Merge branch 'release/1.7.29'

Release v1.7.28

.editorconfig

@@ -7,11 +7,11 @@ root = true
 [*]
 charset = utf-8
 end_of_line = lf
-trim_trailing_whitespace = true
 insert_final_newline = true
 indent_style = space
 indent_size = 4
+trim_trailing_whitespace = true
 
 # 2 space indentation
-[*.{yaml,yml}]
+[*.{yaml,yml,vue,js,css}]
 indent_size = 2

.github/workflows/build.yaml

@@ -12,11 +12,15 @@ jobs:
     steps:
       - uses: actions/checkout@v2
 
+      - name: Extract Tag
+        run: echo "PACKAGE_VERSION=${{ github.ref }}" >> $GITHUB_ENV
+
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
           php-version: 7.3
           extensions: opcache, gd
+          tools: composer:v2
           coverage: none
         env:
           COMPOSER_TOKEN: ${{ secrets.GLOBAL_TOKEN }}
@@ -38,13 +42,14 @@ jobs:
         run: |
           bash ./build-grav.sh
 
-      - name: Upload Grav Release Assets
-        id: upload-release-asset
-        uses: alexellis/upload-assets@0.2.3
-        env:
-          GITHUB_TOKEN: ${{ secrets.GLOBAL_TOKEN }}
+      - name: Upload packages to release
+        uses: svenstaro/upload-release-action@v2
         with:
-          asset_paths: '["./grav-dist/*.zip"]'
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ env.PACKAGE_VERSION }}
+          file: ./grav-dist/*.zip
+          overwrite: true
+          file_glob: true
 
   slack:
     name: Slack

.github/workflows/tests.yaml

@@ -14,7 +14,7 @@ jobs:
 
     strategy:
       matrix:
-        php: [ 8.0, 7.4, 7.3]
+        php: [ 8.1, 8.0, 7.4, 7.3]
         os: [ubuntu-latest]
 
     steps:
@@ -25,15 +25,16 @@ jobs:
         with:
           php-version: ${{ matrix.php }}
           extensions: opcache, gd
+          tools: composer:v2
           coverage: none
         env:
-          COMPOSER_TOKEN: ${{ secrets.GLOBAL_TOKEN }}
+          COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Update composer
-        run: composer update
-
-      - name: Validate composer.json and composer.lock
-        run: composer validate
+#      - name: Update composer
+#        run: composer update
+#
+#      - name: Validate composer.json and composer.lock
+#        run: composer validate
 
       - name: Get composer cache directory
         id: composer-cache
@@ -52,21 +53,21 @@ jobs:
       - name: Run test suite
         run: vendor/bin/codecept run
 
-  slack:
-      name: Slack
-      needs: unit-tests
-      runs-on: ubuntu-latest
-      if: always()
-      steps:
-        - uses: technote-space/workflow-conclusion-action@v2
-        - uses: 8398a7/action-slack@v3
-          with:
-             status: failure
-             fields: repo,message,author,action
-             icon_emoji: ':octocat:'
-             author_name: 'Github Action Tests'
-             text: '💥 Automated Test Failure'
-          env:
-            GITHUB_TOKEN: ${{ secrets.GLOBAL_TOKEN }}
-            SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-          if: env.WORKFLOW_CONCLUSION == 'failure'
+#  slack:
+#      name: Slack
+#      needs: unit-tests
+#      runs-on: ubuntu-latest
+#      if: always()
+#      steps:
+#        - uses: technote-space/workflow-conclusion-action@v2
+#        - uses: 8398a7/action-slack@v3
+#          with:
+#             status: failure
+#             fields: repo,message,author,action
+#             icon_emoji: ':octocat:'
+#             author_name: 'Github Action Tests'
+#             text: '💥 Automated Test Failure'
+#          env:
+#            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+#            SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+#          if: env.WORKFLOW_CONCLUSION == 'failure'

.github/workflows/trigger-skeletons.yml

@@ -0,0 +1,45 @@
+name: Trigger Skeletons Build
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Which Grav release to use'
+        required: true
+        default: 'latest'
+      admin:
+        description: 'Create also a package with Admin'
+        required: true
+        default: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      WORKFLOW: "build-skeleton.yml"
+      AUTH: ":${{secrets.GLOBAL_TOKEN}}"
+    steps:
+      - uses: actions/checkout@v2
+      - name: Make it rain ☔️
+        run: |
+          SKELETONS=`curl -s "${{secrets.SKELETONS_JSON_LIST}}"`
+          echo "$SKELETONS" | jq -cr '.[]' | while read SKELETON; do
+            KEY=$(echo "$SKELETON" | jq -cr 'keys[0]')
+            VERSION=$(echo "$SKELETON" | jq -cr '.[]')
+            URL="https://api.github.com/repos/${KEY}/actions/workflows/${WORKFLOW}/dispatches"
+
+            curl -X POST \
+            -u "${AUTH}" \
+            -H "Accept: application/vnd.github.everest-preview+json" \
+            -H "Content-Type: application/json" \
+            -sS \
+            ${URL} \
+            --data '{ "ref": "develop", 
+                      "inputs": { 
+                        "tag": "'"$VERSION"'", 
+                        "version": "'"$INPUT_VERSION"'", 
+                        "admin": "'"$INPUT_ADMIN"'" 
+                      } 
+                    }' > /dev/null
+            echo "Dispatched Worfklow for ${KEY}@$VERSION"
+          done

.gitignore

@@ -45,3 +45,4 @@ tests/cache/*
 tests/error.log
 system/templates/testing/*
 /user/config/versions.yaml
+/user/cli/config/security.yaml

.htaccess

@@ -59,9 +59,9 @@ RewriteRule .* index.php [L]
 # Block all direct access for these folders
 RewriteRule ^(\.git|cache|bin|logs|backup|webserver-configs|tests)/(.*) error [F]
 # Block access to specific file types for these system folders
-RewriteRule ^(system|vendor)/(.*)\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ error [F]
+RewriteRule ^(system|vendor)/(.*)\.(txt|xml|md|html|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ error [F]
 # Block access to specific file types for these user folders
-RewriteRule ^(user)/(.*)\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ error [F]
+RewriteRule ^(user)/(.*)\.(txt|md|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ error [F]
 # Block all direct access to .md files:
 RewriteRule \.md$ error [F]
 # Block all direct access to files and folders beginning with a dot

CHANGELOG.md

@@ -1,3 +1,457 @@
+# v1.7.29
+## 01/28/2022
+
+1. [](#new)
+    * Added support for registering assets from `HtmlBlock`
+    * Added unicode-safe `Utils::basename()` and `Utils::pathinfo()` methods
+2. [](#improved)
+    * Improved `Filesystem::basename()` and `Filesystem::pathinfo()` to be unicode-safe
+    * Made path handling unicode-safe, use new `Utils::basename()` and `Utils::pathinfo()` everywhere
+3. [](#bugfix)
+    * Fixed error on thumbnail image creation
+    * Fixed MimeType for `gzip` (`application/x-gzip`)
+
+# v1.7.28
+## 01/24/2022
+
+1. [](#new)
+    * Added links and modules support to `HtmlBlock` class
+    * Added module support for twig script tag: `{% script module 'theme://js/module.mjs' %}`
+    * Added twig tag for links: `{% link icon 'theme://images/favicon.png' priority: 20 with { type: 'image/png' } %}`
+    * Added `HtmlBlock` support for `{% style %}`, `{% script %}` and `{% link %}` tags
+    * Support for page-level `redirect_default_route` frontmatter header override
+3. [](#bugfix)
+    * Fixed XSS check not detecting escaped `&#58`
+
+# v1.7.27.1
+## 01/12/2022
+
+3. [](#bugfix)
+   * Fixed a typo in CSS Asset pipeline that was erroneously joining files with `;`
+
+# v1.7.27
+## 01/12/2022
+
+1. [](#new)
+   * Support for `YubiKey OTP` 2-Factor authenticator
+   * Added support for generic `assets.link()` for external references. No pipeline support
+   * Added support for `assets.addJsModule()` with full pipeline support
+   * Added `Utils::getExtensionsByMime()` method to get all the registered extensions for the specific mime type
+   * Added `Media::getRoute()` and `Media::getRawRoute()` methods to get page route if available
+   * Added `Medium::getAlternatives()` to be able to list all the retina sizes
+2. [](#improved)
+   * Improved `Utils::download()` method to allow overrides on download name, mime and expires header
+   * Improved `onPageFallBackUrl` event
+   * Reorganized the Asset system configuration blueprint for clarity
+3. [](#bugfix)
+   * Fixed CLI `--env` and `--lang` options having no effect if they aren't added before all the other options
+   * Fixed scaled image medium filename when using non-existing retina file
+   * Fixed an issue with JS `imports` and pipelining Assets
+
+# v1.7.26.1
+## 01/04/2022
+
+3. [](#bugfix)
+   * Fixed `UserObject::getAccess()` after cloning the object
+
+# v1.7.26
+## 01/03/2022
+
+1. [](#new)
+    * Made `Grav::redirect()` to accept `Route` class
+    * Added `translated()` method to `PageTranslateInterface`
+    * Added second parameter to `UserObject::isMyself()` method
+    * Added `UserObject::$isAuthorizedCallable` to allow `$user->isAuthorized()` customization
+    * Use secure session cookies in HTTPS by default (`system.session.secure_https: true`)
+    * Added new `Plugin::inheritedConfigOption()` function to access plugin specific functions for page overrides
+2. [](#improved)
+   * Upgraded vendor libs for PHP 8.1 compatibility
+   * Upgraded to **composer v2.1.14** for PHP 8.1 compatibility
+   * Added third `$name` parameter to `Blueprint::flattenData()` method, useful for flattening repeating data
+   * `ControllerResponseTrait`: Redirect response should be json if the extension is .json
+   * When symlinking Grav install, include also tests
+   * Updated copyright year to `2022`
+3. [](#bugfix)
+   * Fixed bad key lookup in `FlexRelatedDirectoryTrait::getCollectionByProperty()`
+   * Fixed RequestHandlers `NotFoundException` having empty request
+   * Block `.json` files in web server configs
+   * Disabled pretty debug info for Flex as it slows down Twig rendering
+   * Fixed Twig being very slow when template overrides do not exist
+   * Fixed `UserObject::$authorizeCallable` binding to the user object
+   * Fixed `FlexIndex::call()` to return null instead of failing to call undefined method
+   * Fixed Flex directory configuration creating environment configuration when it should not
+
+# v1.7.25
+## 11/16/2021
+
+1. [](#new)
+    * Updated phpstan to v1.0
+    * Added `FlexObject::getDiff()` to see difference to the saved object
+2. [](#improved)
+    * Use Symfony `dump` instead of PHP's `vardump` in side the `{{ vardump(x) }}` Twig vardump function
+    * Added `route` and `request` to `onPagesInitialized` event
+    * Improved page cloning, added method `Page::initialize()`
+    * Improved `FlexObject::getChanges()`: return changed lists and arrays as whole instead of just changed keys/values
+    * Improved form validation JSON responses to contain list of failed fields with their error messages
+    * Improved redirects: send redirect response in JSON if the request was in JSON
+3. [](#bugfix)
+    * Fixed path traversal vulnerability when using `bin/grav server`
+    * Fixed unescaped error messages in JSON error responses
+    * Fixed `|t(variable)` twig filter in admin
+    * Fixed `FlexObject::getChanges()` always returning empty array
+    * Fixed form validation exceptions to use `400 Bad Request` instead of `500 Internal Server Error`
+
+# v1.7.24
+## 10/26/2021
+
+1. [](#new)
+    * Added support for image watermarks
+    * Added support to disable a form, making it readonly
+2. [](#improved)
+    * Flex `$user->authorize()` now checks user groups before `admin.super`, allowing deny rules to work properly
+3. [](#bugfix)
+    * Fixed a bug in `PermissionsReader` in PHP 7.3
+    * Fixed `session_store_active` language option (#3464)
+    * Fixed deprecated warnings on `ArrayAccess` in PHP 8.1
+    * Fixed XSS detection with `:`
+
+# v1.7.23
+## 09/29/2021
+
+1. [](#new)
+    * Added method `Pages::referrerRoute()` to get the referrer route and language
+    * Added true unique `Utils::uniqueId()` / `{{ unique_id() }}` utilities  with length, prefix, and suffix support
+    * Added `UserObject::isMyself()` method to check if flex user is currently logged in
+    * Added support for custom form field options validation with `validate: options: key|ignore`
+2. [](#improved)
+   * Replaced GPL `SVG-Sanitizer` with MIT licensed `DOM-Sanitizer`
+   * `Uri::referrer()` now accepts third parameter, if set to `true`, it returns route without base or language code [#3411](https://github.com/getgrav/grav/issues/3411)
+   * Updated vendor libs with latest
+   * Updated with latest language strings via Crowdin.com
+3. [](#bugfix)
+    * Fixed `Folder::move()` throwing an error when target folder is changed by only appending characters to the end [#3445](https://github.com/getgrav/grav/issues/3445)
+    * Fixed some phpstan issues (all code back to level 1, Framework level 3)
+    * Fixed form reset causing image uploads to fail when using Flex
+
+# v1.7.22
+## 09/16/2021
+
+1. [](#new)
+    * Register plugin autoloaders into plugin objects
+2. [](#improved)
+    * Improve Twig 2 compatibility
+    * Update to customized version of Twig DeferredExtension (Twig 1/2 compatible)
+3. [](#bugfix)
+    * Fixed conflicting `$_original` variable in `Flex Pages`
+
+# v1.7.21
+## 09/14/2021
+
+1. [](#new)
+    * Added `|yaml` filter to convert input to YAML
+    * Added `route` and `request` to `onPageNotFound` event
+    * Added file upload/remove support for `Flex Forms`
+    * Added support for `flex-required@: not exists` and `flex-required@: '!exists'` in blueprints
+    * Added `$object->getOriginalData()` to get flex objects data before it was modified with `update()`
+    * Throwing exceptions from Twig templates fires `onDisplayErrorPage.[code]` event allowing better error pages
+2. [](#improved)
+    * Use a simplified text-based `cron` field for scheduler
+    * Add timestamp to logging output of scheduler jobs to see when they ran
+3. [](#bugfix)
+    * Fixed escaping in PageIndex::getLevelListing()
+    * Fixed validation of `number` type [#3433](https://github.com/getgrav/grav/issues/3433)
+    * Fixed excessive `security.yaml` file creation [#3432](https://github.com/getgrav/grav/issues/3432)
+    * Fixed incorrect port :0 with nginx unix socket setup [#3439](https://github.com/getgrav/grav/issues/3439)
+    * Fixed `Session::setFlashCookieObject()` to use the same options as the main session cookie
+
+# v1.7.20
+## 09/01/2021
+
+2. [](#improved)
+    * Added support for `task` and `action` inside JSON request body
+
+# v1.7.19
+## 08/31/2021
+
+1. [](#new)
+    * Include active form and request in `onPageTask` and `onPageAction` events (defaults to `null`)
+    * Added `UserObject::$authorizeCallable` to allow `$user->authorize()` customization
+2. [](#improved)
+    * Added meta support for `UploadedFile` class
+    * Added support for multiple mime-types per file extension [#3422](https://github.com/getgrav/grav/issues/3422)
+    * Added `setCurrent()` method to Page Collection [#3398](https://github.com/getgrav/grav/pull/3398)
+    * Initialize `$grav['uri']` before session
+3. [](#bugfix)
+    * Fixed `Warning: Undefined array key "SERVER_SOFTWARE" in index.php` [#3408](https://github.com/getgrav/grav/issues/3408)
+    * Fixed error in `loadDirectoryConfig()` if configuration hasn't been saved [#3409](https://github.com/getgrav/grav/issues/3409)
+    * Fixed GPM not using non-standard cache path [#3410](https://github.com/getgrav/grav/issues/3410)
+    * Fixed broken `environment://` stream when it doesn't have configuration
+    * Fixed `Flex Object` missing key field value when using `FolderStorage`
+    * Fixed broken Twig try tag when catch has not been defined or is empty
+    * Fixed `FlexForm` serialization
+    * Fixed form validation for numeric values in PHP 8
+    * Fixed `flex-options@` in blueprints duplicating items in array
+    * Fixed wrong form issue with flex objects after cache clear
+    * Fixed Flex object types not implementing `MediaInterface`
+    * Fixed issue with `svgImageFunction()` that was causing broken output
+
+# v1.7.18
+## 07/19/2021
+
+1. [](#improved)
+    * Added support for loading Flex Directory configuration from main configuration
+    * Move SVGs that cannot be sanitized to quarantine folder under `log://quarantine`
+    * Added support for CloudFlare-forwarded client IP in the `URI::ip()` method
+1. [](#bugfix)
+    * Fixed error when using Flex `SimpleStorage` with no entries
+    * Fixed page search to include slug field [#3316](https://github.com/getgrav/grav/issues/3316)
+    * Fixed Admin becoming unusable when GPM cannot be reached [#3383](https://github.com/getgrav/grav/issues/3383)
+    * Fixed `Failed to save entry: Forbidden` when moving a page to a visible page [#3389](https://github.com/getgrav/grav/issues/3389)
+    * Better support for Symfony local server on linux [#3400](https://github.com/getgrav/grav/pull/3400)
+    * Fixed `open_basedir()` error with some forms
+
+# v1.7.17
+## 06/15/2021
+
+1. [](#new)
+    * Interface `FlexDirectoryInterface` now extends `FlexAuthorizeInterface`
+1. [](#improved)
+    * Allow to unset an asset attribute by specifying null (ie, `'defer': null`)
+    * Support specifying custom attributes to assets in a collection [Read more](https://learn.getgrav.org/17/themes/asset-manager#collections-with-attributes?target=_blank) [#3358](https://github.com/getgrav/grav/issues/3358)
+    * File `frontmatter.yaml` isn't part of media, ignore it
+    * Switched default `JQuery` collection to use 3.x rather than 2.x
+1. [](#bugfix)
+    * Fixed missing styles when CSS/JS Pipeline is used and `asset://` folder is missing
+    * Fixed permission check when moving a page [#3382](https://github.com/getgrav/grav/issues/3382)
+
+# v1.7.16
+## 06/02/2021
+
+1. [](#new)
+    * Added 'addFrame()' method to ImageMedium [#3323](https://github.com/getgrav/grav/pull/3323)
+1. [](#improved)
+    * Set `cache.clear_images_by_default` to `false` by default
+    * Improve error on bad nested form data [#3364](https://github.com/getgrav/grav/issues/3364)
+1. [](#bugfix)
+    * Improve Plugin and Theme initialization to fix PHP8 bug [#3368](https://github.com/getgrav/grav/issues/3368)
+    * Fixed `pathinfo()` twig filter in PHP7
+    * Fixed the first visible child page getting ordering number `999999.` [#3365](https://github.com/getgrav/grav/issues/3365)
+    * Fixed flex pages search using only folder name [#3316](https://github.com/getgrav/grav/issues/3316)
+    * Fixed flex pages using wrong type in `onBlueprintCreated` event [#3157](https://github.com/getgrav/grav/issues/3157)
+    * Fixed wrong SRI paths invoked when Grav instance as a sub folder [#3358](https://github.com/getgrav/grav/issues/3358)
+    * Fixed SRI trying to calculate remote assets, only ever set integrity for local files. Use the SRI provided by the remote source and manually add it in the `addJs/addCss` call for remote support. [#3358](https://github.com/getgrav/grav/issues/3358)
+    * Fix for weird regex issue with latest PHP versions on Intel Macs causing params to not parse properly in URI object
+
+# v1.7.15
+## 05/19/2021
+
+1. [](#improved)
+    * Allow optional start date in page collections [#3350](https://github.com/getgrav/grav/pull/3350)
+    * Added `page` and `output` properties to `onOutputGenerated` and `onOutputRendered` events
+1. [](#bugfix)
+    * Fixed twig deprecated TwigFilter messages [#3348](https://github.com/getgrav/grav/issues/3348)
+    * Fixed fatal error with some markdown links [getgrav/grav-premium-issues#95](https://github.com/getgrav/grav-premium-issues/issues/95)
+    * Fixed markdown media operations not working when using `image://` stream [#3333](https://github.com/getgrav/grav/issues/3333) [#3349](https://github.com/getgrav/grav/issues/3349)
+    * Fixed copying page without changing the slug [getgrav/grav-plugin-admin#2135](https://github.com/getgrav/grav-plugin-admin/issues/2139)
+    * Fixed missing and commonly used methods when using `system.twig.undefined_functions = false` [getgrav/grav-plugin-admin#2138](https://github.com/getgrav/grav-plugin-admin/issues/2138)
+    * Fixed uploading images into Flex Object if field destination is not set
+
+# v1.7.14
+## 04/29/2021
+
+1. [](#new)
+    * Added `MediaUploadTrait::checkFileMetadata()` method
+1. [](#improved)
+    * Updating a theme should always keep the custom files [getgrav/grav-plugin-admin#2135](https://github.com/getgrav/grav-plugin-admin/issues/2135)
+1. [](#bugfix)
+    * Fixed broken numeric language codes in Flex Pages [#3332](https://github.com/getgrav/grav/issues/3332)
+    * Fixed broken `exif_imagetype()` twig function
+
+# v1.7.13
+## 04/23/2021
+
+1. [](#new)
+    * Added support for getting translated collection of Flex Pages using `$collection->withTranslated('de')`
+1. [](#improved)
+    * Moved `gregwar/Image` and `gregwar/Cache` in-house to official `getgrav/Image` and `getgrav/Cache` packagist packages. This will help environments with very strict proxy setups that don't allow VCS setup. [#3289](https://github.com/getgrav/grav/issues/3289)
+    * Improved XSS Invalid Protocol detection regex [#3298](https://github.com/getgrav/grav/issues/3298)
+    * Added support for user provided folder in Flex `$page->copy()`
+1. [](#bugfix)
+    * Fixed `The "Grav/Common/Twig/TwigExtension" extension is not enabled` when using markdown twig tag [#3317](https://github.com/getgrav/grav/issues/3317)
+    * Fixed text field maxlength validation newline issue [#3324](https://github.com/getgrav/grav/issues/3324)
+    * Fixed a bug in Flex Object `refresh()` method
+
+# v1.7.12
+## 04/15/2021
+
+1. [](#improved)
+    * Improve JSON support for the request
+1. [](#bugfix)
+    * Fixed absolute path support for Windows [#3297](https://github.com/getgrav/grav/issues/3297)
+    * Fixed adding tags in admin after upgrading Grav [#3315](https://github.com/getgrav/grav/issues/3315)
+
+# v1.7.11
+## 04/13/2021
+
+1. [](#new)
+    * Added configuration options to allow PHP methods to be used in Twig functions (`system.twig.safe_functions`) and filters (`system.twig.safe_filters`)
+    * Deprecated using PHP methods in Twig without them being in the safe lists
+    * Prevent dangerous PHP methods from being used as Twig functions and filters
+    * Restrict filesystem Twig functions to accept only local filesystem and grav streams
+1. [](#improved)
+    * Better GPM detection of unauthorized installations
+1. [](#bugfix)
+  * **IMPORTANT** Fixed security vulnerability with Twig allowing dangerous PHP functions by default [GHSA-g8r4-p96j-xfxc](https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc)
+    * Fixed nxinx appending repeating `?_url=` in some redirects
+    * Fixed deleting page with language code not removing the folder if it was the last language [#3305](https://github.com/getgrav/grav/issues/3305)
+    * Fixed fatal error when using markdown links with `image://` stream [#3285](https://github.com/getgrav/grav/issues/3285)
+    * Fixed `system.languages.session_store_active` not having any effect [#3269](https://github.com/getgrav/grav/issues/3269)
+    * Fixed fatal error if `system.pages.types` is not an array [#2984](https://github.com/getgrav/grav/issues/2984)
+
+# v1.7.10
+## 04/06/2021
+
+1. [](#new)
+    * Added initial support for running Grav library from outside the webroot [#3297](https://github.com/getgrav/grav/issues/3297)
+1. [](#improved)
+    * Improved password handling when saving a user
+1. [](#bugfix)
+    * Ignore errors when using `set_time_limit` in `Archiver` and `GPM\Response` classes [#3023](https://github.com/getgrav/grav/issues/3023)
+    * Fixed `Folder::move()` deleting the folder if you move folder into itself, created empty file instead
+    * Fixed moving `Flex Page` to itself causing the page to be lost [#3227](https://github.com/getgrav/grav/issues/3227)
+    * Fixed `PageStorage` from detecting files as pages
+    * Fixed `UserIndex` not implementing `UserCollectionInterface`
+    * Fixed missing `onAdminAfterDelete` event call in `Flex Pages`
+    * Fixed system templates not getting scanned [#3296](https://github.com/getgrav/grav/issues/3296)
+    * Fixed incorrect routing if url path looks like a domain name [#2184](https://github.com/getgrav/grav/issues/2184)
+
+# v1.7.9
+## 03/19/2021
+
+1. [](#new)
+    * Added `Media::hide()` method to hide files from media
+    * Added `Utils::getPathFromToken()` method which works also with `Flex Objects`
+    * Added `FlexMediaTrait::getMediaField()`, which can be used to access custom media set in the blueprint fields
+    * Added `FlexMediaTrait::getFieldSettings()`, which can be used to get media field settings
+1. [](#improved)
+    * Method `Utils::getPagePathFromToken()` now calls the more generic `Utils::getPathFromToken()`
+    * Updated `SECURITY.md` to use security@getgrav.org
+1. [](#bugfix)
+    * Fixed broken media upload in `Flex` with `@self/path`, `@page` and `@theme` destinations [#3275](https://github.com/getgrav/grav/issues/3275)
+    * Fixed media fields excluding newly deleted files before saving the object
+    * Fixed method `$pages->find()` should never redirect [#3266](https://github.com/getgrav/grav/pull/3266)
+    * Fixed `Page::activeChild()` throwing an error [#3276](https://github.com/getgrav/grav/issues/3276)
+    * Fixed `Flex Page` CRUD ACL when creating a new page (needs Flex Objects plugin update) [grav-plugin-flex-objects#115](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/115)
+    * Fixed the list of pages not showing up in admin [#3280](https://github.com/getgrav/grav/issues/3280)
+    * Fixed text field min/max validation for UTF8 characters [#3281](https://github.com/getgrav/grav/issues/3281)
+    * Fixed redirects using wrong redirect code
+
+# v1.7.8
+## 03/17/2021
+
+1. [](#new)
+    * Added `ControllerResponseTrait::createDownloadResponse()` method
+    * Added full blueprint support to theme if you move existing files in `blueprints/` to `blueprints/pages/` folder [#3255](https://github.com/getgrav/grav/issues/3255)
+    * Added support for `Theme::getFormFieldTypes()` just like in plugins
+1. [](#improved)
+    * Optimized `Flex Pages` for speed
+    * Optimized saving visible/ordered pages when there are a lot of siblings [#3231](https://github.com/getgrav/grav/issues/3231)
+    * Clearing cache now deletes all clockwork files
+    * Improved `system.pages.redirect_default_route` and `system.pages.redirect_trailing_slash` configuration options to accept redirect code
+1. [](#bugfix)
+    * Fixed clockwork error when clearing cache
+    * Fixed missing method `translated()` in `Flex Pages`
+    * Fixed missing `Flex Pages` in site if multi-language support has been enabled
+    * Fixed Grav using blueprints and form fields from disabled plugins
+    * Fixed `FlexIndex::sortBy(['key' => 'ASC'])` having no effect
+    * Fixed default Flex Pages collection ordering to order by filesystem path
+    * Fixed disappearing pages on save if `pages://` stream resolves to multiple folders where the preferred folder doesn't exist
+    * Fixed Markdown image attribute `loading` [#3251](https://github.com/getgrav/grav/pull/3251)
+    * Fixed `Uri::isValidExtension()` returning false positives
+    * Fixed `page.html` returning duplicated content with `system.pages.redirect_default_route` turned on [#3130](https://github.com/getgrav/grav/issues/3130)
+    * Fixed site redirect with redirect code failing when redirecting to sub-pages [#3035](https://github.com/getgrav/grav/pull/3035/files)
+    * Fixed `Uncaught ValueError: Path cannot be empty` when failing to upload a file [#3265](https://github.com/getgrav/grav/issues/3265)
+    * Fixed `Path cannot be empty` when viewing non-existent log file [#3270](https://github.com/getgrav/grav/issues/3270)
+    * Fixed `onAdminSave` original page having empty header [#3259](https://github.com/getgrav/grav/issues/3259)
+
+# v1.7.7
+## 02/23/2021
+
+1. [](#new)
+    * Added `Utils::arrayToQueryParams()` to convert an array into query params
+1. [](#improved)
+    * Added original image support for all flex objects and media fields
+    * Improved `Pagination` class to allow custom pagination query parameter
+1. [](#bugfix)
+    * Fixed avatar of the user not being saved [grav-plugin-flex-objects#111](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/111)
+    * Replaced special space character with regular space in `system/blueprints/user/account_new.yaml`
+
+# v1.7.6
+## 02/17/2021
+
+1. [](#new)
+    * Added `Medium::attribute()` to pass arbitrary attributes [#3065](https://github.com/getgrav/grav/pull/3065)
+    * Added `Plugins::getPlugins()` and `Plugins::getPlugin($name)` to make it easier to access plugin instances [#2277](https://github.com/getgrav/grav/pull/2277)
+    * Added `regex_match` and `regex_split` twig functions [#2788](https://github.com/getgrav/grav/pull/2788)
+    * Updated all languages from [Crowdin](https://crowdin.com/project/grav-core) - Please update any translations here
+1. [](#improved)
+    * Added abstract `FlexObject`, `FlexCollection` and `FlexIndex` classes to `\Grav\Common\Flex` namespace (extend those instead of Framework or Generic classes)
+    * Updated bundled `composer.phar` binary to latest version `2.0.9`
+    * Improved session fixation handling in PHP 7.4+ (cannot fix it in PHP 7.3 due to PHP bug)
+    * Added optional password/database attributes for redis in `system.yaml`
+    * Added ability to filter enabled or disabled with bin/gpm index [#3187](https://github.com/getgrav/grav/pull/3187)
+    * Added `$grav->getVersion()` or `grav.version` in twig to get the current Grav version [#3142](https://github.com/getgrav/grav/issues/3142)
+    * Added second parameter to `$blueprint->flattenData()` to include every field, including those which have no data
+    * Added support for setting session domain [#2040](https://github.com/getgrav/grav/pull/2040)
+    * Better support inheriting languages when using child themes [#3226](https://github.com/getgrav/grav/pull/3226)
+    * Added option for `FlexForm` constructor to reset the form
+1. [](#bugfix)
+    * Fixed issue with `content-security-policy` not being properly supported with `http-equiv` + support single quotes
+    * Fixed CLI progressbar in `backup` and `security` commands to use styled output [#3198](https://github.com/getgrav/grav/issues/3198)
+    * Fixed page save failing because of uploaded images [#3191](https://github.com/getgrav/grav/issues/3191)
+    * Fixed `Flex Pages` using only default language in frontend [#106](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/106)
+    * Fixed empty `route()` and `raw_route()` when getting translated pages [#3184](https://github.com/getgrav/grav/pull/3184)
+    * Fixed error on `bin/gpm plugin uninstall` [#3207](https://github.com/getgrav/grav/issues/3207)
+    * Fixed broken min/max validation for field `type: int`
+    * Fixed lowering uppercase characters in usernames when saving from frontend [#2565](https://github.com/getgrav/grav/pull/2565)
+    * Fixed save error when editing accounts that have been created with capital letters in their username [#3211](https://github.com/getgrav/grav/issues/3211)
+    * Fixed renaming flex objects key when using file storage
+    * Fixed wrong values in Admin pages list [#3214](https://github.com/getgrav/grav/issues/3214)
+    * Fixed pipelined asset using different hash when extra asset is added to before/after position [#2781](https://github.com/getgrav/grav/issues/2781)
+    * Fixed trailing slash redirect to only apply to GET/HEAD requests and use 301 status code [#3127](https://github.com/getgrav/grav/issues/3127)
+    * Fixed root page to always contain trailing slash [#3127](https://github.com/getgrav/grav/issues/3127)
+    * Fixed `<meta name="flattr:*" content="*">` to use name instead property [#3010](https://github.com/getgrav/grav/pull/3010)
+    * Fixed behavior of opposite filters in `Pages::getCollection()` to match Grav 1.6 [#3216](https://github.com/getgrav/grav/pull/3216)
+    * Fixed modular content with missing template file ending up using non-modular template [#3218](https://github.com/getgrav/grav/issues/3218)
+    * Fixed broken attachment image in Flex Objects Admin when `destination: self@` used [#3225](https://github.com/getgrav/grav/issues/3225)
+    * Fixed bug in page content with both markdown and twig enabled [#3223](https://github.com/getgrav/grav/issues/3223)
+
+# v1.7.5
+## 02/01/2021
+
+1. [](#bugfix)
+    * Revert: Fixed page save failing because of uploaded images [#3191](https://github.com/getgrav/grav/issues/3191) - breaking save
+
+# v1.7.4
+## 02/01/2021
+
+1. [](#new)
+    * Added `FlexForm::setSubmitMethod()` to customize form submit action
+1. [](#improved)
+    * Improved GPM error handling
+1. [](#bugfix)
+    * Fixed `bin/gpm uninstall` script not working because of bad typehint [#3172](https://github.com/getgrav/grav/issues/3172)
+    * Fixed `login: visibility_requires_access` not working in pages [#3176](https://github.com/getgrav/grav/issues/3176)
+    * Fixed cannot change image format [#3173](https://github.com/getgrav/grav/issues/3173)
+    * Fixed saving page in expert mode [#3174](https://github.com/getgrav/grav/issues/3174)
+    * Fixed exception in `$flexPage->frontmatter()` method when setting value
+    * Fixed `onBlueprintCreated` event being called multiple times in `Flex Pages` [grav-plugin-flex-objects#97](https://github.com/trilbymedia/grav-plugin-flex-objects/issues/97)
+    * Fixed wrong ordering in page collections if `intl` extension has been enabled [#3167](https://github.com/getgrav/grav/issues/3167)
+    * Fixed page redirect to the first visible child page (needs to be routable and published, too)
+    * Fixed untranslated module pages showing up in the menu
+    * Fixed page save failing because of uploaded images [#3191](https://github.com/getgrav/grav/issues/3191)
+    * Fixed incorrect config lookup for loading in `ImageLoadingTrait` [#3192](https://github.com/getgrav/grav/issues/3192)
+
 # v1.7.3
 ## 01/21/2021
 

CODE_OF_CONDUCT.md

@@ -1,46 +1,133 @@
+
 # Contributor Covenant Code of Conduct
 
 ## Our Pledge
 
-In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
 
 ## Our Standards
 
-Examples of behavior that contributes to creating a positive environment include:
+Examples of behavior that contributes to a positive environment for our
+community include:
 
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
 
-Examples of unacceptable behavior by participants include:
+Examples of unacceptable behavior include:
 
-* The use of sexualized language or imagery and unwelcome sexual attention or advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
 * Public or private harassment
-* Publishing others' private information, such as a physical or electronic address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a professional setting
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
 
-## Our Responsibilities
+## Enforcement Responsibilities
 
-Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
 
-Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
 
 ## Scope
 
-This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
 
 ## Enforcement
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at contact@getgrav.org. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+All complaints will be reviewed and investigated promptly and fairly.
 
-Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
 
 ## Attribution
 
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0].
 
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available
+at [https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

README.md

@@ -1,15 +1,14 @@
 # ![](https://avatars1.githubusercontent.com/u/8237355?v=2&s=50) Grav
 
 [![PHPStan](https://img.shields.io/badge/PHPStan-enabled-brightgreen.svg?style=flat)](https://github.com/phpstan/phpstan)
-[![SensioLabsInsight](https://insight.sensiolabs.com/projects/cfd20465-d0f8-4a0a-8444-467f5b5f16ad/mini.png)](https://insight.sensiolabs.com/projects/cfd20465-d0f8-4a0a-8444-467f5b5f16ad)
 [![Discord](https://img.shields.io/discord/501836936584101899.svg?logo=discord&colorB=728ADA&label=Discord%20Chat)](https://chat.getgrav.org)
- [![Build Status](https://travis-ci.org/getgrav/grav.svg?branch=develop)](https://travis-ci.org/getgrav/grav) [![OpenCollective](https://opencollective.com/grav/backers/badge.svg)](#backers) [![OpenCollective](https://opencollective.com/grav/sponsors/badge.svg)](#sponsors)
+ [![PHP Tests](https://github.com/getgrav/grav/workflows/PHP%20Tests/badge.svg?branch=develop)](https://github.com/getgrav/grav/actions?query=workflow%3A%22PHP+Tests%22) [![OpenCollective](https://opencollective.com/grav/tiers/backers/badge.svg?label=Backers&color=brightgreen)](#backers) [![OpenCollective](https://opencollective.com/grav/tiers/supporters/badge.svg?label=Supporters&color=brightgreen)](#supporters) [![OpenCollective](https://opencollective.com/grav/tiers/sponsors/badge.svg?label=Sponsors&color=brightgreen)](#sponsors) 
 
 Grav is a **Fast**, **Simple**, and **Flexible**, file-based Web-platform.  There is **Zero** installation required.  Just extract the ZIP archive, and you are already up and running.  It follows similar principles to other flat-file CMS platforms, but has a different design philosophy than most. Grav comes with a powerful **Package Management System** to allow for simple installation and upgrading of plugins and themes, as well as simple updating of Grav itself.
 
 The underlying architecture of Grav is designed to use well-established and _best-in-class_ technologies to ensure that Grav is simple to use and easy to extend. Some of these key technologies include:
 
-* [Twig Templating](https://twig.sensiolabs.org/): for powerful control of the user interface
+* [Twig Templating](https://twig.symfony.com/): for powerful control of the user interface
 * [Markdown](https://en.wikipedia.org/wiki/Markdown): for easy content creation
 * [YAML](https://yaml.org): for simple configuration
 * [Parsedown](https://parsedown.org/): for fast Markdown and Markdown Extra support
@@ -118,12 +117,19 @@ If you discover a possible security issue related to Grav or one of its plugins,
 * More [Awesome Grav Stuff](https://github.com/getgrav/awesome-grav)
 
 # Backers
-Support Grav with a monthly donation to help us continue development. [[Become a backer](https://opencollective.com/grav#backer)]
+Support Grav with a monthly donation to help us continue development. [[Become a backer](https://opencollective.com/grav/contribute)]
 
 <img src="https://opencollective.com/grav/tiers/backers.svg?avatarHeight=36&width=600" />
 
+
+# Supporters
+Support Grav with a monthly donation to help us continue development. [[Become a supporter](https://opencollective.com/grav/contribute)]
+
+<img src="https://opencollective.com/grav/tiers/supporters.svg?avatarHeight=36&width=600" />
+
+
 # Sponsors
-Become a sponsor and get your logo on our README on Github with a link to your site. [[Become a sponsor](https://opencollective.com/grav#sponsor)]
+Support Grav with a yearly donation to help us continue development. [[Become a sponsor](https://opencollective.com/grav/contribute)]
 
 <img src="https://opencollective.com/grav/tiers/sponsors.svg?avatarHeight=36&width=600" />
 

SECURITY.md

@@ -7,9 +7,15 @@ We are focusing our security updates on the following versions
 | Version | Supported          |
 | ------- | ------------------ |
 | 1.7.x   | :white_check_mark: |
-| 1.6.x   | :white_check_mark: |
+| 1.6.x   | :warning:          |
 | < 1.6   | :x:                |
 
+## :warning: Versions
+
+Versions with :warning: will be supported for security issues, however you won't be able to update to them, you will need to manually update through the [`direct-install` command](https://learn.getgrav.org/17/admin-panel/tools).
+
+If you cannot update to the latest stable version available because, for example, your server does not meet the minimum PHP requirements, you can manually install a previous version by downloading the package from our Releases directory (https://github.com/getgrav/grav/releases).
+
 ## Reporting a Vulnerability
 
-Please contact contact@getgrav.org with a detailed explaination of the security issue found and we will work with you to get it resolved as fast as possible.
+Please contact security@getgrav.org with a detailed explaination of the security issue found and we will work with you to get it resolved as fast as possible.

assets/.gitkeep

@@ -0,0 +1 @@
+/* @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved. */

backup/.gitkeep

@@ -0,0 +1 @@
+/* @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved. */

bin/gpm

@@ -1,6 +1,11 @@
 #!/usr/bin/env php
 <?php
 
+/**
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
+ * @license    MIT License; see LICENSE file for details.
+ */
+
 use Grav\Common\Composer;
 use Grav\Common\Grav;
 use Grav\Console\Application\GpmApplication;
@@ -20,10 +25,6 @@ if (!file_exists(__DIR__ . '/../vendor/autoload.php')){
 
 $autoload = require __DIR__ . '/../vendor/autoload.php';
 
-if (version_compare($ver = PHP_VERSION, $req = GRAV_PHP_MIN, '<')) {
-    exit(sprintf("You are running PHP %s, but Grav needs at least PHP %s to run.\n", $ver, $req));
-}
-
 if (!ini_get('date.timezone')) {
     date_default_timezone_set('UTC');
 }

bin/grav

@@ -1,6 +1,11 @@
 #!/usr/bin/env php
 <?php
 
+/**
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
+ * @license    MIT License; see LICENSE file for details.
+ */
+
 use Grav\Common\Composer;
 use Grav\Common\Grav;
 use Grav\Console\Application\GravApplication;
@@ -20,10 +25,6 @@ if (!file_exists(__DIR__ . '/../vendor/autoload.php')){
 
 $autoload = require __DIR__ . '/../vendor/autoload.php';
 
-if (version_compare($ver = PHP_VERSION, $req = GRAV_PHP_MIN, '<')) {
-    exit(sprintf("You are running PHP %s, but Grav needs at least PHP %s to run.\n", $ver, $req));
-}
-
 if (!ini_get('date.timezone')) {
     date_default_timezone_set('UTC');
 }

bin/plugin

@@ -1,6 +1,11 @@
 #!/usr/bin/env php
 <?php
 
+/**
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
+ * @license    MIT License; see LICENSE file for details.
+ */
+
 use Grav\Common\Composer;
 use Grav\Common\Grav;
 use Grav\Console\Application\PluginApplication;
@@ -20,10 +25,6 @@ if (!file_exists(__DIR__ . '/../vendor/autoload.php')){
 
 $autoload = require __DIR__ . '/../vendor/autoload.php';
 
-if (version_compare($ver = PHP_VERSION, $req = GRAV_PHP_MIN, '<')) {
-    exit(sprintf("You are running PHP %s, but Grav needs at least PHP %s to run.\n", $ver, $req));
-}
-
 if (!ini_get('date.timezone')) {
     date_default_timezone_set('UTC');
 }

cache/.gitkeep

@@ -0,0 +1 @@
+/* @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved. */

composer.json

@@ -19,16 +19,18 @@
         "ext-zip": "*",
         "ext-dom": "*",
         "ext-libxml": "*",
-        "symfony/polyfill-mbstring": "~1.20",
-        "symfony/polyfill-iconv": "^1.20",
-        "symfony/polyfill-php74": "^1.20",
-        "symfony/polyfill-php80": "^1.20",
+        "symfony/polyfill-mbstring": "~1.23",
+        "symfony/polyfill-iconv": "^1.23",
+        "symfony/polyfill-php74": "^1.23",
+        "symfony/polyfill-php80": "^1.23",
+        "symfony/polyfill-php81": "^1.23",
         "psr/simple-cache": "^1.0",
         "psr/http-message": "^1.0",
         "psr/http-server-middleware": "^1.0",
-        "kodus/psr7-server": "*",
+        "psr/container": "~1.1.0",
+        "nyholm/psr7-server": "^1.0",
         "nyholm/psr7": "^1.3",
-        "twig/twig": "~1.44",
+        "twig/twig": "~v1.44",
         "erusev/parsedown": "^1.7",
         "erusev/parsedown-extra": "~0.8",
         "symfony/contracts": "~1.1",
@@ -43,34 +45,33 @@
         "filp/whoops": "~2.9",
         "matthiasmullie/minify": "^1.3",
         "monolog/monolog": "~1.25",
-        "gregwar/image": "dev-php8",
-        "gregwar/cache": "dev-php8",
+        "getgrav/image": "^3.0",
+        "getgrav/cache": "^2.0",
         "donatj/phpuseragentparser": "~1.1",
-        "pimple/pimple": "~3.3",
+        "pimple/pimple": "~3.5.0",
         "rockettheme/toolbox": "~1.5",
         "maximebf/debugbar": "~1.16",
         "league/climate": "^3.6",
-        "antoligy/dom-string-iterators": "^1.0",
         "miljar/php-exif": "^0.6",
         "composer/ca-bundle": "^1.2",
         "dragonmantank/cron-expression": "^1.2",
-        "phive/twig-extensions-deferred": "^1.0",
         "willdurand/negotiation": "^3.0",
         "itsgoingd/clockwork": "^5.0",
-        "enshrined/svg-sanitize": "~0.13",
-        "symfony/http-client": "^4.4"
+        "symfony/http-client": "^4.4",
+        "composer/semver": "^1.4",
+        "rhukster/dom-sanitizer": "^1.0"
     },
     "require-dev": {
         "codeception/codeception": "^4.1",
-        "phpstan/phpstan": "^0.12",
-        "phpstan/phpstan-deprecation-rules": "^0.12",
+        "phpstan/phpstan": "^1.2",
+        "phpstan/phpstan-deprecation-rules": "^1.0",
         "phpunit/php-code-coverage": "~9.2",
-        "fzaninotto/faker": "^1.9",
-        "victorjonsson/markdowndocs": "dev-master",
+        "getgrav/markdowndocs": "^2.0",
         "codeception/module-asserts": "^1.3",
-        "codeception/module-phpbrowser": "^1.0"
+        "codeception/module-phpbrowser": "^1.0",
+        "symfony/service-contracts": "*"
     },
-    "provide": {
+    "replace": {
         "symfony/polyfill-php72": "*",
         "symfony/polyfill-php73": "*"
     },
@@ -89,28 +90,22 @@
             "php": "7.3.6"
         }
     },
-    "repositories": [
-        {
-            "type": "vcs",
-            "url": "https://github.com/trilbymedia/PHP-Markdown-Documentation-Generator"
-        },
-        {
-            "type": "vcs",
-            "url": "https://github.com/getgrav/Cache"
-        },
-        {
-            "type": "vcs",
-            "url": "https://github.com/getgrav/Image"
-        }
-    ],
     "autoload": {
         "psr-4": {
-            "Grav\\": "system/src/Grav"
+            "Grav\\": "system/src/Grav",
+            "Twig\\": "system/src/Twig"
         },
         "files": [
-            "system/defines.php"
+            "system/defines.php",
+            "system/src/DOMLettersIterator.php",
+            "system/src/DOMWordsIterator.php"
         ]
     },
+    "autoload-dev": {
+        "psr-4": {
+            "PHPStan\\": "tests/phpstan/classes"
+        }
+    },
     "archive": {
         "exclude": [
             "VERSION"
@@ -119,8 +114,8 @@
     "scripts": {
         "api-17": "vendor/bin/phpdoc-md generate system/src > user/pages/14.api/default.17.md",
         "post-create-project-cmd": "bin/grav install",
-        "phpstan": "vendor/bin/phpstan analyse -l 1 -c ./tests/phpstan/phpstan.neon --memory-limit=480M system/src",
-        "phpstan-framework": "vendor/bin/phpstan analyse -l 1 -c ./tests/phpstan/phpstan.neon --memory-limit=480M system/src/Grav/Framework system/src/Grav/Events system/src/Grav/Installer",
+        "phpstan": "vendor/bin/phpstan analyse -l 1 -c ./tests/phpstan/phpstan.neon --memory-limit=720M system/src",
+        "phpstan-framework": "vendor/bin/phpstan analyse -l 4 -c ./tests/phpstan/phpstan.neon --memory-limit=480M system/src/Grav/Framework system/src/Grav/Events system/src/Grav/Installer",
         "phpstan-plugins": "vendor/bin/phpstan analyse -l 1 -c ./tests/phpstan/plugins.neon --memory-limit=400M user/plugins",
         "test": "vendor/bin/codecept run unit",
         "test-windows": "vendor\\bin\\codecept run unit"

images/.gitkeep

@@ -0,0 +1 @@
+/* @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved. */

index.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav.Core
  *
- * @copyright  Copyright (C) 2015 - 2018 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
@@ -12,13 +12,9 @@ namespace Grav;
 \define('GRAV_REQUEST_TIME', microtime(true));
 \define('GRAV_PHP_MIN', '7.3.6');
 
-if (version_compare($ver = PHP_VERSION, $req = GRAV_PHP_MIN, '<')) {
-    die(sprintf('You are running PHP %s, but Grav needs at least <strong>PHP %s</strong> to run.', $ver, $req));
-}
-
 if (PHP_SAPI === 'cli-server') {
-    $symfony_server = stripos(getenv('_'), 'symfony') !== false || stripos($_SERVER['SERVER_SOFTWARE'], 'symfony
-') !== false;
+    $symfony_server = stripos(getenv('_'), 'symfony') !== false || stripos($_SERVER['SERVER_SOFTWARE'] ?? '', 'symfony') !== false || stripos($_ENV['SERVER_SOFTWARE'] ?? '', 'symfony') !== false;
+
     if (!isset($_SERVER['PHP_CLI_ROUTER']) && !$symfony_server) {
         die("PHP webserver requires a router to run Grav, please use: <pre>php -S {$_SERVER['SERVER_NAME']}:{$_SERVER['SERVER_PORT']} system/router.php</pre>");
     }

logs/.gitkeep

@@ -0,0 +1 @@
+/* @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved. */

system/blueprints/config/scheduler.yaml

@@ -47,7 +47,8 @@ form:
               label: PLUGIN_ADMIN.EXTRA_ARGUMENTS
               placeholder: '-lah'
             .at:
-              type: cron
+              type: text
+              wrapper_classes: cron-selector
               label: PLUGIN_ADMIN.SCHEDULER_RUNAT
               help: PLUGIN_ADMIN.SCHEDULER_RUNAT_HELP
               placeholder: '* * * * *'

system/blueprints/config/system.yaml

@@ -177,39 +177,47 @@ form:
               label: PLUGIN_ADMIN.APPEND_URL_EXT
               help: PLUGIN_ADMIN.APPEND_URL_EXT_HELP
 
-            pages.redirect_default_route:
-              type: toggle
-              label: PLUGIN_ADMIN.REDIRECT_DEFAULT_ROUTE
-              help: PLUGIN_ADMIN.REDIRECT_DEFAULT_ROUTE_HELP
-              highlight: 0
-              options:
-                1: PLUGIN_ADMIN.YES
-                0: PLUGIN_ADMIN.NO
-              validate:
-                type: bool
-
             pages.redirect_default_code:
               type: select
               size: medium
               classes: fancy
               label: PLUGIN_ADMIN.REDIRECT_DEFAULT_CODE
               help: PLUGIN_ADMIN.REDIRECT_DEFAULT_CODE_HELP
+              default: 302
               options:
-                301: 301 - Permanent
-                302: 302 - Found
-                303: 303 - Other
-                304: 304 - Not Modified
+                301: PLUGIN_ADMIN.REDIRECT_OPTION_301
+                302: PLUGIN_ADMIN.REDIRECT_OPTION_302
+                303: PLUGIN_ADMIN.REDIRECT_OPTION_303
+
+            pages.redirect_default_route:
+              type: select
+              size: medium
+              classes: fancy
+              label: PLUGIN_ADMIN.REDIRECT_DEFAULT_ROUTE
+              help: PLUGIN_ADMIN.REDIRECT_DEFAULT_ROUTE_HELP
+              default: 0
+              options:
+                0: PLUGIN_ADMIN.REDIRECT_OPTION_NO_REDIRECT
+                1: PLUGIN_ADMIN.REDIRECT_OPTION_DEFAULT_REDIRECT
+                301: PLUGIN_ADMIN.REDIRECT_OPTION_301
+                302: PLUGIN_ADMIN.REDIRECT_OPTION_302
+              validate:
+                type: int
 
             pages.redirect_trailing_slash:
-              type: toggle
+              type: select
+              size: medium
+              classes: fancy
               label: PLUGIN_ADMIN.REDIRECT_TRAILING_SLASH
               help: PLUGIN_ADMIN.REDIRECT_TRAILING_SLASH_HELP
-              highlight: 1
+              default: 1
               options:
-                1: PLUGIN_ADMIN.YES
-                0: PLUGIN_ADMIN.NO
+                0: PLUGIN_ADMIN.REDIRECT_OPTION_NO_REDIRECT
+                1: PLUGIN_ADMIN.REDIRECT_OPTION_DEFAULT_REDIRECT
+                301: PLUGIN_ADMIN.REDIRECT_OPTION_301
+                302: PLUGIN_ADMIN.REDIRECT_OPTION_302
               validate:
-                type: bool
+                type: int
 
             pages.ignore_hidden:
               type: toggle
@@ -638,7 +646,7 @@ form:
               type: toggle
               label: PLUGIN_ADMIN.CLEAR_IMAGES_BY_DEFAULT
               help: PLUGIN_ADMIN.CLEAR_IMAGES_BY_DEFAULT_HELP
-              highlight: 1
+              highlight: 0
               options:
                 1: PLUGIN_ADMIN.YES
                 0: PLUGIN_ADMIN.NO
@@ -741,6 +749,16 @@ form:
               size: small
               label: PLUGIN_ADMIN.REDIS_PASSWORD
 
+            cache.redis.database:
+              type: text
+              size: medium
+              label: PLUGIN_ADMIN.REDIS_DATABASE
+              help: PLUGIN_ADMIN.REDIS_DATABASE_HELP
+              placeholder: "0"
+              validate:
+                type: number
+                min: 0
+
             flex_caching:
               type: section
               title: PLUGIN_ADMIN.FLEX_CACHING
@@ -870,9 +888,45 @@ form:
           title: PLUGIN_ADMIN.ASSETS
 
           fields:
-            assets_section:
+            general_config_section:
               type: section
-              title: PLUGIN_ADMIN.ASSETS
+              title: PLUGIN_ADMIN.GENERAL_CONFIG
+              underline: true
+
+            assets.enable_asset_timestamp:
+              type: toggle
+              label: PLUGIN_ADMIN.ENABLED_TIMESTAMPS_ON_ASSETS
+              help: PLUGIN_ADMIN.ENABLED_TIMESTAMPS_ON_ASSETS_HELP
+              highlight: 0
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+            assets.enable_asset_sri:
+              type: toggle
+              label: PLUGIN_ADMIN.ENABLED_SRI_ON_ASSETS
+              help: PLUGIN_ADMIN.ENABLED_SRI_ON_ASSETS_HELP
+              highlight: 0
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+            assets.collections:
+              type: multilevel
+              label: PLUGIN_ADMIN.COLLECTIONS
+              placeholder_key: collection_name
+              placeholder_value: collection_path
+              validate:
+                type: array
+
+
+            css_assets_section:
+              type: section
+              title: PLUGIN_ADMIN.CSS_ASSETS
               underline: true
 
             assets.css_pipeline:
@@ -941,6 +995,11 @@ form:
               validate:
                 type: bool
 
+            js_assets_section:
+              type: section
+              title: PLUGIN_ADMIN.JS_ASSETS
+              underline: true
+
             assets.js_pipeline:
               type: toggle
               label: PLUGIN_ADMIN.JAVASCRIPT_PIPELINE
@@ -985,10 +1044,15 @@ form:
               validate:
                 type: bool
 
-            assets.enable_asset_timestamp:
+            js_module_assets_section:
+              type: section
+              title: PLUGIN_ADMIN.JS_MODULE_ASSETS
+              underline: true
+
+            assets.js_module_pipeline:
               type: toggle
-              label: PLUGIN_ADMIN.ENABLED_TIMESTAMPS_ON_ASSETS
-              help: PLUGIN_ADMIN.ENABLED_TIMESTAMPS_ON_ASSETS_HELP
+              label: PLUGIN_ADMIN.JAVASCRIPT_MODULE_PIPELINE
+              help: PLUGIN_ADMIN.JAVASCRIPT_MODULE_PIPELINE_HELP
               highlight: 0
               options:
                 1: PLUGIN_ADMIN.YES
@@ -996,13 +1060,29 @@ form:
               validate:
                 type: bool
 
-            assets.collections:
-              type: multilevel
-              label: PLUGIN_ADMIN.COLLECTIONS
-              placeholder_key: collection_name
-              placeholder_value: collection_path
+            assets.js_module_pipeline_include_externals:
+              type: toggle
+              label: PLUGIN_ADMIN.JAVASCRIPT_MODULE_PIPELINE_INCLUDE_EXTERNALS
+              help: PLUGIN_ADMIN.JAVASCRIPT_MODULE_PIPELINE_INCLUDE_EXTERNALS_HELP
+              highlight: 1
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
               validate:
-                type: array
+                type: bool
+
+            assets.js_module_pipeline_before_excludes:
+              type: toggle
+              label: PLUGIN_ADMIN.JAVASCRIPT_MODULE_PIPELINE_BEFORE_EXCLUDES
+              help: PLUGIN_ADMIN.JAVASCRIPT_MODULE_PIPELINE_BEFORE_EXCLUDES_HELP
+              highlight: 1
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+
 
         errors:
           type: tab
@@ -1253,6 +1333,45 @@ form:
               validate:
                 type: commalist
 
+            section_images_cls:
+              type: section
+              title: PLUGIN_ADMIN.IMAGES_CLS_TITLE
+              underline: true
+
+            images.cls.auto_sizes:
+              type: toggle
+              label: PLUGIN_ADMIN.IMAGES_CLS_AUTO_SIZES
+              help: PLUGIN_ADMIN.IMAGES_CLS_AUTO_SIZES_HELP
+              highlight: 0
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+            images.cls.aspect_ratio:
+              type: toggle
+              label: PLUGIN_ADMIN.IMAGES_CLS_ASPECT_RATIO
+              help: PLUGIN_ADMIN.IMAGES_CLS_ASPECT_RATIO_HELP
+              highlight: 0
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+            images.cls.retina_scale:
+              type: select
+              label: PLUGIN_ADMIN.IMAGES_CLS_RETINA_SCALE
+              help: PLUGIN_ADMIN.IMAGES_CLS_RETINA_SCALE_HELP
+              size: small
+              highlight: 1
+              options:
+                1: 1X
+                2: 2X
+                3: 3X
+                4: 4X
+
         session:
           type: tab
           title: PLUGIN_ADMIN.SESSION
@@ -1326,6 +1445,18 @@ form:
               validate:
                 type: bool
 
+            session.secure_https:
+              type: toggle
+              label: PLUGIN_ADMIN.SESSION_SECURE_HTTPS
+              help: PLUGIN_ADMIN.SESSION_SECURE_HTTPS_HELP
+              highlight: 1
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              default: true
+              validate:
+                type: bool
+
             session.httponly:
               type: toggle
               label: PLUGIN_ADMIN.SESSION_HTTPONLY
@@ -1338,6 +1469,12 @@ form:
               validate:
                 type: bool
 
+            session.domain:
+              type: text
+              size: small
+              label: PLUGIN_ADMIN.SESSION_DOMAIN
+              help: PLUGIN_ADMIN.SESSION_DOMAIN_HELP
+
             session.path:
               type: text
               size: small
@@ -1372,6 +1509,10 @@ form:
               title: PLUGIN_ADMIN.ADVANCED
               underline: true
 
+            gpm_section:
+              type: section
+              title: PLUGIN_ADMIN.GPM_SECTION
+
             gpm.releases:
               type: toggle
               label: PLUGIN_ADMIN.GPM_RELEASES
@@ -1381,23 +1522,6 @@ form:
                 stable: PLUGIN_ADMIN.STABLE
                 testing: PLUGIN_ADMIN.TESTING
 
-            gpm.proxy_url:
-              type: text
-              size: medium
-              placeholder: "e.g. 127.0.0.1:3128"
-              label: PLUGIN_ADMIN.PROXY_URL
-              help: PLUGIN_ADMIN.PROXY_URL_HELP
-
-            gpm.method:
-              type: toggle
-              label: PLUGIN_ADMIN.GPM_METHOD
-              highlight: auto
-              help: PLUGIN_ADMIN.GPM_METHOD_HELP
-              options:
-                auto: PLUGIN_ADMIN.AUTO
-                fopen: PLUGIN_ADMIN.FOPEN
-                curl: PLUGIN_ADMIN.CURL
-
             gpm.official_gpm_only:
               type: toggle
               label: PLUGIN_ADMIN.GPM_OFFICIAL_ONLY
@@ -1410,17 +1534,80 @@ form:
               validate:
                 type: bool
 
-            gpm.verify_peer:
+            http_section:
+              type: section
+              title: PLUGIN_ADMIN.HTTP_SECTION
+
+            http.method:
               type: toggle
-              label: PLUGIN_ADMIN.GPM_VERIFY_PEER
+              label: PLUGIN_ADMIN.GPM_METHOD
+              highlight: auto
+              help: PLUGIN_ADMIN.GPM_METHOD_HELP
+              options:
+                auto: PLUGIN_ADMIN.AUTO
+                fopen: PLUGIN_ADMIN.FOPEN
+                curl: PLUGIN_ADMIN.CURL
+
+            http.enable_proxy:
+              type: toggle
+              label: PLUGIN_ADMIN.SSL_ENABLE_PROXY
               highlight: 1
-              help: PLUGIN_ADMIN.GPM_VERIFY_PEER_HELP
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              default: false
+              validate:
+                type: bool
+
+            http.proxy_url:
+              type: text
+              size: medium
+              placeholder: "e.g. 127.0.0.1:3128"
+              label: PLUGIN_ADMIN.PROXY_URL
+              help: PLUGIN_ADMIN.PROXY_URL_HELP
+
+            http.proxy_cert_path:
+              type: text
+              size: medium
+              placeholder: "e.g. /Users/bob/certs/"
+              label: PLUGIN_ADMIN.PROXY_CERT
+              help: PLUGIN_ADMIN.PROXY_CERT_HELP
+
+            http.verify_peer:
+              type: toggle
+              label: PLUGIN_ADMIN.SSL_VERIFY_PEER
+              highlight: 1
+              help: PLUGIN_ADMIN.SSL_VERIFY_PEER_HELP
               options:
                 1: PLUGIN_ADMIN.YES
                 0: PLUGIN_ADMIN.NO
               validate:
                 type: bool
 
+            http.verify_host:
+              type: toggle
+              label: PLUGIN_ADMIN.SSL_VERIFY_HOST
+              highlight: 1
+              help: PLUGIN_ADMIN.SSL_VERIFY_HOST_HELP
+              options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+              validate:
+                type: bool
+
+            http.concurrent_connections:
+              type: number
+              size: x-small
+              label: PLUGIN_ADMIN.HTTP_CONNECTIONS
+              help: PLUGIN_ADMIN.HTTP_CONNECTIONS_HELP
+              validate:
+                min: 1
+                max: 20
+
+            misc_section:
+              type: section
+              title: PLUGIN_ADMIN.MISC_SECTION
+
             reverse_proxy_setup:
               type: toggle
               label: PLUGIN_ADMIN.REVERSE_PROXY

system/blueprints/flex/pages.yaml

@@ -104,7 +104,7 @@ config:
 
     edit:
       title:
-        template: "{% if object.root %}Root <small>( &lt;root&gt; ){% else %}{{ (form.value('header.title') ?? form.value('folder'))|e }} <small>( {{ (object.getRoute().toString(false) ?: '/')|e }} )</small>{% endif %}"
+        template: "{% if object.root %}Root <small>( &lt;root&gt; )</small>{% else %}{{ (form.value('header.title') ?? form.value('folder'))|e }} <small>( {{ (object.getRoute().toString(false) ?: '/')|e }} )</small>{% endif %}"
 
       # TODO: not used yet
       buttons:
@@ -176,7 +176,7 @@ config:
         indexed: true
     # Set default ordering of the pages
     ordering:
-      key: ASC
+      storage_key: ASC
     search:
        # Search options
       options:
@@ -184,9 +184,9 @@ config:
       # Fields to be searched
       fields:
         - key
+        - slug
         - menu
         - title
-        - name
 
 blueprints:
   configure:

system/blueprints/flex/user-groups.yaml

@@ -18,6 +18,7 @@ config:
         configure:
           path: '/accounts/configure'
       redirects:
+        '/groups': '/accounts/groups'
         '/accounts': '/accounts/groups'
 
     # Permissions

system/blueprints/pages/default.yaml

@@ -121,7 +121,7 @@ form:
                       underline: true
 
                     folder:
-                      type: text
+                      type: folder-slug
                       label: PLUGIN_ADMIN.FOLDER_NAME
                       validate:
                         rule: slug
@@ -320,6 +320,18 @@ form:
 
               fields:
 
+                header.redirect_default_route:
+                  type: toggle
+                  toggleable: true
+                  label: PLUGIN_ADMIN.REDIRECT_DEFAULT_ROUTE
+                  help: PLUGIN_ADMIN.REDIRECT_DEFAULT_ROUTE_HELP
+                  config-highlight@: system.pages.redirect_default_route
+                  options:
+                    1: PLUGIN_ADMIN.YES
+                    0: PLUGIN_ADMIN.NO
+                  validate:
+                    type: bool
+
                 header.routes.default:
                   type: text
                   toggleable: true

system/blueprints/pages/external.yaml

@@ -1,7 +1,7 @@
-title: PLUGIN_ADMIN:EXTERNAL
+title: PLUGIN_ADMIN.EXTERNAL
 extends@:
-    type: default
-    context: blueprints://pages
+  type: default
+  context: blueprints://pages
 
 form:
   validation: loose
@@ -29,16 +29,16 @@ form:
               unset@: true
 
             header.external_url:
-                type: text
-                label: PLUGIN_ADMIN.EXTERNAL_URL
-                placeholder: https://getgrav.org
-                validate:
-                    required: true
+              type: text
+              label: PLUGIN_ADMIN.EXTERNAL_URL
+              placeholder: https://getgrav.org
+              validate:
+                required: true
+
         options:
           fields:
 
             publishing:
-
               fields:
 
                 header.date:

system/blueprints/user/account.yaml

@@ -107,6 +107,12 @@ form:
                     label: PLUGIN_ADMIN.2FA_SECRET
                     sublabel: PLUGIN_ADMIN.2FA_SECRET_HELP
 
+                yubikey_id:
+                    type: text
+                    label: PLUGIN_ADMIN.YUBIKEY_ID
+                    description: PLUGIN_ADMIN.YUBIKEY_HELP
+                    size: small
+                    maxlength: 12
 
 
 

system/blueprints/user/account_new.yaml

@@ -13,6 +13,6 @@ form:
       label: PLUGIN_ADMIN.USERNAME
       help: PLUGIN_ADMIN.USERNAME_HELP
       unset-disabled@: true
-      unset-readonly@: true
+      unset-readonly@: true
       validate:
         required: true

system/config/media.yaml

@@ -28,6 +28,10 @@ types:
     type: image
     thumb: media/thumb-webp.png
     mime: image/webp
+  avif:
+    type: image
+    thumb: media/thumb.png
+    mime: image/avif
   gif:
     type: animated
     thumb: media/thumb-gif.png
@@ -91,7 +95,7 @@ types:
   aif:
     type: audio
     thumb: media/thumb-aif.png
-    mime: audio/aif
+    mime: audio/aiff
   txt:
     type: file
     thumb: media/thumb-txt.png
@@ -195,7 +199,7 @@ types:
   gz:
     type: file
     thumb: media/thumb-gz.png
-    mime: application/gzip
+    mime: application/x-gzip
   tar:
     type: file
     thumb: media/thumb-tar.png
@@ -207,7 +211,7 @@ types:
   js:
     type: file
     thumb: media/thumb-js.png
-    mime: application/javascript
+    mime: text/javascript
   json:
     type: file
     thumb: media/thumb-json.png

system/config/system.yaml

@@ -75,9 +75,9 @@ pages:
   last_modified: false                           # Set the last modified date header based on file modification timestamp
   etag: true                                     # Set the etag header tag
   vary_accept_encoding: false                    # Add `Vary: Accept-Encoding` header
-  redirect_default_route: false                  # Automatically redirect to a page's default route
-  redirect_default_code: 302                     # Default code to use for redirects
-  redirect_trailing_slash: true                  # Handle automatically or 302 redirect a trailing / URL
+  redirect_default_code: 302                     # Default code to use for redirects: 301|302|303
+  redirect_trailing_slash: 1                     # Always redirect trailing slash with redirect code 0|1|301|302 (0: no redirect, 1: use default code)
+  redirect_default_route: 0                      # Always redirect to page's default route using code 0|1|301|302, also removes .htm and .html extensions
   ignore_files: [.DS_Store]                      # Files to ignore in Pages
   ignore_folders: [.git, .idea]                  # Folders to ignore in Pages
   ignore_hidden: true                            # Ignore all Hidden files and folders
@@ -96,13 +96,15 @@ cache:
   purge_at: '0 4 * * *'                          # How often to purge old file cache (using new scheduler)
   clear_at: '0 3 * * *'                           # How often to clear cache (using new scheduler)
   clear_job_type: 'standard'                     # Type to clear when processing the scheduled clear job `standard`|`all`
-  clear_images_by_default: true                  # By default grav will include processed images in cache clear, this can be disabled
+  clear_images_by_default: false                 # By default grav does not include processed images in cache clear, this can be enabled
   cli_compatibility: false                       # Ensures only non-volatile drivers are used (file, redis, memcache, etc.)
   lifetime: 604800                               # Lifetime of cached data in seconds (0 = infinite)
   gzip: false                                    # GZip compress the page output
   allow_webserver_gzip: false                    # If true, `content-encoding: identity` but connection isn't closed before `onShutDown()` event
   redis:
     socket: false                                # Path to redis unix socket (e.g. /var/run/redis/redis.sock), false = use server and port to connect
+    password:                                    # Optional password
+    database:                                    # Optional database ID
 
 twig:
   cache: true                                    # Set to true to enable Twig caching
@@ -111,6 +113,8 @@ twig:
   autoescape: true                               # Autoescape Twig vars (DEPRECATED, always enabled in strict mode)
   undefined_functions: true                      # Allow undefined functions
   undefined_filters: true                        # Allow undefined filters
+  safe_functions: []                             # List of PHP functions which are allowed to be used as Twig functions
+  safe_filters: []                               # List of PHP functions which are allowed to be used as Twig filters
   umask_fix: false                               # By default Twig creates cached files as 755, fix switches this to 775
 
 assets:                                          # Configuration for Assets Manager (JS, CSS)
@@ -123,10 +127,14 @@ assets:                                          # Configuration for Assets Mana
   js_pipeline: false                             # The JS pipeline is the unification of multiple JS resources into one file
   js_pipeline_include_externals: true            # Include external URLs in the pipeline by default
   js_pipeline_before_excludes: true              # Render the pipeline before any excluded files
+  js_module_pipeline: false                      # The JS Module pipeline is the unification of multiple JS Module resources into one file
+  js_module_pipeline_include_externals: true     # Include external URLs in the pipeline by default
+  js_module_pipeline_before_excludes: true       # Render the pipeline before any excluded files
   js_minify: true                                # Minify the JS during pipelining
   enable_asset_timestamp: false                  # Enable asset timestamps
+  enable_asset_sri: false                        # Enable asset SRI
   collections:
-    jquery: system://assets/jquery/jquery-2.x.min.js
+    jquery: system://assets/jquery/jquery-3.x.min.js
 
 errors:
   display: 0                                     # Display either (1) Full backtrace | (0) Simple Error | (-1) System Error
@@ -151,8 +159,18 @@ images:
   debug: false                                   # Show an overlay over images indicating the pixel depth of the image when working with retina for example
   auto_fix_orientation: true                     # Automatically fix the image orientation based on the Exif data
   seofriendly: false                             # SEO-friendly processed image names
+  cls:                                           # Cumulative Layout Shift: See https://web.dev/optimize-cls/
+    auto_sizes: false                            # Automatically add height/width to image
+    aspect_ratio: false                          # Reserve space with aspect ratio style
+    retina_scale: 1                              # scale to adjust auto-sizes for better handling of HiDPI resolutions
   defaults:
     loading: auto                                # Let browser pick [auto|lazy|eager]
+  watermark:
+    image: 'system://images/watermark.png'       # Path to a watermark image
+    position_y: 'center'                         # top|center|bottom
+    position_x: 'center'                         # left|center|right
+    scale: 33                                    # percentage of watermark scale
+    watermark_all: false                         # automatically watermark all images
 
 media:
   enable_media_timestamp: false                  # Enable media timestamps
@@ -167,18 +185,26 @@ session:
   name: grav-site                                # Name prefix of the session cookie. Use alphanumeric, dashes or underscores only. Do not use dots in the session name
   uniqueness: path                               # Should sessions be `path` based or `security.salt` based
   secure: false                                  # Set session secure. If true, indicates that communication for this cookie must be over an encrypted transmission. Enable this only on sites that run exclusively on HTTPS
+  secure_https: true                             # Set session secure on HTTPS but not on HTTP. Has no effect if you have `session.secure: true`. Set to false if your site jumps between HTTP and HTTPS.
   httponly: true                                 # Set session HTTP only. If true, indicates that cookies should be used only over HTTP, and JavaScript modification is not allowed.
   samesite: Lax                                  # Set session SameSite. Possible values are Lax, Strict and None. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
   split: true                                    # Sessions should be independent between site and plugins (such as admin)
-  path:
+  domain:                                        # Domain used by sessions.
+  path:                                          # Path used by sessions.
 
 gpm:
   releases: stable                               # Set to either 'stable' or 'testing'
-  proxy_url:                                     # Configure a manual proxy URL for GPM (eg 127.0.0.1:3128)
-  method: 'auto'                                 # Either 'curl', 'fopen' or 'auto'. 'auto' will try fopen first and if not available cURL
-  verify_peer: true                              # Sometimes on some systems (Windows most commonly) GPM is unable to connect because the SSL certificate cannot be verified. Disabling this setting might help.
   official_gpm_only: true                        # By default GPM direct-install will only allow URLs via the official GPM proxy to ensure security
 
+http:
+  method: auto                                   # Either 'curl', 'fopen' or 'auto'. 'auto' will try fopen first and if not available cURL
+  enable_proxy: true                             # Enable proxy server configuration
+  proxy_url:                                     # Configure a manual proxy URL for GPM (eg 127.0.0.1:3128)
+  proxy_cert_path:                               # Local path to proxy certificate folder containing pem files
+  concurrent_connections: 5                      # Concurrent HTTP connections when multiplexing
+  verify_peer: true                              # Enable/Disable SSL verification of peer certificates
+  verify_host: true                              # Enable/Disable SSL verification of host certificates
+
 accounts:
   type: regular                                  # EXPERIMENTAL: Account type: regular or flex
   storage: file                                  # EXPERIMENTAL: Flex storage type: file or folder

system/defines.php

@@ -1,14 +1,15 @@
 <?php
+
 /**
  * @package    Grav\Core
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
 // Some standard defines
 define('GRAV', true);
-define('GRAV_VERSION', '1.7.3');
+define('GRAV_VERSION', '1.7.29');
 define('GRAV_SCHEMA', '1.7.0_2020-11-20_1');
 define('GRAV_TESTING', false);
 
@@ -22,51 +23,68 @@ if (!defined('DS')) {
     define('DS', '/');
 }
 
-// Directories and Paths
+// Absolute path to Grav root. This is where Grav is installed into.
 if (!defined('GRAV_ROOT')) {
     $path = rtrim(str_replace(DIRECTORY_SEPARATOR, DS, getenv('GRAV_ROOT') ?: getcwd()), DS);
     define('GRAV_ROOT', $path);
 }
+// Absolute path to Grav webroot. This is the path where your site is located in.
+if (!defined('GRAV_WEBROOT')) {
+    $path = rtrim(getenv('GRAV_WEBROOT') ?: GRAV_ROOT, DS);
+    define('GRAV_WEBROOT', $path);
+}
+// Relative path to user folder. This path needs to be located under GRAV_WEBROOT.
 if (!defined('GRAV_USER_PATH')) {
     $path = rtrim(getenv('GRAV_USER_PATH') ?: 'user', DS);
     define('GRAV_USER_PATH', $path);
 }
+// Absolute or relative path to system folder. Defaults to GRAV_ROOT/system
+// If system folder is outside of webroot, see https://github.com/getgrav/grav/issues/3297#issuecomment-810294972
+if (!defined('GRAV_SYSTEM_PATH')) {
+    $path = rtrim(getenv('GRAV_SYSTEM_PATH') ?: 'system', DS);
+    define('GRAV_SYSTEM_PATH', $path);
+}
+// Absolute or relative path to cache folder. Defaults to GRAV_ROOT/cache
 if (!defined('GRAV_CACHE_PATH')) {
     $path = rtrim(getenv('GRAV_CACHE_PATH') ?: 'cache', DS);
     define('GRAV_CACHE_PATH', $path);
 }
+// Absolute or relative path to logs folder. Defaults to GRAV_ROOT/logs
 if (!defined('GRAV_LOG_PATH')) {
     $path = rtrim(getenv('GRAV_LOG_PATH') ?: 'logs', DS);
     define('GRAV_LOG_PATH', $path);
 }
+// Absolute or relative path to tmp folder. Defaults to GRAV_ROOT/tmp
 if (!defined('GRAV_TMP_PATH')) {
     $path = rtrim(getenv('GRAV_TMP_PATH') ?: 'tmp', DS);
     define('GRAV_TMP_PATH', $path);
 }
+// Absolute or relative path to backup folder. Defaults to GRAV_ROOT/backup
 if (!defined('GRAV_BACKUP_PATH')) {
     $path = rtrim(getenv('GRAV_BACKUP_PATH') ?: 'backup', DS);
     define('GRAV_BACKUP_PATH', $path);
 }
 unset($path);
 
-define('USER_PATH', GRAV_USER_PATH . DS);
-define('CACHE_PATH', GRAV_CACHE_PATH . DS);
-define('ROOT_DIR', GRAV_ROOT . DS);
-define('USER_DIR', ROOT_DIR . USER_PATH);
-define('CACHE_DIR', ROOT_DIR . CACHE_PATH);
+// INTERNAL: Do not use!
+define('USER_DIR', GRAV_WEBROOT . '/' . GRAV_USER_PATH . '/');
+define('CACHE_DIR', (!preg_match('`^(/|[a-z]:[\\\/])`ui', GRAV_CACHE_PATH) ? GRAV_ROOT . '/' : '') . GRAV_CACHE_PATH . '/');
 
 // DEPRECATED: Do not use!
-define('ASSETS_DIR', ROOT_DIR . 'assets/');
-define('IMAGES_DIR', ROOT_DIR . 'images/');
-define('ACCOUNTS_DIR', USER_DIR .'accounts/');
-define('PAGES_DIR', USER_DIR .'pages/');
-define('DATA_DIR', USER_DIR .'data/');
-define('SYSTEM_DIR', ROOT_DIR .'system/');
-define('LIB_DIR', SYSTEM_DIR .'src/');
-define('PLUGINS_DIR', USER_DIR .'plugins/');
-define('THEMES_DIR', USER_DIR .'themes/');
-define('VENDOR_DIR', ROOT_DIR .'vendor/');
-define('LOG_DIR', ROOT_DIR . GRAV_LOG_PATH . DS);
+define('CACHE_PATH', GRAV_CACHE_PATH . DS);
+define('USER_PATH', GRAV_USER_PATH . DS);
+define('ROOT_DIR', GRAV_ROOT . DS);
+define('ASSETS_DIR', GRAV_WEBROOT . '/assets/');
+define('IMAGES_DIR', GRAV_WEBROOT . '/images/');
+define('ACCOUNTS_DIR', USER_DIR . 'accounts/');
+define('PAGES_DIR', USER_DIR . 'pages/');
+define('DATA_DIR', USER_DIR . 'data/');
+define('PLUGINS_DIR', USER_DIR . 'plugins/');
+define('THEMES_DIR', USER_DIR . 'themes/');
+define('SYSTEM_DIR', (!preg_match('`^(/|[a-z]:[\\\/])`ui', GRAV_SYSTEM_PATH) ? GRAV_ROOT . '/' : '') . GRAV_SYSTEM_PATH . '/');
+define('LIB_DIR', SYSTEM_DIR . 'src/');
+define('VENDOR_DIR', GRAV_ROOT . '/vendor/');
+define('LOG_DIR', (!preg_match('`^(/|[a-z]:[\\\/])`ui', GRAV_LOG_PATH) ? GRAV_ROOT . '/' : '') . GRAV_LOG_PATH . '/');
 // END DEPRECATED
 
 // Some extensions

system/install.php

@@ -2,7 +2,7 @@
 /**
  * @package    Grav\Core
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 

system/languages/ar.yaml

@@ -1,6 +1,17 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\nالعنوان: %1$s\n---\n# خطأ: مادة أمامية غير صحيحة\n\nمسار: '%2$s'\n\n**%3$s**\n\n, , ,\n\n%4$s\n, , ,"
+  INFLECTOR_UNCOUNTABLE:
+    - 'معدّات'
+    - 'معلومات'
+    - 'أرز'
+    - 'مال'
+    - 'نوع'
+    - 'سلسلة'
+    - 'سمك'
+    - 'خروف'
+  INFLECTOR_IRREGULAR:
+    'person': 'أشخاص'
   NICETIME:
     NO_DATE_PROVIDED: لم يتم تقديم التاريخ
     BAD_DATE: تاريخ خاطئ
@@ -37,9 +48,10 @@ GRAV:
     YR_PLURAL: سنوات
     DEC_PLURAL: عقود
   FORM:
-    VALIDATION_FAIL: <b>فشل التحقق من صحة:</b>
-    INVALID_INPUT: إدخال غير صحيح في
+    VALIDATION_FAIL: '<b>فشل التحقق من صحة:</b>'
+    INVALID_INPUT: 'إدخال غير صحيح في'
     MISSING_REQUIRED_FIELD: 'حقل مطلوب مفقود:'
+    XSS_ISSUES: "مشاكل XSS محتملة تم اكتشافها في حقل '%s' '"
   MONTHS_OF_THE_YEAR:
     - 'كانون الثاني'
     - 'شباط'
@@ -61,3 +73,21 @@ GRAV:
     - 'الجمعة'
     - 'السبت'
     - 'الأحد'
+  YES: "نعم"
+  NO: "لا"
+  CRON:
+    EVERY: كل
+    EVERY_HOUR: كل ساعة
+    EVERY_MINUTE: كل دقيقة
+    EVERY_DAY_OF_WEEK: كل يوم في الأسبوع
+    EVERY_DAY_OF_MONTH: كل يوم في الشهر
+    EVERY_MONTH: ' كل شهر'
+    TEXT_PERIOD: كل <b />
+    TEXT_MINS: ' في <b /> دقيقة(دقائق) بعد الساعة'
+    TEXT_TIME: ' في <b />:<b />'
+    TEXT_DOW: ' في <b />'
+    TEXT_MONTH: ' من <b />'
+    TEXT_DOM: ' في <b />'
+    ERROR1: الوسم %s غير مدعوم!
+    ERROR2: عدد عناصر غير صالح.
+    ERROR4: تعبير غير معروف

system/languages/bg.yaml

@@ -36,8 +36,8 @@ GRAV:
     YR_PLURAL: г
     DEC_PLURAL: дстлт
   FORM:
-    VALIDATION_FAIL: <b>Неуспешна проверка:</b>
-    INVALID_INPUT: Невалидно въвеждане в
+    VALIDATION_FAIL: '<b>Неуспешна проверка:</b>'
+    INVALID_INPUT: 'Невалидно въвеждане в'
     MISSING_REQUIRED_FIELD: 'Липсва задължително поле:'
   MONTHS_OF_THE_YEAR:
     - 'януари'

system/languages/ca.yaml

@@ -1,11 +1,21 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\ntitle: %1$s\n---\n\n# S'ha produït un error: Frontmatter invàlid\n\nRuta: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_UNCOUNTABLE:
+    - 'equipment'
+    - 'informació'
+    - 'rice'
+    - 'money'
+    - 'species'
+    - 'series'
+    - 'fish'
+    - 'sheep'
   NICETIME:
     NO_DATE_PROVIDED: No s'ha proporcionat data
     BAD_DATE: Data invàlida
     AGO: abans
     FROM_NOW: des d'ara
+    JUST_NOW: Ara mateix
     SECOND: segon
     MINUTE: minut
     HOUR: hora
@@ -36,9 +46,10 @@ GRAV:
     YR_PLURAL: anys
     DEC_PLURAL: dèc.
   FORM:
-    VALIDATION_FAIL: <b>Ha fallat la validació:</b>
-    INVALID_INPUT: Entrada no vàlida a
+    VALIDATION_FAIL: '<b>Ha fallat la validació:</b>'
+    INVALID_INPUT: 'Entrada no vàlida a'
     MISSING_REQUIRED_FIELD: 'Falta camp obligatori:'
+    XSS_ISSUES: "Detectats potencials problemes XSS al camp '%s'"
   MONTHS_OF_THE_YEAR:
     - 'Gener'
     - 'Febrer'
@@ -60,3 +71,17 @@ GRAV:
     - 'Divendres'
     - 'Dissabte'
     - 'Diumenge'
+  YES: "Sí"
+  NO: "No"
+  CRON:
+    EVERY: cada
+    EVERY_HOUR: cada hora
+    EVERY_MINUTE: cada minut
+    EVERY_DAY_OF_WEEK: cada dia de la setmana
+    EVERY_DAY_OF_MONTH: cada dia del mes
+    EVERY_MONTH: cada mes
+    TEXT_PERIOD: Cada <b />
+    ERROR1: L'etiqueta %s no està suportada!
+    ERROR2: Nombre d'elements incorrecte
+    ERROR3: El jquery_element s'ha d'establir a la configuració de jqCron
+    ERROR4: Expressió no reconeguda

system/languages/cs.yaml

@@ -101,9 +101,10 @@ GRAV:
     YR_PLURAL: r
     DEC_PLURAL: dek
   FORM:
-    VALIDATION_FAIL: <b>Ověření se nezdařilo:</b>
-    INVALID_INPUT: Neplatný vstup v
+    VALIDATION_FAIL: '<b>Ověření se nezdařilo:</b>'
+    INVALID_INPUT: 'Neplatný vstup v'
     MISSING_REQUIRED_FIELD: 'Chybí požadované pole:'
+    XSS_ISSUES: "Byly zjištěny možné problémy XSS v poli '%s'"
   MONTHS_OF_THE_YEAR:
     - 'leden'
     - 'únor'
@@ -125,6 +126,8 @@ GRAV:
     - 'pátek'
     - 'sobota'
     - 'neděle'
+  YES: "Ano"
+  NO: "Ne"
   CRON:
     EVERY: každý
     EVERY_HOUR: každou hodinu

system/languages/da.yaml

@@ -1,11 +1,27 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\nTitel: %1$s\n---\n\n# Fejl: Ugyldigt frontmatter\n\nSti: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_UNCOUNTABLE:
+    - 'udstyr'
+    - 'information'
+    - 'ris'
+    - 'penge'
+    - 'arter'
+    - 'Serier'
+    - 'fisk'
+    - 'får'
+  INFLECTOR_IRREGULAR:
+    'person': 'personer'
+    'man': 'mænd'
+    'child': 'børn'
+    'sex': 'køn'
+    'move': 'flyt'
   NICETIME:
     NO_DATE_PROVIDED: Ingen dato angivet
     BAD_DATE: Ugyldig dato
     AGO: siden
     FROM_NOW: fra nu
+    JUST_NOW: lige nu
     SECOND: sekund
     MINUTE: minut
     HOUR: time
@@ -15,6 +31,7 @@ GRAV:
     YEAR: år
     DECADE: årti
     SEC: sek
+    MIN: min.
     HR: t
     WK: u
     MO: md
@@ -36,8 +53,8 @@ GRAV:
     YR_PLURAL: år
     DEC_PLURAL: årtier
   FORM:
-    VALIDATION_FAIL: <b>Validering mislykkedes:</b>
-    INVALID_INPUT: Ugyldigt input i
+    VALIDATION_FAIL: '<b>Validering mislykkedes:</b>'
+    INVALID_INPUT: 'Ugyldigt input i'
     MISSING_REQUIRED_FIELD: 'Mangler obligatorisk felt:'
   MONTHS_OF_THE_YEAR:
     - 'januar'
@@ -60,3 +77,14 @@ GRAV:
     - 'fredag'
     - 'lørdag'
     - 'søndag'
+  CRON:
+    EVERY: hver
+    EVERY_HOUR: hver time
+    EVERY_MINUTE: hvert minut
+    EVERY_DAY_OF_WEEK: alle ugens dage
+    EVERY_DAY_OF_MONTH: alle dage i måneden
+    EVERY_MONTH: hver måned
+    TEXT_PERIOD: Hver <b />
+    TEXT_MINS: ' ved <b /> minut(ter) over timen'
+    ERROR1: Tagget %s understøttes ikke!
+    ERROR2: Ugyldigt antal elementer

system/languages/de.yaml

@@ -101,9 +101,10 @@ GRAV:
     YR_PLURAL: Jahre
     DEC_PLURAL: Jahrzehnten
   FORM:
-    VALIDATION_FAIL: <b>Überprüfung fehlgeschlagen:</b>
-    INVALID_INPUT: Ungültige Eingabe in
+    VALIDATION_FAIL: '<b>Überprüfung fehlgeschlagen:</b>'
+    INVALID_INPUT: 'Ungültige Eingabe in'
     MISSING_REQUIRED_FIELD: 'Erforderliches Feld fehlt:'
+    XSS_ISSUES: "Potenzielle XSS-Probleme im Feld '%s' erkannt"
   MONTHS_OF_THE_YEAR:
     - 'Januar'
     - 'Februar'
@@ -125,8 +126,8 @@ GRAV:
     - 'Freitag'
     - 'Samstag'
     - 'Sonntag'
-  YES: 'Ja'
-  NO: 'Nein'
+  YES: "Ja"
+  NO: "Nein"
   CRON:
     EVERY: jede
     EVERY_HOUR: jede Stunde

system/languages/el.yaml

@@ -1,11 +1,75 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\nΤίτλος: %1$s\n---\n\n# Σφάλμα: Μη έγκυρη διαδρομή Frontmatter\n\nΔιαδρομή: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1zes'
+    '/^(ox)$/i': '\1en'
+    '/([m|l])ouse$/i': '\1ice'
+    '/(matr|vert|ind)ix|ex$/i': '\1ices'
+    '/(x|ch|ss|sh)$/i': '\1es'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([^aeiouy]|qu)y$/i': '\1ies'
+    '/(hive)$/i': '\1s'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2ves'
+    '/sis$/i': 'ses'
+    '/([ti])um$/i': '\1a'
+    '/(buffal|tomat)o$/i': '\1oes'
+    '/(bu)s$/i': '\1ses'
+    '/(alias|status)/i': '\1es'
+    '/(octop|vir)us$/i': '\1i'
+    '/(ax|test)is$/i': '\1es'
+    '/s$/i': 's'
+    '/$/': 's'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/(matr)ices$/i': '\1ix'
+    '/(vert|ind)ices$/i': '\1ex'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1us'
+    '/(cris|ax|test)es$/i': '\1is'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1ouse'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1ovie'
+    '/(s)eries$/i': '\1eries'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([lr])ves$/i': '\1f'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1fe'
+    '/(^analy)ses$/i': '\1sis'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2sis'
+    '/([ti])a$/i': '\1um'
+    '/(n)ews$/i': '\1ews'
+  INFLECTOR_UNCOUNTABLE:
+    - 'εξοπλισμός'
+    - 'πληροφοριες'
+    - 'rice'
+    - 'χρήματα'
+    - 'είδη'
+    - 'σειρές'
+    - 'ψάρι'
+    - 'πρόβατο'
+  INFLECTOR_IRREGULAR:
+    'person': 'άνθρωποι'
+    'man': 'άνδρες'
+    'child': 'παιδιά'
+    'sex': 'φύλο'
+    'move': 'κινήσεις'
+  INFLECTOR_ORDINALS:
+    'default': 'th'
+    'first': 'st'
+    'second': 'nd'
+    'third': 'rd'
   NICETIME:
     NO_DATE_PROVIDED: Δεν δόθηκε καμία ημερομηνία
     BAD_DATE: Εσφαλμένη ημερομηνία
     AGO: πρίν
     FROM_NOW: από τώρα
+    JUST_NOW: μόλις τώρα
     SECOND: δευτερόλεπτο
     MINUTE: λεπτό
     HOUR: ώρα
@@ -37,8 +101,8 @@ GRAV:
     YR_PLURAL: έτη
     DEC_PLURAL: δεκαετίες
   FORM:
-    VALIDATION_FAIL: <b>Η επικύρωση απέτυχε:</b>
-    INVALID_INPUT: Μη έγκυρα δεδομένα σε
+    VALIDATION_FAIL: '<b>Η επικύρωση απέτυχε:</b>'
+    INVALID_INPUT: 'Μη έγκυρα δεδομένα σε'
     MISSING_REQUIRED_FIELD: 'Λείπει το απαιτούμενο πεδίο:'
   MONTHS_OF_THE_YEAR:
     - 'Ιανουάριος'
@@ -61,3 +125,20 @@ GRAV:
     - 'Παρασκευή'
     - 'Σάββατο'
     - 'Κυριακή'
+  CRON:
+    EVERY: κάθε
+    EVERY_HOUR: κάθε ώρα
+    EVERY_MINUTE: κάθε λεπτό
+    EVERY_DAY_OF_WEEK: κάθε μέρα της εβδομάδος
+    EVERY_DAY_OF_MONTH: κάθε μέρα του μήνα
+    EVERY_MONTH: κάθε μήνα
+    TEXT_PERIOD: Κάθε <b />
+    TEXT_MINS: ' κατά <b /> λεπτό(ά) μετά την ώρα'
+    TEXT_TIME: ' στο <b />:<b />'
+    TEXT_DOW: ' στις <b />'
+    TEXT_MONTH: ' από <b />'
+    TEXT_DOM: ' στις <b />'
+    ERROR1: Η ετικέτα %s δεν υποστηρίζεται!
+    ERROR2: Μη έγκυρος αριθμός στοιχείων
+    ERROR3: Το jquery_element θα έπρεπε να οριστεί στις ρυθμίσεις του jqCron
+    ERROR4: Μη αναγνωρισμένη έκφραση

system/languages/es.yaml

@@ -1,19 +1,25 @@
 ---
 GRAV:
-  FRONTMATTER_ERROR_PAGE: "---\ntítulo: %1$s\n---\n\n# Error: Frontmatter no válido\n\nRuta: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  FRONTMATTER_ERROR_PAGE: "---\ntítulo: %1$s\n---\n\n# Error: Prefacio no válido\n\nRuta: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1ios'
+    '/s$/i': 's'
+    '/$/': 's'
   INFLECTOR_UNCOUNTABLE:
-    - 'equipo'
+    - 'equipamiento'
     - 'información'
-    - 'rice'
+    - 'arroz'
     - 'dinero'
-    - 'species'
+    - 'especies'
     - 'series'
     - 'pescado'
     - 'oveja'
   INFLECTOR_IRREGULAR:
+    'person': 'personas'
     'man': 'hombres'
     'child': 'niños'
     'sex': 'sexos'
+    'move': 'movido'
   INFLECTOR_ORDINALS:
     'first': 'ro'
     'second': 'do'
@@ -33,10 +39,12 @@ GRAV:
     YEAR: año
     DECADE: década
     SEC: seg
+    MIN: min
     HR: h
     WK: sem
     MO: mes
     YR: año
+    DEC: déc
     SECOND_PLURAL: segundos
     MINUTE_PLURAL: minutos
     HOUR_PLURAL: horas
@@ -46,6 +54,7 @@ GRAV:
     YEAR_PLURAL: años
     DECADE_PLURAL: décadas
     SEC_PLURAL: segs
+    MIN_PLURAL: mins
     HR_PLURAL: hs
     WK_PLURAL: sem
     MO_PLURAL: mes
@@ -55,6 +64,7 @@ GRAV:
     VALIDATION_FAIL: '<b>Falló la validación: </b>'
     INVALID_INPUT: 'Dato inválido en: '
     MISSING_REQUIRED_FIELD: 'Falta el campo requerido: '
+    XSS_ISSUES: "Se detectaron potenciales problemas XSS en el campo '%s'"
   MONTHS_OF_THE_YEAR:
     - 'Enero'
     - 'Febrero'
@@ -76,6 +86,8 @@ GRAV:
     - 'Viernes'
     - 'Sábado'
     - 'Domingo'
+  YES: "Sí"
+  NO: "No"
   CRON:
     EVERY: cada
     EVERY_HOUR: cada hora
@@ -84,12 +96,12 @@ GRAV:
     EVERY_DAY_OF_MONTH: cada día del mes
     EVERY_MONTH: cada mes
     TEXT_PERIOD: Cada <b />
-    TEXT_MINS: ' a <b /> minuto(s) despues de la hora'
+    TEXT_MINS: ' a <b /> minuto(s) después de la hora'
     TEXT_TIME: ' a <b />:<b />'
     TEXT_DOW: ' en <b />'
     TEXT_MONTH: ' de<b />'
     TEXT_DOM: ' en<b />'
-    ERROR1: La etiqueta %s no está soportada!
-    ERROR2: El número de elementos es erroneo
+    ERROR1: '¡La etiqueta %s no está soportada!'
+    ERROR2: El número de elementos es erróneo
     ERROR3: El jquery_element debería establecerse en la configuración del jqCron
     ERROR4: Expresión no reconocida

system/languages/et.yaml

@@ -1,11 +1,22 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\npealkiri: %1$s\n---\n\n# Viga: vigane Frontmatter'i\n\nasukoht: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(octop|vir)us$/i': '\1i'
+  INFLECTOR_SINGULAR:
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
   INFLECTOR_UNCOUNTABLE:
     - 'equipment'
     - 'informatsioon'
-    - 'rice'
-    - 'money'
+    - 'riis'
+    - 'raha'
     - 'species'
     - 'series'
     - 'kala'
@@ -34,6 +45,7 @@ GRAV:
     YEAR: aasta
     DECADE: 10 aastat
     SEC: sek
+    MIN: min
     HR: t
     WK: näd
     MO: k.
@@ -55,7 +67,7 @@ GRAV:
     YR_PLURAL: aastat
     DEC_PLURAL: dek.
   FORM:
-    VALIDATION_FAIL: <b>Kinnitamine nurjus:</b>
+    VALIDATION_FAIL: '<b>Kinnitamine nurjus:</b>'
     INVALID_INPUT: 'Vigane sisend:'
     MISSING_REQUIRED_FIELD: 'Nõutud väli puudub:'
   MONTHS_OF_THE_YEAR:
@@ -81,5 +93,12 @@ GRAV:
     - 'pühapäev'
   CRON:
     EVERY: iga
+    EVERY_HOUR: iga tund
+    EVERY_MINUTE: iga minut
+    EVERY_DAY_OF_WEEK: iga nädala päev
     EVERY_MONTH: iga kuu
     TEXT_PERIOD: Iga <b />
+    ERROR1: Silt %s pole toetatud!
+    ERROR2: Vale elementide arv
+    ERROR3: jqCron seadetes peaks olema määratud jquery_element
+    ERROR4: Tundmatu väljend

system/languages/eu.yaml

@@ -36,8 +36,8 @@ GRAV:
     YR_PLURAL: urt
     DEC_PLURAL: ham
   FORM:
-    VALIDATION_FAIL: <b>Balidazioak huts egin du</b>
-    INVALID_INPUT: Baliogabeko sarrera
+    VALIDATION_FAIL: '<b>Balidazioak huts egin du</b>'
+    INVALID_INPUT: 'Baliogabeko sarrera'
     MISSING_REQUIRED_FIELD: 'Derrigorrezko eremua bete gabe:'
   MONTHS_OF_THE_YEAR:
     - 'Urtarrila'

system/languages/fa.yaml

@@ -36,8 +36,8 @@ GRAV:
     YR_PLURAL: سال
     DEC_PLURAL: دهه
   FORM:
-    VALIDATION_FAIL: <b>سنجش اعتبار ناموفق بود</b>
-    INVALID_INPUT: ورودی نامعتبر در
+    VALIDATION_FAIL: '<b>سنجش اعتبار ناموفق بود</b>'
+    INVALID_INPUT: 'ورودی نامعتبر در'
     MISSING_REQUIRED_FIELD: 'قسمت ضروری جا افتاده:'
   MONTHS_OF_THE_YEAR:
     - 'ژانویه'

system/languages/fi.yaml

@@ -100,8 +100,8 @@ GRAV:
     YR_PLURAL: v
     DEC_PLURAL: vuosikymmentä
   FORM:
-    VALIDATION_FAIL: <b>Vahvistus epäonnistui:</b>
-    INVALID_INPUT: Syöte ei kelpaa
+    VALIDATION_FAIL: '<b>Vahvistus epäonnistui:</b>'
+    INVALID_INPUT: 'Syöte ei kelpaa'
     MISSING_REQUIRED_FIELD: 'Puuttuva pakollinen kenttä:'
   MONTHS_OF_THE_YEAR:
     - 'Tammikuu'

system/languages/fr.yaml

@@ -16,6 +16,7 @@ GRAV:
     '/(buffal|tomat)o$/i': '\1es'
     '/(bu)s$/i': 'Bus'
     '/(alias|status)/i': 'alias|status'
+    '/(octop|vir)us$/i': 'virus'
     '/(ax|test)is$/i': '\1s'
     '/s$/i': 's'
     '/$/': 's'
@@ -23,6 +24,7 @@ GRAV:
     '/(quiz)zes$/i': '\1'
     '/(alias|status)es$/i': '\1'
     '/([octop|vir])i$/i': '\1us'
+    '/(n)ews$/i': '\1ouvelles'
   INFLECTOR_UNCOUNTABLE:
     - 'équipement'
     - 'information'
@@ -57,10 +59,10 @@ GRAV:
     MONTH: mois
     YEAR: année
     DECADE: décennie
-    SEC: s
-    MIN: m
-    HR: h
-    WK: sem
+    SEC: sec.
+    MIN: min.
+    HR: hr.
+    WK: sem.
     MO: m
     YR: an
     DEC: déc
@@ -80,30 +82,33 @@ GRAV:
     YR_PLURAL: a
     DEC_PLURAL: décs
   FORM:
-    VALIDATION_FAIL: <b>La validation a échoué :</b>
-    INVALID_INPUT: Saisie non valide
+    VALIDATION_FAIL: '<b>La validation a échoué :</b>'
+    INVALID_INPUT: 'Saisie non valide'
     MISSING_REQUIRED_FIELD: 'Champ obligatoire manquant :'
+    XSS_ISSUES: "Erreurs XSS probablement détectées dans le champ '%s'"
   MONTHS_OF_THE_YEAR:
-    - 'Janvier'
-    - 'Février'
-    - 'Mars'
-    - 'Avril'
-    - 'Mai'
-    - 'Juin'
-    - 'Juillet'
-    - 'Août'
-    - 'Septembre'
-    - 'Octobre'
-    - 'Novembre'
-    - 'Décembre'
+    - 'janvier'
+    - 'février'
+    - 'mars'
+    - 'avril'
+    - 'mai'
+    - 'juin'
+    - 'juillet'
+    - 'août'
+    - 'septembre'
+    - 'octobre'
+    - 'novembre'
+    - 'décembre'
   DAYS_OF_THE_WEEK:
-    - 'Lundi'
-    - 'Mardi'
-    - 'Mercredi'
-    - 'Jeudi'
-    - 'Vendredi'
-    - 'Samedi'
-    - 'Dimanche'
+    - 'lundi'
+    - 'mardi'
+    - 'mercredi'
+    - 'jeudi'
+    - 'vendredi'
+    - 'samedi'
+    - 'dimanche'
+  YES: "Oui"
+  NO: "Non"
   CRON:
     EVERY: chaque
     EVERY_HOUR: toutes les heures
@@ -117,7 +122,7 @@ GRAV:
     TEXT_DOW: ' sur <b/>'
     TEXT_MONTH: ' de <b />'
     TEXT_DOM: ' sur <b/>'
-    ERROR1: La balise %s n'est pas supportée!
+    ERROR1: La balise %s n'est pas prise en charge !
     ERROR2: Nombre invalide d'éléments
     ERROR3: L'élément jquery_element doit être défini dans les paramètres jqCron
     ERROR4: Expression non reconnue

system/languages/gl.yaml

@@ -0,0 +1,147 @@
+---
+GRAV:
+  FRONTMATTER_ERROR_PAGE: "---\ntítulo: %1$s\n---\n\n# Erro: Limiar incorrecto\n\nRuta: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1zes'
+    '/^(ox)$/i': '\1en'
+    '/([m|l])ouse$/i': '\1ice'
+    '/(matr|vert|ind)ix|ex$/i': '\1ices'
+    '/(x|ch|ss|sh)$/i': '\1es'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([^aeiouy]|qu)y$/i': '\1ies'
+    '/(hive)$/i': '\1s'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2ves'
+    '/sis$/i': 'ses'
+    '/([ti])um$/i': '\1a'
+    '/(buffal|tomat)o$/i': '\1oes'
+    '/(bu)s$/i': '\1ses'
+    '/(alias|status)/i': '\1'
+    '/(octop|vir)us$/i': '\1'
+    '/(ax|test)is$/i': '\1es'
+    '/s$/i': 's'
+    '/$/': 's'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1ces'
+    '/(matr)ices$/i': '\1ix'
+    '/(vert|ind)ices$/i': '\1ex'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1'
+    '/(cris|ax|test)es$/i': '\1es'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1ouse'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1ovie'
+    '/(s)eries$/i': '\1eries'
+    '/([^aeiouy]|qu)ies$/i': '\1'
+    '/([lr])ves$/i': '\1f'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1fe'
+    '/(^analy)ses$/i': '\1se'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2se'
+    '/([ti])a$/i': '\1um'
+    '/(n)ews$/i': '\1ews'
+  INFLECTOR_UNCOUNTABLE:
+    - 'equipo'
+    - 'información'
+    - 'arroz'
+    - 'diñeiro'
+    - 'especies'
+    - 'series'
+    - 'peixe'
+    - 'ovella'
+  INFLECTOR_IRREGULAR:
+    'person': 'xente'
+    'man': 'home'
+    'child': 'neno'
+    'sex': 'sexos'
+    'move': 'move'
+  INFLECTOR_ORDINALS:
+    'default': 'º'
+    'first': 'º'
+    'second': 'º'
+    'third': 'º'
+  NICETIME:
+    NO_DATE_PROVIDED: Non fornece unha data
+    BAD_DATE: Data errada
+    AGO: hai
+    FROM_NOW: dende agora
+    JUST_NOW: xusto agora
+    SECOND: segundo
+    MINUTE: minuto
+    HOUR: hora
+    DAY: día
+    WEEK: semana
+    MONTH: mes
+    YEAR: ano
+    DECADE: década
+    SEC: seg
+    MIN: min
+    HR: hr 
+    WK: Sem
+    MO: m
+    YR: a
+    DEC: dec
+    SECOND_PLURAL: segundos
+    MINUTE_PLURAL: minutos
+    HOUR_PLURAL: horas
+    DAY_PLURAL: días
+    WEEK_PLURAL: semanas
+    MONTH_PLURAL: meses
+    YEAR_PLURAL: anos
+    DECADE_PLURAL: décadas
+    SEC_PLURAL: segs
+    MIN_PLURAL: mins
+    HR_PLURAL: hrs
+    WK_PLURAL: sem
+    MO_PLURAL: mes
+    YR_PLURAL: a
+    DEC_PLURAL: deca
+  FORM:
+    VALIDATION_FAIL: '<b>Fallou a validación:</b>'
+    INVALID_INPUT: 'Entrada incorrecta en'
+    MISSING_REQUIRED_FIELD: 'Falta un campo requirido:'
+    XSS_ISSUES: "Detectáronse posibles problemas XSS no campo '% s'"
+  MONTHS_OF_THE_YEAR:
+    - 'xaneiro'
+    - 'febreiro'
+    - 'marzo'
+    - 'abril'
+    - 'maio'
+    - 'xuño'
+    - 'xullo'
+    - 'agosto'
+    - 'setembro'
+    - 'outubro'
+    - 'novembro'
+    - 'decembro'
+  DAYS_OF_THE_WEEK:
+    - 'luns'
+    - 'martes'
+    - 'mércores'
+    - 'xoves'
+    - 'venres'
+    - 'sábado'
+    - 'domingo'
+  YES: "Si"
+  NO: "Non"
+  CRON:
+    EVERY: cada
+    EVERY_HOUR: Cada hora
+    EVERY_MINUTE: Cada minuto
+    EVERY_DAY_OF_WEEK: cada día da semana
+    EVERY_DAY_OF_MONTH: cada día do mes
+    EVERY_MONTH: cada mes
+    TEXT_PERIOD: Cada <b />
+    TEXT_MINS: ' dentro de <b /> minuto(s) despois da hora'
+    TEXT_TIME: ' dentro <b />:<b />'
+    TEXT_DOW: ' o <b />'
+    TEXT_MONTH: ' de <b />'
+    TEXT_DOM: ' o <b />'
+    ERROR1: A etiqueta %s non é compatíbel!
+    ERROR2: Mal número de elementos
+    ERROR3: O jquery_element debería estar determinado na configuración de jqCron
+    ERROR4: Expresión non recoñecida

system/languages/he.yaml

@@ -37,8 +37,8 @@ GRAV:
     YR_PLURAL: שני'
     DEC_PLURAL: עש'
   FORM:
-    VALIDATION_FAIL: <b>האימות נכשל:</b>
-    INVALID_INPUT: קלט לא חוקי
+    VALIDATION_FAIL: '<b>האימות נכשל:</b>'
+    INVALID_INPUT: 'קלט לא חוקי'
     MISSING_REQUIRED_FIELD: 'שדות חובה חסרים:'
   MONTHS_OF_THE_YEAR:
     - 'ינואר'

system/languages/hr.yaml

@@ -50,8 +50,8 @@ GRAV:
     YR_PLURAL: g
     DEC_PLURAL: des
   FORM:
-    VALIDATION_FAIL: <b>Validacija nije uspjela:</b>
-    INVALID_INPUT: Pogrešan unos u
+    VALIDATION_FAIL: '<b>Validacija nije uspjela:</b>'
+    INVALID_INPUT: 'Pogrešan unos u'
     MISSING_REQUIRED_FIELD: 'Nedostaje obavezno polje:'
   MONTHS_OF_THE_YEAR:
     - 'Siječanj'

system/languages/hu.yaml

@@ -58,7 +58,7 @@ GRAV:
     YR_PLURAL: év
     DEC_PLURAL: évt
   FORM:
-    VALIDATION_FAIL: <b>Érvényesítés nem sikerült:</b>
+    VALIDATION_FAIL: '<b>Érvényesítés nem sikerült:</b>'
     INVALID_INPUT: 'A megadott érték érvénytelen:'
     MISSING_REQUIRED_FIELD: 'Ez a kötelező mező nincs kitöltve:'
   MONTHS_OF_THE_YEAR:

system/languages/id.yaml

@@ -1,26 +1,74 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\ntitle: %1$s\n---\n\n# Error: Frontmatter tidak valid\n\nLokasi: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1zes'
+    '/^(ox)$/i': '\1en'
+    '/([m|l])ouse$/i': '\1ice'
+    '/(matr|vert|ind)ix|ex$/i': '\1ices'
+    '/(x|ch|ss|sh)$/i': '\1es'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([^aeiouy]|qu)y$/i': '\1ies'
+    '/(hive)$/i': '\1s'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2ves'
+    '/sis$/i': 'ses'
+    '/([ti])um$/i': '\1a'
+    '/(buffal|tomat)o$/i': '\1oes'
+    '/(bu)s$/i': '\1ses'
+    '/(alias|status)/i': '\1es'
+    '/(octop|vir)us$/i': '\1i'
+    '/(ax|test)is$/i': '\1es'
+    '/s$/i': 's'
+    '/$/': 's'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/(matr)ices$/i': '\1ix'
+    '/(vert|ind)ices$/i': '\1ex'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1us'
+    '/(cris|ax|test)es$/i': '\1is'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1ouse'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1ovie'
+    '/(s)eries$/i': '\1eries'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([lr])ves$/i': '\1f'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1fe'
+    '/(^analy)ses$/i': '\1sis'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2sis'
+    '/([ti])a$/i': '\1um'
+    '/(n)ews$/i': '\1ews'
   INFLECTOR_UNCOUNTABLE:
-    - 'peralatan'
-    - 'informasi'
-    - 'nasi'
-    - 'uang'
-    - 'spesies'
-    - 'rangkaian'
-    - 'ikan'
-    - 'domba'
+    - 'Peralatan'
+    - 'Informasi '
+    - 'Nasi'
+    - 'Uang'
+    - 'Jenis'
+    - 'Seri'
+    - 'Ikan'
+    - 'Domba'
   INFLECTOR_IRREGULAR:
-    'person': 'orang-orang'
-    'man': 'laki-laki'
-    'child': 'anak-anak'
-    'sex': 'jenis kelamin'
+    'person': 'Orang-orang'
+    'man': 'Pria'
+    'child': 'Balita'
+    'sex': 'Jenis Kelamin'
     'move': 'pindahkan'
+  INFLECTOR_ORDINALS:
+    'default': 'ke'
+    'first': 'pertama'
+    'second': 'nd'
+    'third': 'rd'
   NICETIME:
-    NO_DATE_PROVIDED: Tanggal tidak tersedia
+    NO_DATE_PROVIDED: Tidak ada tanggal yang disediakan
     BAD_DATE: Format tanggal salah
     AGO: yang lalu
-    FROM_NOW: dari saat ini
+    FROM_NOW: dari sekarang
     JUST_NOW: baru saja
     SECOND: detik
     MINUTE: menit
@@ -30,12 +78,12 @@ GRAV:
     MONTH: bulan
     YEAR: tahun
     DECADE: dekade
-    SEC: dtk
-    MIN: mnt
-    HR: j
-    WK: mng
-    MO: bln
-    YR: thn
+    SEC: detik
+    MIN: menit
+    HR: ' jam'
+    WK: minggu
+    MO: bulan
+    YR: tahun
     DEC: desimal
     SECOND_PLURAL: detik
     MINUTE_PLURAL: menit
@@ -45,17 +93,18 @@ GRAV:
     MONTH_PLURAL: bulan
     YEAR_PLURAL: tahun
     DECADE_PLURAL: dekade
-    SEC_PLURAL: dtk
-    MIN_PLURAL: mnt
-    HR_PLURAL: j
-    WK_PLURAL: mgg
-    MO_PLURAL: bln
-    YR_PLURAL: thn
+    SEC_PLURAL: detik
+    MIN_PLURAL: menit
+    HR_PLURAL: jam
+    WK_PLURAL: minggu
+    MO_PLURAL: bulan
+    YR_PLURAL: tahun
     DEC_PLURAL: dekade
   FORM:
-    VALIDATION_FAIL: <b>Validasi gagal:</b>
-    INVALID_INPUT: Input tidak valid di
+    VALIDATION_FAIL: '<b>Validasi gagal:</b>'
+    INVALID_INPUT: 'Input tidak valid di'
     MISSING_REQUIRED_FIELD: 'Data yang diperlukan belum terisi:'
+    XSS_ISSUES: "Isu berpotensial XSS terdeteksi dalam baris %s"
   MONTHS_OF_THE_YEAR:
     - 'Januari'
     - 'Februari'
@@ -74,22 +123,25 @@ GRAV:
     - 'Selasa'
     - 'Rabu'
     - 'Kamis'
-    - 'Jumat'
+    - 'Jum''at'
     - 'Sabtu'
     - 'Minggu'
+  YES: "Ya"
+  NO: "Tidak"
   CRON:
     EVERY: Setiap
     EVERY_HOUR: Setiap jam
     EVERY_MINUTE: Setiap menit
     EVERY_DAY_OF_WEEK: Setiap hari selama seminggu
-    EVERY_DAY_OF_MONTH: pada tanggal setiap bulannya
+    EVERY_DAY_OF_MONTH: Setiap hari dalam sebulan
     EVERY_MONTH: setiap bulan
     TEXT_PERIOD: Setiap <b />
+    TEXT_MINS: 'dalam <b />  menit setelah jam yang lalu'
     TEXT_TIME: ' pada <b />:<b />'
     TEXT_DOW: ' pada <b />'
     TEXT_MONTH: ' pada <b />'
     TEXT_DOM: ' pada <b />'
     ERROR1: Tag %s tidak didukung!
-    ERROR2: Jumlah elemen tidak valid
-    ERROR3: jquery_element harus ditetapkan ke pengaturan jqCron
-    ERROR4: Ekspresi tidak dikenali
+    ERROR2: Jumlah elemen yang buruk
+    ERROR3: jquery_element harus diatur ke dalam pengaturan jqCron
+    ERROR4: Ekspresi tidak dikenal

system/languages/is.yaml

@@ -46,8 +46,8 @@ GRAV:
     YR_PLURAL: árum
     DEC_PLURAL: árat
   FORM:
-    VALIDATION_FAIL: <b>Sannvottun mistókst:</b>
-    INVALID_INPUT: Ógilt inntak í
+    VALIDATION_FAIL: '<b>Sannvottun mistókst:</b>'
+    INVALID_INPUT: 'Ógilt inntak í'
     MISSING_REQUIRED_FIELD: 'Vantar nauðsynlegan reit:'
   MONTHS_OF_THE_YEAR:
     - 'janúar'

system/languages/it.yaml

@@ -1,6 +1,49 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---Titolo: %1$s---# Errore: Frontmatter non valido: '%2$s' * *%3$s * * ' '%4$s ' '"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1'
+    '/^(ox)$/i': '\1en'
+    '/([m|l])ouse$/i': '\1ice'
+    '/(matr|vert|ind)ix|ex$/i': '\1ices'
+    '/(x|ch|ss|sh)$/i': '\1es'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([^aeiouy]|qu)y$/i': '\1ies'
+    '/(hive)$/i': '\1s'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2ves'
+    '/sis$/i': 'ses'
+    '/([ti])um$/i': '\1a'
+    '/(buffal|tomat)o$/i': '\1oes'
+    '/(bu)s$/i': '\1ses'
+    '/(alias|status)/i': '\1es'
+    '/(octop|vir)us$/i': '\1i'
+    '/(ax|test)is$/i': '\1es'
+    '/s$/i': 's'
+    '/$/': 's'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/(matr)ices$/i': '\1ix'
+    '/(vert|ind)ices$/i': '\1ex'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1us'
+    '/(cris|ax|test)es$/i': '\1is'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1ouse'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1ovie'
+    '/(s)eries$/i': '\1eries'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([lr])ves$/i': '\1f'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1fe'
+    '/(^analy)ses$/i': '\1sis'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2sis'
+    '/([ti])a$/i': '\1um'
+    '/(n)ews$/i': '\1ews'
   INFLECTOR_UNCOUNTABLE:
     - 'dotazione'
     - 'informazione'
@@ -58,9 +101,10 @@ GRAV:
     YR_PLURAL: anni
     DEC_PLURAL: decenni
   FORM:
-    VALIDATION_FAIL: <b>Validazione fallita:</b>
-    INVALID_INPUT: Input non valido in
+    VALIDATION_FAIL: '<b>Validazione fallita:</b>'
+    INVALID_INPUT: 'Input non valido in'
     MISSING_REQUIRED_FIELD: 'Campo richiesto mancante:'
+    XSS_ISSUES: "Rilevati potenziali problemi di XSS nel campo '%s'"
   MONTHS_OF_THE_YEAR:
     - 'Gennaio'
     - 'Febbraio'
@@ -82,6 +126,8 @@ GRAV:
     - 'Venerdì'
     - 'Sabato'
     - 'Domenica'
+  YES: "Sì"
+  NO: "No"
   CRON:
     EVERY: ogni
     EVERY_HOUR: ogni ora

system/languages/ja.yaml

@@ -1,11 +1,22 @@
 ---
 GRAV:
+  INFLECTOR_UNCOUNTABLE:
+    - 'equipment'
+    - '情報'
+    - 'rice'
+    - 'お金'
+    - 'species'
+    - 'series'
+    - '魚'
+    - 'ヒツジ'
   INFLECTOR_IRREGULAR:
     'person': 'みんな'
     'man': '人'
     'child': '子供'
     'sex': '性別'
     'move': '移動'
+  INFLECTOR_ORDINALS:
+    'first': '番目'
   NICETIME:
     NO_DATE_PROVIDED: 日付が設定されていません
     BAD_DATE: 不正な日付
@@ -40,8 +51,8 @@ GRAV:
     YR_PLURAL: 年
     DEC_PLURAL: 10年
   FORM:
-    VALIDATION_FAIL: <b>バリデーション失敗 :</b>
-    INVALID_INPUT: 不正な入力：
+    VALIDATION_FAIL: '<b>バリデーション失敗 :</b>'
+    INVALID_INPUT: '不正な入力：'
     MISSING_REQUIRED_FIELD: '必須項目が入力されていません:'
   MONTHS_OF_THE_YEAR:
     - '1月'
@@ -64,3 +75,7 @@ GRAV:
     - '金'
     - '土'
     - '日'
+  CRON:
+    EVERY: 毎
+    EVERY_MONTH: 毎月
+    ERROR1: 共有タイプ %s はサポートされていません

system/languages/ko.yaml

@@ -37,8 +37,8 @@ GRAV:
     YR_PLURAL: 년
     DEC_PLURAL: 년간
   FORM:
-    VALIDATION_FAIL: <b>유효성 검사 실패:</b>
-    INVALID_INPUT: 잘못된 입력
+    VALIDATION_FAIL: '<b>유효성 검사 실패:</b>'
+    INVALID_INPUT: '잘못된 입력'
     MISSING_REQUIRED_FIELD: '누락 된 필수 필드:'
   MONTHS_OF_THE_YEAR:
     - '일월'

system/languages/lt.yaml

@@ -52,8 +52,8 @@ GRAV:
     YR_PLURAL: m.
     DEC_PLURAL: dešimtmečiai
   FORM:
-    VALIDATION_FAIL: <b>Patvirtinimas nepavyko:</b>
-    INVALID_INPUT: Neteisingai įvesta į
+    VALIDATION_FAIL: '<b>Patvirtinimas nepavyko:</b>'
+    INVALID_INPUT: 'Neteisingai įvesta į'
     MISSING_REQUIRED_FIELD: 'Būtina užpildyti laukelį:'
   MONTHS_OF_THE_YEAR:
     - 'Sausis'

system/languages/mn.yaml

@@ -0,0 +1,147 @@
+---
+GRAV:
+  FRONTMATTER_ERROR_PAGE: "---\nГарчиг: %1$s\n---\n\n# Алдаа: Буруу Формат\n\nЗам: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1зүүд'
+    '/^(ox)$/i': '\1ууд'
+    '/([m|l])ouse$/i': '\1ууд'
+    '/(matr|vert|ind)ix|ex$/i': '\1иксүүд'
+    '/(x|ch|ss|sh)$/i': '\1үүд'
+    '/([^aeiouy]|qu)ies$/i': '\1үүд'
+    '/([^aeiouy]|qu)y$/i': '\1үүд'
+    '/(hive)$/i': '\1үүд'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2үүд'
+    '/sis$/i': 'үүд'
+    '/([ti])um$/i': '\1үүд'
+    '/(buffal|tomat)o$/i': '\1үүд'
+    '/(bu)s$/i': '\1үүд'
+    '/(alias|status)/i': '\1үүд'
+    '/(octop|vir)us$/i': '\1үүд'
+    '/(ax|test)is$/i': '\1үүд'
+    '/s$/i': 'үүд'
+    '/$/': 'үүд'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/(matr)ices$/i': '\1икс'
+    '/(vert|ind)ices$/i': '\1икс'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1'
+    '/(cris|ax|test)es$/i': '\1'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1'
+    '/(s)eries$/i': '\1'
+    '/([^aeiouy]|qu)ies$/i': '\1үүд'
+    '/([lr])ves$/i': '\1'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1'
+    '/(^analy)ses$/i': '\1'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2үүд'
+    '/([ti])a$/i': '\1'
+    '/(n)ews$/i': '\1'
+  INFLECTOR_UNCOUNTABLE:
+    - 'тоног төхөөрөмж'
+    - 'Мэдээлэл'
+    - 'будаа'
+    - 'мөнгө'
+    - 'төрөл зүйл'
+    - 'цуврал'
+    - 'загас'
+    - 'хонь'
+  INFLECTOR_IRREGULAR:
+    'person': 'хүмүүс'
+    'man': 'эрчүүд'
+    'child': 'хүүхэд'
+    'sex': 'хүйс'
+    'move': 'хөдөлгөөн'
+  INFLECTOR_ORDINALS:
+    'default': 'th'
+    'first': 'st'
+    'second': 'nd'
+    'third': 'rd'
+  NICETIME:
+    NO_DATE_PROVIDED: Огноо алга
+    BAD_DATE: Буруу огноо
+    AGO: өмнө 
+    FROM_NOW: одооноос
+    JUST_NOW: дөнгөж сая
+    SECOND: секунд
+    MINUTE: минут
+    HOUR: цаг
+    DAY: өдөр
+    WEEK: долоо хоног
+    MONTH: сар
+    YEAR: он
+    DECADE: арван жил
+    SEC: сек
+    MIN: мин
+    HR: цаг
+    WK: д.х.
+    MO: сар
+    YR: он
+    DEC: арван жил
+    SECOND_PLURAL: секунд
+    MINUTE_PLURAL: минут
+    HOUR_PLURAL: цаг
+    DAY_PLURAL: өдрүүд
+    WEEK_PLURAL: долоо хоногууд
+    MONTH_PLURAL: сарууд
+    YEAR_PLURAL: онууд
+    DECADE_PLURAL: арван жилүүд
+    SEC_PLURAL: сек.-үүд
+    MIN_PLURAL: мин.-ууд
+    HR_PLURAL: цагууд
+    WK_PLURAL: д.х.-ууд
+    MO_PLURAL: сарууд
+    YR_PLURAL: жилүүд
+    DEC_PLURAL: арван жилүүд
+  FORM:
+    VALIDATION_FAIL: '<b>Баталгаажуулалт амжилтгүй боллоо:</b>'
+    INVALID_INPUT: 'Буруу өгөгдөл дараахид'
+    MISSING_REQUIRED_FIELD: 'Шаардлагатай талбар дутуу байна:'
+    XSS_ISSUES: "'%s' талбарт XSS -ийн болзошгүй асуудлууд илэрсэн"
+  MONTHS_OF_THE_YEAR:
+    - '1-р сар'
+    - '2-р сар'
+    - '3-р сар'
+    - '4-р сар'
+    - '5 сар'
+    - '6 сар'
+    - '7 сар'
+    - '8 сар'
+    - '9 сар'
+    - '10 сар'
+    - '11 сар'
+    - '12 сар'
+  DAYS_OF_THE_WEEK:
+    - 'Даваа гараг'
+    - 'Мягмар гараг'
+    - 'Лхагва гараг'
+    - 'Пүрэв гараг'
+    - 'Баасан гараг'
+    - 'Бямба гараг'
+    - 'Ням гараг'
+  YES: "Тийм"
+  NO: "Үгүй"
+  CRON:
+    EVERY: бүрийн
+    EVERY_HOUR: цаг бүрийн
+    EVERY_MINUTE: минут бүрийн
+    EVERY_DAY_OF_WEEK: долоо хоногийн өдөр болгонд
+    EVERY_DAY_OF_MONTH: сарын өдөр болгонд
+    EVERY_MONTH: сар болгон
+    TEXT_PERIOD: Бүрийн  <b />
+    TEXT_MINS: '  <b /> энэ сүүлийн цагийн минутад'
+    TEXT_TIME: '  <b />:<b /> -д'
+    TEXT_DOW: '  <b /> -д'
+    TEXT_MONTH: '  <b /> -ын'
+    TEXT_DOM: '  <b /> -т'
+    ERROR1: '%s -н утга нь дэмжигддэггүй!'
+    ERROR2: Элементүүдийн тоо хэмжээ буруу
+    ERROR3: jquery_element нь jqCron тохиргоонд хийгдсэн байх ёстой
+    ERROR4: Танигдаагүй илэрхийлэл

system/languages/nl.yaml

@@ -101,8 +101,8 @@ GRAV:
     YR_PLURAL: jaren
     DEC_PLURAL: decennia
   FORM:
-    VALIDATION_FAIL: <b>Validatie mislukt:</b>
-    INVALID_INPUT: Ongeldige invoer in
+    VALIDATION_FAIL: '<b>Validatie mislukt:</b>'
+    INVALID_INPUT: 'Ongeldige invoer in'
     MISSING_REQUIRED_FIELD: 'Ontbrekend verplicht veld:'
   MONTHS_OF_THE_YEAR:
     - 'Januari'

system/languages/no.yaml

@@ -21,6 +21,7 @@ GRAV:
     BAD_DATE: Ugyldig dato
     AGO: siden
     FROM_NOW: fra nå
+    JUST_NOW: akkurat nå
     SECOND: sekund
     MINUTE: minutt
     HOUR: time
@@ -51,8 +52,8 @@ GRAV:
     YR_PLURAL: år
     DEC_PLURAL: årtier
   FORM:
-    VALIDATION_FAIL: <b>Godkjenning mislyktes:</b>
-    INVALID_INPUT: Ugyldig innhold i
+    VALIDATION_FAIL: '<b>Godkjenning mislyktes:</b>'
+    INVALID_INPUT: 'Ugyldig innhold i'
     MISSING_REQUIRED_FIELD: 'Mangler påkrevd felt:'
   MONTHS_OF_THE_YEAR:
     - 'januar'
@@ -75,3 +76,7 @@ GRAV:
     - 'fredag'
     - 'lørdag'
     - 'søndag'
+  CRON:
+    EVERY: hver
+    EVERY_HOUR: hver time
+    EVERY_MINUTE: hvert minutt

system/languages/pl.yaml

@@ -1,11 +1,32 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\ntitle: %1$s\n---\n\n# Error: Nieprawidłowy Frontmatter\n\nPath: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_SINGULAR:
+    '/(alias|status)es$/i': '\1'
+  INFLECTOR_UNCOUNTABLE:
+    - 'wyposażenie'
+    - 'informacja'
+    - 'rice'
+    - 'pieniądze'
+    - 'species'
+    - 'series'
+    - 'ryba'
+    - 'owca'
+  INFLECTOR_IRREGULAR:
+    'person': 'człowiek'
+    'man': 'mężczyźni'
+    'child': 'dzieci'
+    'sex': 'płci'
+  INFLECTOR_ORDINALS:
+    'first': 'pierwszy'
+    'second': 'drugi'
+    'third': 'trzeci'
   NICETIME:
     NO_DATE_PROVIDED: Nie podano daty
     BAD_DATE: Zła data
     AGO: temu
     FROM_NOW: od teraz
+    JUST_NOW: właśnie teraz
     SECOND: sekunda
     MINUTE: minuta
     HOUR: godzina
@@ -15,6 +36,7 @@ GRAV:
     YEAR: rok
     DECADE: dekada
     SEC: sek
+    MIN: minuta
     HR: godz
     WK: tydz
     MO: m-c
@@ -36,9 +58,10 @@ GRAV:
     YR_PLURAL: lat
     DEC_PLURAL: dekad
   FORM:
-    VALIDATION_FAIL: <b>Weryfikacja nie powiodła się:</b>
-    INVALID_INPUT: Nieprawidłowe dane wejściowe
+    VALIDATION_FAIL: '<b>Weryfikacja nie powiodła się:</b>'
+    INVALID_INPUT: 'Nieprawidłowe dane wejściowe'
     MISSING_REQUIRED_FIELD: 'Opuszczono wymagane pole:'
+    XSS_ISSUES: "Potencjalne problemy XSS wykryte w polu '%s'"
   MONTHS_OF_THE_YEAR:
     - 'Styczeń'
     - 'Luty'
@@ -60,3 +83,18 @@ GRAV:
     - 'Piątek'
     - 'Sobota'
     - 'Niedziela'
+  YES: "Tak"
+  NO: "Nie"
+  CRON:
+    EVERY: każdy
+    EVERY_HOUR: każdą godzinę
+    EVERY_MINUTE: każdą minutę
+    EVERY_DAY_OF_WEEK: każdego dnia tygodnia
+    EVERY_DAY_OF_MONTH: każdego dnia miesiące
+    EVERY_MONTH: każdego miesiąca
+    TEXT_PERIOD: Każdego <b />
+    TEXT_MINS: 'o <b /> minut po godzinie'
+    TEXT_TIME: 'o <b />:<b />'
+    ERROR1: Znacznik %s nie jest wspierany!
+    ERROR2: Nieprawidłowa liczba elementów
+    ERROR4: Wyrażenie nierozpoznane

system/languages/pt.yaml

@@ -1,8 +1,75 @@
 ---
 GRAV:
+  FRONTMATTER_ERROR_PAGE: "---\ntitle: %1$s\n---\n\n# Erro: Frontmatter Inválido\n\nLocalização: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1zes'
+    '/^(ox)$/i': '\1en'
+    '/([m|l])ouse$/i': '\1ice'
+    '/(matr|vert|ind)ix|ex$/i': '\1ices'
+    '/(x|ch|ss|sh)$/i': '\1es'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([^aeiouy]|qu)y$/i': '\1ies'
+    '/(hive)$/i': '\1s'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2ves'
+    '/sis$/i': 'ses'
+    '/([ti])um$/i': '\1a'
+    '/(buffal|tomat)o$/i': '\1oes'
+    '/(bu)s$/i': '\1ses'
+    '/(alias|status)/i': '\1es'
+    '/(octop|vir)us$/i': '\1i'
+    '/(ax|test)is$/i': '\1es'
+    '/s$/i': 's'
+    '/$/': 's'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/(matr)ices$/i': '\1ix'
+    '/(vert|ind)ices$/i': '\1ex'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1us'
+    '/(cris|ax|test)es$/i': '\1is'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1ouse'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1ovie'
+    '/(s)eries$/i': '\1eries'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([lr])ves$/i': '\1f'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1fe'
+    '/(^analy)ses$/i': '\1sis'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2sis'
+    '/([ti])a$/i': '\1um'
+    '/(n)ews$/i': '\1ews'
+  INFLECTOR_UNCOUNTABLE:
+    - 'equipamento'
+    - 'informação'
+    - 'arroz'
+    - 'dinheiro'
+    - 'espécie'
+    - 'série'
+    - 'peixe'
+    - 'ovelha'
+  INFLECTOR_IRREGULAR:
+    'person': 'pessoas'
+    'man': 'homens'
+    'child': 'crianças'
+    'sex': 'sexos'
+    'move': 'movimentos'
+  INFLECTOR_ORDINALS:
+    'default': 'º'
+    'first': 'º'
+    'second': 'º'
+    'third': 'º'
   NICETIME:
     NO_DATE_PROVIDED: Nenhuma data fornecida
+    BAD_DATE: Data inválida
     AGO: atrás
+    FROM_NOW: a partir de agora
+    JUST_NOW: mesmo agora
     SECOND: segundo
     MINUTE: minuto
     HOUR: hora
@@ -11,17 +78,33 @@ GRAV:
     MONTH: mês
     YEAR: ano
     DECADE: década
-    SEC: segundos
-    MIN: minutos
+    SEC: seg
+    MIN: min
+    HR: hora
+    WK: semana
+    MO: mês
+    YR: ano
+    DEC: década
+    SECOND_PLURAL: segundos
     MINUTE_PLURAL: minutos
+    HOUR_PLURAL: horas
     DAY_PLURAL: dias
     WEEK_PLURAL: semanas
     MONTH_PLURAL: meses
     YEAR_PLURAL: anos
-    DECADE_PLURAL: decadas
+    DECADE_PLURAL: décadas
+    SEC_PLURAL: segs
+    MIN_PLURAL: mins
+    HR_PLURAL: hrs
+    WK_PLURAL: sems
+    MO_PLURAL: meses
+    YR_PLURAL: anos
+    DEC_PLURAL: décadas
   FORM:
-    VALIDATION_FAIL: <b>Falha na validação!</b>
-    MISSING_REQUIRED_FIELD: 'Campo obrigatório requerido:'
+    VALIDATION_FAIL: '<b>Falha na validação:</b>'
+    INVALID_INPUT: 'Dados inseridos são inválidos em'
+    MISSING_REQUIRED_FIELD: 'Campo obrigatório em falta:'
+    XSS_ISSUES: "Potenciais problemas de XSS detectados no campo '%s'"
   MONTHS_OF_THE_YEAR:
     - 'Janeiro'
     - 'Fevereiro'
@@ -35,12 +118,30 @@ GRAV:
     - 'Outubro'
     - 'Novembro'
     - 'Dezembro'
-  INFLECTOR_UNCOUNTABLE:
-    - 'equipment'
-    - 'information'
-    - 'arroz'
-    - 'money'
-    - 'species'
-    - 'series'
-    - 'fish'
-    - 'sheep'
+  DAYS_OF_THE_WEEK:
+    - 'Segunda-feira'
+    - 'Terça-feira'
+    - 'Quarta-feira'
+    - 'Quinta-feira'
+    - 'Sexta-feira'
+    - 'Sábado'
+    - 'Domingo'
+  YES: "Sim"
+  NO: "Não"
+  CRON:
+    EVERY: cada
+    EVERY_HOUR: cada hora
+    EVERY_MINUTE: cada minuto
+    EVERY_DAY_OF_WEEK: todos os dias da semana
+    EVERY_DAY_OF_MONTH: todos os dias do mês
+    EVERY_MONTH: todos os meses
+    TEXT_PERIOD: Cada <b />
+    TEXT_MINS: ' em <b /> minuto(s) após a hora'
+    TEXT_TIME: ' em <b />:<b />'
+    TEXT_DOW: ' em <b />'
+    TEXT_MONTH: ' de <b />'
+    TEXT_DOM: ' em <b />'
+    ERROR1: A tag %s não é suportada!
+    ERROR2: Número de elementos inválido
+    ERROR3: O jquery_element deve ser definido nas configurações do jqCron
+    ERROR4: Expressão não reconhecida

system/languages/ro.yaml

@@ -53,8 +53,8 @@ GRAV:
     YR_PLURAL: ani
     DEC_PLURAL: decenii
   FORM:
-    VALIDATION_FAIL: <b>Validare nereușită</b>
-    INVALID_INPUT: Date incorecte în
+    VALIDATION_FAIL: '<b>Validare nereușită</b>'
+    INVALID_INPUT: 'Date incorecte în'
     MISSING_REQUIRED_FIELD: 'Câmp obligatoriu lipsă:'
   MONTHS_OF_THE_YEAR:
     - 'Ianuarie'

system/languages/ru.yaml

@@ -13,7 +13,7 @@ GRAV:
   INFLECTOR_IRREGULAR:
     'person': 'люди'
     'man': 'человек'
-    'child': 'ребенок'
+    'child': 'дети'
     'sex': 'пол'
     'move': 'движется'
   INFLECTOR_ORDINALS:
@@ -58,9 +58,10 @@ GRAV:
     YR_PLURAL: г
     DEC_PLURAL: дстлт
   FORM:
-    VALIDATION_FAIL: <b>Проверка не удалась:</b>
-    INVALID_INPUT: Неверный ввод в
+    VALIDATION_FAIL: '<b>Проверка не удалась:</b>'
+    INVALID_INPUT: 'Неверный ввод в'
     MISSING_REQUIRED_FIELD: 'Отсутствует необходимое поле:'
+    XSS_ISSUES: "Обнаружены потенциальные XSS проблемы в поле '%s'"
   MONTHS_OF_THE_YEAR:
     - 'январь'
     - 'февраль'
@@ -68,12 +69,12 @@ GRAV:
     - 'апрель'
     - 'май'
     - 'июнь'
-    - 'Июль'
-    - 'Август'
-    - 'Сентябрь'
-    - 'Октябрь'
-    - 'Ноябрь'
-    - 'Декабрь'
+    - 'июль'
+    - 'август'
+    - 'сентябрь'
+    - 'октябрь'
+    - 'ноябрь'
+    - 'декабрь'
   DAYS_OF_THE_WEEK:
     - 'понедельник'
     - 'вторник'
@@ -82,6 +83,8 @@ GRAV:
     - 'пятница'
     - 'суббота'
     - 'воскресенье'
+  YES: "Да"
+  NO: "Нет"
   CRON:
     EVERY: раз в
     EVERY_HOUR: раз в час

system/languages/si.yaml

@@ -0,0 +1,9 @@
+---
+GRAV:
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/(x|ch|ss|sh)es$/i': '\1'

system/languages/sk.yaml

@@ -101,8 +101,8 @@ GRAV:
     YR_PLURAL: rokov
     DEC_PLURAL: dekád
   FORM:
-    VALIDATION_FAIL: <b>Overenie zlyhalo:</b>
-    INVALID_INPUT: Neplatný vstup v
+    VALIDATION_FAIL: '<b>Overenie zlyhalo:</b>'
+    INVALID_INPUT: 'Neplatný vstup v'
     MISSING_REQUIRED_FIELD: 'Chýba vyžadované pole:'
   MONTHS_OF_THE_YEAR:
     - 'Január'

system/languages/sl.yaml

@@ -36,8 +36,8 @@ GRAV:
     YR_PLURAL: l
     DEC_PLURAL: des
   FORM:
-    VALIDATION_FAIL: <b>Preverjanje veljavnosti ni uspelo:</b>
-    INVALID_INPUT: Neveljaven vnos v
+    VALIDATION_FAIL: '<b>Preverjanje veljavnosti ni uspelo:</b>'
+    INVALID_INPUT: 'Neveljaven vnos v'
     MISSING_REQUIRED_FIELD: 'Manjka obvezno polje:'
   MONTHS_OF_THE_YEAR:
     - 'Januar'

system/languages/sr.yaml

@@ -0,0 +1,144 @@
+---
+GRAV:
+  FRONTMATTER_ERROR_PAGE: "---\nнаслов: %1$s\n---\n\n# Грешка: неисправан Frontmatter\n\nПутања: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1zes'
+    '/^(ox)$/i': '\1en'
+    '/([m|l])ouse$/i': '\1ice'
+    '/(matr|vert|ind)ix|ex$/i': '\1ices'
+    '/(x|ch|ss|sh)$/i': '\1es'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([^aeiouy]|qu)y$/i': '\1ies'
+    '/(hive)$/i': '\1s'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2ves'
+    '/sis$/i': 'ses'
+    '/([ti])um$/i': '\1a'
+    '/(buffal|tomat)o$/i': '\1oes'
+    '/(bu)s$/i': '\1ses'
+    '/(alias|status)/i': '\1es'
+    '/(octop|vir)us$/i': '\1i'
+    '/(ax|test)is$/i': '\1es'
+    '/s$/i': 's'
+    '/$/': 's'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/(matr)ices$/i': '\1ix'
+    '/(vert|ind)ices$/i': '\1ex'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1us'
+    '/(cris|ax|test)es$/i': '\1is'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1ouse'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1ovie'
+    '/(s)eries$/i': '\1eries'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([lr])ves$/i': '\1f'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1fe'
+    '/(^analy)ses$/i': '\1sis'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2sis'
+    '/([ti])a$/i': '\1um'
+    '/(n)ews$/i': '\1ews'
+  INFLECTOR_UNCOUNTABLE:
+    - 'опрема'
+    - 'информација'
+    - 'пиринач'
+    - 'новац'
+    - 'врсте'
+    - 'серије'
+    - 'риба'
+    - 'овца'
+  INFLECTOR_IRREGULAR:
+    'person': 'особе'
+    'man': 'људи'
+    'child': 'деца'
+    'sex': 'полови'
+    'move': 'помери'
+  INFLECTOR_ORDINALS:
+    'default': 'ти'
+    'first': 'први'
+    'second': 'други'
+    'third': 'трећи'
+  NICETIME:
+    NO_DATE_PROVIDED: Нема датума
+    BAD_DATE: Погрешан датум
+    AGO: од пре
+    FROM_NOW: од сада
+    JUST_NOW: управо сада
+    SECOND: секунда
+    MINUTE: минута
+    HOUR: сат
+    DAY: дан
+    WEEK: недеља
+    MONTH: месец
+    YEAR: година
+    DECADE: декада
+    SEC: сек
+    MIN: мин
+    HR: сат
+    WK: нед
+    MO: мес
+    YR: год
+    DEC: дек
+    SECOND_PLURAL: секунди
+    MINUTE_PLURAL: минута
+    HOUR_PLURAL: сати
+    DAY_PLURAL: дана
+    WEEK_PLURAL: недеља
+    MONTH_PLURAL: месеци
+    YEAR_PLURAL: године(а)
+    DECADE_PLURAL: декаде(а)
+    SEC_PLURAL: сек
+    MIN_PLURAL: мин
+    HR_PLURAL: сати
+    WK_PLURAL: недеља
+    MO_PLURAL: месеци
+    YR_PLURAL: година
+    DEC_PLURAL: декада
+  FORM:
+    VALIDATION_FAIL: '<b>Провера неуспела:</b>'
+    INVALID_INPUT: 'Неисправан унос у'
+    MISSING_REQUIRED_FIELD: 'Недостаје обавезн поље:'
+  MONTHS_OF_THE_YEAR:
+    - 'Јануар'
+    - 'Фебруар'
+    - 'Март'
+    - 'Април'
+    - 'Мај'
+    - 'Јуни'
+    - 'Јули'
+    - 'Август'
+    - 'Септембар'
+    - 'Октобар'
+    - 'Новембар'
+    - 'Децембар'
+  DAYS_OF_THE_WEEK:
+    - 'Понедељак'
+    - 'Уторак'
+    - 'Среда'
+    - 'Четвртак'
+    - 'Петак'
+    - 'Субота'
+    - 'Недеља'
+  CRON:
+    EVERY: сваки
+    EVERY_HOUR: сваки сат
+    EVERY_MINUTE: сваки минут
+    EVERY_DAY_OF_WEEK: сваки дан у недељи
+    EVERY_DAY_OF_MONTH: сваки дан у месецу
+    EVERY_MONTH: сваки месец
+    TEXT_PERIOD: Сваки <b />
+    TEXT_MINS: ' у <b /> минути(а) прошлог сата'
+    TEXT_TIME: ' у <b />:<b />'
+    TEXT_DOW: ' на <b />'
+    TEXT_MONTH: ' од <b />'
+    TEXT_DOM: ' на <b />'
+    ERROR1: Таг %s није подржан!
+    ERROR2: Погрешан број елемената
+    ERROR3: јquery_element би требао да буде постављен у jqCron подешавању
+    ERROR4: Непрепознат израз

system/languages/sv.yaml

@@ -12,11 +12,21 @@ GRAV:
     - 'får'
   INFLECTOR_IRREGULAR:
     'person': 'personer'
+    'man': 'män'
+    'child': 'barn'
+    'sex': 'kön'
+    'move': 'flytta'
+  INFLECTOR_ORDINALS:
+    'default': ':e'
+    'first': ':a'
+    'second': ':a'
+    'third': ':e'
   NICETIME:
     NO_DATE_PROVIDED: Inget datum har angivits
     BAD_DATE: Ogiltigt datum
     AGO: sedan
     FROM_NOW: fr.o.m nu
+    JUST_NOW: just nu
     SECOND: sekund
     MINUTE: minut
     HOUR: timme
@@ -26,10 +36,12 @@ GRAV:
     YEAR: år
     DECADE: årtionde
     SEC: sek
+    MIN: min
     HR: t
     WK: v
     MO: m
     YR: år
+    DEC: dec
     SECOND_PLURAL: sekunder
     MINUTE_PLURAL: minuter
     HOUR_PLURAL: timmar
@@ -46,8 +58,8 @@ GRAV:
     YR_PLURAL: år
     DEC_PLURAL: dec
   FORM:
-    VALIDATION_FAIL: <b>Kontrollen misslyckades:</b>
-    INVALID_INPUT: Ogiltig indata i
+    VALIDATION_FAIL: '<b>Kontrollen misslyckades:</b>'
+    INVALID_INPUT: 'Ogiltig indata i'
     MISSING_REQUIRED_FIELD: 'Obligatoriskt fält måste fyllas i:'
   MONTHS_OF_THE_YEAR:
     - 'Januari'
@@ -70,3 +82,19 @@ GRAV:
     - 'Fredag'
     - 'Lördag'
     - 'Söndag'
+  CRON:
+    EVERY: varje
+    EVERY_HOUR: varje timme
+    EVERY_MINUTE: varje minut
+    EVERY_DAY_OF_WEEK: varje veckodag
+    EVERY_DAY_OF_MONTH: alla månadens dagar
+    EVERY_MONTH: varje månad
+    TEXT_PERIOD: Varje <b />
+    TEXT_MINS: ' timmens <b />:e minut'
+    TEXT_TIME: ' kl <b />:<b />'
+    TEXT_DOW: ' <b />'
+    TEXT_MONTH: ' <b />'
+    TEXT_DOM: ' <b />'
+    ERROR1: Taggen %s stöds inte!
+    ERROR2: Ogiltigt antal element
+    ERROR4: Uttrycket känns inte igen

system/languages/th.yaml

@@ -31,7 +31,7 @@ GRAV:
     YR_PLURAL: ปี
   FORM:
     VALIDATION_FAIL: '<b>ตรวจสอบล้มเหลว: </b>'
-    INVALID_INPUT: ป้อนข้อมูลไม่ถูกต้องใน
+    INVALID_INPUT: 'ป้อนข้อมูลไม่ถูกต้องใน'
     MISSING_REQUIRED_FIELD: 'ขาดข้อมูลที่จำเป็น:'
   MONTHS_OF_THE_YEAR:
     - 'มกราคม'

system/languages/tr.yaml

@@ -1,11 +1,32 @@
 ---
 GRAV:
   FRONTMATTER_ERROR_PAGE: "---\nBaşlık: %1$s\n---\n\n# Hata: Geçersiz Önbölüm\n\nYol: `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_UNCOUNTABLE:
+    - 'ekipman'
+    - 'bilgi'
+    - 'pirinç'
+    - 'para'
+    - 'türler'
+    - 'seriler'
+    - 'balık'
+    - 'koyun'
+  INFLECTOR_IRREGULAR:
+    'person': 'kişi'
+    'man': 'erkek'
+    'child': 'çocuklar'
+    'sex': 'cinsiyet'
+    'move': 'taşınmış'
+  INFLECTOR_ORDINALS:
+    'default': '#F'
+    'first': ' 1.'
+    'second': ' 2.'
+    'third': ' 3.'
   NICETIME:
     NO_DATE_PROVIDED: Sağlanan tarih yok
     BAD_DATE: Yanlış tarih
     AGO: önce
     FROM_NOW: şu andan itibaren
+    JUST_NOW: şimdi
     SECOND: saniye
     MINUTE: dakika
     HOUR: saat
@@ -37,8 +58,8 @@ GRAV:
     YR_PLURAL: yıl
     DEC_PLURAL: onyl
   FORM:
-    VALIDATION_FAIL: <b>Doğrulama başarısız:</b>
-    INVALID_INPUT: Geçersiz bilgi girişi
+    VALIDATION_FAIL: '<b>Doğrulama başarısız:</b>'
+    INVALID_INPUT: 'Geçersiz bilgi girişi'
     MISSING_REQUIRED_FIELD: 'Gerekli alan eksik:'
   MONTHS_OF_THE_YEAR:
     - 'Ocak'
@@ -61,3 +82,19 @@ GRAV:
     - 'Cuma'
     - 'Cumartesi'
     - 'Pazar'
+  YES: "Evet"
+  NO: "Hayır"
+  CRON:
+    EVERY: her
+    EVERY_HOUR: saatte bir
+    EVERY_MINUTE: dakikada bir
+    EVERY_DAY_OF_WEEK: haftanın her günü
+    EVERY_DAY_OF_MONTH: ayın her günü
+    EVERY_MONTH: her ay
+    TEXT_PERIOD: Her <b />
+    TEXT_MINS: ' saatin <b /> dakikasında'
+    TEXT_TIME: ' da'
+    ERROR1: Etiket %s desteklenmiyor!
+    ERROR2: Kötü eleman sayısı
+    ERROR3: jquery_element jqCron ayarları içinde tanımlanmalı
+    ERROR4: Tanınmayan ifade

system/languages/uk.yaml

@@ -37,8 +37,8 @@ GRAV:
     YR_PLURAL: рр.
     DEC_PLURAL: рр.
   FORM:
-    VALIDATION_FAIL: <b>Перевірка не вдалася:</b>
-    INVALID_INPUT: Невірне введення в
+    VALIDATION_FAIL: '<b>Перевірка не вдалася:</b>'
+    INVALID_INPUT: 'Невірне введення в'
     MISSING_REQUIRED_FIELD: 'Відсутнє обов''язкове поле:'
   MONTHS_OF_THE_YEAR:
     - 'Січень'

system/languages/vi.yaml

@@ -37,8 +37,8 @@ GRAV:
     YR_PLURAL: năm
     DEC_PLURAL: thập kỷ
   FORM:
-    VALIDATION_FAIL: <b>Xác nhận thất bại:</b>
-    INVALID_INPUT: Dữ liệu nhập không hợp lệ cho
+    VALIDATION_FAIL: '<b>Xác nhận thất bại:</b>'
+    INVALID_INPUT: 'Dữ liệu nhập không hợp lệ cho'
     MISSING_REQUIRED_FIELD: 'Thiếu trường bắt buộc:'
   MONTHS_OF_THE_YEAR:
     - 'Tháng 1'

system/languages/zh-cn.yaml

@@ -0,0 +1,144 @@
+---
+GRAV:
+  FRONTMATTER_ERROR_PAGE: "---\n标题: %1$s\n---\n\n# 错误：无效参数\n\n位置： `%2$s`\n\n**%3$s**\n\n```\n%4$s\n```"
+  INFLECTOR_PLURALS:
+    '/(quiz)$/i': '\1zes'
+    '/^(ox)$/i': '\1en'
+    '/([m|l])ouse$/i': '\1ice'
+    '/(matr|vert|ind)ix|ex$/i': '\1ices'
+    '/(x|ch|ss|sh)$/i': '\1es'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([^aeiouy]|qu)y$/i': '\1ies'
+    '/(hive)$/i': '\1s'
+    '/(?:([^f])fe|([lr])f)$/i': '\1\2ves'
+    '/sis$/i': 'ses'
+    '/([ti])um$/i': '\1a'
+    '/(buffal|tomat)o$/i': '\1oes'
+    '/(bu)s$/i': '\1ses'
+    '/(alias|status)/i': '\1es'
+    '/(octop|vir)us$/i': '\1i'
+    '/(ax|test)is$/i': '\1es'
+    '/s$/i': 's'
+    '/$/': 's'
+  INFLECTOR_SINGULAR:
+    '/(quiz)zes$/i': '\1'
+    '/(matr)ices$/i': '\1ix'
+    '/(vert|ind)ices$/i': '\1ex'
+    '/^(ox)en/i': '\1'
+    '/(alias|status)es$/i': '\1'
+    '/([octop|vir])i$/i': '\1us'
+    '/(cris|ax|test)es$/i': '\1is'
+    '/(shoe)s$/i': '\1'
+    '/(o)es$/i': '\1'
+    '/(bus)es$/i': '\1'
+    '/([m|l])ice$/i': '\1ouse'
+    '/(x|ch|ss|sh)es$/i': '\1'
+    '/(m)ovies$/i': '\1ovie'
+    '/(s)eries$/i': '\1eries'
+    '/([^aeiouy]|qu)ies$/i': '\1y'
+    '/([lr])ves$/i': '\1f'
+    '/(tive)s$/i': '\1'
+    '/(hive)s$/i': '\1'
+    '/([^f])ves$/i': '\1fe'
+    '/(^analy)ses$/i': '\1sis'
+    '/((a)naly|(b)a|(d)iagno|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$/i': '\1\2sis'
+    '/([ti])a$/i': '\1um'
+    '/(n)ews$/i': '\1ews'
+  INFLECTOR_UNCOUNTABLE:
+    - '装备'
+    - '信息'
+    - '大米'
+    - '钱'
+    - '物种'
+    - '系列'
+    - '鱼'
+    - '羊'
+  INFLECTOR_IRREGULAR:
+    'person': '人员'
+    'man': '男人'
+    'child': '儿童'
+    'sex': '性别'
+    'move': '移动'
+  INFLECTOR_ORDINALS:
+    'default': 'th'
+    'first': 'st'
+    'second': 'md'
+    'third': 'rd'
+  NICETIME:
+    NO_DATE_PROVIDED: 无日期信息
+    BAD_DATE: 无效日期
+    AGO: 前
+    FROM_NOW: 距今
+    JUST_NOW: 刚刚
+    SECOND: 秒
+    MINUTE: 分钟
+    HOUR: 小时
+    DAY: 天
+    WEEK: 周
+    MONTH: 月
+    YEAR: 年
+    DECADE: 十年
+    SEC: 秒
+    MIN: 分钟
+    HR: 小时
+    WK: 周
+    MO: 月
+    YR: 年
+    DEC: 年代
+    SECOND_PLURAL: 秒
+    MINUTE_PLURAL: 分
+    HOUR_PLURAL: 小时
+    DAY_PLURAL: 天
+    WEEK_PLURAL: 周
+    MONTH_PLURAL: 月
+    YEAR_PLURAL: 年
+    DECADE_PLURAL: 十年
+    SEC_PLURAL: 秒
+    MIN_PLURAL: 分
+    HR_PLURAL: 时
+    WK_PLURAL: 周
+    MO_PLURAL: 月
+    YR_PLURAL: 年
+    DEC_PLURAL: 年代
+  FORM:
+    VALIDATION_FAIL: '<b>验证失败：</b>'
+    INVALID_INPUT: '无效输入'
+    MISSING_REQUIRED_FIELD: '必填字段缺失：'
+  MONTHS_OF_THE_YEAR:
+    - '1月'
+    - '2月'
+    - '3月'
+    - '4月'
+    - '5月'
+    - '6月'
+    - '7月'
+    - '8月'
+    - '9月'
+    - '10月'
+    - '11月'
+    - '12月'
+  DAYS_OF_THE_WEEK:
+    - '星期一'
+    - '星期二'
+    - '星期三'
+    - '星期四'
+    - '星期五'
+    - '星期六'
+    - '星期日'
+  CRON:
+    EVERY: 每隔
+    EVERY_HOUR: 每小时
+    EVERY_MINUTE: 每分钟
+    EVERY_DAY_OF_WEEK: 一周中的每一天
+    EVERY_DAY_OF_MONTH: 月份中的每一天
+    EVERY_MONTH: 每月
+    TEXT_PERIOD: 所有 <b />
+    TEXT_MINS: ' 在 <b /> 小时过后的分钟'
+    TEXT_TIME: ' 在 <b />:<b />'
+    TEXT_DOW: ' on <b />'
+    TEXT_MONTH: ' of <b />'
+    TEXT_DOM: ' on <b />'
+    ERROR1: 不支持分享类型 %s
+    ERROR2: 无效数字
+    ERROR3: 请在 jqCron 设置中设定 jquery_element
+    ERROR4: 无法识别表达式

system/languages/zh-tw.yaml

@@ -38,7 +38,9 @@ GRAV:
     YR_PLURAL: 年
     DEC_PLURAL: 十年
   FORM:
-    MISSING_REQUIRED_FIELD: 遺漏必填欄位：
+    VALIDATION_FAIL: '<b>確驗證失敗：</b>'
+    INVALID_INPUT: '無效輸入：'
+    MISSING_REQUIRED_FIELD: '遺漏必填欄位：'
   MONTHS_OF_THE_YEAR:
     - '一月'
     - '二月'
@@ -60,3 +62,16 @@ GRAV:
     - '星期五'
     - '星期六'
     - '星期日'
+  CRON:
+    EVERY: 每
+    EVERY_HOUR: 每小時
+    EVERY_MINUTE: 每分鐘
+    EVERY_DAY_OF_WEEK: 每一天
+    EVERY_DAY_OF_MONTH: 每一天
+    EVERY_MONTH: 每個月
+    TEXT_PERIOD: 每 <b />
+    TEXT_MINS: ' 的 <b /> 分'
+    TEXT_TIME: ' <b />:<b />'
+    TEXT_DOW: ' 的 <b />'
+    TEXT_MONTH: ' 的 <b />'
+    TEXT_DOM: ' 的 <b />'

system/languages/zh.yaml

@@ -101,9 +101,9 @@ GRAV:
     YR_PLURAL: 年
     DEC_PLURAL: 年代
   FORM:
-    VALIDATION_FAIL: <b>验证失败：</b>
-    INVALID_INPUT: 无效输入
-    MISSING_REQUIRED_FIELD: 必填字段缺失：
+    VALIDATION_FAIL: '<b>验证失败：</b>'
+    INVALID_INPUT: '无效输入'
+    MISSING_REQUIRED_FIELD: '必填字段缺失：'
   MONTHS_OF_THE_YEAR:
     - '1月'
     - '2月'

system/router.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Core
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
@@ -13,8 +13,25 @@ if (PHP_SAPI !== 'cli-server') {
 
 $_SERVER['PHP_CLI_ROUTER'] = true;
 
-if (is_file($_SERVER['DOCUMENT_ROOT'] . DIRECTORY_SEPARATOR . $_SERVER['SCRIPT_NAME'])) {
-    return false;
+$root = $_SERVER['DOCUMENT_ROOT'];
+$path = $_SERVER['SCRIPT_NAME'];
+if ($path !== '/index.php' && is_file($root . $path)) {
+    if (!(
+        // Block all direct access to files and folders beginning with a dot
+        strpos($path, '/.') !== false
+        // Block all direct access for these folders
+        || preg_match('`^/(\.git|cache|bin|logs|backup|webserver-configs|tests)/`ui', $path)
+        // Block access to specific file types for these system folders
+        || preg_match('`^/(system|vendor)/(.*)\.(txt|xml|md|html|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$`ui', $path)
+        // Block access to specific file types for these user folders
+        || preg_match('`^/(user)/(.*)\.(txt|md|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$`ui', $path)
+        // Block all direct access to .md files
+        || preg_match('`\.md$`ui', $path)
+        // Block access to specific files in the root folder
+        || preg_match('`^/(LICENSE\.txt|composer\.lock|composer\.json|\.htaccess)$`ui', $path)
+    )) {
+        return false;
+    }
 }
 
 $grav_index = 'index.php';

system/src/DOMLettersIterator.php

@@ -0,0 +1,165 @@
+<?php
+
+/**
+ * Iterates individual characters (Unicode codepoints) of DOM text and CDATA nodes
+ * while keeping track of their position in the document.
+ *
+ * Example:
+ *
+ *  $doc = new DOMDocument();
+ *  $doc->load('example.xml');
+ *  foreach(new DOMLettersIterator($doc) as $letter) echo $letter;
+ *
+ * NB: If you only need characters without their position
+ *     in the document, use DOMNode->textContent instead.
+ *
+ * @author porneL http://pornel.net
+ * @license Public Domain
+ * @url https://github.com/antoligy/dom-string-iterators
+ *
+ * @implements Iterator<int,string>
+ */
+final class DOMLettersIterator implements Iterator
+{
+    /** @var DOMElement */
+    private $start;
+    /** @var DOMElement|null */
+    private $current;
+    /** @var int */
+    private $offset = -1;
+    /** @var int|null */
+    private $key;
+    /** @var array<int,string>|null */
+    private $letters;
+
+    /**
+     * expects DOMElement or DOMDocument (see DOMDocument::load and DOMDocument::loadHTML)
+     *
+     * @param DOMNode $el
+     */
+    public function __construct(DOMNode $el)
+    {
+        if ($el instanceof DOMDocument) {
+            $el = $el->documentElement;
+        }
+
+        if (!$el instanceof DOMElement) {
+            throw new InvalidArgumentException('Invalid arguments, expected DOMElement or DOMDocument');
+        }
+
+        $this->start = $el;
+    }
+
+    /**
+     * Returns position in text as DOMText node and character offset.
+     * (it's NOT a byte offset, you must use mb_substr() or similar to use this offset properly).
+     * node may be NULL if iterator has finished.
+     *
+     * @return array
+     */
+    public function currentTextPosition(): array
+    {
+        return [$this->current, $this->offset];
+    }
+
+    /**
+     * Returns DOMElement that is currently being iterated or NULL if iterator has finished.
+     *
+     * @return DOMElement|null
+     */
+    public function currentElement(): ?DOMElement
+    {
+        return $this->current ? $this->current->parentNode : null;
+    }
+
+    // Implementation of Iterator interface
+
+    /**
+     * @return int|null
+     */
+    public function key(): ?int
+    {
+        return $this->key;
+    }
+
+    /**
+     * @return void
+     */
+    public function next(): void
+    {
+        if (null === $this->current) {
+            return;
+        }
+
+        if ($this->current->nodeType === XML_TEXT_NODE || $this->current->nodeType === XML_CDATA_SECTION_NODE) {
+            if ($this->offset === -1) {
+                preg_match_all('/./us', $this->current->textContent, $m);
+                $this->letters = $m[0];
+            }
+
+            $this->offset++;
+            $this->key++;
+            if ($this->letters && $this->offset < count($this->letters)) {
+                return;
+            }
+
+            $this->offset = -1;
+        }
+
+        while ($this->current->nodeType === XML_ELEMENT_NODE && $this->current->firstChild) {
+            $this->current = $this->current->firstChild;
+            if ($this->current->nodeType === XML_TEXT_NODE || $this->current->nodeType === XML_CDATA_SECTION_NODE) {
+                $this->next();
+                return;
+            }
+        }
+
+        while (!$this->current->nextSibling && $this->current->parentNode) {
+            $this->current = $this->current->parentNode;
+            if ($this->current === $this->start) {
+                $this->current = null;
+                return;
+            }
+        }
+
+        $this->current = $this->current->nextSibling;
+
+        $this->next();
+    }
+
+    /**
+     * Return the current element
+     * @link https://php.net/manual/en/iterator.current.php
+     *
+     * @return string|null
+     */
+    public function current(): ?string
+    {
+        return $this->letters ? $this->letters[$this->offset] : null;
+    }
+
+    /**
+     * Checks if current position is valid
+     * @link https://php.net/manual/en/iterator.valid.php
+     *
+     * @return bool
+     */
+    public function valid(): bool
+    {
+        return (bool)$this->current;
+    }
+
+    /**
+     * @return void
+     */
+    public function rewind(): void
+    {
+        $this->current = $this->start;
+        $this->offset = -1;
+        $this->key = 0;
+        $this->letters = [];
+
+        $this->next();
+    }
+}
+

system/src/DOMWordsIterator.php

@@ -0,0 +1,158 @@
+<?php
+
+/**
+ * Iterates individual words of DOM text and CDATA nodes
+ * while keeping track of their position in the document.
+ *
+ * Example:
+ *
+ *  $doc = new DOMDocument();
+ *  $doc->load('example.xml');
+ *  foreach(new DOMWordsIterator($doc) as $word) echo $word;
+ *
+ * @author pjgalbraith http://www.pjgalbraith.com
+ * @author porneL http://pornel.net (based on DOMLettersIterator available at http://pornel.net/source/domlettersiterator.php)
+ * @license Public Domain
+ * @url https://github.com/antoligy/dom-string-iterators
+ *
+ * @implements Iterator<int,string>
+ */
+
+final class DOMWordsIterator implements Iterator
+{
+    /** @var DOMElement */
+    private $start;
+    /** @var DOMElement|null */
+    private $current;
+    /** @var int */
+    private $offset = -1;
+    /** @var int|null */
+    private $key;
+    /** @var array<int,array<int,int|string>>|null */
+    private $words;
+
+    /**
+     * expects DOMElement or DOMDocument (see DOMDocument::load and DOMDocument::loadHTML)
+     *
+     * @param DOMNode $el
+     */
+    public function __construct(DOMNode $el)
+    {
+        if ($el instanceof DOMDocument) {
+            $el = $el->documentElement;
+        }
+
+        if (!$el instanceof DOMElement) {
+            throw new InvalidArgumentException('Invalid arguments, expected DOMElement or DOMDocument');
+        }
+
+        $this->start = $el;
+    }
+
+    /**
+     * Returns position in text as DOMText node and character offset.
+     * (it's NOT a byte offset, you must use mb_substr() or similar to use this offset properly).
+     * node may be NULL if iterator has finished.
+     *
+     * @return array
+     */
+    public function currentWordPosition(): array
+    {
+        return [$this->current, $this->offset, $this->words];
+    }
+
+    /**
+     * Returns DOMElement that is currently being iterated or NULL if iterator has finished.
+     *
+     * @return DOMElement|null
+     */
+    public function currentElement(): ?DOMElement
+    {
+        return $this->current ? $this->current->parentNode : null;
+    }
+
+    // Implementation of Iterator interface
+
+    /**
+     * Return the key of the current element
+     * @link https://php.net/manual/en/iterator.key.php
+     * @return int|null
+     */
+    public function key(): ?int
+    {
+        return $this->key;
+    }
+
+    /**
+     * @return void
+     */
+    public function next(): void
+    {
+        if (null === $this->current) {
+            return;
+        }
+
+        if ($this->current->nodeType === XML_TEXT_NODE || $this->current->nodeType === XML_CDATA_SECTION_NODE) {
+            if ($this->offset === -1) {
+                $this->words = preg_split("/[\n\r\t ]+/", $this->current->textContent, -1, PREG_SPLIT_NO_EMPTY|PREG_SPLIT_OFFSET_CAPTURE) ?: [];
+            }
+            $this->offset++;
+
+            if ($this->words && $this->offset < count($this->words)) {
+                $this->key++;
+                return;
+            }
+            $this->offset = -1;
+        }
+
+        while ($this->current->nodeType === XML_ELEMENT_NODE && $this->current->firstChild) {
+            $this->current = $this->current->firstChild;
+            if ($this->current->nodeType === XML_TEXT_NODE || $this->current->nodeType === XML_CDATA_SECTION_NODE) {
+                $this->next();
+                return;
+            }
+        }
+
+        while (!$this->current->nextSibling && $this->current->parentNode) {
+            $this->current = $this->current->parentNode;
+            if ($this->current === $this->start) {
+                $this->current = null;
+                return;
+            }
+        }
+
+        $this->current = $this->current->nextSibling;
+
+        $this->next();
+    }
+
+    /**
+     * Return the current element
+     * @link https://php.net/manual/en/iterator.current.php
+     * @return string|null
+     */
+    public function current(): ?string
+    {
+        return $this->words ? (string)$this->words[$this->offset][0] : null;
+    }
+
+    /**
+     * Checks if current position is valid
+     * @link https://php.net/manual/en/iterator.valid.php
+     * @return bool
+     */
+    public function valid(): bool
+    {
+        return (bool)$this->current;
+    }
+
+    public function rewind(): void
+    {
+        $this->current = $this->start;
+        $this->offset = -1;
+        $this->key = 0;
+        $this->words = [];
+
+        $this->next();
+    }
+}

system/src/Grav/Common/Assets.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Common
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
@@ -30,14 +30,21 @@ class Assets extends PropertyObject
     use TestingAssetsTrait;
     use LegacyAssetsTrait;
 
+    const LINK = 'link';
     const CSS = 'css';
     const JS = 'js';
+    const JS_MODULE = 'js_module';
+    const LINK_COLLECTION = 'assets_link';
     const CSS_COLLECTION = 'assets_css';
     const JS_COLLECTION = 'assets_js';
+    const JS_MODULE_COLLECTION = 'assets_js_module';
+    const LINK_TYPE = Assets\Link::class;
     const CSS_TYPE = Assets\Css::class;
     const JS_TYPE = Assets\Js::class;
+    const JS_MODULE_TYPE = Assets\JsModule::class;
     const INLINE_CSS_TYPE = Assets\InlineCss::class;
     const INLINE_JS_TYPE = Assets\InlineJs::class;
+    const INLINE_JS_MODULE_TYPE = Assets\InlineJsModule::class;
 
     /** @const Regex to match CSS and JavaScript files */
     const DEFAULT_REGEX = '/.\.(css|js)$/i';
@@ -48,15 +55,24 @@ class Assets extends PropertyObject
     /** @const Regex to match JavaScript files */
     const JS_REGEX = '/.\.js$/i';
 
+    /** @const Regex to match JavaScriptModyle files */
+    const JS_MODULE_REGEX = '/.\.mjs$/i';
+
     /** @var string */
     protected $assets_dir;
     /** @var string */
     protected $assets_url;
 
+    /** @var array */
+    protected $assets_link = [];
     /** @var array */
     protected $assets_css = [];
     /** @var array */
     protected $assets_js = [];
+    /** @var array  */
+    protected $assets_js_module = [];
+
+
 
     // Following variables come from the configuration:
     /** @var bool */
@@ -66,19 +82,17 @@ class Assets extends PropertyObject
     /** @var bool */
     protected $css_pipeline_before_excludes;
     /** @var bool */
-    protected $inlinecss_pipeline_include_externals;
-    /** @var bool */
-    protected $inlinecss_pipeline_before_excludes;
-    /** @var bool */
     protected $js_pipeline;
     /** @var bool */
     protected $js_pipeline_include_externals;
     /** @var bool */
     protected $js_pipeline_before_excludes;
     /** @var bool */
-    protected $inlinejs_pipeline_include_externals;
+    protected $js_module_pipeline;
     /** @var bool */
-    protected $inlinejs_pipeline_before_excludes;
+    protected $js_module_pipeline_include_externals;
+    /** @var bool */
+    protected $js_module_pipeline_before_excludes;
     /** @var array */
     protected $pipeline_options = [];
 
@@ -92,6 +106,8 @@ class Assets extends PropertyObject
     protected $collections;
     /** @var string */
     protected $timestamp;
+    /** @var array Keeping track for order counts (for sorting) */
+    protected $order = [];
 
     /**
      * Initialization called in the Grav lifecycle to initialize the Assets with appropriate configuration
@@ -108,7 +124,7 @@ class Assets extends PropertyObject
 
         /** @var UniformResourceLocator $locator */
         $locator = $grav['locator'];
-        $this->assets_dir = $locator->findResource('asset://') . DS;
+        $this->assets_dir = $locator->findResource('asset://');
         $this->assets_url = $locator->findResource('asset://', false);
 
         $this->config($asset_config);
@@ -162,10 +178,19 @@ class Assets extends PropertyObject
 
         // More than one asset
         if (is_array($asset)) {
-            foreach ($asset as $a) {
-                array_shift($args);
-                $args = array_merge([$a], $args);
-                call_user_func_array([$this, 'add'], $args);
+            foreach ($asset as $index => $location) {
+                $params = array_slice($args, 1);
+                if (is_array($location)) {
+                    $params = array_shift($params);
+                    if (is_numeric($params)) {
+                        $params = [ 'priority' => $params ];
+                    }
+                    $params = [array_replace_recursive([], $location, $params)];
+                    $location = $index;
+                }
+
+                $params = array_merge([$location], $params);
+                call_user_func_array([$this, 'add'], $params);
             }
         } elseif (isset($this->collections[$asset])) {
             array_shift($args);
@@ -173,7 +198,7 @@ class Assets extends PropertyObject
             call_user_func_array([$this, 'add'], $args);
         } else {
             // Get extension
-            $extension = pathinfo(parse_url($asset, PHP_URL_PATH), PATHINFO_EXTENSION);
+            $extension = Utils::pathinfo(parse_url($asset, PHP_URL_PATH), PATHINFO_EXTENSION);
 
             // JavaScript or CSS
             if ($extension !== '') {
@@ -182,6 +207,8 @@ class Assets extends PropertyObject
                     call_user_func_array([$this, 'addCss'], $args);
                 } elseif ($extension === 'js') {
                     call_user_func_array([$this, 'addJs'], $args);
+                } elseif ($extension === 'mjs') {
+                    call_user_func_array([$this, 'addJsModule'], $args);
                 }
             }
         }
@@ -199,14 +226,19 @@ class Assets extends PropertyObject
     protected function addType($collection, $type, $asset, $options)
     {
         if (is_array($asset)) {
-            foreach ($asset as $a) {
-                $this->addType($collection, $type, $a, $options);
+            foreach ($asset as $index => $location) {
+                $assetOptions = $options;
+                if (is_array($location)) {
+                    $assetOptions = array_replace_recursive([], $options, $location);
+                    $location = $index;
+                }
+                $this->addType($collection, $type, $location, $assetOptions);
             }
 
             return $this;
         }
 
-        if (($type === $this::CSS_TYPE || $type === $this::JS_TYPE) && isset($this->collections[$asset])) {
+        if ($this->isValidType($type) && isset($this->collections[$asset])) {
             $this->addType($collection, $type, $this->collections[$asset], $options);
             return $this;
         }
@@ -214,7 +246,9 @@ class Assets extends PropertyObject
         // If pipeline disabled, set to position if provided, else after
         if (isset($options['pipeline'])) {
             if ($options['pipeline'] === false) {
-                $exclude_type = ($type === $this::JS_TYPE || $type === $this::INLINE_JS_TYPE) ? $this::JS : $this::CSS;
+
+                $exclude_type = $this->getBaseType($type);
+
                 $excludes = strtolower($exclude_type . '_pipeline_before_excludes');
                 if ($this->{$excludes}) {
                     $default = 'after';
@@ -232,7 +266,15 @@ class Assets extends PropertyObject
         $options['timestamp'] = $this->timestamp;
 
         // Set order
-        $options['order'] = count($this->$collection);
+        $group = $options['group'] ?? 'head';
+        $position = $options['position'] ?? 'pipeline';
+
+        $orderKey = "{$type}|{$group}|{$position}";
+        if (!isset($this->order[$orderKey])) {
+           $this->order[$orderKey] = 0;
+        }
+
+        $options['order'] = $this->order[$orderKey]++;
 
         // Create asset of correct type
         $asset_object = new $type();
@@ -245,6 +287,16 @@ class Assets extends PropertyObject
         return $this;
     }
 
+    /**
+     * Add a CSS asset or a collection of assets.
+     *
+     * @return $this
+     */
+    public function addLink($asset)
+    {
+        return $this->addType($this::LINK_COLLECTION, $this::LINK_TYPE, $asset, $this->unifyLegacyArguments(func_get_args(), $this::LINK_TYPE));
+    }
+
     /**
      * Add a CSS asset or a collection of assets.
      *
@@ -285,6 +337,25 @@ class Assets extends PropertyObject
         return $this->addType($this::JS_COLLECTION, $this::INLINE_JS_TYPE, $asset, $this->unifyLegacyArguments(func_get_args(), $this::INLINE_JS_TYPE));
     }
 
+        /**
+     * Add a JS asset or a collection of assets.
+     *
+     * @return $this
+     */
+    public function addJsModule($asset)
+    {
+        return $this->addType($this::JS_MODULE_COLLECTION, $this::JS_MODULE_TYPE, $asset, $this->unifyLegacyArguments(func_get_args(), $this::JS_MODULE_TYPE));
+    }
+
+    /**
+     * Add an Inline JS asset or a collection of assets.
+     *
+     * @return $this
+     */
+    public function addInlineJsModule($asset)
+    {
+        return $this->addType($this::JS_MODULE_COLLECTION, $this::INLINE_JS_MODULE_TYPE, $asset, $this->unifyLegacyArguments(func_get_args(), $this::INLINE_JS_MODULE_TYPE));
+    }
 
     /**
      * Add/replace collection.
@@ -376,7 +447,7 @@ class Assets extends PropertyObject
         $after_assets = $this->filterAssets($group_assets, 'position', 'after', true);
 
         // Pipeline
-        if ($this->{$pipeline_enabled}) {
+        if ($this->{$pipeline_enabled} ?? false) {
             $options = array_merge($this->pipeline_options, ['timestamp' => $this->timestamp]);
 
             $pipeline = new Pipeline($options);
@@ -408,9 +479,29 @@ class Assets extends PropertyObject
      * @param  array  $attributes
      * @return string
      */
-    public function css($group = 'head', $attributes = [])
+    public function css($group = 'head', $attributes = [], $include_link = true)
     {
-        return $this->render('css', $group, $attributes);
+        $output = '';
+
+        if ($include_link) {
+            $output = $this->link($group, $attributes);
+        }
+
+        $output .= $this->render(self::CSS, $group, $attributes);
+
+        return $output;
+    }
+
+    /**
+     * Build the CSS link tags.
+     *
+     * @param  string $group name of the group
+     * @param  array  $attributes
+     * @return string
+     */
+    public function link($group = 'head', $attributes = [])
+    {
+        return $this->render(self::LINK, $group, $attributes);
     }
 
     /**
@@ -420,8 +511,58 @@ class Assets extends PropertyObject
      * @param  array  $attributes
      * @return string
      */
-    public function js($group = 'head', $attributes = [])
+    public function js($group = 'head', $attributes = [], $include_js_module = true)
     {
-        return $this->render('js', $group, $attributes);
+        $output = $this->render(self::JS, $group, $attributes);
+
+        if ($include_js_module) {
+            $output .= $this->jsModule($group, $attributes);
+        }
+
+        return $output;
+    }
+
+    /**
+     * Build the Javascript Modules tags
+     *
+     * @param $group
+     * @param $attributes
+     * @return string
+     */
+    public function jsModule($group = 'head', $attributes = [])
+    {
+        return $this->render(self::JS_MODULE, $group, $attributes);
+    }
+
+    public function all($group = 'head', $attributes = [])
+    {
+        $output = $this->css($group, $attributes, false);
+        $output .= $this->link($group, $attributes);
+        $output .= $this->js($group, $attributes, false);
+        $output .= $this->jsModule($group, $attributes);
+        return $output;
+    }
+
+    protected function isValidType($type)
+    {
+        return in_array($type, [self::CSS_TYPE, self::JS_TYPE, self::JS_MODULE_TYPE]);
+    }
+
+    protected function getBaseType($type)
+    {
+        switch ($type) {
+            case $this::JS_TYPE:
+            case $this::INLINE_JS_TYPE:
+                $base_type = $this::JS;
+                break;
+            case $this::JS_MODULE_TYPE:
+            case $this::INLINE_JS_MODULE_TYPE:
+                $base_type = $this::JS_MODULE;
+                break;
+            default:
+                $base_type = $this::CSS;
+        }
+
+        return $base_type;
     }
 }

system/src/Grav/Common/Assets/BaseAsset.php

@@ -3,17 +3,19 @@
 /**
  * @package    Grav\Common\Assets
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
 namespace Grav\Common\Assets;
 
 use Grav\Common\Assets\Traits\AssetUtilsTrait;
+use Grav\Common\Config\Config;
 use Grav\Common\Grav;
 use Grav\Common\Uri;
 use Grav\Common\Utils;
 use Grav\Framework\Object\PropertyObject;
+use RocketTheme\Toolbox\File\File;
 use SplFileInfo;
 
 /**
@@ -24,8 +26,9 @@ abstract class BaseAsset extends PropertyObject
 {
     use AssetUtilsTrait;
 
-    protected const CSS_ASSET = true;
-    protected const JS_ASSET = false;
+    protected const CSS_ASSET = 1;
+    protected const JS_ASSET = 2;
+    protected const JS_MODULE_ASSET = 3;
 
     /** @var string|false */
     protected $asset;
@@ -67,7 +70,7 @@ abstract class BaseAsset extends PropertyObject
      * @param array $elements
      * @param string|null $key
      */
-    public function __construct(array $elements = [], $key = null)
+    public function __construct(array $elements = [], ?string $key = null)
     {
         $base_config = [
             'group' => 'head',
@@ -90,6 +93,10 @@ abstract class BaseAsset extends PropertyObject
      */
     public function init($asset, $options)
     {
+        if (!$asset) {
+            return false;
+        }
+
         $config = Grav::instance()['config'];
         $uri = Grav::instance()['uri'];
 
@@ -124,7 +131,7 @@ abstract class BaseAsset extends PropertyObject
                 if ($locator->isStream($asset)) {
                     $path = $locator->findResource($asset, true);
                 } else {
-                    $path = GRAV_ROOT . $asset;
+                    $path = GRAV_WEBROOT . $asset;
                 }
 
                 // If local file is missing return
@@ -172,6 +179,35 @@ abstract class BaseAsset extends PropertyObject
         return $this;
     }
 
+    /**
+     * Receive asset location and return the SRI integrity hash
+     *
+     * @param string $input
+     * @return string
+     */
+    public static function integrityHash($input)
+    {
+        $grav = Grav::instance();
+        $uri = $grav['uri'];
+
+        $assetsConfig = $grav['config']->get('system.assets');
+
+        if (!self::isRemoteLink($input) && !empty($assetsConfig['enable_asset_sri']) && $assetsConfig['enable_asset_sri']) {
+            $input = preg_replace('#^' . $uri->rootUrl() . '#', '', $input);
+            $asset = File::instance(GRAV_WEBROOT . $input);
+
+            if ($asset->exists()) {
+                $dataToHash = $asset->content();
+                $hash = hash('sha256', $dataToHash, true);
+                $hash_base64 = base64_encode($hash);
+
+                return ' integrity="sha256-' . $hash_base64 . '"';
+            }
+        }
+
+        return '';
+    }
+
 
     /**
      *
@@ -183,7 +219,7 @@ abstract class BaseAsset extends PropertyObject
      */
 //    protected function getLastModificationTime($asset)
 //    {
-//        $file = GRAV_ROOT . $asset;
+//        $file = GRAV_WEBROOT . $asset;
 //        if (Grav::instance()['locator']->isStream($asset)) {
 //            $file = $this->buildLocalLink($asset, true);
 //        }
@@ -202,7 +238,7 @@ abstract class BaseAsset extends PropertyObject
     protected function buildLocalLink($asset)
     {
         if ($asset) {
-            return $this->base_url . ltrim(Utils::replaceFirstOccurrence(GRAV_ROOT, '', $asset), '/');
+            return $this->base_url . ltrim(Utils::replaceFirstOccurrence(GRAV_WEBROOT, '', $asset), '/');
         }
         return false;
     }
@@ -213,6 +249,7 @@ abstract class BaseAsset extends PropertyObject
      *
      * @return array
      */
+    #[\ReturnTypeWillChange]
     public function jsonSerialize()
     {
         return ['type' => $this->getType(), 'elements' => $this->getElements()];
@@ -228,6 +265,19 @@ abstract class BaseAsset extends PropertyObject
      */
     protected function cssRewrite($file, $dir, $local)
     {
-        return;
+        return '';
+    }
+
+    /**
+     * Finds relative JS urls() and rewrites the URL with an absolute one
+     *
+     * @param string $file the css source file
+     * @param string $dir local relative path to the css file
+     * @param bool $local is this a local or remote asset
+     * @return string
+     */
+    protected function jsRewrite($file, $dir, $local)
+    {
+        return '';
     }
 }

system/src/Grav/Common/Assets/BlockAssets.php

@@ -0,0 +1,207 @@
+<?php
+
+/**
+ * @package    Grav\Common\Assets
+ *
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
+ * @license    MIT License; see LICENSE file for details.
+ */
+
+namespace Grav\Common\Assets;
+
+use Grav\Common\Assets;
+use Grav\Common\Config\Config;
+use Grav\Common\Grav;
+use Grav\Framework\ContentBlock\HtmlBlock;
+use function strlen;
+
+/**
+ * Register block assets into Grav.
+ */
+class BlockAssets
+{
+    /**
+     * @param HtmlBlock $block
+     * @return void
+     */
+    public static function registerAssets(HtmlBlock $block): void
+    {
+        $grav = Grav::instance();
+
+        /** @var Assets $assets */
+        $assets = $grav['assets'];
+
+        $types = $block->getAssets();
+        foreach ($types as $type => $groups) {
+            switch ($type) {
+                case 'frameworks':
+                    static::registerFrameworks($assets, $groups);
+                    break;
+                case 'styles':
+                    static::registerStyles($assets, $groups);
+                    break;
+                case 'scripts':
+                    static::registerScripts($assets, $groups);
+                    break;
+                case 'links':
+                    static::registerLinks($assets, $groups);
+                    break;
+                case 'html':
+                    static::registerHtml($assets, $groups);
+                    break;
+            }
+        }
+    }
+
+    /**
+     * @param Assets $assets
+     * @param array $groups
+     * @return void
+     */
+    protected static function registerFrameworks(Assets $assets, array $list): void
+    {
+        if ($list) {
+            throw new \RuntimeException('Not Implemented');
+        }
+    }
+
+    /**
+     * @param Assets $assets
+     * @param array $groups
+     * @return void
+     */
+    protected static function registerStyles(Assets $assets, array $groups): void
+    {
+        $grav = Grav::instance();
+
+        /** @var Config $config */
+        $config = $grav['config'];
+
+        foreach ($groups as $group => $styles) {
+            foreach ($styles as $style) {
+                switch ($style[':type']) {
+                    case 'file':
+                        $options = [
+                            'priority' => $style[':priority'],
+                            'group' => $group,
+                            'type' => $style['type'],
+                            'media' => $style['media']
+                        ] + $style['element'];
+
+                        $assets->addCss(static::getRelativeUrl($style['href'], $config->get('system.assets.css_pipeline')), $options);
+                        break;
+                    case 'inline':
+                        $options = [
+                            'priority' => $style[':priority'],
+                            'group' => $group,
+                            'type' => $style['type'],
+                        ] + $style['element'];
+
+                        $assets->addInlineCss($style['content'], $options);
+                        break;
+                }
+            }
+        }
+    }
+
+    /**
+     * @param Assets $assets
+     * @param array $groups
+     * @return void
+     */
+    protected static function registerScripts(Assets $assets, array $groups): void
+    {
+        $grav = Grav::instance();
+
+        /** @var Config $config */
+        $config = $grav['config'];
+
+        foreach ($groups as $group => $scripts) {
+            $group = $group === 'footer' ? 'bottom' : $group;
+
+            foreach ($scripts as $script) {
+                switch ($script[':type']) {
+                    case 'file':
+                        $options = [
+                            'group' => $group,
+                            'priority' => $script[':priority'],
+                            'src' => $script['src'],
+                            'type' => $script['type'],
+                            'loading' => $script['loading'],
+                            'defer' => $script['defer'],
+                            'async' => $script['async'],
+                            'handle' => $script['handle']
+                        ] + $script['element'];
+
+                        $assets->addJs(static::getRelativeUrl($script['src'], $config->get('system.assets.js_pipeline')), $options);
+                        break;
+                    case 'inline':
+                        $options = [
+                            'priority' => $script[':priority'],
+                            'group' => $group,
+                            'type' => $script['type'],
+                            'loading' => $script['loading']
+                        ] + $script['element'];
+
+                        $assets->addInlineJs($script['content'], $options);
+                        break;
+                }
+            }
+        }
+    }
+
+    /**
+     * @param Assets $assets
+     * @param array $groups
+     * @return void
+     */
+    protected static function registerLinks(Assets $assets, array $groups): void
+    {
+        foreach ($groups as $group => $links) {
+            foreach ($links as $link) {
+                $href = $link['href'];
+                $options = [
+                    'group' => $group,
+                    'priority' => $link[':priority'],
+                    'rel' => $link['rel'],
+                ] + $link['element'];
+
+                $assets->addLink($href, $options);
+            }
+        }
+    }
+
+    /**
+     * @param Assets $assets
+     * @param array $groups
+     * @return void
+     */
+    protected static function registerHtml(Assets $assets, array $groups): void
+    {
+        if ($groups) {
+            throw new \RuntimeException('Not Implemented');
+        }
+    }
+
+    /**
+     * @param string $url
+     * @param bool $pipeline
+     * @return string
+     */
+    protected static function getRelativeUrl($url, $pipeline)
+    {
+        $grav = Grav::instance();
+
+        $base = rtrim($grav['base_url'], '/') ?: '/';
+
+        if (strpos($url, $base) === 0) {
+            if ($pipeline) {
+                // Remove file timestamp if CSS pipeline has been enabled.
+                $url = preg_replace('|[?#].*|', '', $url);
+            }
+
+            return substr($url, strlen($base) - 1);
+        }
+        return $url;
+    }
+}

system/src/Grav/Common/Assets/Css.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Common\Assets
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
@@ -22,7 +22,7 @@ class Css extends BaseAsset
      * @param array $elements
      * @param string|null $key
      */
-    public function __construct(array $elements = [], $key = null)
+    public function __construct(array $elements = [], ?string $key = null)
     {
         $base_options = [
             'asset_type' => 'css',
@@ -47,6 +47,6 @@ class Css extends BaseAsset
             return "<style>\n" . trim($buffer) . "\n</style>\n";
         }
 
-        return '<link href="' . trim($this->asset) . $this->renderQueryString() . '"' . $this->renderAttributes() . ">\n";
+        return '<link href="' . trim($this->asset) . $this->renderQueryString() . '"' . $this->renderAttributes() . $this->integrityHash($this->asset) . ">\n";
     }
 }

system/src/Grav/Common/Assets/InlineCss.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Common\Assets
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
@@ -22,7 +22,7 @@ class InlineCss extends BaseAsset
      * @param array $elements
      * @param string|null $key
      */
-    public function __construct(array $elements = [], $key = null)
+    public function __construct(array $elements = [], ?string $key = null)
     {
         $base_options = [
             'asset_type' => 'css',

system/src/Grav/Common/Assets/InlineJs.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Common\Assets
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
@@ -22,7 +22,7 @@ class InlineJs extends BaseAsset
      * @param array $elements
      * @param string|null $key
      */
-    public function __construct(array $elements = [], $key = null)
+    public function __construct(array $elements = [], ?string $key = null)
     {
         $base_options = [
             'asset_type' => 'js',

system/src/Grav/Common/Assets/InlineJsModule.php

@@ -0,0 +1,46 @@
+<?php
+
+/**
+ * @package    Grav\Common\Assets
+ *
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
+ * @license    MIT License; see LICENSE file for details.
+ */
+
+namespace Grav\Common\Assets;
+
+use Grav\Common\Utils;
+
+/**
+ * Class InlineJs
+ * @package Grav\Common\Assets
+ */
+class InlineJsModule extends BaseAsset
+{
+    /**
+     * InlineJs constructor.
+     * @param array $elements
+     * @param string|null $key
+     */
+    public function __construct(array $elements = [], ?string $key = null)
+    {
+        $base_options = [
+            'asset_type' => 'js_module',
+            'attributes' => ['type' => 'module'],
+            'position' => 'after'
+        ];
+
+        $merged_attributes = Utils::arrayMergeRecursiveUnique($base_options, $elements);
+
+        parent::__construct($merged_attributes, $key);
+    }
+
+    /**
+     * @return string
+     */
+    public function render()
+    {
+        return '<script' . $this->renderAttributes(). ">\n" . trim($this->asset) . "\n</script>\n";
+    }
+
+}

system/src/Grav/Common/Assets/Js.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Common\Assets
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
@@ -22,7 +22,7 @@ class Js extends BaseAsset
      * @param array $elements
      * @param string|null $key
      */
-    public function __construct(array $elements = [], $key = null)
+    public function __construct(array $elements = [], ?string $key = null)
     {
         $base_options = [
             'asset_type' => 'js',
@@ -43,6 +43,6 @@ class Js extends BaseAsset
             return '<script' . $this->renderAttributes() . ">\n" . trim($buffer) . "\n</script>\n";
         }
 
-        return '<script src="' . trim($this->asset) . $this->renderQueryString() . '"' . $this->renderAttributes() . "></script>\n";
+        return '<script src="' . trim($this->asset) . $this->renderQueryString() . '"' . $this->renderAttributes() . $this->integrityHash($this->asset) . "></script>\n";
     }
 }

system/src/Grav/Common/Assets/JsModule.php

@@ -0,0 +1,49 @@
+<?php
+
+/**
+ * @package    Grav\Common\Assets
+ *
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
+ * @license    MIT License; see LICENSE file for details.
+ */
+
+namespace Grav\Common\Assets;
+
+use Grav\Common\Utils;
+
+/**
+ * Class Js
+ * @package Grav\Common\Assets
+ */
+class JsModule extends BaseAsset
+{
+    /**
+     * Js constructor.
+     * @param array $elements
+     * @param string|null $key
+     */
+    public function __construct(array $elements = [], ?string $key = null)
+    {
+        $base_options = [
+            'asset_type' => 'js_module',
+            'attributes' => ['type' => 'module']
+        ];
+
+        $merged_attributes = Utils::arrayMergeRecursiveUnique($base_options, $elements);
+
+        parent::__construct($merged_attributes, $key);
+    }
+
+        /**
+     * @return string
+     */
+    public function render()
+    {
+        if (isset($this->attributes['loading']) && $this->attributes['loading'] === 'inline') {
+            $buffer = $this->gatherLinks([$this], self::JS_MODULE_ASSET);
+            return '<script' . $this->renderAttributes() . ">\n" . trim($buffer) . "\n</script>\n";
+        }
+
+        return '<script src="' . trim($this->asset) . $this->renderQueryString() . '"' . $this->renderAttributes() . $this->integrityHash($this->asset) . "></script>\n";
+    }
+}

system/src/Grav/Common/Assets/Link.php

@@ -0,0 +1,43 @@
+<?php
+
+/**
+ * @package    Grav\Common\Assets
+ *
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
+ * @license    MIT License; see LICENSE file for details.
+ */
+
+namespace Grav\Common\Assets;
+
+use Grav\Common\Utils;
+
+/**
+ * Class Link
+ * @package Grav\Common\Assets
+ */
+class Link extends BaseAsset
+{
+    /**
+     * Css constructor.
+     * @param array $elements
+     * @param string|null $key
+     */
+    public function __construct(array $elements = [], ?string $key = null)
+    {
+        $base_options = [
+            'asset_type' => 'link',
+        ];
+
+        $merged_attributes = Utils::arrayMergeRecursiveUnique($base_options, $elements);
+
+        parent::__construct($merged_attributes, $key);
+    }
+
+    /**
+     * @return string
+     */
+    public function render()
+    {
+        return '<link href="' . trim($this->asset) . $this->renderQueryString() . '"' . $this->renderAttributes() . $this->integrityHash($this->asset) . ">\n";
+    }
+}

system/src/Grav/Common/Assets/Pipeline.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Common\Assets
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
@@ -11,6 +11,7 @@ namespace Grav\Common\Assets;
 
 use Grav\Common\Assets\Traits\AssetUtilsTrait;
 use Grav\Common\Config\Config;
+use Grav\Common\Filesystem\Folder;
 use Grav\Common\Grav;
 use Grav\Common\Uri;
 use Grav\Common\Utils;
@@ -28,12 +29,16 @@ class Pipeline extends PropertyObject
 {
     use AssetUtilsTrait;
 
-    protected const CSS_ASSET = true;
-    protected const JS_ASSET = false;
+    protected const CSS_ASSET = 1;
+    protected const JS_ASSET = 2;
+    protected const JS_MODULE_ASSET = 3;
 
     /** @const Regex to match CSS urls */
     protected const CSS_URL_REGEX = '{url\(([\'\"]?)(.*?)\1\)}';
 
+    /** @const Regex to match JS imports */
+    protected const JS_IMPORT_REGEX = '{import.+from\s?[\'|\"](.+?)[\'|\"]}';
+
     /** @const Regex to match CSS sourcemap comments */
     protected const CSS_SOURCEMAP_REGEX = '{\/\*# (.*?) \*\/}';
 
@@ -87,7 +92,14 @@ class Pipeline extends PropertyObject
         $uri = Grav::instance()['uri'];
 
         $this->base_url = rtrim($uri->rootUrl($config->get('system.absolute_urls')), '/') . '/';
-        $this->assets_dir = $locator->findResource('asset://') . DS;
+        $this->assets_dir = $locator->findResource('asset://');
+        if (!$this->assets_dir) {
+            // Attempt to create assets folder if it doesn't exist yet.
+            $this->assets_dir = $locator->findResource('asset://', true, true);
+            Folder::mkdir($this->assets_dir);
+            $locator->clearCache();
+        }
+
         $this->assets_url = $locator->findResource('asset://', false);
     }
 
@@ -114,14 +126,13 @@ class Pipeline extends PropertyObject
 
         // Compute uid based on assets and timestamp
         $json_assets = json_encode($assets);
-        $uid = md5($json_assets . $this->css_minify . $this->css_rewrite . $group);
+        $uid = md5($json_assets . (int)$this->css_minify . (int)$this->css_rewrite . $group);
         $file = $uid . '.css';
         $relative_path = "{$this->base_url}{$this->assets_url}/{$file}";
 
-        $buffer = null;
-
-        if (file_exists($this->assets_dir . $file)) {
-            $buffer = file_get_contents($this->assets_dir . $file) . "\n";
+        $filepath = "{$this->assets_dir}/{$file}";
+        if (file_exists($filepath)) {
+            $buffer = file_get_contents($filepath) . "\n";
         } else {
             //if nothing found get out of here!
             if (empty($assets)) {
@@ -140,7 +151,7 @@ class Pipeline extends PropertyObject
 
             // Write file
             if (trim($buffer) !== '') {
-                file_put_contents($this->assets_dir . $file, $buffer);
+                file_put_contents($filepath, $buffer);
             }
         }
 
@@ -148,7 +159,7 @@ class Pipeline extends PropertyObject
             $output = "<style>\n" . $buffer . "\n</style>\n";
         } else {
             $this->asset = $relative_path;
-            $output = '<link href="' . $relative_path . $this->renderQueryString() . '"' . $this->renderAttributes() . ">\n";
+            $output = '<link href="' . $relative_path . $this->renderQueryString() . '"' . $this->renderAttributes() . BaseAsset::integrityHash($this->asset) . ">\n";
         }
 
         return $output;
@@ -162,7 +173,7 @@ class Pipeline extends PropertyObject
      * @param array $attributes
      * @return bool|string     URL or generated content if available, else false
      */
-    public function renderJs($assets, $group, $attributes = [])
+    public function renderJs($assets, $group, $attributes = [], $type = self::JS_ASSET)
     {
         // temporary list of assets to pipeline
         $inline_group = false;
@@ -181,10 +192,9 @@ class Pipeline extends PropertyObject
         $file = $uid . '.js';
         $relative_path = "{$this->base_url}{$this->assets_url}/{$file}";
 
-        $buffer = null;
-
-        if (file_exists($this->assets_dir . $file)) {
-            $buffer = file_get_contents($this->assets_dir . $file) . "\n";
+        $filepath = "{$this->assets_dir}/{$file}";
+        if (file_exists($filepath)) {
+            $buffer = file_get_contents($filepath) . "\n";
         } else {
             //if nothing found get out of here!
             if (empty($assets)) {
@@ -192,7 +202,7 @@ class Pipeline extends PropertyObject
             }
 
             // Concatenate files
-            $buffer = $this->gatherLinks($assets, self::JS_ASSET);
+            $buffer = $this->gatherLinks($assets, $type);
 
             // Minify if required
             if ($this->shouldMinify('js')) {
@@ -203,7 +213,7 @@ class Pipeline extends PropertyObject
 
             // Write file
             if (trim($buffer) !== '') {
-                file_put_contents($this->assets_dir . $file, $buffer);
+                file_put_contents($filepath, $buffer);
             }
         }
 
@@ -211,12 +221,25 @@ class Pipeline extends PropertyObject
             $output = '<script' . $this->renderAttributes(). ">\n" . $buffer . "\n</script>\n";
         } else {
             $this->asset = $relative_path;
-            $output = '<script src="' . $relative_path . $this->renderQueryString() . '"' . $this->renderAttributes() . "></script>\n";
+            $output = '<script src="' . $relative_path . $this->renderQueryString() . '"' . $this->renderAttributes() . BaseAsset::integrityHash($this->asset) . "></script>\n";
         }
 
         return $output;
     }
 
+        /**
+     * Minify and concatenate JS files.
+     *
+     * @param array $assets
+     * @param string $group
+     * @param array $attributes
+     * @return bool|string     URL or generated content if available, else false
+     */
+    public function renderJs_Module($assets, $group, $attributes = [])
+    {
+        $attributes['type'] = 'module';
+        return $this->renderJs($assets, $group, $attributes, self::JS_MODULE_ASSET);
+    }
 
     /**
      * Finds relative CSS urls() and rewrites the URL with an absolute one
@@ -248,7 +271,7 @@ class Pipeline extends PropertyObject
                 $old_url = ltrim($old_url, '/');
             }
 
-            $new_url = ($local ? $this->base_url: '') . $old_url;
+            $new_url = ($local ? $this->base_url : '') . $old_url;
 
             return str_replace($matches[2], $new_url, $matches[0]);
         }, $file);
@@ -256,6 +279,42 @@ class Pipeline extends PropertyObject
         return $file;
     }
 
+    /**
+     * Finds relative JS urls() and rewrites the URL with an absolute one
+     *
+     * @param string $file the css source file
+     * @param string $dir local relative path to the css file
+     * @param bool $local is this a local or remote asset
+     * @return string
+     */
+    protected function jsRewrite($file, $dir, $local)
+    {
+        // Find any js import elements, grab the URLs and calculate an absolute path
+        // Then replace the old url with the new one
+        $file = (string)preg_replace_callback(self::JS_IMPORT_REGEX, function ($matches) use ($dir, $local) {
+
+            $old_url = $matches[1];
+
+            // Ensure link is not rooted to web server, a data URL, or to a remote host
+            if (preg_match(self::FIRST_FORWARDSLASH_REGEX, $old_url) || $this->isRemoteLink($old_url)) {
+                return $matches[0];
+            }
+
+            // clean leading /
+            $old_url = Utils::normalizePath($dir . '/' . $old_url);
+            $old_url = str_replace('/./', '/', $old_url);
+            if (preg_match(self::FIRST_FORWARDSLASH_REGEX, $old_url)) {
+                $old_url = ltrim($old_url, '/');
+            }
+
+            $new_url = ($local ? $this->base_url : '') . $old_url;
+
+            return str_replace($matches[1], $new_url, $matches[0]);
+        }, $file);
+
+        return $file;
+    }
+
     /**
      * @param string $type
      * @return bool

system/src/Grav/Common/Assets/Traits/AssetUtilsTrait.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Common\Assets\Traits
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
@@ -62,15 +62,13 @@ trait AssetUtilsTrait
      * Download and concatenate the content of several links.
      *
      * @param  array $assets
-     * @param  bool $css
+     * @param  int $type
      * @return string
      */
-    protected function gatherLinks(array $assets, $css = true)
+    protected function gatherLinks(array $assets, int $type = self::CSS_ASSET): string
     {
         $buffer = '';
-
-
-        foreach ($assets as $id => $asset) {
+        foreach ($assets as $asset) {
             $local = true;
 
             $link = $asset->getAsset();
@@ -90,7 +88,7 @@ trait AssetUtilsTrait
                 }
 
                 $relative_dir = dirname($relative_path);
-                $link = ROOT_DIR . $relative_path;
+                $link = GRAV_ROOT . '/' . $relative_path;
             }
 
             // TODO: looks like this is not being used.
@@ -102,21 +100,25 @@ trait AssetUtilsTrait
             }
 
             // Double check last character being
-            if (!$css) {
+            if ($type === self::JS_ASSET || $type === self::JS_MODULE_ASSET) {
                 $file = rtrim($file, ' ;') . ';';
             }
 
             // If this is CSS + the file is local + rewrite enabled
-            if ($css && $this->css_rewrite) {
+            if ($type === self::CSS_ASSET && $this->css_rewrite) {
                 $file = $this->cssRewrite($file, $relative_dir, $local);
             }
 
+            if ($type === self::JS_MODULE_ASSET) {
+                $file = $this->jsRewrite($file, $relative_dir, $local);
+            }
+
             $file = rtrim($file) . PHP_EOL;
             $buffer .= $file;
         }
 
         // Pull out @imports and move to top
-        if ($css) {
+        if ($type === self::CSS_ASSET) {
             $buffer = $this->moveImports($buffer);
         }
 
@@ -135,7 +137,7 @@ trait AssetUtilsTrait
 
         $imports = [];
 
-        $file = (string)preg_replace_callback($regex, function ($matches) use (&$imports) {
+        $file = (string)preg_replace_callback($regex, static function ($matches) use (&$imports) {
             $imports[] = $matches[0];
 
             return '';
@@ -156,6 +158,10 @@ trait AssetUtilsTrait
         $no_key = ['loading'];
 
         foreach ($this->attributes as $key => $value) {
+            if ($value === null) {
+                continue;
+            }
+
             if (is_numeric($key)) {
                 $key = $value;
             }
@@ -196,7 +202,7 @@ trait AssetUtilsTrait
         }
 
         if ($this->timestamp) {
-            if (Utils::contains($asset, '?') || $querystring) {
+            if ($querystring || Utils::contains($asset, '?')) {
                 $querystring .=  '&' . $this->timestamp;
             } else {
                 $querystring .= '?' . $this->timestamp;

system/src/Grav/Common/Assets/Traits/LegacyAssetsTrait.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Common\Assets\Traits
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 

system/src/Grav/Common/Assets/Traits/TestingAssetsTrait.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Common\Assets\Traits
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
@@ -189,6 +189,7 @@ trait TestingAssetsTrait
         $this->resetJs();
         $this->setCssPipeline(false);
         $this->setJsPipeline(false);
+        $this->order = [];
 
         return $this;
     }
@@ -251,7 +252,7 @@ trait TestingAssetsTrait
      */
     public function addDir($directory, $pattern = self::DEFAULT_REGEX)
     {
-        $root_dir = rtrim(ROOT_DIR, '/');
+        $root_dir = GRAV_ROOT;
 
         // Check if $directory is a stream.
         if (strpos($directory, '://')) {
@@ -284,6 +285,15 @@ trait TestingAssetsTrait
             return $this;
         }
 
+        // Add JavaScript Module files
+        if ($pattern === self::JS_MODULE_REGEX) {
+            foreach ($files as $file) {
+                $this->addJsModule($file);
+            }
+
+            return $this;
+        }
+
         // Unknown pattern.
         foreach ($files as $asset) {
             $this->add($asset);

system/src/Grav/Common/Backup/Backups.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Common\Backup
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
@@ -105,7 +105,7 @@ class Backups
     public function getBackupDownloadUrl($backup, $base_url)
     {
         $param_sep = $param_sep = Grav::instance()['config']->get('system.param_sep', ':');
-        $download = urlencode(base64_encode(basename($backup)));
+        $download = urlencode(base64_encode(Utils::basename($backup)));
         $url      = rtrim(Grav::instance()['uri']->rootUrl(true), '/') . '/' . trim(
             $base_url,
             '/'
@@ -144,9 +144,8 @@ class Backups
     public static function getTotalBackupsSize()
     {
         $backups = static::getAvailableBackups();
-        $size = array_sum(array_column($backups, 'size'));
 
-        return $size ?? 0;
+        return $backups ? array_sum(array_column($backups, 'size')) : 0;
     }
 
     /**
@@ -222,7 +221,7 @@ class Backups
             $backup_root = rtrim(GRAV_ROOT . $backup_root, '/');
         }
 
-        if (!file_exists($backup_root)) {
+        if (!$backup_root || !file_exists($backup_root)) {
             throw new RuntimeException("Backup location: {$backup_root} does not exist...");
         }
 

system/src/Grav/Common/Browser.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Common
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 

system/src/Grav/Common/Cache.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Common
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 
@@ -71,6 +71,7 @@ class Cache extends Getters
         'cache://twig/',
         'cache://doctrine/',
         'cache://compiled/',
+        'cache://clockwork/',
         'cache://validated-',
         'cache://images',
         'asset://',
@@ -80,6 +81,7 @@ class Cache extends Getters
         'cache://twig/',
         'cache://doctrine/',
         'cache://compiled/',
+        'cache://clockwork/',
         'cache://validated-',
         'asset://',
     ];
@@ -125,7 +127,6 @@ class Cache extends Getters
      */
     public function init(Grav $grav)
     {
-        /** @var Config $config */
         $this->config = $grav['config'];
         $this->now = time();
 
@@ -140,7 +141,7 @@ class Cache extends Getters
         $uniqueness = substr(md5($uri->rootUrl(true) . $this->config->key() . GRAV_VERSION), 2, 8);
 
         // Cache key allows us to invalidate all cache on configuration changes.
-        $this->key = ($prefix ? $prefix : 'g') . '-' . $uniqueness;
+        $this->key = ($prefix ?: 'g') . '-' . $uniqueness;
         $this->cache_dir = $grav['locator']->findResource('cache://doctrine/' . $uniqueness, true, true);
         $this->driver_setting = $this->config->get('system.cache.driver');
         $this->driver = $this->getCacheDriver();
@@ -176,7 +177,7 @@ class Cache extends Getters
     public function purgeOldCache()
     {
         $cache_dir = dirname($this->cache_dir);
-        $current = basename($this->cache_dir);
+        $current = Utils::basename($this->cache_dir);
         $count = 0;
 
         foreach (new DirectoryIterator($cache_dir) as $file) {
@@ -296,6 +297,7 @@ class Cache extends Getters
                     $redis = new \Redis();
                     $socket = $this->config->get('system.cache.redis.socket', false);
                     $password = $this->config->get('system.cache.redis.password', false);
+                    $databaseId = $this->config->get('system.cache.redis.database', 0);
 
                     if ($socket) {
                         $redis->connect($socket);
@@ -311,6 +313,11 @@ class Cache extends Getters
                         throw new \RedisException('Redis authentication failed');
                     }
 
+                    // Select alternate ( !=0 ) database ID if set
+                    if ($databaseId && !$redis->select($databaseId)) {
+                        throw new \RedisException('Could not select alternate Redis database ID');
+                    }
+
                     $driver = new DoctrineCache\RedisCache();
                     $driver->setRedis($redis);
                 } else {
@@ -492,7 +499,7 @@ class Cache extends Getters
                                 $anything = true;
                             }
                         } elseif (is_dir($file)) {
-                            if (Folder::delete($file)) {
+                            if (Folder::delete($file, false)) {
                                 $anything = true;
                             }
                         }
@@ -611,11 +618,7 @@ class Cache extends Getters
      */
     public function isVolatileDriver($setting)
     {
-        if (in_array($setting, ['apc', 'apcu', 'xcache', 'wincache'])) {
-            return true;
-        }
-
-        return false;
+        return in_array($setting, ['apc', 'apcu', 'xcache', 'wincache'], true);
     }
 
     /**

system/src/Grav/Common/Composer.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Common
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */
 

system/src/Grav/Common/Config/CompiledBase.php

@@ -3,7 +3,7 @@
 /**
  * @package    Grav\Common\Config
  *
- * @copyright  Copyright (C) 2015 - 2020 Trilby Media, LLC. All rights reserved.
+ * @copyright  Copyright (c) 2015 - 2022 Trilby Media, LLC. All rights reserved.
  * @license    MIT License; see LICENSE file for details.
  */