Security improvements backported from v1.1:
URL::to()
and url()
) will now always return a slash after the hostname and properly URL-encode values with the dot segments processed out.getRealUser()
to Winter\Storm\Auth\Manager
to get the real user for the current request, taking into account user impersonationcanBeImpersonated($impersonator = false)
to Winter\Storm\Auth\Models\User
and models extending it (i.e. Backend\Models\User
); used to determine if the provided impersonator can impersonate the selected user.model.user.beforeImpersonate
to a halting event so that third party plugins are able to override the default return values from canBeImpersonated() to implement more or less strict impersonation protection policies as desired on a per project basis by returning a boolean flag indicating if the user can be impersonated or notUrl::to()
and url()
now return properly URL-encoded valuespost()
could return values when the request was not a valid POST
requestSign up to our newsletter and receive updates on Winter releases, new features in the works, plugin and theme promotions and much more!