Damian Mooyman
dd4c5417e7
Merge pull request #49 from silverstripe-security/pulls/3.5/ss-2017-007
...
[ss-2017-007] Ensure xls formulae are safely sanitised on output (3.5)
2017-12-06 16:25:58 +13:00
Damian Mooyman
44de03da01
Merge pull request #53 from silverstripe-security/pulls/3.5/ss-2017-006
...
[ss-2017-006] Fix user agent invalidation on session startup (3.5 branch)
2017-12-06 16:25:39 +13:00
Damian Mooyman
3e2bcaa0b4
Merge pull request #54 from silverstripe-security/pulls/3.5/ss-2017-009
...
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt (3.5 branch)
2017-12-06 16:25:19 +13:00
Damian Mooyman
975d462e0c
Merge pull request #7661 from dhensby/pulls/3.5/versioned-base-class
...
FIX Use baseDataClass for allVersions as with other methods
2017-12-06 14:13:14 +13:00
Damian Mooyman
77b46672e2
Merge branch '3.5' into pulls/3.5/versioned-base-class
2017-12-06 11:37:46 +13:00
Damian Mooyman
c5837c62e8
Merge pull request #7679 from dhensby/pulls/3.5/fix-critical-issues
...
Fixing scrutinizer issues
2017-12-06 11:30:57 +13:00
Daniel Hensby
8d1a5ed8b7
More code style fixes
2017-12-05 14:20:13 +00:00
Daniel Hensby
2aa1d8f2c4
remove create_function usage
2017-12-05 14:20:13 +00:00
Daniel Hensby
84d7afb347
FIX Use baseDataClass for allVersions as with other methods
2017-12-05 13:02:20 +00:00
Robbie Averill
2538f59ab7
Merge pull request #5211 from stevie-mayhew/pulls/reset-button
...
BUGFIX: don't try and switch out of context of the tab system
2017-12-05 19:59:49 +13:00
Damian Mooyman
db54112f3c
[ss-2017-006] Fix user agent invalidation on session startup
2017-12-01 14:24:11 +13:00
Damian Mooyman
25e276cf37
[ss-2017-006] Fix user agent invalidation on session startup
2017-12-01 10:55:00 +13:00
Damian Mooyman
22ccf3e2f9
[ss-2017-007] Ensure xls formulae are safely sanitised on output
...
CSVParser now strips leading tabs on cells
2017-12-01 10:19:48 +13:00
Damian Mooyman
395880fa94
[ss-2017-007] Ensure xls formulae are safely sanitised on output
...
CSVParser now strips leading tabs on cells
2017-12-01 10:18:29 +13:00
Damian Mooyman
6ba00e829a
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt
2017-11-30 15:53:50 +13:00
Damian Mooyman
f5f1abe0cf
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt
2017-11-30 15:50:36 +13:00
Robbie Averill
eecbe0c7c1
Merge pull request #7659 from JorisDebonnet/patch-1
...
Fix link to nginx.org wiki
2017-11-30 10:25:09 +13:00
JorisDebonnet
2717f01344
Fix link to nginx.org wiki
2017-11-29 21:31:56 +01:00
Loz Calver
b31b22ac8e
Merge pull request #7635 from dhensby/pulls/3.5/update-pwd-encryption-on-change
...
FIX Update meber passwordencryption to default on password change
2017-11-27 09:05:43 +00:00
Damian Mooyman
bac5f4c8aa
Merge branch '3.5' into pulls/3.5/update-pwd-encryption-on-change
2017-11-27 14:42:32 +13:00
Daniel Hensby
fd201bc71b
Merge branch '3.6' into 3
2017-11-25 16:18:46 +00:00
Daniel Hensby
badeb0cc8c
Merge branch '3.5' into 3.6
2017-11-25 16:17:36 +00:00
Daniel Hensby
f31caaa429
Merge pull request #7640 from kinglozzer/travis-firefox
...
Specify Firefox 31 for Travis Behat builds
2017-11-24 21:53:35 +00:00
Loz Calver
7b719d7b9d
Specify Firefox 31 for Travis Behat builds
2017-11-24 21:16:36 +00:00
Loz Calver
6ab9dba9c8
Merge pull request #7639 from dhensby/pulls/3.5/phpunit-warnings
...
Fix deprecated usage of getMock in unit tests
2017-11-24 15:16:26 +00:00
Daniel Hensby
09a003bc13
Fix deprecated usage of getMock in unit tests
2017-11-24 14:48:30 +00:00
Daniel Hensby
2ad3cc07d5
FIX Update meber passwordencryption to default on password change
2017-11-23 21:17:31 +00:00
Daniel Hensby
79bba8bfd1
Merge pull request #7632 from open-sausages/pulls/3.5/fix-director-cli-redirect
...
BUG Don't redirect in force_redirect() in CLI
2017-11-23 12:49:32 +00:00
Damian Mooyman
1053de7ec3
BUG Don't redirect in force_redirect() in CLI
...
Replaces #4025
2017-11-23 14:26:55 +13:00
Loz Calver
a7dfda2a85
Merge pull request #7628 from dhensby/pulls/3.5/travis-retry
...
Travis retry on imagick install
2017-11-22 17:04:01 +00:00
Loz Calver
7c98346c68
Merge pull request #7629 from dhensby/pulls/3.6/int-lowercase-fix
...
FIX Allow lowercase and uppercase delcaration of legacy Int class
2017-11-22 16:58:17 +00:00
Daniel Hensby
ef6d86f2c6
FIX Allow lowercase and uppercase delcaration of legacy Int class
2017-11-22 16:34:42 +00:00
Daniel Hensby
a63bb12d92
Travis retry on imagick install
2017-11-22 13:25:26 +00:00
Daniel Hensby
2e76936878
Merge pull request #7345 from schellmax/patch-2
...
TreeDropdownField: replace onadd by onmatch
2017-11-22 12:37:11 +00:00
Daniel Hensby
0f2049d4d4
[SS-2017-008] Fix SQL injection in search engine
2017-11-21 14:45:36 +00:00
Damian Mooyman
f670afd4b3
Merge pull request #7619 from IsaacInsoll/patch-1
...
Documentation: 02_Manifests fix Typo
2017-11-21 16:09:53 +13:00
IsaacInsoll
2825c67e92
Documentation: 02_Manifests fix Typo
2017-11-21 12:29:39 +10:00
Damian Mooyman
d047c921ed
Merge pull request #7617 from open-sausages/pulls/3.6/inject-datadifferencer
...
Make DataDifferencer injectable
2017-11-20 16:59:52 +13:00
Ingo Schommer
d39e9b0bb0
Make DataDifferencer injectable
...
Requested by Steve Boyd
2017-11-20 15:47:35 +13:00
Damian Mooyman
a73f75ccc5
Merge pull request #7613 from dhensby/pulls/3.5/phpunit-loosen-constraint
...
Loosen PHPUnit constraints
2017-11-20 13:58:20 +13:00
Daniel Hensby
36bb28a41d
Loosen PHPUnit constraints
2017-11-17 11:48:24 +00:00
Loz Calver
13b02feed7
Merge pull request #7602 from dhensby/pulls/3.5/fix-filter-any-inner-join
...
FIX ManyMany link table joined with LEFT JOIN
2017-11-16 13:48:07 +00:00
Daniel Hensby
c96ed89cbe
Merge pull request #7607 from patricknelson/issue-7606-svg-image-tags
...
FIX: Prevent crash when saving page with <img> that has an SVG source.
2017-11-16 12:12:49 +00:00
Daniel Hensby
ce3fd370fb
FIX ManyMany link table joined with LEFT JOIN
2017-11-16 12:11:16 +00:00
Daniel Hensby
29e57d8015
Merge pull request #7608 from bummzack/patch-1
...
Fix HTTP::get_mime_type with uppercase filenames.
2017-11-16 11:48:11 +00:00
Daniel Hensby
4f3deb13e0
TEST filterAny on many_many relations return correct items
2017-11-16 11:10:12 +00:00
Patrick Nelson
52f0eadd3b
FIX for #7606 : Ensure the object we're handling is actually an Image instance before calling methods specific to that class (e.g. in case of using SVG's in <img> tag which may be File instances).
2017-11-16 11:08:06 +00:00
Daniel Hensby
3d3096485b
TEST Uppercase file extensions return correct mime type
2017-11-16 11:01:25 +00:00
Roman Schmid
dda14e8959
Fix HTTP::get_mime_type with uppercase filenames.
...
The fallback of `HTTP::get_mime_type` (that uses a lookup instead of `finfo`) doesn't ensure the extension is converted to lowercase before the lookup. A file named `Image.JPG` will return `'application/unknown'`.
This change fixes this issue.
2017-11-16 10:56:34 +00:00
Damian Mooyman
abe0e96192
Merge pull request #7596 from andrewandante/pulls/sanitise_select_tag_3
...
sanitise select tag in DropdownField Docblock
2017-11-15 14:17:30 +13:00