dec
   FORM:
-    VALIDATION_FAIL: <b>Kontrollen misslyckades:</b>
-    INVALID_INPUT: Ogiltig indata i
+    VALIDATION_FAIL: '<b>Kontrollen misslyckades:</b>'
+    INVALID_INPUT: 'Ogiltig indata i'
     MISSING_REQUIRED_FIELD: 'Obligatoriskt fält måste fyllas i:'
   MONTHS_OF_THE_YEAR:
     - 'Januari'
@@ -70,3 +82,19 @@ GRAV:
     - 'Fredag'
     - 'Lördag'
     - 'Söndag'
+  CRON:
+    EVERY: varje
+    EVERY_HOUR: varje timme
+    EVERY_MINUTE: varje minut
+    EVERY_DAY_OF_WEEK: varje veckodag
+    EVERY_DAY_OF_MONTH: alla månadens dagar
+    EVERY_MONTH: varje månad
+    TEXT_PERIOD: Varje <b />
+    TEXT_MINS: ' timmens <b />:e minut'
+    TEXT_TIME: ' kl <b />:<b />'
+    TEXT_DOW: ' <b />'
+    TEXT_MONTH: ' <b />'
+    TEXT_DOM: ' <b />'
+    ERROR1: Taggen %s stöds inte!
+    ERROR2: Ogiltigt antal element
+    ERROR4: Uttrycket känns inte igen

system/languages/th.yaml

@@ -31,7 +31,7 @@ GRAV:
     YR_PLURAL: ปี
   FORM:
     VALIDATION_FAIL: '<b>ตรวจสอบล้มเหลว: </b>'
-    INVALID_INPUT: ป้อนข้อมูลไม่ถูกต้องใน
+    INVALID_INPUT: 'ป้อนข้อมูลไม่ถูกต้องใน'
     MISSING_REQUIRED_FIELD: 'ขาดข้อมูลที่จำเป็น:'
   MONTHS_OF_THE_YEAR:
     - 'มกราคม'

system/languages/tr.yaml

@@ -1,11 +1,32 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\nBaşlık: %1$s\n---\n\n# Hata: Geçersiz Önbölüm\n\nYol: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_UNCOUNTABLE:
+    - 'ekipman'
+    - 'bilgi'
+    - 'pirinç'
+    - 'para'
+    - 'türler'
+    - 'seriler'
+    - 'balık'
+    - 'koyun'
+  INFLECTOR_IRREGULAR:
+    'person': 'kişi'
+    'man': 'erkek'
+    'child': 'çocuklar'
+    'sex': 'cinsiyet'
+    'move': 'taşınmış'
+  INFLECTOR_ORDINALS:
+    'default': '#F'
+    'first': ' 1.'
+    'second': ' 2.'
+    'third': ' 3.'
   NICETIME:
     NO_DATE_PROVIDED: Sağlanan tarih yok
     BAD_DATE: Yanlış tarih
     AGO: önce
     FROM_NOW: şu andan itibaren
+    JUST_NOW: şimdi
     SECOND: saniye
     MINUTE: dakika
     HOUR: saat
@@ -37,8 +58,8 @@ GRAV:
     YR_PLURAL: yıl
     DEC_PLURAL: onyl
   FORM:
-    VALIDATION_FAIL: <b>Doğrulama başarısız:</b>
-    INVALID_INPUT: Geçersiz bilgi girişi
+    VALIDATION_FAIL: '<b>Doğrulama başarısız:</b>'
+    INVALID_INPUT: 'Geçersiz bilgi girişi'
     MISSING_REQUIRED_FIELD: 'Gerekli alan eksik:'
   MONTHS_OF_THE_YEAR:
     - 'Ocak'
@@ -61,3 +82,19 @@ GRAV:
     - 'Cuma'
     - 'Cumartesi'
     - 'Pazar'
+  YES: "Evet"
+  NO: "Hayır"
+  CRON:
+    EVERY: her
+    EVERY_HOUR: saatte bir
+    EVERY_MINUTE: dakikada bir
+    EVERY_DAY_OF_WEEK: haftanın her günü
+    EVERY_DAY_OF_MONTH: ayın her günü
+    EVERY_MONTH: her ay
+    TEXT_PERIOD: Her <b />
+    TEXT_MINS: ' saatin <b /> dakikasında'
+    TEXT_TIME: ' da'
+    ERROR1: Etiket %s desteklenmiyor!
+    ERROR2: Kötü eleman sayısı
+    ERROR3: jquery_element jqCron ayarları içinde tanımlanmalı
+    ERROR4: Tanınmayan ifade

system/languages/uk.yaml

@@ -37,8 +37,8 @@ GRAV:
     YR_PLURAL: рр.
     DEC_PLURAL: рр.
   FORM:
-    VALIDATION_FAIL: <b>Перевірка не вдалася:</b>
-    INVALID_INPUT: Невірне введення в
+    VALIDATION_FAIL: '<b>Перевірка не вдалася:</b>'
+    INVALID_INPUT: 'Невірне введення в'
     MISSING_REQUIRED_FIELD: 'Відсутнє обов''язкове поле:'
   MONTHS_OF_THE_YEAR:
     - 'Січень'

system/languages/vi.yaml

@@ -37,8 +37,8 @@ GRAV:
     YR_PLURAL: năm
     DEC_PLURAL: thập kỷ
   FORM:
-    VALIDATION_FAIL: <b>Xác nhận thất bại:</b>
-    INVALID_INPUT: Dữ liệu nhập không hợp lệ cho
+    VALIDATION_FAIL: '<b>Xác nhận thất bại:</b>'
+    INVALID_INPUT: 'Dữ liệu nhập không hợp lệ cho'
     MISSING_REQUIRED_FIELD: 'Thiếu trường bắt buộc:'
   MONTHS_OF_THE_YEAR:
     - 'Tháng 1'

system/languages/zh-cn.yaml

@@ -0,0 +1,144 @@
+---
+GRAV:
+  FRONTMATTER_ERROR_PAGE: "---\n标题: %1$s\n---\n\n# 错误：无效参数\n\n位置： `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1zes'
+    '/^(ox)$/i': '\1en'
+    '/([m|l])ouse$/i': '\1ice'
+    '/(matr|vert|ind)ix|ex$/i': '\1ices'
+    '/(x|ch|ss|sh)$/i': '\1es'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([^aeiouy]|qu)y$/i': '\1ies'
+    '/(hive)$/i': '\1s'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2ves'
+    '/sis$/i': 'ses'
+    '/([ti])um$/i': '\1a'
+    '/(buffal|tomat)o$/i': '\1oes'
+    '/(bu)s$/i': '\1ses'
+    '/(alias|status)/i': '\1es'
+    '/(octop|vir)us$/i': '\1i'
+    '/(ax|test)is$/i': '\1es'
+    '/s$/i': 's'
+    '/$/': 's'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/(matr)ices$/i': '\1ix'
+    '/(vert|ind)ices$/i': '\1ex'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1us'
+    '/(cris|ax|test)es$/i': '\1is'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1ouse'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1ovie'
+    '/(s)eries$/i': '\1eries'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([lr])ves$/i': '\1f'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1fe'
+    '/(^analy)ses$/i': '\1sis'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2sis'
+    '/([ti])a$/i': '\1um'
+    '/(n)ews$/i': '\1ews'
+  INFLECTOR_UNCOUNTABLE:
+    - '装备'
+    - '信息'
+    - '大米'
+    - '钱'
+    - '物种'
+    - '系列'
+    - '鱼'
+    - '羊'
+  INFLECTOR_IRREGULAR:
+    'person': '人员'
+    'man': '男人'
+    'child': '儿童'
+    'sex': '性别'
+    'move': '移动'
+  INFLECTOR_ORDINALS:
+    'default': 'th'
+    'first': 'st'
+    'second': 'md'
+    'third': 'rd'
+  NICETIME:
+    NO_DATE_PROVIDED: 无日期信息
+    BAD_DATE: 无效日期
+    AGO: 前
+    FROM_NOW: 距今
+    JUST_NOW: 刚刚
+    SECOND: 秒
+    MINUTE: 分钟
+    HOUR: 小时
+    DAY: 天
+    WEEK: 周
+    MONTH: 月
+    YEAR: 年
+    DECADE: 十年
+    SEC: 秒
+    MIN: 分钟
+    HR: 小时
+    WK: 周
+    MO: 月
+    YR: 年
+    DEC: 年代
+    SECOND_PLURAL: 秒
+    MINUTE_PLURAL: 分
+    HOUR_PLURAL: 小时
+    DAY_PLURAL: 天
+    WEEK_PLURAL: 周
+    MONTH_PLURAL: 月
+    YEAR_PLURAL: 年
+    DECADE_PLURAL: 十年
+    SEC_PLURAL: 秒
+    MIN_PLURAL: 分
+    HR_PLURAL: 时
+    WK_PLURAL: 周
+    MO_PLURAL: 月
+    YR_PLURAL: 年
+    DEC_PLURAL: 年代
+  FORM:
+    VALIDATION_FAIL: '<b>验证失败：</b>'
+    INVALID_INPUT: '无效输入'
+    MISSING_REQUIRED_FIELD: '必填字段缺失：'
+  MONTHS_OF_THE_YEAR:
+    - '1月'
+    - '2月'
+    - '3月'
+    - '4月'
+    - '5月'
+    - '6月'
+    - '7月'
+    - '8月'
+    - '9月'
+    - '10月'
+    - '11月'
+    - '12月'
+  DAYS_OF_THE_WEEK:
+    - '星期一'
+    - '星期二'
+    - '星期三'
+    - '星期四'
+    - '星期五'
+    - '星期六'
+    - '星期日'
+  CRON:
+    EVERY: 每隔
+    EVERY_HOUR: 每小时
+    EVERY_MINUTE: 每分钟
+    EVERY_DAY_OF_WEEK: 一周中的每一天
+    EVERY_DAY_OF_MONTH: 月份中的每一天
+    EVERY_MONTH: 每月
+    TEXT_PERIOD: 所有 <b />
+    TEXT_MINS: ' 在 <b /> 小时过后的分钟'
+    TEXT_TIME: ' 在 <b />:<b />'
+    TEXT_DOW: ' on <b />'
+    TEXT_MONTH: ' of <b />'
+    TEXT_DOM: ' on <b />'
+    ERROR1: 不支持分享类型 %s
+    ERROR2: 无效数字
+    ERROR3: 请在 jqCron 设置中设定 jquery_element
+    ERROR4: 无法识别表达式

system/languages/zh-tw.yaml

@@ -38,7 +38,9 @@ GRAV:
     YR_PLURAL: 年
     DEC_PLURAL: 十年
   FORM:
-    MISSING_REQUIRED_FIELD: 遺漏必填欄位：
+    VALIDATION_FAIL: '<b>確驗證失敗：</b>'
+    INVALID_INPUT: '無效輸入：'
+    MISSING_REQUIRED_FIELD: '遺漏必填欄位：'
   MONTHS_OF_THE_YEAR:
     - '一月'
     - '二月'
@@ -60,3 +62,16 @@ GRAV:
     - '星期五'
     - '星期六'
     - '星期日'
+  CRON:
+    EVERY: 每
+    EVERY_HOUR: 每小時
+    EVERY_MINUTE: 每分鐘
+    EVERY_DAY_OF_WEEK: 每一天
+    EVERY_DAY_OF_MONTH: 每一天
+    EVERY_MONTH: 每個月
+    TEXT_PERIOD: 每 <b />
+    TEXT_MINS: ' 的 <b /> 分'
+    TEXT_TIME: ' <b />:<b />'
+    TEXT_DOW: ' 的 <b />'
+    TEXT_MONTH: ' 的 <b />'
+    TEXT_DOM: ' 的 <b />'

system/languages/zh.yaml

@@ -101,9 +101,9 @@ GRAV:
     YR_PLURAL: 年
     DEC_PLURAL: 年代
   FORM:
-    VALIDATION_FAIL: <b>验证失败：</b>
-    INVALID_INPUT: 无效输入
-    MISSING_REQUIRED_FIELD: 必填字段缺失：
+    VALIDATION_FAIL: '<b>验证失败：</b>'
+    INVALID_INPUT: '无效输入'
+    MISSING_REQUIRED_FIELD: '必填字段缺失：'
   MONTHS_OF_THE_YEAR:
     - '1月'
     - '2月'

system/pages/notfound.md

@@ -2,4 +2,5 @@
 title: Not Found
 routable: false
 notfound: true
+expires: 0
 ---

system/router.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Core
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
@@ -13,8 +13,25 @@ if (PHP_SAPI !== 'cli-server') {
 
 $_SERVER['PHP_CLI_ROUTER'] = true;
 
-if (is_file($_SERVER['DOCUMENT_ROOT'] . DIRECTORY_SEPARATOR . $_SERVER['SCRIPT_NAME'])) {
-    return false;
+$root = $_SERVER['DOCUMENT_ROOT'];
+$path = $_SERVER['SCRIPT_NAME'];
+if ($path !== '/index.php' && is_file($root . $path)) {
+    if (!(
+        // Block all direct access to files and folders beginning with a dot
+        strpos($path, '/.') !== false
+        // Block all direct access for these folders
+        || preg_match('`^/(\.git|cache|bin|logs|backup|webserver-configs|tests)/`ui', $path)
+        // Block access to specific file types for these system folders
+        || preg_match('`^/(system|vendor)/(.*)\.(txt|xml|md|html|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$`ui', $path)
+        // Block access to specific file types for these user folders
+        || preg_match('`^/(user)/(.*)\.(txt|md|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$`ui', $path)
+        // Block all direct access to .md files
+        || preg_match('`\.md$`ui', $path)
+        // Block access to specific files in the root folder
+        || preg_match('`^/(LICENSE\.txt|composer\.lock|composer\.json|\.htaccess)$`ui', $path)
+    )) {
+        return false;
+    }
 }
 
 $grav_index = 'index.php';

system/src/DOMLettersIterator.php

@@ -0,0 +1,165 @@
+<?php
+
+/**
+ * Iterates individual characters (Unicode codepoints) of DOM text and CDATA nodes
+ * while keeping track of their position in the document.
+ *
+ * Example:
+ *
+ *  $doc = new DOMDocument();
+ *  $doc->load('example.xml');
+ *  foreach(new DOMLettersIterator($doc) as $letter) echo $letter;
+ *
+ * NB: If you only need characters without their position
+ *     in the document, use DOMNode->textContent instead.
+ *
+ * @author porneL http://pornel.net
+ * @license Public Domain
+ * @url https://github.com/antoligy/dom-string-iterators
+ *
+ * @implements Iterator<int,string>
+ */
+final class DOMLettersIterator implements Iterator
+{
+    /** @var DOMElement */
+    private $start;
+    /** @var DOMElement|null */
+    private $current;
+    /** @var int */
+    private $offset = -1;
+    /** @var int|null */
+    private $key;
+    /** @var array<int,string>|null */
+    private $letters;
+
+    /**
+     * expects DOMElement or DOMDocument (see DOMDocument::load and DOMDocument::loadHTML)
+     *
+     * @param DOMNode $el
+     */
+    public function __construct(DOMNode $el)
+    {
+        if ($el instanceof DOMDocument) {
+            $el = $el->documentElement;
+        }
+
+        if (!$el instanceof DOMElement) {
+            throw new InvalidArgumentException('Invalid arguments, expected DOMElement or DOMDocument');
+        }
+
+        $this->start = $el;
+    }
+
+    /**
+     * Returns position in text as DOMText node and character offset.
+     * (it's NOT a byte offset, you must use mb_substr() or similar to use this offset properly).
+     * node may be NULL if iterator has finished.
+     *
+     * @return array
+     */
+    public function currentTextPosition(): array
+    {
+        return [$this->current, $this->offset];
+    }
+
+    /**
+     * Returns DOMElement that is currently being iterated or NULL if iterator has finished.
+     *
+     * @return DOMElement|null
+     */
+    public function currentElement(): ?DOMElement
+    {
+        return $this->current ? $this->current->parentNode : null;
+    }
+
+    // Implementation of Iterator interface
+
+    /**
+     * @return int|null
+     */
+    public function key(): ?int
+    {
+        return $this->key;
+    }
+
+    /**
+     * @return void
+     */
+    public function next(): void
+    {
+        if (null === $this->current) {
+            return;
+        }
+
+        if ($this->current->nodeType === XML_TEXT_NODE || $this->current->nodeType === XML_CDATA_SECTION_NODE) {
+            if ($this->offset === -1) {
+                preg_match_all('/./us', $this->current->textContent, $m);
+                $this->letters = $m[0];
+            }
+
+            $this->offset++;
+            $this->key++;
+            if ($this->letters && $this->offset < count($this->letters)) {
+                return;
+            }
+
+            $this->offset = -1;
+        }
+
+        while ($this->current->nodeType === XML_ELEMENT_NODE && $this->current->firstChild) {
+            $this->current = $this->current->firstChild;
+            if ($this->current->nodeType === XML_TEXT_NODE || $this->current->nodeType === XML_CDATA_SECTION_NODE) {
+                $this->next();
+                return;
+            }
+        }
+
+        while (!$this->current->nextSibling && $this->current->parentNode) {
+            $this->current = $this->current->parentNode;
+            if ($this->current === $this->start) {
+                $this->current = null;
+                return;
+            }
+        }
+
+        $this->current = $this->current->nextSibling;
+
+        $this->next();
+    }
+
+    /**
+     * Return the current element
+     * @link https://php.net/manual/en/iterator.current.php
+     *
+     * @return string|null
+     */
+    public function current(): ?string
+    {
+        return $this->letters ? $this->letters[$this->offset] : null;
+    }
+
+    /**
+     * Checks if current position is valid
+     * @link https://php.net/manual/en/iterator.valid.php
+     *
+     * @return bool
+     */
+    public function valid(): bool
+    {
+        return (bool)$this->current;
+    }
+
+    /**
+     * @return void
+     */
+    public function rewind(): void
+    {
+        $this->current = $this->start;
+        $this->offset = -1;
+        $this->key = 0;
+        $this->letters = [];
+
+        $this->next();
+    }
+}
+

system/src/DOMWordsIterator.php

@@ -0,0 +1,158 @@
+<?php
+
+/**
+ * Iterates individual words of DOM text and CDATA nodes
+ * while keeping track of their position in the document.
+ *
+ * Example:
+ *
+ *  $doc = new DOMDocument();
+ *  $doc->load('example.xml');
+ *  foreach(new DOMWordsIterator($doc) as $word) echo $word;
+ *
+ * @author pjgalbraith http://www.pjgalbraith.com
+ * @author porneL http://pornel.net (based on DOMLettersIterator available at http://pornel.net/source/domlettersiterator.php)
+ * @license Public Domain
+ * @url https://github.com/antoligy/dom-string-iterators
+ *
+ * @implements Iterator<int,string>
+ */
+
+final class DOMWordsIterator implements Iterator
+{
+    /** @var DOMElement */
+    private $start;
+    /** @var DOMElement|null */
+    private $current;
+    /** @var int */
+    private $offset = -1;
+    /** @var int|null */
+    private $key;
+    /** @var array<int,array<int,int|string>>|null */
+    private $words;
+
+    /**
+     * expects DOMElement or DOMDocument (see DOMDocument::load and DOMDocument::loadHTML)
+     *
+     * @param DOMNode $el
+     */
+    public function __construct(DOMNode $el)
+    {
+        if ($el instanceof DOMDocument) {
+            $el = $el->documentElement;
+        }
+
+        if (!$el instanceof DOMElement) {
+            throw new InvalidArgumentException('Invalid arguments, expected DOMElement or DOMDocument');
+        }
+
+        $this->start = $el;
+    }
+
+    /**
+     * Returns position in text as DOMText node and character offset.
+     * (it's NOT a byte offset, you must use mb_substr() or similar to use this offset properly).
+     * node may be NULL if iterator has finished.
+     *
+     * @return array
+     */
+    public function currentWordPosition(): array
+    {
+        return [$this->current, $this->offset, $this->words];
+    }
+
+    /**
+     * Returns DOMElement that is currently being iterated or NULL if iterator has finished.
+     *
+     * @return DOMElement|null
+     */
+    public function currentElement(): ?DOMElement
+    {
+        return $this->current ? $this->current->parentNode : null;
+    }
+
+    // Implementation of Iterator interface
+
+    /**
+     * Return the key of the current element
+     * @link https://php.net/manual/en/iterator.key.php
+     * @return int|null
+     */
+    public function key(): ?int
+    {
+        return $this->key;
+    }
+
+    /**
+     * @return void
+     */
+    public function next(): void
+    {
+        if (null === $this->current) {
+            return;
+        }
+
+        if ($this->current->nodeType === XML_TEXT_NODE || $this->current->nodeType === XML_CDATA_SECTION_NODE) {
+            if ($this->offset === -1) {
+                $this->words = preg_split("/[\n\r\t ]+/", $this->current->textContent, -1, PREG_SPLIT_NO_EMPTY|PREG_SPLIT_OFFSET_CAPTURE) ?: [];
+            }
+            $this->offset++;
+
+            if ($this->words && $this->offset < count($this->words)) {
+                $this->key++;
+                return;
+            }
+            $this->offset = -1;
+        }
+
+        while ($this->current->nodeType === XML_ELEMENT_NODE && $this->current->firstChild) {
+            $this->current = $this->current->firstChild;
+            if ($this->current->nodeType === XML_TEXT_NODE || $this->current->nodeType === XML_CDATA_SECTION_NODE) {
+                $this->next();
+                return;
+            }
+        }
+
+        while (!$this->current->nextSibling && $this->current->parentNode) {
+            $this->current = $this->current->parentNode;
+            if ($this->current === $this->start) {
+                $this->current = null;
+                return;
+            }
+        }
+
+        $this->current = $this->current->nextSibling;
+
+        $this->next();
+    }
+
+    /**
+     * Return the current element
+     * @link https://php.net/manual/en/iterator.current.php
+     * @return string|null
+     */
+    public function current(): ?string
+    {
+        return $this->words ? (string)$this->words[$this->offset][0] : null;
+    }
+
+    /**
+     * Checks if current position is valid
+     * @link https://php.net/manual/en/iterator.valid.php
+     * @return bool
+     */
+    public function valid(): bool
+    {
+        return (bool)$this->current;
+    }
+
+    public function rewind(): void
+    {
+        $this->current = $this->start;
+        $this->offset = -1;
+        $this->key = 0;
+        $this->words = [];
+
+        $this->next();
+    }
+}

system/src/Grav/Common/Assets.php

@@ -3,30 +3,48 @@
 /**
  * @package    Grav\Common
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
 namespace Grav\Common;
 
+use Closure;
 use Grav\Common\Assets\Pipeline;
 use Grav\Common\Assets\Traits\LegacyAssetsTrait;
 use Grav\Common\Assets\Traits\TestingAssetsTrait;
 use Grav\Common\Config\Config;
 use Grav\Framework\Object\PropertyObject;
 use RocketTheme\Toolbox\ResourceLocator\UniformResourceLocator;
+use function array_slice;
+use function call_user_func_array;
+use function func_get_args;
+use function is_array;
 
+/**
+ * Class Assets
+ * @package Grav\Common
+ */
 class Assets extends PropertyObject
 {
     use TestingAssetsTrait;
     use LegacyAssetsTrait;
 
+    const LINK = 'link';
+    const CSS = 'css';
+    const JS = 'js';
+    const JS_MODULE = 'js_module';
+    const LINK_COLLECTION = 'assets_link';
     const CSS_COLLECTION = 'assets_css';
     const JS_COLLECTION = 'assets_js';
-    const CSS_TYPE = 'Css';
-    const JS_TYPE = 'Js';
-    const INLINE_CSS_TYPE = 'InlineCss';
-    const INLINE_JS_TYPE = 'InlineJs';
+    const JS_MODULE_COLLECTION = 'assets_js_module';
+    const LINK_TYPE = Assets\Link::class;
+    const CSS_TYPE = Assets\Css::class;
+    const JS_TYPE = Assets\Js::class;
+    const JS_MODULE_TYPE = Assets\JsModule::class;
+    const INLINE_CSS_TYPE = Assets\InlineCss::class;
+    const INLINE_JS_TYPE = Assets\InlineJs::class;
+    const INLINE_JS_MODULE_TYPE = Assets\InlineJsModule::class;
 
     /** @const Regex to match CSS and JavaScript files */
     const DEFAULT_REGEX = '/.\.(css|js)$/i';
@@ -37,15 +55,24 @@ class Assets extends PropertyObject
     /** @const Regex to match JavaScript files */
     const JS_REGEX = '/.\.js$/i';
 
+    /** @const Regex to match JavaScriptModyle files */
+    const JS_MODULE_REGEX = '/.\.mjs$/i';
+
     /** @var string */
     protected $assets_dir;
     /** @var string */
     protected $assets_url;
 
+    /** @var array */
+    protected $assets_link = [];
     /** @var array */
     protected $assets_css = [];
     /** @var array */
     protected $assets_js = [];
+    /** @var array  */
+    protected $assets_js_module = [];
+
+
 
     // Following variables come from the configuration:
     /** @var bool */
@@ -60,10 +87,16 @@ class Assets extends PropertyObject
     protected $js_pipeline_include_externals;
     /** @var bool */
     protected $js_pipeline_before_excludes;
+    /** @var bool */
+    protected $js_module_pipeline;
+    /** @var bool */
+    protected $js_module_pipeline_include_externals;
+    /** @var bool */
+    protected $js_module_pipeline_before_excludes;
     /** @var array */
     protected $pipeline_options = [];
 
-    /** @var \Closure|string */
+    /** @var Closure|string */
     protected $fetch_command;
     /** @var string */
     protected $autoload;
@@ -73,9 +106,13 @@ class Assets extends PropertyObject
     protected $collections;
     /** @var string */
     protected $timestamp;
+    /** @var array Keeping track for order counts (for sorting) */
+    protected $order = [];
 
     /**
      * Initialization called in the Grav lifecycle to initialize the Assets with appropriate configuration
+     *
+     * @return void
      */
     public function init()
     {
@@ -87,7 +124,7 @@ class Assets extends PropertyObject
 
         /** @var UniformResourceLocator $locator */
         $locator = $grav['locator'];
-        $this->assets_dir = $locator->findResource('asset://') . DS;
+        $this->assets_dir = $locator->findResource('asset://');
         $this->assets_url = $locator->findResource('asset://', false);
 
         $this->config($asset_config);
@@ -106,7 +143,6 @@ class Assets extends PropertyObject
      * assets and/or collections that will be automatically added on startup.
      *
      * @param  array $config Configurable options.
-     *
      * @return $this
      */
     public function config(array $config)
@@ -133,35 +169,51 @@ class Assets extends PropertyObject
      * It automatically detects the asset type (JavaScript, CSS or collection).
      * You may add more than one asset passing an array as argument.
      *
-     * @param array|string $asset
+     * @param string|string[] $asset
      * @return $this
      */
     public function add($asset)
     {
-        $args = \func_get_args();
+        if (!$asset) {
+            return $this;
+        }
+
+        $args = func_get_args();
 
         // More than one asset
-        if (\is_array($asset)) {
-            foreach ($asset as $a) {
-                array_shift($args);
-                $args = array_merge([$a], $args);
-                \call_user_func_array([$this, 'add'], $args);
+        if (is_array($asset)) {
+            foreach ($asset as $index => $location) {
+                $params = array_slice($args, 1);
+                if (is_array($location)) {
+                    $params = array_shift($params);
+                    if (is_numeric($params)) {
+                        $params = [ 'priority' => $params ];
+                    }
+                    $params = [array_replace_recursive([], $location, $params)];
+                    $location = $index;
+                }
+
+                $params = array_merge([$location], $params);
+                call_user_func_array([$this, 'add'], $params);
             }
         } elseif (isset($this->collections[$asset])) {
             array_shift($args);
             $args = array_merge([$this->collections[$asset]], $args);
-            \call_user_func_array([$this, 'add'], $args);
+            call_user_func_array([$this, 'add'], $args);
         } else {
             // Get extension
-            $extension = pathinfo(parse_url($asset, PHP_URL_PATH), PATHINFO_EXTENSION);
+            $path = parse_url($asset, PHP_URL_PATH);
+            $extension = $path ? Utils::pathinfo($path, PATHINFO_EXTENSION) : '';
 
             // JavaScript or CSS
-            if (\strlen($extension) > 0) {
+            if ($extension !== '') {
                 $extension = strtolower($extension);
                 if ($extension === 'css') {
-                    \call_user_func_array([$this, 'addCss'], $args);
+                    call_user_func_array([$this, 'addCss'], $args);
                 } elseif ($extension === 'js') {
-                    \call_user_func_array([$this, 'addJs'], $args);
+                    call_user_func_array([$this, 'addJs'], $args);
+                } elseif ($extension === 'mjs') {
+                    call_user_func_array([$this, 'addJsModule'], $args);
                 }
             }
         }
@@ -169,16 +221,29 @@ class Assets extends PropertyObject
         return $this;
     }
 
+    /**
+     * @param string $collection
+     * @param string $type
+     * @param string|string[] $asset
+     * @param array $options
+     * @return $this
+     */
     protected function addType($collection, $type, $asset, $options)
     {
-        if (\is_array($asset)) {
-            foreach ($asset as $a) {
-                $this->addType($collection, $type, $a, $options);
+        if (is_array($asset)) {
+            foreach ($asset as $index => $location) {
+                $assetOptions = $options;
+                if (is_array($location)) {
+                    $assetOptions = array_replace_recursive([], $options, $location);
+                    $location = $index;
+                }
+                $this->addType($collection, $type, $location, $assetOptions);
             }
+
             return $this;
         }
 
-        if (($type === $this::CSS_TYPE || $type === $this::JS_TYPE) && isset($this->collections[$asset])) {
+        if ($this->isValidType($type) && isset($this->collections[$asset])) {
             $this->addType($collection, $type, $this->collections[$asset], $options);
             return $this;
         }
@@ -186,7 +251,9 @@ class Assets extends PropertyObject
         // If pipeline disabled, set to position if provided, else after
         if (isset($options['pipeline'])) {
             if ($options['pipeline'] === false) {
-                $exclude_type = ($type === $this::JS_TYPE || $type === $this::INLINE_JS_TYPE) ? $this::JS_TYPE : $this::CSS_TYPE;
+
+                $exclude_type = $this->getBaseType($type);
+
                 $excludes = strtolower($exclude_type . '_pipeline_before_excludes');
                 if ($this->{$excludes}) {
                     $default = 'after';
@@ -204,11 +271,18 @@ class Assets extends PropertyObject
         $options['timestamp'] = $this->timestamp;
 
         // Set order
-        $options['order'] = \count($this->$collection);
+        $group = $options['group'] ?? 'head';
+        $position = $options['position'] ?? 'pipeline';
+
+        $orderKey = "{$type}|{$group}|{$position}";
+        if (!isset($this->order[$orderKey])) {
+           $this->order[$orderKey] = 0;
+        }
+
+        $options['order'] = $this->order[$orderKey]++;
 
         // Create asset of correct type
-        $asset_class = "\\Grav\\Common\\Assets\\{$type}";
-        $asset_object = new $asset_class();
+        $asset_object = new $type();
 
         // If exists
         if ($asset_object->init($asset, $options)) {
@@ -218,6 +292,16 @@ class Assets extends PropertyObject
         return $this;
     }
 
+    /**
+     * Add a CSS asset or a collection of assets.
+     *
+     * @return $this
+     */
+    public function addLink($asset)
+    {
+        return $this->addType($this::LINK_COLLECTION, $this::LINK_TYPE, $asset, $this->unifyLegacyArguments(func_get_args(), $this::LINK_TYPE));
+    }
+
     /**
      * Add a CSS asset or a collection of assets.
      *
@@ -225,7 +309,7 @@ class Assets extends PropertyObject
      */
     public function addCss($asset)
     {
-        return $this->addType(Assets::CSS_COLLECTION, Assets::CSS_TYPE, $asset, $this->unifyLegacyArguments(\func_get_args(), Assets::CSS_TYPE));
+        return $this->addType($this::CSS_COLLECTION, $this::CSS_TYPE, $asset, $this->unifyLegacyArguments(func_get_args(), $this::CSS_TYPE));
     }
 
     /**
@@ -235,7 +319,7 @@ class Assets extends PropertyObject
      */
     public function addInlineCss($asset)
     {
-        return $this->addType(Assets::CSS_COLLECTION, Assets::INLINE_CSS_TYPE, $asset, $this->unifyLegacyArguments(\func_get_args(), Assets::INLINE_CSS_TYPE));
+        return $this->addType($this::CSS_COLLECTION, $this::INLINE_CSS_TYPE, $asset, $this->unifyLegacyArguments(func_get_args(), $this::INLINE_CSS_TYPE));
     }
 
     /**
@@ -245,7 +329,7 @@ class Assets extends PropertyObject
      */
     public function addJs($asset)
     {
-        return $this->addType(Assets::JS_COLLECTION, Assets::JS_TYPE, $asset, $this->unifyLegacyArguments(\func_get_args(), Assets::JS_TYPE));
+        return $this->addType($this::JS_COLLECTION, $this::JS_TYPE, $asset, $this->unifyLegacyArguments(func_get_args(), $this::JS_TYPE));
     }
 
     /**
@@ -255,20 +339,38 @@ class Assets extends PropertyObject
      */
     public function addInlineJs($asset)
     {
-        return $this->addType(Assets::JS_COLLECTION, Assets::INLINE_JS_TYPE, $asset, $this->unifyLegacyArguments(\func_get_args(), Assets::INLINE_JS_TYPE));
+        return $this->addType($this::JS_COLLECTION, $this::INLINE_JS_TYPE, $asset, $this->unifyLegacyArguments(func_get_args(), $this::INLINE_JS_TYPE));
     }
 
+        /**
+     * Add a JS asset or a collection of assets.
+     *
+     * @return $this
+     */
+    public function addJsModule($asset)
+    {
+        return $this->addType($this::JS_MODULE_COLLECTION, $this::JS_MODULE_TYPE, $asset, $this->unifyLegacyArguments(func_get_args(), $this::JS_MODULE_TYPE));
+    }
+
+    /**
+     * Add an Inline JS asset or a collection of assets.
+     *
+     * @return $this
+     */
+    public function addInlineJsModule($asset)
+    {
+        return $this->addType($this::JS_MODULE_COLLECTION, $this::INLINE_JS_MODULE_TYPE, $asset, $this->unifyLegacyArguments(func_get_args(), $this::INLINE_JS_MODULE_TYPE));
+    }
 
     /**
      * Add/replace collection.
      *
-     * @param  string $collectionName
-     * @param  array  $assets
+     * @param string $collectionName
+     * @param array  $assets
      * @param bool    $overwrite
-     *
      * @return $this
      */
-    public function registerCollection($collectionName, Array $assets, $overwrite = false)
+    public function registerCollection($collectionName, array $assets, $overwrite = false)
     {
         if ($overwrite || !isset($this->collections[$collectionName])) {
             $this->collections[$collectionName] = $assets;
@@ -277,6 +379,13 @@ class Assets extends PropertyObject
         return $this;
     }
 
+    /**
+     * @param array $assets
+     * @param string $key
+     * @param string $value
+     * @param bool $sort
+     * @return array|false
+     */
     protected function filterAssets($assets, $key, $value, $sort = false)
     {
         $results = array_filter($assets, function ($asset) use ($key, $value) {
@@ -284,8 +393,8 @@ class Assets extends PropertyObject
             if ($key === 'position' && $value === 'pipeline') {
                 $type = $asset->getType();
 
-                if ($asset->getRemote() && $this->{$type . '_pipeline_include_externals'} === false && $asset['position'] === 'pipeline') {
-                    if ($this->{$type . '_pipeline_before_excludes'}) {
+                if ($asset->getRemote() && $this->{strtolower($type) . '_pipeline_include_externals'} === false && $asset['position'] === 'pipeline') {
+                    if ($this->{strtolower($type) . '_pipeline_before_excludes'}) {
                         $asset->setPosition('after');
                     } else {
                         $asset->setPosition('before');
@@ -308,14 +417,25 @@ class Assets extends PropertyObject
         return $results;
     }
 
+    /**
+     * @param array $assets
+     * @return array
+     */
     protected function sortAssets($assets)
     {
         uasort($assets, static function ($a, $b) {
             return $b['priority'] <=> $a['priority'] ?: $a['order'] <=> $b['order'];
         });
+
         return $assets;
     }
 
+    /**
+     * @param string $type
+     * @param string $group
+     * @param array $attributes
+     * @return string
+     */
     public function render($type, $group = 'head', $attributes = [])
     {
         $before_output = '';
@@ -332,7 +452,7 @@ class Assets extends PropertyObject
         $after_assets = $this->filterAssets($group_assets, 'position', 'after', true);
 
         // Pipeline
-        if ($this->{$pipeline_enabled}) {
+        if ($this->{$pipeline_enabled} ?? false) {
             $options = array_merge($this->pipeline_options, ['timestamp' => $this->timestamp]);
 
             $pipeline = new Pipeline($options);
@@ -362,12 +482,31 @@ class Assets extends PropertyObject
      *
      * @param  string $group name of the group
      * @param  array  $attributes
-     *
      * @return string
      */
-    public function css($group = 'head', $attributes = [])
+    public function css($group = 'head', $attributes = [], $include_link = true)
     {
-        return $this->render('css', $group, $attributes);
+        $output = '';
+
+        if ($include_link) {
+            $output = $this->link($group, $attributes);
+        }
+
+        $output .= $this->render(self::CSS, $group, $attributes);
+
+        return $output;
+    }
+
+    /**
+     * Build the CSS link tags.
+     *
+     * @param  string $group name of the group
+     * @param  array  $attributes
+     * @return string
+     */
+    public function link($group = 'head', $attributes = [])
+    {
+        return $this->render(self::LINK, $group, $attributes);
     }
 
     /**
@@ -375,11 +514,73 @@ class Assets extends PropertyObject
      *
      * @param  string $group name of the group
      * @param  array  $attributes
-     *
      * @return string
      */
-    public function js($group = 'head', $attributes = [])
+    public function js($group = 'head', $attributes = [], $include_js_module = true)
     {
-        return $this->render('js', $group, $attributes);
+        $output = $this->render(self::JS, $group, $attributes);
+
+        if ($include_js_module) {
+            $output .= $this->jsModule($group, $attributes);
+        }
+
+        return $output;
+    }
+
+    /**
+     * Build the Javascript Modules tags
+     *
+     * @param string $group
+     * @param array $attributes
+     * @return string
+     */
+    public function jsModule($group = 'head', $attributes = [])
+    {
+        return $this->render(self::JS_MODULE, $group, $attributes);
+    }
+
+    /**
+     * @param string $group
+     * @param array $attributes
+     * @return string
+     */
+    public function all($group = 'head', $attributes = [])
+    {
+        $output = $this->css($group, $attributes, false);
+        $output .= $this->link($group, $attributes);
+        $output .= $this->js($group, $attributes, false);
+        $output .= $this->jsModule($group, $attributes);
+        return $output;
+    }
+
+    /**
+     * @param class-string $type
+     * @return bool
+     */
+    protected function isValidType($type)
+    {
+        return in_array($type, [self::CSS_TYPE, self::JS_TYPE, self::JS_MODULE_TYPE]);
+    }
+
+    /**
+     * @param class-string $type
+     * @return string
+     */
+    protected function getBaseType($type)
+    {
+        switch ($type) {
+            case $this::JS_TYPE:
+            case $this::INLINE_JS_TYPE:
+                $base_type = $this::JS;
+                break;
+            case $this::JS_MODULE_TYPE:
+            case $this::INLINE_JS_MODULE_TYPE:
+                $base_type = $this::JS_MODULE;
+                break;
+            default:
+                $base_type = $this::CSS;
+        }
+
+        return $base_type;
     }
 }

system/src/Grav/Common/Assets/BaseAsset.php

@@ -3,27 +3,32 @@
 /**
  * @package    Grav\Common\Assets
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
 namespace Grav\Common\Assets;
 
 use Grav\Common\Assets\Traits\AssetUtilsTrait;
+use Grav\Common\Config\Config;
 use Grav\Common\Grav;
 use Grav\Common\Uri;
 use Grav\Common\Utils;
 use Grav\Framework\Object\PropertyObject;
+use RocketTheme\Toolbox\File\File;
+use SplFileInfo;
 
+/**
+ * Class BaseAsset
+ * @package Grav\Common\Assets
+ */
 abstract class BaseAsset extends PropertyObject
 {
     use AssetUtilsTrait;
 
-    protected const CSS_ASSET = true;
-    protected const JS_ASSET = false;
-
-    /** @const Regex to match CSS import content */
-    protected const CSS_IMPORT_REGEX = '{@import(.*?);}';
+    protected const CSS_ASSET = 1;
+    protected const JS_ASSET = 2;
+    protected const JS_MODULE_ASSET = 3;
 
     /** @var string|false */
     protected $asset;
@@ -65,7 +70,7 @@ abstract class BaseAsset extends PropertyObject
      * @param array $elements
      * @param string|null $key
      */
-    public function __construct(array $elements = [], $key = null)
+    public function __construct(array $elements = [], ?string $key = null)
     {
         $base_config = [
             'group' => 'head',
@@ -88,6 +93,10 @@ abstract class BaseAsset extends PropertyObject
      */
     public function init($asset, $options)
     {
+        if (!$asset) {
+            return false;
+        }
+
         $config = Grav::instance()['config'];
         $uri = Grav::instance()['uri'];
 
@@ -122,7 +131,7 @@ abstract class BaseAsset extends PropertyObject
                 if ($locator->isStream($asset)) {
                     $path = $locator->findResource($asset, true);
                 } else {
-                    $path = GRAV_ROOT . $asset;
+                    $path = GRAV_WEBROOT . $asset;
                 }
 
                 // If local file is missing return
@@ -130,7 +139,7 @@ abstract class BaseAsset extends PropertyObject
                     return false;
                 }
 
-                $file = new \SplFileInfo($path);
+                $file = new SplFileInfo($path);
 
                 $asset = $this->buildLocalLink($file->getPathname());
 
@@ -170,6 +179,35 @@ abstract class BaseAsset extends PropertyObject
         return $this;
     }
 
+    /**
+     * Receive asset location and return the SRI integrity hash
+     *
+     * @param string $input
+     * @return string
+     */
+    public static function integrityHash($input)
+    {
+        $grav = Grav::instance();
+        $uri = $grav['uri'];
+
+        $assetsConfig = $grav['config']->get('system.assets');
+
+        if (!self::isRemoteLink($input) && !empty($assetsConfig['enable_asset_sri']) && $assetsConfig['enable_asset_sri']) {
+            $input = preg_replace('#^' . $uri->rootUrl() . '#', '', $input);
+            $asset = File::instance(GRAV_WEBROOT . $input);
+
+            if ($asset->exists()) {
+                $dataToHash = $asset->content();
+                $hash = hash('sha256', $dataToHash, true);
+                $hash_base64 = base64_encode($hash);
+
+                return ' integrity="sha256-' . $hash_base64 . '"';
+            }
+        }
+
+        return '';
+    }
+
 
     /**
      *
@@ -181,7 +219,7 @@ abstract class BaseAsset extends PropertyObject
      */
 //    protected function getLastModificationTime($asset)
 //    {
-//        $file = GRAV_ROOT . $asset;
+//        $file = GRAV_WEBROOT . $asset;
 //        if (Grav::instance()['locator']->isStream($asset)) {
 //            $file = $this->buildLocalLink($asset, true);
 //        }
@@ -200,7 +238,7 @@ abstract class BaseAsset extends PropertyObject
     protected function buildLocalLink($asset)
     {
         if ($asset) {
-            return $this->base_url . ltrim(Utils::replaceFirstOccurrence(GRAV_ROOT, '', $asset), '/');
+            return $this->base_url . ltrim(Utils::replaceFirstOccurrence(GRAV_WEBROOT, '', $asset), '/');
         }
         return false;
     }
@@ -211,6 +249,7 @@ abstract class BaseAsset extends PropertyObject
      *
      * @return array
      */
+    #[\ReturnTypeWillChange]
     public function jsonSerialize()
     {
         return ['type' => $this->getType(), 'elements' => $this->getElements()];
@@ -222,9 +261,23 @@ abstract class BaseAsset extends PropertyObject
      * @param string $file
      * @param string $dir
      * @param bool $local
+     * @return string
      */
     protected function cssRewrite($file, $dir, $local)
     {
-        return;
+        return '';
+    }
+
+    /**
+     * Finds relative JS urls() and rewrites the URL with an absolute one
+     *
+     * @param string $file the css source file
+     * @param string $dir local relative path to the css file
+     * @param bool $local is this a local or remote asset
+     * @return string
+     */
+    protected function jsRewrite($file, $dir, $local)
+    {
+        return '';
     }
 }

system/src/Grav/Common/Assets/BlockAssets.php

@@ -0,0 +1,207 @@
+<?php
+
+/**
+ * @package    Grav\Common\Assets
+ *
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
+ * @license    MIT License; see LICENSE file for details.
+ */
+
+namespace Grav\Common\Assets;
+
+use Grav\Common\Assets;
+use Grav\Common\Config\Config;
+use Grav\Common\Grav;
+use Grav\Framework\ContentBlock\HtmlBlock;
+use function strlen;
+
+/**
+ * Register block assets into Grav.
+ */
+class BlockAssets
+{
+    /**
+     * @param HtmlBlock $block
+     * @return void
+     */
+    public static function registerAssets(HtmlBlock $block): void
+    {
+        $grav = Grav::instance();
+
+        /** @var Assets $assets */
+        $assets = $grav['assets'];
+
+        $types = $block->getAssets();
+        foreach ($types as $type => $groups) {
+            switch ($type) {
+                case 'frameworks':
+                    static::registerFrameworks($assets, $groups);
+                    break;
+                case 'styles':
+                    static::registerStyles($assets, $groups);
+                    break;
+                case 'scripts':
+                    static::registerScripts($assets, $groups);
+                    break;
+                case 'links':
+                    static::registerLinks($assets, $groups);
+                    break;
+                case 'html':
+                    static::registerHtml($assets, $groups);
+                    break;
+            }
+        }
+    }
+
+    /**
+     * @param Assets $assets
+     * @param array $list
+     * @return void
+     */
+    protected static function registerFrameworks(Assets $assets, array $list): void
+    {
+        if ($list) {
+            throw new \RuntimeException('Not Implemented');
+        }
+    }
+
+    /**
+     * @param Assets $assets
+     * @param array $groups
+     * @return void
+     */
+    protected static function registerStyles(Assets $assets, array $groups): void
+    {
+        $grav = Grav::instance();
+
+        /** @var Config $config */
+        $config = $grav['config'];
+
+        foreach ($groups as $group => $styles) {
+            foreach ($styles as $style) {
+                switch ($style[':type']) {
+                    case 'file':
+                        $options = [
+                            'priority' => $style[':priority'],
+                            'group' => $group,
+                            'type' => $style['type'],
+                            'media' => $style['media']
+                        ] + $style['element'];
+
+                        $assets->addCss(static::getRelativeUrl($style['href'], $config->get('system.assets.css_pipeline')), $options);
+                        break;
+                    case 'inline':
+                        $options = [
+                            'priority' => $style[':priority'],
+                            'group' => $group,
+                            'type' => $style['type'],
+                        ] + $style['element'];
+
+                        $assets->addInlineCss($style['content'], $options);
+                        break;
+                }
+            }
+        }
+    }
+
+    /**
+     * @param Assets $assets
+     * @param array $groups
+     * @return void
+     */
+    protected static function registerScripts(Assets $assets, array $groups): void
+    {
+        $grav = Grav::instance();
+
+        /** @var Config $config */
+        $config = $grav['config'];
+
+        foreach ($groups as $group => $scripts) {
+            $group = $group === 'footer' ? 'bottom' : $group;
+
+            foreach ($scripts as $script) {
+                switch ($script[':type']) {
+                    case 'file':
+                        $options = [
+                            'group' => $group,
+                            'priority' => $script[':priority'],
+                            'src' => $script['src'],
+                            'type' => $script['type'],
+                            'loading' => $script['loading'],
+                            'defer' => $script['defer'],
+                            'async' => $script['async'],
+                            'handle' => $script['handle']
+                        ] + $script['element'];
+
+                        $assets->addJs(static::getRelativeUrl($script['src'], $config->get('system.assets.js_pipeline')), $options);
+                        break;
+                    case 'inline':
+                        $options = [
+                            'priority' => $script[':priority'],
+                            'group' => $group,
+                            'type' => $script['type'],
+                            'loading' => $script['loading']
+                        ] + $script['element'];
+
+                        $assets->addInlineJs($script['content'], $options);
+                        break;
+                }
+            }
+        }
+    }
+
+    /**
+     * @param Assets $assets
+     * @param array $groups
+     * @return void
+     */
+    protected static function registerLinks(Assets $assets, array $groups): void
+    {
+        foreach ($groups as $group => $links) {
+            foreach ($links as $link) {
+                $href = $link['href'];
+                $options = [
+                    'group' => $group,
+                    'priority' => $link[':priority'],
+                    'rel' => $link['rel'],
+                ] + $link['element'];
+
+                $assets->addLink($href, $options);
+            }
+        }
+    }
+
+    /**
+     * @param Assets $assets
+     * @param array $groups
+     * @return void
+     */
+    protected static function registerHtml(Assets $assets, array $groups): void
+    {
+        if ($groups) {
+            throw new \RuntimeException('Not Implemented');
+        }
+    }
+
+    /**
+     * @param string $url
+     * @param bool $pipeline
+     * @return string
+     */
+    protected static function getRelativeUrl($url, $pipeline)
+    {
+        $grav = Grav::instance();
+
+        $base = rtrim($grav['base_url'], '/') ?: '/';
+
+        if (strpos($url, $base) === 0) {
+            if ($pipeline) {
+                // Remove file timestamp if CSS pipeline has been enabled.
+                $url = preg_replace('|[?#].*|', '', $url);
+            }
+
+            return substr($url, strlen($base) - 1);
+        }
+        return $url;
+    }
+}