tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge branch '4.5' into 4

Browse Source
This commit is contained in:
Maxime Rainville 2020-02-17 18:11:23 +13:00
commit affd43052a
12 changed files with 328 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
View File

@ -352,6 +352,19 @@ template, you'll need to take care of casting and escaping yourself in PHP.
The [Convert](api:SilverStripe\Core\Convert) class has utilities for this, mainly *Convert::raw2xml()* and *Convert::raw2att()* (which is
also used by *XML* and *ATT* in template code).
<div class="warning" markdown='1'>
Most of the `Convert::raw2` methods accept arrays and do not affect array keys.
If you serialize your data, make sure to do that before you pass it to `Convert::raw2` methods.
E.g.:
```php
json_encode(Convert::raw2sql($request->getVar('multiselect'))); // WRONG!
Convert::raw2sql(json_encode($request->getVar('multiselect'))); // Correct!
```
</div>
PHP:
```php

65
docs/en/04_Changelogs/4.4.5.md Normal file
View File

@ -0,0 +1,65 @@
# 4.4.5
## Security patches
This release contains security patches
### CVE-2019-1935 (CVSS 7.5)
Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. There is no known attack vector for extracting user-session information or credentials automatically, it required a user to fall for the phishing attempt. XSS can also be used to modify the presentation of content in malicious ways.
The vulnerability is known to apply in at least the following cases:
The login form provided by Silverstripe. When the login form is used with Multi Factor Authentication (MFA), the attack complexity for phishing increases, and is mitigated by using security keys such as Yubikey as an unphishable token.
Forms which are configured to populate field values based on request parameters. This usually happens via setting the $value on a FormField instance during construction of the form, or by loading request data via Form->loadDataFrom($myRequest->getVars()).
Forms which have form validation applied through RequiredFields, and opt-out of using CSRF tokens via disableSecurityToken(). In this case, the vulnerability is more impactful if the form is also configured to accept GET submissions, rather than the default of POST submissions.
The vulnerability has not identified on forms created through the silverstripe/userforms module.
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2020-02-03 [ad1b00e](https://github.com/silverstripe/silverstripe-framework/commit/ad1b00ec7dc1589a05bfc7f5f8207489797ef714) XSS through non-scalar FormField attributes - See [CVE-2019-19325](https://www.silverstripe.org/download/security-releases/cve-2019-19325)
* 2020-02-13 [d515e5e](https://github.com/silverstripe/silverstripe-admin/commit/d515e5eced1787d99d4ca1520e01513c2031a627) XSS through non-scalar FormField attributes - See [CVE-2019-19325](https://www.silverstripe.org/download/security-releases/cve-2019-19325)
### Bugfixes
* 2020-01-07 [089053b](https://github.com/silverstripe/silverstripe-admin/commit/089053b42d5561720bdb08203371db1c94cadcf9) Make discard confirmations show up when navigating away from editing files (bergice)
* 2019-12-16 [8edf14d](https://github.com/silverstripe/silverstripe-assets/commit/8edf14dee8deacd2a0bd013344dd26089e8e8b36) VersionedFilesMigrator auto-generated .htaccess directives (Serge Latyntcev)
* 2019-12-15 [fbc37fb](https://github.com/silverstripe/silverstripe-versioned/commit/fbc37fb6e74b90b72c7313fc428beec81b9ee4de) Default WasDraft to true when migrating versioned DataObject (#240) (Maxime Rainville)
* 2019-12-09 [be5234d](https://github.com/silverstripe/silverstripe-graphql/commit/be5234d089e0835c5d18248dee4ba53f09d539dc) Reference the correct filters for endswith and startswith (Maxime Rainville)
* 2019-11-27 [f85209e](https://github.com/silverstripe/silverstripe-graphql/commit/f85209ec5b8834e337c171072cb79b80b9d27a59) fix Injector class alias is now quoted to prevent symfony/yaml 4.0 deprecation warnings (wernerkrauss)
* 2019-11-26 [04c377f](https://github.com/silverstripe/silverstripe-errorpage/commit/04c377f33371b1ec7c8b4e28da7bb766294d62cf) Fix phpcs install, phpunit name (Serge Latyntcev)
* 2019-11-24 [f78b7a5](https://github.com/silverstripe/silverstripe-asset-admin/commit/f78b7a5e1eca2a13caf4b53085a4f8c9a9dd33fa) Update build script to copy images to dist folder (Maxime Rainville)
* 2019-11-22 [af55826](https://github.com/silverstripe/silverstripe-asset-admin/commit/af558265416a1d98648d98341f2236ef05124d3b) Fix missing dist images (Damian Mooyman)
* 2019-11-20 [453945da1](https://github.com/silverstripe/silverstripe-framework/commit/453945da14c6c7354535189d251c5eda193253ca) Session::restart() didn't correctly restart session (fixes #9259) (Loz Calver)
* 2019-11-15 [64654ec](https://github.com/silverstripe/silverstripe-assets/commit/64654ec9f606a96ee02b50606c8f3a5656904efa) Retrieve file by filename (Maxime Rainville)
* 2019-11-14 [4372544](https://github.com/silverstripe/silverstripe-assets/commit/43725448768422448fe96be842ed5c754a654693) Fix linting issue in VersionedFilesMigrationTask and VersionedFilesMigrator (Maxime Rainville)
* 2019-11-12 [9648801](https://github.com/silverstripe/silverstripe-versioned-admin/commit/9648801aa0eb8ad5ef8b78c9f28c3617a7fe3a03) Gracefully handle lack of actions in HistoryViewer (Serge Latyntcev)
* 2019-11-07 [3a00ecc](https://github.com/silverstripe/silverstripe-admin/commit/3a00ecc388c24d52ee7fa5830c5ed57f2dba1e84) Lowercase PHPUnit in composer.json to allow packagist to resolve 1.2.x-dev (Maxime Rainville)
* 2019-11-04 [d32b280](https://github.com/silverstripe/silverstripe-errorpage/commit/d32b28011c85fe509919cac72a4b314466dc99ae) Resolve issue where dev/build does not refresh static content (Damian Mooyman)
* 2019-10-29 [e76601e5c](https://github.com/silverstripe/silverstripe-framework/commit/e76601e5c8c9b67ca1105958b556b355375ae6bb) FormAction title property cannot be set if useButtonTag is false (Damian Mooyman)
* 2019-10-28 [f03b3a0](https://github.com/silverstripe/silverstripe-admin/commit/f03b3a085e8e8b5675c5a1e3b100eaab619b6a31) fixed creating multiple duplicate data objects (#961) (Guy Marriott)
* 2019-10-23 [15b21fc](https://github.com/silverstripe/silverstripe-admin/commit/15b21fcf502a6de90169c2f6a1940270c9176e4f) Remove deprecated uppercase characters from composer.json (#982) (Garion Herman)
* 2019-10-09 [eb369ed](https://github.com/silverstripe/silverstripe-versioned-admin/commit/eb369edba887b43e78c63f96c80792e94079afe0) Gracefully handle lack of versions in HistoryViewer (Serge Latyntcev)
* 2019-10-08 [3a3705d](https://github.com/silverstripe/silverstripe-versioned/commit/3a3705dc83ce866e253f82b1abc5c7287ec5f5b6) archive relationships, not related objects (Dylan Wagstaff)
* 2019-10-03 [f1594fd99](https://github.com/silverstripe/silverstripe-framework/commit/f1594fd991b701d4b97b164919844242f45ae15e) Ensure that canCreate() context matches that respected by GridFieldAddNewButton (Damian Mooyman)
* 2019-10-03 [b3ccd48](https://github.com/silverstripe/silverstripe-admin/commit/b3ccd48cb9bc0567f9ce53a74d5d465be4e77d90) Remove buggy code from LeftAndMain Breadcrumb (Maxime Rainville)
* 2019-10-02 [7db524bd9](https://github.com/silverstripe/silverstripe-framework/commit/7db524bd9065dc1918fd812bf20e207740b57dd0) DebugViewFrendlyErrorFormatter handle of admin_email (Serge Latyntcev)
* 2019-09-30 [be44178](https://github.com/silverstripe/silverstripe-admin/commit/be441785aeb79ea77bd56a5e74a668d809e92530) fixed creating multiple duplicate data object by locking out save button on submit (Makreig)
* 2019-09-29 [2799265](https://github.com/silverstripe/silverstripe-asset-admin/commit/2799265675ac251c4590c80258f717a08d199273) Honour AssetAdminFile insert dimentions when inserting a new image (#1015) (Maxime Rainville)
* 2019-09-29 [f475826](https://github.com/silverstripe/silverstripe-assets/commit/f4758265ad245e3b05f8e5fcf9c87fb490de5853) Fix inlinting issue (Maxime Rainville)
* 2019-09-29 [30d816e](https://github.com/silverstripe/silverstripe-assets/commit/30d816ef386f13a774b4d037620d2435d65af42f) Flush cache before every test in Sha1FileHashingServiceTest (Maxime Rainville)
* 2019-09-26 [959da81](https://github.com/silverstripe/silverstripe-assets/commit/959da8137684fcadd50701111355e3f71d4c9fe1) Store the timestamp in the cache (Maxime Rainville)
* 2019-09-25 [255bf2f](https://github.com/silverstripe/silverstripe-admin/commit/255bf2f485963b403b627d887bb943412a73f83b) JSTree error if callback isn't passed (fixes #958) (Loz Calver)
* 2019-09-24 [fb36e03](https://github.com/silverstripe/silverstripe-admin/commit/fb36e032db48446db074ed09b5d1720bf58370b3) Search for both Save and Apply change when running behat tests (Maxime Rainville)
* 2019-09-23 [aa7c05742](https://github.com/silverstripe/silverstripe-framework/commit/aa7c05742242f8e2ec77f97b52839e0365ec7e1a) Don't force-add view button to readonly GridField (fixes #… (#9254) (Guy Marriott)
* 2019-09-23 [190b2f284](https://github.com/silverstripe/silverstripe-framework/commit/190b2f28429cd870c791f689def055061665ee58) run member CMS validator when editing via groups (fixes #9… (#9255) (Guy Marriott)
* 2019-09-23 [efdb9cc71](https://github.com/silverstripe/silverstripe-framework/commit/efdb9cc718517c09800a47bb53374bff787b54fa) run member CMS validator when editing via groups (fixes #9184) (Loz Calver)
* 2019-09-23 [d85ff3bc4](https://github.com/silverstripe/silverstripe-framework/commit/d85ff3bc4463d47edd6b662b34569162e3861a88) Don't force-add view button to readonly GridField (fixes #9249) (Loz Calver)
* 2019-09-23 [f177606](https://github.com/silverstripe/recipe-core/commit/f1776060fec34ba5ac83f1be9f88906e055b1c20) Update Apache .htaccess for new access directives (Dylan Wagstaff)
* 2019-08-16 [9d44a3b](https://github.com/silverstripe/silverstripe-asset-admin/commit/9d44a3bb44b44b63c0807ddc853689105fb1f6fe) Optimise AssetAdminFile::nestedFolderIDs (Guy Marriott)
<!--- Changes above this line will be automatically regenerated -->

57
docs/en/04_Changelogs/4.5.1.md Normal file
View File

@ -0,0 +1,57 @@
# 4.5.1
## Security patches
This release contains security patches
### CVE-2019-1935 (CVSS 7.5)
Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data).
See [cve-2019-19325](https://www.silverstripe.org/download/security-releases/cve-2019-19325)
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2020-02-12 [d515e5e](https://github.com/silverstripe/silverstripe-admin/commit/d515e5eced1787d99d4ca1520e01513c2031a627) XSS through non-scalar FormField attributes (Serge Latyntcev) - See [cve-2019-19325](https://www.silverstripe.org/download/security-releases/cve-2019-19325)
* 2020-02-03 [ad1b00ec7](https://github.com/silverstripe/silverstripe-framework/commit/ad1b00ec7dc1589a05bfc7f5f8207489797ef714) XSS through non-scalar FormField attributes (Serge Latyntcev) - See [cve-2019-19325](https://www.silverstripe.org/download/security-releases/cve-2019-19325)
### Features and Enhancements
* 2020-01-14 [63b24d7](https://github.com/silverstripe/silverstripe-admin/commit/63b24d785cd5e8e53d78bae603f0d5fda9af6d74) Add new block icon set for open source use (Sacha Judd)
### Bugfixes
* 2020-02-16 [b1576a8](https://github.com/silverstripe/silverstripe-graphql/commit/b1576a820109e7840093620b52c6a0fcaa597e7f) ensure canView check is run on returned items (#8) (Steve Boyd)
* 2020-02-13 [62a68f4](https://github.com/silverstripe/silverstripe-admin/commit/62a68f480f5383f092155d450fd9279d27694e9c) Add back missing edit-write icon (Sacha Judd)
* 2020-02-11 [f7d09b1](https://github.com/silverstripe/silverstripe-versioned-admin/commit/f7d09b1704ce6f27b9d8a4b125e000a29299bfa5) Update core requirements to 4.5 series (Garion Herman)
* 2020-02-10 [bddb5ad](https://github.com/silverstripe/silverstripe-versioned/commit/bddb5ad97c15034d2fecf120048aecea69404a3d) Update core requirement to 4.5 series (Garion Herman)
* 2020-02-10 [62de5181](https://github.com/silverstripe/silverstripe-siteconfig/commit/62de51815cd2d9142974bfd4d0761ac45847b3c2) Update core requirements to 4.5 series (Garion Herman)
* 2020-02-10 [7436e11d](https://github.com/silverstripe/silverstripe-reports/commit/7436e11d4fb8c057b5fbe6cf482b35ac4a9443b8) Update core requirements to 4.5 series (Garion Herman)
* 2020-02-10 [2742d74](https://github.com/silverstripe/silverstripe-errorpage/commit/2742d74b42e4b77775b63fbb0771924576bed09a) Update CMS requirement to 4.5 series (Garion Herman)
* 2020-02-10 [664e6c99](https://github.com/silverstripe/silverstripe-cms/commit/664e6c99c0c0ac2733245024e461f2454c07ad05) Update core requirements to 4.5 series (Garion Herman)
* 2020-02-10 [ad5858a](https://github.com/silverstripe/silverstripe-campaign-admin/commit/ad5858ae28a8a7f25423b22990d561a6c7dac9e3) Update core requirements to 4.5 series (Garion Herman)
* 2020-02-10 [5053663](https://github.com/silverstripe/silverstripe-asset-admin/commit/50536635359c1fb3d2da06ed558fe07d25757dac) Update core requirements to 4.5 series (Garion Herman)
* 2020-02-10 [93d1acc](https://github.com/silverstripe/silverstripe-assets/commit/93d1acc4d53edb2affcb1d318edb721a6e307f66) Update framework requirement to 4.5 series (Garion Herman)
* 2020-02-05 [5dec950](https://github.com/silverstripe/silverstripe-asset-admin/commit/5dec9505f415f6396c9437a625ae2872e89c8cdd) do not render ImageSizePresentList react component for remote files (Steve Boyd)
* 2020-02-04 [ca36a47bb](https://github.com/silverstripe/silverstripe-framework/commit/ca36a47bb1de577ae8bc2a81ac20eb5f804fc7e1) Update ORM DBField types to use Injector in scaffoldFormField() (mnuguid)
* 2020-01-23 [9750538a](https://github.com/silverstripe/silverstripe-cms/commit/9750538a5a4b65464d43e673403128c34bbbaabe) Update URLSegment field on enter key, rather than saving page (Garion Herman)
* 2020-01-23 [aa31b3d](https://github.com/silverstripe/silverstripe-versioned-admin/commit/aa31b3debbe6e98f9e54fc4fc646eb3df63931d4) Adjust diff styling to improve accessibility (Garion Herman)
* 2020-01-23 [dd8c2ce](https://github.com/silverstripe/silverstripe-assets/commit/dd8c2ce3ca8c6069fbd4ad6fcad156d5f9b150bd) temp images not being deleted if error is thrown (bergice)
* 2020-01-23 [76f1abc](https://github.com/silverstripe/silverstripe-versioned-admin/commit/76f1abc43900d14751a86d7faf57f0ca7f05fde8) Changed revert button title when revert is possible. (bergice)
* 2020-01-22 [82a76b93](https://github.com/silverstripe/silverstripe-cms/commit/82a76b9300d33e388684160ac6255cb36ab4cd75) Fix alert showing for unrelated elements (bergice)
* 2020-01-07 [089053b](https://github.com/silverstripe/silverstripe-admin/commit/089053b42d5561720bdb08203371db1c94cadcf9) Make discard confirmations show up when navigating away from editing files (bergice)
* 2019-12-16 [8edf14d](https://github.com/silverstripe/silverstripe-assets/commit/8edf14dee8deacd2a0bd013344dd26089e8e8b36) VersionedFilesMigrator auto-generated .htaccess directives (Serge Latyntcev)
* 2019-12-15 [fbc37fb](https://github.com/silverstripe/silverstripe-versioned/commit/fbc37fb6e74b90b72c7313fc428beec81b9ee4de) Default WasDraft to true when migrating versioned DataObject (#240) (Maxime Rainville)
* 2019-12-11 [e229a98](https://github.com/silverstripe/silverstripe-assets/commit/e229a98e8e0d2554d7b6ab8408d10cbd54db12c0) Fixes #352 with guard for Folder query result (Russell Michell)
* 2019-12-09 [be5234d](https://github.com/silverstripe/silverstripe-graphql/commit/be5234d089e0835c5d18248dee4ba53f09d539dc) Reference the correct filters for endswith and startswith (Maxime Rainville)
* 2019-11-26 [04c377f](https://github.com/silverstripe/silverstripe-errorpage/commit/04c377f33371b1ec7c8b4e28da7bb766294d62cf) Fix phpcs install, phpunit name (Serge Latyntcev)
* 2019-11-24 [f78b7a5](https://github.com/silverstripe/silverstripe-asset-admin/commit/f78b7a5e1eca2a13caf4b53085a4f8c9a9dd33fa) Update build script to copy images to dist folder (Maxime Rainville)
* 2019-11-22 [af55826](https://github.com/silverstripe/silverstripe-asset-admin/commit/af558265416a1d98648d98341f2236ef05124d3b) Fix missing dist images (Damian Mooyman)
* 2019-11-15 [64654ec](https://github.com/silverstripe/silverstripe-assets/commit/64654ec9f606a96ee02b50606c8f3a5656904efa) Retrieve file by filename (Maxime Rainville)
* 2019-11-14 [4372544](https://github.com/silverstripe/silverstripe-assets/commit/43725448768422448fe96be842ed5c754a654693) Fix linting issue in VersionedFilesMigrationTask and VersionedFilesMigrator (Maxime Rainville)
* 2019-11-04 [d32b280](https://github.com/silverstripe/silverstripe-errorpage/commit/d32b28011c85fe509919cac72a4b314466dc99ae) Resolve issue where dev/build does not refresh static content (Damian Mooyman)
<!--- Changes above this line will be automatically regenerated -->

44
lang/de.yml
View File

@ -7,6 +7,7 @@ de:
EDITINFO: 'Diese Datei bearbeiten'
REMOVE: Entfernen
SilverStripe\Control\ChangePasswordEmail_ss:
CHANGEPASSWORDFOREMAIL: 'Das Passwort für den Account mit der E-Mail Adresse {email} wurde geändert. Wenn Sie Ihr Passwort nicht geändert haben, bitte ändern Sie Ihr Passwort indem Sie auf den nachfolgenden Link klicken.'
CHANGEPASSWORDTEXT1: 'Sie haben Ihr Passwort geändert für'
CHANGEPASSWORDTEXT3: 'Passwort ändern'
HELLO: Hallo
@ -15,11 +16,22 @@ de:
TEXT1: 'Hier ist Ihr'
TEXT2: 'Link zum Zurücksetzen des Passworts'
TEXT3: für
SilverStripe\Control\Middleware\ConfirmationMiddleware\GetParameter:
CONFIRMATION_NAME: '"{key}" GET-Parameter'
SilverStripe\Control\Middleware\ConfirmationMiddleware\Url:
CONFIRMATION_DESCRIPTION: 'Die URL ist: "{url}"'
CONFIRMATION_NAME: 'URL ist geschützt'
SilverStripe\Control\Middleware\ConfirmationMiddleware\UrlPathStartswith:
CONFIRMATION_DESCRIPTION: 'Die komplette URL ist: "{url}"'
CONFIRMATION_NAME: 'URL beginnt mit "{path}"'
SilverStripe\Control\RequestProcessor:
INVALID_REQUEST: 'Ungültige Anfrage'
REQUEST_ABORTED: 'Anfrage abgebrochen'
SilverStripe\Core\Manifest\VersionProvider:
VERSIONUNKNOWN: Unbekannt
SilverStripe\Dev\DevConfirmationController:
INFO_DESCRIPTION: 'Bestätige potenziell gefährliche Aktion'
INFO_TITLE: Sicherheitsbestätigung
SilverStripe\Forms\CheckboxField:
NOANSWER: Nein
YESANSWER: Ja
@ -34,6 +46,8 @@ de:
MAXIMUM: 'Passwörter dürfen maximal {max} Zeichen lang sein.'
SHOWONCLICKTITLE: 'Passwort ändern'
SilverStripe\Forms\DateField:
NOTSET: 'Nicht gesetzt'
TODAY: Heute
VALIDDATEFORMAT2: 'Bitte geben sie das Datum im korrekten Format ein ({format})'
VALIDDATEMAXDATE: 'Ihr Datum muss vor dem erlaubtem Datum ({date}) liegen oder gleich sein'
VALIDDATEMINDATE: 'Ihr Datum muss nach dem erlaubtem Datum ({date}) liegen oder gleich sein'
@ -43,12 +57,14 @@ de:
VALIDDATETIMEMINDATE: 'Ihr Datum muss nach dem erlaubtem Datum ({datetime}) liegen oder gleich sein'
SilverStripe\Forms\DropdownField:
CHOOSE: (Auswahl)
SEARCH_OR_CHOOSE_MODEL: '(Suchen oder {name} auswählen)'
SOURCE_VALIDATION: 'Bitte wählen Sie aus der Liste. {value} ist kein gültiger Wert'
SilverStripe\Forms\EmailField:
VALIDATION: 'Bitte geben Sie eine E-Mail-Adresse ein'
SilverStripe\Forms\FileUploadReceiver:
FIELDNOTSET: 'Dateiinformation nicht gefunden'
SilverStripe\Forms\Form:
BAD_METHOD: 'Dieses Formular erfordert eine {method} Anfrage'
CSRF_EXPIRED_MESSAGE: 'Ihre Sitzung ist abgelaufen. Bitte schicken Sie das Formular erneut ab.'
CSRF_FAILED_MESSAGE: 'Es gab ein technisches Problem. Bitte versuchen Sie es erneut, nachdem sie die vorherige Seite neu geladen haben.'
VALIDATIONPASSWORDSDONTMATCH: 'Die Passwörter stimmen nicht überein'
@ -71,6 +87,7 @@ de:
LinkExisting: 'Bestehenden Datensatz verknüpfen'
NewRecord: 'Neue(r) {type}'
NoItemsFound: 'Keine Elemente gefunden'
OpenFilter: 'Suche und Filter öffnen'
PRINTEDAT: 'Gedruckt am'
PRINTEDBY: 'Gedruckt von'
PlaceHolder: '{type} suchen'
@ -90,10 +107,23 @@ de:
DeletePermissionsFailure: 'Keine Berechtigungen zum löschen'
Deleted: 'Gelöscht {type} {name}'
Save: Speichern
SilverStripe\Forms\GridField\GridFieldDetailForm_ItemRequest:
NEW: 'Neuen Eintrag hinzufügen'
NEXT: 'Gehe zu nächstem Eintrag'
PREVIOUS: 'Gehe zu vorherigem Eintrag'
SilverStripe\Forms\GridField\GridFieldEditButton:
EDIT: Bearbeiten
SilverStripe\Forms\GridField\GridFieldFilterHeader:
Search: 'Suche "{name}"'
SearchFormFaliure: 'Das Suchformular konnte nicht erzeugt werden'
SilverStripe\Forms\GridField\GridFieldGroupDeleteAction:
UnlinkSelfFailure: 'Sie können sich nicht selber von dieser Gruppe entfernen, Sie würden Admin-Rechte verlieren.'
SilverStripe\Forms\GridField\GridFieldPaginator:
OF: von
Page: Seite
View: Anzeigen
SilverStripe\Forms\GridField\GridFieldViewButton:
VIEW: Anzeigen
SilverStripe\Forms\MoneyField:
FIELDLABELAMOUNT: Betrag
FIELDLABELCURRENCY: Währung
@ -140,6 +170,8 @@ de:
other: '{count} Jahre'
SilverStripe\ORM\FieldType\DBEnum:
ANY: alle
SilverStripe\ORM\FieldType\DBForeignKey:
DROPDOWN_THRESHOLD_FALLBACK_MESSAGE: 'Zu viele Objekte; Standardfeld verwendet'
SilverStripe\ORM\Hierarchy:
LIMITED_TITLE: 'Zu viele Kindelemente ({count})'
SilverStripe\ORM\Hierarchy\Hierarchy:
@ -156,9 +188,16 @@ de:
SilverStripe\Security\CMSSecurity:
INVALIDUSER: '<p>Ungültiger Benutzer. <a target="_top" href="{link}">Bitte melden Sie sich hier an</a> um fortzufahren.</p>'
LOGIN_MESSAGE: '<p>Ihre Sitzung ist wegen Inaktivität abgelaufen.</p>'
LOGIN_TITLE: 'Zurück wo Sie waren, bevor Sie sich abgemeldet haben'
SUCCESS: Erfolg
SUCCESSCONTENT: '<p>Login erfolgreich. Falls Sie nicht automatisch weitergeleitet werden, bitte <a target="_top" href="{link}">hier klicken</a></p>'
SUCCESS_TITLE: 'Login erfolgreich'
SilverStripe\Security\Confirmation\Form:
CONFIRM: 'Aktion ausführen'
EMPTY_TITLE: 'Nichts zu bestätigen'
REFUSE: Abbrechen
SilverStripe\Security\Confirmation\Handler:
FORM_TITLE: 'Bestätige potenziell gefährliche Aktion'
SilverStripe\Security\DefaultAdminService:
DefaultAdminFirstname: Standardadmin
SilverStripe\Security\Group:
@ -231,6 +270,7 @@ de:
SUBJECTPASSWORDCHANGED: 'Ihr Passwort wurde geändert'
SUBJECTPASSWORDRESET: 'Ihr Link zur Passwortrücksetzung'
SURNAME: Nachname
VALIDATIONADMINLOSTACCESS: 'Sie können nicht alle Admin Gruppen von Ihrem Profil entfernen'
ValidationIdentifierFailed: 'Das vorhandene Mitglied #{id} mit identischer Bezeichnung kann nicht überschrieben werden ({name} = {value}))'
WELCOMEBACK: 'Hallo {firstname}. Schön, dass du wieder da bist'
YOUROLDPASSWORD: 'Ihr altes Passwort'
@ -303,10 +343,14 @@ de:
BUTTONSEND: 'Senden Sie mir den Link zur Passwortrücksetzung'
CHANGEPASSWORDBELOW: 'Sie können Ihr Passwort unten ändern.'
CHANGEPASSWORDHEADER: 'Passwort ändern'
CONFIRMLOGOUT: 'Bitte klicken Sie den Button um zu bestätigen dass Sie sich abmelden wollen'
ENTERNEWPASSWORD: 'Bitte geben Sie ein neues Passwort ein'
ERRORPASSWORDPERMISSION: 'Sie müssen eingeloggt sein, um Ihr Passwort ändern zu können!'
LOGIN: Anmelden
LOGOUT: Abmelden
LOSTPASSWORDHEADER: 'Passwort vergessen'
NOTEPAGESECURED: 'Diese Seite ist geschützt. Bitte melden Sie sich an und Sie werden sofort weitergeleitet.'
NOTERESETLINKINVALID: '<p>Der Link zum Zurücksetzen des Passworts ist ungültig oder abgelaufen.</p><p>Sie können <a href="{link1}">hier</a> einen neuen anfordern, oder sich <a href="{link2}">einloggen</a> um Ihr Passwort zu ändern</p>'
NOTERESETPASSWORD: 'Geben Sie Ihre E-Mail-Adresse ein und wir werden Ihnen einen Link zuschicken, mit dem Sie Ihr Passwort zurücksetzen können.'
PASSWORDRESETSENTHEADER: 'Der Link zum Zurücksetzen des Passworts wurde gesendet'
PASSWORDRESETSENTTEXT: 'Vielen Dank! Wenn ein Account zu der E-Mail Adresse existiert, wurde eine E-Mail mit dem Link zum Zurücksetzen des Passworts verschickt.'

4
lang/en.yml
View File

@ -124,6 +124,10 @@ en:
View: View
SilverStripe\Forms\GridField\GridFieldViewButton:
VIEW: View
SilverStripe\Forms\HTMLEditor\TinyMCEConfig:
BEST_FIT: 'Best fit'
ORIGINAL: Original
PIXEL_WIDTH: '{width} pixels'
SilverStripe\Forms\MoneyField:
FIELDLABELAMOUNT: Amount
FIELDLABELCURRENCY: Currency

30
lang/nl.yml
View File

@ -16,11 +16,22 @@ nl:
TEXT1: 'Hier is uw'
TEXT2: 'link om uw wachtwoord opnieuw aan te maken'
TEXT3: voor
SilverStripe\Control\Middleware\ConfirmationMiddleware\GetParameter:
CONFIRMATION_NAME: '"{key}" GET parameter'
SilverStripe\Control\Middleware\ConfirmationMiddleware\Url:
CONFIRMATION_DESCRIPTION: 'De URL is: "{url}"'
CONFIRMATION_NAME: 'URL is afgeschermd'
SilverStripe\Control\Middleware\ConfirmationMiddleware\UrlPathStartswith:
CONFIRMATION_DESCRIPTION: 'De volledige URL is: "{url}"'
CONFIRMATION_NAME: 'De URL begint met "{path}"'
SilverStripe\Control\RequestProcessor:
INVALID_REQUEST: 'Fout bij verwerken'
REQUEST_ABORTED: 'Fout bij verwerken (geannuleerd)'
SilverStripe\Core\Manifest\VersionProvider:
VERSIONUNKNOWN: Onbekend
SilverStripe\Dev\DevConfirmationController:
INFO_DESCRIPTION: 'Bevestig het uitvoeren van mogelijk gevaarlijke taak'
INFO_TITLE: Beveiligingswaarschuwing
SilverStripe\Forms\CheckboxField:
NOANSWER: Nee
YESANSWER: Ja
@ -35,6 +46,8 @@ nl:
MAXIMUM: 'Een wachtwoord mag maximaal {max} karakters hebben.'
SHOWONCLICKTITLE: 'Verander wachtwoord'
SilverStripe\Forms\DateField:
NOTSET: 'niet ingesteld'
TODAY: vandaag
VALIDDATEFORMAT2: 'Vul een geldig datumformaat in ({format})'
VALIDDATEMAXDATE: 'De datum moet ouder of gelijk zijn aan de maximale datum ({date})'
VALIDDATEMINDATE: 'De datum moet nieuwer of gelijk zijn aan de minimale datum ({date})'
@ -44,6 +57,7 @@ nl:
VALIDDATETIMEMINDATE: 'De datum moet nieuwer of gelijk zijn aan de minimale datum ({datetime})'
SilverStripe\Forms\DropdownField:
CHOOSE: (Kies)
SEARCH_OR_CHOOSE_MODEL: '(Zoek of kies {name})'
SOURCE_VALIDATION: 'Selecteer een optie uit de lijst. {value} is geen geldige keuze.'
SilverStripe\Forms\EmailField:
VALIDATION: 'Gelieve een e-mailadres in te voeren.'
@ -73,6 +87,7 @@ nl:
LinkExisting: 'Koppel een bestaand item'
NewRecord: 'Nieuw {type}'
NoItemsFound: 'Geen items gevonden.'
OpenFilter: 'Zoeken en filteren openen'
PRINTEDAT: 'Geprint op'
PRINTEDBY: 'Geprint door'
PlaceHolder: 'Zoek {type}'
@ -92,14 +107,23 @@ nl:
DeletePermissionsFailure: 'Onvoldoende rechten om te verwijderen'
Deleted: '{type} {name} verwijderd'
Save: Opslaan
SilverStripe\Forms\GridField\GridFieldDetailForm_ItemRequest:
NEW: 'Nieuwe item toevoegen'
NEXT: 'Naar volgende item'
PREVIOUS: 'Naar vorige item'
SilverStripe\Forms\GridField\GridFieldEditButton:
EDIT: Bewerken
SilverStripe\Forms\GridField\GridFieldFilterHeader:
Search: 'Zoek naar "{name}"'
SearchFormFaliure: 'Er kon geen zoekformulier worden aangemaakt'
SilverStripe\Forms\GridField\GridFieldGroupDeleteAction:
UnlinkSelfFailure: 'U kunt uzelf niet verwijderen van deze groep, omdat u dan geen admin-rechten meer heeft.'
SilverStripe\Forms\GridField\GridFieldPaginator:
OF: van
Page: Pagina
View: Bekijk
SilverStripe\Forms\GridField\GridFieldViewButton:
VIEW: Bekijk
SilverStripe\Forms\MoneyField:
FIELDLABELAMOUNT: Aantal
FIELDLABELCURRENCY: Munteenheid
@ -168,6 +192,12 @@ nl:
SUCCESS: Succes
SUCCESSCONTENT: '<p>U bent ingelogd. <a target="_top" href="{link}">Klik hier</a> als u niet automatisch wordt doorgestuurd.</p>'
SUCCESS_TITLE: 'Inloggen is gelukt'
SilverStripe\Security\Confirmation\Form:
CONFIRM: Uitvoeren
EMPTY_TITLE: 'Niets te bevestigen'
REFUSE: Annuleren
SilverStripe\Security\Confirmation\Handler:
FORM_TITLE: 'Bevestig het uitvoeren van mogelijk gevaarlijke taak'
SilverStripe\Security\DefaultAdminService:
DefaultAdminFirstname: 'Standaard Beheerder'
SilverStripe\Security\Group:

28
lang/pl.yml
View File

@ -21,6 +21,9 @@ pl:
REQUEST_ABORTED: 'Żądanie zostało przerwane'
SilverStripe\Core\Manifest\VersionProvider:
VERSIONUNKNOWN: Nieznany
SilverStripe\Dev\DevConfirmationController:
INFO_DESCRIPTION: 'Potwierdź potencjalnie niebezpieczną operację'
INFO_TITLE: 'Potwierdzenie bezpieczeństwa'
SilverStripe\Forms\CheckboxField:
NOANSWER: Nie
YESANSWER: Tak
@ -35,6 +38,8 @@ pl:
MAXIMUM: 'Hasła mogą mieć co najwyżej {max} znaków.'
SHOWONCLICKTITLE: 'Zmiana Hasła'
SilverStripe\Forms\DateField:
NOTSET: 'nie ustawiony'
TODAY: dzisiaj
VALIDDATEFORMAT2: 'Proszę wprowadź prawidłowy format daty ({format})'
VALIDDATEMAXDATE: 'Twoja data musi być wcześniejsza lub taka sama, jak maksymalna dozwolona data ({date})'
VALIDDATEMINDATE: 'Twoja data musi być późniejsza lub taka sama, jak minimalna dozwolona data ({date})'
@ -44,6 +49,7 @@ pl:
VALIDDATETIMEMINDATE: 'Twoja data musi być późniejsza lub taka sama, jak minimalna dozwolona data ({date})'
SilverStripe\Forms\DropdownField:
CHOOSE: (wybierz)
SEARCH_OR_CHOOSE_MODEL: '(Wyszukaj lub wybierz {name})'
SOURCE_VALIDATION: 'Wybierz wartość z podanej listy. {value} nie jest poprawną opcją'
SilverStripe\Forms\EmailField:
VALIDATION: 'Proszę podaj adres e-mail'
@ -73,6 +79,7 @@ pl:
LinkExisting: 'Linkuj istniejący'
NewRecord: 'Nowy {type}'
NoItemsFound: 'Nie znaleziono elementów'
OpenFilter: 'Otwórz wyszukiwanie i filtruj'
PRINTEDAT: 'Wydrukowane na'
PRINTEDBY: 'Wydrukowane przez'
PlaceHolder: 'Znajdź {type}'
@ -92,12 +99,23 @@ pl:
DeletePermissionsFailure: 'Brak uprawnień do usuwania'
Deleted: 'Usunięto {type} {name}'
Save: Zapisz
SilverStripe\Forms\GridField\GridFieldDetailForm_ItemRequest:
NEW: Dodaj
NEXT: 'Przejdź do następnego rekordu'
PREVIOUS: 'Przejdź do poprzedniego rekordu'
SilverStripe\Forms\GridField\GridFieldEditButton:
EDIT: Zmień
SilverStripe\Forms\GridField\GridFieldFilterHeader:
Search: 'Wyszukaj "{name}"'
SearchFormFaliure: 'Nie można wygenerować formularza wyszukiwania'
SilverStripe\Forms\GridField\GridFieldGroupDeleteAction:
UnlinkSelfFailure: 'Nie możesz usunąć siebie z tej grupy, stracone zostałby prawa administratora'
SilverStripe\Forms\GridField\GridFieldPaginator:
OF: z
Page: Strona
View: Widok
SilverStripe\Forms\GridField\GridFieldViewButton:
VIEW: Widok
SilverStripe\Forms\MoneyField:
FIELDLABELAMOUNT: Ilość
FIELDLABELCURRENCY: waluta
@ -158,6 +176,8 @@ pl:
other: '{count} lat'
SilverStripe\ORM\FieldType\DBEnum:
ANY: Jakikolwiek
SilverStripe\ORM\FieldType\DBForeignKey:
DROPDOWN_THRESHOLD_FALLBACK_MESSAGE: 'Zbyt wiele powiązanych obiektów; pole rezerwowe w użyciu'
SilverStripe\ORM\Hierarchy:
LIMITED_TITLE: 'Zbyt wiele dzieci ({count})'
SilverStripe\ORM\Hierarchy\Hierarchy:
@ -178,6 +198,12 @@ pl:
SUCCESS: Sukces
SUCCESSCONTENT: '<p>Zalogowano poprawnie! Jeżeli nie zostaniesz automatycznie przekierowany <a target="_top" href="{link}">kliknij tutaj</a></p>'
SUCCESS_TITLE: 'Zalogowano poprawne'
SilverStripe\Security\Confirmation\Form:
CONFIRM: 'Uruchom akcję'
EMPTY_TITLE: 'Nic do potwierdzenia'
REFUSE: Anuluj
SilverStripe\Security\Confirmation\Handler:
FORM_TITLE: 'Potwierdź potencjalnie niebezpieczną operację'
SilverStripe\Security\DefaultAdminService:
DefaultAdminFirstname: 'Domyślny administrator'
SilverStripe\Security\Group:
@ -347,3 +373,5 @@ pl:
LOSTPASSWORDHEADER: 'Nie pamiętam hasła'
NOTEPAGESECURED: 'Ta strona jest zabezpieczona. Wpisz swoje dane a my wyślemy Ci potwierdzenie niebawem'
NOTERESETPASSWORD: 'Wpisz adres e-mail, na który mamy wysłać link gdzie możesz zresetować swoje hasło'
PASSWORDRESETSENTHEADER: 'Link resetowania hasła wysłany'
PASSWORDRESETSENTTEXT: 'Dziękujemy! Link resetujący hasło został wysłany do ''{email}'', o ile konto użytkownika dla takiego e-maila istnieje.'

17
src/Core/Convert.php
View File

@ -33,6 +33,8 @@ class Convert
/**
* Convert a value to be suitable for an XML attribute.
*
* Warning: Does not escape array keys
*
* @param array|string $val String to escape, or array of strings
* @return array|string
*/
@ -44,6 +46,8 @@ class Convert
/**
* Convert a value to be suitable for an HTML attribute.
*
* Warning: Does not escape array keys
*
* @param string|array $val String to escape, or array of strings
* @return array|string
*/
@ -56,6 +60,8 @@ class Convert
* Convert a value to be suitable for an HTML ID attribute. Replaces non
* supported characters with a space.
*
* Warning: Does not escape array keys
*
* @see http://www.w3.org/TR/REC-html40/types.html#type-cdata
*
* @param array|string $val String to escape, or array of strings
@ -79,6 +85,8 @@ class Convert
* Convert a value to be suitable for an HTML ID attribute. Replaces non
* supported characters with an underscore.
*
* Warning: Does not escape array keys
*
* @see http://www.w3.org/TR/REC-html40/types.html#type-cdata
*
* @param array|string $val String to escape, or array of strings
@ -108,6 +116,8 @@ class Convert
/**
* Ensure that text is properly escaped for XML.
*
* Warning: Does not escape array keys
*
* @see http://www.w3.org/TR/REC-xml/#dt-escape
* @param array|string $val String to escape, or array of strings
* @return array|string
@ -127,6 +137,8 @@ class Convert
/**
* Ensure that text is properly escaped for Javascript.
*
* Warning: Does not escape array keys
*
* @param array|string $val String to escape, or array of strings
* @return array|string
*/
@ -182,6 +194,8 @@ class Convert
* Safely encodes a value (or list of values) using the current database's
* safe string encoding method
*
* Warning: Does not encode array keys
*
* @param mixed|array $val Input value, or list of values as an array
* @param boolean $quoted Flag indicating whether the value should be safely
* quoted, instead of only being escaped. By default this function will
@ -221,6 +235,9 @@ class Convert
/**
* Convert XML to raw text.
*
* Warning: Does not decode array keys
*
* @uses html2raw()
* @todo Currently &#xxx; entries are stripped; they should be converted
* @param mixed $val

6
src/Forms/Form.php
View File

@ -897,7 +897,11 @@ class Form extends ViewableData implements HasRequestHandler
// Create markup
$parts = array();
foreach ($attrs as $name => $value) {
$parts[] = ($value === true) ? "{$name}=\"{$name}\"" : "{$name}=\"" . Convert::raw2att($value) . "\"";
if ($value === true) {
$value = $name;
}
$parts[] = sprintf('%s="%s"', Convert::raw2att($name), Convert::raw2att($value));
}
return implode(' ', $parts);

24
src/Forms/FormField.php
View File

@ -12,6 +12,7 @@ use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DataObjectInterface;
use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\ORM\FieldType\DBHTMLText;
use SilverStripe\ORM\ValidationResult;
use SilverStripe\View\SSViewer;
/**
@ -740,14 +741,16 @@ class FormField extends RequestHandler
foreach ($attributes as $name => $value) {
if ($value === true) {
$parts[] = sprintf('%s="%s"', $name, $name);
$value = $name;
} else {
$strValue = Convert::raw2att($value);
if (!is_string($strValue)) {
$strValue = json_encode($strValue);
if (is_scalar($value)) {
$value = (string) $value;
} else {
$value = json_encode($value);
}
$parts[] = sprintf('%s="%s"', $name, $strValue);
}
$parts[] = sprintf('%s="%s"', Convert::raw2att($name), Convert::raw2att($value));
}
return implode(' ', $parts);
@ -1345,13 +1348,14 @@ class FormField extends RequestHandler
public function debug()
{
$strValue = is_string($this->value) ? $this->value : print_r($this->value, true);
return sprintf(
'%s (%s: %s : <span style="color:red;">%s</span>) = %s',
static::class,
$this->name,
$this->title,
$this->message,
$strValue
Convert::raw2att(static::class),
Convert::raw2att($this->name),
Convert::raw2att($this->title),
$this->getMessageCast() == ValidationResult::CAST_HTML ? Convert::raw2xml($this->message) : $this->message,
Convert::raw2att($strValue)
);
}

49
tests/php/Forms/FormFieldTest.php
View File

@ -5,6 +5,7 @@ namespace SilverStripe\Forms\Tests;
use ReflectionClass;
use SilverStripe\Core\ClassInfo;
use SilverStripe\Core\Config\Config;
use SilverStripe\Core\Convert;
use SilverStripe\Dev\SapphireTest;
use SilverStripe\Forms\CompositeField;
use SilverStripe\Forms\FieldList;
@ -14,6 +15,7 @@ use SilverStripe\Forms\NullableField;
use SilverStripe\Forms\RequiredFields;
use SilverStripe\Forms\Tests\FormFieldTest\TestExtension;
use SilverStripe\Forms\TextField;
use SilverStripe\ORM\ValidationResult;
class FormFieldTest extends SapphireTest
{
@ -187,6 +189,53 @@ class FormFieldTest extends SapphireTest
$this->assertContains('three="3"', $field->getAttributesHTML('one', 'two'));
}
/**
* Covering all potential inputs for Convert::raw2xml
*/
public function escapeHtmlDataProvider()
{
return [
['<html>'],
[['<html>']],
[['<html>' => '<html>']]
];
}
/**
* @dataProvider escapeHtmlDataProvider
**/
public function testGetAttributesEscapeHtml($value)
{
$key = bin2hex(random_bytes(4));
if (is_scalar($value)) {
$field = new FormField('<html>', '<html>', '<html>');
$field->setAttribute($value, $key);
$html = $field->getAttributesHTML();
$this->assertFalse(strpos($html, '<html>'));
}
$field = new FormField('<html>', '<html>', '<html>');
$field->setAttribute($key, $value);
$html = $field->getAttributesHTML();
$this->assertFalse(strpos($html, '<html>'));
}
/**
* @dataProvider escapeHtmlDataProvider
*/
public function testDebugEscapeHtml($value)
{
$field = new FormField('<html>', '<html>', '<html>');
$field->setAttribute('<html>', $value);
$field->setMessage('<html>', null, ValidationResult::CAST_HTML);
$html = $field->debug();
$this->assertFalse(strpos($html, '<html>'));
}
public function testReadonly()
{
$field = new FormField('MyField');

2
tests/php/Forms/FormTest.php
View File

@ -904,9 +904,11 @@ class FormTest extends FunctionalTest
$form->setAttribute('one', 1);
$form->setAttribute('two', 2);
$form->setAttribute('three', 3);
$form->setAttribute('<html>', '<html>');
$this->assertNotContains('one="1"', $form->getAttributesHTML('one', 'two'));
$this->assertNotContains('two="2"', $form->getAttributesHTML('one', 'two'));
$this->assertContains('three="3"', $form->getAttributesHTML('one', 'two'));
$this->assertNotContains('<html>', $form->getAttributesHTML());
}
function testMessageEscapeHtml()