RockFrontend 3.0 "security" release - please update!

[bernhard]

I've just released RockFrontend 3.0 https://github.com/baumrock/RockFrontend/releases/tag/v3.0.0

@netcarver found that .less and .latte files were publicly accessible if you knew the file path (eg example.com/site/templates/sections/footer.latte) which is for sure something that you don't want even though it should not really be a security concern. Sorry for that and thx for spotting @netcarver ! The latest release updates /site/templates/.htaccess to block access to .latte/.twig/.blade/.less files so be sure to upgrade RockFrontend in all your installations!

Other than that I've also changed the way how RockFrontend loads assets and I'm not 100% sure if that might introduce issues in existing sites, so be sure to check if everything works as expected.

New features:

• RockFrontend now ships with https://github.com/wasinger/htmlpagedom wich let's you parse and manipulate html markup which can be super handy in several situations. I'm using it on my new website where I'll show docs for all my modules that are rendered from markdown files and add some magic here and there via manipulating the resulting html that comes from the markdown parser.
• Improvements for the Topbar: There is now a toggle that makes it possible to hide/unhide the bar instantly (and persistantly). Also you can add your own custom markup to the topbar by adding custom markup to $rockfrontend->topbarPrependMarkup or topbarAppendMarkup.

[bernhard]

Is anybody experiencing assets loaded multiple times with the new version? If so please let me know (and even better try to find the issue if you can) ? I've had the issue for a short time during development but then it disappeared so I thought it's fixed, but @snck reported the same problem with the latest release. I can't replicate it on my end so it's a little hard to fix ? 

Edit: We found the issue and I'm working on it ? 

[bernhard]

I've just pushed v 3.1.0 which fixes some issues with the new asset loading implementation. I've also renamed the default asset name to "main" from "head" as @snck pointed out that "head" could be misleading as someone could think autoload styles named "head" will end up in the html <head> and styles named "body" will end up in the <body> tag.

This is not the case. Autoload assets always land in the <head> as you can easily add the defer attribute!

If you don't want that, you can do this wherever you want in your markup:

    <p>some markup</p>
    <?php echo $rockfrontend->scripts('yourbodyscripts')->add(...)->render() ?>
</body>
</html>