Commit Graph

2373 Commits

Author SHA1 Message Date
Sabina Talipova
6fe377e69d
Merge pull request #11113 from creative-commoners/pulls/4.13/cve-2023-48714
[CVE-2023-48714] Don't show or add records the member isn't allowed to
2024-01-23 11:46:28 +13:00
Guy Sartorelli
873b721b6b
[CVE-2023-48714] Don't show or add records the member isn't allowed to
see
2024-01-23 11:11:36 +13:00
Guy Sartorelli
4b1b487041
[CVE-2023-49783] Allow permission checks in BulkLoader 2024-01-23 11:01:25 +13:00
Guy Sartorelli
7dc1a7a12b
FIX Correctly mark ConfirmedPasswordField children as required 2023-12-20 12:35:30 +13:00
Loz Calver
40b888eaf3 FIX: UnsavedRelationList::last() sometimes returned an ID instead of an item 2023-12-04 11:44:34 +00:00
Loz Calver
e28af9a5a7 FIX: UnsavedRelationList first/last to return null if list is empty (fixes #11083) 2023-12-04 11:32:08 +00:00
Guy Sartorelli
6d903848ab
FIX Don't replace config manifest for nested kernels (#11082) 2023-11-30 11:39:14 +13:00
Steve Boyd
4dbbf04ba5 FIX Add extraEmptyValues to TreedropdownField 2023-11-27 12:42:28 +13:00
Guy Sartorelli
7eab49f850
FIX Ensure environment is checked before enabling deprecations (#11055) 2023-11-22 09:30:08 +13:00
Guy Sartorelli
05f1d9ab86
FIX Make deprecation enabled check faster 2023-11-17 10:41:02 +13:00
Sabina Talipova
d883719c16 FIX ModelAdmin toast elements 2023-11-09 09:39:52 +13:00
Bernie Hamlin
e5eb98cc34 Use field editorconfig when sanitising content 2023-10-25 12:08:46 +13:00
Guy Sartorelli
7bb72eb7c5
FIX Ensure all fixed fields are added 2023-09-25 15:35:34 +13:00
Guy Sartorelli
58696e3ed5
FIX Set tableName on DBField before calling addToQuery (#10946) 2023-09-14 11:01:36 +12:00
Rastislav Brandobur
17733aa84a added missing returns (fluent setter) 2023-09-11 10:58:11 +02:00
Guy Sartorelli
7ea25bf9e1
FIX Call addToQuery on all DBFields (#10936) 2023-09-05 15:06:53 +12:00
Sabina Talipova
c5be3fc487
Merge pull request #10931 from tjbwsk/4.13
added missing maxLength validation
2023-08-31 08:45:10 +12:00
Rastislav Brandobur
d6c39e7d36 added missing maxLength validation 2023-08-28 10:51:43 +02:00
Niklas Forsdahl
88c70b3234 Fixed deprecation notices in php 8.2 by using the AllowDynamicProperties
annotation on classes that set dynamic properties
2023-08-25 11:07:48 +03:00
Guy Sartorelli
2e92b89b54
Merge pull request #10923 from kinglozzer/10821-mmtl-changetracking
FIX: Stop ManyManyThroughList join records incorrectly showing as changed (fixes #10821)
2023-08-24 09:05:38 +12:00
Loz Calver
1fd495449b FIX: Stop ManyManyThroughList join records incorrectly showing as changed (fixes #10821) 2023-08-23 16:43:56 +01:00
Guy Sartorelli
c7cd26299a
Fix ArrayList canFilterBy to work with ArrayData (#10915) 2023-08-15 11:31:20 +12:00
Thomas
d621d00eea
DBComposite::writeToManipulation() is never called 2023-08-11 09:56:37 +12:00
Sabina Talipova
597d97bf0a
Merge pull request #10907 from creative-commoners/pulls/4.13/new-fields-validator
NEW Add FieldsValidator to ensure fields get validated
2023-08-10 10:50:57 +12:00
Sabina Talipova
037168a4fe FIX Multi HTML entities in shortcodes 2023-08-08 13:08:19 +12:00
Guy Sartorelli
5a52484d88
NEW Add FieldsValidator to ensure fields get validated 2023-08-08 13:02:27 +12:00
Guy Sartorelli
9e5411e905
Merge pull request #10885 from creative-commoners/pulls/4.13/search-in-non-existing-fields
FIX Image in summaryfields breaks search
2023-08-03 15:11:49 +12:00
Sabina Talipova
d24095aba8 FIX Image in summaryfields breaks search 2023-08-03 14:48:55 +12:00
Guy Sartorelli
b90d606427
Merge pull request #10834 from lekoala/patch-36
SessionAuthenticationHandler doesn't cache member query
2023-08-03 11:54:50 +12:00
Steve Boyd
7b21b38ac4 [CVE-2023-32302] Require password field to be non-empty 2023-07-31 11:14:22 +12:00
Steve Boyd
a16b268ff7 MNT Tidy up double assignment 2023-07-20 18:19:14 +12:00
Steve Boyd
7daa3fdb08 FIX Short-array syntax for Enum 2023-07-20 16:06:01 +12:00
Dylan Wagstaff
8c3ba81052
FIX PHP 8.1 support in MySQLiConnector::query errors (#10570)
* FIX PHP 8.1 support in MySQLiConnector::query errors

The default error reporting mode in PHP 8.1 has changed from using
errors reported on the connection handle to throwing
mysqli_sql_exception. query() makes no allowance for this, and
functions up the call stack expect to catch
Silverstripe\ORM\Connect\DatabaseException instead - resulting in the
MySQLi exception going all the way up to halt the system.

We can use a try, catch, and finally to retain backwards compatibility,
no matter which setting (e.g. PHP version default) someone has enabled.

* Move MySQLConnector test skip call into setUp()

As review feedback; marking the test as skipped in a private function
obfuscated where the call was happening and made it harder to skimread
the tests. Moving this into a setUp function makes it obvious the check
is run before each test case, and skipped if necessary.
2023-07-07 15:56:31 +12:00
Thomas Portelange
9391e696bb
use Member::class 2023-06-23 09:35:34 +02:00
Thomas Portelange
2e73b5eeca
Use cached query
Fixes https://github.com/silverstripe/silverstripe-framework/issues/10833
2023-06-22 11:04:26 +02:00
Sabina Talipova
ad9df97626 FIX LastPage method returns true if TotalPages equals 0 2023-06-22 10:50:41 +12:00
josephlewisnz
b6a3e3a951
added an additional filter to remove empty array items (#10803)
* ENH Added filter to remove empty/null from Path::join parts

This is to ensure null values are removed and trim() deprecated warnings are not thrown
Fixes #10802

* FIX revert public signature

Co-authored-by: Steve Boyd <emteknetnz@gmail.com>

---------

Co-authored-by: Steve Boyd <emteknetnz@gmail.com>
2023-06-14 15:46:23 +12:00
Guy Sartorelli
6fd7694cbc
Merge pull request #10816 from creative-commoners/pulls/4.13/updatebool
FIX Show correct default value
2023-06-14 13:32:09 +12:00
Steve Boyd
35a8d79f62 FIX Show correct default value 2023-06-14 11:25:34 +12:00
Bram de Leeuw
33c62033fe
Fix translation key for DataObject.GENERALSEARCH (#10805)
* MNT Use gha-dispatch-ci

* Update DataObject.php

Fix typo in GENERALSEARCH localisation

* Update en.yml

remove unnecessary localisation line

* Update nl.yml

remove unnecessary localisation line

* Update eo.yml

remove unnecessary localisation line

* Update ci.yml
2023-06-09 13:44:00 +12:00
Guy Sartorelli
c4b8d9a246
FIX Add back missing SSL support for database connections (#10784) 2023-05-22 12:40:59 +12:00
Michal Kleiner
f815a9cf2a
FIX Provide correct replacement suggestion in deprecation message 2023-05-21 20:12:52 +12:00
Sabina Talipova
0ab36f6ae1 UPD Add support new TinyMC cs_CZ.js 2023-05-16 11:56:05 +12:00
Guy Sartorelli
234e229098
Merge pull request #9976 from kinglozzer/9975-default-form-action
FIX: Form::defaultAction() didn't work if actions were in CompositeFields (fixes #9975)
2023-05-09 21:45:24 +12:00
Guy Sartorelli
01808a8316
FIX Don't assume searchableFields() exists in gridfield filter 2023-05-09 10:00:07 +12:00
Guy Sartorelli
908b6f2006
Merge branch '4.12' into 4.13 2023-04-26 11:44:54 +12:00
Sabina Talipova
c2733a3108
Merge pull request #10760 from creative-commoners/pulls/4.12/absoluteurl-parsing
Escaped double slash is absolute URL
2023-04-26 11:30:41 +12:00
Guy Sartorelli
1a5bb4cbec
[CVE-2023-22729] Escaped double slash is absolute URL 2023-04-26 09:49:59 +12:00
Guy Sartorelli
fd5d8217e8
[CVE-2023-22728] Check canView before printing from GridField 2023-04-26 09:45:34 +12:00
Steve Boyd
3d03a93b8f Merge branch '4.12' into 4.13 2023-04-11 10:55:17 +12:00