Commit Graph

14005 Commits

Author SHA1 Message Date
Damian Mooyman
245e0aae2f [ss-2015-026]: BUG Fix FormField error messages not being encoded safely 2015-11-11 17:50:02 +13:00
Hamish Friedlander
53b3bc707b [ss-2015-025]: FIX Dont expose class on error 2015-11-11 17:46:46 +13:00
Ingo Schommer
ac4342d81d [ss-2015-022]: XML escape RSSFeed $link parameter 2015-11-11 17:46:39 +13:00
Damian Mooyman
97f21fddb3 [ss-2015-021] Fix rewrite hash links XSS 2015-11-11 17:46:27 +13:00
Damian Mooyman
e68eb7e45d Update translations 2015-11-11 17:06:45 +13:00
Damian Mooyman
6fd2923d3b Merge pull request #4732 from silverstripe/revert-4720-pulls/3.1/fix-js-includes
Revert "BUG Fix duplicate files being included in case of flush"
2015-11-02 18:40:12 +13:00
Damian Mooyman
074718fcfa Revert "BUG Fix duplicate files being included in case of flush" 2015-11-02 17:11:22 +13:00
Damian Mooyman
b857bdf209 BUG Fix duplicate files being included in case of flush
Fixes #4553
2015-10-29 17:48:30 +13:00
Damian Mooyman
82f2f63a01 Merge pull request #4714 from mparkhill/patch-1
Fix broken link to DataObject api
2015-10-28 12:00:41 +13:00
Michael Parkhill
e44f22c6b2 Fix broken link to DataObject api 2015-10-28 11:52:35 +13:00
Ingo Schommer
421d1b53b0 Merge pull request #4674 from ss23/parentidfix
Fix page reordering bug with ParentID
2015-10-13 11:35:52 +13:00
Stephen Shkardoon
6030854725 Fix page reordering bug with ParentID
If you are viewing PageA in the CMS, but move PageB into PageC,
the edit form will recieve an edit form ParentID of PageC.
This is incorrect, as only PageB had it's ParentID change.
2015-10-12 20:10:48 +13:00
Damian Mooyman
04e167ad4c Merge pull request #4665 from hafriedlander/minor/update_core_contributors
Update core contributors docs to include Jono Menz
2015-10-07 14:41:08 +13:00
Hamish Friedlander
b03ae843ca Update core contributors docs to include Jono Menz 2015-10-07 14:35:29 +13:00
Daniel Hensby
fa878b1e1f Merge pull request #4642 from hailwood/patch-1
DOCS Remove extra set of li's
2015-10-03 10:28:50 +01:00
Will Morgan
92970f8a8c Merge pull request #4641 from LiamW/patch-2
fixed minor GridField initialization syntax.
2015-10-01 09:37:57 +01:00
Matthew Hailwood
5e68512e1c Remove extra set of li's 2015-09-30 14:19:20 +13:00
Liam Whittle
71a2ef1350 fixed minor GridField initialization syntax. 2015-09-29 18:51:08 -04:00
Damian Mooyman
a13d7e2b53 Merge pull request #4616 from spekulatius/patch-1
Update 01_Extensions.md
2015-09-21 10:40:13 +12:00
Peter Thaleikis
7ca97cd86d Update 01_Extensions.md
adding missing space
2015-09-20 15:15:54 +12:00
Damian Mooyman
c2a407a01b Add note to changelog 2015-09-18 14:51:04 +12:00
Damian Mooyman
b12bdb754b Added 3.1.15 changelog 2015-09-18 14:21:20 +12:00
Damian Mooyman
7f71a2ccfe Update translations 2015-09-18 14:21:20 +12:00
Damian Mooyman
e64d73c1f7 BUG Fix ClassInfo::table_for_object_field 2015-09-17 18:31:46 +12:00
Damian Mooyman
8ddb4c7ffe Merge remote-tracking branch 'origin/3.1.14' into 3.1 2015-09-15 11:07:14 +12:00
Damian Mooyman
00caeb700d Added 3.1.14 changelog
Update translations
2015-09-15 10:58:15 +12:00
Damian Mooyman
6699f65b3f Merge pull request #4594 from kinglozzer/uploadfield-attach-nonexistent
FIX: UploadField error when attempting to attach non-existent file IDs
2015-09-11 16:33:42 +12:00
Ingo Schommer
f935f2f25e Merge pull request #3 from silverstripe-security/fixes/ss-2015-020
[ss-2015-020]: Prevent possible Privilege escalation
2015-09-10 16:51:13 +12:00
Damian Mooyman
7367cf54c4 [ss-2015-020]: Prevent possible Privilege escalation 2015-09-10 13:01:24 +12:00
Damian Mooyman
45b22c788e BUG Fix missing framework/admin/tests 2015-09-10 11:06:15 +12:00
Loz Calver
06cc18526a FIX: UploadField error when attempting to attach non-existent file IDs 2015-09-09 09:24:56 +01:00
Ingo Schommer
4c73721bab Merge pull request #1 from silverstripe-security/fixes/ss-2015-016
[ss-2015-016]: Fix XSS in install.php
2015-09-09 09:48:56 +12:00
Daniel Hensby
00385792c5 Merge pull request #4588 from tractorcow/fix/3.1/admin-tests
BUG Fix missing framework/admin/tests
2015-09-08 09:57:53 +01:00
Christopher Pitt
751d77386c Merge pull request #2 from silverstripe-security/fixes/ss-2015-015
[ss-2015-015]: Fix insecure returnURL in DatabaseAdmin
2015-09-08 10:53:59 +12:00
Damian Mooyman
d8fd64c3e2 [ss-2015-016]: Fix XSS in install.php 2015-09-08 10:08:28 +12:00
Damian Mooyman
7192932022 [ss-2015-015]: Fix insecure returnURL in DatabaseAdmin 2015-09-08 09:48:09 +12:00
Loz Calver
b87c2ae78d Merge pull request #4589 from johndalangin/patch-3
Typo Correction
2015-09-07 10:56:27 +01:00
johndalangin
1b661c9f17 Typo Correction 2015-09-07 17:08:49 +08:00
Loz Calver
d0b53b5135 Merge pull request #4585 from javabrett/patch-1
Update 02_Composer.md
2015-09-07 09:23:08 +01:00
Damian Mooyman
96d20bc180 BUG Fix missing framework/admin/tests 2015-09-07 18:04:56 +12:00
Brett Randall
e0b0c17685 Update 02_Composer.md
Fixed typo, "in to thier" -> "into their".
2015-09-05 13:50:57 +10:00
Damian Mooyman
92f9af1984 Update translations 2015-09-02 11:15:53 +12:00
Damian Mooyman
ed401176f9 Added 3.1.14-rc1 changelog 2015-09-02 11:04:21 +12:00
Damian Mooyman
b390f463ea Merge pull request #4566 from chillu/pulls/pragma-docs
Clarify use of HTTP Pragma response header
2015-09-02 09:27:41 +12:00
Will Morgan
17e97babf1 Merge pull request #4549 from kinglozzer/pulls/recursion-arraylist-sort
FIX: Recursion errors when sorting objects with circular dependencies (fixes #4464)
2015-09-01 16:42:17 +01:00
Loz Calver
0943b3b1a0 FIX: Recursion errors when sorting objects with circular dependencies (fixes #4464) 2015-09-01 09:37:06 +01:00
Ingo Schommer
dc650e3cf1 Clarify use of HTTP Pragma response header
The HTTP Pragma header is obsolete for HTTP 1.1,
and technically only defined for a HTTP request (not response).
Refer to https://www.mnot.net/cache_docs/#PRAGMA
,http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32.
It is superseded by the "Cache-Control" directive.

See HTTP 1.1 spec at https://tools.ietf.org/html/rfc7234#section-5.4:
'Because the meaning of "Pragma: no-cache" in responses is
not specified, it does not provide a reliable replacement for
"Cache-Control: no-cache" in them.'

Sending a "Pragma: nocache" response header is a prudent
backwards compatibility measure for HTTP 1.0 clients.
The intended behaviour is for the majority clients as well as any
intermediary proxies to ignore this header.

Sending an empty Pragma is a known hack
for preventing PHP from adding "Pragma: nocache" to responses
with started sessions (see http://php.net/session_cache_limiter),
since PHP does not allow unsetting existing header() calls.
2015-09-01 11:45:30 +12:00
Ingo Schommer
bba1be3cd0 Merge pull request #4558 from sminnee/simplify-build-matrix-31
MINOR: Simplify build matrix for 3.x builds.
2015-08-31 10:18:00 +12:00
Daniel Hensby
ea757e72a6 Merge pull request #4560 from willmorgan/bugfixes/localstorage-win81-ie11
Fix localStorage for Windows 8.1 IE11 desktop mode
2015-08-29 21:15:19 +01:00
James Bolitho
0cb98bcce2 Fix localStorage for Windows 8.1 IE11 desktop mode
In IE11 windows 8 call to window.localStorage was throwing out an access denied error.  Using try and catch manages the issue and allows the script to execute in IE 11 in desktop mode.

I think it is a problem with IE11 rather than the way Silverstripe is implementing the preview via an iframe from what I have been reading. http://blogs.msdn.com/b/ieinternals/archive/2009/09/16/bugs-in-ie8-support-for-html5-postmessage-sessionstorage-and-localstorage.aspx.  It seems that the way IE11 deals with localStorage is broken in certain cases but I am not 100% certain of the cause yet as I have not been able to find a definitive answer.  I only noticed it was a problem when a new client said they couldn't view the admin screen properly in IE11.  I took a look in IE11 and I was experiencing the same problem which makes the admin interface layout screw up and the preview doesn't work due the error mentioned in the first post.

Instead of the original code I submitted I have amended it and added an additional function to test more robustly to see if localStorage is available and can be accessed properly.  It is a copy of the code on a blog post Mathias Bynens has written about detecting if localStorage is available and can be used: https://mathiasbynens.be/notes/localstorage-pattern

I have added a console.warn as you suggested if localStorage is not available so that at least you get a warning if localStorage tests fail.

I have tested this on Windows 8.1: Firefox, Chrome & Mac: Firefox, Safari, Chrome and it seems to work as expected.  On IE11 it displays the admin area correctly now but obviously doesn't save the preview settings between page loads if localStorage is not available.
2015-08-29 15:54:14 +01:00