tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #10062 from silverstripe/3.7

Browse Source 
Merge up 3.7
This commit is contained in:
Steve Boyd 2021-08-19 09:11:43 +12:00 committed by GitHub
commit a2f004ae85
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/en/02_Developer_Guides/09_Security/02_Permissions.md
View File

@ -67,7 +67,7 @@ Making this work well is a subtle business and should be discussed with a few de
## Using permissions ## Using permissions
* On an individual data record, $page->can("View", $member = null) and be called. If a member isn't passed, the * On an individual data record, $page->can("View", $member = null) can be called. If a member isn't passed, the
currently logged in member is assumed. currently logged in member is assumed.
* On a request, $request->hasPermission("View", $member = null) can be called. See [datamodel](/developer_guides/model/permissions) for * On a request, $request->hasPermission("View", $member = null) can be called. See [datamodel](/developer_guides/model/permissions) for
information on request objects. information on request objects.

1
docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
View File

@ -94,6 +94,7 @@ Example:
$members = Member::get()->where(sprintf('"Name" = %s', Convert::raw2sql($_GET['name'], true))); $members = Member::get()->where(sprintf('"Name" = %s', Convert::raw2sql($_GET['name'], true)));
``` ```
[warning]
It is NOT good practice to "be sure" and convert the data passed to the functions above manually. This might It is NOT good practice to "be sure" and convert the data passed to the functions above manually. This might
result in *double escaping* and alters the actually saved data (e.g. by adding slashes to your content). result in *double escaping* and alters the actually saved data (e.g. by adding slashes to your content).
[/warning] [/warning]

3
model/connect/DBSchemaManager.php
View File

@ -317,7 +317,8 @@ abstract class DBSchemaManager {
if (preg_match('/ENGINE=([^\s]*)/', $options[$dbID], $alteredEngineMatches)) { if (preg_match('/ENGINE=([^\s]*)/', $options[$dbID], $alteredEngineMatches)) {
$alteredEngine = $alteredEngineMatches[1]; $alteredEngine = $alteredEngineMatches[1];
$tableStatus = $this->query(sprintf('SHOW TABLE STATUS LIKE \'%s\'', $table))->first(); $tableStatus = $this->query(sprintf('SHOW TABLE STATUS LIKE \'%s\'', $table))->first();
$tableOptionsChanged = ($tableStatus['Engine'] != $alteredEngine); $engine = isset($tableStatus['Engine']) ? $tableStatus['Engine'] : null;
$tableOptionsChanged = ($engine != $alteredEngine);
} }
} }

3
parsers/HTML/HTMLBBCodeParser.php
View File

@ -502,7 +502,8 @@ class SSHTMLBBCodeParser
{ {
if (trim($tag['text']) == '') { if (trim($tag['text']) == '') {
//just an empty indentation or newline without value? //just an empty indentation or newline without value?
continue; //skip this iteration of the foreach loop
continue 2;
} }
$newTagArray[] = $child; $newTagArray[] = $child;
$openTags[] = $child['tag']; $openTags[] = $child['tag'];