tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
16,397 Commits 29 Branches 513 Tags 147 MiB
Commit Graph

395 Commits

Author SHA1 Message Date
Damian Mooyman 44de03da01
Merge pull request #53 from silverstripe-security/pulls/3.5/ss-2017-006 
[ss-2017-006] Fix user agent invalidation on session startup (3.5 branch)
 2017-12-06 16:25:39 +13:00
Daniel Hensby 8d1a5ed8b7
More code style fixes 2017-12-05 14:20:13 +00:00
Damian Mooyman 25e276cf37 [ss-2017-006] Fix user agent invalidation on session startup 2017-12-01 10:55:00 +13:00
Damian Mooyman 1053de7ec3 BUG Don't redirect in force_redirect() in CLI 
Replaces #4025
 2017-11-23 14:26:55 +13:00
Roman Schmid dda14e8959
Fix HTTP::get_mime_type with uppercase filenames. 
The fallback of `HTTP::get_mime_type` (that uses a lookup instead of `finfo`) doesn't ensure the extension is converted to lowercase before the lookup. A file named `Image.JPG` will return `'application/unknown'`.
This change fixes this issue.
 2017-11-16 10:56:34 +00:00
Daniel Hensby 32cef975ef
FIX Use self::inst() for Injector/Config nest methods 2017-10-25 17:48:35 +01:00
Daniel Hensby 602062802e
Merge branch '3.4' into 3.5 2016-11-23 23:55:31 +00:00
Daniel Hensby 6136cf8502
DOCS Update PHPDoc for SS_HTTPResponse 2016-11-14 19:02:56 +00:00
Daniel Hensby 9a6121c867
Merge branch '3.4' into 3 2016-10-16 22:56:37 +01:00
Daniel Hensby 6dde5ce571
FIX Absolute alternate_base_url no longer breaks session cookies 2016-10-04 14:21:32 +01:00
Daniel Hensby 5e9d16646d
Merge branch '3.4' into 3 2016-10-03 10:24:32 +01:00
Anton Smith ae4108bf00 BUG Content-Disposition header breaks in Firefox (#4087) 2016-09-29 13:25:14 +13:00
Andrew Aitken-Fincham ad0d68d133 add IPUtils.php to control and implement symfony IpUtils (#6062) 2016-09-26 12:44:55 +13:00
Daniel Hensby 5959419645
Merge branch '3.3' into 3.4 2016-09-07 09:21:50 +01:00
Daniel Hensby b80dc6450a
Merge branch '3.2' into 3.3 2016-09-07 09:21:21 +01:00
Daniel Hensby e7ecf6cf15
FIX Bad strpos call in HTTP::register_etag() 2016-09-06 23:32:57 +01:00
Daniel Hensby d306c884c7
Merge branch '3.3' into 3.4 2016-08-18 22:20:42 +01:00
Daniel Hensby dc008b38ab
Merge branch '3.2' into 3.3 2016-08-18 22:18:47 +01:00
Daniel Hensby 41be95c95a [SS-2016-007] FIX Encode user supplied URL for embeding into page 2016-08-15 15:53:36 +12:00
Daniel Hensby 3fa84cf0c6 [SS-2016-007] FIX Encode user supplied URL for embeding into page 2016-08-15 15:03:42 +12:00
Daniel Hensby 56f0b72e8d
FIX ETag header now properly quoted 2016-08-11 15:49:29 +01:00
Daniel Hensby 679185514d
Merge 3.3 into 3 
Conflicts:
	admin/css/screen.css.map
 2016-04-26 00:24:59 +01:00
Daniel Hensby 745faebd81
Merge 3.2 into 3.3 
Conflicts:
	.travis.yml
 2016-04-26 00:17:09 +01:00
Daniel Hensby a0812f987a
Merge 3.1 into 3.2 
Conflicts:
	admin/javascript/LeftAndMain.js
	control/HTTPRequest.php
	docs/en/00_Getting_Started/00_Server_Requirements.md
 2016-04-26 00:09:33 +01:00
Patrick Nelson 707aa14c6c FIX for #5299 Adding <code> blocks to Injector documentation. 2016-04-11 10:56:46 -07:00
Daniel Hensby 817b836870 FIX getIP from behind a load-balancer that adds many IPs to the header 2016-03-01 21:07:48 +00:00
Damian Mooyman 9fed5561f4 Merge remote-tracking branch 'origin/3.3' into 3 
# Conflicts:
#	core/Constants.php
#	dev/DevelopmentAdmin.php
 2016-02-24 17:39:04 +13:00
Ingo Schommer 37059eb6b3 [ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers 2016-02-24 11:47:16 +13:00
Ingo Schommer faa94d51d5 [ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers 2016-02-24 11:33:54 +13:00
Ingo Schommer 893e49703d [ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers 2016-02-18 17:28:54 +13:00
Sam Minnee 3ee8f505b7 MINORE: Remove training whitespace. 
The main benefit of this is so that authors who make use of
.editorconfig don't end up with whitespace changes in their PRs.

Spaces vs. tabs has been left alone, although that could do with a
tidy-up in SS4 after the switch to PSR-1/2.

The command used was this:

for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//'
done
 2016-01-07 10:15:54 +13:00
Damian Mooyman fce82519bd BUG Workaround for issues in testing version 2015-12-22 17:47:53 +13:00
Damian Mooyman 48a30909f3 Merge remote-tracking branch 'origin/3.2' into 3 
# Conflicts:
#	admin/javascript/LeftAndMain.BatchActions.js
#	css/UploadField.css
#	forms/HtmlEditorField.php
 2015-12-22 14:07:52 +13:00
Ingo Schommer 0175167761 Merge pull request #4830 from open-sausages/pulls/3/fix-querystring-stage 
API Disable unauthenticated get parameter access to site stage mode
 2015-12-10 10:44:43 +13:00
Marcus Nyeholt fc5e584201 Format for SS3 using tabs instead of spaces 2015-12-08 15:19:24 +11:00
Damian Mooyman 38e154af0a API Disable get parameter access to site stage mode 
BUG Fix missing and undocumented response from Security::permissionFailure()
 2015-12-07 17:39:18 +13:00
Marcus Nyeholt f7c270a3ba NEW Use Config for determining Vary header 
Existing implementation hardcodes the Vary header; swap to using Config layer
instead

Added test for changing the variable from config
 2015-12-02 10:28:24 +11:00
Damian Mooyman 302c741b07 Merge remote-tracking branch 'origin/3.1' into 3.2 
Conflicts:
	control/HTTP.php
	forms/Form.php
	tests/view/SSViewerTest.php
 2015-11-16 16:50:40 +13:00
Damian Mooyman b943a0c6dd Merge remote-tracking branch 'origin/3.1.16' into 3.1 2015-11-16 16:30:24 +13:00
Hamish Friedlander 53b3bc707b [ss-2015-025]: FIX Dont expose class on error 2015-11-11 17:46:46 +13:00
Hamish Friedlander f290d869e0 [ss-2015-025]: FIX Dont expose class on error 2015-11-11 16:55:23 +13:00
Igor Nadj f577ecb811 FIX: prevent use cache on browser back button 2015-11-05 16:09:16 +13:00
Damian Mooyman c4dc10b255 Merge remote-tracking branch 'origin/3.2' into 3 
Conflicts:
	forms/DropdownField.php
	tests/model/ImageTest.php
 2015-11-03 13:06:39 +13:00
Patrick Nelson f192a6ecaf FIX #4392: Ensure headers are checked first before being clobbered by globally maintained state. Also ensuring tests utilize separate responses for isolation. 2015-10-09 13:50:33 -04:00
Damian Mooyman 278caa86f4 Merge pull request #4636 from spekulatius/converting-spaces-to-tabs 
converting spaces as intentation to tabs
 2015-10-06 11:51:45 +13:00
Damian Mooyman 3b192ea67c Merge pull request #4649 from cjsewell/3.1 
FIX: Typo in curr methods PHPDoc
 2015-10-05 16:14:47 +13:00
Corey Sewell 4a70ffea06 FIX: Typo in cur methods PHPDoc 2015-10-05 15:58:46 +13:00
Will Morgan 85654a495f Merge pull request #4635 from spekulatius/adding-space-before-casting 
adding a space before casting into a different type
 2015-09-28 11:17:08 +01:00
Peter Thaleikis 5fda95d951 converting spaces as intentation to tabs 2015-09-28 22:21:30 +13:00
Peter Thaleikis 21216b47ab remove trailing spaces in the codebase 2015-09-28 22:21:08 +13:00