tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
13,384 Commits 31 Branches 527 Tags
Commit Graph

337 Commits

Author SHA1 Message Date
Ingo Schommer
8b5c8eab72 Linking to older security issue in change log 
Mainly for consistency with the newer format
 2013-09-12 15:42:43 +02:00
Ingo Schommer
05757efceb FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005) 
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
 2013-09-12 15:42:43 +02:00
Ingo Schommer
6cff9671d4 FIX Privilege escalation through Group and Member CSV upload (SS-2013-004) 
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
 2013-09-12 15:42:43 +02:00
Ingo Schommer
720c149aee FIX Privilege escalation through Group hierarchy setting (SS-2013-003) 
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
 2013-09-12 15:42:42 +02:00
Ingo Schommer
a492d56f7c 3.1.0-rc2 changelog 2013-09-12 15:42:36 +02:00
Ingo Schommer
cfa88adf4b FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005) 
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
 2013-09-12 15:42:36 +02:00
Ingo Schommer
46556b609e FIX Privilege escalation through Group and Member CSV upload (SS-2013-004) 
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
 2013-09-12 15:42:35 +02:00
Ingo Schommer
68ca47b0dd FIX Privilege escalation through Group hierarchy setting (SS-2013-003) 
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
 2013-09-12 15:42:35 +02:00
Naomi Guyer
8b5f89f3b9 API: Treedropdownfield showsearch default true, provide better ui 
Set search option true on treedropdown fields by default, to provide a
fallback solution when trees fail to render (too many children errors)

Provide better indication/more meaningful styling to search (match
chosen styles for consistency)
 2013-08-29 16:21:04 +12:00
Ingo Schommer
a4c6ae3e90 Merge remote-tracking branch 'origin/3.1' 2013-08-22 13:56:33 +02:00
Ingo Schommer
a592c36adf Merge remote-tracking branch 'origin/3.0' into 3.1.0 
Conflicts:
	docs/en/changelogs/index.md
 2013-08-20 20:49:01 +02:00
Ingo Schommer
3690ae1658 Merge remote-tracking branch 'origin/3.0' into 3.1 
Conflicts:
	docs/en/changelogs/index.md
 2013-08-16 17:12:12 +02:00
Ingo Schommer
64d7438681 Merge remote-tracking branch 'origin/3.1' 2013-08-09 12:12:10 +02:00
Sam Minnee
3510b60ab8 Added 3.1.0-rc1 changelog 2013-08-09 14:25:58 +12:00
Ingo Schommer
7a117fe713 Added 3.0.6-rc1 changelog 2013-08-07 20:55:10 +02:00
Ingo Schommer
a213afd888 Added 3.0 changelog 2013-08-07 20:16:59 +02:00
Ingo Schommer
2a35f2f928 Merge remote-tracking branch 'origin/3.1' 2013-08-07 17:34:11 +02:00
Ingo Schommer
afe06661ef Merge remote-tracking branch 'origin/3.0' into 3.1 
Conflicts:
	admin/templates/Includes/LeftAndMain_Menu.ss
	admin/templates/Includes/ModelAdmin_ImportSpec.ss
	admin/templates/Includes/ModelAdmin_Tools.ss
	admin/templates/LeftAndMain.ss
	admin/templates/ModelSidebar.ss
	i18n/i18n.php
	templates/ComplexTableField.ss
	templates/ComplexTableField_popup.ss
	templates/FileIFrameField_iframe.ss
	templates/Includes/GridFieldItemEditView.ss
	templates/Includes/TableListField_PageControls.ss
	templates/RelationComplexTableField.ss
	templates/TableField.ss
	templates/TableListField.ss
 2013-08-07 17:14:47 +02:00
Ingo Schommer
00ffe72944 Translations: Switch to Transifex format 
- Based on new (last) translation download from getlocalization.com
- Removed untranslated strings. Getlocalization started including those at some point
which is highly annoying, unnecessary and breaks the new transfix system,
since it'll mark all of the english strings as actual translations
- Avoid dots in entities. It confuses the Transifex YML parser
- Removed some locales unknown to Transifex which didn't have any translations anyway
- Removed "lolcat" locale, uses custom notation (en@lolcal)
  which SilverStripe's i18n system can't handle
  (needs mapping from SS naming to Zend naming)
- Renamed "Te Reo/Maori" locale from "mi_NZ" to "mi" (Transifex/CLDR notation)
- Namespaced all entities used in templates (deprecated usage)
- Converted dots to underscores where template filenames are used for namespaces,
since Transifex YML parsing handles them as separate YML keys otherwise
- Removed whitespace in entity names, SilverStripe i18n can't handle it
- Only allow selection of locales registered through i18n::$all_locales to avoid
  issues with unknown locales in Zend's CLDR database
 2013-08-07 00:25:16 +02:00
Ingo Schommer
542728cd94 Merge remote-tracking branch 'origin/3.1' 2013-08-03 19:47:32 +02:00
Ingo Schommer
0e7231ff60 API Disable discontinued Google Spellcheck in TinyMCE 
Replaced by browser-based spellchecking if available (Chrome, Firefox),
with instructions on how to use PSpell as an alternative.
 2013-08-03 16:16:45 +02:00
Ingo Schommer
97e6108fa9 Changelog note on form method limitations 
See 14c59be85e9ec53cb2f0b3e9d0d8ce7569d913c6.
Raised by Fara Rustein of Deloitte Argentina (CVE-2013-2653).
 2013-08-01 15:48:51 +02:00
Hamish Friedlander
0a79ac3592 Merge branch 'origin/3.1' 
Conflicts:
	templates/forms/CheckboxSetField.ss
	templates/forms/FormField_holder.ss
	templates/forms/OptionsetField.ss
 2013-07-19 16:25:38 +12:00
Hamish Friedlander
d38bd7d5cb Merge branch 'origin/3.0' into 3.1 2013-07-19 14:18:49 +12:00
Hamish Friedlander
1298d4a5bd FIX Prevent DOS by checking for env and admin on ?flush=1 (#1692) 2013-07-19 12:24:32 +12:00
Simon Welsh
fbce9fd7cd Merge branch '3.1' 
Conflicts:
	.travis.yml
	docs/en/misc/contributing/code.md
	javascript/HtmlEditorField.js
 2013-07-05 10:22:58 +12:00
Hamish Friedlander
dacb2aa638 FIX HtmlEditorField not re-checking sanitisation server side 2013-07-04 08:53:23 +12:00
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction() 
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
 2013-06-24 14:50:40 +02:00
Ingo Schommer
94b4237372 Merge remote-tracking branch 'origin/3.1' 2013-06-19 11:17:33 +02:00
Sean Harvey
726e4c313e Merge pull request #2084 from chillu/pulls/cmsform 
Handle ValidationException on CMS forms
 2013-06-18 14:41:51 -07:00
vikas srivastava
2f16d93d48 Update 3.1.0.md 
I was trying 
Member:
  extensions:
    MyMemberExtension

And it didn't work then someone on IRC pointed that I need to put a '-' before values. So this works.
Member:
  extensions:
    - MyMemberExtension
Hope will help someone else.
 2013-06-17 14:21:46 +05:30
CheeseSucker
091e34e2e8 [MINOR] Typo 2013-06-15 02:49:52 +03:00
Ingo Schommer
9d4b8f61ca Note about IE10 support 2013-06-13 10:27:19 +02:00
Ingo Schommer
bfff11eb9c API New CMSForm class to allow validation responses in CMS (fixes #1777) 
Thanks to @willmorgan for getting this discussion started
(see https://github.com/silverstripe/sapphire/pull/1814).
 2013-06-13 07:51:05 +02:00
Ingo Schommer
5a1d476e8d Merge branch 'idvalidattr' of git://github.com/wilr/sapphire into wilr-idvalidattr 2013-05-31 19:27:19 +02:00
Ingo Schommer
88536998b9 Merge remote-tracking branch 'origin/3.1' 
Conflicts:
	.travis.yml
 2013-05-31 18:08:59 +02:00
Damian Mooyman
163917b83e Fixed scrutiniser issues 2013-05-27 15:42:10 +12:00
Damian Mooyman
7f057ce343 API UploadField functions on new records 
Fixed regression from 1e5d40474d43ddb0ade22bbf7db5ec494b979fea (UploadField::canPreviewFolder).
Merged in pull request #2009 - (6018bdd631ec98345bba5cd26ef5a29f6f412678).
Merged pull request #1259 (34bfc862eee061ce30998a085aac6170022c3a7e).
 2013-05-27 15:22:59 +12:00
Will Rossiter
ca87b8b794 API: Form Field ID attribute should follow HTML specification 
Fixes: http://open.silverstripe.org/ticket/4431.

Changes Form and Form Field classes to make use of Convert::raw2htmlid() which follows http://www.w3.org/TR/REC-html40/types.html#type-cdata.

Introduces a FormTemplateHelper class to assist in these sort of updates in the future.
 2013-05-26 11:11:55 +12:00
Simon Welsh
e90012787d Merge branch 'hackfest_may_2013' of https://github.com/NightJar/sapphire into 3.1 
Conflicts:
	docs/en/changelogs/3.1.0.md
 2013-05-25 20:07:54 +12:00
Nightjar
5ec8158977 Check that Webserver is not Apache/1.x in light of installer assets/.htaccess alterations 2013-05-25 20:03:36 +12:00
Stephen Shkardoon
5e5b892043 Note for magic quotes change 2013-05-25 20:02:51 +12:00
Sam Minnee
d97ca43cd0 Merge branch '3.1' 
Conflicts:
	README.md
	dev/install/install.php5
	forms/ConfirmedPasswordField.php
	tests/forms/FormTest.php
 2013-05-23 19:01:58 +12:00
Damian Mooyman
6e0e3564e1 NEW Added beforeExtending, afterExtending, and beforeUpdateCMSFields to allow user code better control over interaction with extending methods 2013-05-16 10:34:45 +12:00
Ingo Schommer
3b02d22989 Merge remote-tracking branch 'origin/3.0' into 3.1 
Conflicts:
	dev/CsvBulkLoader.php
 2013-05-09 10:34:20 +02:00
Will Morgan
a5b04ba334 Updating docs for Security template changes 
See https://github.com/silverstripe/sapphire/pull/1807
 2013-05-08 11:52:36 +01:00
Ingo Schommer
6c2e791a48 Merge remote-tracking branch 'origin/3.1' 2013-04-29 08:59:06 +02:00
Sam Minnee
eb583c5f14 NEW: Added DataObject::getQueriedDatabaseFields() as faster alternative to toMap() 
API: CompositeDBField::setValue() may be passed an object as its second argument, in addition to array.

These changes provide a 15% - 20% performance improvement, and as such justify an small API change in the 3.0 branch. It will likely affect anyone who has created their own composite fields, which is fortunately not all that common.
 2013-04-21 13:39:11 +12:00
Ingo Schommer
6e3a150424 3.1.0-beta3 changelog 2013-04-18 19:28:13 +02:00
Ingo Schommer
d877c1063d Updated changelog, moved "statics in Page.php" to top 
Its going to be a fatal error on every upgrade unless tended to,
so we need to ensure people don't overlook it in the guide.
 2013-04-18 18:28:09 +02:00