tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-01 00:49:33 +02:00
Code Issues Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/3.0' into 3.1

Browse Source 
Conflicts:
	docs/en/changelogs/3.0.6.md
	forms/Form.php
	forms/FormField.php
	forms/TreeDropdownField.php
This commit is contained in:
Ingo Schommer 2013-09-27 18:50:47 +02:00
commit 2e3511bc5f
8 changed files with 57 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/en/changelogs/3.0.6.md
View File

@ -1,4 +1,4 @@
# 3.0.6 (Not yet released)
# 3.0.6
## Overview
@ -23,6 +23,10 @@ See [announcement](http://www.silverstripe.org/ss-2013-004-privilege-escalation-
See [announcement](http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/)
### Security: Information disclosure in Versioned.php (SS-2013-006)
See [announcement](http://www.silverstripe.org/ss-2013-006-information-disclosure-in-versioned/)
### Security: Privilege escalation through Group hierarchy setting (SS-2013-003)
See [announcement](http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/)

17
docs/en/changelogs/3.0.7.md Normal file
View File

@ -0,0 +1,17 @@
# 3.0.7
## Overview
### Security: XSS in form validation errors (SS-2013-008)
See [announcement](http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/)
### Security: XSS in CMS "Pages" section (SS-2013-009)
See [announcement](http://www.silverstripe.org/ss-2013-009-xss-in-cms-pages-section/)
### API: Form validation message no longer allow HTML
Due to cross-site scripting concerns when user data is used for form messages,
it is no longer possible to use HTML in `Form->sessionMessage()`, and consequently
in the `FormField->validate()` API.

17
docs/en/changelogs/rc/3.0.7-rc1.md Normal file
View File

@ -0,0 +1,17 @@
# 3.0.7-rc1
## Overview
### Security: XSS in form validation errors (SS-2013-008)
See [announcement](http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/)
### Security: XSS in CMS "Pages" section (SS-2013-009)
See [announcement](http://www.silverstripe.org/ss-2013-009-xss-in-cms-pages-section/)
### API: Form validation message no longer allow HTML
Due to cross-site scripting concerns when user data is used for form messages,
it is no longer possible to use HTML in `Form->sessionMessage()`, and consequently
in the `FormField->validate()` API.

2
docs/en/topics/versioning.md
View File

@ -81,7 +81,7 @@ but also include information about when and how a record was published.
:::php
$record = MyRecord::get()->byID(99); // stage doesn't matter here
$versions = $record->allVersions();
echo $versions->First()->Version; // instance of Versioned_Versoin
echo $versions->First()->Version; // instance of Versioned_Version
### Writing Versions and Changing Stages

3
forms/CreditCardField.php
View File

@ -35,6 +35,9 @@ class CreditCardField extends TextField {
* @return string
*/
protected function getTabIndexHTML($increment = 0) {
// we can't add a tabindex if there hasn't been one set yet.
if($this->getAttribute('tabindex') === null) return false;
$tabIndex = (int)$this->getAttribute('tabindex') + (int)$increment;
return (is_numeric($tabIndex)) ? ' tabindex = "' . $tabIndex . '"' : '';
}