Merge branch 'release/1.10.20'

getgrav · Sep 1, 2021 · cc6af64 · cc6af64
2 parents 120ea4a + 3440462
commit cc6af64
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,10 @@
+# v1.10.20
+## 09/01/2021
+
+3. [](#bugfix)
+    * Fixed regression `Argument 4 passed to Grav\Plugin\Form\TwigExtension::prepareFormField() must be of the type array` [#2177](https://github.com/getgrav/grav-plugin-admin/issues/2177)
+    * Fixed `X-Frame-Options` to be `DENY` in all admin pages to prevent a clickjacking attack
+
 # v1.10.19
 ## 08/31/2021
 

diff --git a/blueprints.yaml b/blueprints.yaml
@@ -1,7 +1,7 @@
 name: Admin Panel
 slug: admin
 type: plugin
-version: 1.10.19
+version: 1.10.20
 description: Adds an advanced administration panel to manage your site
 icon: empire
 author:

diff --git a/classes/plugin/Router.php b/classes/plugin/Router.php
@@ -67,6 +67,6 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
         $this->stopTimer();
 
         // Never allow admin pages to be rendered in <frame>, <iframe>, <embed> or <object> for improved security.
-        return $response->withHeader('X-Frame-Options', 'NONE');
+        return $response->withHeader('X-Frame-Options', 'DENY');
     }
 }
diff --git a/themes/grav/templates/forms/fields/fieldset/fieldset.html.twig b/themes/grav/templates/forms/fields/fieldset/fieldset.html.twig
@@ -54,7 +54,7 @@
 
               {% if field.fields %}
                   {% for child_name, child in field.fields %}
-                      {% set child = prepare_form_field(child, child_name, field.name, key) %}
+                      {% set child = prepare_form_field(child, child_name, field.name, {key: key}) %}
                       {% if child %}
                         {% set default_layout = 'text' %}
                           {% if child.type == 'key' or child.key == true %}