Commit Graph

1053 Commits

Author SHA1 Message Date
Guy Sartorelli
01808a8316
FIX Don't assume searchableFields() exists in gridfield filter 2023-05-09 10:00:07 +12:00
Guy Sartorelli
908b6f2006
Merge branch '4.12' into 4.13 2023-04-26 11:44:54 +12:00
Sabina Talipova
c2733a3108
Merge pull request #10760 from creative-commoners/pulls/4.12/absoluteurl-parsing
Escaped double slash is absolute URL
2023-04-26 11:30:41 +12:00
Guy Sartorelli
1a5bb4cbec
[CVE-2023-22729] Escaped double slash is absolute URL 2023-04-26 09:49:59 +12:00
Guy Sartorelli
fd5d8217e8
[CVE-2023-22728] Check canView before printing from GridField 2023-04-26 09:45:34 +12:00
Steve Boyd
0f40cc38ec FIX Respect searchable_fields 2023-03-23 10:57:03 +13:00
Steve Boyd
41bb35f3f3 FIX Reduce array method calls 2023-03-22 11:06:23 +13:00
Guy Sartorelli
046befc4ba
ENH Improve deprecation logging 2023-03-06 13:25:44 +13:00
Guy Sartorelli
128b327c6d
API Add method to check if env var is set 2023-03-06 11:49:22 +13:00
Guy Sartorelli
652281507f
FIX Correctly identify deprecated API in withNoReplacement (#10706) 2023-02-27 15:25:27 +13:00
Guy Sartorelli
ab566b0a15
API Add new deprecation notices. (#10691)
These are removed in CMS 5.
2023-02-15 13:26:36 +13:00
Guy Sartorelli
3a14aafc7f
API Deprecate Diff in favour of CMS5's HtmlDiff 2023-02-08 11:15:28 +13:00
Steve Boyd
b973c88648 API Deprecate HTML4Value 2023-01-16 15:28:23 +13:00
Guy Sartorelli
0d662ba95f
Merge branch '4.12' into 4 2022-12-19 01:38:09 +00:00
Sabina Talipova
4e1b99b8c7
Merge pull request #10588 from creative-commoners/pulls/4/stop-using-depr
API Stop using deprecated API
2022-12-05 16:35:09 +13:00
Guy Sartorelli
8bb712a461
Merge branch '4.11' into 4.12-release 2022-11-30 10:54:02 +13:00
Michal Kleiner
b107622400
FIX Improve rounding logic for storing of long decimal numbers (#10593)
Co-authored-by: Michal Kleiner <michal.kleiner@cub3.com>
2022-11-29 15:07:56 +13:00
Steve Boyd
b5533e4680 API Stop using deprecated API 2022-11-28 19:16:31 +13:00
Michal Kleiner
da06a2d0cf
Merge pull request #10577 from creative-commoners/pulls/4/textcollector-class-notation 2022-11-25 10:27:59 +13:00
Steve Boyd
20582936d8 Merge branch '4.12' into 4 2022-11-23 16:42:25 +13:00
Steve Boyd
cb76f312a4 Merge branch '4.11' into 4.12-release 2022-11-21 13:44:23 +13:00
Steve Boyd
dc98cad48a Merge branch '4.10' into 4.11 2022-11-21 13:43:59 +13:00
Steve Boyd
fe13856769 [CVE-2022-37429] Sanitise XSS 2022-11-21 13:06:40 +13:00
Guy Sartorelli
17f1c7ceed
Merge pull request #10585 from creative-commoners/pulls/4.11/cve-2022-37430
Sanitise mixed case javascript
2022-11-21 13:03:30 +13:00
Guy Sartorelli
e5b81109de
Merge pull request #10584 from creative-commoners/pulls/4.11/cve-2022-38462
Don't allow CRLF in header values
2022-11-21 13:02:25 +13:00
Steve Boyd
4308a93cc8 [CVE-2022-38148] Validate SortColumn exists 2022-11-21 13:01:32 +13:00
Guy Sartorelli
b17b29eea1
Merge pull request #10583 from creative-commoners/pulls/4.11/cve-2022-38724-embed-shortcode
Restrict embed shortcode attributes
2022-11-21 13:01:23 +13:00
Sabina Talipova
ad116c63e6
Merge pull request #10565 from creative-commoners/pulls/4/stop-depr
API Stop using deprecated API
2022-11-16 14:26:18 +13:00
Steve Boyd
137ebcebec API Stop using deprecated API 2022-11-15 18:20:54 +13:00
Daniel Hensby
c49abf0fcc
Merge remote-tracking branch 'upstream/4.11' into 4.12 2022-11-11 13:25:54 +00:00
Guy Sartorelli
521c8179b1
ENH Correctly parse SomeClass::class syntax in textcollection 2022-11-11 11:37:53 +13:00
Steve Boyd
49e637d244 MNT Explicitly test with blowfish 2022-11-10 11:36:56 +13:00
Guy Sartorelli
ed63beeeee
Merge branch '4.11' into 4 2022-11-09 10:53:09 +13:00
Steve Boyd
7cfd827776 MNT Use restore_error_handler() 2022-11-03 16:19:17 +13:00
Steve Boyd
128f78c1cf FIX Filter out E_USER_DEPRECATED unrelated to unit test 2022-11-02 11:40:34 +13:00
Steve Boyd
b1dc861aac NEW Record deprecated config 2022-10-31 19:00:59 +13:00
Steve Boyd
a3c1cb0ddf
ENH Set PasswordEncryption on default admin 2022-10-27 13:57:27 +13:00
Guy Sartorelli
168ca00555
[CVE-2022-38724] Restrict embed shortcode attributes 2022-10-26 09:31:12 +13:00
Steve Boyd
59b980edd7 Merge branch '4.11' into 4 2022-10-21 11:46:39 +13:00
Steve Boyd
bd2eb15c72 FIX Ensure Deprecation works with 1.x branches 2022-10-20 13:14:58 +13:00
Steve Boyd
e3a6cad8a8 FIX Allow passing objects to InjectionCreator::create()
Co-authored-by: Nate Devereux <nate@daveclark.co.nz>
2022-10-19 18:04:48 +13:00
Christian Bünte
e24fb3f86c
Fix i18nTextCollector produces corrupt output / namespaces when running under PHP8.0 (#10228)
* FIX i18nTextCollector produces corrupt output / namespaces when running under PHP8.0
2022-09-29 13:40:40 +13:00
Guy Sartorelli
421864d111
Merge branch '4.11' into 4 2022-09-29 09:41:06 +13:00
Guy Sartorelli
4a598ded51
FIX Allow removing named extensions in yaml config 2022-09-27 13:15:28 +13:00
Guy Sartorelli
d3c28579b7
[CVE-2022-38462] Don't allow CRLF in header values 2022-09-07 11:22:07 +12:00
Steve Boyd
2b5420ee7d [CVE-2022-37430] Sanitise mixed case javascript 2022-08-23 15:36:48 +12:00
Sergey Shevchenko
ebb1601d5d fix: misc suggested changes
* disable resolve_relative_css_refs by default
* variable naming
* using proper path joiner
* test comment typo
2022-08-05 15:35:26 +12:00
Sergey Shevchenko
bc9a323418 fix: more tests, improved paths detection, readability 2022-08-05 15:35:26 +12:00
Sergey Shevchenko
a2906cd02c ENH Requirements_Backend::resolveCSSReferences(): Tests, config, doc, safety.
* Changed to ignore absolute paths altogether
* Improve tests
* Added config flag
* Changed docs
2022-08-05 15:35:26 +12:00
Sergey Shevchenko
8370ffc2a0 ENH Test for Requirements_Backend::resolveCSSReferences() 2022-08-05 15:35:26 +12:00