Security improvements backported from v1.1:
url()) will now always return a slash after the hostname and properly URL-encode values with the dot segments processed out.
Winter\Storm\Auth\Managerto get the real user for the current request, taking into account user impersonation
canBeImpersonated($impersonator = false)to
Winter\Storm\Auth\Models\Userand models extending it (i.e.
Backend\Models\User); used to determine if the provided impersonator can impersonate the selected user.
model.user.beforeImpersonateto a halting event so that third party plugins are able to override the default return values from canBeImpersonated() to implement more or less strict impersonation protection policies as desired on a per project basis by returning a boolean flag indicating if the user can be impersonated or not
url()now return properly URL-encoded values
post()could return values when the request was not a valid
Sign up to our newsletter and receive updates on Winter releases, new features in the works, plugin and theme promotions and much more!