tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
23,436 Commits 29 Branches 510 Tags 146 MiB
Commit Graph

2376 Commits

Author SHA1 Message Date
Guy Sartorelli 1a5bb4cbec
[CVE-2023-22729] Escaped double slash is absolute URL 2023-04-26 09:49:59 +12:00
Guy Sartorelli fd5d8217e8
[CVE-2023-22728] Check canView before printing from GridField 2023-04-26 09:45:34 +12:00
Steve Boyd 3d03a93b8f Merge branch '4.12' into 4.13 2023-04-11 10:55:17 +12:00
Dylan Wagstaff 92061a3ba6
FIX stabilise typed APIs (#10740) 
Since 4.12 the use of typehints and return types has caused issues with
values fetched directly from config without validation. This has lead to
upgrade woes in a minor version (#10721) with no immediate recourse
other than manual system intervention.

To use types, we should ensure types, leaving a stable API that won't
error on a bad value - or should give a thoughtful and directive error
message if so.

Issue #10721 summary:
SessionMiddleware runs before FlushMiddleware
SessionMiddleware causes a PHP fatal error passing `null` to a `string`
parameter.
`null` comes from config, because default string value doesn't exist. We
need flush for this - but system execution never makes it that far.
 2023-04-11 10:52:41 +12:00
Florian Thoma cd946b6c80
Group visibility for SITETREE_GRANT_ACCESS permissions 
Make groups visible if member has SITETREE_GRANT_ACCESS permissions, otherwise the dropdown for selecting the group is empty
 2023-04-05 16:33:41 +10:00
Steve Boyd 0f40cc38ec FIX Respect searchable_fields 2023-03-23 10:57:03 +13:00
Steve Boyd 41bb35f3f3 FIX Reduce array method calls 2023-03-22 11:06:23 +13:00
zemiacsik d60af9d16e
FIX property_exists() parameters mixup 
ensure that property parameter is a string
 2023-03-14 08:42:22 +01:00
zemiacsik 5b8d61b55b
FIX property_exists() parameters mixup 
property_exists() has first parameter "object_or_class" and second is a property to check
 2023-03-13 13:51:48 +01:00
Guy Sartorelli a4929a171e
Merge pull request #10697 from creative-commoners/pulls/4/nicer-deprecations 
ENH Improve deprecation logging
 2023-03-09 14:39:51 +13:00
Guy Sartorelli 046befc4ba
ENH Improve deprecation logging 2023-03-06 13:25:44 +13:00
Guy Sartorelli 128b327c6d
API Add method to check if env var is set 2023-03-06 11:49:22 +13:00
Steve Boyd 8b148bf293 Merge branch '4.12' into 4 2023-03-02 15:37:03 +13:00
Guy Sartorelli 66561ccb49
FIX Correctly deprecation Sources.module_priority (#10711) 
This config was deprecated back in #7154 and hasn't been used since
 2023-03-02 11:05:35 +13:00
Maxime Rainville 403f924d22
BUG Update RelatedDataService to properly escape ClassName in Polymorphic relations (#10713) 2023-03-02 09:56:40 +13:00
Florian Thoma 6585d499f5 FIX Convert slashes in paths when getting list of classes for file/folder 
This is to support the mechanism working on all operating systems where Windows may produce a mix of forward and backward slashes in some paths.
For working with the files it may not be a problem, but for exact string comparison the path delimiters need to be unified.
 2023-03-01 20:32:19 +13:00
Guy Sartorelli 277e97a84f
Merge pull request #10709 from creative-commoners/pulls/4/deprecated-args 
ENH Updated deprecation warning message
 2023-03-01 14:19:18 +13:00
Guy Sartorelli 58ca426f11
Merge branch '4.12' into 4 2023-03-01 12:54:30 +13:00
Sabina Talipova 05674adf51 ENH Updated deprecation warning message 2023-03-01 12:39:42 +13:00
Guy Sartorelli 5295ba6c16
API Throw deprecation warnings for bad configuration (#10702) 2023-03-01 11:36:08 +13:00
Guy Sartorelli 6669d54f59
FIX Wrap deprecated config with no replacement (#10704) 2023-02-27 18:13:31 +13:00
Guy Sartorelli 652281507f
FIX Correctly identify deprecated API in withNoReplacement (#10706) 2023-02-27 15:25:27 +13:00
Guy Sartorelli ab566b0a15
API Add new deprecation notices. (#10691) 
These are removed in CMS 5.
 2023-02-15 13:26:36 +13:00
Florian Thoma 54fc4ee9d2
fix directory separator in i18nTextCollector on Windows (#10681) 
* fix directory separator in i18nTextCollector for Windows

* fix typo
 2023-02-09 19:09:48 +13:00
Sabina Talipova 1f7adab62e
Merge pull request #10677 from creative-commoners/pulls/4/deprecate-diff 
API Deprecate Diff in favour of CMS5's HtmlDiff
 2023-02-08 16:36:58 +13:00
Guy Sartorelli 3a14aafc7f
API Deprecate Diff in favour of CMS5's HtmlDiff 2023-02-08 11:15:28 +13:00
Steve Boyd 4e9c74243d API Deprecate code 2023-02-07 11:56:04 +13:00
Steve Boyd 23efed1802 Merge branch '4.12' into 4 2023-02-02 16:20:00 +13:00
Thomas Portelange 3e5d99dedc
Prevent backslash in class name 
since the default code is using get_called_class, you can end up with \ in the class name which is an escape character for css selectors
this update convert for example

even valCMS_ACCESS_SilverStripe\VersionedAdmin\ArchiveAdmin
to
even valCMS_ACCESS_SilverStripe-VersionedAdmin-ArchiveAdmin

ArchiveAdmin class should probably implement     private static $required_permission_codes = 'CMS_ACCESS_ArchiveAdmin '; also
 2023-01-30 10:26:22 +01:00
Steve Boyd b973c88648 API Deprecate HTML4Value 2023-01-16 15:28:23 +13:00
Mojmir Fendek 2c105cffc9
ENH: saveInto() new extension points. (#10636) 
* ENH: saveInto() new extension points.
 2023-01-13 09:43:22 +13:00
Florian Thoma bb8e3b8386
fix: optional return value for paginator state 
`$state->getData()->getData('GridFieldPaginator')' (line 598) returns null by default.
 2023-01-02 15:32:16 +11:00
Shiva Kerdel 4a1eb0c158
ISSUE-10615: Respect SS_BASE_URL scheme in CLI environment. 
Additionally set _SERVER variables for HTTPS and SSL to respect SS_BASE_URL scheme when executing builds and tasks through CLI.
This should solve base tags not being provided with the correct HTTP scheme. This is important to resolve mixed content issues and insecure requests.
 2022-12-20 11:13:02 +13:00
Guy Sartorelli 0d662ba95f
Merge branch '4.12' into 4 2022-12-19 01:38:09 +00:00
Sabina Talipova 4e1b99b8c7
Merge pull request #10588 from creative-commoners/pulls/4/stop-using-depr 
API Stop using deprecated API
 2022-12-05 16:35:09 +13:00
Guy Sartorelli 8bb712a461
Merge branch '4.11' into 4.12-release 2022-11-30 10:54:02 +13:00
Michal Kleiner b107622400
FIX Improve rounding logic for storing of long decimal numbers (#10593) 
Co-authored-by: Michal Kleiner <michal.kleiner@cub3.com>
 2022-11-29 15:07:56 +13:00
Steve Boyd b5533e4680 API Stop using deprecated API 2022-11-28 19:16:31 +13:00
Michal Kleiner da06a2d0cf
Merge pull request #10577 from creative-commoners/pulls/4/textcollector-class-notation 2022-11-25 10:27:59 +13:00
Will Rossiter 1354edf054
fix misleading error message with test class 2022-11-25 09:13:08 +13:00
Chris Penny 31d5aef520 Bugfix: SSViewer check object exists before calling prop or method 2022-11-24 13:18:56 +13:00
Steve Boyd 20582936d8 Merge branch '4.12' into 4 2022-11-23 16:42:25 +13:00
Steve Boyd cb76f312a4 Merge branch '4.11' into 4.12-release 2022-11-21 13:44:23 +13:00
Steve Boyd dc98cad48a Merge branch '4.10' into 4.11 2022-11-21 13:43:59 +13:00
Steve Boyd fe13856769 [CVE-2022-37429] Sanitise XSS 2022-11-21 13:06:40 +13:00
Guy Sartorelli 17f1c7ceed
Merge pull request #10585 from creative-commoners/pulls/4.11/cve-2022-37430 
Sanitise mixed case javascript
 2022-11-21 13:03:30 +13:00
Guy Sartorelli e5b81109de
Merge pull request #10584 from creative-commoners/pulls/4.11/cve-2022-38462 
Don't allow CRLF in header values
 2022-11-21 13:02:25 +13:00
Steve Boyd 4308a93cc8 [CVE-2022-38148] Validate SortColumn exists 2022-11-21 13:01:32 +13:00
Guy Sartorelli b17b29eea1
Merge pull request #10583 from creative-commoners/pulls/4.11/cve-2022-38724-embed-shortcode 
Restrict embed shortcode attributes
 2022-11-21 13:01:23 +13:00
Sabina Talipova ad116c63e6
Merge pull request #10565 from creative-commoners/pulls/4/stop-depr 
API Stop using deprecated API
 2022-11-16 14:26:18 +13:00
Steve Boyd 137ebcebec API Stop using deprecated API 2022-11-15 18:20:54 +13:00
Daniel Hensby c49abf0fcc
Merge remote-tracking branch 'upstream/4.11' into 4.12 2022-11-11 13:25:54 +00:00
Guy Sartorelli 521c8179b1
ENH Correctly parse SomeClass::class syntax in textcollection 2022-11-11 11:37:53 +13:00
Lee Bradley 78b661dcf6
Prevent infinite loop when getting table name for ComponentID 
If the field isn't in the first 2 classes then would just continue to loop
Fix means it will continue going to parent classes

Can be seen in the UsedOnTable in `admin` module if you have injected a new `Image` class that extends the built in one
 2022-11-10 14:00:29 +00:00
Guy Sartorelli ed63beeeee
Merge branch '4.11' into 4 2022-11-09 10:53:09 +13:00
Loz Calver 7f8f5afc91 Ensure forms/fields overridden by onBeforeRender() can override templates 2022-11-02 11:57:57 +00:00
Loz Calver e2cb683f14 FIX: Stop FormField onBeforeRenderHolder extension result being overridden 2022-11-02 10:06:23 +00:00
Loz Calver c925fae180 NEW: Add onBeforeRender extension hook to Form 2022-11-02 10:05:02 +00:00
Steve Boyd 9091d64652 API Deprecate Member::create_new_password() 2022-11-02 10:08:27 +13:00
Steve Boyd b1dc861aac NEW Record deprecated config 2022-10-31 19:00:59 +13:00
Steve Boyd a3c1cb0ddf
ENH Set PasswordEncryption on default admin 2022-10-27 13:57:27 +13:00
Guy Sartorelli 168ca00555
[CVE-2022-38724] Restrict embed shortcode attributes 2022-10-26 09:31:12 +13:00
Steve Boyd 59b980edd7 Merge branch '4.11' into 4 2022-10-21 11:46:39 +13:00
Steve Boyd 897f9906f9 FIX Handle calling Deprecation::notice() before manifests are available 2022-10-21 10:08:31 +13:00
Steve Boyd bd2eb15c72 FIX Ensure Deprecation works with 1.x branches 2022-10-20 13:14:58 +13:00
Steve Boyd e3a6cad8a8 FIX Allow passing objects to InjectionCreator::create() 
Co-authored-by: Nate Devereux <nate@daveclark.co.nz>
 2022-10-19 18:04:48 +13:00
Phillip King c4b3d5304d Update tinymce links in comments 2022-10-14 16:11:58 +13:00
Steve Boyd 9c453abf89 API Update deprecations 2022-10-13 14:49:15 +13:00
Steve Boyd 33b6a00f49 ENH Update deprecation messages 2022-10-13 14:48:40 +13:00
Steve Boyd e6aa183eb4 API Update deprecations for SapphireTest and FunctionalTest 2022-10-13 14:05:49 +13:00
Steve Boyd 2991901660 ENH Update deprecation messages 2022-10-13 14:05:49 +13:00
Steve Boyd 7b87926428 ENH Update deprecation messages 2022-10-13 14:05:49 +13:00
Steve Boyd 9f541b9a04 MNT Remove deprecation from private method 2022-10-13 14:05:49 +13:00
Steve Boyd cc49036616 ENH Standardise deprecation messages 2022-10-13 14:05:49 +13:00
Steve Boyd 0852f504fb API Update deprecations for SapphireTest and FunctionalTest 2022-10-13 14:05:49 +13:00
Steve Boyd 1ee0aff1d1 FIX Prevent infinite loops in Deprecation::notice() 2022-10-13 13:37:29 +13:00
Steve Boyd 906cd0e76d
API Deprecate render() (#10527) 2022-10-07 14:44:02 +13:00
Guy Sartorelli 8419984b36
Merge pull request #10517 from creative-commoners/pulls/4/deprecate-swiftmailer 
API Deprecate swiftmailer
 2022-10-07 09:37:11 +13:00
Steve Boyd 96a931d24f API Deprecate swiftmailer 2022-10-06 09:52:06 +13:00
Christian Bünte e24fb3f86c
Fix i18nTextCollector produces corrupt output / namespaces when running under PHP8.0 (#10228) 
* FIX i18nTextCollector produces corrupt output / namespaces when running under PHP8.0
 2022-09-29 13:40:40 +13:00
Guy Sartorelli 421864d111
Merge branch '4.11' into 4 2022-09-29 09:41:06 +13:00
Thomas Portelange 54892fa267
request may not have a session 
see https://github.com/silverstripe/silverstripe-framework/pull/10512
 2022-09-28 10:44:13 +02:00
Guy Sartorelli 4a598ded51
FIX Allow removing named extensions in yaml config 2022-09-27 13:15:28 +13:00
Bram de Leeuw f78c3ee5bb
Member updateName extension hook 
Allow updating the Member name from an extension
 2022-09-26 16:57:39 +02:00
Steve Boyd 5111b56ac9 ENH Add PHP 8.1 safe null-coalescing operators to peg file 2022-09-15 12:59:05 +12:00
Guy Sartorelli c4eadcd074
Merge branch '4.11' into 4 2022-09-09 16:47:49 +12:00
Guy Sartorelli d3c28579b7
[CVE-2022-38462] Don't allow CRLF in header values 2022-09-07 11:22:07 +12:00
Guy Sartorelli 6d885ab894
FIX Normalise casing before casting fields 2022-08-25 17:36:06 +12:00
Viktor Szépe 94d1ac8d99
ENH Various changes via static analysis tooling 2022-08-24 12:14:32 +12:00
Steve Boyd 2b5420ee7d [CVE-2022-37430] Sanitise mixed case javascript 2022-08-23 15:36:48 +12:00
Guy Sartorelli a75317343e
Merge pull request #10439 from creative-commoners/pulls/4/better-button-keep-state 
ENH Update page number in the state on reaching the first or the last…
 2022-08-22 13:47:47 +12:00
Sabina Talipova c0b38fc411 ENH Update page number in the state on reaching the first or the last element in a list 2022-08-22 12:44:11 +12:00
Guy Sartorelli 10ef46a5ec
ENH Make DataObject::exists() an alias of DataObject::isInDB() (#10407) 2022-08-16 09:43:54 +12:00
Guy Sartorelli a7461a8ffa
API Deprecate PHPUnit 5.7 compatability hacks 2022-08-10 16:21:05 +12:00
Sergey Shevchenko 4994844729 refactor: variable naming in Requirements_Backend::resolveCSSReferences() 2022-08-05 21:27:36 +12:00
Sergey Shevchenko ebb1601d5d fix: misc suggested changes 
* disable resolve_relative_css_refs by default
* variable naming
* using proper path joiner
* test comment typo
 2022-08-05 15:35:26 +12:00
Sergey Shevchenko bc9a323418 fix: more tests, improved paths detection, readability 2022-08-05 15:35:26 +12:00
Sergey Shevchenko 9854e48cfc Update Requirements_Backend.php 2022-08-05 15:35:26 +12:00
Sergey Shevchenko a2906cd02c ENH Requirements_Backend::resolveCSSReferences(): Tests, config, doc, safety. 
* Changed to ignore absolute paths altogether
* Improve tests
* Added config flag
* Changed docs
 2022-08-05 15:35:26 +12:00
Sergey Shevchenko c5e68dd2c0 ENH: resolve relative references in CSS files when combining 2022-08-05 15:35:26 +12:00