Merge remote-tracking branch 'origin/3.2.1' into 3.2

2024-07-01 17:09:38 +02:00 · 2015-11-16 16:39:15 +13:00 · 2015-11-16 16:39:15 +13:00 · fd6ae72e1d
commit fd6ae72e1d
parent 5f17618096 0178fa5a18
26 changed files with 375 additions and 59 deletions
--- a/admin/javascript/lang/de.js
+++ b/admin/javascript/lang/de.js
@ -9,7 +9,7 @@ if(typeof(ss) == 'undefined' || typeof(ss.i18n) == 'undefined') {
    "CMSMAIN.BATCH_PUBLISH_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich veröffentlichen?",
    "CMSMAIN.BATCH_DELETE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich löschen?",
    "CMSMAIN.BATCH_ARCHIVE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich archivieren?\n\nDiese Seiten und alle Unterseiten davon werden von der veröffentlichen Seite gelöscht und in das Archiv verschoben.",
-    "CMSMAIN.BATCH_RESTORE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to restore to stage?\n\nChildren of archived pages will be restored to the root level, unless those pages are also being restored.",
+    "CMSMAIN.BATCH_RESTORE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\\n\\nWollen Sie diese wirklich wiederherstellen?\\n\\nUnterseiten von archivierten Seiten werden auf der Root-Ebene wiederhergestellt, es sei denn, diese Seiten werden ebenfalls wiederhergestellt.",
    "CMSMAIN.BATCH_DELETELIVE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich von der veröfffentlichten Seite löschen?",
    "LeftAndMain.CONFIRMUNSAVED": "Sind Sie sicher, dass Sie die Seite verlassen möchten?\n\nWARNUNG: Ihre Änderungen werden nicht gespeichert.\n\nDrücken Sie \"OK\" um fortzufahren, oder \"Abbrechen\" um auf dieser Seite zu bleiben.",
    "LeftAndMain.CONFIRMUNSAVEDSHORT": "WARNUNG: Ihre Änderungen wurden nicht gespeichert.",
--- a/admin/javascript/lang/ro.js
+++ b/admin/javascript/lang/ro.js
@ -4,8 +4,8 @@ if(typeof(ss) == 'undefined' || typeof(ss.i18n) == 'undefined') {
 	if(typeof(console) != 'undefined') console.error('Class ss.i18n not defined');
 } else {
 	ss.i18n.addDictionary('ro', {
-    "CMSMAIN.SELECTONEPAGE": "Please select at least one page",
-    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to unpublish",
+    "CMSMAIN.SELECTONEPAGE": "Vă rugăm să selectaţi cel puțin o pagină.",
+    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "Aveti {num} pagina(i) selectate.\n\nDoriti sa le nenublicati",
    "CMSMAIN.BATCH_PUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to publish?",
    "CMSMAIN.BATCH_DELETE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to delete?",
    "CMSMAIN.BATCH_ARCHIVE_PROMPT": "You have {num} page(s) selected.\n\nAre you sure you want to archive these pages?\n\nThese pages and all of their children pages will be unpublished and sent to the archive.",
--- a/admin/javascript/lang/src/de.js
+++ b/admin/javascript/lang/src/de.js
@ -4,7 +4,7 @@
    "CMSMAIN.BATCH_PUBLISH_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich veröffentlichen?",
    "CMSMAIN.BATCH_DELETE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich löschen?",
    "CMSMAIN.BATCH_ARCHIVE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich archivieren?\n\nDiese Seiten und alle Unterseiten davon werden von der veröffentlichen Seite gelöscht und in das Archiv verschoben.",
-    "CMSMAIN.BATCH_RESTORE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to restore to stage?\n\nChildren of archived pages will be restored to the root level, unless those pages are also being restored.",
+    "CMSMAIN.BATCH_RESTORE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\\n\\nWollen Sie diese wirklich wiederherstellen?\\n\\nUnterseiten von archivierten Seiten werden auf der Root-Ebene wiederhergestellt, es sei denn, diese Seiten werden ebenfalls wiederhergestellt.",
    "CMSMAIN.BATCH_DELETELIVE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich von der veröfffentlichten Seite löschen?",
    "LeftAndMain.CONFIRMUNSAVED": "Sind Sie sicher, dass Sie die Seite verlassen möchten?\n\nWARNUNG: Ihre Änderungen werden nicht gespeichert.\n\nDrücken Sie \"OK\" um fortzufahren, oder \"Abbrechen\" um auf dieser Seite zu bleiben.",
    "LeftAndMain.CONFIRMUNSAVEDSHORT": "WARNUNG: Ihre Änderungen wurden nicht gespeichert.",
--- a/admin/javascript/lang/src/ro.js
+++ b/admin/javascript/lang/src/ro.js
@ -1,6 +1,6 @@
 {
-    "CMSMAIN.SELECTONEPAGE": "Please select at least one page",
-    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to unpublish",
+    "CMSMAIN.SELECTONEPAGE": "Vă rugăm să selectaţi cel puțin o pagină.",
+    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "Aveti {num} pagina(i) selectate.\n\nDoriti sa le nenublicati",
    "CMSMAIN.BATCH_PUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to publish?",
    "CMSMAIN.BATCH_DELETE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to delete?",
    "CMSMAIN.BATCH_ARCHIVE_PROMPT": "You have {num} page(s) selected.\n\nAre you sure you want to archive these pages?\n\nThese pages and all of their children pages will be unpublished and sent to the archive.",
--- a/api/RSSFeed.php
+++ b/api/RSSFeed.php
@ -16,6 +16,7 @@ class RSSFeed extends ViewableData {
 	private static $casting = array(
 		"Title" => "Varchar",
 		"Description" => "Varchar",
+		"Link" => "Varchar",
 	);

 	/**
--- a/control/RequestHandler.php
+++ b/control/RequestHandler.php
@ -188,14 +188,14 @@ class RequestHandler extends ViewableData {
 			user_error("Non-string method name: " . var_export($action, true), E_USER_ERROR);
 		}

-		$className = get_class($this);
+		$classMessage = Director::isLive() ? 'on this handler' : 'on class '.get_class($this);

 		try {
 			if(!$this->hasAction($action)) {
-				return $this->httpError(404, "Action '$action' isn't available on class $className.");
+				return $this->httpError(404, "Action '$action' isn't available $classMessage.");
 			}
 			if(!$this->checkAccessAction($action) || in_array(strtolower($action), array('run', 'init'))) {
-				return $this->httpError(403, "Action '$action' isn't allowed on class $className.");
+				return $this->httpError(403, "Action '$action' isn't allowed $classMessage.");
 			}
 			$result = $this->handleAction($request, $action);
 		}
@ -232,7 +232,7 @@ class RequestHandler extends ViewableData {

 		// But if we have more content on the URL and we don't know what to do with it, return an error.
 		} else {
-			return $this->httpError(404, "I can't handle sub-URLs of a $this->class object.");
+			return $this->httpError(404, "I can't handle sub-URLs $classMessage.");
 		}

 		return $this;
@ -276,10 +276,10 @@ class RequestHandler extends ViewableData {
 	 * @return SS_HTTPResponse
 	 */
 	protected function handleAction($request, $action) {
-		$className = get_class($this);
+		$classMessage = Director::isLive() ? 'on this handler' : 'on class '.get_class($this);

 		if(!$this->hasMethod($action)) {
-			return new SS_HTTPResponse("Action '$action' isn't available on class $className.", 404);
+			return new SS_HTTPResponse("Action '$action' isn't available $classMessage.", 404);
 		}

 		$res = $this->extend('beforeCallActionHandler', $request, $action);
--- a/docs/en/02_Developer_Guides/03_Forms/Field_types/03_HTMLEditorField.md
+++ b/docs/en/02_Developer_Guides/03_Forms/Field_types/03_HTMLEditorField.md
@ -218,6 +218,18 @@ To refresh a oEmbed cache, append `?flush=1` to a URL.

 To disable oEmbed usage, set the `Oembed.enabled` configuration property to "false".

+## Limiting oembed URLs
+
+HtmlEditorField can have whitelists set on both the scheme (default http & https) and domains allowed when
+inserting files for use with oembed.
+
+This is performed through the config variables `HtmlEditorField_Toolbar::$fileurl_scheme_whitelist` and
+`HtmlEditorField_Toolbar::$fileurl_domain_whitelist`.
+
+Setting these configuration variables to empty arrays will disable the whitelist. Setting them to an array of
+lower case strings will require the scheme or domain respectively to exactly match one of those strings (no
+wildcards are currently supported).
+
 ### Doctypes

 Since TinyMCE generates markup, it needs to know which doctype your documents will be rendered in. You can set this 
--- a/docs/en/04_Changelogs/3.2.1.md
+++ b/docs/en/04_Changelogs/3.2.1.md
@ -0,0 +1,56 @@
+# 3.2.1
+
+## Upgrading
+
+FormField validation messages generated by the `Validator` class will now be automatically XML
+encoded before being rendered alongside an invalid field.
+
+If a validation message in a custom `Validator` instance should be rendered as literal HTML,
+then the $message parameter for `Validator::validationError` should be passed as an instance
+of `HTMLText`
+
+For example:
+
+
+	:::php
+	class MyCustomValidator extends Validator {
+		public function php($data) { 
+			$this->validationError(
+				'EmailAddress',
+				DBField::create_field('HTMLText', "Invalid email. Please sign up at <a href='signup'>this page</a>")
+			);
+		}
+	}
+
+
+<!--- Changes below this line will be automatically regenerated -->
+
+## Change Log
+
+### Security
+
+ * 2015-11-12 [b61d6dc](https://github.com/silverstripe/silverstripe-framework/commit/b61d6dcd57577b0345af7a69e51da409305e1957) HtmlEditorField_Toolbar#viewfile not whitelisting URLs (Hamish Friedlander) - See [ss-2015-027](http://www.silverstripe.org/download/security-releases/ss-2015-027)
+ * 2015-11-11 [bc1b289](https://github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c) Fix FormField error messages not being encoded safely (Damian Mooyman) - See [ss-2015-026](http://www.silverstripe.org/download/security-releases/ss-2015-026)
+ * 2015-11-09 [f290d86](https://github.com/silverstripe/silverstripe-framework/commit/f290d869e01e0087286b4f2bc92e95d15c229c45) Dont expose class on error (Hamish Friedlander) - See [ss-2015-025](http://www.silverstripe.org/download/security-releases/ss-2015-025)
+ * 2015-11-01 [4f55b6a](https://github.com/silverstripe/silverstripe-framework/commit/4f55b6a115ce0de8c5c258fb44eca52b8b112caf) XML escape RSSFeed $link parameter (Ingo Schommer) - See [ss-2015-022](http://www.silverstripe.org/download/security-releases/ss-2015-022)
+ * 2015-10-28 [132e9b3](https://github.com/silverstripe/silverstripe-framework/commit/132e9b3e2fad361ebb4b502b6a37d34d013bfba3) Fix rewrite hash links XSS (Damian Mooyman) - See [ss-2015-021](http://www.silverstripe.org/download/security-releases/ss-2015-021)
+
+### Bugfixes
+
+ * 2015-11-10 [732e705](https://github.com/silverstripe/silverstripe-framework/commit/732e705bbf548024b123d5160863395f2f74e7d9) Correct behaviour for empty filter array (as per 3.1) (Damian Mooyman)
+ * 2015-11-09 [414ea3d](https://github.com/silverstripe/silverstripe-framework/commit/414ea3de9e87812c5ac96cc15062307c608e0963) prevent UploadField edit form generation for Folders (Damian Mooyman)
+ * 2015-11-05 [c6c650f](https://github.com/silverstripe/silverstripe-cms/commit/c6c650f1366348327d973ca6cc5a5ed33a467786) Ensure CMSMainTest uses correct siteconfig (Damian Mooyman)
+ * 2015-11-02 [0272e44](https://github.com/silverstripe/silverstripe-framework/commit/0272e443f44ebca55b05c14f2a112260ff0df284) Prevent dev/build continually regenerating Number field type (Damian Mooyman)
+ * 2015-10-30 [2813f94](https://github.com/silverstripe/silverstripe-framework/commit/2813f94124c2ba14f1e4a51001e3898b0e0c32aa) Ensure that filters on any fixed field are scoped to the base data table (Damian Mooyman)
+ * 2015-10-30 [38ca963](https://github.com/silverstripe/silverstripe-framework/commit/38ca9632c4e9df0a74eae70cec98fdce242da529) Add missing CMSSecurity route (Damian Mooyman)
+ * 2015-10-29 [daa86d3](https://github.com/silverstripe/silverstripe-framework/commit/daa86d3a4ce75bf8637134726864ae14fbbdf586) Fix regression from #4396 in test fixtures (Damian Mooyman)
+ * 2015-10-28 [db16248](https://github.com/silverstripe/silverstripe-framework/commit/db16248b9ab7677cc4b4e25857a6b6d36f8c35f0) Fix broken InlineFormAction (Damian Mooyman)
+ * 2015-10-27 [293d847](https://github.com/silverstripe/silverstripe-framework/commit/293d84721efafedf3dd3fe69dd1d013a8c07d3ff) for #4712: Dropping in some PHP documentation on return types for dynamically generated image methods. (Patrick Nelson)
+ * 2015-10-20 [b857bdf](https://github.com/silverstripe/silverstripe-framework/commit/b857bdf209d79fc623724e68f6a660354cbd5f93) Fix duplicate files being included in case of flush (Damian Mooyman)
+ * 2015-10-19 [c364158](https://github.com/silverstripe/silverstripe-framework/commit/c3641587a5d5977af4fa053e5813846ce990d86c) only use sethasemptydefault if exists. (Cam Findlay)
+ * 2015-10-08 [ff6c0a3](https://github.com/silverstripe/silverstripe-cms/commit/ff6c0a3160c5eb3ca624efea6585efb44399dc1c) (v3.1) for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)
+ * 2015-10-08 [785f850](https://github.com/silverstripe/silverstripe-cms/commit/785f85047f64b76011c34542362c7f09dbf59021) for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)
+ * 2015-10-01 [75dc391](https://github.com/silverstripe/silverstripe-cms/commit/75dc391df9b396756a6f02c5fca08eafcb53ba31) for #586 and possible fix for #736 and relates to #2449: Don't perform validation upon deletion, since it isn't necessary. Cleaned up type hint. (Patrick Nelson)
+ * 2015-09-17 [e64d73c](https://github.com/silverstripe/silverstripe-framework/commit/e64d73c1f741399412b6015f6602ed707b2e9778) Fix ClassInfo::table_for_object_field (Damian Mooyman)
+ * 2015-08-05 [2901664](https://github.com/silverstripe/silverstripe-framework/commit/29016645e5e759b1ecf49876fa79c357a68c5794) . FulltextFilter requires table identifiers in match query (Elvinas L.)
+ * 2015-07-12 [f192a6e](https://github.com/silverstripe/silverstripe-framework/commit/f192a6ecaf70446ec60f6c7ef2a555395f83ea16) #4392: Ensure headers are checked first before being clobbered by globally maintained state. Also ensuring tests utilize separate responses for isolation. (Patrick Nelson)
--- a/docs/en/04_Changelogs/rc/3.2.1-rc1.md
+++ b/docs/en/04_Changelogs/rc/3.2.1-rc1.md
@ -0,0 +1,34 @@
+# 3.2.1-rc1
+
+See [3.2.1](/changelogs/3.2.1) changelog for more information on what is new in 3.2.1
+
+<!--- Changes below this line will be automatically regenerated -->
+
+## Change Log
+
+### Security
+
+ * 2015-11-11 [bc1b289](https://github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c) Fix FormField error messages not being encoded safely (Damian Mooyman) - See [ss-2015-026](http://www.silverstripe.org/download/security-releases/ss-2015-026)
+ * 2015-11-09 [f290d86](https://github.com/silverstripe/silverstripe-framework/commit/f290d869e01e0087286b4f2bc92e95d15c229c45) Dont expose class on error (Hamish Friedlander) - See [ss-2015-025](http://www.silverstripe.org/download/security-releases/ss-2015-025)
+ * 2015-11-01 [4f55b6a](https://github.com/silverstripe/silverstripe-framework/commit/4f55b6a115ce0de8c5c258fb44eca52b8b112caf) XML escape RSSFeed $link parameter (Ingo Schommer) - See [ss-2015-022](http://www.silverstripe.org/download/security-releases/ss-2015-022)
+ * 2015-10-28 [132e9b3](https://github.com/silverstripe/silverstripe-framework/commit/132e9b3e2fad361ebb4b502b6a37d34d013bfba3) Fix rewrite hash links XSS (Damian Mooyman) - See [ss-2015-021](http://www.silverstripe.org/download/security-releases/ss-2015-021)
+
+### Bugfixes
+
+ * 2015-11-10 [732e705](https://github.com/silverstripe/silverstripe-framework/commit/732e705bbf548024b123d5160863395f2f74e7d9) Correct behaviour for empty filter array (as per 3.1) (Damian Mooyman)
+ * 2015-11-09 [414ea3d](https://github.com/silverstripe/silverstripe-framework/commit/414ea3de9e87812c5ac96cc15062307c608e0963) prevent UploadField edit form generation for Folders (Damian Mooyman)
+ * 2015-11-05 [c6c650f](https://github.com/silverstripe/silverstripe-cms/commit/c6c650f1366348327d973ca6cc5a5ed33a467786) Ensure CMSMainTest uses correct siteconfig (Damian Mooyman)
+ * 2015-11-02 [0272e44](https://github.com/silverstripe/silverstripe-framework/commit/0272e443f44ebca55b05c14f2a112260ff0df284) Prevent dev/build continually regenerating Number field type (Damian Mooyman)
+ * 2015-10-30 [2813f94](https://github.com/silverstripe/silverstripe-framework/commit/2813f94124c2ba14f1e4a51001e3898b0e0c32aa) Ensure that filters on any fixed field are scoped to the base data table (Damian Mooyman)
+ * 2015-10-30 [38ca963](https://github.com/silverstripe/silverstripe-framework/commit/38ca9632c4e9df0a74eae70cec98fdce242da529) Add missing CMSSecurity route (Damian Mooyman)
+ * 2015-10-29 [daa86d3](https://github.com/silverstripe/silverstripe-framework/commit/daa86d3a4ce75bf8637134726864ae14fbbdf586) Fix regression from #4396 in test fixtures (Damian Mooyman)
+ * 2015-10-28 [db16248](https://github.com/silverstripe/silverstripe-framework/commit/db16248b9ab7677cc4b4e25857a6b6d36f8c35f0) Fix broken InlineFormAction (Damian Mooyman)
+ * 2015-10-27 [293d847](https://github.com/silverstripe/silverstripe-framework/commit/293d84721efafedf3dd3fe69dd1d013a8c07d3ff) for #4712: Dropping in some PHP documentation on return types for dynamically generated image methods. (Patrick Nelson)
+ * 2015-10-20 [b857bdf](https://github.com/silverstripe/silverstripe-framework/commit/b857bdf209d79fc623724e68f6a660354cbd5f93) Fix duplicate files being included in case of flush (Damian Mooyman)
+ * 2015-10-19 [c364158](https://github.com/silverstripe/silverstripe-framework/commit/c3641587a5d5977af4fa053e5813846ce990d86c) only use sethasemptydefault if exists. (Cam Findlay)
+ * 2015-10-08 [ff6c0a3](https://github.com/silverstripe/silverstripe-cms/commit/ff6c0a3160c5eb3ca624efea6585efb44399dc1c) (v3.1) for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)
+ * 2015-10-08 [785f850](https://github.com/silverstripe/silverstripe-cms/commit/785f85047f64b76011c34542362c7f09dbf59021) for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)
+ * 2015-10-01 [75dc391](https://github.com/silverstripe/silverstripe-cms/commit/75dc391df9b396756a6f02c5fca08eafcb53ba31) for #586 and possible fix for #736 and relates to #2449: Don't perform validation upon deletion, since it isn't necessary. Cleaned up type hint. (Patrick Nelson)
+ * 2015-09-17 [e64d73c](https://github.com/silverstripe/silverstripe-framework/commit/e64d73c1f741399412b6015f6602ed707b2e9778) Fix ClassInfo::table_for_object_field (Damian Mooyman)
+ * 2015-08-05 [2901664](https://github.com/silverstripe/silverstripe-framework/commit/29016645e5e759b1ecf49876fa79c357a68c5794) . FulltextFilter requires table identifiers in match query (Elvinas L.)
+ * 2015-07-12 [f192a6e](https://github.com/silverstripe/silverstripe-framework/commit/f192a6ecaf70446ec60f6c7ef2a555395f83ea16) #4392: Ensure headers are checked first before being clobbered by globally maintained state. Also ensuring tests utilize separate responses for isolation. (Patrick Nelson)
--- a/docs/en/04_Changelogs/rc/3.2.1-rc2.md
+++ b/docs/en/04_Changelogs/rc/3.2.1-rc2.md
@ -0,0 +1,11 @@
+# 3.2.1-rc2
+
+See [3.2.1](/changelogs/3.2.1) changelog for more information on what is new in 3.2.1
+
+<!--- Changes below this line will be automatically regenerated -->
+
+## Change Log
+
+### Security
+
+ * 2015-11-12 [b61d6dc](https://github.com/silverstripe/silverstripe-framework/commit/b61d6dcd57577b0345af7a69e51da409305e1957) HtmlEditorField_Toolbar#viewfile not whitelisting URLs (Hamish Friedlander) - See [ss-2015-027](http://www.silverstripe.org/download/security-releases/ss-2015-027)
--- a/forms/Form.php
+++ b/forms/Form.php
@ -1303,6 +1303,18 @@ class Form extends RequestHandler {
 				// Load errors into session and post back
 				$data = $this->getData();

+				// Encode validation messages as XML before saving into session state
+				// As per Form::addErrorMessage()
+				$errors = array_map(function($error) {
+					// Encode message as XML by default
+					if($error['message'] instanceof DBField) {
+						$error['message'] = $error['message']->forTemplate();;
+					} else {
+						$error['message'] = Convert::raw2xml($error['message']);
+					}
+					return $error;
+				}, $errors);
+
 				Session::set("FormInfo.{$this->FormName()}.errors", $errors);
 				Session::set("FormInfo.{$this->FormName()}.data", $data);

--- a/forms/HtmlEditorField.php
+++ b/forms/HtmlEditorField.php
@ -449,40 +449,98 @@ class HtmlEditorField_Toolbar extends RequestHandler {
 		return $form;
 	}

+	/**
+	 * @config
+	 * @var array - list of allowed schemes (no wildcard, all lower case) or empty to allow all schemes
+	 */
+	private static $fileurl_scheme_whitelist = array('http', 'https');
+
+	/**
+	 * @config
+	 * @var array - list of allowed domains (no wildcard, all lower case) or empty to allow all domains
+	 */
+	private static $fileurl_domain_whitelist = array();
+
+	protected function viewfile_getLocalFileByID($id) {
+		$file = DataObject::get_by_id('File', $id);
+
+		if ($file && $file->canView()) return array($file, $file->RelativeLink());
+		return array(null, null);
+	}
+
+	protected function viewfile_getLocalFileByURL($fileUrl) {
+		$filteredUrl = Director::makeRelative($fileUrl);
+		$filteredUrl = preg_replace('/_resampled\/[^-]+-/', '', $filteredUrl);
+
+		$file = File::get()->filter('Filename', $filteredUrl)->first();
+
+		if ($file && $file->canView()) return array($file, $filteredUrl);
+		return array(null, null);
+	}
+
+	protected function viewfile_getRemoteFileByURL($fileUrl) {
+		$scheme = strtolower(parse_url($fileUrl, PHP_URL_SCHEME));
+		$allowed_schemes = self::config()->fileurl_scheme_whitelist;
+
+		if (!$scheme || ($allowed_schemes && !in_array($scheme, $allowed_schemes))) {
+			$exception = new SS_HTTPResponse_Exception("This file scheme is not included in the whitelist", 400);
+			$exception->getResponse()->addHeader('X-Status', $exception->getMessage());
+			throw $exception;
+		}
+
+		$domain = strtolower(parse_url($fileUrl, PHP_URL_HOST));
+		$allowed_domains = self::config()->fileurl_domain_whitelist;
+
+		if (!$domain || ($allowed_domains && !in_array($domain, $allowed_domains))) {
+			$exception = new SS_HTTPResponse_Exception("This file hostname is not included in the whitelist", 400);
+			$exception->getResponse()->addHeader('X-Status', $exception->getMessage());
+			throw $exception;
+		}
+
+		return array(
+			new File(array(
+				'Title' => basename($fileUrl),
+				'Filename' => $fileUrl
+			)),
+			$fileUrl
+		);
+	}
+
 	/**
 	 * View of a single file, either on the filesystem or on the web.
 	 */
 	public function viewfile($request) {
+		$file = null;
+		$url = null;

 		// TODO Would be cleaner to consistently pass URL for both local and remote files,
 		// but GridField doesn't allow for this kind of metadata customization at the moment.
-		if($url = $request->getVar('FileURL')) {
-			if(Director::is_absolute_url($url) && !Director::is_site_url($url)) {
-				$url = $url;
-				$file = new File(array(
-					'Title' => basename($url),
-					'Filename' => $url
-				));
-			} else {
-				$url = Director::makeRelative($request->getVar('FileURL'));
-				$url = preg_replace('/_resampled\/[^-]+-/', '', $url);
-				$file = File::get()->filter('Filename', $url)->first();
-				if(!$file) $file = new File(array(
-					'Title' => basename($url),
-					'Filename' => $url
-				));
+		if($fileUrl = $request->getVar('FileURL')) {
+			// If this isn't an absolute URL, or is, but is to this site, try and get the File object
+			// that is associated with it
+			if(!Director::is_absolute_url($fileUrl) || Director::is_site_url($fileUrl)) {
+				list($file, $url) = $this->viewfile_getLocalFileByURL($fileUrl);
 			}
-		} elseif($id = $request->getVar('ID')) {
-			$file = DataObject::get_by_id('File', $id);
-			$url = $file->RelativeLink();
-		} else {
-			throw new LogicException('Need either "ID" or "FileURL" parameter to identify the file');
+			// If this is an absolute URL, but not to this site, use as an oembed source (after whitelisting URL)
+			else {
+				list($file, $url) = $this->viewfile_getRemoteFileByURL($fileUrl);
+			}
+		}
+		// Or we could have been passed an ID directly
+		elseif($id = $request->getVar('ID')) {
+			list($file, $url) = $this->viewfile_getLocalFileByID($id);
+		}
+		// Or we could have been passed nothing, in which case panic
+		else {
+			throw new SS_HTTPResponse_Exception('Need either "ID" or "FileURL" parameter to identify the file', 400);
 		}

 		// Instanciate file wrapper and get fields based on its type
 		// Check if appCategory is an image and exists on the local system, otherwise use oEmbed to refference a
 		// remote image
-		if($file && $file->appCategory() == 'image' && Director::is_site_url($url)) {
+		if (!$file || !$url) {
+			throw new SS_HTTPResponse_Exception('Unable to find file to view', 404);
+		} elseif($file->appCategory() == 'image' && Director::is_site_url($url)) {
 			$fileWrapper = new HtmlEditorField_Image($url, $file);
 		} elseif(!Director::is_site_url($url)) {
 			$fileWrapper = new HtmlEditorField_Embed($url, $file);
--- a/lang/cs.yml
+++ b/lang/cs.yml
@ -292,8 +292,6 @@ cs:
    FROMWEB: 'Z webu'
    FindInFolder: 'Hledat ve složce'
    IMAGEALT: 'Alternativní text (alt)'
-    IMAGEALTTEXT: 'Alternativní text (alt) - ukáže se, když obrázek nemúže být zobrazen'
-    IMAGEALTTEXTDESC: 'Zobrazeno na obrazovce, anebo když obrázek nemůže být zobrazen'
    IMAGEDIMENSIONS: Rozměry
    IMAGEHEIGHTPX: Výška
    IMAGETITLE: 'Titul text (tooltip) - další informace o obrázku'
@ -328,11 +326,9 @@ cs:
    DELETED: Smazáno.
    DropdownBatchActionsDefault: Akcie
    HELP: Nápověda
-    PAGETYPE: 'Typ stránky:'
    PERMAGAIN: 'Byli jste odhlášeni z CMS. Pokud se chcete znovu přihlásit, zadejte níže své uživatelské jméno a heslo.'
    PERMALREADY: 'Omlouvám se, ale nemůžete vstoupit do této části CMS. Pokud se chcete přihlásit jako někdo jiný, udělejte tak níže.'
    PERMDEFAULT: 'Musíte být přihlášen/a k přístup do oblasti administrace, zadejte vaše přihlošovací údaje dole, prosím.'
-    PLEASESAVE: 'Uložte stránku, prosím. Tato stránka nemůže být aktualizována, protože ještě nebyla uložena.'
    PreviewButton: Náhled
    REORGANISATIONSUCCESSFUL: 'Strom webu reorganizován úspěšně.'
    SAVEDUP: Uloženo.
--- a/lang/de.yml
+++ b/lang/de.yml
@ -260,6 +260,7 @@ de:
    many_many_Members: Mitglieder
  GroupImportForm:
    Help1: '<p>Eine oder mehrere Gruppen im <em>CSV</em>-Format (kommaseparierte Werte) importieren. <small><a href="#" class="toggle-advanced">Erweiterte Nutzung</a></small></p>'
+    Help2: '<div class="advanced"><h4>Erweiterte Benutzung</h4><ul><li>Gültige Spalten: <em>%s</em></li><li>Bereits existierende Gruppen werden anhand ihres eindeutigen <em>Code</em> identifiziert und um neue Einträge aus der Importdatei erweitert.</li><li>Gruppenhierarchien können mittels der Spalte <em>ParentCode</em> erstellt werden.</li><li>Berechtigungen können in der Spalte <em>PermissionCode</em> hinzugefügt werden. Schon zugewiesene Berechtigungen werden nicht entfernt.</li></ul></div>'
    ResultCreated: '{count} Gruppe(n) wurden erstellt'
    ResultDeleted: '%d Gruppe(n) gelöscht'
    ResultUpdated: '%d Gruppe(n) aktualisiert'
@ -291,6 +292,7 @@ de:
    FROMWEB: 'Aus dem Web'
    FindInFolder: 'In Ordner suchen'
    IMAGEALT: 'Alternativtext (alt)'
+    IMAGEALTTEXT: 'Alternativtext (alt) - erscheint, falls das Bild nicht angezeigt werden kann.'
    IMAGEDIMENSIONS: Dimensionen
    IMAGEHEIGHTPX: Höhe (px)
    IMAGETITLE: 'Titeltext (Tooltip) - für zusätzliche Informationen über das Bild'
@ -325,7 +327,11 @@ de:
    DELETED: Gelöscht.
    DropdownBatchActionsDefault: Aktionen
    HELP: Hilfe
+    PAGETYPE: 'Seitentyp:'
    PERMAGAIN: 'Sie wurden aus dem System ausgeloggt. Falls Sie sich wieder einloggen möchten, geben Sie bitte Benutzernamen und Passwort im untenstehenden Formular an.'
+    PERMALREADY: 'Leider dürfen Sie diesen Teil des CMS nicht aufrufen. Wenn Sie sich als jemand anderes einloggen wollen, benutzen Sie bitte das nachstehende Formular.'
+    PERMDEFAULT: 'Sie müssen angemeldet sein, um auf diesen Bereich zugreifen zu können. Bitte geben Sie Ihre Zugangsdaten ein.'
+    PLEASESAVE: 'Diese Seite konnte nicht aktualisiert werden weil sie noch nicht gespeichert wurde - bitte speichern.'
    PreviewButton: Vorschau
    REORGANISATIONSUCCESSFUL: 'Der Seitenbaum wurde erfolgreich sortiert.'
    SAVEDUP: Gespeichert.
@ -413,6 +419,7 @@ de:
    Toggle: 'Hilfe zur Formatierung anzeigen'
  MemberImportForm:
    Help1: '<p>Mitglieder im <em>CSV</em>-Format (kommaseparierte Werte) importieren. <small><a href="#" class="toggle-advanced">Erweiterte Nutzung</a></small></p>'
+    Help2: '<div class="advanced"><h4>Erweiterte Benutzung</h4><ul><li>Gültige Spalten: <em>%s</em></li><li>Bereits existierende Benutzer werden anhand ihres eindeutigen <em>Code</em> identifiziert und um neue Einträge aus der Importdatei erweitert.</li><li>Gruppen können in der Spalte <em>Gruppen</em> hinzugefügt werden. Gruppen werden anhand ihres <em>Code</em> erkannt. Mehrere Gruppen werden Komma-separiert eingetragen. Schon zugewiesene Gruppen werden nicht entfernt.</li></ul></div>'
    ResultCreated: '{count} Mitglied(er) wurde(n) erstellt'
    ResultDeleted: '%d Mitglied(er) gelöscht'
    ResultNone: 'Keine Änderungen'
--- a/lang/es.yml
+++ b/lang/es.yml
@ -82,6 +82,7 @@ es:
  CMSSecurity:
    INVALIDUSER: '<p>Usuario inválido. <a target="_top" href="{link}">Por favor, vuelva a autenticar aquí</a> para continuar.</p>'
    LoginMessage: '<p>Si Ud tiene cualquier trabajo sin guardar puede volver donde lo dejó, iniciando sesión más abajo.</p>'
+    SUCCESS: Exito
    SUCCESSCONTENT: '<p>Inicio de sesión exitoso. Si Ud no es automáticamente redireccionado, <a target="_top" href="{link}">haga clic aquí</a></p>'
    TimedOutTitleAnonymous: 'Expiró su sesión.'
    TimedOutTitleMember: 'Eh {name}!<br />Tu sesión expiró.'
@ -259,6 +260,7 @@ es:
    many_many_Members: Miembros
  GroupImportForm:
    Help1: '<p>Importar uno o más grupos en formato <em>CSV</em> (valores separados por coma). <small><a href="#" class="toggle-advanced">Mostrar uso avanzado</a></small></p>'
+    Help2: '<div class="advanced"><h4>Uso avanzado</h4><ul><li>Columnas permitidas: <em>%s</em></li><li>Grupos existentes son relacionados con su  <em>Código único</em> y actualizados con cualquier nuevo valor desde el archivo importado</li><li>Jerarquías de grupo pueden ser creadas utilizando la columna <em>ParentCode</em>.</li><li>Códigos de permiso pueden ser asignados por la columna <em>PermissionCode</em>. Códigos de permisos existentes no son eliminados.</li></ul></div>'
    ResultCreated: 'Creados {count} grupos'
    ResultDeleted: 'Se eliminaron %d grupos'
    ResultUpdated: 'Actualizados grupos %d'
@ -325,6 +327,8 @@ es:
    DropdownBatchActionsDefault: Acciones
    HELP: Ayuda
    PERMAGAIN: 'Ha sido desconectado del CMS. Si quiere volver a entrar, introduzca su nombre de usuario y contraseña a continuación.'
+    PERMALREADY: 'Lamentablemente no puede acceder a esta parte del CMS. Si quiere entrar como alguien distinto, hágalo a continuación'
+    PERMDEFAULT: 'Debes estar conectado para acceder al área de administración; por favor ingresa tus datos a continuación'
    PreviewButton: Vista previa
    REORGANISATIONSUCCESSFUL: 'Reorganizado el árbol del sitio con éxito.'
    SAVEDUP: Guardado
@ -412,6 +416,7 @@ es:
    Toggle: 'Cambiar'
  MemberImportForm:
    Help1: '<p>Importar usuarios en <em>formato CSV</em> (valores separados por coma). <small><a href="#" class="toggle-advanced">Mostrar uso avanzado</a></small></p>'
+    Help2: '<div class="advanced"><h4>Uso avanzado</h4><ul><li>Columnas permitidas: <em>%s</em></li><li>Usuarios existentes son relacionados con su  <em>Código único</em>, y actualizados con cualquier nuevo valor desde el archivo importado.</li><li>Grupos pueden ser asignados por la columna <em>Groups</em>. Grupos son identificados por su propiedad <em>Code</em>, multiples grupos pueden ser separados por una coma.  La pertenencia a grupos existentes no se borra.</li></ul></div>'
    ResultCreated: 'Creados {count} miembros'
    ResultDeleted: 'Se eliminaron %d miembros'
    ResultNone: 'No hay cambios'
@ -475,6 +480,7 @@ es:
    SINGULARNAME: Regla
    Title: Título
  PermissionRoleCode:
+    PLURALNAME: 'Códigos de permiso'
    PermsError: 'No se puede asignar permisos privilegiados al código "% s"  (requiere acceso de administrador)'
    SINGULARNAME: 'Códigos de las regla de permisos'
  Permissions:
--- a/lang/fr.yml
+++ b/lang/fr.yml
@ -251,9 +251,9 @@ fr:
    CAPTIONTEXT: 'Légende'
    CSSCLASS: 'Alignement / Style'
    CSSCLASSCENTER: 'Centré'
-    CSSCLASSLEFT: 'A gauche, avec texte à la ligne.'
+    CSSCLASSLEFT: 'À gauche, avec texte autour.'
    CSSCLASSLEFTALONE: 'Sur la gauche seulement'
-    CSSCLASSRIGHT: 'a droite, avec texte à la ligne.'
+    CSSCLASSRIGHT: 'À droite, avec texte autour.'
    DETAILS: Détails
    EMAIL: 'Adresse email'
    FILE: Fichier
--- a/lang/it.yml
+++ b/lang/it.yml
@ -326,6 +326,8 @@ it:
    DropdownBatchActionsDefault: Azioni
    HELP: Aiuto
    PERMAGAIN: 'Sei stato disconnesso dal CMS. Se desideri autenticarti nuovamente, inserisci qui sotto nome utente e password.'
+    PERMALREADY: 'Siamo spiacenti, ma non puoi accedere a questa sezione del CMS. Se desideri autenticarti come qualcun altro, fallo qui sotto.'
+    PERMDEFAULT: 'Devi essere autenticato per accedere all''area amministrativa; Per favore inserisci le tue credenziali qui sotto'
    PreviewButton: Anteprima
    REORGANISATIONSUCCESSFUL: 'Albero del sito riorganizzato con successo.'
    SAVEDUP: Salvato.
--- a/lang/sk.yml
+++ b/lang/sk.yml
@ -292,8 +292,6 @@ sk:
    FROMWEB: 'Z webu'
    FindInFolder: 'Vyhľadať v priečinku'
    IMAGEALT: 'Atlernatívny text (alt)'
-    IMAGEALTTEXT: 'Atlernatívny text (alt) - zobrazí sa ak obrázok nemože byť zobrazený '
-    IMAGEALTTEXTDESC: 'Zobrazí sa na obrazovke, ak obrázok nemôže byť zobrazený'
    IMAGEDIMENSIONS: Rozmery
    IMAGEHEIGHTPX: Výška
    IMAGETITLE: 'Text titulky (tooltip) - pre doplňujúce informácie o obrázku'
@ -328,11 +326,9 @@ sk:
    DELETED: Zmazané.
    DropdownBatchActionsDefault: Akcie
    HELP: Pomoc
-    PAGETYPE: 'Typ stránky:'
    PERMAGAIN: 'Boli ste odhlásený'
    PERMALREADY: 'Je mi ľúto, ale nemáte prístup k tejto časti CMS. Ak sa chcete prihlásiť ako niekto iný, urobte tak nižšie'
    PERMDEFAULT: 'Musíte byť prihlásený/á k prístupu do oblasti administrácie, zadajte vaše prihlasovacie údaje dole, prosím.'
-    PLEASESAVE: 'Uložte stránku, prosím. Táto stránka nemôže byť aktualizovaná, pretože eště nebola uložená.'
    PreviewButton: Náhľad
    REORGANISATIONSUCCESSFUL: 'Strom webu bol reorganizovaný úspešne.'
    SAVEDUP: Uložené.
--- a/tests/api/RSSFeedTest.php
+++ b/tests/api/RSSFeedTest.php
@ -43,6 +43,13 @@ class RSSFeedTest extends SapphireTest {
 		$this->assertContains('<description>ItemC AltContent</description>', $content);
 	}

+	public function testLinkEncoding() {
+		$list = new ArrayList();
+		$rssFeed = new RSSFeed($list, "http://www.example.com/?param1=true&param2=true", "Test RSS Feed");
+		$content = $rssFeed->outputToBrowser();
+		$this->assertContains('<link>http://www.example.com/?param1=true&amp;param2=true', $content);
+	}
+
 	public function testRSSFeedWithShortcode() {
 		$list = new ArrayList();
 		$list->push(new RSSFeedTest_ItemD());
--- a/tests/forms/FormTest.php
+++ b/tests/forms/FormTest.php
@ -235,6 +235,7 @@ class FormTest extends FunctionalTest {
 			'FormTest_Controller/Form',
 			array(
 				'Email' => 'invalid',
+				'Number' => '<a href="http://mysite.com">link</a>' // XSS attempt
 				// leaving out "Required" field
 			)
 		);
@ -253,6 +254,17 @@ class FormTest extends FunctionalTest {
 			),
 			'Required fields show a notification on field when left blank'
 		);
+
+		$this->assertContains(
+			'&#039;&lt;a href=&quot;http://mysite.com&quot;&gt;link&lt;/a&gt;&#039; is not a number, only numbers can be accepted for this field',
+			$response->getBody(),
+			"Validation messages are safely XML encoded"
+		);
+		$this->assertNotContains(
+			'<a href="http://mysite.com">link</a>',
+			$response->getBody(),
+			"Unsafe content is not emitted directly inside the response body"
+		);
 	}

 	public function testSessionSuccessMessage() {
@ -685,7 +697,8 @@ class FormTest_Controller extends Controller implements TestOnly {
 			new FieldList(
 				new EmailField('Email'),
 				new TextField('SomeRequiredField'),
-				new CheckboxSetField('Boxes', null, array('1'=>'one','2'=>'two'))
+				new CheckboxSetField('Boxes', null, array('1'=>'one','2'=>'two')),
+				new NumericField('Number')
 			),
 			new FieldList(
 				new FormAction('doSubmit')
--- a/tests/forms/HtmlEditorFieldToolbarTest.php
+++ b/tests/forms/HtmlEditorFieldToolbarTest.php
@ -0,0 +1,71 @@
+<?php
+
+class HtmlEditorFieldToolbarTest_Toolbar extends HtmlEditorField_Toolbar {
+	public function viewfile_getLocalFileByID($id) {
+		return parent::viewfile_getLocalFileByID($id);
+	}
+
+	public function viewfile_getLocalFileByURL($fileUrl) {
+		return parent::viewfile_getLocalFileByURL($fileUrl);
+	}
+
+	public function viewfile_getRemoteFileByURL($fileUrl) {
+		return parent::viewfile_getRemoteFileByURL($fileUrl);
+	}
+}
+
+class HtmlEditorFieldToolbarTest extends SapphireTest {
+
+	protected static $fixture_file = 'HtmlEditorFieldToolbarTest.yml';
+
+	protected function getToolbar() {
+		return new HtmlEditorFieldToolbarTest_Toolbar(null, '/');
+	}
+
+	public function setUp() {
+		parent::setUp();
+
+		Config::nest();
+		Config::inst()->update('HtmlEditorField_Toolbar', 'fileurl_scheme_whitelist', array('http'));
+		Config::inst()->update('HtmlEditorField_Toolbar', 'fileurl_domain_whitelist', array('example.com'));
+	}
+
+	public function tearDown() {
+		Config::unnest();
+
+		parent::tearDown();
+	}
+
+	public function testValidLocalReference() {
+		list($file, $url) = $this->getToolbar()->viewfile_getLocalFileByURL('folder/subfolder/example.pdf');
+		$this->assertEquals($this->objFromFixture('File', 'example_file'), $file);
+	}
+
+	public function testInvalidLocalReference() {
+		list($file, $url) = $this->getToolbar()->viewfile_getLocalFileByURL('folder/subfolder/missing.pdf');
+		$this->assertNull($file);
+	}
+
+	public function testValidScheme() {
+		list($file, $url) = $this->getToolbar()->viewfile_getRemoteFileByURL('http://example.com/test.pdf');
+		$this->assertInstanceOf('File', $file);
+		$this->assertEquals($file->Filename, 'http://example.com/test.pdf');
+	}
+
+	/** @expectedException SS_HTTPResponse_Exception */
+	public function testInvalidScheme() {
+		list($file, $url) = $this->getToolbar()->viewfile_getRemoteFileByURL('nosuchscheme://example.com/test.pdf');
+	}
+
+	public function testValidDomain() {
+		list($file, $url) = $this->getToolbar()->viewfile_getRemoteFileByURL('http://example.com/test.pdf');
+		$this->assertInstanceOf('File', $file);
+		$this->assertEquals($file->Filename, 'http://example.com/test.pdf');
+	}
+
+	/** @expectedException SS_HTTPResponse_Exception */
+	public function testInvalidDomain() {
+		list($file, $url) = $this->getToolbar()->viewfile_getRemoteFileByURL('http://evil.com/test.pdf');
+	}
+
+}
--- a/tests/forms/HtmlEditorFieldToolbarTest.yml
+++ b/tests/forms/HtmlEditorFieldToolbarTest.yml
@ -0,0 +1,9 @@
+File:
+  example_file:
+    Name: example.pdf
+    Filename: folder/subfolder/example.pdf
+
+Image:
+  example_image:
+    Name: HTMLEditorFieldTest_example.jpg
+    Filename: tests/forms/images/HTMLEditorFieldTest_example.jpg
--- a/tests/view/SSViewerTest.php
+++ b/tests/view/SSViewerTest.php
@ -2,6 +2,13 @@

 class SSViewerTest extends SapphireTest {

+	/**
+	 * Backup of $_SERVER global
+	 *
+	 * @var array
+	 */
+	protected $oldServer = array();
+
 	protected $extraDataObjects = array(
 		'SSViewerTest_Object',
 	);
@ -10,6 +17,12 @@ class SSViewerTest extends SapphireTest {
 		parent::setUp();
 		Config::inst()->update('SSViewer', 'source_file_comments', false);
 		Config::inst()->update('SSViewer_FromString', 'cache_template', false);
+		$this->oldServer = $_SERVER;
+	}
+
+	public function tearDown() {
+		$_SERVER = $this->oldServer;
+		parent::tearDown();
 	}

 	/**
@ -1156,10 +1169,13 @@ after')
 		$orig = Config::inst()->get('SSViewer', 'rewrite_hash_links'); 
 		Config::inst()->update('SSViewer', 'rewrite_hash_links', true);

-		$_SERVER['REQUEST_URI'] = 'http://path/to/file?foo"onclick="alert(\'xss\')""';
+		$_SERVER['HTTP_HOST'] = 'www.mysite.com';
+		$_SERVER['REQUEST_URI'] = '//file.com?foo"onclick="alert(\'xss\')""';

 		// Emulate SSViewer::process()
-		$base = Convert::raw2att($_SERVER['REQUEST_URI']);
+		// Note that leading double slashes have been rewritten to prevent these being mis-interepreted
+		// as protocol-less absolute urls
+		$base = Convert::raw2att('/file.com?foo"onclick="alert(\'xss\')""');

 		$tmplFile = TEMP_FOLDER . '/SSViewerTest_testRewriteHashlinks_' . sha1(rand()) . '.ss';

@ -1227,10 +1243,11 @@ after')
 		$obj = new ViewableData();
 		$obj->InsertedLink = '<a class="inserted" href="#anchor">InsertedLink</a>';
 		$result = $tmpl->process($obj);
-		$this->assertContains(
-			'<a class="inserted" href="<?php echo Convert::raw2att(',
-			$result
-		);
+
+		$code = <<<'EOC'
+<a class="inserted" href="<?php echo Convert::raw2att(preg_replace("/^(\/)+/", "/", $_SERVER['REQUEST_URI'])); ?>#anchor">InsertedLink</a>
+EOC;
+		$this->assertContains($code, $result);
 		// TODO Fix inline links in PHP mode
 		// $this->assertContains(
 		// 	'<a class="inline" href="<?php echo str_replace(',
--- a/view/SSTemplateParser.php
+++ b/view/SSTemplateParser.php
@ -4681,11 +4681,15 @@ class SSTemplateParser extends Parser implements TemplateParser {

 		// TODO: This is pretty ugly & gets applied on all files not just html. I wonder if we can make this
 		// non-dynamically calculated
+		$code = <<<'EOC'
+(\Config::inst()->get('SSViewer', 'rewrite_hash_links')
+	? \Convert::raw2att( preg_replace("/^(\\/)+/", "/", $_SERVER['REQUEST_URI'] ) )
+	: "")
+EOC;
+		// Because preg_replace replacement requires escaped slashes, addcslashes here
 		$text = preg_replace(
 			'/(<a[^>]+href *= *)"#/i',
-			'\\1"\' . (Config::inst()->get(\'SSViewer\', \'rewrite_hash_links\') ?' .
-			' Convert::raw2att( $_SERVER[\'REQUEST_URI\'] ) : "") .
-				\'#',
+			'\\1"\' . ' . addcslashes($code, '\\')  . ' . \'#',
 			$text
 		);

--- a/view/SSTemplateParser.php.inc
+++ b/view/SSTemplateParser.php.inc
@ -1135,11 +1135,15 @@ class SSTemplateParser extends Parser implements TemplateParser {

 		// TODO: This is pretty ugly & gets applied on all files not just html. I wonder if we can make this
 		// non-dynamically calculated
+		$code = <<<'EOC'
+(\Config::inst()->get('SSViewer', 'rewrite_hash_links')
+	? \Convert::raw2att( preg_replace("/^(\\/)+/", "/", $_SERVER['REQUEST_URI'] ) )
+	: "")
+EOC;
+		// Because preg_replace replacement requires escaped slashes, addcslashes here
 		$text = preg_replace(
 			'/(<a[^>]+href *= *)"#/i',
-			'\\1"\' . (Config::inst()->get(\'SSViewer\', \'rewrite_hash_links\') ?' .
-			' Convert::raw2att( $_SERVER[\'REQUEST_URI\'] ) : "") .
-				\'#',
+			'\\1"\' . ' . addcslashes($code, '\\')  . ' . \'#',
 			$text
 		);

--- a/view/SSViewer.php
+++ b/view/SSViewer.php
@ -1129,10 +1129,10 @@ class SSViewer implements Flushable {
 		$rewrite = Config::inst()->get('SSViewer', 'rewrite_hash_links');
 		if($this->rewriteHashlinks && $rewrite) {
 			if(strpos($output, '<base') !== false) {
-				if($rewrite === 'php') { 
-					$thisURLRelativeToBase = "<?php echo Convert::raw2att(\$_SERVER['REQUEST_URI']); ?>";
+				if($rewrite === 'php') {
+					$thisURLRelativeToBase = "<?php echo Convert::raw2att(preg_replace(\"/^(\\\\/)+/\", \"/\", \$_SERVER['REQUEST_URI'])); ?>";
 				} else { 
-					$thisURLRelativeToBase = Convert::raw2att($_SERVER['REQUEST_URI']);
+					$thisURLRelativeToBase = Convert::raw2att(preg_replace("/^(\\/)+/", "/", $_SERVER['REQUEST_URI']));
 				}

 				$output = preg_replace('/(<a[^>]+href *= *)"#/i', '\\1"' . $thisURLRelativeToBase . '#', $output);