tonyair/silverstripe-cms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-cms synced 2024-10-22 08:05:56 +02:00
Code Issues Projects Releases Wiki Activity
1,871 Commits 29 Branches 403 Tags 28 MiB
0d2ef15c21
Commit Graph

1018 Commits

Author SHA1 Message Date
Damian Mooyman
0d2ef15c21 Merge remote-tracking branch 'origin/2.4' into post-2.4 
Conflicts:
	composer.json
 2014-05-20 08:47:34 +12:00
Simon Welsh
f53c42faf0 Merge pull request #952 from hdrlab/patch-1 
Make AssetAdmin obey file permissions
 2014-03-16 20:29:47 +13:00
jean
48a8213a18 BUGFIX Load jquery before leftandmain.js in upload iframe for assets 2014-02-27 14:59:28 +13:00
jean
5fdf1e9ef2 BUGFIX Load jquery before leftandmain.js in upload iframe for assets 2014-02-26 11:17:56 +13:00
hdrlab
dc08172060 Make AssetAdmin obey file permissions 
This updates Silverstripe 2.4.x's AssetAdmin to obey per-file/folder permissions. 

NOTE: I noticed that Silverstripe 3's AssetAdmin checks a canAddChildren() function. This patch doesn't use that, as I'm assuming that this is new in SS 3. If this is not the case, then this patch will have to be updated.
 2014-02-20 17:19:45 +13:00
jean
c3b28e34cd BUGFIX Use the default string 'Any' instead of 'All' for class name criteria in search form on CMSMain 
At the moment, the only way to get results from the search form is to click "Clear" before adding any criteria, or the search form returns zero results. This is due to the difference between CMSMain#SiteTreeFilterPageTypeField which uses 'Any' as the default value for any classname, while CMSSiteTreeFilter#pagesIncluded expects 'All'. Regression introduced in 9e5af18b5c
 2014-02-10 10:01:15 +13:00
Ingo Schommer
6543b4e6f0 FIX Privilege escalation through Group and Member CSV upload (SS-2013-004) 
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
 2013-08-30 15:43:02 +02:00
Ingo Schommer
85da187f85 API Handle uncaught ValidationException on CMS controller execution 
This removes the need for a lot of boilerplate code
around DataObject->write() logic, and avoids generic 500 errors
on user-level failures. This should really be a per-project choice,
but at the moment request handling doesn't allow to configure
custom exception handling.
 2013-03-08 12:54:23 +01:00
Ingo Schommer
d2b4ee0380 FIX Checking for Versioned in LeftAndMain->save(), fixing admin/security saving 
Regression caused by 5137ef9d in sapphire, which moved
writeWithoutVersion() from DataObject to Versioned
 2013-03-06 12:54:38 +01:00
Ingo Schommer
4b650df618 BUG Escape page titles in CommentAdmin table listing 2013-02-26 17:31:47 +01:00
Ingo Schommer
c7b0666390 BUG Escape page titles in CommentAdmin table listing 2013-02-17 23:22:02 +01:00
Ingo Schommer
3aef9fef1e Merge remote-tracking branch 'origin/2.4' into post-2.4 
Conflicts:
	composer.json
	javascript/CMSMain_left.js
	javascript/LeftAndMain.js
 2013-01-06 22:37:56 +01:00
Ingo Schommer
41aec54e88 BUG Consistently use FormResponse in CMS JavaScript (fixes #8036) 
Regression caused by a security fix in 9bf3ae9a190
 2012-12-04 12:07:17 +01:00
Ingo Schommer
75e58c9508 More graceful handling of missing GET data in ModelAdmin 
See https://github.com/silverstripe/silverstripe-cms/pull/253
 2012-12-04 11:38:32 +01:00
Ingo Schommer
979f5967e2 Merge remote-tracking branch 'origin/2.4' into post-2.4 2012-11-02 18:37:58 +01:00
micschk
a2b77cebcb ENHANCEMENT: made default image width & height box configurable through setter method 2012-08-05 17:53:39 +12:00
Tim Klein
9e5af18b5c FIX: ensure page type filter includes all by default. Fixes #27 2012-08-05 17:49:16 +12:00
Cam Findlay
432ff1a1ea Fix page comment item title in RSS 2012-08-05 17:26:46 +12:00
Julian Seidenberg
838ac97177 BUGFIX: fixing an edge-case bug where a 404-page would get statically published and overwrite the homepage of the site (this would sometimes happen when a RedirectorPage was set to an external URL and still referenced an internal page ID) 2012-07-09 13:24:00 +12:00
Ingo Schommer
f483e09ee0 ENHANCEMENT Added note about comment moderation to PageCommentInterface->PostCommentForm() 2012-02-03 11:35:09 +01:00
Ingo Schommer
7ca05c6160 MINOR Using DataObject::database_fields() instead of Member->db() in MemberTableField? to determine all CSV fields, in order to include fields like Created. 2012-02-03 11:35:09 +01:00
Sam Minnee
7c863341ea Merge branch '2.4' into post-2.4 2012-02-03 09:42:30 +13:00
Ingo Schommer
4abe136db5 API CHANGE silverstripe_version file now contains the plain version number, rather than an SVN path 2012-02-01 18:56:21 +01:00
Ingo Schommer
3c947debfa MINOR Restored original behaviour in CMSVersion() conditional 2012-02-01 18:52:58 +01:00
Ingo Schommer
38046a5bb7 API CHANGE silverstripe_version file now contains the plain version number, rather than an SVN path 2012-02-01 18:48:18 +01:00
Ingo Schommer
441d4452e3 MINOR Variable checks in CMSMain->jsDeclaration() 2012-01-31 15:13:17 +01:00
Ingo Schommer
20085c46c3 BUGFIX Consistently using multibyte-safe htmlentities() 2012-01-31 15:13:17 +01:00
Ingo Schommer
f02f49c239 SECURITY Using JSON instead of serialize() to stringify user data in PageCommentsInterface 2012-01-31 15:13:16 +01:00
Ingo Schommer
a8c6924cf0 MINOR Using FieldHolder() instead of Field() for CMSMain->BatchActionParameters() so field behaviour can fully apply 2011-10-06 12:47:06 +02:00
Sam Minnee
775d492a25 BUGFIX: Better handling of non-existent records in delete calls (if button is clicked twice) (by sminnee, merged from r100473) 2011-10-06 12:47:06 +02:00
Sam Minnee
be3d357359 BUGFIX: Use SSReport::description() (by sminnee, merged from r100009) 2011-10-06 12:47:06 +02:00
Ingo Schommer
56cfff33e3 BUGFIX Marking fields as readonly in CMSMain->compareversions() before loading data, to avoid loading invalid values (HTML diffs) into the fields (AIR-39) 2011-10-06 12:47:06 +02:00
Ingo Schommer
8b810094ad BUGFIX Fixed tag stacking in Diff.php thirdparty lib (AIR-71) 2011-10-06 12:47:06 +02:00
Ingo Schommer
8eb153dc3b ENHANCEMENT Optional HTML escaping in Diff::compareHTML() (tested implicitly in DataDifferencerTest for sapphire) (AIR-56) 2011-10-06 12:47:06 +02:00
Ingo Schommer
d5755d3501 MINOR Removed debug code from Diff.php 2011-10-06 12:47:06 +02:00
Ingo Schommer
5e74e4da3c BUGFIX Allowing overflowing "insert link/image/flash" panel in CMS to scroll (AIR-17) 2011-10-06 12:47:03 +02:00
Ingo Schommer
bb757d13a4 ENHANCEMENT Allow editing of new File.ShowInSearch flag through AssetTableField 2011-09-15 16:17:47 +02:00
Ingo Schommer
d15e8509b0 SECURITY Using JSON instead of serialize() to stringify user data in PageCommentsInterface 2011-09-15 15:22:54 +02:00
Ingo Schommer
b5ea2f68fe BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping 2011-09-15 15:20:04 +02:00
Ingo Schommer
d81f882b4f MINOR Checking for success of file upload before trying to add metadata in AssetAdmin->doUpload() (AIR-37) 2011-09-01 14:49:23 +02:00
Ingo Schommer
6b9b0ef161 MINOR Using increase_memory_limit_to() in CMSMain->buildbrokenlinks() 2011-08-30 14:55:20 +02:00
Ingo Schommer
a642ad2538 MINOR Variable declaration in CMSMain 2011-08-29 15:10:32 +02:00
Ingo Schommer
f55e21ec3a MINOR More user friendly responses on model layer errors (ValidationException) in CMSMain and LeftAndMain 2011-08-29 15:10:32 +02:00
Ingo Schommer
f954b0869e MINOR Allowing array-based values in Diff->getHTMLChunks() by imploding on comma (AIR-39) 2011-08-29 15:10:29 +02:00
Ingo Schommer
88cbd4605e MINOR Better error checking in AssetAdmin->doUpload() (AIR-41) 2011-08-29 08:59:58 +02:00
Ingo Schommer
aa1ce1af39 MINOR Argument checks in AssetTableField->getCustomFieldsFor() (AIR-40) 2011-08-26 09:26:17 +02:00
Ingo Schommer
68fa4a51e0 API CHANGE Require ADMIN permissions for performance-heavy tasks in CMSMain: getpagecount() and publishall(), and using increase_time_limit_to() which respects higher 'max_execution_time' settings 2011-08-22 18:19:20 +02:00
Ingo Schommer
e988dccec3 MINOR Fail more gracefully in AssetAdmin->getsubtree() for nonexistant objects (AIR-45) 2011-08-22 14:12:05 +02:00
Ingo Schommer
ead6df93eb MINOR Better handling of non-existent records in CMSMain by returning a 400 HTTP status code (AIR-43) 2011-08-22 13:58:45 +02:00
Ingo Schommer
0497ab3aa0 MINOR Removed unused calendar.js dependency from LeftAndMain::init() (now uses jQuery.datepicker throughout the backend UI) 2011-08-16 15:53:39 +02:00