mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-07-03 01:49:37 +02:00
Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts: docs/en/changelogs/3.0.6.md forms/Form.php forms/FormField.php forms/TreeDropdownField.php
This commit is contained in:
commit
2e3511bc5f
|
@ -1,4 +1,4 @@
|
||||||
# 3.0.6 (Not yet released)
|
# 3.0.6
|
||||||
|
|
||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
|
@ -23,6 +23,10 @@ See [announcement](http://www.silverstripe.org/ss-2013-004-privilege-escalation-
|
||||||
|
|
||||||
See [announcement](http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/)
|
See [announcement](http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/)
|
||||||
|
|
||||||
|
### Security: Information disclosure in Versioned.php (SS-2013-006)
|
||||||
|
|
||||||
|
See [announcement](http://www.silverstripe.org/ss-2013-006-information-disclosure-in-versioned/)
|
||||||
|
|
||||||
### Security: Privilege escalation through Group hierarchy setting (SS-2013-003)
|
### Security: Privilege escalation through Group hierarchy setting (SS-2013-003)
|
||||||
|
|
||||||
See [announcement](http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/)
|
See [announcement](http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/)
|
||||||
|
|
17
docs/en/changelogs/3.0.7.md
Normal file
17
docs/en/changelogs/3.0.7.md
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# 3.0.7
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
### Security: XSS in form validation errors (SS-2013-008)
|
||||||
|
|
||||||
|
See [announcement](http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/)
|
||||||
|
|
||||||
|
### Security: XSS in CMS "Pages" section (SS-2013-009)
|
||||||
|
|
||||||
|
See [announcement](http://www.silverstripe.org/ss-2013-009-xss-in-cms-pages-section/)
|
||||||
|
|
||||||
|
### API: Form validation message no longer allow HTML
|
||||||
|
|
||||||
|
Due to cross-site scripting concerns when user data is used for form messages,
|
||||||
|
it is no longer possible to use HTML in `Form->sessionMessage()`, and consequently
|
||||||
|
in the `FormField->validate()` API.
|
17
docs/en/changelogs/rc/3.0.7-rc1.md
Normal file
17
docs/en/changelogs/rc/3.0.7-rc1.md
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# 3.0.7-rc1
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
### Security: XSS in form validation errors (SS-2013-008)
|
||||||
|
|
||||||
|
See [announcement](http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/)
|
||||||
|
|
||||||
|
### Security: XSS in CMS "Pages" section (SS-2013-009)
|
||||||
|
|
||||||
|
See [announcement](http://www.silverstripe.org/ss-2013-009-xss-in-cms-pages-section/)
|
||||||
|
|
||||||
|
### API: Form validation message no longer allow HTML
|
||||||
|
|
||||||
|
Due to cross-site scripting concerns when user data is used for form messages,
|
||||||
|
it is no longer possible to use HTML in `Form->sessionMessage()`, and consequently
|
||||||
|
in the `FormField->validate()` API.
|
|
@ -81,7 +81,7 @@ but also include information about when and how a record was published.
|
||||||
:::php
|
:::php
|
||||||
$record = MyRecord::get()->byID(99); // stage doesn't matter here
|
$record = MyRecord::get()->byID(99); // stage doesn't matter here
|
||||||
$versions = $record->allVersions();
|
$versions = $record->allVersions();
|
||||||
echo $versions->First()->Version; // instance of Versioned_Versoin
|
echo $versions->First()->Version; // instance of Versioned_Version
|
||||||
|
|
||||||
### Writing Versions and Changing Stages
|
### Writing Versions and Changing Stages
|
||||||
|
|
||||||
|
|
|
@ -35,6 +35,9 @@ class CreditCardField extends TextField {
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
protected function getTabIndexHTML($increment = 0) {
|
protected function getTabIndexHTML($increment = 0) {
|
||||||
|
// we can't add a tabindex if there hasn't been one set yet.
|
||||||
|
if($this->getAttribute('tabindex') === null) return false;
|
||||||
|
|
||||||
$tabIndex = (int)$this->getAttribute('tabindex') + (int)$increment;
|
$tabIndex = (int)$this->getAttribute('tabindex') + (int)$increment;
|
||||||
return (is_numeric($tabIndex)) ? ' tabindex = "' . $tabIndex . '"' : '';
|
return (is_numeric($tabIndex)) ? ' tabindex = "' . $tabIndex . '"' : '';
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user