Commit Graph

23232 Commits

Author SHA1 Message Date
Guy Sartorelli
3564f98c9c
Merge pull request #10616 from s-kerdel/10615-Respect-SS_BASE_URL-for-CLI-RequestBuilder
FIX Respect SS_BASE_URL scheme in CLI environment
2022-12-20 11:38:12 +13:00
Shiva Kerdel
4a1eb0c158
ISSUE-10615: Respect SS_BASE_URL scheme in CLI environment.
Additionally set _SERVER variables for HTTPS and SSL to respect SS_BASE_URL scheme when executing builds and tasks through CLI.
This should solve base tags not being provided with the correct HTTP scheme. This is important to resolve mixed content issues and insecure requests.
2022-12-20 11:13:02 +13:00
Guy Sartorelli
ce53318d26
Merge branch '4.12-release' into 4.12 2022-12-19 01:38:05 +00:00
Guy Sartorelli
8bb712a461
Merge branch '4.11' into 4.12-release 2022-11-30 10:54:02 +13:00
Michal Kleiner
b107622400
FIX Improve rounding logic for storing of long decimal numbers (#10593)
Co-authored-by: Michal Kleiner <michal.kleiner@cub3.com>
2022-11-29 15:07:56 +13:00
Michal Kleiner
f57a77dcdd
Merge pull request #10589 from silverstripe-terraformers/pulls/runtemplate-fix 2022-11-24 13:49:35 +13:00
Chris Penny
31d5aef520 Bugfix: SSViewer check object exists before calling prop or method 2022-11-24 13:18:56 +13:00
Steve Boyd
cb76f312a4 Merge branch '4.11' into 4.12-release 2022-11-21 13:44:23 +13:00
Steve Boyd
dc98cad48a Merge branch '4.10' into 4.11 2022-11-21 13:43:59 +13:00
Guy Sartorelli
c7c108b29a
Merge pull request #10582 from creative-commoners/pulls/4.10/cve-2022-38148
Validate SortColumn exists
2022-11-21 13:30:35 +13:00
Guy Sartorelli
20de819d2b
Merge pull request #10586 from creative-commoners/pulls/4.11/cve-2022-37429
Sanitise XSS
2022-11-21 13:30:30 +13:00
Steve Boyd
fe13856769 [CVE-2022-37429] Sanitise XSS 2022-11-21 13:06:40 +13:00
Guy Sartorelli
17f1c7ceed
Merge pull request #10585 from creative-commoners/pulls/4.11/cve-2022-37430
Sanitise mixed case javascript
2022-11-21 13:03:30 +13:00
Guy Sartorelli
e5b81109de
Merge pull request #10584 from creative-commoners/pulls/4.11/cve-2022-38462
Don't allow CRLF in header values
2022-11-21 13:02:25 +13:00
Steve Boyd
4308a93cc8 [CVE-2022-38148] Validate SortColumn exists 2022-11-21 13:01:32 +13:00
Guy Sartorelli
b17b29eea1
Merge pull request #10583 from creative-commoners/pulls/4.11/cve-2022-38724-embed-shortcode
Restrict embed shortcode attributes
2022-11-21 13:01:23 +13:00
Daniel Hensby
c49abf0fcc
Merge remote-tracking branch 'upstream/4.11' into 4.12 2022-11-11 13:25:54 +00:00
Daniel Hensby
bb5b093004
Merge pull request #10578 from MadeHQ/4.11
Prevent infinite loop when getting table name for ComponentID
2022-11-10 21:49:03 +00:00
Lee Bradley
78b661dcf6
Prevent infinite loop when getting table name for ComponentID
If the field isn't in the first 2 classes then would just continue to loop
Fix means it will continue going to parent classes

Can be seen in the UsedOnTable in `admin` module if you have injected a new `Image` class that extends the built in one
2022-11-10 14:00:29 +00:00
Guy Sartorelli
e53380ce89
Merge pull request #10576 from creative-commoners/pulls/4.11/use-blowfish
MNT Explicitly test with blowfish
2022-11-10 17:18:20 +13:00
Guy Sartorelli
f8befa3dcf
Update translations 2022-11-10 01:56:20 +00:00
Steve Boyd
49e637d244 MNT Explicitly test with blowfish 2022-11-10 11:36:56 +13:00
Guy Sartorelli
ed63beeeee
Merge branch '4.11' into 4 2022-11-09 10:53:09 +13:00
Guy Sartorelli
00d1701d37
Merge pull request #10568 from creative-commoners/pulls/4/restore-err
MNT Use restore_error_handler()
2022-11-04 09:29:51 +13:00
Steve Boyd
7cfd827776 MNT Use restore_error_handler() 2022-11-03 16:19:17 +13:00
Daniel Hensby
00f0b01d0e
Merge pull request #10566 from kinglozzer/form-extension-hook
NEW: Add onBeforeRender extension hook to Form
2022-11-02 23:54:22 +00:00
Loz Calver
7f8f5afc91 Ensure forms/fields overridden by onBeforeRender() can override templates 2022-11-02 11:57:57 +00:00
Loz Calver
e2cb683f14 FIX: Stop FormField onBeforeRenderHolder extension result being overridden 2022-11-02 10:06:23 +00:00
Loz Calver
c925fae180 NEW: Add onBeforeRender extension hook to Form 2022-11-02 10:05:02 +00:00
Guy Sartorelli
e454db6dc9
Merge pull request #10563 from creative-commoners/pulls/4/conf-version
FIX Filter out E_USER_DEPRECATED unrelated to unit test
2022-11-02 12:02:33 +13:00
Steve Boyd
128f78c1cf FIX Filter out E_USER_DEPRECATED unrelated to unit test 2022-11-02 11:40:34 +13:00
Guy Sartorelli
001e9c75d7
Merge pull request #10562 from creative-commoners/pulls/4/depr-random
API Deprecate Member::create_new_password()
2022-11-02 11:10:10 +13:00
Steve Boyd
9091d64652 API Deprecate Member::create_new_password() 2022-11-02 10:08:27 +13:00
Guy Sartorelli
e323fe478e
Merge pull request #10559 from creative-commoners/pulls/4/deprecated-config
NEW Record deprecated config
2022-11-01 11:45:03 +13:00
Steve Boyd
b1dc861aac NEW Record deprecated config 2022-10-31 19:00:59 +13:00
Michal Kleiner
27eb390d2b
Merge pull request #10560 from creative-commoners/pulls/4.11/default-admin-encryption 2022-10-27 14:48:52 +13:00
Steve Boyd
a3c1cb0ddf
ENH Set PasswordEncryption on default admin 2022-10-27 13:57:27 +13:00
Guy Sartorelli
168ca00555
[CVE-2022-38724] Restrict embed shortcode attributes 2022-10-26 09:31:12 +13:00
Steve Boyd
59b980edd7 Merge branch '4.11' into 4 2022-10-21 11:46:39 +13:00
Maxime Rainville
25241a98e1
Merge pull request #10556 from creative-commoners/pulls/4/deprecation-no-manifests
FIX Handle calling Deprecation::notice() before manifests are available
2022-10-21 10:28:40 +13:00
Steve Boyd
897f9906f9 FIX Handle calling Deprecation::notice() before manifests are available 2022-10-21 10:08:31 +13:00
Guy Sartorelli
421b706a38
Merge pull request #10554 from creative-commoners/pulls/4/deprecation-api
FIX Ensure Deprecation works with 1.x branches
2022-10-20 14:18:22 +13:00
Steve Boyd
bd2eb15c72 FIX Ensure Deprecation works with 1.x branches 2022-10-20 13:14:58 +13:00
Michal Kleiner
0c207c3079
Merge pull request #10555 from creative-commoners/pulls/4.11/inject-objects 2022-10-19 21:07:48 +13:00
Steve Boyd
e3a6cad8a8 FIX Allow passing objects to InjectionCreator::create()
Co-authored-by: Nate Devereux <nate@daveclark.co.nz>
2022-10-19 18:04:48 +13:00
Daniel Hensby
0027d9414d
Merge pull request #10547 from HeyImPhil/task/10442-tinymce-links
Update tinymce links in comments
2022-10-14 10:14:17 +01:00
Phillip King
c4b3d5304d Update tinymce links in comments 2022-10-14 16:11:58 +13:00
Guy Sartorelli
d6b3f4d515
Merge pull request #10525 from creative-commoners/pulls/4/deprecated
API Update deprecations
2022-10-13 15:25:47 +13:00
Steve Boyd
9c453abf89 API Update deprecations 2022-10-13 14:49:15 +13:00
Steve Boyd
33b6a00f49 ENH Update deprecation messages 2022-10-13 14:48:40 +13:00