Merge remote-tracking branch 'origin/3.1'

Conflicts: forms/HtmlEditorField.php
2014-06-15 22:50:20 +12:00 · 2014-06-15 22:50:20 +12:00 · bb03f6ba2f
parent 1cd27ed972 34304cf6e4
commit bb03f6ba2f
71 changed files with 616 additions and 157 deletions
--- a/control/Director.php
+++ b/control/Director.php
@ -482,29 +482,37 @@ class Director implements TemplateGlobalProvider {
 	 * @return boolean
 	 */
 	public static function is_https() {
+		$return = false;
 		if ($protocol = Config::inst()->get('Director', 'alternate_protocol')) {
-			return $protocol == 'https';
-		}
-
-		if(isset($_SERVER['HTTP_X_FORWARDED_PROTOCOL'])) { 
-			if(strtolower($_SERVER['HTTP_X_FORWARDED_PROTOCOL']) == 'https') {
-				return true;
-			}
-		}
-
-		if(isset($_SERVER['X-Forwarded-Proto'])) {
-			if(strtolower($_SERVER['X-Forwarded-Proto']) == "https") {
-				return true;
-			}
-		}
-	
-		if((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')) {
-			return true;
+			$return = ($protocol == 'https');
+		} else if(
+			isset($_SERVER['HTTP_X_FORWARDED_PROTO'])
+			&& strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https'
+		) { 
+			// Convention for (non-standard) proxy signaling a HTTPS forward,
+			// see https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
+			$return = true;
+		} else if(
+			isset($_SERVER['HTTP_X_FORWARDED_PROTOCOL'])
+			&& strtolower($_SERVER['HTTP_X_FORWARDED_PROTOCOL']) == 'https'
+		) { 
+			// Less conventional proxy header
+			$return = true;
+		} else if(
+			isset($_SERVER['HTTP_FRONT_END_HTTPS'])
+			&& strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) == 'on'
+		) { 
+			// Microsoft proxy convention: https://support.microsoft.com/?kbID=307347
+			$return = true;
+		} else if((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')) {
+			$return = true;
 		} else if(isset($_SERVER['SSL'])) {
-			return true;
+			$return = true;
+		} else {
+			$return = false;
 		}

-		return false;
+		return $return;
 	}

 	/**
--- a/control/HTTP.php
+++ b/control/HTTP.php
@ -377,7 +377,7 @@ class HTTP {
 			// By also using and etag that includes both the modification date and all the varies 
 			// values which we also check against we can catch this and not return a 304
 			$etagParts = array(self::$modification_date, serialize($_COOKIE));
-			if (isset($_SERVER['HTTP_X_FORWARDED_PROTOCOL'])) $etagParts[] = $_SERVER['HTTP_X_FORWARDED_PROTOCOL'];
+			$etagParts[] = Director::is_https() ? 'https' : 'http';
 			if (isset($_SERVER['HTTP_USER_AGENT'])) $etagParts[] = $_SERVER['HTTP_USER_AGENT'];
 			if (isset($_SERVER['HTTP_ACCEPT'])) $etagParts[] = $_SERVER['HTTP_ACCEPT'];

--- a/control/injector/Injector.php
+++ b/control/injector/Injector.php
@ -654,10 +654,10 @@ class Injector {
 		// If the type defines some injections, set them here
 		if ($injections && count($injections)) {
 			foreach ($injections as $property => $value) {
-				// we're checking isset in case it already has a property at this name
+				// we're checking empty in case it already has a property at this name
 				// this doesn't catch privately set things, but they will only be set by a setter method, 
 				// which should be responsible for preventing further setting if it doesn't want it. 
-				if (!isset($object->$property)) {
+				if (empty($object->$property)) {
 					$value = $this->convertServiceProperty($value);
 					$this->setObjectProperty($object, $property, $value);
 				}
--- a/core/startup/ParameterConfirmationToken.php
+++ b/core/startup/ParameterConfirmationToken.php
@ -76,11 +76,31 @@ class ParameterConfirmationToken {
 	protected function currentAbsoluteURL() {
 		global $url;

-		// Are we http or https?
+		// Are we http or https? Replicates Director::is_https() without its dependencies/
 		$proto = 'http';
-
-		if(isset($_SERVER['HTTP_X_FORWARDED_PROTOCOL'])) {
-			if(strtolower($_SERVER['HTTP_X_FORWARDED_PROTOCOL']) == 'https') $proto = 'https';
+		if(
+			isset($_SERVER['HTTP_X_FORWARDED_PROTO'])
+			&& strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https'
+		) { 
+			// Convention for (non-standard) proxy signaling a HTTPS forward,
+			// see https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
+			$proto = 'https';
+		} else if(
+			isset($_SERVER['HTTP_X_FORWARDED_PROTOCOL'])
+			&& strtolower($_SERVER['HTTP_X_FORWARDED_PROTOCOL']) == 'https'
+		) { 
+			// Less conventional proxy header
+			$proto = 'https';
+		} else if(
+			isset($_SERVER['HTTP_FRONT_END_HTTPS'])
+			&& strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) == 'on'
+		) { 
+			// Microsoft proxy convention: https://support.microsoft.com/?kbID=307347
+			$proto = 'https';
+		} else if((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')) {
+			$proto = 'https';
+		} else if(isset($_SERVER['SSL'])) {
+			$proto = 'https';
 		}

 		if((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')) $proto = 'https';
--- a/docs/en/changelogs/3.0.11.md
+++ b/docs/en/changelogs/3.0.11.md
@ -0,0 +1,19 @@
+# 3.0.11
+
+Minor security release
+
+## Security
+
+ * 2014-04-16 [9d74bc4](https://github.com/silverstripe/sapphire/commit/9d74bc4) Potential DoS exploit in TinyMCE - See [announcement SS-2014-009](http://www.silverstripe.org/ss-2014-009-potential-dos-exploit-in-tinymce/)
+ * 2014-05-05 [9bfeffd](https://github.com/silverstripe/silverstripe-framework/commit/9bfeffd) Injection / Filesystem vulnerability in generatesecuretoken - See [announcement SS-2014-010](http://www.silverstripe.org/ss-2014-010-injection-filesystem-vulnerability-in-generatesecuretoken/)
+ * 2014-05-07 [0099a18](https://github.com/silverstripe/silverstripe-framework/commit/0099a18) Folder filename injection - See [announcement SS-2014-011](http://www.silverstripe.org/ss-2014-011-folder-filename-injection/)
+
+### Bugfixes
+
+ * 2013-06-20 [f2c4a62](https://github.com/silverstripe/sapphire/commit/f2c4a62) ConfirmedPasswordField used to expose existing hash (Hamish Friedlander)
+
+## Changelog
+
+ * [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.11)
+ * [cms](https://github.com/silverstripe/silverstripe-cms/releases/tag/3.0.11)
+ * [installer](https://github.com/silverstripe/silverstripe-installer/releases/tag/3.0.11)
--- a/docs/en/changelogs/3.1.5.md
+++ b/docs/en/changelogs/3.1.5.md
@ -59,3 +59,9 @@
 * 2014-03-12 [b4a1aa4](https://github.com/silverstripe/silverstripe-cms/commit/b4a1aa4) Fixes #965. Allow user date-settings to show on GridField Page admin (Russell Michell)
 * 2014-03-04 [ae573f8](https://github.com/silverstripe/sapphire/commit/ae573f8) Fix Versioned stage not persisting in Session. Fixes #962 BUG Disabled disruptive test case in DirectorTest API RequestProcessor and VersionedRequestFilter now both correctly implement RequestFilter Better PHPDoc on RequestFilter and implementations (Damian Mooyman)
 * 2013-06-20 [f2c4a62](https://github.com/silverstripe/sapphire/commit/f2c4a62) ConfirmedPasswordField used to expose existing hash (Hamish Friedlander)
+
+## Changelog
+
+ * [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.1.5)
+ * [cms](https://github.com/silverstripe/silverstripe-cms/releases/tag/3.1.5)
+ * [installer](https://github.com/silverstripe/silverstripe-installer/releases/tag/3.1.5)
--- a/docs/en/changelogs/index.md
+++ b/docs/en/changelogs/index.md
@ -9,9 +9,11 @@ For information on how to upgrade to newer versions consult the [upgrading](/ins

 ## Stable Releases

+ * [3.1.5](3.1.5) - 13 May 2014
 * [3.1.4](3.1.4) - 8 April 2014
 * [3.1.0](3.1.0) - 1 October 2013

+ * [3.0.11](3.0.11) - 13 May 2014
 * [3.0.10](3.0.10) - 8 April 2014
 * [3.0.5](3.0.5) - 20 February 2013
 * [3.0.4](3.0.4) - 19 February 2013
@ -79,6 +81,8 @@ For information on how to upgrade to newer versions consult the [upgrading](/ins

 * [3.1.5-rc1](rc/3.1.5-rc1) - 7 May 2014
 * [3.1.4-rc1](rc/3.1.4-rc1) - 1 April 2014
+
+ * [3.0.11-rc1](rc/3.0.11-rc1) - 7 May 2014
 * [3.0.10-rc1](rc/3.0.10-rc1) - 1 April 2014
 * [3.0.6-rc1](rc/3.0.6-rc1) - 2013-08-08
 * [3.0.3-rc1](rc/3.0.3-rc1) - 6 November 2012
--- a/docs/en/changelogs/rc/3.0.11-rc1.md
+++ b/docs/en/changelogs/rc/3.0.11-rc1.md
@ -0,0 +1,19 @@
+# 3.0.11-rc1
+
+Minor security release
+
+## Security
+
+ * 2014-04-16 [9d74bc4](https://github.com/silverstripe/sapphire/commit/9d74bc4) Potential DoS exploit in TinyMCE - See [announcement SS-2014-009](http://www.silverstripe.org/ss-2014-009-potential-dos-exploit-in-tinymce/)
+ * 2014-05-05 [9bfeffd](https://github.com/silverstripe/silverstripe-framework/commit/9bfeffd) Injection / Filesystem vulnerability in generatesecuretoken - See [announcement SS-2014-010](http://www.silverstripe.org/ss-2014-010-injection-filesystem-vulnerability-in-generatesecuretoken/)
+ * 2014-05-07 [0099a18](https://github.com/silverstripe/silverstripe-framework/commit/0099a18) Folder filename injection - See [announcement SS-2014-011](http://www.silverstripe.org/ss-2014-011-folder-filename-injection/)
+
+### Bugfixes
+
+ * 2013-06-20 [f2c4a62](https://github.com/silverstripe/sapphire/commit/f2c4a62) ConfirmedPasswordField used to expose existing hash (Hamish Friedlander)
+
+## Changelog
+
+ * [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.11-rc1)
+ * [cms](https://github.com/silverstripe/silverstripe-cms/releases/tag/3.0.11-rc1)
+ * [installer](https://github.com/silverstripe/silverstripe-installer/releases/tag/3.0.11-rc1)
--- a/docs/en/changelogs/rc/3.1.5-rc1.md
+++ b/docs/en/changelogs/rc/3.1.5-rc1.md
@ -59,3 +59,9 @@
 * 2014-03-12 [b4a1aa4](https://github.com/silverstripe/silverstripe-cms/commit/b4a1aa4) Fixes #965. Allow user date-settings to show on GridField Page admin (Russell Michell)
 * 2014-03-04 [ae573f8](https://github.com/silverstripe/sapphire/commit/ae573f8) Fix Versioned stage not persisting in Session. Fixes #962 BUG Disabled disruptive test case in DirectorTest API RequestProcessor and VersionedRequestFilter now both correctly implement RequestFilter Better PHPDoc on RequestFilter and implementations (Damian Mooyman)
 * 2013-06-20 [f2c4a62](https://github.com/silverstripe/sapphire/commit/f2c4a62) ConfirmedPasswordField used to expose existing hash (Hamish Friedlander)
+
+## Changelog
+
+ * [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.1.5-rc1)
+ * [cms](https://github.com/silverstripe/silverstripe-cms/releases/tag/3.1.5-rc1)
+ * [installer](https://github.com/silverstripe/silverstripe-installer/releases/tag/3.1.5-rc1)
--- a/docs/en/howto/simple-contact-form.md
+++ b/docs/en/howto/simple-contact-form.md
@ -46,7 +46,8 @@ We then create a `[api:FieldList]` of the form actions, or the buttons that subm
 	:::php
 	return new Form($this, 'Form', $fields, $actions);

-Finally we create the `Form` object and return it. The first argument is the name of the form – this has to be the same as the name of the function that creates the form, so we've used 'Form'. The second argument is the controller that the form is on – this is almost always $this. The third and fourth arguments are the fields and actions we created earlier.
+Finally we create the `Form` object and return it. The first argument is the controller that the form is on – this is almost always $this. The second argument is the name of the form – this has to be the same as the name of the function that creates the form, so we've used 'Form'. The third and fourth arguments are the fields and actions we created earlier.
+

 To show the form on the page, we need to render it in our template. We do this by appending $ to the name of the form – so for the form we just created we need to add $Form. Add $Form to the themes/currenttheme/Layout/Page.ss template, below $Content.

--- a/docs/en/installation/composer.md
+++ b/docs/en/installation/composer.md
@ -107,7 +107,7 @@ So, your deployment process, as it relates to Composer, should be as follows:
 * Run `composer update` on your development version before you start whatever testing you have planned.  Perform all the necessary testing.
 * Check `composer.lock` into your repository.
 * Deploy your project code base, using the deployment tool of your choice.
- * Run `composer install` on your production version.
+ * Run `composer install --no-dev -o` on your production version.

 # Dev Environments for Contributing Code {#contributing}

--- a/docs/en/reference/dataextension.md
+++ b/docs/en/reference/dataextension.md
@ -73,7 +73,7 @@ property on the class.
 	:::php
 	<?php

-	class CustomMember extends Member {
+	class MyMemberExtension extends DataExtension {

 		public function alterFoo($foo) {
 			// outputs the original class
@ -101,7 +101,7 @@ variables to update:
 	:::php
 	<?php

-	class CustomMember extends DataExtension {
+	class MyMemberExtension extends DataExtension {

 		private static $db = array(
 			'Position' => 'Varchar',
@ -121,7 +121,7 @@ CMS fields for an object in an extension:
 	:::php
 	<?php

-	class CustomMember extends DataExtension {
+	class MyMemberExtension extends DataExtension {

 		private static $db = array(
 			'Position' => 'Varchar',
@ -277,7 +277,7 @@ each class that it is extended by.
 	class CustomerWorkflow extends DataExtension {
 	
 		public function IsMarkedForDeletion() {
-			return ($this->owner->Account()->IsMarkedForDeletion == 1) ? true : false;
+			return (bool) $this->owner->Account()->IsMarkedForDeletion;
 		}
 	}

--- a/docs/en/reference/modeladmin.md
+++ b/docs/en/reference/modeladmin.md
@ -132,7 +132,7 @@ For example, we might want to exclude all products without prices in our sample
 			$list = parent::getList();
 			// Always limit by model class, in case you're managing multiple
 			if($this->modelClass == 'Product') {
-				$list->exclude('Price', '0');
+				$list = $list->exclude('Price', '0');
 			}
 			return $list;
 		}
@ -155,7 +155,7 @@ For example, we might want to have a checkbox which limits search results to exp
 			$list = parent::getList();
 			$params = $this->request->requestVar('q'); // use this to access search parameters
 			if($this->modelClass == 'Product' && isset($params['ExpensiveOnly']) && $params['ExpensiveOnly']) {
-				$list->exclude('Price:LessThan', '100');
+				$list = $list->exclude('Price:LessThan', '100');
 			}
 			return $list;
 		}
--- a/docs/en/reference/sqlquery.md
+++ b/docs/en/reference/sqlquery.md
@ -126,7 +126,7 @@ An alternative approach would be a custom getter in the object definition.
 	:::php
 	class Player extends DataObject {
 		private static $db = array(
-			'Name' => 
+			'Name' =>  'Varchar',
 			'Birthdate' => 'Date'
 		);
 		function getNameWithBirthyear() {
--- a/docs/en/reference/uploadfield.md
+++ b/docs/en/reference/uploadfield.md
@ -368,6 +368,7 @@ gallery the below code could be used:
 	// In GalleryPage.php
 	class GalleryPage extends Page {}
 	class GalleryPage_Controller extends Page_Controller {
+		private static $allowed_actions = array('Form');
 		public function Form() {
 			$fields = new FieldList(
 				new TextField('Title', 'Title', null, 255),
--- a/docs/en/topics/i18n.md
+++ b/docs/en/topics/i18n.md
@ -91,15 +91,16 @@ In order to add a value, add the following to your `config.yml`:

 	:::yml
 	i18n:
-	  common_languages:
+	  common_locales:
 	    de_CGN:
 	      name: German (Cologne)
 	      native: Kölsch

-Similarly, to change an existing existing language label, you can overwrite one of these keys:
+Similarly, to change an existing language label, you can overwrite one of these keys:
 	
+	:::yml
 	i18n:
-	  common_languages:
+	  common_locales:
 	    en_NZ:
 	      native: Niu Zillund

--- a/forms/DropdownField.php
+++ b/forms/DropdownField.php
@ -38,7 +38,7 @@
 *   'Country',
 *   array(
 *     'NZ' => 'New Zealand',
- *     'US' => 'United States'
+ *     'US' => 'United States',
 *     'GEM'=> 'Germany'
 *   )
 * );
--- a/forms/Form.php
+++ b/forms/Form.php
@ -1338,7 +1338,7 @@ class Form extends RequestHandler {
 		$dataFields = $this->fields->saveableFields();
 		$lastField = null;
 		if($dataFields) foreach($dataFields as $field) {
-			// Skip fields that have been exlcuded
+			// Skip fields that have been excluded
 			if($fieldList && is_array($fieldList) && !in_array($field->getName(), $fieldList)) continue;


--- a/forms/FormField.php
+++ b/forms/FormField.php
@ -957,6 +957,15 @@ class FormField extends RequestHandler {
 		return $this;
 	}

+	/**
+	 * Get the FieldList that contains this field.
+	 *
+	 * @return FieldList
+	 */
+	public function getContainerFieldList() {
+		return $this->containerFieldList;
+	}
+
 	public function rootFieldList() {
 		if(is_object($this->containerFieldList)) return $this->containerFieldList->rootFieldList();
 		else user_error("rootFieldList() called on $this->class object without a containerFieldList", E_USER_ERROR);
--- a/forms/HtmlEditorField.php
+++ b/forms/HtmlEditorField.php
@ -528,7 +528,7 @@ class HtmlEditorField_Toolbar extends RequestHandler {
 		}

 		$this->extend('updateFieldsForFile', $fields, $url, $file);
-		
+
 		return $fields;
 	}

@ -537,27 +537,35 @@ class HtmlEditorField_Toolbar extends RequestHandler {
 	 */
 	protected function getFieldsForOembed($url, $file) {
 		if(isset($file->Oembed->thumbnail_url)) {
-			$thumbnailURL = $file->Oembed->thumbnail_url;	
+			$thumbnailURL = Convert::raw2att($file->Oembed->thumbnail_url);
 		} elseif($file->Type == 'photo') {
-			$thumbnailURL = $file->Oembed->url;
+			$thumbnailURL = Convert::raw2att($file->Oembed->url);
 		} else {
 			$thumbnailURL = FRAMEWORK_DIR . '/images/default_media.png';
 		}
-		
+
+		$fileName = Convert::raw2att($file->Name);
+
 		$fields = new FieldList(
 			$filePreview = CompositeField::create(
 				CompositeField::create(
 					new LiteralField(
 						"ImageFull",
 						"<img id='thumbnailImage' class='thumbnail-preview' "
-							. "src='{$thumbnailURL}?r=" . rand(1,100000) . "' alt='{$file->Name}' />\n"
+							. "src='{$thumbnailURL}?r=" . rand(1,100000) . "' alt='$fileName' />\n"
 					)
 				)->setName("FilePreviewImage")->addExtraClass('cms-file-info-preview'),
 				CompositeField::create(
 					CompositeField::create(
 						new ReadonlyField("FileType", _t('AssetTableField.TYPE','File type') . ':', $file->Type),
-						$urlField = ReadonlyField::create('ClickableURL', _t('AssetTableField.URL','URL'),
-							sprintf('<a href="%s" target="_blank" class="file">%s</a>', $url, $url)
+						$urlField = ReadonlyField::create(
+							'ClickableURL',
+							_t('AssetTableField.URL','URL'),
+							sprintf(
+								'<a href="%s" target="_blank" class="file">%s</a>',
+								Convert::raw2att($url),
+								Convert::raw2att($url)
+							)
 						)->addExtraClass('text-wrap')
 					)
 				)->setName("FilePreviewData")->addExtraClass('cms-file-info-data')
@ -574,18 +582,19 @@ class HtmlEditorField_Toolbar extends RequestHandler {
 				)
 			)->addExtraClass('last')
 		);
+
 		if($file->Width != null){
 			$fields->push(
 				FieldGroup::create(
 					_t('HtmlEditorField.IMAGEDIMENSIONS', 'Dimensions'),
 					TextField::create(
-						'Width', 
-						_t('HtmlEditorField.IMAGEWIDTHPX', 'Width'), 
+						'Width',
+						_t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
 						$file->InsertWidth
 					)->setMaxLength(5),
 					TextField::create(
-						'Height', 
-						_t('HtmlEditorField.IMAGEHEIGHTPX', 'Height'), 
+						'Height',
+						_t('HtmlEditorField.IMAGEHEIGHTPX', 'Height'),
 						$file->InsertHeight
 					)->setMaxLength(5)
 				)->addExtraClass('dimensions last')
@ -595,13 +604,13 @@ class HtmlEditorField_Toolbar extends RequestHandler {

 		if($file->Type == 'photo') {
 			$fields->insertBefore('CaptionText', new TextField(
-				'AltText', 
+				'AltText',
 				_t('HtmlEditorField.IMAGEALTTEXT', 'Alternative text (alt) - shown if image can\'t be displayed'), 
-				$file->Title, 
+				$file->Title,
 				80
 			));
 			$fields->insertBefore('CaptionText', new TextField(
-				'Title', 
+				'Title',
 				_t('HtmlEditorField.IMAGETITLE', 'Title text (tooltip) - for additional information about the image')
 			));
 		}
@ -619,12 +628,12 @@ class HtmlEditorField_Toolbar extends RequestHandler {
 			FieldGroup::create(
 				_t('HtmlEditorField.IMAGEDIMENSIONS', 'Dimensions'),
 				TextField::create(
-					'Width', 
-					_t('HtmlEditorField.IMAGEWIDTHPX', 'Width'), 
+					'Width',
+					_t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
 					$file->Width
 				)->setMaxLength(5),
 				TextField::create(
-					'Height', 
+					'Height',
 					" x " . _t('HtmlEditorField.IMAGEHEIGHTPX', 'Height'),
 					$file->Height
 				)->setMaxLength(5)
@ -643,27 +652,35 @@ class HtmlEditorField_Toolbar extends RequestHandler {
 		if($file->File instanceof Image) {
 			$formattedImage = $file->File->generateFormattedImage('SetWidth',
 				Config::inst()->get('Image', 'asset_preview_width'));
-			$thumbnailURL = $formattedImage ? $formattedImage->URL : $url;	
+			$thumbnailURL = Convert::raw2att($formattedImage ? $formattedImage->URL : $url);
 		} else {
-			$thumbnailURL = $url;
+			$thumbnailURL = Convert::raw2att($url);
 		}
-		
+
+		$fileName = Convert::raw2att($file->Name);
+
 		$fields = new FieldList(
 			CompositeField::create(
 				CompositeField::create(
 					LiteralField::create(
 						"ImageFull",
-						"<img id='thumbnailImage' class='thumbnail-preview' " 
-							. "src='{$thumbnailURL}?r=" . rand(1,100000) . "' alt='{$file->Name}' />\n"
+						"<img id='thumbnailImage' class='thumbnail-preview' "
+							. "src='{$thumbnailURL}?r=" . rand(1,100000) . "' alt='$fileName' />\n"
 					)
 				)->setName("FilePreviewImage")->addExtraClass('cms-file-info-preview'),
 				CompositeField::create(
 					CompositeField::create(
 						new ReadonlyField("FileType", _t('AssetTableField.TYPE','File type'), $file->FileType),
 						new ReadonlyField("Size", _t('AssetTableField.SIZE','File size'), $file->getSize()),
-						$urlField = new ReadonlyField('ClickableURL', _t('AssetTableField.URL','URL'), 
-							sprintf('<a href="%s" title="%s" target="_blank" class="file-url">%s</a>',
-								$file->Link(), $file->Link(), $file->RelativeLink())
+						$urlField = new ReadonlyField(
+							'ClickableURL',
+							_t('AssetTableField.URL','URL'),
+							sprintf(
+								'<a href="%s" title="%s" target="_blank" class="file-url">%s</a>',
+								Convert::raw2att($file->Link()),
+								Convert::raw2att($file->Link()),
+								Convert::raw2att($file->RelativeLink())
+							)
 						),
 						new DateField_Disabled("Created", _t('AssetTableField.CREATED','First uploaded'),
 							$file->Created),
@ -671,18 +688,18 @@ class HtmlEditorField_Toolbar extends RequestHandler {
 							$file->LastEdited)
 					)
 				)->setName("FilePreviewData")->addExtraClass('cms-file-info-data')
-			)->setName("FilePreview")->addExtraClass('cms-file-info'),			
+			)->setName("FilePreview")->addExtraClass('cms-file-info'),

 			TextField::create(
-				'AltText', 
-				_t('HtmlEditorField.IMAGEALT', 'Alternative text (alt)'),  
-				$file->Title, 
+				'AltText',
+				_t('HtmlEditorField.IMAGEALT', 'Alternative text (alt)'),
+				$file->Title,
 				80
 			)->setDescription(
 				_t('HtmlEditorField.IMAGEALTTEXTDESC', 'Shown to screen readers or if image can\'t be displayed')),

 			TextField::create(
-				'Title', 
+				'Title',
 				_t('HtmlEditorField.IMAGETITLETEXT', 'Title text (tooltip)')
 			)->setDescription(
 				_t('HtmlEditorField.IMAGETITLETEXTDESC', 'For additional information about the image')),
@ -699,16 +716,17 @@ class HtmlEditorField_Toolbar extends RequestHandler {
 				)
 			)->addExtraClass('last')
 		);
+
 		if($file->Width != null){
 			$fields->push(
 				FieldGroup::create(_t('HtmlEditorField.IMAGEDIMENSIONS', 'Dimensions'),
 					TextField::create(
-						'Width', 
-						_t('HtmlEditorField.IMAGEWIDTHPX', 'Width'), 
+						'Width',
+						_t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
 						$file->InsertWidth
 					)->setMaxLength(5),
 					TextField::create(
-						'Height', 
+						'Height',
 						" x " . _t('HtmlEditorField.IMAGEHEIGHTPX', 'Height'),
 						$file->InsertHeight
 					)->setMaxLength(5)
@ -764,6 +782,11 @@ class HtmlEditorField_Toolbar extends RequestHandler {
 */
 class HtmlEditorField_File extends ViewableData {

+	private static $casting = array(
+		'URL' => 'Varchar',
+		'Name' => 'Varchar'
+	);
+
 	/** @var String */
 	protected $url;

@ -823,7 +846,7 @@ class HtmlEditorField_File extends ViewableData {
 		} else {
 			// Hack to use the framework's built-in thumbnail support without creating a local file representation
 			$tmpFile = new File(array('Name' => $this->Name, 'Filename' => $this->Name));
-			return $tmpFile->appCategory();			
+			return $tmpFile->appCategory();
 		}
 	}

@ -837,6 +860,12 @@ class HtmlEditorField_File extends ViewableData {
 * @subpackage fields-formattedinput
 */
 class HtmlEditorField_Embed extends HtmlEditorField_File {
+
+	private static $casting = array(
+		'Type' => 'Varchar',
+		'Info' => 'Varchar'
+	);
+
 	protected $oembed;

 	public function __construct($url, $file = null) {
@ -867,7 +896,7 @@ class HtmlEditorField_Embed extends HtmlEditorField_File {

 	/**
 	 * Provide an initial width for inserted media, restricted based on $embed_width
-	 * 
+	 *
 	 * @return int
 	 */
 	public function getInsertWidth() {
@ -878,7 +907,7 @@ class HtmlEditorField_Embed extends HtmlEditorField_File {

 	/**
 	 * Provide an initial height for inserted media, scaled proportionally to the initial width
-	 * 
+	 *
 	 * @return int
 	 */
 	public function getInsertHeight() {
@ -890,7 +919,7 @@ class HtmlEditorField_Embed extends HtmlEditorField_File {

 	public function getPreview() {
 		if(isset($this->oembed->thumbnail_url)) {
-			return sprintf('<img src="%s" />', $this->oembed->thumbnail_url);
+			return sprintf('<img src="%s" />', Convert::raw2att($this->oembed->thumbnail_url));
 		}
 	}

@ -974,7 +1003,7 @@ class HtmlEditorField_Image extends HtmlEditorField_File {
 	}

 	public function getPreview() {
-		return ($this->file) ? $this->file->CMSThumbnail() : sprintf('<img src="%s" />', $this->url);
+		return ($this->file) ? $this->file->CMSThumbnail() : sprintf('<img src="%s" />', Convert::raw2att($this->url));
 	}

 }
--- a/forms/gridfield/GridFieldDetailForm.php
+++ b/forms/gridfield/GridFieldDetailForm.php
@ -77,7 +77,10 @@ class GridFieldDetailForm implements GridField_URLHandler {
 	 * @return GridFieldDetailForm_ItemRequest 
 	 */
 	public function handleItem($gridField, $request) {
-		$controller = $gridField->getForm()->Controller();
+		// Our getController could either give us a true Controller, if this is the top-level GridField.
+		// It could also give us a RequestHandler in the form of GridFieldDetailForm_ItemRequest if this is a
+		// nested GridField.
+		$requestHandler = $gridField->getForm()->getController();

 		if(is_numeric($request->param('ID'))) {
 			$record = $gridField->getList()->byId($request->param("ID"));
@ -87,7 +90,7 @@ class GridFieldDetailForm implements GridField_URLHandler {

 		$class = $this->getItemRequestClass();

-		$handler = Object::create($class, $gridField, $this, $record, $controller, $this->name);
+		$handler = Object::create($class, $gridField, $this, $record, $requestHandler, $this->name);
 		$handler->setTemplate($this->template);

 		// if no validator has been set on the GridField and the record has a
@ -227,8 +230,10 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler {
 	protected $record;

 	/**
+	 * This represents the current parent RequestHandler (which does not necessarily need to be a Controller).
+	 * It allows us to traverse the RequestHandler chain upwards to reach the Controller stack.
 	 *
-	 * @var Controller
+	 * @var RequestHandler
 	 */
 	protected $popupController;
 	
@ -247,20 +252,20 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler {
 		'$Action!' => '$Action',
 		'' => 'edit',
 	);
-	
+
 	/**
 	 *
 	 * @param GridFIeld $gridField
 	 * @param GridField_URLHandler $component
 	 * @param DataObject $record
-	 * @param Controller $popupController
-	 * @param string $popupFormName 
+	 * @param RequestHandler $requestHandler
+	 * @param string $popupFormName
 	 */
-	public function __construct($gridField, $component, $record, $popupController, $popupFormName) {
+	public function __construct($gridField, $component, $record, $requestHandler, $popupFormName) {
 		$this->gridField = $gridField;
 		$this->component = $component;
 		$this->record = $record;
-		$this->popupController = $popupController;
+		$this->popupController = $requestHandler;
 		$this->popupFormName = $popupFormName;
 		parent::__construct();
 	}
@ -327,7 +332,7 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler {
 		$list = $this->gridField->getList();

 		if (empty($this->record)) {
-			$controller = Controller::curr();
+			$controller = $this->getToplevelController();
 			$noActionURL = $controller->removeAction($_REQUEST['url']);
 			$controller->getResponse()->removeHeader('Location');   //clear the existing redirect
 			return $controller->redirect($noActionURL, 302);
@ -339,7 +344,7 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler {
 		$canCreate = $this->record->canCreate();

 		if(!$canView) {
-			$controller = Controller::curr();
+			$controller = $this->getToplevelController();
 			// TODO More friendly error
 			return $controller->httpError(403);
 		}
@ -399,6 +404,10 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler {
 			}
 		}

+		// Caution: API violation. Form expects a Controller, but we are giving it a RequestHandler instead.
+		// Thanks to this however, we are able to nest GridFields, and also access the initial Controller by
+		// dereferencing GridFieldDetailForm_ItemRequest->getController() multiple times. See getToplevelController
+		// below.
 		$form = new Form(
 			$this,
 			'ItemEditForm',
@ -452,10 +461,13 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler {
 	}

 	/**
-	 * Traverse up nested requests until we reach the first that's not a GridFieldDetailForm_ItemRequest.
-	 * The opposite of {@link Controller::curr()}, required because
-	 * Controller::$controller_stack is not directly accessible.
-	 * 
+	 * Traverse the nested RequestHandlers until we reach something that's not GridFieldDetailForm_ItemRequest.
+	 * This allows us to access the Controller responsible for invoking the top-level GridField.
+	 * This should be equivalent to getting the controller off the top of the controller stack via Controller::curr(),
+	 * but allows us to avoid accessing the global state.
+	 *
+	 * GridFieldDetailForm_ItemRequests are RequestHandlers, and as such they are not part of the controller stack.
+	 *
 	 * @return Controller
 	 */
 	protected function getToplevelController() {
@ -487,7 +499,7 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler {

 	public function doSave($data, $form) {
 		$new_record = $this->record->ID == 0;
-		$controller = Controller::curr();
+		$controller = $this->getToplevelController();
 		$list = $this->gridField->getList();
 		
 		if($list instanceof ManyManyList) {
@ -550,11 +562,11 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler {
 		$form->sessionMessage($message, 'good');

 		if($new_record) {
-			return Controller::curr()->redirect($this->Link());
+			return $controller->redirect($this->Link());
 		} elseif($this->gridField->getList()->byId($this->record->ID)) {
 			// Return new view, as we can't do a "virtual redirect" via the CMS Ajax
 			// to the same URL (it assumes that its content is already current, and doesn't reload)
-			return $this->edit(Controller::curr()->getRequest());
+			return $this->edit($controller->getRequest());
 		} else {
 			// Changes to the record properties might've excluded the record from
 			// a filtered list, so return back to the main view if it can't be found
@ -575,7 +587,7 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler {
 			$this->record->delete();
 		} catch(ValidationException $e) {
 			$form->sessionMessage($e->getResult()->message(), 'bad');
-			return Controller::curr()->redirectBack();
+			return $this->getToplevelController()->redirectBack();
 		}

 		$message = sprintf(
@ -593,7 +605,7 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler {
 		}

 		//when an item is deleted, redirect to the parent controller
-		$controller = Controller::curr();
+		$controller = $this->getToplevelController();
 		$controller->getRequest()->addHeader('X-Pjax', 'Content'); // Force a content refresh

 		return $controller->redirect($this->getBacklink(), 302); //redirect back to admin section
--- a/forms/gridfield/GridFieldPrintButton.php
+++ b/forms/gridfield/GridFieldPrintButton.php
@ -139,7 +139,7 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
 	 */
 	public function getTitle(GridField $gridField) {
 		$form = $gridField->getForm();
-		$currentController = Controller::curr();
+		$currentController = $gridField->getForm()->getController();
 		$title = '';

 		if(method_exists($currentController, 'Title')) {
@ -248,4 +248,4 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr

 		return $this;
 	}
-}
+}
--- a/javascript/GridField.js
+++ b/javascript/GridField.js
@ -48,16 +48,19 @@
 						// multiple relationships via keyboard.
 						if(focusedElName) self.find(':input[name="' + focusedElName + '"]').focus();

-						var content;
-						if(ajaxOpts.data[0].filter=="show"){	
-							content = '<span class="non-sortable"></span>';
-							self.addClass('show-filter').find('.filter-header').show();														
-						}else{
-							content = '<button name="showFilter" class="ss-gridfield-button-filter trigger"></button>';
-							self.removeClass('show-filter').find('.filter-header').hide();	
-						}
+						// Update filter 
+						if(self.find('.filter-header').length) {
+							var content;
+							if(ajaxOpts.data[0].filter=="show") {
+								content = '<span class="non-sortable"></span>';
+								self.addClass('show-filter').find('.filter-header').show();														
+							} else {
+								content = '<button name="showFilter" class="ss-gridfield-button-filter trigger"></button>';
+								self.removeClass('show-filter').find('.filter-header').hide();	
+							}

-						self.find('.sortable-header th:last').html(content);
+							self.find('.sortable-header th:last').html(content);
+						}

 						form.removeClass('loading');
 						if(successCallback) successCallback.apply(this, arguments);
--- a/lang/af.yml
+++ b/lang/af.yml
@ -233,6 +233,7 @@ af:
    PERMAGAIN: 'Jy is uit die IBS uitgeteken. As jy weer wil inteken, moet jy ''n gebruikersnaam en wagwoord onder in tik'
    PERMALREADY: 'Ek is jammer, maar jy het nie toestemming om dié gedeelte van die IBS te besugtig nie. As jy as iemand anders wil inteken doen so hieronder'
    PERMDEFAULT: 'Kies asseblief ''n kontroleer metode en sleutel jou sekuriteit''s besonderhede in'
+    PLEASESAVE: 'Stoor asseblief die bladsy: Die bladsy kon nie opgedateer word nie omdat dit nog nie gestoor is nie'
    PreviewButton: Beskou
    REORGANISATIONSUCCESSFUL: 'Die ''site tree'' is suksesvol geheorganiseer'
    SAVEDUP: Gestoor
--- a/lang/ar.yml
+++ b/lang/ar.yml
@ -169,6 +169,7 @@ ar:
    TEXT2: 'رابط إعادة تعيين كلمة المرور'
    TEXT3: لـ
  Form:
+    CSRF_FAILED_MESSAGE: "هناك على ما يبدو مشكلة فنية. الرجاء الضغط على الزر مرة أخرى، و تحديث المتصفح الخاص بك، ثم حاول مرة أخرى."
    FIELDISREQUIRED: '{الاسم} مطلوب'
    SubmitBtnLabel: اذهب
    VALIDATIONCREDITNUMBER: 'يرجى التأكد من أنك قد قمت بإدخال {رقم} رقم بطاقة الائتمان بشكل صحيح'
@ -265,6 +266,7 @@ ar:
    FindInFolder: 'ابحث في المجلد'
    IMAGEALT: 'النص البديل (بديل)'
    IMAGEALTTEXT: 'النص البديل (ألت) - يظهر إذا كان لا يمكن عرض الصورة'
+    IMAGEALTTEXTDESC: 'تبين قارئي الشاشة أو إذا لم يمكن عرض الصورة'
    IMAGEDIMENSIONS: الأبعاد
    IMAGEHEIGHTPX: الطول
    IMAGETITLE: 'العنوان - لإضافة معلومات إلى الصورة'
@ -302,6 +304,7 @@ ar:
    PERMAGAIN: 'تم خروجك من النظام بنجاح. للدخول مرة أخرى أدحل البريد الإلكتروني و الرقم السري بالأسفل'
    PERMALREADY: 'عذراً , لكن لا يمكنك الوصول لهذا القسم من النظام. يتوجب عليك الدخول بصلاحية أخرى'
    PERMDEFAULT: 'أدخل البريد الإلكتروني و الرقم السري للوصول إلى نظام إدارة المحتوى'
+    PLEASESAVE: 'فضلاً احفظ الصفحة: هذه الصفحة لا يمكن تحديثها لأنها لم تحفظ بعد'
    PreviewButton: استعراض
    REORGANISATIONSUCCESSFUL: 'تم إعادة تنظيم خريطة الموقع بنجاح'
    SAVEDUP: تم الحفظ.
@ -467,6 +470,7 @@ ar:
    ERRORPASSWORDPERMISSION: 'يجب تسجيل الدخول لتتمكن من تغيير كلمة المرور'
    LOGGEDOUT: 'تم تسجيل خروجك بنجاح ، إذا كنت ترغب بالدخول مرة أخرى فتفضل بتعبئة بياناتك بالأسفل'
    LOGIN: 'دخول'
+    LOSTPASSWORDHEADER: 'كلمة مرور مفقودة'
    NOTEPAGESECURED: 'هذه الصفحة محمية بكلمة مرور ، أدخل بيانات دخولك بالأسفل ليتم السماح لك بالوصول للصفحة'
    NOTERESETLINKINVALID: "<p> رابط إعادة تعيين كلمة المرور غير صحيح أو نفذت صلاحيته.</p>\n<p> \nيمكنك طلب رابط جديد <\"{a href=\"{link1\"> هنا </a>\n أو تغيير كلمة المرور الخاصة بك بعد <\"{a href=\"{link2\"> تسجيل دخولك</a>.\n</p>"
    NOTERESETPASSWORD: 'أدخل بريدك الإلكتروني و سيتم إرسال رابط إعادة تهيئة كلمة المرور '
--- a/lang/bg.yml
+++ b/lang/bg.yml
@ -220,6 +220,7 @@ bg:
    PERMAGAIN: 'Вие излязохте от CMS. Ако искате да влезете отново, моля, въведете потребителско име и парола.'
    PERMALREADY: 'Съжалявам, но нямате достъп до тази част от CMS. Ако искате да влезете с друго потребителско име, моля, направете го по-долу'
    PERMDEFAULT: 'Въведете имейл адреса и паролата си, за да влезете в CMS.'
+    PLEASESAVE: 'Съхрани страницата: Тази страница не може да бъде обновена, защото още не е записана.'
    PreviewButton: Преглед
    REORGANISATIONSUCCESSFUL: 'Реорганизацията на дървото на сайта беше успешна.'
    SAVEDUP: Записано
--- a/lang/bs.yml
+++ b/lang/bs.yml
@ -104,6 +104,7 @@ bs:
    PERMAGAIN: 'Odjavljeni ste sa CMS-a. Ukoliko se želite ponovo prijaviti, unesite korisničko ime i šifru ispod.'
    PERMALREADY: 'Žao nam je ali ne možete pristupiti ovom dijelu CMS-a. Ako se želite prijaviti sa drugim korisnikom uradite to ispod'
    PERMDEFAULT: 'Unesite vašu e-mail adresu i šifru kako biste pristupili CMS-u.'
+    PLEASESAVE: 'Molimo snimite stranicu: Ova stranica ne može biti ažurirana ako nije prethodno snimljena.'
  Member:
    BUTTONCHANGEPASSWORD: 'Promijeni šifru'
    BUTTONLOGIN: 'Prijava'
--- a/lang/ca.yml
+++ b/lang/ca.yml
@ -123,6 +123,7 @@ ca:
    PERMAGAIN: 'Heu estat desconnectat del SGC. Si voleu entrar de nou, introduïu un nom d''usuari i contrasenya a sota'
    PERMALREADY: 'Lamentant-ho molt, no podeu accedir a aquesta part del SGC. Si voleu entrar com a algú altre, feu-ho a sota'
    PERMDEFAULT: 'Introduïu la vostra adreça de correu electrònic i la contrasenya per a entrar al SGC.'
+    PLEASESAVE: 'Si us plau, deseu la pàgina: aquesta pàgina no s''ha pogut actualitzar perquè encara no s''ha desat.'
  LoginAttempt:
    Email: 'Adreça de correu'
    IP: 'Adreça IP'
--- a/lang/da.yml
+++ b/lang/da.yml
@ -20,6 +20,7 @@ da:
    PERMAGAIN: 'Du er blevet logget ud af CMS, hvis du vil logge ind igen, indtast brugernavn og kodeord nedenfor.'
    PERMALREADY: 'Beklager, men du kan ikke få adgang til denne del af CMS, hvis du vil logge ind som en anden, kan du gøre det nedenfor'
    PERMDEFAULT: 'Indtast din email adresse og kodeord for at få adgang til CMS systemet'
+    PLEASESAVE: 'Gem siden: Denne side kunne ikke blive opdateret, fordi den endnu ikke er gemt.'
  ModelAdmin:
    DELETE: Slet
    IMPORT: 'Importer fra CSV'
--- a/lang/de.yml
+++ b/lang/de.yml
@ -309,6 +309,7 @@ de:
    PERMAGAIN: 'Sie wurden aus dem System ausgeloggt. Falls Sie sich wieder einloggen möchten, geben Sie bitte Benutzernamen und Passwort im untenstehenden Formular an.'
    PERMALREADY: 'Leider dürfen Sie diesen Teil des CMS nicht aufrufen. Wenn Sie sich als jemand anderes einloggen wollen, benutzen Sie bitte das nachstehende Formular.'
    PERMDEFAULT: 'Bitte wählen Sie eine Authentifizierungsmethode und geben Sie Ihre Benutzerdaten für den Zugang zum CMS ein.'
+    PLEASESAVE: 'Diese Seite konnte nicht aktualisiert werden weil sie noch nicht gespeichert wurde - bitte speichern.'
    PreviewButton: Vorschau
    REORGANISATIONSUCCESSFUL: 'Der Seitenbaum wurde erfolgreich sortiert.'
    SAVEDUP: Gespeichert.
--- a/lang/eo.yml
+++ b/lang/eo.yml
@ -137,6 +137,7 @@ eo:
    PERMAGAIN: 'Vin adiaŭis la CMS. Se vi volas denove saluti, enigu salutnomon kaj pasvorton malsupre.'
    PERMALREADY: 'Bedaŭrinde vi ne povas aliri tiun parton de la CMS. Se vi volas saluti kiel iu alia, tiel faru sube'
    PERMDEFAULT: 'Enigi vian retadreson kaj pasvorton por aliri al la CMS.'
+    PLEASESAVE: 'Bonvolu konservi paĝon: Ne eblis ĝisdatigi ĉi tiun paĝon ĉar ĝi ankoraŭ ne estas konservita.'
  LoginAttempt:
    Email: 'Retadreso'
    IP: 'IP-Adreso'
--- a/lang/es_AR.yml
+++ b/lang/es_AR.yml
@ -136,6 +136,7 @@ es_AR:
    PERMAGAIN: 'Haz sido desconectado del CMS. Si quieres volver a entrar, a continuación introduce tu nombre de usuario y contraseña.'
    PERMALREADY: 'Lamentablemente no puedes ingresar a esta parte del CMS. Si quieres entrar como alguien distinto, haz eso a continuación'
    PERMDEFAULT: 'Por favor elegir un método de autenticación e ingresar sus credenciales para acceder al CMS.'
+    PLEASESAVE: 'Por favor Guarda la Página: No se puede actualizar esta página porque aún no se ha guardado.'
  LoginAttempt:
    Email: 'Dirección Email'
    IP: 'Dirección IP'
--- a/lang/es_MX.yml
+++ b/lang/es_MX.yml
@ -187,6 +187,7 @@ es_MX:
    PERMAGAIN: 'Usted ha sido desconectado del CMS. Si quiere volver a entrar, introduzca su nombre de usuario y contraseña.'
    PERMALREADY: 'Lamentablemente no puedes ingresar a esta parte del CMS. Si quieres entrar como alguien distinto, hazlo a continuación'
    PERMDEFAULT: 'Por favor, elija un método de autenticación e introduzca sus credenciales para acceder al CMS.'
+    PLEASESAVE: 'Por favor Guarda la Página: No se puede actualizar esta página porque aún no se ha guardado.'
    VersionUnknown: desconocido
  LoginAttempt:
    Email: 'Dirección de Correo Electrónico'
--- a/lang/et_EE.yml
+++ b/lang/et_EE.yml
@ -242,6 +242,7 @@ et_EE:
    FROMWEB: 'Veebist'
    FindInFolder: 'Otsi kaustast'
    IMAGEALT: 'Asetekst (alt)'
+    IMAGEALTTEXT: 'Asetekst (alt) – kuvatakse, kui kujutist ei ole võimalik kuvada'
    IMAGEDIMENSIONS: Mõõtmed
    IMAGEHEIGHTPX: Laius
    IMAGETITLE: 'Pealkirja tekst (kohtspikker) – lisateabeks kujutise kohta'
@ -279,6 +280,7 @@ et_EE:
    PERMAGAIN: 'Oled Sisuhaldusest välja logitud. Kui soovite uuesti sisse logida sisestage kasutajanimi ja parool.'
    PERMALREADY: 'Vabandust, aga sul pole lubatud sisuhaldussüsteemi selle osa juurde pääseda. Kui soovid kellegi teisena sisse logida, tee seda allpool.'
    PERMDEFAULT: 'Sisesta oma e-posti aadress ja parool sisuhaldussüsteemi ligipääsemiseks.'
+    PLEASESAVE: 'Palun Salvesta Lehekülg: Antud lehekülge ei uuendatud, kuna seda ei ole veel salvestatud.'
    PreviewButton: Eelvaade
    REORGANISATIONSUCCESSFUL: 'Saidipuu korraldati edukalt ümber.'
    SAVEDUP: Salvestatud.
--- a/lang/fa_IR.yml
+++ b/lang/fa_IR.yml
@ -99,6 +99,7 @@ fa_IR:
    PAGETYPE: 'نوع صفحه'
    PERMAGAIN: 'شما از سیستم مدیریت محتوا خارج شده اید.اگر میخواهید دوباره وارد شوید نام کاربری و رمز عبور خود را در قسمت زیر وارد کنید'
    PERMALREADY: 'من متاسفم، شما نمی توانید به آن قسمت از سیستم مدیریت محتوا دسترسی پیدا کنید. اگر میخواهید به عنوان شخص دیگری وارد شوید از قسمت زیر تلاش کنید'
+    PLEASESAVE: 'لطفاً صفحه را ذخیره کنید : این صفحه نمی تواند بروز شود چراکه هنوز ذخیره نشده است.'
  LoginAttempt:
    Email: 'آدرس های ایمیل'
  Member:
--- a/lang/fi.yml
+++ b/lang/fi.yml
@ -309,6 +309,7 @@ fi:
    PERMAGAIN: 'Olet kirjautunut ulos CMS:stä. Jos haluat kirjautua uudelleen sisään, syötä käyttäjätunnuksesi ja salasanasi alla.'
    PERMALREADY: 'Paihoittelut, mutta et pääse tähän osaan CMS:ää. Jos haluat kirjautua jonain muuna, voit tehdä sen alla.'
    PERMDEFAULT: 'Valitse tunnistustapa ja syötä tunnistetietosi CMS:ään.'
+    PLEASESAVE: 'Ole hyvä ja tallenna sivu: tätä sivua ei voitu päivittää, koska sitä ei ole vielä tallennettu.'
    PreviewButton: Esikatselu
    REORGANISATIONSUCCESSFUL: 'Hakemistopuu järjestettiin uudelleen onnistuneesti.'
    SAVEDUP: Tallennettu.
--- a/lang/fo.yml
+++ b/lang/fo.yml
@ -92,6 +92,7 @@ fo:
    PERMAGAIN: 'Tú ert blivin útritaður av CMS skipanini. Um tú ynskir at innrita aftur, inntøppa so títt brúkaranavn og loyniorð niðanfyri:'
    PERMALREADY: 'Tíanverri, tú hevur ikki atgongd til handan partin av CMS skipanini. Um tú ynskir at innrita sum onkur annar, so kann tú gera tað niðanfyri.'
    PERMDEFAULT: 'Inntøppa tygara teldupost og loyniorð fyri at fáa atgongd til CMS skipanina.'
+    PLEASESAVE: 'Vinarliga goym síðuna: Hendan síðan kundi ikki blíva dagført, tí at hon er ikki goymd enn.'
  LoginAttempt:
    Email: 'Teldupostur'
    IP: 'IP adressa'
--- a/lang/fr.yml
+++ b/lang/fr.yml
@ -170,6 +170,7 @@ fr:
    TEXT2: 'lien de réinitialisation de mot de passe'
    TEXT3: pour
  Form:
+    CSRF_FAILED_MESSAGE: "Il semble qu'il y ait eu un problème technique. Veuillez cliquez sur le bouton Retour, raffraîchir votre navigateur, et essayer à nouveau"
    FIELDISREQUIRED: '{name} requis'
    SubmitBtnLabel: Envoyer
    VALIDATIONCREDITNUMBER: 'Vérifiez que vous avez bien saisi votre numéro de carte bleue {number}.'
@ -264,6 +265,8 @@ fr:
    FROMWEB: 'Du web'
    FindInFolder: 'Trouver dans un dossier'
    IMAGEALT: 'Texte alternatif (alt)'
+    IMAGEALTTEXT: 'Texte alternatif (alt) - s''affiche si l''image ne peut être affichée.'
+    IMAGEALTTEXTDESC: 'Proposé aux lecteurs d’écran ou si l’image ne peut pas être affichée'
    IMAGEDIMENSIONS: Dimensions
    IMAGEHEIGHTPX: Hauteur
    IMAGETITLE: 'Texte du titre (tooltip) - informations à propos de l''image'
@ -301,6 +304,7 @@ fr:
    PERMAGAIN: 'Vous avez été déconnecté du CMS. Si vous voulez vous reconnecter, entrez un nom d''utilisateur et un mot de passe ci-dessous.'
    PERMALREADY: 'Désolé, mais vous ne pouvez pas accéder à cette partie du CMS. Si vous voulez changer d''identité, faites le ci-dessous'
    PERMDEFAULT: 'Saisissez votre adresse de courriel et votre mot de passe pour accéder au CMS.'
+    PLEASESAVE: 'Enregistrez la page s’il vous plaît&nbsp;: elle ne pouvait pas être mise à jour car elle n’avait pas encore été sauvegardée.'
    PreviewButton: Aperçu
    REORGANISATIONSUCCESSFUL: 'L’arbre du site a été bien réorganisé.'
    SAVEDUP: Enregistré.
@ -335,6 +339,7 @@ fr:
    ERRORLOCKEDOUT2: 'Votre compte a été temporairement désactivé à cause de trop nombreux échecs d''identification. Veuillez réessayer dans {count} minutes.'
    ERRORNEWPASSWORD: 'Vous avez entré votre nouveau mot de passe différemment, réessayez'
    ERRORPASSWORDNOTMATCH: 'Votre actuel mot de passe ne correspond pas, essayez encore s''il vous plaît'
+    ERRORWRONGCRED: 'Il semble que ce ne soit pas le bon email ou mot de passe. Essayez encore s''il vous plaît.'
    FIRSTNAME: 'Prénom'
    INTERFACELANG: 'Langue de l''interface'
    INVALIDNEWPASSWORD: 'Nous ne pouvons pas accepter le mot de passe {password}'
--- a/lang/gl_ES.yml
+++ b/lang/gl_ES.yml
@ -162,6 +162,7 @@ gl_ES:
    PERMAGAIN: 'Non tes unha sesión válida no CMS. Se queres volver entrar, insire o nome de usuario e contrasinal a continuación.'
    PERMALREADY: 'Sintoo, pero non podes acceder a esta parte do CMS. Se queres iniciar sesión con outras credenciais, faino a continuación'
    PERMDEFAULT: 'Escolle un método de autenticación e insire as túas credenciais para acceder o CMS.'
+    PLEASESAVE: 'Por favor Garda Páxina: Esta páxina podería non ser actualizada porque inda non foi gardada.'
    VersionUnknown: descoñecido
  LoginAttempt:
    Email: 'Enderezo Correo-e'
--- a/lang/he_IL.yml
+++ b/lang/he_IL.yml
@ -67,6 +67,7 @@ he_IL:
    PERMAGAIN: 'התנתקת מהמערכת. לחיבור מחדש נא להזין שם וסיסמה'
    PERMALREADY: 'צר לנו, אך לא תוכל לגשת לחלק זה של מערכת ניהול התוכן. אם ברצונך להתחבר למערכת בתור משתמש אחר נא להשתמש בתיבה בעמוד זה'
    PERMDEFAULT: 'נא לבחור בשיטת וידוא והזן פרטיך למערכת'
+    PLEASESAVE: 'נא לשמור עמוד זה. העמוד לא עודכן מכיוון ולא עודכן.'
  Member:
    BUTTONCHANGEPASSWORD: 'שנה סיסמא'
    BUTTONLOGIN: 'התחבר'
--- a/lang/hr.yml
+++ b/lang/hr.yml
@ -75,6 +75,7 @@ hr:
    PERMAGAIN: 'Odjavili ste se sa CMS-a. Želite li se ponovno prijaviti, upišite korisničko ime i lozinku'
    PERMALREADY: 'Nažalost, ne možete pristupiti tom dijelu CMS-a. Želite li se prijaviti kao netko drugi, učinite to ispod'
    PERMDEFAULT: 'Odaberite metodu autorizacije te upišite svoje podatke za pristup CMS-u.'
+    PLEASESAVE: 'Molim spremite stranicu: Nemože biti ažurirano dok nije spremljeno.'
  Member:
    BUTTONCHANGEPASSWORD: 'Promjeni lozinku'
    BUTTONLOGIN: 'Prijavi'
--- a/lang/hu.yml
+++ b/lang/hu.yml
@ -71,6 +71,7 @@ hu:
    PERMAGAIN: 'Kiléptetésre kerültél a CMS-ből. Ha újra be szeretnél lépni, add meg alább a felhasználóneved és jelszavad.'
    PERMALREADY: 'Nincs jogosultságod a CMS ezen részének megtekintéséhez. Ha be szeretnél jelentkezni más felhasználóként, lejjebb megteheted.'
    PERMDEFAULT: 'A CMS- be való belépéshez, kérünk válassz egy azonosítási módot, és írd be az azonosítási infomációkat.'
+    PLEASESAVE: 'Kérjük, mentsd el az oldalt: az oldalt nem lehetett frissíteni, mivel még nem került elmentésre.'
  Member:
    BUTTONCHANGEPASSWORD: 'Jelszó megváltoztatása'
    BUTTONLOGIN: 'Bejelentkezés'
--- a/lang/it.yml
+++ b/lang/it.yml
@ -166,6 +166,7 @@ it:
    TEXT2: 'Link per l''azzeramento della password'
    TEXT3: per
  Form:
+    CSRF_FAILED_MESSAGE: "Sembra che ci sia stato un problema tecnico. Per favore clicca sul pulsante \"indietro\", ricarica la pagina e riprova."
    FIELDISREQUIRED: '{name} è richiesto'
    SubmitBtnLabel: Vai
    VALIDATIONCREDITNUMBER: 'Assicurati che il numero di carta di credito {number} sia inserito correttamente'
@ -260,6 +261,8 @@ it:
    FROMWEB: 'Dal web'
    FindInFolder: 'Trova nella Cartella'
    IMAGEALT: 'Testo alternativo (alt)'
+    IMAGEALTTEXT: 'Testo alternativo (alt) - mostrato se l''immagine non può essere mostrata.'
+    IMAGEALTTEXTDESC: 'Mostrato agli screen reader o se l''immagine non può essere visualizzata'
    IMAGEDIMENSIONS: Dimensioni
    IMAGEHEIGHTPX: Altezza
    IMAGETITLE: 'Titolo (tooltip) - per informazioni aggiuntive sull''immagine.'
@ -297,6 +300,7 @@ it:
    PERMAGAIN: 'Sei stato disconnesso dal CMS. Se desideri autenticarti nuovamente, inserisci qui sotto nome utente e password.'
    PERMALREADY: 'Siamo spiacenti, ma non puoi accedere a questa sezione del CMS. Se desideri autenticarti come qualcun altro, fallo qui sotto.'
    PERMDEFAULT: 'Inserisci il tuo indirizzo email e password per accedere al CMS.'
+    PLEASESAVE: 'Per favore salva la pagina: La stessa potrebbe non venire aggiornata se non si provvede quanto prima a salvarla.'
    PreviewButton: Anteprima
    REORGANISATIONSUCCESSFUL: 'Albero del sito riorganizzato con successo.'
    SAVEDUP: Salvato.
--- a/lang/ja.yml
+++ b/lang/ja.yml
@ -168,6 +168,7 @@ ja:
    TEXT2: 'パスワードリセットのリンク'
    TEXT3: は
  Form:
+    CSRF_FAILED_MESSAGE: "技術的な問題が生じた可能性があります。 戻るボタンをクリックしてブラウザを更新し、もう一度試してください。"
    FIELDISREQUIRED: '{name} が必要'
    SubmitBtnLabel: Go
    VALIDATIONCREDITNUMBER: 'クレジットカード番号 {number} が正しく入力されたかどうか確認してください'
@ -301,6 +302,7 @@ ja:
    PERMAGAIN: 'ログアウトしました。再度ログインする場合は下にユーザー名とパスワードを入力してください。'
    PERMALREADY: '申し訳ございません。ご指定になられたCMSの箇所にはアクセスいただけません。別ユーザーとしてログインをされたい場合は、下記より行えます。'
    PERMDEFAULT: '認証方法を選択し、CMSにアクセスするために利用する認証情報を入力してください。'
+    PLEASESAVE: '保存してください: 保存してないため更新できません。'
    PreviewButton: プレビュー
    REORGANISATIONSUCCESSFUL: 'サイトツリーの再編集に成功しました。'
    SAVEDUP: 保存済み
@ -335,6 +337,7 @@ ja:
    ERRORLOCKEDOUT2: '複数回ログインに失敗したため、あなたのアカウントは一時的に使用不可能になっています。　{count} 分後に再びログインしてください。'
    ERRORNEWPASSWORD: '入力されたパスワードが一致しません。再度お試しください'
    ERRORPASSWORDNOTMATCH: '登録されているパスワードと一致しません、もう一度入力し直してください'
+    ERRORWRONGCRED: 'メールアドレスまたはパスワードが正しくありません、もう一度入力し直してください'
    FIRSTNAME: '名'
    INTERFACELANG: '画面言語'
    INVALIDNEWPASSWORD: '次のパスワードは受け付けることができません: {password}'
--- a/lang/mi.yml
+++ b/lang/mi.yml
@ -170,6 +170,7 @@ mi:
    TEXT2: 'hono tautuhi kupuhipa anō'
    TEXT3: mā
  Form:
+    CSRF_FAILED_MESSAGE: "Te āhua nei kua puta he raru hangarau. Pāwhiria te pātene hoki, ka tāmata anō i tō pūtirotiro, ka ngana anō."
    FIELDISREQUIRED: 'Ka hiahiatia te {name}'
    SubmitBtnLabel: Haere
    VALIDATIONCREDITNUMBER: 'Tirohia kua tika tō tāuru i te tau kāri nama {number}'
@ -303,6 +304,7 @@ mi:
    PERMAGAIN: 'Kua takiputaina atu koe i te CMS. Ki te pīrangi koe ki te takiuru atu anō, tāurutia tētahi ingoa kaiwhakamahi me te kupuhipa i raro.'
    PERMALREADY: 'Aroha mai, kāore e taea te whakauru i tērā wāhanga o te CMS. Ki te pīrangi koe ki te takiuru atu mā tētahi atu ingoa, whakamahia ki raro nei.'
    PERMDEFAULT: 'Whiriwhiria tētahi aratuka motuhēhēnga me te tāuru i ō taipitopito tuakiri ki te uru ki te CMS.'
+    PLEASESAVE: 'Tiaki Whārangi: Kāore i taea tēnei whārangi te whakahōu nā te mea kāore anō kia tiakina.'
    PreviewButton: Arokite
    REORGANISATIONSUCCESSFUL: 'Kua momoho te whakaraupapa anō i te rākau pae'
    SAVEDUP: Kua Tiakina
@ -337,6 +339,7 @@ mi:
    ERRORLOCKEDOUT2: 'Kua monokia rangitahitia tō pūkete nā te nui rawa o ngā ngana takiuru kua rahua. Ngana anō ā muri i te {count} meneti.'
    ERRORNEWPASSWORD: 'Kua rerekē tō tāuru kupuhipa, whakamātau anō'
    ERRORPASSWORDNOTMATCH: 'Kāore i te ōrite tō kupuhipa o nāianei, ngana anō'
+    ERRORWRONGCRED: 'Te āhua nei ehara i te wāhitau īmerā tika, i te kuphipa tika rānei. Ngana anō'
    FIRSTNAME: 'Ingoa Tuatahi'
    INTERFACELANG: 'Reo Atanga'
    INVALIDNEWPASSWORD: 'Kāore i taea te whakaae ki taua kupuhipa: {password}'
@ -466,6 +469,7 @@ mi:
    ERRORPASSWORDPERMISSION: 'Me takiuru koe i mua i te huri i tō kupuhipa!'
    LOGGEDOUT: 'Kua takiputaina atu koe. Ki te pīrangi koe ki te takiuru atu anō, tāurutia ō taipitopito tuakiri ki raro. '
    LOGIN: 'Takiuru'
+    LOSTPASSWORDHEADER: 'Kupuhipa Ngaro'
    NOTEPAGESECURED: 'Kua ngita tēnā whārangi. Tāurua ō taipitoptio tuakiri ki raro, ā, mā mātou koe e tuku kia haere tonu.'
    NOTERESETLINKINVALID: '<p>He muhu, kua mōnehu rānei te hono tautuhi kupuhipa anō.</p><p>Ka taea te tono i te mea hōu<a href="{link1}">i konei</a> ka huri rānei i tō kupuhipa ā muri i tō<a href="{link2}">takiuru</a>.</p>'
    NOTERESETPASSWORD: 'Tāurua tō wāhitau īmēra, mā mātou e tuku tētahi hono ki a koe e taea ai te tautuhi anō i tō kupuhipa'
--- a/lang/nb.yml
+++ b/lang/nb.yml
@ -225,6 +225,7 @@ nb:
    DefaultGroupTitleContentAuthors: 'Innholdsforfattere'
    Description: Beskrivelse
    GroupReminder: 'Hvis du velger en overordnet gruppe, vil denne gruppen arve alle rollene'
+    HierarchyPermsError: 'Kan ikke angi overordnet gruppe "%s" med administratorrettigheter (krever ADMIN-tilgang)'
    Locked: 'Låst?'
    NoRoles: 'Ingen roller funnet'
    PLURALNAME: Grupper
@ -340,6 +341,7 @@ nb:
    ERRORLOCKEDOUT2: 'Din konto har blitt midlertidig sperret på grunn av for mange mislykkede forsøk på å logge inn. Vennligst prøv igjen om {count} minutter.'
    ERRORNEWPASSWORD: 'Du har tastet inn nye passord forskjellig, vennligst prøv igjen.'
    ERRORPASSWORDNOTMATCH: 'Passordene stemmer ikke overens, vennligst prøv igjen.'
+    ERRORWRONGCRED: 'Det ser ikke ut til å være riktig epostadresse eller passord. Vennligst prøv igjen.'
    FIRSTNAME: 'Fornavn'
    INTERFACELANG: 'Språk på grensesnitt'
    INVALIDNEWPASSWORD: 'Vi kunne ikke godkjenne passordet: {password}'
@ -454,6 +456,7 @@ nb:
    Title: Tittel
  PermissionRoleCode:
    PLURALNAME: 'Koder for tillatelser'
+    PermsError: 'Kan ikke angi kode "%s" med administratorrettigheter (krever ADMIN-tilgang)'
    SINGULARNAME: 'Tillatelseskode'
  Permissions:
    PERMISSIONS_CATEGORY: 'Rolle- og tilgangstillatelser'
--- a/lang/nl.yml
+++ b/lang/nl.yml
@ -307,6 +307,7 @@ nl:
    PERMAGAIN: 'U bent uitgelogd uit het CMS.  Als U weer wilt inloggen vul dan uw gebruikersnaam en wachtwoord hier beneden in.'
    PERMALREADY: 'Helaas, dat deel van het CMS is niet toegankelijk voor U. Hieronder kunt U als iemand anders inloggen.'
    PERMDEFAULT: 'Geef uw e-mailadres en wachtwoord voor toegang tot het CMS.'
+    PLEASESAVE: 'Deze pagina kon niet bijgewerkt worden, omdat deze nog niet is bewaard.'
    PreviewButton: Voorbeeld
    REORGANISATIONSUCCESSFUL: 'Menu-indeling is aangepast'
    SAVEDUP: Opgeslagen
--- a/lang/pl.yml
+++ b/lang/pl.yml
@ -171,6 +171,7 @@ pl:
    TEXT2: 'link zmiany hasła'
    TEXT3: dla
  Form:
+    CSRF_FAILED_MESSAGE: "Wygląda na to, że wystąpił błąd techniczny. Kliknij przycisk Wstecz, odśwież przeglądarkę i spróbuj ponownie."
    FIELDISREQUIRED: '{name} jest wymagane'
    SubmitBtnLabel: Przejdź
    VALIDATIONCREDITNUMBER: 'Proszę upewnij się, że wprowadzony numer karty kredytowej {number} jest prawidłowy'
@ -305,6 +306,7 @@ pl:
    PERMAGAIN: 'Zostałeś wylogowany z CMSa. Jeśli chcesz zalogować się ponownie, wpisz login i hasło poniżej.'
    PERMALREADY: 'Niestety nie masz dostępu do tej części CMS. Jeśli chcesz zalogować się jako ktoś inny, zrób to poniżej'
    PERMDEFAULT: 'Proszę wybrać metodę identyfikacji i wpisać swoje dane, aby uruchomić CMSa.'
+    PLEASESAVE: 'Proszę zapisać stronę. Ta strona nie mogła zostać uaktualniona, ponieważ nie została jeszcze zapisana.'
    PreviewButton: Podgląd
    REORGANISATIONSUCCESSFUL: 'Pomyślnie zreorganizowano drzewo serwisu.'
    SAVEDUP: Zapisano.
@ -470,6 +472,7 @@ pl:
    ERRORPASSWORDPERMISSION: 'Musisz być zalogowany aby zmienić hasło'
    LOGGEDOUT: 'Zostałeś wylogowany. Jeśli chcesz się zalogować ponownie wpisz dane poniżej'
    LOGIN: 'Logowanie'
+    LOSTPASSWORDHEADER: 'Nie pamiętam hasła'
    NOTEPAGESECURED: 'Ta strona jest zabezpieczona. Wpisz swoje dane a my wyślemy Ci potwierdzenie niebawem'
    NOTERESETLINKINVALID: '<p>Link resetujący hasło wygasł lub jest nieprawidłowy.</p><p>Możesz poprosić o nowy <a href="{link1}">tutaj</a> lub zmień swoje hasło po <a href="{link2}">zalogowaniu się</a>.</p>'
    NOTERESETPASSWORD: 'Wpisz adres e-mail, na który mamy wysłać link gdzie możesz zresetować swoje hasło'
--- a/lang/pt.yml
+++ b/lang/pt.yml
@ -146,6 +146,7 @@ pt:
    HELP: Ajuda
    PAGETYPE: 'Tipo de página: '
    PERMAGAIN: 'Saiu do CMS. Se se deseja autenticar novamente insira as suas credenciais abaixo.'
+    PLEASESAVE: 'Por favor salve a página: Esta página não pode ser atulizada porque ainda não foi salva.'
  LoginAttempt:
    Email: 'Endereço de Email'
    IP: 'Endereço IP'
--- a/lang/pt_BR.yml
+++ b/lang/pt_BR.yml
@ -123,6 +123,7 @@ pt_BR:
    PERMAGAIN: 'Você foi desconectado do CMS. Se você quiser entrar novamente, digite um nome de usuário e senha abaixo.'
    PERMALREADY: 'Sinto muito, mas você não pode acessar essa parte do CMS. Se você quiser entrar como outra pessoa, faça-o abaixo.'
    PERMDEFAULT: 'Por favor, entre com seu e-mail e senha para entrar no sistema.'
+    PLEASESAVE: 'Por favor salve a página: Esta página não pode ser atulizada porque ainda não foi salva.'
  LoginAttempt:
    Email: 'Endereço de E-mail'
    IP: 'Endereço IP'
--- a/lang/ru.yml
+++ b/lang/ru.yml
@ -306,6 +306,7 @@ ru:
    PERMAGAIN: 'Вы вышли из Системы Управления Сайтом. Если Вы хотите войти снова, введите внизу имя пользователя и пароль.'
    PERMALREADY: 'Извините, у вас нет доступа к этому разделу Системы Управления. Если Вы хотите войти под другой учетной записью, сделайте это ниже'
    PERMDEFAULT: 'Введите ваши адрес электр. почты и пароль для доступа к системе.'
+    PLEASESAVE: 'Пожалуйста, сохраните страницу: ее нельзя обновить, т.к. она еще не была сохранена.'
    PreviewButton: Просмотр
    REORGANISATIONSUCCESSFUL: 'Древесная структура сайта успешно реорганизована.'
    SAVEDUP: Сохранено.
--- a/lang/si.yml
+++ b/lang/si.yml
@ -82,6 +82,7 @@ si:
    PERMAGAIN: 'ඹබ CMS ඵකෙන් ඉවත් වී ඇත. නැවත ඇතුල් වීමට නම හා මුරපදය යොදන්න'
    PERMALREADY: 'සමාවන්න ඔබට මෙම කොටස පරිශීලනය කල නොහැක. පහතින් වෙනත් නමකින් ඇතුල් වන්න'
    PERMDEFAULT: 'හදුනාගැනීමේ ක්රමයක් තෝරා ඹබගේ දත්ත ඇතුල් කරන්න'
+    PLEASESAVE: 'පිටුව සේව් කරන්න, නැතිනම් මෙම පිටුව යාවත්කාලීන කල නොහැක'
  Member:
    BUTTONCHANGEPASSWORD: 'මුර පදය අලුත් කරන්න'
    BUTTONLOGIN: 'ඇතුල්වන්න'
--- a/lang/sk.yml
+++ b/lang/sk.yml
@ -490,7 +490,7 @@ sk:
    IMPORTUSERS: 'Importovať požívateľov'
    MEMBERS: Členovia
    MENUTITLE: Bezpečnosť
-    MemberListCaution: 'Upozornenie: Odstánenie členov z tohto zoznamu ich odstráni zo všetkých skupín a databázy.'
+    MemberListCaution: 'Upozornenie: Odstránenie členov z tohto zoznamu ich odstráni zo všetkých skupín a databázy.'
    NEWGROUP: 'Nová skupina'
    PERMISSIONS: Právomoci
    ROLES: Úlohy
--- a/lang/sl.yml
+++ b/lang/sl.yml
@ -238,6 +238,7 @@ sl:
    PERMAGAIN: 'Odjavili ste se iz CMS-vmesnika. Če se želite ponovno prijaviti, vpišite uporabniško ime in geslo.'
    PERMALREADY: 'Do tega dela CMS-vmesnika nimate dostopa. Če se želite vpisati z drugim uporabniškim imenom, lahko to storite spodaj'
    PERMDEFAULT: 'Izberite način avtentikacije in vpišite svoje podatke za dostop do CMS-vmesnika.'
+    PLEASESAVE: 'Shranite stran: te strani ne morete posodobiti, ker še ni bila shranjena.'
    PreviewButton: Predogled
    REORGANISATIONSUCCESSFUL: 'Struktura spletnega mesta je bila uspešno spremenjena.'
    SAVEDUP: Shranjeno.
--- a/lang/sr.yml
+++ b/lang/sr.yml
@ -171,6 +171,7 @@ sr:
    TEXT2: 'линк за ресетовање лозинке'
    TEXT3: за
  Form:
+    CSRF_FAILED_MESSAGE: "Изгелда да постоји технички проблем. Кликните на дугме за повратак, освежите страницу и покушајте поново."
    FIELDISREQUIRED: '{name} је обавезно'
    SubmitBtnLabel: Иди
    VALIDATIONCREDITNUMBER: 'Уверите се да сте исправно унели {number} број кредитне картице'
@ -305,6 +306,7 @@ sr:
    PERMAGAIN: 'Одјављени сте са CMS-а. Уколико желите да се поново пријавите, унесите корисничко име и лозинку.'
    PERMALREADY: 'Не можете да приступите овом делу CMS-а. Ако желите да се пријавите као неко други, урадите то испод'
    PERMDEFAULT: 'Изаберите методу аутентификације и унесите податке за приступ CMS-у.'
+    PLEASESAVE: 'Сачувајте страну: ова страна не може да буде ажурирана јер још увек није сачувана.'
    PreviewButton: Претходни преглед
    REORGANISATIONSUCCESSFUL: 'Стабло сајта је успешно реорганизовано.'
    SAVEDUP: Сачувано.
--- a/lang/sr_RS.yml
+++ b/lang/sr_RS.yml
@ -171,6 +171,7 @@ sr_RS:
    TEXT2: 'линк за ресетовање лозинке'
    TEXT3: за
  Form:
+    CSRF_FAILED_MESSAGE: "Изгелда да постоји технички проблем. Кликните на дугме за повратак, освежите страницу и покушајте поново."
    FIELDISREQUIRED: '{name} је обавезно'
    SubmitBtnLabel: Иди
    VALIDATIONCREDITNUMBER: 'Уверите се да сте исправно унели {number} број кредитне картице'
@ -305,6 +306,7 @@ sr_RS:
    PERMAGAIN: 'Одјављени сте са CMS-а. Уколико желите да се поново пријавите, унесите корисничко име и лозинку.'
    PERMALREADY: 'Не можете да приступите овом делу CMS-а. Ако желите да се пријавите као неко други, урадите то испод'
    PERMDEFAULT: 'Изаберите методу аутентификације и унесите податке за приступ CMS-у.'
+    PLEASESAVE: 'Сачувајте страну: ова страна не може да буде ажурирана јер још увек није сачувана.'
    PreviewButton: Претходни преглед
    REORGANISATIONSUCCESSFUL: 'Стабло сајта је успешно реорганизовано.'
    SAVEDUP: Сачувано.
--- a/lang/sv.yml
+++ b/lang/sv.yml
@ -223,6 +223,7 @@ sv:
    FROMWEB: 'Från webben'
    FindInFolder: 'Hitta i mapp'
    IMAGEALT: 'Alternativ text (alt)'
+    IMAGEALTTEXT: 'Alternativ text (alt) - visas om bilden inte kan visas'
    IMAGEDIMENSIONS: Dimensioner
    IMAGEHEIGHTPX: Höjd
    IMAGETITLE: 'Titel text (tooltip) - för ytterligare information om bilden'
@ -259,6 +260,7 @@ sv:
    PERMAGAIN: 'Du har blivit utloggad. Om du vill logga in igen anger du dina uppgifter nedan.'
    PERMALREADY: 'Tyvärr så har du inte tillträde till den delen av CMSet. Om du vill logga in med en annan användare kan du göra det nedan'
    PERMDEFAULT: 'Var god välj en inloggningsmetod och fyll i dina uppgifter för att logga in i CMSet.'
+    PLEASESAVE: 'Var god spara sidan. Den kan inte uppdateras för att den har inte sparats ännu.'
    PreviewButton: Förhandsgranska
    REORGANISATIONSUCCESSFUL: 'Omorganisationen av sidträdet luyckades.'
    SAVEDUP: Sparad.
--- a/lang/th.yml
+++ b/lang/th.yml
@ -209,6 +209,7 @@ th:
    PERMAGAIN: 'คุณได้ออกจากระบบของ CMS แล้ว หากคุณต้องการเข้าสู่ระบบอีกครั้ง กรุณากรอกชื่อผู้ใช้งานและรหัสผ่านของคุณด้านล่าง'
    PERMALREADY: 'ขออภัย, คุณไม่สามารถเข้าใช้งานในส่วนนี้ของ CMS ได้ หากคุณต้องการเข้าสู่ระบบในชื่ออื่นได้จากด้านล่าง'
    PERMDEFAULT: 'กรุณาเลือกวิธีการยืนยันตัวบุคคลและกรอกข้อมูลประจำตัวเพื่อเข้าใช้งาน CMS'
+    PLEASESAVE: 'กรุณาบันทึกหน้าเว็บ หน้าเว็บนี้ยังไม่สามรถอัพเดทข้อมูลได้ เนื่องจากยังไม่ได้ถูกบันทึกข้อมูล'
  LeftAndMain_Menu_ss:
    Hello: สวัสดีค่ะ
    LOGOUT: 'ออกจากระบบ'
--- a/lang/tr.yml
+++ b/lang/tr.yml
@ -137,6 +137,7 @@ tr:
    PERMAGAIN: 'İYS yönetiminden çıkış yaptınız.  Eğer tekrar giriş yapmak isterseniz, aşağıya kullanıcı adı ve şifrenizi giriniz.'
    PERMALREADY: 'Üzgünüm ama İYS''nin bu bölümüne erişim hakkınız yok. Başka bir kullanıcı olarak giriş yapmak istiyorsanız aşağıdan bunu yapabilirsiniz'
    PERMDEFAULT: 'İYS erişimi için eposta adresinizi ve parolanızı giriniz.e kolaylık sağlama'
+    PLEASESAVE: 'Lütfen Sayfayı Kaydedin: Bu sayfa henüz kaydedilmediği için güncellenemedi.'
    PreviewButton: Önizleme
    SAVEDUP: Kaydedilmiş.
  LoginAttempt:
--- a/lang/uk.yml
+++ b/lang/uk.yml
@ -142,6 +142,7 @@ uk:
    PERMAGAIN: 'Ви вийшли з системи. Якщо Ви хочете повторно ідентифікуватися, введіть дані нижче.'
    PERMALREADY: 'Вибачте, та Ви не маєте доступу до цієї чатини системи. Якщо Ви хочете ідентифікуватися як хтось інший, зробіть це нижче '
    PERMDEFAULT: 'Будь ласка, оберіть метод ідентифікації та введіть дані доступу до системи.'
+    PLEASESAVE: 'Будь ласка, збережіть сторінку: Ця сторінка не може бути оновлена, бо вона ще не була збережена.'
  LeftAndMain_Menu_ss:
    Hello: Привіт
    LOGOUT: 'Вилогуватися'
--- a/lang/zh.yml
+++ b/lang/zh.yml
@ -171,6 +171,7 @@ zh:
    TEXT2: '密码重设链接'
    TEXT3: 为
  Form:
+    CSRF_FAILED_MESSAGE: "似乎出现了技术问题。请点击返回按钮，刷新您的浏览器，然后再试一次。"
    FIELDISREQUIRED: '{name} 为必填'
    SubmitBtnLabel: 前往
    VALIDATIONCREDITNUMBER: '请确保您输入了正确的 {number} 信用卡号码'
@ -305,6 +306,7 @@ zh:
    PERMAGAIN: '您已经退出 CMS。如果您想再次登录，请在下面输入用户名和密码。'
    PERMALREADY: '抱歉，您不能访问 CMS 的这一部分。如果您想以不同的身份登录，请在下面进行操作'
    PERMDEFAULT: '请选择一种认证方法并输入您的凭据以访问 CMS。'
+    PLEASESAVE: '请保存页面：不能更新该页面因为它还没有被保存。'
    PreviewButton: 预览
    REORGANISATIONSUCCESSFUL: '重新组织网站地图已成功'
    SAVEDUP: 已保存。
@ -470,6 +472,7 @@ zh:
    ERRORPASSWORDPERMISSION: '您必须登录才能更改您的密码！'
    LOGGEDOUT: '您已经退出了。如果您希望再次登录，请在下面输入您的证书。'
    LOGIN: '登录'
+    LOSTPASSWORDHEADER: '忘记密码'
    NOTEPAGESECURED: '该页面受安全保护。请在下面输入您的证书，然后我们会立即将您引导至该页面。'
    NOTERESETLINKINVALID: '<p>密码重设链接无效或已过期。</p><p>您可以在<a href="{link1}">这里</a> 要求一个新的或在<a href="{link2}">登录</a>后更改您的密码。</p>'
    NOTERESETPASSWORD: '请输入您的电子邮件地址，然后我们会将一个链接发送给您，您可以用它来重设您的密码'
--- a/lang/zh_CN.yml
+++ b/lang/zh_CN.yml
@ -73,6 +73,7 @@ zh_CN:
    PERMAGAIN: '您于CMS的登录已被注销，请在下面输入用户名和密码重新登录。'
    PERMALREADY: '对不起，您无权登录CMS的这一部分。如果您要用另外的帐号，请在下面登录。'
    PERMDEFAULT: '请先选择一种验证方法并输入您的权限信息，以登录CMS。'
+    PLEASESAVE: '请先保存：因为该网页还未保存，所以该页无法更新。'
  Member:
    BUTTONCHANGEPASSWORD: '更改密码'
    BUTTONLOGIN: '登录'
--- a/lang/zh_TW.yml
+++ b/lang/zh_TW.yml
@ -59,6 +59,7 @@ zh_TW:
    PERMAGAIN: '您已被登出，請在下面重新登入。'
    PERMALREADY: '抱歉，您沒有權力使用這個部分。您可以用別的帳號登入。'
    PERMDEFAULT: '請選擇一個認證方法並登入。'
+    PLEASESAVE: '請儲存：這個網頁沒有被更新因為尚未被儲存。'
  Member:
    BUTTONCHANGEPASSWORD: '更改密碼'
    BUTTONLOGIN: '登入'
--- a/model/ArrayList.php
+++ b/model/ArrayList.php
@ -345,9 +345,47 @@ class ArrayList extends ViewableData implements SS_List, SS_Filterable, SS_Sorta
 		return $list;
 	}
 	
+	/**
+	 * Parses a specified column into a sort field and direction
+	 * 
+	 * @param type $column String to parse containing the column name
+	 * @param type $direction Optional Additional argument which may contain the direction
+	 * @return array Sort specification in the form array("Column", SORT_ASC).
+	 */
+	protected function parseSortColumn($column, $direction = null) {
+		// Substitute the direction for the column if column is a numeric index
+		if($direction && (empty($column) || is_numeric($column))) {
+			$column = $direction;
+			$direction = null;
+		}
+		
+		// Parse column specification, considering possible ansi sql quoting
+		if(preg_match('/^"?(?<column>[^"\s]+)"?(\s+(?<direction>((asc)|(desc))(ending)?))?$/i', $column, $match)) {
+			$column = $match['column'];
+			if(empty($direction) && !empty($match['direction'])) {
+				$direction = $match['direction'];
+			}
+		} else {
+			throw new InvalidArgumentException("Invalid sort() column");
+		}
+		
+		// Parse sort direction specification
+		if(empty($direction) || preg_match('/^asc(ending)?$/i', $direction)) {
+			$direction = SORT_ASC;
+		} elseif(preg_match('/^desc(ending)?$/i', $direction)) {
+			$direction = SORT_DESC;
+		} else {
+			throw new InvalidArgumentException("Invalid sort() direction");
+		}
+		
+		return array($column, $direction);
+	}
+	
 	/**
 	 * Sorts this list by one or more fields. You can either pass in a single
 	 * field name and direction, or a map of field names to sort directions.
+	 * 
+	 * Note that columns may be double quoted as per ANSI sql standard
 	 *
 	 * @return DataList
 	 * @see SS_List::sort()
@ -368,18 +406,17 @@ class ArrayList extends ViewableData implements SS_List, SS_Filterable, SS_Sorta
 		
 		// One argument and it's a string
 		if(count($args)==1 && is_string($args[0])){
-			$column = $args[0];
-			if(strpos($column, ' ') !== false) {
-				throw new InvalidArgumentException("You can't pass SQL fragments to sort()");
-			}
-			$columnsToSort[$column] = SORT_ASC;
+			list($column, $direction) = $this->parseSortColumn($args[0]);
+			$columnsToSort[$column] = $direction;

-		} else if(count($args)==2){
-			$columnsToSort[$args[0]]=(strtolower($args[1])=='desc')?SORT_DESC:SORT_ASC;
+		} else if(count($args)==2) {
+			list($column, $direction) = $this->parseSortColumn($args[0], $args[1]);
+			$columnsToSort[$column] = $direction;

 		} else if(is_array($args[0])) {
-			foreach($args[0] as $column => $sort_order){
-				$columnsToSort[$column] = (strtolower($sort_order)=='desc')?SORT_DESC:SORT_ASC;
+			foreach($args[0] as $key => $value) {
+				list($column, $direction) = $this->parseSortColumn($key, $value);
+				$columnsToSort[$column] = $direction;
 			}
 		} else {
 			throw new InvalidArgumentException("Bad arguments passed to sort()");
--- a/model/Versioned.php
+++ b/model/Versioned.php
@ -27,6 +27,11 @@ class Versioned extends DataExtension implements TemplateGlobalProvider {
 	 */
 	protected $liveStage;
 	
+	/**
+	 * The default reading mode
+	 */
+	const DEFAULT_MODE = 'Stage.Live';
+	
 	/**
 	 * A version that a DataObject should be when it is 'migrating',
 	 * that is, when it is in the process of moving from one stage to another.
@ -943,6 +948,7 @@ class Versioned extends DataExtension implements TemplateGlobalProvider {
 		
 	//-----------------------------------------------------------------------------------------------//
 	
+	
 	/**
 	 * Choose the stage the site is currently on.
 	 *
@ -958,23 +964,36 @@ class Versioned extends DataExtension implements TemplateGlobalProvider {
 	 * @param Session $session Optional session within which to store the resulting stage
 	 */
 	public static function choose_site_stage($session = null) {
-		if(!$session) $session = Session::current_session();
+		// Check any pre-existing session mode
+		$preexistingMode = $session
+			? $session->inst_get('readingMode')
+			: Session::get('readingMode');
 		
+		// Determine the reading mode
 		if(isset($_GET['stage'])) {
 			$stage = ucfirst(strtolower($_GET['stage']));
-			
 			if(!in_array($stage, array('Stage', 'Live'))) $stage = 'Live';
-
-			$session->inst_set('readingMode', 'Stage.' . $stage);
-		}
-		if(isset($_GET['archiveDate']) && strtotime($_GET['archiveDate'])) {
-			$session->inst_set('readingMode', 'Archive.' . $_GET['archiveDate']);
+			$mode = 'Stage.' . $stage;
+		} elseif (isset($_GET['archiveDate']) && strtotime($_GET['archiveDate'])) {
+			$mode = 'Archive.' . $_GET['archiveDate'];
+		} elseif($preexistingMode) {
+			$mode = $preexistingMode;
+		} else {
+			$mode = self::DEFAULT_MODE;
 		}
 		
-		if($mode = $session->inst_get('readingMode')) {
-			Versioned::set_reading_mode($mode);
-		} else {
-			Versioned::reading_stage("Live");
+		// Save reading mode
+		Versioned::set_reading_mode($mode);
+		
+		// Try not to store the mode in the session if not needed
+		if(($preexistingMode && $preexistingMode !== $mode)
+			|| (!$preexistingMode && $mode !== self::DEFAULT_MODE)
+		) {
+			if($session) {
+				$session->inst_set('readingMode', $mode);
+			} else {
+				Session::set('readingMode', $mode);
+			}
 		}

 		if(!headers_sent() && !Director::is_cli()) {
--- a/tests/behat/features/profile.feature
+++ b/tests/behat/features/profile.feature
@ -30,7 +30,7 @@ Feature: Manage my own settings
 		Then I should see the CMS

 	Scenario: I can change the interface language
-		Given I fill in the "Interface Language" dropdown with "German (Germany)"
+		And I select "German (Germany)" from "Interface Language"
 		And I press the "Save" button
 		Then I should see "Sprache"

--- a/tests/control/DirectorTest.php
+++ b/tests/control/DirectorTest.php
@ -370,6 +370,21 @@ class DirectorTest extends SapphireTest {
 		$_SERVER['HTTP_X_FORWARDED_PROTOCOL'] = 'ftp';
 		$this->assertFalse(Director::is_https());

+		$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
+		$this->assertTrue(Director::is_https());
+
+		$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'http';
+		$this->assertFalse(Director::is_https());
+
+		$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'ftp';
+		$this->assertFalse(Director::is_https());
+
+		$_SERVER['HTTP_FRONT_END_HTTPS'] = 'On';
+		$this->assertTrue(Director::is_https());
+
+		$_SERVER['HTTP_FRONT_END_HTTPS'] = 'Off';
+		$this->assertFalse(Director::is_https());
+
 		// https via HTTPS
 		$_SERVER['HTTPS'] = 'true';
 		$this->assertTrue(Director::is_https());
--- a/tests/injector/InjectorTest.php
+++ b/tests/injector/InjectorTest.php
@ -457,6 +457,18 @@ class InjectorTest extends SapphireTest {
 		$si = $injector->get('TestStaticInjections');
 		$this->assertEquals('NewRequirementsBackend', get_class($si->backend));
 	}
+	
+	public function testSetterInjections() {
+		$injector = new Injector();
+		$config = array(
+			'NewRequirementsBackend',
+		);
+
+		$injector->load($config);
+
+		$si = $injector->get('TestSetterInjections');
+		$this->assertEquals('NewRequirementsBackend', get_class($si->getBackend()));
+	}

 	public function testCustomObjectCreator() {
 		$injector = new Injector();
@ -752,6 +764,28 @@ class TestStaticInjections implements TestOnly {

 }

+/**
+ * Make sure DI works with ViewableData's implementation of __isset
+ */
+class TestSetterInjections extends ViewableData implements TestOnly {
+	
+	protected $backend;
+	
+	/** @config */
+	private static $dependencies = array(
+		'backend' => '%$NewRequirementsBackend'
+	);
+	
+	public function getBackend() {
+		return $this->backend;
+	}
+	
+	public function setBackend($backend) {
+		$this->backend = $backend;
+	}
+	
+}
+
 /**
 * An example object creator that uses the SilverStripe class(arguments) mechanism for
 * creating new objects
--- a/tests/model/ArrayListTest.php
+++ b/tests/model/ArrayListTest.php
@ -250,12 +250,36 @@ class ArrayListTest extends SapphireTest {
 			array('Name' => 'John')
 		));

-		$list = $list->sort('Name');
-		$this->assertEquals($list->toArray(), array(
+		// Unquoted name
+		$list1 = $list->sort('Name');
+		$this->assertEquals($list1->toArray(), array(
 			(object) array('Name' => 'Bob'),
 			array('Name' => 'John'),
 			array('Name' => 'Steve')
 		));
+
+		// Quoted name name
+		$list2 = $list->sort('"Name"');
+		$this->assertEquals($list2->toArray(), array(
+			(object) array('Name' => 'Bob'),
+			array('Name' => 'John'),
+			array('Name' => 'Steve')
+		));
+
+		// Array (non-associative)
+		$list3 = $list->sort(array('"Name"'));
+		$this->assertEquals($list3->toArray(), array(
+			(object) array('Name' => 'Bob'),
+			array('Name' => 'John'),
+			array('Name' => 'Steve')
+		));
+		
+		// Check original list isn't altered
+		$this->assertEquals($list->toArray(), array(
+			array('Name' => 'Steve'),
+			(object) array('Name' => 'Bob'),
+			array('Name' => 'John')
+		));
 	}
 	
 	public function testSortSimpleASCOrder() {
@ -265,12 +289,44 @@ class ArrayListTest extends SapphireTest {
 			array('Name' => 'John')
 		));

-		$list = $list->sort('Name','asc');
-		$this->assertEquals($list->toArray(), array(
+		// Sort two arguments
+		$list1 = $list->sort('Name','ASC');
+		$this->assertEquals($list1->toArray(), array(
 			(object) array('Name' => 'Bob'),
 			array('Name' => 'John'),
 			array('Name' => 'Steve')
 		));
+
+		// Sort single string
+		$list2 = $list->sort('Name asc');
+		$this->assertEquals($list2->toArray(), array(
+			(object) array('Name' => 'Bob'),
+			array('Name' => 'John'),
+			array('Name' => 'Steve')
+		));
+		
+		// Sort quoted string
+		$list3 = $list->sort('"Name" ASCENDING');
+		$this->assertEquals($list3->toArray(), array(
+			(object) array('Name' => 'Bob'),
+			array('Name' => 'John'),
+			array('Name' => 'Steve')
+		));
+
+		// Sort array specifier
+		$list4 = $list->sort(array('Name' => 'ascending'));
+		$this->assertEquals($list4->toArray(), array(
+			(object) array('Name' => 'Bob'),
+			array('Name' => 'John'),
+			array('Name' => 'Steve')
+		));
+		
+		// Check original list isn't altered
+		$this->assertEquals($list->toArray(), array(
+			array('Name' => 'Steve'),
+			(object) array('Name' => 'Bob'),
+			array('Name' => 'John')
+		));
 	}
 	
 	public function testSortSimpleDESCOrder() {
@ -280,12 +336,44 @@ class ArrayListTest extends SapphireTest {
 			array('Name' => 'John')
 		));

-		$list = $list->sort('Name', 'DESC');
-		$this->assertEquals($list->toArray(), array(
+		// Sort two arguments
+		$list1 = $list->sort('Name', 'DESC');
+		$this->assertEquals($list1->toArray(), array(
 			array('Name' => 'Steve'),
 			array('Name' => 'John'),
 			(object) array('Name' => 'Bob')
 		));
+
+		// Sort single string
+		$list2 = $list->sort('Name desc');
+		$this->assertEquals($list2->toArray(), array(
+			array('Name' => 'Steve'),
+			array('Name' => 'John'),
+			(object) array('Name' => 'Bob')
+		));
+		
+		// Sort quoted string
+		$list3 = $list->sort('"Name" DESCENDING');
+		$this->assertEquals($list3->toArray(), array(
+			array('Name' => 'Steve'),
+			array('Name' => 'John'),
+			(object) array('Name' => 'Bob')
+		));
+
+		// Sort array specifier
+		$list4 = $list->sort(array('Name' => 'descending'));
+		$this->assertEquals($list4->toArray(), array(
+			array('Name' => 'Steve'),
+			array('Name' => 'John'),
+			(object) array('Name' => 'Bob')
+		));
+		
+		// Check original list isn't altered
+		$this->assertEquals($list->toArray(), array(
+			array('Name' => 'Steve'),
+			(object) array('Name' => 'Bob'),
+			array('Name' => 'John')
+		));
 	}
 	
 	public function testReverse() {
--- a/tests/model/VersionedTest.php
+++ b/tests/model/VersionedTest.php
@ -496,7 +496,6 @@ class VersionedTest extends SapphireTest {
 		$testData->Content = 'After Content';
 		$testData->write();

-		$_GET['archiveDate'] = '2009-01-01 19:00:00';
 		Versioned::reading_archived_date('2009-01-01 19:00:00');

 		$fetchedData = VersionedTest_DataObject::get()->byId($id);
@ -625,6 +624,23 @@ class VersionedTest extends SapphireTest {
 			'Check that subsequent requests in the same session remain in Live mode'
 		);
 		
+		// Test that session doesn't redundantly store the default stage if it doesn't need to
+		$session2 = new Session(array());
+		Director::test('/', null, $session2);
+		$this->assertEmpty($session2->inst_changedData());
+		Director::test('/?stage=Live', null, $session2);
+		$this->assertEmpty($session2->inst_changedData());
+		
+		// Test choose_site_stage
+		Session::set('readingMode', 'Stage.Stage');
+		Versioned::choose_site_stage();
+		$this->assertEquals('Stage.Stage', Versioned::get_reading_mode());
+		Session::set('readingMode', 'Archive.2014-01-01');
+		Versioned::choose_site_stage();
+		$this->assertEquals('Archive.2014-01-01', Versioned::get_reading_mode());
+		Session::clear('readingMode');
+		Versioned::choose_site_stage();
+		$this->assertEquals('Stage.Live', Versioned::get_reading_mode());
 	}

 }
--- a/thirdparty/Zend/Locale/Format.php
+++ b/thirdparty/Zend/Locale/Format.php
@ -15,8 +15,8 @@
 * @category   Zend
 * @package    Zend_Locale
 * @subpackage Format
- * @copyright  Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
- * @version    $Id: Format.php 23775 2011-03-01 17:25:24Z ralph $
+ * @copyright  Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @version    $Id$
 * @license    http://framework.zend.com/license/new-bsd     New BSD License
 */

@ -29,7 +29,7 @@ require_once 'Zend/Locale/Data.php';
 * @category   Zend
 * @package    Zend_Locale
 * @subpackage Format
- * @copyright  Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright  Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
 * @license    http://framework.zend.com/license/new-bsd     New BSD License
 */
 class Zend_Locale_Format
@ -99,8 +99,9 @@ class Zend_Locale_Format
                        $options['number_format'] = Zend_Locale_Data::getContent($locale, 'decimalnumber');
                    } else if ((gettype($value) !== 'string') and ($value !== NULL)) {
                        require_once 'Zend/Locale/Exception.php';
+                        $stringValue = (string)(is_array($value) ? implode(' ', $value) : $value);
                        throw new Zend_Locale_Exception("Unknown number format type '" . gettype($value) . "'. "
-                            . "Format '$value' must be a valid number format string.");
+                            . "Format '$stringValue' must be a valid number format string.");
                    }
                    break;

@ -113,8 +114,9 @@ class Zend_Locale_Format
                        $options['date_format'] = Zend_Locale_Format::getDateFormat($locale);
                    } else if ((gettype($value) !== 'string') and ($value !== NULL)) {
                        require_once 'Zend/Locale/Exception.php';
+                        $stringValue = (string)(is_array($value) ? implode(' ', $value) : $value);
                        throw new Zend_Locale_Exception("Unknown dateformat type '" . gettype($value) . "'. "
-                            . "Format '$value' must be a valid ISO or PHP date format string.");
+                            . "Format '$stringValue' must be a valid ISO or PHP date format string.");
                    } else {
                        if (((isset($options['format_type']) === true) and ($options['format_type'] == 'php')) or
                            ((isset($options['format_type']) === false) and (self::$_options['format_type'] == 'php'))) {
@ -300,15 +302,20 @@ class Zend_Locale_Format
        // load class within method for speed
        require_once 'Zend/Locale/Math.php';

-        $value             = Zend_Locale_Math::normalize($value);
        $value             = Zend_Locale_Math::floatalize($value);
+        $value             = Zend_Locale_Math::normalize($value);
        $options           = self::_checkOptions($options) + self::$_options;
        $options['locale'] = (string) $options['locale'];

        // Get correct signs for this locale
        $symbols = Zend_Locale_Data::getList($options['locale'], 'symbols');
-        $oenc = iconv_get_encoding('internal_encoding');
-        iconv_set_encoding('internal_encoding', 'UTF-8');
+        if (version_compare(PHP_VERSION, '5.6', '<')) {
+            $oenc = iconv_get_encoding('internal_encoding');
+            iconv_set_encoding('internal_encoding', 'UTF-8');
+        } else {
+            $oenc = ini_get('php.internal_encoding');
+            ini_set('php.internal_encoding', 'UTF-8');
+        }

        // Get format
        $format = $options['number_format'];
@ -343,7 +350,11 @@ class Zend_Locale_Format
        }

        if (iconv_strpos($format, '0') === false) {
-            iconv_set_encoding('internal_encoding', $oenc);
+            if (version_compare(PHP_VERSION, '5.6', '<')) {
+                iconv_set_encoding('internal_encoding', $oenc);
+            } else {
+                ini_set('php.internal_encoding', $oenc);
+            }
            require_once 'Zend/Locale/Exception.php';
            throw new Zend_Locale_Exception('Wrong format... missing 0');
        }
@ -469,7 +480,11 @@ class Zend_Locale_Format
            }
        }

-        iconv_set_encoding('internal_encoding', $oenc);
+        if (version_compare(PHP_VERSION, '5.6', '<')) {
+            iconv_set_encoding('internal_encoding', $oenc);
+        } else {
+            ini_set('php.internal_encoding', $oenc);
+        }
        return (string) $format;
    }

@ -778,8 +793,13 @@ class Zend_Locale_Format
        $result['date_format'] = $format; // save the format used to normalize $number (convenience)
        $result['locale'] = $options['locale']; // save the locale used to normalize $number (convenience)

-        $oenc = iconv_get_encoding('internal_encoding');
-        iconv_set_encoding('internal_encoding', 'UTF-8');
+        if (version_compare(PHP_VERSION, '5.6', '<')) {
+            $oenc = iconv_get_encoding('internal_encoding');
+            iconv_set_encoding('internal_encoding', 'UTF-8');
+        } else {
+            $oenc = ini_get('php.internal_encoding');
+            ini_set('php.internal_encoding', 'UTF-8');
+        }
        $day   = iconv_strpos($format, 'd');
        $month = iconv_strpos($format, 'M');
        $year  = iconv_strpos($format, 'y');
@ -844,7 +864,11 @@ class Zend_Locale_Format
        }

        if (empty($parse)) {
-            iconv_set_encoding('internal_encoding', $oenc);
+            if (version_compare(PHP_VERSION, '5.6', '<')) {
+                iconv_set_encoding('internal_encoding', $oenc);
+            } else {
+                ini_set('php.internal_encoding', $oenc);
+            }
            require_once 'Zend/Locale/Exception.php';
            throw new Zend_Locale_Exception("Unknown date format, neither date nor time in '" . $format . "' found");
        }
@ -864,7 +888,11 @@ class Zend_Locale_Format
        preg_match_all('/\d+/u', $number, $splitted);

        if (count($splitted[0]) == 0) {
-            iconv_set_encoding('internal_encoding', $oenc);
+            if (version_compare(PHP_VERSION, '5.6', '<')) {
+                iconv_set_encoding('internal_encoding', $oenc);
+            } else {
+                ini_set('php.internal_encoding', $oenc);
+            }
            require_once 'Zend/Locale/Exception.php';
            throw new Zend_Locale_Exception("No date part in '$date' found.");
        }
@ -970,7 +998,11 @@ class Zend_Locale_Format
                if (($position !== false) and ((iconv_strpos($date, $result['day']) === false) or
                                               (isset($result['year']) and (iconv_strpos($date, $result['year']) === false)))) {
                    if ($options['fix_date'] !== true) {
-                        iconv_set_encoding('internal_encoding', $oenc);
+                        if (version_compare(PHP_VERSION, '5.6', '<')) {
+                            iconv_set_encoding('internal_encoding', $oenc);
+                        } else {
+                            ini_set('php.internal_encoding', $oenc);
+                        }
                        require_once 'Zend/Locale/Exception.php';
                        throw new Zend_Locale_Exception("Unable to parse date '$date' using '" . $format
                            . "' (false month, $position, $month)");
@ -986,7 +1018,11 @@ class Zend_Locale_Format
            if (isset($result['day']) and isset($result['year'])) {
                if ($result['day'] > 31) {
                    if ($options['fix_date'] !== true) {
-                        iconv_set_encoding('internal_encoding', $oenc);
+                        if (version_compare(PHP_VERSION, '5.6', '<')) {
+                            iconv_set_encoding('internal_encoding', $oenc);
+                        } else {
+                            ini_set('php.internal_encoding', $oenc);
+                        }
                        require_once 'Zend/Locale/Exception.php';
                        throw new Zend_Locale_Exception("Unable to parse date '$date' using '"
                                                      . $format . "' (d <> y)");
@ -1002,7 +1038,11 @@ class Zend_Locale_Format
            if (isset($result['month']) and isset($result['year'])) {
                if ($result['month'] > 31) {
                    if ($options['fix_date'] !== true) {
-                        iconv_set_encoding('internal_encoding', $oenc);
+                        if (version_compare(PHP_VERSION, '5.6', '<')) {
+                            iconv_set_encoding('internal_encoding', $oenc);
+                        } else {
+                            ini_set('php.internal_encoding', $oenc);
+                        }
                        require_once 'Zend/Locale/Exception.php';
                        throw new Zend_Locale_Exception("Unable to parse date '$date' using '"
                                                      . $format . "' (M <> y)");
@ -1018,7 +1058,11 @@ class Zend_Locale_Format
            if (isset($result['month']) and isset($result['day'])) {
                if ($result['month'] > 12) {
                    if ($options['fix_date'] !== true || $result['month'] > 31) {
-                        iconv_set_encoding('internal_encoding', $oenc);
+                        if (version_compare(PHP_VERSION, '5.6', '<')) {
+                            iconv_set_encoding('internal_encoding', $oenc);
+                        } else {
+                            ini_set('php.internal_encoding', $oenc);
+                        }
                        require_once 'Zend/Locale/Exception.php';
                        throw new Zend_Locale_Exception("Unable to parse date '$date' using '"
                                                      . $format . "' (M <> d)");
@ -1045,7 +1089,11 @@ class Zend_Locale_Format
            }
        }

-        iconv_set_encoding('internal_encoding', $oenc);
+        if (version_compare(PHP_VERSION, '5.6', '<')) {
+            iconv_set_encoding('internal_encoding', $oenc);
+        } else {
+            ini_set('php.internal_encoding', $oenc);
+        }
        return $result;
    }

@ -1137,7 +1185,7 @@ class Zend_Locale_Format

        if (empty($options['date_format'])) {
            $options['format_type'] = 'iso';
-            $options['date_format'] = self::getDateFormat($options['locale']);
+            $options['date_format'] = self::getDateFormat(isset($options['locale']) ? $options['locale'] : null);
        }
        $options = self::_checkOptions($options) + self::$_options;