tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
12,479 Commits 31 Branches 527 Tags 162 MiB
25b6175e67
Commit Graph

834 Commits

Author SHA1 Message Date
Ingo Schommer
f3ef04a432 FIX Auto-escape titles in TreeDropdownField 
Related to SS-2013-009. While the default "TreeTitle" was escaped
within the SiteTree->TreeTitle() getter, other properties like SiteTree->Title
weren't escaped. The new logic uses the underlying casting helpers
on the processed objects.
 2013-09-24 21:41:21 +02:00
Ingo Schommer
78ce99be09 FIX Escape breadcrumbs in SecurityAdmin (SS-2013-007) 2013-09-24 21:41:18 +02:00
Dan Brooks
3e5f788ddc Squashing previous corrections into one commit along with a couple more 
corrections to the docs, including changing the example seen in
fixtures.md
 2013-09-24 19:21:04 +01:00
bhongong
9fa8945f2a Fix "cms-description-tooltip" reference in code 
The instruction said to put "cms-description-tooltip" in the addExtraClass but in the sample code it is using "cms-help-tooltip"
 2013-09-20 21:12:59 +08:00
Will Rossiter
7a9ef16a0c Add how to for custom GridField row actions. 2013-09-19 23:38:35 +12:00
Ingo Schommer
be8ee992b7 getCMSValidator() docs 2013-09-18 14:32:38 +02:00
Tomáš Bílek
65d5f10e60 Update 3.1.0-rc2.md 
Corrected RC number in heading of page.
 2013-09-13 18:50:45 +02:00
Stephen Shkardoon
f765696d26 Update 3.0.6.md 
Add reference to information disclosure in Versioned.php (SS-2013-006)
 2013-09-13 10:34:51 +12:00
Dan Brooks
6afad377cb Changes to topics/testing 2013-09-12 18:22:46 +01:00
Ingo Schommer
03d1d58148 Merge remote-tracking branch 'origin/3.0' into 3.1 
Conflicts:
	admin/code/SecurityAdmin.php
	css/AssetUploadField.css
	docs/en/topics/configuration.md
	security/PermissionRole.php
 2013-09-12 17:33:36 +02:00
Ingo Schommer
c2b312d76f Merge remote-tracking branch 'origin/3.1.0' into 3.1 2013-09-12 17:24:42 +02:00
Ingo Schommer
7627d95555 Updated changelog 2013-09-12 17:02:13 +02:00
Ingo Schommer
a6b402f491 Added 3.0.6-rc2 changelog 2013-09-12 16:48:15 +02:00
Ingo Schommer
7c99cb4668 Merge branch 'pulls/security-issues-august-3.0' into 3.0 2013-09-12 15:45:13 +02:00
Ingo Schommer
8b5c8eab72 Linking to older security issue in change log 
Mainly for consistency with the newer format
 2013-09-12 15:42:43 +02:00
Ingo Schommer
05757efceb FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005) 
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
 2013-09-12 15:42:43 +02:00
Ingo Schommer
6cff9671d4 FIX Privilege escalation through Group and Member CSV upload (SS-2013-004) 
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
 2013-09-12 15:42:43 +02:00
Ingo Schommer
720c149aee FIX Privilege escalation through Group hierarchy setting (SS-2013-003) 
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
 2013-09-12 15:42:42 +02:00
Ingo Schommer
a492d56f7c 3.1.0-rc2 changelog 2013-09-12 15:42:36 +02:00
Ingo Schommer
cfa88adf4b FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005) 
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
 2013-09-12 15:42:36 +02:00
Ingo Schommer
46556b609e FIX Privilege escalation through Group and Member CSV upload (SS-2013-004) 
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
 2013-09-12 15:42:35 +02:00
Ingo Schommer
68ca47b0dd FIX Privilege escalation through Group hierarchy setting (SS-2013-003) 
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
 2013-09-12 15:42:35 +02:00
Sean Harvey
a1939dccd1 Merge pull request #2400 from jbridson/patch-9 
Update 2-extending-a-basic-site.md
 2013-09-10 21:47:36 -07:00
Simon Welsh
c2105db6d0 Count, not Length 2013-09-11 12:05:43 +12:00
jbridson
a4fbff4df5 Update 2-extending-a-basic-site.md 
Fixed a few wording issues and added some clarity to links eg: Tutorial One (Building a basic site)
 2013-09-11 11:20:41 +12:00
Ingo Schommer
9872a52a8d SecurityToken docs 2013-09-05 12:54:31 +02:00
Ryan Wachtl
15a1d96e5b Update requirements.md 
Missing semicolon in example code.
 2013-09-03 01:18:58 -05:00
Damian Mooyman
55a7cf6040 Documentation for belongs_to 2013-08-30 10:47:11 +12:00
Ingo Schommer
4ff7b43c44 Merge pull request #2364 from adrexia/tree-dropdown-search 
API: Treedropdownfield showsearch default true, provide better ui
 2013-08-29 05:00:14 -07:00
Naomi Guyer
8b5f89f3b9 API: Treedropdownfield showsearch default true, provide better ui 
Set search option true on treedropdown fields by default, to provide a
fallback solution when trees fail to render (too many children errors)

Provide better indication/more meaningful styling to search (match
chosen styles for consistency)
 2013-08-29 16:21:04 +12:00
jbridson
65ad51024d BUGFIX: fixed grammatical errors and formatting issues 2013-08-26 12:18:35 +12:00
Will Rossiter
0ac9eff829 Fix typo in form method name. 2013-08-25 10:59:26 +12:00
Mateusz Uzdowski
137aa53156 Return jQuery deferred object from LeftAndMain's loadFragment. 2013-08-23 09:39:38 +12:00
Ingo Schommer
b404e55533 Added link to translation CI 2013-08-22 18:02:02 +02:00
Ingo Schommer
a4c6ae3e90 Merge remote-tracking branch 'origin/3.1' 2013-08-22 13:56:33 +02:00
Mateusz Uzdowski
1f8feb5efc API Provide a thin alternative to loadPanel/submitForm. 
This is needed in some situations when we only want to update a
small single component, sometimes even using a different controller to
the one implied in the URL.

An example here is reloading dynamically the subsite dropdown without
reloading the entire page, updating a filter sidebar or suchlike.
 2013-08-22 15:16:13 +12:00
Ingo Schommer
a592c36adf Merge remote-tracking branch 'origin/3.0' into 3.1.0 
Conflicts:
	docs/en/changelogs/index.md
 2013-08-20 20:49:01 +02:00
Peter Evjan
76cf3c3ed9 Corrected parameters in model relations example 
An identifier needs to be specified when creating an object with relations, but the example had omitted that.
 2013-08-18 13:24:54 +10:00
Ingo Schommer
3690ae1658 Merge remote-tracking branch 'origin/3.0' into 3.1 
Conflicts:
	docs/en/changelogs/index.md
 2013-08-16 17:12:12 +02:00
Ingo Schommer
7ae75c1a89 Merge remote-tracking branch 'origin/3.1' 
Conflicts:
	forms/HtmlEditorField.php
 2013-08-16 13:37:44 +02:00
Kirk Mayo
6bb9386159 BUG: Updating old reference of sapphire to framework 2013-08-14 12:18:55 +12:00
Ingo Schommer
aff36c8845 Updated security release process with identifiers 2013-08-13 01:26:24 +02:00
Ingo Schommer
64d7438681 Merge remote-tracking branch 'origin/3.1' 2013-08-09 12:12:10 +02:00
jbridson
1ce0a0d2b9 Fixed Grammatical errors and issues where sentences didn't make sense. 2013-08-09 15:22:03 +12:00
Sam Minnee
3510b60ab8 Added 3.1.0-rc1 changelog 2013-08-09 14:25:58 +12:00
jbridson
0c4ff76921 Fixed issue with inconsistent use of punctuation and wording of Tutorial 5 summary 2013-08-09 14:20:41 +12:00
Ingo Schommer
7a117fe713 Added 3.0.6-rc1 changelog 2013-08-07 20:55:10 +02:00
Ingo Schommer
a213afd888 Added 3.0 changelog 2013-08-07 20:16:59 +02:00
Ingo Schommer
2a35f2f928 Merge remote-tracking branch 'origin/3.1' 2013-08-07 17:34:11 +02:00
Ingo Schommer
afe06661ef Merge remote-tracking branch 'origin/3.0' into 3.1 
Conflicts:
	admin/templates/Includes/LeftAndMain_Menu.ss
	admin/templates/Includes/ModelAdmin_ImportSpec.ss
	admin/templates/Includes/ModelAdmin_Tools.ss
	admin/templates/LeftAndMain.ss
	admin/templates/ModelSidebar.ss
	i18n/i18n.php
	templates/ComplexTableField.ss
	templates/ComplexTableField_popup.ss
	templates/FileIFrameField_iframe.ss
	templates/Includes/GridFieldItemEditView.ss
	templates/Includes/TableListField_PageControls.ss
	templates/RelationComplexTableField.ss
	templates/TableField.ss
	templates/TableListField.ss
 2013-08-07 17:14:47 +02:00
Ingo Schommer
00ffe72944 Translations: Switch to Transifex format 
- Based on new (last) translation download from getlocalization.com
- Removed untranslated strings. Getlocalization started including those at some point
which is highly annoying, unnecessary and breaks the new transfix system,
since it'll mark all of the english strings as actual translations
- Avoid dots in entities. It confuses the Transifex YML parser
- Removed some locales unknown to Transifex which didn't have any translations anyway
- Removed "lolcat" locale, uses custom notation (en@lolcal)
  which SilverStripe's i18n system can't handle
  (needs mapping from SS naming to Zend naming)
- Renamed "Te Reo/Maori" locale from "mi_NZ" to "mi" (Transifex/CLDR notation)
- Namespaced all entities used in templates (deprecated usage)
- Converted dots to underscores where template filenames are used for namespaces,
since Transifex YML parsing handles them as separate YML keys otherwise
- Removed whitespace in entity names, SilverStripe i18n can't handle it
- Only allow selection of locales registered through i18n::$all_locales to avoid
  issues with unknown locales in Zend's CLDR database
 2013-08-07 00:25:16 +02:00
Ingo Schommer
542728cd94 Merge remote-tracking branch 'origin/3.1' 2013-08-03 19:47:32 +02:00
Ingo Schommer
31e8ec3795 Docs: Consistent arg quoting in <% require %> (#1614) 2013-08-03 18:44:32 +02:00
Ingo Schommer
0e7231ff60 API Disable discontinued Google Spellcheck in TinyMCE 
Replaced by browser-based spellchecking if available (Chrome, Firefox),
with instructions on how to use PSpell as an alternative.
 2013-08-03 16:16:45 +02:00
Ingo Schommer
97e6108fa9 Changelog note on form method limitations 
See 14c59be85e.
Raised by Fara Rustein of Deloitte Argentina (CVE-2013-2653).
 2013-08-01 15:48:51 +02:00
Stephen Shkardoon
6e47a25098 Fix misleading documentation about Children.max 
Currently, the documentation implies that doing a `Children.max(LastEdited)` will work, which isn't the case.
This change uses `AllChildren.max(LastEdited)` instead, which while slightly more inefficient, will actually work consistently.
 2013-07-29 15:18:39 +12:00
Hamish Friedlander
d44024b1cf Merge branch 'origin/3.1' 2013-07-24 13:29:55 +12:00
Will Rossiter
58a2eb0155 Versioned documentation typo (Thanks aragonne) 2013-07-19 18:14:53 +12:00
Hamish Friedlander
0a79ac3592 Merge branch 'origin/3.1' 
Conflicts:
	templates/forms/CheckboxSetField.ss
	templates/forms/FormField_holder.ss
	templates/forms/OptionsetField.ss
 2013-07-19 16:25:38 +12:00
Hamish Friedlander
d38bd7d5cb Merge branch 'origin/3.0' into 3.1 2013-07-19 14:18:49 +12:00
Hamish Friedlander
1298d4a5bd FIX Prevent DOS by checking for env and admin on ?flush=1 (#1692) 2013-07-19 12:24:32 +12:00
Ingo Schommer
d4a1e6d294 BUG Prevent clickjacking in CMS and Security controllers (fixes #2215) 2013-07-14 22:44:09 +02:00
Will Rossiter
65e9f05c36 Merge pull request #2220 from jthomerson/pulls/small_doc_fix_1 
Small typo causing linking error
 2013-07-11 20:42:36 -07:00
Jeremy Thomerson
71f8c1306f DOCFIX: small typo causing linking error 2013-07-11 13:40:34 +00:00
Ingo Schommer
b58e2dbe3a Member.lock_out_delay_mins configurable, password security docs 2013-07-11 09:47:28 +02:00
Andrew Short
8a62593754 Merge branch '3.1' 2013-07-10 18:27:19 +10:00
Hamish Friedlander
7b7982969b Add some docs about admin-side HTML sanitisation 2013-07-10 16:44:51 +12:00
Ingo Schommer
e6011f3aae Rewritten "extend cms" docs (#1671) 
Hopefully this commit can be reverted once we fix the
layout manager to work with all four directions (north, south, east, west).
A "bookmark bar" makes more sense as an example than having the links
in the menu, and it allows us to illustrate the CMS layout techniques.
 2013-07-09 22:15:43 +02:00
Simon Welsh
fbce9fd7cd Merge branch '3.1' 
Conflicts:
	.travis.yml
	docs/en/misc/contributing/code.md
	javascript/HtmlEditorField.js
 2013-07-05 10:22:58 +12:00
Simon Welsh
d844c74e3c Merge branch '3.0' into 3.1 
Conflicts:
	.travis.yml
	control/HTTP.php
	email/Mailer.php
	tests/control/HTTPTest.php
 2013-07-05 10:17:14 +12:00
Hamish Friedlander
dacb2aa638 FIX HtmlEditorField not re-checking sanitisation server side 2013-07-04 08:53:23 +12:00
Mateusz Uzdowski
f9ede95e5b Add configuration system tests for Only and Except combinations. 2013-07-02 15:51:53 +12:00
Hamish Friedlander
df218d76da Clarify how Only and Except rules combine 2013-07-02 14:09:11 +12:00
Ingo Schommer
2a4fd90316 Docs: Note about branch merging 2013-06-25 10:35:30 +02:00
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction() 
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
 2013-06-24 14:50:40 +02:00
Ingo Schommer
474dde8012 Merge remote-tracking branch 'origin/3.0' into 3.1 
Conflicts:
	docs/en/reference/grid-field.md
 2013-06-24 14:39:09 +02:00
Will Rossiter
d1756a5a58 Update simple-contact-form.md 2013-06-20 18:35:12 +12:00
CheeseSucker
2ac3444675 MINOR: Fixed typo 2013-06-19 16:48:49 +02:00
Ingo Schommer
2160fb8000 Merge remote-tracking branch 'origin/3.0' into 3.1 
Conflicts:
	admin/javascript/LeftAndMain.js
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsUiContext.php
	tests/control/ControllerTest.php
 2013-06-19 14:03:43 +02:00
Ingo Schommer
94b4237372 Merge remote-tracking branch 'origin/3.1' 2013-06-19 11:17:33 +02:00
Sean Harvey
726e4c313e Merge pull request #2084 from chillu/pulls/cmsform 
Handle ValidationException on CMS forms
 2013-06-18 14:41:51 -07:00
CheeseSucker
671b7a0cc7 Consolidated command line examples 
Examples were broken into several <pre> blocks.
 2013-06-18 15:50:32 +03:00
CheeseSucker
b0615cdc5f Fixed a markdown issue 
Maybe a bug in SS markdown?

The old code generated:
<a href="(faulty-link)">assertEmailSent</a>
<code>which can simulate sending emails through the</code>Email-&gt;send()` API

Instead of the expected:
<code><a href="(good-link)">assertEmailSent</a></code>
which can simulate sending emails through the <code>Email-&gt;send()</code> API

faulty-link = http://api.silverstripe.org/search/lookup/?q=SapphireTest->assertEmailSent(&version=trunk&module=framework)

good-link: http://api.silverstripe.org/search/lookup/?q=SapphireTest->assertEmailSent()&version=trunk&module=framework
 2013-06-18 14:28:12 +02:00
vikas srivastava
2f16d93d48 Update 3.1.0.md 
I was trying 
Member:
  extensions:
    MyMemberExtension

And it didn't work then someone on IRC pointed that I need to put a '-' before values. So this works.
Member:
  extensions:
    - MyMemberExtension
Hope will help someone else.
 2013-06-17 14:21:46 +05:30
CheeseSucker
476df739a2 A few minor improvements to the "Module development" documentation 2013-06-16 12:55:39 +03:00
Ingo Schommer
6a4ec840d2 Merge pull request #2098 from CheeseSucker/patch-2 
[MINOR] Fixed typo
 2013-06-15 00:14:53 -07:00
Will Rossiter
8fca3799c3 Update module development, remove outdated release steps 2013-06-15 12:06:25 +12:00
CheeseSucker
091e34e2e8 [MINOR] Typo 2013-06-15 02:49:52 +03:00
CheeseSucker
89a272b291 [MINOR] Changed so that ä is displayed as &auml; as intended by author. 2013-06-15 02:23:01 +03:00
CheeseSucker
9b881e5f92 [MINOR] build -> built 2013-06-15 02:19:29 +03:00
CheeseSucker
23cd824426 Rewrote a nonsensical paragraph about rewriting. 2013-06-15 02:18:01 +03:00
CheeseSucker
40ef812861 [MINOR] Fixed a markup error. 2013-06-15 00:58:45 +02:00
CheeseSucker
c4408163ee Should fix an issue where the .htaccess file was split into several <pre> tags. 
This error is not reproducible by the github preview tab, so I am not 100% sure it is fixed. Added whitespace on the empty lines.
 2013-06-15 00:57:29 +02:00
CheeseSucker
9c6b58d206 Fixed typo. 2013-06-15 00:28:02 +02:00
Ingo Schommer
9d4b8f61ca Note about IE10 support 2013-06-13 10:27:19 +02:00
Ingo Schommer
bfff11eb9c API New CMSForm class to allow validation responses in CMS (fixes #1777) 
Thanks to @willmorgan for getting this discussion started
(see https://github.com/silverstripe/sapphire/pull/1814).
 2013-06-13 07:51:05 +02:00
Damian Mooyman
be986c6524 API Allow $summary_fields to support methods on DBFields 2013-06-13 09:41:24 +12:00
Will Rossiter
6d792adab2 Update documentation static declarations to private 
Also spelling, grammar and line length clean up.
 2013-06-08 15:16:59 +12:00
Stevie Mayhew
76f6e0f71e MINOR: equality check consistency 
Updated all equality checks to use double equals (==) for consistency.
 2013-06-07 12:37:52 +12:00
Stevie Mayhew
6aae3d7d05 MINOR: equality check consistency 
Updated all equality logic checks to use double == for consistency across the page.
 2013-06-07 12:33:57 +12:00