Merge branch 'master' into relationship-columns-definition

# Conflicts:
#	src/app/Library/CrudPanel/Traits/ColumnsProtectedMethods.php

Author: pxpm

.gitignore

@@ -24,3 +24,4 @@ src/public/packages/nestedSortable/package.json
 src/public/packages/source-sans-pro/package.json
 src/public/packages/tinymce/package.json
 src/public/packages/tinymce/composer.json
+

README.md

@@ -30,6 +30,7 @@
     <a href="https://backpackforlaravel.com/newsletter">Newsletter</a>
 </p>
 
+
 Quickly build an admin interface for your Eloquent models. Then customize every little detail. Among its features:
 
 - List operation

SECURITY.md

@@ -19,6 +19,13 @@ If you discover any security related issues, please email [email protected] inst
 
 ## Past Vulnerabilities
 
-Since its inception in 2016, Backpack has had zero security breaches or reported security issues. However, its dependencies _have_ had security flaws discovered and fixed - even major ones like Laravel, Bootstrap and jQuery. That's why it's a good idea for any project to be reasonably up-to-date. If we consider a security issue is something that affects our users, we'll email you. 
-
-It's _heavily_ recommended that you **[subscribe to the Backpack Newsletter](http://backpackforlaravel.com/newsletter)** so you can find out about any security updates, breaking changes or major features. We send an email about 1-2 emails per year. Sometimes less.
+Please note that even though Backpack has only had minor reported security issues, its dependencies _have_ had security flaws discovered and fixed - even major ones like Laravel, Bootstrap and jQuery. That's why it's a good idea for any project to be reasonably up-to-date. If we consider a security issue is something that affects our users, we'll email you.  Please **[subscribe to the Backpack Newsletter](http://backpackforlaravel.com/newsletter)** so you can find out about any security updates, breaking changes or major features. We only send an email 1-2 emails per year. Sometimes less.
+
+**Past security issues:**
+- 2021 
+    - March - [Security Issue If You Use SQL Server (May Affect <0.02% Backpack Projects)](https://backpackforlaravel.com/articles/news/possible-security-issue-especially-important-if-you-use-sql-server)
+- 2020 - none
+- 2019 - none
+- 2018 - none
+- 2017 - none
+- 2016 - none

package-lock.json

@@ -12,31 +12,31 @@
     "devDependencies": {
         "cross-env": "^7.0.3",
         "css-loader": "^5.2.6",
-        "laravel-mix": "^6.0.19",
+        "laravel-mix": "^6.0.31",
         "lodash": "^4.17.21",
         "pace": "0.0.4",
-        "resolve-url-loader": "^2.3.2",
-        "sass": "^1.32.12",
+        "resolve-url-loader": "^4.0.0",
+        "sass": "^1.42.1",
         "sass-loader": "^9.0.3",
-        "vue-template-compiler": "^2.6.12"
+        "vue-template-compiler": "^2.6.14"
     },
     "dependencies": {
         "@coreui/coreui": "^2.1.16",
         "@digitallyhappy/backstrap": "^0.3.4",
         "animate.css": "^3.7.2",
         "bootstrap": "^4.6.0",
-        "bootstrap-colorpicker": "^3.3.0",
+        "bootstrap-colorpicker": "^3.4.0",
         "bootstrap-datepicker": "^1.9.0",
         "bootstrap-daterangepicker": "^3.1.0",
         "bootstrap-iconpicker": "^1.8.2",
         "ckeditor": "^4.12.1",
-        "cropperjs": "^1.5.11",
-        "datatables.net": "^1.10.23",
-        "datatables.net-bs4": "^1.10.23",
-        "datatables.net-fixedheader": "^3.1.8",
-        "datatables.net-fixedheader-bs4": "^3.1.8",
+        "cropperjs": "^1.5.12",
+        "datatables.net": "^1.11.3",
+        "datatables.net-bs4": "^1.11.3",
+        "datatables.net-fixedheader": "^3.2.0",
+        "datatables.net-fixedheader-bs4": "^3.2.0",
         "datatables.net-responsive": "^2.2.7",
-        "datatables.net-responsive-bs4": "^2.2.7",
+        "datatables.net-responsive-bs4": "^2.2.9",
         "easymde": "^2.15.0",
         "jquery": "^3.6.0",
         "jquery-colorbox": "^1.6.4",
@@ -49,7 +49,7 @@
         "noty": "^3.2.0-beta",
         "pace-js": "^1.2.4",
         "pc-bootstrap4-datetimepicker": "^4.17.51",
-        "perfect-scrollbar": "^1.5.0",
+        "perfect-scrollbar": "^1.5.2",
         "places.js": "^1.19.0",
         "popper.js": "^1.16.1",
         "select2": "^4.0.13",
@@ -59,6 +59,6 @@
         "source-sans-pro": "^3.6",
         "summernote": "^0.8.18",
         "sweetalert": "^2.1.2",
-        "tinymce": "^5.7.0"
+        "tinymce": "^5.9.2"
     }
 }

package.json

@@ -2,6 +2,7 @@
 
 namespace Backpack\CRUD;
 
+use Backpack\CRUD\app\Http\Middleware\ThrottlePasswordRecovery;
 use Backpack\CRUD\app\Library\CrudPanel\CrudPanel;
 use Illuminate\Routing\Router;
 use Illuminate\Support\Collection;
@@ -21,6 +22,7 @@ class BackpackServiceProvider extends ServiceProvider
         \Backpack\CRUD\app\Console\Commands\CreateUser::class,
         \Backpack\CRUD\app\Console\Commands\PublishBackpackMiddleware::class,
         \Backpack\CRUD\app\Console\Commands\PublishView::class,
+        \Backpack\CRUD\app\Console\Commands\RequireDevTools::class,
     ];
 
     // Indicates if loading of the provider is deferred.
@@ -92,6 +94,12 @@ public function registerMiddlewareGroup(Router $router)
         foreach ($middleware_class as $middleware_class) {
             $router->pushMiddlewareToGroup($middleware_key, $middleware_class);
         }
+
+        // register internal backpack middleware for throttling the password recovery functionality
+        // but only if functionality is enabled by developer in config
+        if (config('backpack.base.setup_password_recovery_routes')) {
+            $router->aliasMiddleware('backpack.throttle.password.recovery', ThrottlePasswordRecovery::class);
+        }
     }
 
     public function publishFiles()
@@ -141,8 +149,7 @@ public function publishFiles()
     /**
      * Define the routes for the application.
      *
-     * @param \Illuminate\Routing\Router $router
-     *
+     * @param  \Illuminate\Routing\Router  $router
      * @return void
      */
     public function setupRoutes(Router $router)
@@ -161,8 +168,7 @@ public function setupRoutes(Router $router)
     /**
      * Load custom routes file.
      *
-     * @param \Illuminate\Routing\Router $router
-     *
+     * @param  \Illuminate\Routing\Router  $router
      * @return void
      */
     public function setupCustomRoutes(Router $router)
@@ -269,7 +275,8 @@ public function loadConfigs()
             'backpack' => [
                 'provider'  => 'backpack',
                 'table'     => 'password_resets',
-                'expire'    => 60,
+                'expire'   => 60,
+                'throttle' => config('backpack.base.password_recovery_throttle_notifications'),
             ],
         ];
 

src/BackpackServiceProvider.php

@@ -82,10 +82,9 @@ private function sendUsageStats()
      * It spins up a separate process for this, and doesn't listen for a reponse,
      * so it has minimal to no impact on pageload.
      *
-     * @param string $method  HTTP Method to use for the request.
-     * @param string $url     URL to point the request at.
-     * @param array  $payload The data you want sent to the URL.
-     *
+     * @param  string  $method  HTTP Method to use for the request.
+     * @param  string  $url  URL to point the request at.
+     * @param  array  $payload  The data you want sent to the URL.
      * @return void
      */
     private function makeCurlRequest($method, $url, $payload)
@@ -107,10 +106,9 @@ private function makeCurlRequest($method, $url, $payload)
      * geographic location this is usually slower than CURL. However,
      * unlike CURL, it works on most machines, so it's reliable.
      *
-     * @param string $method  HTTP Method to use for the request.
-     * @param string $url     URL to point the request at.
-     * @param array  $payload The data you want sent to the URL.
-     *
+     * @param  string  $method  HTTP Method to use for the request.
+     * @param  string  $url  URL to point the request at.
+     * @param  array  $payload  The data you want sent to the URL.
      * @return void
      */
     private function makeGuzzleRequest($method, $url, $payload)

src/Stats.php

@@ -99,9 +99,9 @@ private function customRoutesFileEndLine($file_lines)
     /**
      * Parse the given file stream and return the line number where a string is found.
      *
-     * @param  string $needle   The string that's being searched for.
-     * @param  array $haystack  The file where the search is being performed.
-     * @return bool|int         The last line number where the string was found. Or false.
+     * @param  string  $needle  The string that's being searched for.
+     * @param  array  $haystack  The file where the search is being performed.
+     * @return bool|int The last line number where the string was found. Or false.
      */
     private function getLastLineNumberThatContains($needle, $haystack)
     {

src/app/Console/Commands/AddCustomRouteContent.php

@@ -65,9 +65,9 @@ public function handle()
     /**
      * Parse the given file stream and return the line number where a string is found.
      *
-     * @param  string $needle   The string that's being searched for.
-     * @param  array $haystack  The file where the search is being performed.
-     * @return bool|int         The last line number where the string was found. Or false.
+     * @param  string  $needle  The string that's being searched for.
+     * @param  array  $haystack  The file where the search is being performed.
+     * @return bool|int The last line number where the string was found. Or false.
      */
     private function getLastLineNumberThatContains($needle, $haystack)
     {

src/app/Console/Commands/AddSidebarContent.php

@@ -57,5 +57,14 @@ public function handle()
 
         $this->progressBar->finish();
         $this->info(' Backpack installation finished.');
+
+        // DevTools
+        $this->box('Did you know about Backpack DevTools?');
+        $this->note('DevTools adds a dead-simple web interface to easily generate Models, Migrations, Seeders, Factories, CRUDs, etc.');
+        $this->note('But it\'s a paid tool. For more info, payment and access, please visit https://backpackforlaravel.com/products/devtools');
+
+        if ($this->confirm('Would you like to install Backpack DevTools?', false)) {
+            $this->call('backpack:require:devtools');
+        }
     }
 }