Commit Graph

21964 Commits

Author SHA1 Message Date
Serge Latyntsev
91f091f418
Merge pull request #9410 from blueo/patch-1
Update CVE number to CVE-2019-19325
2020-02-19 10:15:52 +13:00
Bernard Hamlin
765810b013
Update CVE number to CVE-2019-19325 2020-02-19 09:58:12 +13:00
Robbie Averill
4aade0a39a
Merge pull request #9409 from tiller1010/patch-2
Update 02_FixtureFactories.md
2020-02-18 13:43:32 +13:00
Tyler Trout
b7391fd34f
Update 02_FixtureFactories.md
- Removed duplicate `use SilverStripe\Core\Injector\Injector;`
- Changed $myPageObj to $MyObjectObj
2020-02-17 16:49:52 -05:00
Maxime Rainville
affd43052a Merge branch '4.5' into 4 2020-02-17 18:11:23 +13:00
Maxime Rainville
5fd16cd7e1 Add 4.5.1 changelog 2020-02-17 17:47:23 +13:00
Maxime Rainville
d95e911f1d Update translations 2020-02-17 02:29:18 +00:00
Maxime Rainville
7ce2abf74d Merge remote-tracking branch 'origin/4.4' into 4.5 2020-02-17 14:43:38 +13:00
Maxime Rainville
a9598eec3f Added 4.4.5 changelog 2020-02-17 14:02:57 +13:00
Maxime Rainville
0a9866c087 Update translations 2020-02-17 14:01:02 +13:00
Maxime Rainville
acd7d94167 Merge branch '4.4' into 4.5 2020-02-17 13:07:26 +13:00
Maxime Rainville
49fda52b12
Merge pull request #94 from silverstripe-security/fix/cve-2019-19325
CVE-2019-1935
2020-02-17 12:54:40 +13:00
Steve Boyd
08cc057049
Merge pull request #9404 from creative-commoners/pulls/4/minor-lockstep-release-docs
DOCS Add note to update minimum core requirements in minor releases
2020-02-17 10:11:34 +13:00
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
Guy Marriott
c31de772ab
Merge pull request #8838 from creative-commoners/pulls/4/slash-means-root
Use '/' as an alternative designation for root in routing
2020-02-14 11:29:32 -08:00
Garion Herman
29943f9049
API TestSession request methods now use the correct HTTP method (#8987)
* API TestSession request methods now use the correct HTTP method

* DOCS Update requests section in Functional Testing to reflect API change
2020-02-14 16:01:06 +13:00
Ingo Schommer
bf5a46901c
DOCS Web worker concurrency caveats (#9223) 2020-02-14 15:23:20 +13:00
Garion Herman
be71f34cac DOCS Add documentation covering Root URL Handler behaviour 2020-02-14 14:41:10 +13:00
Garion Herman
9d1d59d8d1 NEW Accept / as designation for root URL controller 2020-02-14 14:41:10 +13:00
Steve Boyd
8c7e10bd55 Merge branch '4.5' into 4 2020-02-11 16:45:35 +13:00
Steve Boyd
9d5c3ef20e Merge branch '4.4' into 4.5 2020-02-11 16:45:15 +13:00
Steve Boyd
8dcaed25f4
Merge pull request #9386 from silverstripe-terraformers/feature/orm-column
ORM bugfix and enhancement
2020-02-11 15:56:03 +13:00
Garion Herman
a2beabd430 DOCS Add note to update minimum core requirements in minor releases 2020-02-11 14:19:03 +13:00
Mojmir Fendek
285e6caafa PR fixes 2020-02-11 10:43:01 +13:00
Mojmir Fendek
448147c2f1 PR fixes 2020-02-10 09:17:34 +13:00
Mojmir Fendek
660f80d284 PR fixes 2020-02-07 13:49:19 +13:00
Guy Marriott
73990ac189
Merge pull request #9399 from creative-commoners/broken-link
DOCS fix a broken link
2020-02-06 16:07:40 -08:00
brynwhyman
b60def66dd DOCS fix a broken link 2020-02-07 12:49:17 +13:00
Robbie Averill
fe496a29ec
Merge pull request #9397 from mikenuguid/bugfix/update-orm-scaffoldformfield
FIX Update ORM DBField types to use Injector in scaffoldFormField()
2020-02-04 22:38:34 +13:00
mnuguid
ca36a47bb1 FIX Update ORM DBField types to use Injector in scaffoldFormField()
- This is usable in cases where a DBField is needed to be overloaded through the Injector.
2020-02-04 21:43:47 +13:00
Dylan Wagstaff
3a99a57d41
Merge pull request #9385 from mooror/patch-1
Updated the "Template Syntax" Documentation
2020-02-04 11:03:22 +13:00
Bryn Whyman
27517c55e7
Merge pull request #9396 from muskie9/patch-11
DOCS correct changelog link in README
2020-02-03 15:48:52 +13:00
Steve Boyd
566b81f326
Merge pull request #9392 from creative-commoners/pulls/4/document-tweak-releases
DOC Add documentation for tweak releases
2020-02-03 15:33:36 +13:00
Garion Herman
4ce63e4460 DOC Tweak wording on detach-tagged-base explanation [ci skip] 2020-02-03 15:20:47 +13:00
Nic
dd537f0cc9
DOCS correct changelog link in README 2020-02-02 20:20:38 -06:00
Garion Herman
efb1ebdd1a DOC Add documentation for tweak releases 2020-02-03 14:53:40 +13:00
Robbie Averill
c6f5e7e2fa
Merge pull request #9393 from open-sausages/pulls/4/docs-damian-core-committer
DOCS Removed Damian as core committer :(
2020-01-31 12:32:12 +13:00
Ingo Schommer
daf32f2327 DOCS Removed Damian as core committer :( 2020-01-31 12:20:01 +13:00
Mojmir Fendek
99786dda22 ORM Column now supports related table lookup 2020-01-28 15:46:30 +13:00
Benjamin Blake
7c32a848aa
Updated the "Template Syntax" Documentation
Added a notice to the "Variables" section of the "Template Syntax" documentation to warn developers about common template variable gotchas
2020-01-27 15:18:40 -07:00
Mojmir Fendek
9c38c5f625 CMS action related extension points (#9340)
* CMS action related extension points

* Refactor to use fewer extension points

* Remove explicit return type

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
2020-01-27 15:09:15 +13:00
Robbie Averill
a80fd433e2
Merge pull request #9384 from kenlog/patch-3
Docs: Fix link to Middleware not found
2020-01-25 11:02:30 -08:00
Valentino Pesce
24c28e4457
Docs: Fix link to Middleware not found
Fix link to Middleware not found in page Rate Limiting
2020-01-25 19:21:15 +01:00
Robbie Averill
a98a2d9c7f
Merge pull request #9379 from tiller1010/patch-1
Update to link
2020-01-24 12:41:44 -08:00
Loz Calver
87ad14dad3
Merge pull request #9371 from Greg808/patch-1
added addExtraClass
2020-01-24 09:20:16 +00:00
Andre Kiste
c7cec6e48b
Merge pull request #9320 from open-sausages/pulls/4/disabled-link-to-existing-gridfield-button
BUG The "Link existing" should be disabled rather than readonly
2020-01-24 15:59:34 +13:00
Maxime Rainville
6ff0f3f466 BUG The "Link existing" should be disabled rather than readonly. 2020-01-24 14:47:12 +13:00
Robbie Averill
1fac44ab7a
Merge pull request #9378 from kenlog/patch-2
Docs: Fix route that doesn't exist
2020-01-21 12:53:10 -08:00
Tyler Trout
4a1c91f91d
Update to link
Clicking "ReactJS in SilverStripe" on https://docs.silverstripe.org/en/4/developer_guides/customising_the_admin_interface/cms_layout/ directs to 404.
2020-01-20 09:47:43 -05:00
Valentino Pesce
0c5fda2003
Docs: Fix route that doesn't exist 2020-01-19 19:03:35 +01:00