Damian Mooyman
2e73dcb891
API Remove swf,html,htm,xhtml,xml as default allowed upload able file types
2014-04-29 11:09:30 +12:00
Damian Mooyman
997077ae83
API Security.remember_username to disable login form autocompletion
2014-04-11 09:05:25 +12:00
Ingo Schommer
1930add745
Note about SiteTree.ExtraMeta in security docs
2014-02-18 16:07:50 +13:00
sanjay
a0abeab6d5
Update secrity.md
...
The following line is repeated in the section "Don't allow access to .yml files "
See [Apache](/installation/webserver) and [Nginx](/installation/nginx) installation documentation for details
specific to your web server
2013-11-29 14:45:53 +05:30
Devlin
5ea314d012
FIX PasswordValidator->characterStrength() Documentation
2013-10-15 12:44:50 +02:00
Ingo Schommer
9872a52a8d
SecurityToken docs
2013-09-05 12:54:31 +02:00
Ingo Schommer
d4a1e6d294
BUG Prevent clickjacking in CMS and Security controllers ( fixes #2215 )
2013-07-14 22:44:09 +02:00
Ingo Schommer
b58e2dbe3a
Member.lock_out_delay_mins configurable, password security docs
2013-07-11 09:47:28 +02:00
Hamish Friedlander
7b7982969b
Add some docs about admin-side HTML sanitisation
2013-07-10 16:44:51 +12:00
Hamish Friedlander
dacb2aa638
FIX HtmlEditorField not re-checking sanitisation server side
2013-07-04 08:53:23 +12:00
Ingo Schommer
14c59be85e
API Form::setStrictFormMethodCheck() and strict argument to setFormMethod()
...
Thanks to @sminnee for getting this started
2013-05-08 10:25:13 +02:00
Ingo Schommer
3334eafcb1
API Marked statics private, use Config API instead ( #8317 )
...
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
99ca0471f7
Merge remote-tracking branch 'origin/2.4' into 3.0
...
Conflicts:
control/RequestHandler.php
core/control/ContentController.php
dev/CsvBulkLoader.php
docs/en/changelogs/index.md
docs/en/reference/execution-pipeline.md
docs/en/topics/commandline.md
docs/en/topics/controller.md
docs/en/topics/form-validation.md
docs/en/topics/forms.md
docs/en/topics/security.md
model/MySQLDatabase.php
security/Security.php
tests/control/ControllerTest.php
tests/control/RequestHandlingTest.php
2013-03-19 13:56:04 +01:00
Ingo Schommer
d51e0bc2ec
Improved docs on $allowed_actions
...
Added section to "Controllers" and "Form" topics,
added $allowed_actions definitions to all controller examples
2013-02-17 23:30:40 +01:00
Ingo Schommer
3e27d27f7a
Improved docs on $allowed_actions
...
Added section to "Controllers" and "Form" topics,
added $allowed_actions definitions to all controller examples
2013-02-17 23:16:25 +01:00
Hamish Friedlander
acfc0be471
Document that yaml files shouldnt be served directly
2013-01-29 14:11:52 +13:00
Ingo Schommer
868d3697fd
Fixed usage of DataList etc in docs ( fixes #7518 )
2012-06-27 16:09:31 +02:00
Ingo Schommer
3a11c690ed
MINOR Updated security documentation (phpdoc and markdown) around new DataList and SQLQuery APIs, additional automatic escaping on some stricter inputs like column names
2012-05-16 11:59:22 +02:00
Ingo Schommer
40d73127ae
MINOR Using late static binding instead of Object::create() calls
2012-04-04 17:10:31 +02:00
Philipp Krenn
a67c6ce936
ENHANCEMENT Added section on security ratings, moved security process description from 'contributing' to 'release process' section
2012-02-01 11:10:10 +01:00
Ingo Schommer
04a10a4265
MINOR Updated coding conventions to require the 'public' keyword for class methods and variables
2012-01-30 23:13:42 +01:00
Ingo Schommer
73cca09960
BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping
2011-09-15 14:43:34 +02:00
Ingo Schommer
c776a1cd67
BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping
2011-09-15 14:24:46 +02:00
Michael Andrewartha
f3ac57394d
Small text changes, added api links, cont. updating images for tutorials, fixed tutorials from member feedback
2011-03-21 11:53:06 +13:00
Michael Andrewartha
626980acb5
Small text changes, added api links, cont. updating images for tutorials, fixed tutorials from member feedback
2011-03-09 10:05:51 +13:00
Ingo Schommer
8bd01d62c4
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring )
2011-02-07 19:55:13 +13:00
Ingo Schommer
b1c36ce0a4
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring )
2011-02-07 19:48:44 +13:00