Commit Graph

4142 Commits

Author SHA1 Message Date
Steve Boyd
00a60432f6 Backport fix to GroupedDropdownFieldTest 2020-08-19 11:21:46 +12:00
Steve Boyd
52d38a8b4a
Merge pull request #9615 from creative-commoners/pulls/4.6/embed-iframe-dimensions
FIX Set iframe dimension attributes specified in shortcode
2020-07-28 11:04:24 +12:00
Steve Boyd
f0936d4c1e FIX Set iframe dimension attributes specified in shortcode 2020-07-27 18:04:03 +12:00
Martin Heise
404f450ac3 BUG Readonly version of GroupedDropdownField
GroupedDropdownField was showing empty values in Readonly mode due to not correctly handling the hierarchical source array.
Uses flattened source now in GroupedDropdownField->performReadonlyTransformation()
2020-07-21 09:23:30 +02:00
Garion Herman
fbe0f5a981 Merge branch '4.5' into 4.6 2020-07-13 12:27:02 +12:00
Maxime Rainville
8518987cbd [CVE-2019-19326] Stop honouring X-HTTP-Method-Override header, X-Original-Url header and _method POST variable. Add SS_HTTPRequest::setHttpMethod() 2020-07-10 17:56:15 +12:00
Maxime Rainville
71db45b18b [CVE-2019-19326] Stop honouring X-HTTP-Method-Override header, X-Original-Url header and _method POST variable. Add SS_HTTPRequest::setHttpMethod() 2020-07-10 14:57:26 +12:00
Maxime Rainville
b780c4f504 BUG Tweak DBHTMLText::Plain to avoid treating some chinese characters as line breaks. 2020-07-09 13:33:43 +12:00
Maxime Rainville
acccdd8a1c Merge branch '4.5' into 4 2020-05-26 14:31:06 +12:00
Maxime Rainville
42bb28965c Merge branch '4.4' into 4.5 2020-05-26 14:30:27 +12:00
Maxime Rainville
395893b559 Merge branch '4.3' into 4.4 2020-05-26 14:30:02 +12:00
Maxime Rainville
86fcb9e29c Merge branch '4.2' into 4.3 2020-05-26 14:29:16 +12:00
Daniel Hensby
080ce157ce
Fix various typos in comments 2020-05-16 10:34:53 +01:00
Michal Kleiner
21129b1624
Use short array syntax across the framework's codebase 2020-05-16 10:34:45 +01:00
Steve Boyd
b1b61f866e FIX Set nonce style on unit tests 2020-05-13 16:07:31 +12:00
Brett Tasker
1d19051c10 Add sha1 and md5 hashing options in resource URL 2020-05-12 18:14:03 +12:00
Mojmir Fendek
7dc6b36c16
Unique key for DataObject (#9400)
NEW Unique key for DataObject
2020-05-04 09:10:51 +12:00
Dan Hensby
33b0b6985a
Update file paths for autoloading compatibility 2020-04-25 10:28:28 +01:00
Daniel Hensby
237b2d5f74
Convert array delcarations to short array syntax 2020-04-20 18:58:09 +01:00
Garion Herman
f94078d963
Merge pull request #9408 from chrometoasters/pulls/classes-with-extension
Add ClassInfo method to get all classes with a given extension applied
2020-04-20 20:11:01 +12:00
Serge Latyntcev
cb36aab80c Merge branch '4.5' into 4 2020-04-15 14:49:19 +12:00
mattclegg
e968f5cb86
DOCS: Remove outdated TODO 2020-04-14 15:00:08 +05:45
Ingo Schommer
2c5deceeb4 FIX Filter out all FULLTEXT BOOLEAN chars
The query might still work depending on where these chars are placed,
but it seems weird to only remove *some* of the valid chars here.
See https://dev.mysql.com/doc/refman/5.6/en/fulltext-boolean.html

Note that the query runs both the actual boolean query with chars,
and then a separate relevance search without them.
2020-04-09 10:32:45 +12:00
Ingo Schommer
c6b698cb02 NEW Allow InnoDB for FULLTEXT indexes
MyISAM used to be the only one to support it, now InnoDB has caught up.
Unless an engine is set specifically in create_table_options,
this will auto-convert existing MyISAM tables to InnoDb.

Fixes #9242
2020-04-09 10:32:45 +12:00
Dan Hensby
5bf2ac83ee
Merge branch '4.5' into 4 2020-04-01 19:23:47 +01:00
Daniel Hensby
1fb574a5bd
NEW: Variadic URL parameter matches for url_handlers (#9438)
* Add wildcard URL parameter matches for url_handlers

* Extra tests for wildcard parameters

* Add a PHP warning if more params appear after wildcard param
2020-03-25 09:16:13 +13:00
Michal Kleiner
30c3b127c1 NEW Add ClassInfo method to get all classes with a given extension applied 2020-03-24 10:48:35 +13:00
Aaron Carlino
37e8720fe5 Linting 2020-03-17 16:21:46 +13:00
Aaron Carlino
7ad5f1bb14 BUGFIX: Ensure diff arrays are one-dimensional 2020-03-17 15:57:28 +13:00
Steve Boyd
667495eaf9 Merge branch '4.5' into 4 2020-03-06 10:53:28 +13:00
Steve Boyd
687435a2f1 Merge branch '4.4' into 4.5 2020-03-06 10:52:22 +13:00
UndefinedOffset
bba0f2f72f
BUGFIX: Fixed issue where TimeField_Readonly would only show "(not set)" instead of the value 2020-02-24 09:59:00 -04:00
Maxime Rainville
affd43052a Merge branch '4.5' into 4 2020-02-17 18:11:23 +13:00
Maxime Rainville
acd7d94167 Merge branch '4.4' into 4.5 2020-02-17 13:07:26 +13:00
Maxime Rainville
49fda52b12
Merge pull request #94 from silverstripe-security/fix/cve-2019-19325
CVE-2019-1935
2020-02-17 12:54:40 +13:00
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
Guy Marriott
c31de772ab
Merge pull request #8838 from creative-commoners/pulls/4/slash-means-root
Use '/' as an alternative designation for root in routing
2020-02-14 11:29:32 -08:00
Garion Herman
9d1d59d8d1 NEW Accept / as designation for root URL controller 2020-02-14 14:41:10 +13:00
Steve Boyd
9d5c3ef20e Merge branch '4.4' into 4.5 2020-02-11 16:45:15 +13:00
Mojmir Fendek
99786dda22 ORM Column now supports related table lookup 2020-01-28 15:46:30 +13:00
Andre Kiste
6650d81324 BUG Fix extra blank Group being created when creating a new Group (#9325)
* Fix extra blank Group being created when creating a new Group

* Update tests to reflect expected behavior

* Improved tests
2019-11-27 09:32:33 +13:00
Serge Latyntcev
91e4aa90f1 Merge branch '4.4' into 4.5 2019-11-20 11:09:23 +13:00
Serge Latyntcev
8219491705 Merge branch '4.3' into 4.4 2019-11-20 11:08:35 +13:00
Garion Herman
ea2a2b4786 FIX Adjust HTMLEditorField tests to support alt attr changes in assets
The default behaviour of the alt attribute has changed from using the
filename to applying an empty value.
2019-11-14 12:04:37 +13:00
Mojmir Fendek
e2bea6b41f API Add withConfig method (#9011)
* With config functionality added.
* Update docs/en/02_Developer_Guides/04_Configuration/00_Configuration.md
2019-10-31 16:12:04 +13:00
Damian Mooyman
e76601e5c8
BUG FormAction title property cannot be set if useButtonTag is false 2019-10-29 17:21:45 +13:00
Garion Herman
17f4cc6e30
Merge pull request #9281 from creative-commoners/pulls/4/textfield-tip-ui
NEW: Add support for Tip UI in TextField
2019-10-23 16:50:43 +13:00
Garion Herman
bed3f2b3c6 NEW Add type declarations to Tip API, add TippableFieldInterface 2019-10-23 10:46:22 +13:00
Garion Herman
195417b061 NEW Extract Tip from TextField, add test coverage 2019-10-22 17:04:58 +13:00
Maxime Rainville
e59625fe5a
NEW Add ability to define image size preset for the TinyMCE editor. (#9276)
* NEW Add ability to define image size preset for the TinyMCE editor.
* DOC Explain how to define image size pre-sets
2019-10-22 11:50:28 +13:00