mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-29 20:59:23 +02:00
Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts: docs/en/changelogs/3.0.6.md forms/Form.php forms/FormField.php forms/TreeDropdownField.php
This commit is contained in:
commit
2e3511bc5f
@ -1,4 +1,4 @@
|
||||
# 3.0.6 (Not yet released)
|
||||
# 3.0.6
|
||||
|
||||
## Overview
|
||||
|
||||
@ -23,6 +23,10 @@ See [announcement](http://www.silverstripe.org/ss-2013-004-privilege-escalation-
|
||||
|
||||
See [announcement](http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/)
|
||||
|
||||
### Security: Information disclosure in Versioned.php (SS-2013-006)
|
||||
|
||||
See [announcement](http://www.silverstripe.org/ss-2013-006-information-disclosure-in-versioned/)
|
||||
|
||||
### Security: Privilege escalation through Group hierarchy setting (SS-2013-003)
|
||||
|
||||
See [announcement](http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/)
|
||||
|
17
docs/en/changelogs/3.0.7.md
Normal file
17
docs/en/changelogs/3.0.7.md
Normal file
@ -0,0 +1,17 @@
|
||||
# 3.0.7
|
||||
|
||||
## Overview
|
||||
|
||||
### Security: XSS in form validation errors (SS-2013-008)
|
||||
|
||||
See [announcement](http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/)
|
||||
|
||||
### Security: XSS in CMS "Pages" section (SS-2013-009)
|
||||
|
||||
See [announcement](http://www.silverstripe.org/ss-2013-009-xss-in-cms-pages-section/)
|
||||
|
||||
### API: Form validation message no longer allow HTML
|
||||
|
||||
Due to cross-site scripting concerns when user data is used for form messages,
|
||||
it is no longer possible to use HTML in `Form->sessionMessage()`, and consequently
|
||||
in the `FormField->validate()` API.
|
17
docs/en/changelogs/rc/3.0.7-rc1.md
Normal file
17
docs/en/changelogs/rc/3.0.7-rc1.md
Normal file
@ -0,0 +1,17 @@
|
||||
# 3.0.7-rc1
|
||||
|
||||
## Overview
|
||||
|
||||
### Security: XSS in form validation errors (SS-2013-008)
|
||||
|
||||
See [announcement](http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/)
|
||||
|
||||
### Security: XSS in CMS "Pages" section (SS-2013-009)
|
||||
|
||||
See [announcement](http://www.silverstripe.org/ss-2013-009-xss-in-cms-pages-section/)
|
||||
|
||||
### API: Form validation message no longer allow HTML
|
||||
|
||||
Due to cross-site scripting concerns when user data is used for form messages,
|
||||
it is no longer possible to use HTML in `Form->sessionMessage()`, and consequently
|
||||
in the `FormField->validate()` API.
|
@ -81,7 +81,7 @@ but also include information about when and how a record was published.
|
||||
:::php
|
||||
$record = MyRecord::get()->byID(99); // stage doesn't matter here
|
||||
$versions = $record->allVersions();
|
||||
echo $versions->First()->Version; // instance of Versioned_Versoin
|
||||
echo $versions->First()->Version; // instance of Versioned_Version
|
||||
|
||||
### Writing Versions and Changing Stages
|
||||
|
||||
|
@ -35,6 +35,9 @@ class CreditCardField extends TextField {
|
||||
* @return string
|
||||
*/
|
||||
protected function getTabIndexHTML($increment = 0) {
|
||||
// we can't add a tabindex if there hasn't been one set yet.
|
||||
if($this->getAttribute('tabindex') === null) return false;
|
||||
|
||||
$tabIndex = (int)$this->getAttribute('tabindex') + (int)$increment;
|
||||
return (is_numeric($tabIndex)) ? ' tabindex = "' . $tabIndex . '"' : '';
|
||||
}
|
||||
|
@ -1481,7 +1481,7 @@ class Form extends RequestHandler {
|
||||
public function addExtraClass($class) {
|
||||
//split at white space
|
||||
$classes = preg_split('/\s+/', $class);
|
||||
foreach ($classes as $class) {
|
||||
foreach($classes as $class) {
|
||||
//add classes one by one
|
||||
$this->extraClasses[$class] = $class;
|
||||
}
|
||||
|
@ -306,7 +306,7 @@ class FormField extends RequestHandler {
|
||||
$classes = preg_split('/\s+/', $class);
|
||||
foreach ($classes as $class) {
|
||||
//add each class one by one
|
||||
$this->extraClasses[$class] = $class;
|
||||
$this->extraClasses[$class] = $class;
|
||||
}
|
||||
return $this;
|
||||
}
|
||||
@ -751,8 +751,8 @@ class FormField extends RequestHandler {
|
||||
$clone->setDisabled(true);
|
||||
}
|
||||
|
||||
return $clone;
|
||||
}
|
||||
return $clone;
|
||||
}
|
||||
|
||||
public function transform(FormTransformation $trans) {
|
||||
return $trans->transform($this);
|
||||
@ -782,7 +782,7 @@ class FormField extends RequestHandler {
|
||||
public function createTag($tag, $attributes, $content = null) {
|
||||
Deprecation::notice('3.2', 'Use FormField::create_tag()');
|
||||
return self::create_tag($tag, $attributes, $content);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Abstract method each {@link FormField} subclass must implement,
|
||||
@ -886,7 +886,7 @@ class FormField extends RequestHandler {
|
||||
// of the field, e.g. its "type" attribute.
|
||||
foreach($this->attributes as $k => $v) {
|
||||
$field->setAttribute($k, $v);
|
||||
}
|
||||
}
|
||||
$field->dontEscape = $this->dontEscape;
|
||||
|
||||
return $field;
|
||||
|
@ -184,8 +184,8 @@ class TreeDropdownField extends FormField {
|
||||
if($this->showSearch){
|
||||
$title = _t('DropdownField.CHOOSESEARCH', '(Choose or Search)', 'start value of a dropdown');
|
||||
}else{
|
||||
$title = _t('DropdownField.CHOOSE', '(Choose)', 'start value of a dropdown');
|
||||
}
|
||||
$title = _t('DropdownField.CHOOSE', '(Choose)', 'start value of a dropdown');
|
||||
}
|
||||
}
|
||||
|
||||
// TODO Implement for TreeMultiSelectField
|
||||
|
Loading…
Reference in New Issue
Block a user