Simon Welsh
4ff8cff262
Minor PHP5.4 fixes
...
Explictly excludes E_STRICT from live error level and handle arrays in a backtrace
output, rather than trying to convert to string.
2012-10-16 23:37:30 +13:00
Ingo Schommer
46064f8f88
SECURITY More solid relative/site URL checks (related to "BackURL" redirection)
...
Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)
More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
2012-10-16 10:17:07 +02:00
stozze
8ec6312f3f
BUG Fix to prevent unintended results from getComponentsQuery(...)
...
Wrapped $filter inside parentheses to prevent unintended results if $filter contains "OR".
2012-09-14 18:25:29 +03:00
Adam Skrzypulec
766987105d
MINOR fixed array to string conversion to avoid PHP 5.4 warnings
2012-08-15 11:40:40 -05:00
Andrew O'Neil
9bf3ae9a19
SECURITY: Ensure javascript content type is sent in form responses. If content type is html, and the javascript contains script tags within the content, this content will be executed.
2012-05-03 17:08:08 +02:00
Sam Minnee
921bf9a439
ENHANCEMENT: Ensure that forceSSL and protocol detection respects the X-Forwarded-Protocol header.
2012-02-03 09:39:10 +13:00
Ingo Schommer
0085876495
BUGFIX Casting return values on text helper methods in StringField, Text, Varchar
2012-01-31 16:28:47 +01:00
Ingo Schommer
252e187015
SECURITY Escape links for SilverStripeNavigatorItem
2012-01-31 15:55:30 +01:00
Ingo Schommer
5fe7091dff
SECURITY Sanitize messages passed to generated JS calls in FormResponse::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages
2012-01-31 15:54:59 +01:00
Ingo Schommer
96bee47ab8
MINO Switching 'rewriteHashlinks' sanitization from Convert::raw2att() to strip_tags() to make the resulting PHP more portable when mode is set to 'php'
2011-10-18 10:54:30 +02:00
Ingo Schommer
16c32359c6
BUGFIX Escaping base URLs for anchor links rewritten by SSViewer::process() with the 'rewriteHashlinks' option enabled (which is a framework default, and necessary because of the use of a <base> tag). Also added escaping for base URLs rendered through the 'php' variation of 'rewriteHashlinks'
2011-10-18 10:18:29 +02:00
Ingo Schommer
6d6fdd24d9
ENHANCEMENT Added SSViewer::getOption() as a logical counterpart to SSViewer::setOption()
2011-10-17 18:00:30 +02:00
Sean Harvey
7805e3e6d9
BUGFIX i18n::include_by_locale() assumes a themes directory always exists and causes error if that's not the case. Some projects don't require any themes, like pure applications.
2011-09-28 15:27:51 +13:00
Ingo Schommer
83ad8d48a9
ENHANCEMENT Added File.ShowInSearch flag to mirror the existing SiteTree.ShowInSearch flag - e.g. useful to limit visibility of user-uploaded files. Enforced in MySQLDatabase->searchEngine().
2011-09-15 16:13:02 +02:00
Ingo Schommer
73cca09960
BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping
2011-09-15 14:43:34 +02:00
simonwelsh
0f91fb865b
Changes error reporting level to explicitly exclude E_DREPRECATED and E_STRICT, rather than xor.
2011-08-26 16:12:57 +12:00
simonwelsh
9ffa903d50
Adds missing semicolon for PHP5.4 support.
2011-08-26 16:11:06 +12:00
Ingo Schommer
1704e42d51
MINOR Return empty string from SQLQuery->sql() if SELECT is the default value, and no FROM is set (moved logic from DB-specific implementations)
2011-05-20 08:42:31 +12:00
Ingo Schommer
58b44287d3
MINOR Fixed en_US spelling ( fixes #6316 , thanks sonetseo)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115461 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:07 +13:00
Sean Harvey
47cae8f81f
BUGFIX Incorrect call to weekday function in Date class (thanks webbower!)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115443 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:07 +13:00
Sean Harvey
c336545cd7
BUGFIX Checking for existence of draft and live records in SilverStripeNavigatorItem_ArchiveLink->getHTML() (from r115130)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115442 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:07 +13:00
Sean Harvey
3e8cc481f0
BUGFIX #6291 Remove rollback action from CMSMain allowed_actions and rely on form action_rollback instead which is safer
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115440 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:06 +13:00
Sean Harvey
b81cae875a
BUGFIX Fixed edge case bug where SilverStripeNavigatorItem would fail if a page was not published, and the navigator archive link was generated
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115437 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:06 +13:00
Ingo Schommer
2962fb8d13
BUGFIX Checking for existence of FormAction in Form->httpSubmission() to avoid bypassing $allowed_actions definitions in controllers containing this form
...
BUGFIX Checking for $allowed_actions in Form class, through Form->httpSubmission() (from r115182)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115188 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:06 +13:00
Sean Harvey
521a76b880
BUGFIX #6219 Director::direct() validation fails for doubly nested file fields (thanks ajshort!) (from r114921)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114922 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:06 +13:00
Sean Harvey
f41b5179f6
ENHANCEMENT Allow setting secure session cookies when using SSL. Recent change r114567 made this impossible. (thanks simon_w!) (from r114900)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114901 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:06 +13:00
Ingo Schommer
c639916afb
BUGFIX Removed switch in MySQLDatabase->query() to directly echo queries with 'showqueries' parameter when request is called via ajax (from r114782)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114783 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:06 +13:00
Ingo Schommer
3d2552a453
MINOR Partially reverted r114744
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114745 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:05 +13:00
Ingo Schommer
7280a64d6b
MINOR Reduced VARCHAR length from 1024 to 40 bytes, which fits the sha1 hashes created by RandomGenerator. 1024 bytes caused problems with index lengths on MySQL (from r114743)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114744 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:05 +13:00
Ingo Schommer
f4cc316c8a
ENHANCEMENT 'bypassStaticCache' cookie set in Versioned is limited to httpOnly flag (no access by JS) to improve clientside security (from r114568)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114572 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:04 +13:00
Ingo Schommer
ac4c207846
ENHANCEMENT Session::start() forces PHPSESSID cookies to be httpOnly (no access by JS) to improve clientside security (from r114567)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114571 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:04 +13:00
Ingo Schommer
6fa8f8341c
BUGFIX Escaping $locale values in Translatable->augmentSQL() in addition to the i18n::validate_locale() input validation (from r114515)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114516 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:04 +13:00
Ingo Schommer
1670dab5e1
API CHANGE Using i18n::validate_locale() in various Translatable methods to ensure the locale exists (as defined through i18n::$allowed_locales) (from r114470)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114474 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Ingo Schommer
924f0feb5d
BUGFIX Check for valid locale in i18n::set_locale()/set_default_locale()/include_locale_file()/include_by_locale() (as defined in i18n::$allowed_locales). Implicitly sanitizes the data for usage in controllers. (from r114469)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114473 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Paul Meyrick
7864d8f250
FIX: Revert last commit
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114464 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Paul Meyrick
889f888c1a
FIX: Revert last commit
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114463 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Paul Meyrick
14d4a78d20
MINOR: Added exception handling if ClassName is null in search results
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114454 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Ingo Schommer
f79c6aeb83
BUGFIX Don't allow HTML formatting in RequestHandler->httpError() by sending "Content-Type: text/plain" response headers. (from r114444)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114445 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Ingo Schommer
30e3f08efb
MINOR Checking for class_exists() before SapphireTest::is_running_tests() to avoid including the whole testing framework, and triggering PHPUnit to run a performance-intensive directory traversal for coverage file blacklists (from r114332)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114334 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Ingo Schommer
5236e09026
BUGFIX Including template /lang folders in i18n::include_by_locale() (implementation started in r113919)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114208 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:02 +13:00
Ingo Schommer
43c85e3c9a
ENHANCEMENT Added SS_HTTPResponse->setStatusDescription() as equivalent to setStatusCode(). Added documentation.
...
BUGFIX Strip newlines and carriage returns from SS_HTTPResponse->getStatusDescription() (fixes #6222 , thanks mattclegg) (from r114082)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114083 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:02 +13:00
Ingo Schommer
b5e9b911d3
BUGFIX Removed double quoting of $where parameter in Translatable::get_existing_content_languages() ( fixes #6203 , thanks cloph) (from r114080)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114081 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:02 +13:00
Ingo Schommer
253083bc81
MINOR Documentation for Aggregate caching (from r114077)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114078 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:02 +13:00
Sean Harvey
10d283a641
BUGFIX #6201 Use of set_include_path() did not always include sapphire paths in some environments
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113976 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:02 +13:00
Saophalkun Ponlu
8381858d58
MINOR: Make sure that Translatable creates a translated parent of SiteTree only when the parent is not translated (from r113955)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113956 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:01 +13:00
Sean Harvey
febcc15c3a
MINOR Fixed spaces with tabs in Core
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113924 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:01 +13:00
Sean Harvey
b7d7a86b51
MINOR Fixed spaces with tabs for Core::getTempFolder()
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113923 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:01 +13:00
Ingo Schommer
a9e611d721
ENHANCEMENT Allowing i18nTextCollector to discover entities in templates stored in themes/ directory (thanks nlou) (from r113918)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113919 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:01 +13:00
Sean Harvey
68eebd8023
BUGFIX ErrorPage::requireDefaultRecords() case where no assets directory causes an fopen() error. Ensure assets directory is created before attempting to write error page files
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113590 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:00 +13:00
Ingo Schommer
d2b489b4ef
BUGFIX Clear static marking caches on Hierarchy->flushCache()
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113277 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:59 +13:00