Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content

Grav CMS

15 Topics 176 Posts
  • Grav CMS - Package Updates

    Pinned Locked
    95
    0 Votes
    95 Posts
    69k Views
    Package UpdatesP
    [1.10.11] Update grav to 2.0.11 Full Changelog You can now filter, sort, and group a page's media by the values in their .meta.yaml metafiles directly in Twig, with new filterBy, where, findBy, sortBy, groupBy, and withMeta methods on page.media. Fixes getgrav/grav#4200. [security] A page editor can no longer read arbitrary files from the server by pointing an image watermark at a traversal path such as carrier.png?watermark=../secret.png; an editor-supplied watermark path is now confined to the site's media, while operator-configured watermarks and stream URIs are unaffected (GHSA-w3f4-8pj2-599w). [security] A page-edit account can no longer reach file-disclosure or secret-read functions by naming an arbitrary Class::method as a dynamic field's data provider; qualified providers are now limited to a known-safe allowlist, closing a bypass of the guard added in 2.0.7 and 2.0.9 (GHSA-7pgq-cr25-xvc8, GHSA-cxv3-5jj3-cpgr). A page is no longer blanked when viewed just because a trusted plugin or shortcode on it outputs markup the content security scan flags, such as an embed, form, or icon; the check that guards against dangerous editor content now runs once when the page is saved rather than every time it is rendered (GHSA-2c4f-86xc-cr74). [security] Page content that uses Twig to assemble disallowed markup at render time, such as building an event handler or a <script> tag from separate pieces, is now refused when you save the page instead of being allowed through to visitors. The raw Twig filter is no longer allowed inside editor-authored page content, so page content can no longer output unescaped dynamic values past the content security check; trusted theme templates are unaffected.
  • Grav 2.0 - copying a page is slow

    24
    2 Votes
    24 Posts
    490 Views
    robiR
    @superhua good to verify. Find an issue upstream or file one?
  • Grav 2.0 - migration recommended, but may not be possible (?)

    3
    0 Votes
    3 Posts
    114 Views
    S
    True, but Admin 1 does not look to be compatible with Grav 2 (which was made to work with Admin 2). Further, at least from my understanding, there are other issues that arose for our site that would have been mitigated through the migration process.
  • Login Security Warning

    5
    1
    2 Votes
    5 Posts
    185 Views
    M
    @girish Hello. The updates did solve it and the banner disappeared. Thx.
  • Updating to beta version?

    4
    1 Votes
    4 Posts
    640 Views
    girishG
    @superhua whoops yes, my mistake. I put a wrong regexp. But I also found that all that 1.7.50.x releases have been removed upstream - https://discourse.getgrav.org/t/upgrade-to-grav-v1-7-50-9-not-working/29222/4 . I will revoke all the packages .
  • Grav Git sync

    12
    1 Votes
    12 Posts
    6k Views
    C
    I have this working in both directions now! The key was : 14 su www-data -c 'git config --global user.name ReachableCEO' 15 su www-data -c 'git config --global user.email charles@turnsys.com' And I then created a page in grav and it synced up to my repo: [image: 1751809993049-d33c2657-6655-4fa5-a197-c06bce068c7b-image-resized.png] Thanks to everyone for the assistance!
  • Theme development workflow ?

    3
    0 Votes
    3 Posts
    1k Views
    M
    Yes indeed, that's how I proceeded in the end. It worked fairly well. BTW, I just came across the remote development feature of the Zed editor (https://zed.dev/docs/remote-development). Don't know if that could work in an app/code/ directory but if, it will make coding Grav easier.
  • Excessive backup size

    2
    1 Votes
    2 Posts
    783 Views
    J
    @martinv It looks like Grav creates it's own backups by default there. You can change this in /admin/tools The default is 5GB which matches your size! Technically, Cloudron already takes backups , so these backups are sort of redundant [image: 1730918895452-4495d127-a027-4345-b484-69906f865019-image.png]
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    2 Views
    No one has replied
  • Multisite Support

    3
    1 Votes
    3 Posts
    2k Views
    J
    @girish said in Multisite Support: @JLX89 not yet! I think when the Grav CLI is updated, it would be easier to test things out a bit more. That sounds great, thank you!
  • Admin plugin update

    3
    0 Votes
    3 Posts
    1k Views
    A
    @girish Thank you!
  • Logos has been removed after app restart

    6
    2
    0 Votes
    6 Posts
    3k Views
    theompmT
    @girish good job. it works
  • Grav LDAP login plugin

    2
    0 Votes
    2 Posts
    948 Views
    girishG
    The package was initially made by @jimcavoli . It seems he initially packaged with LDAP but subsequently removed it - https://git.cloudron.io/cloudron/grav-app/-/commit/94f656384e6c808e5a2bbc59e944f587f5362382 . @jimcavoli do you remember why?
  • Cron for Backups

    Solved
    5
    1
    0 Votes
    5 Posts
    3k Views
    ?
    Oh yes, i just realized that it actually is already setup. Sorry - works fine
  • Plugins do not work well

    Solved
    8
    0 Votes
    8 Posts
    4k Views
    nebulonN
    In my case I was installing the plugin via the webinterface. To reset the permissions usually in all apps an app restart does this already. So maybe indeed a simply app restart fixes that.