resolved conflict using iusvar version in system

system/Controllers/ArticleApiController.php

@@ -22,7 +22,7 @@ class ArticleApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		# validate input only if raw mode
 		if($this->params['raw'])
@@ -98,7 +98,7 @@ class ArticleApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		# set structure
 		if(!$this->setStructure($draft = true)){ return $response->withJson($this->errors, 404); }
@@ -176,7 +176,7 @@ class ArticleApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 		
 		# set structure
 		if(!$this->setStructure($draft = true)){ return $response->withJson($this->errors, 404); }
@@ -215,7 +215,7 @@ class ArticleApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		# set url to base path initially
 		$url = $this->uri->getBaseUrl() . '/tm/content/' . $this->settings['editor'];
@@ -274,7 +274,7 @@ class ArticleApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 		
 		# validate input 
 		if(!$this->validateEditorInput()){ return $response->withJson($this->errors,422); }
@@ -318,7 +318,7 @@ class ArticleApiController extends ContentController
 	{
 		# get params from call
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 		
 		# url is only needed, if an active page is moved to another folder, so user has to be redirected to the new url
 		$url 			= false;
@@ -425,7 +425,7 @@ class ArticleApiController extends ContentController
 	{
 		# get params from call
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		# url is only needed, if an active page is moved
 		$url 			= false;
@@ -492,7 +492,7 @@ class ArticleApiController extends ContentController
 	{
 		# get params from call
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		# url is only needed, if an active page is moved
 		$url 			= false;
@@ -607,7 +607,7 @@ class ArticleApiController extends ContentController
 	{
 		# get params from call
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 		
 		# url is only needed, if an active page is moved
 		$url 			= false;
@@ -708,7 +708,7 @@ class ArticleApiController extends ContentController
 	{
 		# get params from call
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		# set structure
 		if(!$this->setStructure($draft = true, $cache = false)){ return $response->withJson(array('data' => false, 'errors' => $this->errors, 'url' => $url), 404); }
@@ -729,7 +729,7 @@ class ArticleApiController extends ContentController
 	{
 		/* get params from call */
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 		
 		# set structure
 		if(!$this->setStructure($draft = true)){ return $response->withJson(array('data' => false, 'errors' => $this->errors), 404); }
@@ -776,7 +776,7 @@ class ArticleApiController extends ContentController
 	{
 		/* get params from call */
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 		
 		# set structure
 		if(!$this->setStructure($draft = true)){ return $response->withJson(array('data' => false, 'errors' => $this->errors), 404); }

system/Controllers/BlockApiController.php

@@ -19,7 +19,7 @@ class BlockApiController extends ContentController
 	{
 		/* get params from call */
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		/* validate input */
 		if(!$this->validateBlockInput()){ return $response->withJson($this->errors,422); }
@@ -199,7 +199,7 @@ class BlockApiController extends ContentController
 	{
 		/* get params from call */
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		/* validate input */
 		if(!$this->validateBlockInput()){ return $response->withJson($this->errors,422); }
@@ -338,7 +338,7 @@ class BlockApiController extends ContentController
 	{
 		# get params from call
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		# validate input 
 		# if(!$this->validateBlockInput()){ return $response->withJson($this->errors,422); }
@@ -430,7 +430,7 @@ class BlockApiController extends ContentController
 	{
 		/* get params from call */
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 		$errors			= false;
 		
 		# set structure
@@ -514,7 +514,7 @@ class BlockApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		$imageProcessor	= new ProcessImage($this->settings['images']);
 		if(!$imageProcessor->checkFolders('images'))
@@ -531,7 +531,7 @@ class BlockApiController extends ContentController
 	{
 		# get params from call
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		$fileProcessor	= new ProcessFile();
 		if(!$fileProcessor->checkFolders())
@@ -548,7 +548,7 @@ class BlockApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		$this->setStructure($draft = true, $cache = false);
 
@@ -573,7 +573,7 @@ class BlockApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		$this->setStructure($draft = true, $cache = false);
 
@@ -597,7 +597,7 @@ class BlockApiController extends ContentController
 	{
 		# get params from call
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 		
 		# do this shit in the model ...
 		$imagename = explode('.', $this->params['name']);
@@ -623,7 +623,7 @@ class BlockApiController extends ContentController
 	{
 		# get params from call
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		$finfo = finfo_open( FILEINFO_MIME_TYPE );
 		$mtype = finfo_file( $finfo, $this->params['file'] );
@@ -688,7 +688,7 @@ class BlockApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		if(!isset($this->params['name']))
 		{
@@ -710,7 +710,7 @@ class BlockApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		if(!isset($this->params['name']))
 		{
@@ -732,7 +732,7 @@ class BlockApiController extends ContentController
 	{
 		/* get params from call */
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 		$class			= false;
 
 		$imageUrl		= $this->params['markdown'];

system/Controllers/ContentBackendController.php

@@ -21,7 +21,7 @@ class ContentBackendController extends ContentController
 	public function showContent(Request $request, Response $response, $args)
 	{
 		# get params from call
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 		$this->params	= isset($args['params']) ? ['url' => $this->uri->getBasePath() . '/' . $args['params']] : ['url' => $this->uri->getBasePath()];
 		
 		# set structure
@@ -89,7 +89,7 @@ class ContentBackendController extends ContentController
 	public function showBlox(Request $request, Response $response, $args)
 	{
 		# get params from call
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 		$this->params	= isset($args['params']) ? ['url' => $this->uri->getBasePath() . '/' . $args['params']] : ['url' => $this->uri->getBasePath()];
 
 		# set structure

system/Controllers/MediaApiController.php

@@ -15,7 +15,7 @@ class MediaApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		$imageProcessor	= new ProcessImage($this->settings['images']);
 		if(!$imageProcessor->checkFolders('images'))
@@ -32,7 +32,7 @@ class MediaApiController extends ContentController
 	{
 		# get params from call
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		$fileProcessor	= new ProcessFile();
 		if(!$fileProcessor->checkFolders())
@@ -49,7 +49,7 @@ class MediaApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		$this->setStructure($draft = true, $cache = false);
 
@@ -73,7 +73,7 @@ class MediaApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		$this->setStructure($draft = true, $cache = false);
 
@@ -97,7 +97,7 @@ class MediaApiController extends ContentController
 	{
 		# get params from call
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 		
 		$imageProcessor	= new ProcessImage($this->settings['images']);
 		
@@ -123,7 +123,7 @@ class MediaApiController extends ContentController
 	{
 		# get params from call
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		# make sure only allowed filetypes are uploaded
 		$finfo = finfo_open( FILEINFO_MIME_TYPE );
@@ -205,7 +205,7 @@ class MediaApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		if(!isset($this->params['name']))
 		{
@@ -230,7 +230,7 @@ class MediaApiController extends ContentController
 	{
 		# get params from call 
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		if(!isset($this->params['name']))
 		{
@@ -251,7 +251,7 @@ class MediaApiController extends ContentController
 	{
 		/* get params from call */
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 		$class			= false;
 
 		$imageUrl		= $this->params['markdown'];

system/Controllers/MetaApiController.php

@@ -67,7 +67,7 @@ class MetaApiController extends ContentController
 	{
 		/* get params from call */
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		# set structure
 		if(!$this->setStructure($draft = true)){ return $response->withJson($this->errors, 404); }
@@ -132,7 +132,7 @@ class MetaApiController extends ContentController
 	{
 		# get params from call
 		$this->params 	= $request->getParams();
-		$this->uri 		= $request->getUri();
+		$this->uri 		= $request->getUri()->withUserInfo('');
 
 		$tab 			= isset($this->params['tab']) ? $this->params['tab'] : false;
 		$metaInput		= isset($this->params['data']) ? $this->params['data'] : false ;

system/Controllers/PageController.php

@@ -33,7 +33,7 @@ class PageController extends Controller
 		$settings		= $this->c->get('settings');
 		$pathToContent	= $settings['rootPath'] . $settings['contentFolder'];
 		$cache 			= new WriteCache();
-		$uri 			= $request->getUri();
+		$uri 			= $request->getUri()->withUserInfo('');
 		$base_url		= $uri->getBaseUrl();
 
 		$this->pathToContent = $pathToContent;

system/Controllers/SettingsController.php

@@ -35,15 +35,16 @@ class SettingsController extends Controller
 		if($request->isPost())
 		{
 			$referer		= $request->getHeader('HTTP_REFERER');
-			$uri 			= $request->getUri();
+			$uri 			= $request->getUri()->withUserInfo('');
 			$base_url		= $uri->getBaseUrl();
 
-			# security, users should not be able to fake post with settings from other typemill pages.
+			/* security, users should not be able to fake post with settings from other typemill pages.
 			if(!isset($referer[0]) OR $referer[0] !== $base_url . '/tm/settings' )
 			{
 				$this->c->flash->addMessage('error', 'illegal referer');
 				return $response->withRedirect($this->c->router->pathFor('settings.show'));				
 			}
+			*/
 			
 			$settings 			= \Typemill\Settings::getUserSettings();
 			$defaultSettings	= \Typemill\Settings::getDefaultSettings();
@@ -312,15 +313,16 @@ class SettingsController extends Controller
 		if($request->isPost())
 		{
 			$referer		= $request->getHeader('HTTP_REFERER');
-			$uri 			= $request->getUri();
+			$uri 			= $request->getUri()->withUserInfo('');
 			$base_url		= $uri->getBaseUrl();
 
-			# users should not be able to fake post with settings from other typemill pages.
+			/* users should not be able to fake post with settings from other typemill pages.
 			if(!isset($referer[0]) OR $referer[0] !== $base_url . '/tm/themes' )
 			{
 				$this->c->flash->addMessage('error', 'illegal referer');
 				return $response->withRedirect($this->c->router->pathFor('themes.show'));
 			}
+			*/
 	
 			$userSettings 	= \Typemill\Settings::getUserSettings();
 			$params 		= $request->getParams();
@@ -409,16 +411,17 @@ class SettingsController extends Controller
 		if($request->isPost())
 		{
 			$referer		= $request->getHeader('HTTP_REFERER');
-			$uri 			= $request->getUri();
+			$uri 			= $request->getUri()->withUserInfo('');
 			$base_url		= $uri->getBaseUrl();
 
-			# security, users should not be able to fake post with settings from other typemill pages.
+			/* security, users should not be able to fake post with settings from other typemill pages.
 			if(!isset($referer[0]) OR $referer[0] !== $base_url . '/tm/plugins' )
 			{
 				$this->c->flash->addMessage('error', 'illegal referer');
 				return $response->withRedirect($this->c->router->pathFor('plugins.show'));
 			}
-			
+			*/
+
 			$userSettings 	= \Typemill\Settings::getUserSettings();
 			$pluginSettings	= array();
 			$userInput 		= $request->getParams();
@@ -754,15 +757,16 @@ class SettingsController extends Controller
 		if($request->isPost())
 		{
 			$referer		= $request->getHeader('HTTP_REFERER');
-			$uri 			= $request->getUri();
+			$uri 			= $request->getUri()->withUserInfo('');
 			$base_url		= $uri->getBaseUrl();
 
-			# security, users should not be able to fake post with settings from other typemill pages.
+			/* security, users should not be able to fake post with settings from other typemill pages.
 			if(!isset($referer[0]) OR $referer[0] !== $base_url . '/tm/user/new' )
 			{
 				$this->c->flash->addMessage('error', 'illegal referer');
 				return $response->withRedirect($this->c->router->pathFor('user.new'));
 			}
+			*/
 			
 			$params 		= $request->getParams();
 			$user 			= new User();
@@ -796,15 +800,16 @@ class SettingsController extends Controller
 		if($request->isPost())
 		{
 			$referer		= $request->getHeader('HTTP_REFERER');
-			$uri 			= $request->getUri();
+			$uri 			= $request->getUri()->withUserInfo('');
 			$base_url		= $uri->getBaseUrl();
 
-			# security, users should not be able to fake post with settings from other typemill pages.
+			/* security, users should not be able to fake post with settings from other typemill pages.
 			if(!isset($referer[0]) OR strpos($referer[0], $base_url . '/tm/user/') === false )
 			{
 				$this->c->flash->addMessage('error', 'illegal referer');
 				return $response->withRedirect($this->c->router->pathFor('user.list'));
 			}
+			*/
 			
 			$params 		= $request->getParams();
 			$userdata 		= $params['user'];
@@ -882,15 +887,16 @@ class SettingsController extends Controller
 		if($request->isPost())
 		{
 			$referer		= $request->getHeader('HTTP_REFERER');
-			$uri 			= $request->getUri();
+			$uri 			= $request->getUri()->withUserInfo('');
 			$base_url		= $uri->getBaseUrl();
 
-			# security, users should not be able to fake post with settings from other typemill pages.
+			/* security, users should not be able to fake post with settings from other typemill pages.
 			if(!isset($referer[0]) OR strpos($referer[0], $base_url . '/tm/user/') === false )
 			{
 				$this->c->flash->addMessage('error', 'illegal referer');
 				return $response->withRedirect($this->c->router->pathFor('user.list'));
 			}
+			*/
 			
 			$params 		= $request->getParams();
 			$validate		= new Validation();

system/Plugin.php

@@ -63,7 +63,7 @@ abstract class Plugin implements EventSubscriberInterface
 
 	protected function getRoute()
 	{
-		return $this->container['request']->getUri();
+		return $this->container['request']->getUri()->withUserInfo('');
 	}
 	
 	protected function getPath()

system/Settings.php

@@ -82,7 +82,7 @@ class Settings
 			'contentFolder'							=> 'content',
 			'cache'									=> true,
 			'cachePath'								=> $rootPath . 'cache',
-			'version'								=> '1.3.7.1',
+			'version'								=> '1.3.7.2',
 			'setup'									=> true,
 			'welcome'								=> true,
 			'images'								=> ['live' => ['width' => 820], 'thumbs' => ['width' => 250, 'height' => 150]],

system/system.php

@@ -146,14 +146,16 @@ $container['dispatcher'] = function($container) use ($dispatcher)
 	return $dispatcher;
 };
 
+# delete username and password from uri
+$uri = $container['request']->getUri()->withUserInfo('');
 
 /********************************
 * ADD ASSET-FUNCTION FOR TWIG	*
 ********************************/
 
-$container['assets'] = function($c)
+$container['assets'] = function($c) use ($uri)
 {
-	return new \Typemill\Assets($c['request']->getUri()->getBaseUrl());
+	return new \Typemill\Assets($uri->getBaseUrl());
 };
 
 /************************
@@ -166,7 +168,7 @@ $session_segments 	= array('setup', 'tm/', 'api/', '/setup', '/tm/', '/api/');
 $client_segments 	= $dispatcher->dispatch('onSessionSegmentsLoaded', new OnSessionSegmentsLoaded([]))->getData();
 $session_segments	= array_merge($session_segments, $client_segments);
 
-$path 				= $container['request']->getUri()->getPath();
+$path 				= $uri->getPath();
 $container['flash']	= false;
 $container['csrf'] 	= false;
 
@@ -177,7 +179,7 @@ foreach($session_segments as $segment)
 		// configure session
 		ini_set('session.cookie_httponly', 1 );
 		ini_set('session.use_strict_mode', 1);
-		if($container['request']->getUri()->getScheme() == 'https')
+		if($uri->getScheme() == 'https')
 		{
 			ini_set('session.cookie_secure', 1);
 			session_name('__Secure-typemill-session');
@@ -211,7 +213,7 @@ foreach($session_segments as $segment)
 * 	LOAD TWIG VIEW		*
 ************************/
 
-$container['view'] = function ($container)
+$container['view'] = function ($container) use ($uri)
 {
 	$path = array($container->get('settings')['themePath'], $container->get('settings')['authorPath']);
 	
@@ -222,18 +224,18 @@ $container['view'] = function ($container)
     ]);
     
     // Instantiate and add Slim specific extension
-    $basePath = rtrim(str_ireplace('index.php', '', $container['request']->getUri()->getBasePath()), '/');
+    $basePath = rtrim(str_ireplace('index.php', '', $uri->getBasePath()), '/');
     $view->addExtension(new Slim\Views\TwigExtension($container['router'], $basePath));
 	$view->addExtension(new Twig_Extension_Debug());
     $view->addExtension(new Typemill\Extensions\TwigUserExtension());
 	$view->addExtension(new Typemill\Extensions\TwigMarkdownExtension());
 	$view->addExtension(new Typemill\Extensions\TwigMetaExtension());	
 	$view->addExtension(new Typemill\Extensions\TwigPagelistExtension());	
-
-	/* use {{ base_url() }} in twig templates */
-	$view['base_url']	 = $container['request']->getUri()->getBaseUrl();
-	$view['current_url'] = $container['request']->getUri()->getPath();
 	
+	# use {{ base_url() }} in twig templates
+	$view['base_url']	 = $uri->getBaseUrl();
+	$view['current_url'] = $uri->getPath();
+
 	/* if session route, add flash messages and csrf-protection */
 	if($container['flash'])
 	{
@@ -244,7 +246,6 @@ $container['view'] = function ($container)
 	/* add asset-function to all views */
 	$view->getEnvironment()->addGlobal('assets', $container->assets);
 
-
 	/******************************
 	* LOAD TRANSLATIONS           *
 	******************************/