Commit Graph

977 Commits

Author SHA1 Message Date
jean
48a8213a18 BUGFIX Load jquery before leftandmain.js in upload iframe for assets 2014-02-27 14:59:28 +13:00
Ingo Schommer
6543b4e6f0 FIX Privilege escalation through Group and Member CSV upload (SS-2013-004)
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
2013-08-30 15:43:02 +02:00
Ingo Schommer
c7b0666390 BUG Escape page titles in CommentAdmin table listing 2013-02-17 23:22:02 +01:00
Ingo Schommer
41aec54e88 BUG Consistently use FormResponse in CMS JavaScript (fixes #8036)
Regression caused by a security fix in 9bf3ae9a190
2012-12-04 12:07:17 +01:00
Ingo Schommer
75e58c9508 More graceful handling of missing GET data in ModelAdmin
See https://github.com/silverstripe/silverstripe-cms/pull/253
2012-12-04 11:38:32 +01:00
Julian Seidenberg
838ac97177 BUGFIX: fixing an edge-case bug where a 404-page would get statically published and overwrite the homepage of the site (this would sometimes happen when a RedirectorPage was set to an external URL and still referenced an internal page ID) 2012-07-09 13:24:00 +12:00
Ingo Schommer
4abe136db5 API CHANGE silverstripe_version file now contains the plain version number, rather than an SVN path 2012-02-01 18:56:21 +01:00
Ingo Schommer
bb757d13a4 ENHANCEMENT Allow editing of new File.ShowInSearch flag through AssetTableField 2011-09-15 16:17:47 +02:00
Ingo Schommer
d15e8509b0 SECURITY Using JSON instead of serialize() to stringify user data in PageCommentsInterface 2011-09-15 15:22:54 +02:00
Ingo Schommer
b5ea2f68fe BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping 2011-09-15 15:20:04 +02:00
Ladislav Kubes
5d3ddafbd8 Add some translation in cms core 2011-06-09 16:18:35 +02:00
Sean Harvey
27aad3deca BUGFIX #6291 Remove rollback action from CMSMain allowed_actions and rely on form action_rollback instead which is safer
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@115440 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:53 +13:00
Sean Harvey
3b6a9579d4 BUGFIX #6304 PageCommentInterface::PostCommentForm() loads inappropriate data from cookie, including wrong values for ParentID
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@115399 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:53 +13:00
Ingo Schommer
25de6303a8 BUGFIX Allowing CMSMain->rollback() outside of form contexts, temporariliy disabling CSRF protection. Necessary in order to get rollback actions working from admin/getversion (regression from 2.4.4 release, see #6291)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@115313 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:53 +13:00
Ingo Schommer
6a02f2edb5 BUGFIX Removing form actions from $allowed_actions in AssetAdmin, CMSMain, LeftAndMain - handled through Form->httpSubmission() (from r115185)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@115189 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:53 +13:00
Sean Harvey
77c5701fa6 BUGFIX #6162 CMSMain::publishall() fails when over 30 pages (thanks natmchugh!) (from r114940)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@114941 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:53 +13:00
Ingo Schommer
7428010748 BUGFIX Added SecurityToken to PageCommentInterface->DeleteAllLink() (fixes #6223, thanks Pigeon)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@114195 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:52 +13:00
Sean Harvey
e907e2e266 BUGFIX Fixed case where AssetAdmin would throw an error if $links was not an object in AssetAdmin::getCustomFieldsFor()
MINOR Defined $backlinks as an array before adding entries to it


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@114036 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:51 +13:00
Saophalkun Ponlu
75f12d5a7e ENHANCEMENT: Update Asset's left and right panels with filders and files after 'Look for new files' was triggered (open #5543)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@113871 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:51 +13:00
Ingo Schommer
b8338bc2bc MINOR Typo in AssetAdmin (fixes #6191, thanks Juanitou)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@113695 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:51 +13:00
Ingo Schommer
e8e5c62c5a BUGFIX Avoid reloading CMS form twice after certain saving actions (fixes #5451, thanks muzdowski)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@113692 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:51 +13:00
Ingo Schommer
6df2e74323 MINOR Fixed regression from r113282 for changed SecurityToken API in CMSMain->publishall() (fixes #6159)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@113360 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:50 +13:00
Ingo Schommer
bc3df654bd API CHANGE Fixed various controllers to enforce CSRF protection through Form_SecurityToken on GET actions that are not routed through Form->httpSubmission(): AssetAdmin, CMSBatchActionHandler, CMSMain, CommentTableField, LeftAndMain, MemberTableField, PageComment, PageComment_Controller
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@113282 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:50 +13:00
Ingo Schommer
4bc9a5aee8 MINOR Removed unused SecurityAdmin->MemberForm() and savemember() (see MemberTableField)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@113281 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:50 +13:00
Ingo Schommer
b31cb6731e MINOR Removed unused Security->addmember() (see MemberTableField and SecurityAdmin->addtogroup())
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@113280 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:50 +13:00
Ingo Schommer
f8fd60f02b MINOR Removed unused SecurityAdmin->removememberfromgroup() (see MemberTableField)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@113279 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:49 +13:00
Jean-Fabien Barrios
6c0a41f0c4 Added doc for static help_link
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@111879 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:48 +13:00
Saophalkun Ponlu
ee4e748803 MINOR: Enable non-default language for tinyMCE, setting language in _config.php didn't work. Thanks for @christian
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@111875 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:48 +13:00
Jean-Fabien Barrios
75544392a2 ENHANCEMENT: 6017 - Configurable help link
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@111828 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:48 +13:00
Ingo Schommer
054a6d2270 MINOR Fixed SS_Datetime references in BrokenLinksReport and CommentAdmin (fixes #6063, thanks nicolaas)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@111786 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:48 +13:00
Will Rossiter
55e245aca8 MINOR: removed debug
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@111454 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:48 +13:00
Will Rossiter
a584a1f516 BUGFIX: added validation to the page comment form
Fixes #2782

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@111452 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:48 +13:00
Will Rossiter
6bf7bd1819 MINOR: removed debug
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@111450 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:47 +13:00
Will Rossiter
4cc09f2a39 ENHANCEMENT: allow PageCommentForm to store all users data, rather than hardcoding the fields
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@111449 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:47 +13:00
Will Rossiter
b76b6f61d2 ENHANCEMENT: simple extend hook for PageCommentForms. Temporary measure till #6053 is implemented
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@111443 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:47 +13:00
Ingo Schommer
798c1d173a MINOR Ensuring SiteTreeAccess.js is properly minified in live mode
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@111224 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:47 +13:00
Ingo Schommer
01373cf4af BUGFIX Disallow addition of members to groups with MemberTableField->addtogroup() when the editing member doesn't have permissions on the added member
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@110859 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:47 +13:00
Ingo Schommer
51fee3fe45 BUGFIX Don't suggest members in SecurityAdmin->autocomplete() that the current user doesn't have rights to edit (fixes #5651)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@110858 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:47 +13:00
Sean Harvey
c134b8e020 BUGFIX #5811 Fixed default selection of root node when CMS first opened (no currentPage set in session)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@110439 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:47 +13:00
Julian Seidenberg
31a9271c85 BUGFIX: CSVBulkLoader import method now no longer requires files to end in '.csv'. Some projects want to import files in CSV format, but not of csv file type.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@108887 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:46 +13:00
Sean Harvey
2e25aa2bdf BUGFIX #5852 Missing translation for SecurityAdmin save button causes it to have no text, should default to english "Save"
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@108407 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:45 +13:00
Ingo Schommer
473347dcfe BUGFIX Fixing default group selection in 'add member' dialog (in MemberTableField) (fixes #5836)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@108099 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:45 +13:00
Ingo Schommer
dd70fcd5be BUGFIX AssetAdmin->doUpload() shows JS alert *before* triggering a page reload, as this seems to mess up TinyMCE in Firefox on subsequent page loads (fixes #5838)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@108096 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:45 +13:00
Ingo Schommer
3ef552d539 MINOR Disabled 'showcalendar' option on CMSMain->SiteTreeFilterDateField() - it causes the CMS to load jQuery UI javascript just for this (rarely used field). To be re-enabled once we work with jQuery UI on a broader scale.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@107784 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:44 +13:00
Ingo Schommer
8c43535225 MINOR Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@107726 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:44 +13:00
Ingo Schommer
b505c5540a MINOR Removed debug code in MemberTableField
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@107525 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:44 +13:00
Sean Harvey
255aa5d0f5 ENHANCEMENT #5352 CMS now uses the user's preferred date and time formatting in DateField and TimeField
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@107327 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:43 +13:00
Sean Harvey
e6aeb94217 MINOR Reverted r107305
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@107307 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:43 +13:00
Sean Harvey
87341f9498 MINOR Code formatting fix for setting Member locale in LeftAndMain::init()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@107305 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:43 +13:00
Luke Hudson
0fe83d2264 BUGFIX: re-enable broken link notification using BackLinkTracking() (this was broken since r101127
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@106360 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 17:53:42 +13:00