Commit Graph

21467 Commits

Author SHA1 Message Date
Garion Herman
f2d9150755 Added 4.4.7 changelog 2020-07-13 11:56:30 +12:00
Maxime Rainville
91d30db88f [CVE-2020-6164] Remove/deprecate unused controllers that can potentially give away some information about the underlying project. 2020-07-10 10:38:55 +12:00
Maxime Rainville
107706c12c [CVE-2019-19326] Stop honouring X-HTTP-Method-Override header, X-Original-Url header and _method POST variable. Add SS_HTTPRequest::setHttpMethod() 2020-07-10 10:38:42 +12:00
Steve Boyd
01f93ef178
Merge pull request #9557 from unclecheese/pulls/4.4/dev-noindex
MINOR: Add noindex metatag to debugview
2020-07-01 09:11:43 +12:00
Aaron Carlino
658ca4deb1 MINOR: Add noindex metatag to debugview 2020-06-25 12:09:28 +12:00
Maxime Rainville
395893b559 Merge branch '4.3' into 4.4 2020-05-26 14:30:02 +12:00
Maxime Rainville
86fcb9e29c Merge branch '4.2' into 4.3 2020-05-26 14:29:16 +12:00
Robbie Averill
13923d3004
Merge pull request #9498 from dhensby/pulls/4.2/psr4-loading-compat
Update file paths for autoloading compatibility
2020-04-27 10:13:50 -07:00
Dan Hensby
85b37999be
Merge branch '4.3' into 4.4 2020-04-27 09:52:52 +01:00
Dan Hensby
e328d6f0d9
Merge branch '4.2' into 4.3 2020-04-27 09:51:24 +01:00
Dan Hensby
33b0b6985a
Update file paths for autoloading compatibility 2020-04-25 10:28:28 +01:00
Robbie Averill
8180aa508c
Merge pull request #9497 from dhensby/pulls/bigint-rename
Rename DBBigint.php for composer autoloading compatability
2020-04-24 16:51:33 -07:00
Dan Hensby
b9f8ab44ac
Rename DBBigint.php for composer autoloading compatability 2020-04-24 23:15:42 +01:00
Serge Latyntcev
cf898a2672 Merge branch '4.3' into 4.4 2020-04-15 14:47:59 +12:00
Maxime Rainville
1fe6255f9b Merge tag '4.4.6' into 4.4
Release 4.4.6
2020-04-14 14:13:59 +12:00
Steve Boyd
0f7fd35926
Merge pull request #9458 from creative-commoners/pulls/4/doc-versioned-file-migration
DOC CMS 3.x file migration section about versioned files
2020-04-14 11:31:43 +12:00
Maxime Rainville
092acc7112 Added 4.4.6 changelog 2020-04-14 10:59:19 +12:00
Serge Latyntcev
eaa69530be DOC CMS 3.x file migration section about versioned files 2020-04-14 10:53:21 +12:00
Serge Latyntcev
b269d87490 BUG Register new sub tasks to fix files affected by CVE-2020-9280 and CVE-2019-12245 2020-04-13 17:16:57 +12:00
Maxime Rainville
4b0345bee7 DOC Explain how to use the new file migation sub tasks in the 4.4.6/4.5.2 changelogs 2020-04-13 17:16:29 +12:00
Steve Boyd
2e875a04ae
Merge pull request #9381 from webbuilders-group/bugfix-timefield-readonly
BUGFIX: Fixed issue where TimeField_Readonly would only show "(not set)"
2020-03-06 10:38:57 +13:00
UndefinedOffset
bba0f2f72f
BUGFIX: Fixed issue where TimeField_Readonly would only show "(not set)" instead of the value 2020-02-24 09:59:00 -04:00
Serge Latyntsev
91f091f418
Merge pull request #9410 from blueo/patch-1
Update CVE number to CVE-2019-19325
2020-02-19 10:15:52 +13:00
Bernard Hamlin
765810b013
Update CVE number to CVE-2019-19325 2020-02-19 09:58:12 +13:00
Maxime Rainville
a9598eec3f Added 4.4.5 changelog 2020-02-17 14:02:57 +13:00
Maxime Rainville
0a9866c087 Update translations 2020-02-17 14:01:02 +13:00
Maxime Rainville
49fda52b12
Merge pull request #94 from silverstripe-security/fix/cve-2019-19325
CVE-2019-1935
2020-02-17 12:54:40 +13:00
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
Steve Boyd
8dcaed25f4
Merge pull request #9386 from silverstripe-terraformers/feature/orm-column
ORM bugfix and enhancement
2020-02-11 15:56:03 +13:00
Mojmir Fendek
285e6caafa PR fixes 2020-02-11 10:43:01 +13:00
Mojmir Fendek
448147c2f1 PR fixes 2020-02-10 09:17:34 +13:00
Mojmir Fendek
660f80d284 PR fixes 2020-02-07 13:49:19 +13:00
Mojmir Fendek
99786dda22 ORM Column now supports related table lookup 2020-01-28 15:46:30 +13:00
Robbie Averill
26e3b6f4e3 Merge branch '4.3' into 4.4 2020-01-16 19:59:24 -08:00
Robbie Averill
7c1a0571f7
Merge pull request #9367 from martinduparc/patch-2
array_key_exists() on objects is deprecated in PHP 7.4
2020-01-14 09:39:49 -08:00
Martin D
ec6a353543 array_key_exists() on objects is deprecated
Ref: https://wiki.php.net/rfc/deprecations_php_7_4#array_key_exists_with_objects
2020-01-14 09:22:49 -08:00
Stevie Mayhew
92acc764f7
Merge pull request #9327 from kinglozzer/9259-session-restart
FIX: Session::restart() didn't correctly restart session (fixes #9259)
2019-11-21 11:52:36 +13:00
Loz Calver
453945da14 FIX: Session::restart() didn't correctly restart session (fixes #9259) 2019-11-20 14:21:30 +00:00
Serge Latyntcev
8219491705 Merge branch '4.3' into 4.4 2019-11-20 11:08:35 +13:00
Robbie Averill
bd658ca745
Merge pull request #9305 from tractorcow/pulls/4.3/action-title
BUG FormAction title property cannot be set if useButtonTag is false
2019-11-14 09:06:46 -08:00
Guy Marriott
44b9e331f6
Ensure Requirements_Backend respects explicit false for async/d… (#9309)
Ensure Requirements_Backend respects explicit false for async/defer
2019-10-29 14:37:32 -07:00
Michal Kleiner
4f614423ad Ensure Requirements_Backend respects explicit false for async/defer 2019-10-30 09:59:57 +13:00
Damian Mooyman
e76601e5c8
BUG FormAction title property cannot be set if useButtonTag is false 2019-10-29 17:21:45 +13:00
Serge Latyntcev
0cf5d4cbe2 Merge branch '4.3' into 4.4 2019-10-18 15:58:13 +13:00
Serge Latyntsev
c7597ad265
Merge pull request #9293 from open-sausages/pulls/4.3/psr2-fix
PSR2 linting fixes
2019-10-18 15:52:06 +13:00
Serge Latyntcev
46b9530d88 PSR2 linting fixes 2019-10-18 15:31:39 +13:00
Serge Latyntcev
dcbe6d0310 Merge branch '4.3' into 4.4 2019-10-18 10:57:35 +13:00
Robbie Averill
db2aa38228
Merge pull request #9277 from tractorcow/pulls/4.4/respect-can-create
BUG Ensure that canCreate() context matches that respected by GridFieldAddNewButton
2019-10-03 18:21:43 -07:00
Damian Mooyman
d7752b7945
Run PSR2 Lint cleaner 2019-10-04 13:26:31 +13:00
Serge Latyntsev
71f810516c
Merge pull request #9275 from open-sausages/pulls/4.3/obfuscated-email-names
FIX DebugViewFrendlyErrorFormatter handle of admin_email
2019-10-04 11:27:17 +13:00