Ingo Schommer
893e49703d
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-18 17:28:54 +13:00
Simon Erkelens
1831947157
Declare the global mapping
...
Fix for #4426
2015-07-23 20:52:09 +02:00
Daniel Hensby
ca8d0f2818
Merge branch '3.1' into 3.2
...
Conflicts:
dev/Debug.php
docs/en/05_Contributing/01_Code.md
forms/FormField.php
i18n/i18nTextCollector.php
model/DataQuery.php
2015-07-20 10:48:01 +01:00
Damian Mooyman
5ace4905c9
BUG Fix issue when SS_ALLOWED_HOSTS is run in CLI
2015-07-08 11:01:06 +12:00
Damian Mooyman
8331171f2c
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
.scrutinizer.yml
admin/javascript/LeftAndMain.Panel.js
core/startup/ParameterConfirmationToken.php
dev/Debug.php
dev/FixtureBlueprint.php
docs/en/00_Getting_Started/05_Coding_Conventions.md
docs/en/00_Getting_Started/index.md
docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
filesystem/File.php
filesystem/Folder.php
forms/FieldList.php
forms/LabelField.php
forms/MoneyField.php
forms/TextField.php
forms/TreeDropdownField.php
forms/Validator.php
forms/gridfield/GridField.php
forms/gridfield/GridFieldExportButton.php
lang/de.yml
lang/fi.yml
model/DataObject.php
model/SQLQuery.php
parsers/ShortcodeParser.php
security/ChangePasswordForm.php
security/Security.php
tests/control/DirectorTest.php
tests/core/startup/ParameterConfirmationTokenTest.php
tests/dev/FixtureBlueprintTest.php
tests/forms/FieldListTest.php
tests/forms/MoneyFieldTest.php
tests/model/SQLQueryTest.php
tests/security/SecurityTest.php
2015-06-02 19:13:38 +12:00
Damian Mooyman
0319f7855b
FIX Incorrect env setting in 3.1.13
2015-06-02 12:27:08 +12:00
Marcus Nyeholt
9c8fa51321
FIX Allow users to specify allowed hosts
...
Allow users to explicitly state which Hosts are allowed to be requested via
this application instance to avoid Host: header forgery attacks.
2015-05-28 15:58:39 +10:00
Damian Mooyman
75137dbab2
Ensure only trusted proxy servers have control over certain HTTP headers
2015-05-28 10:12:46 +12:00
Damian Mooyman
db54125262
Deprecate stripslashes_recursively and magic quotes
...
This code is removed from 4.0
2015-03-14 21:24:11 +13:00
Zauberfisch
aa77e126c7
Fixed infinity loop when searching _ss_environment
2015-02-17 04:33:40 +00:00
zauberfisch
eb98b003b7
Fixed looking for _ss_environment.php in root dir and removed redundant code
2015-02-13 23:30:29 +00:00
Sean Harvey
07b15db3eb
Allow ASSETS_PATH to be overridden like ASSETS_PATH (via jthomerson)
2013-11-01 11:27:03 +13:00
Hamish Friedlander
2110493466
Merge branch '3.0' into 3.1
2013-08-07 09:43:52 +12:00
Hamish Friedlander
5f9387c42c
FIX Constants magic_quotes handling needs function from Core
2013-08-05 14:58:44 +12:00
Hamish Friedlander
541436feb0
Merge branch 'origin/3.0' into 3.1
2013-07-24 12:09:44 +12:00
Hamish Friedlander
604d9bf7dc
Split Core.php into Constants.php and Core.php and adjust main.php startup
...
The recent flush filter fix had a problem that you couldnt set a custom
BASE_PATH in _ss_environment because that file didnt get included until
after checking the confirmation token. This patch pulls the part of Core.php
that defines BASE_PATH into a seperate file that can be included earlier
in the startup sequence so that ParameterConfirmationToken can access it.
Core.php includes Constants.php with a require_once call, so for startup
scripts that dont pull in Constants.php themselves (like cli-script.php)
no change is needed.
2013-07-22 13:52:00 +12:00