Commit Graph

16411 Commits

Author SHA1 Message Date
Damian Mooyman
6ba00e829a
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt 2017-11-30 15:53:50 +13:00
Loz Calver
b31b22ac8e
Merge pull request #7635 from dhensby/pulls/3.5/update-pwd-encryption-on-change
FIX Update meber passwordencryption to default on password change
2017-11-27 09:05:43 +00:00
Damian Mooyman
bac5f4c8aa
Merge branch '3.5' into pulls/3.5/update-pwd-encryption-on-change 2017-11-27 14:42:32 +13:00
Daniel Hensby
f31caaa429
Merge pull request #7640 from kinglozzer/travis-firefox
Specify Firefox 31 for Travis Behat builds
2017-11-24 21:53:35 +00:00
Loz Calver
7b719d7b9d Specify Firefox 31 for Travis Behat builds 2017-11-24 21:16:36 +00:00
Loz Calver
6ab9dba9c8
Merge pull request #7639 from dhensby/pulls/3.5/phpunit-warnings
Fix deprecated usage of getMock in unit tests
2017-11-24 15:16:26 +00:00
Daniel Hensby
09a003bc13
Fix deprecated usage of getMock in unit tests 2017-11-24 14:48:30 +00:00
Daniel Hensby
2ad3cc07d5
FIX Update meber passwordencryption to default on password change 2017-11-23 21:17:31 +00:00
Daniel Hensby
79bba8bfd1
Merge pull request #7632 from open-sausages/pulls/3.5/fix-director-cli-redirect
BUG Don't redirect in force_redirect() in CLI
2017-11-23 12:49:32 +00:00
Damian Mooyman
1053de7ec3 BUG Don't redirect in force_redirect() in CLI
Replaces #4025
2017-11-23 14:26:55 +13:00
Loz Calver
a7dfda2a85
Merge pull request #7628 from dhensby/pulls/3.5/travis-retry
Travis retry on imagick install
2017-11-22 17:04:01 +00:00
Daniel Hensby
a63bb12d92
Travis retry on imagick install 2017-11-22 13:25:26 +00:00
Daniel Hensby
2e76936878
Merge pull request #7345 from schellmax/patch-2
TreeDropdownField: replace onadd by onmatch
2017-11-22 12:37:11 +00:00
Daniel Hensby
0f2049d4d4
[SS-2017-008] Fix SQL injection in search engine 2017-11-21 14:45:36 +00:00
Damian Mooyman
a73f75ccc5
Merge pull request #7613 from dhensby/pulls/3.5/phpunit-loosen-constraint
Loosen PHPUnit constraints
2017-11-20 13:58:20 +13:00
Daniel Hensby
36bb28a41d
Loosen PHPUnit constraints 2017-11-17 11:48:24 +00:00
Loz Calver
13b02feed7
Merge pull request #7602 from dhensby/pulls/3.5/fix-filter-any-inner-join
FIX ManyMany link table joined with LEFT JOIN
2017-11-16 13:48:07 +00:00
Daniel Hensby
c96ed89cbe
Merge pull request #7607 from patricknelson/issue-7606-svg-image-tags
FIX: Prevent crash when saving page with <img> that has an SVG source.
2017-11-16 12:12:49 +00:00
Daniel Hensby
ce3fd370fb
FIX ManyMany link table joined with LEFT JOIN 2017-11-16 12:11:16 +00:00
Daniel Hensby
29e57d8015
Merge pull request #7608 from bummzack/patch-1
Fix HTTP::get_mime_type with uppercase filenames.
2017-11-16 11:48:11 +00:00
Daniel Hensby
4f3deb13e0
TEST filterAny on many_many relations return correct items 2017-11-16 11:10:12 +00:00
Patrick Nelson
52f0eadd3b
FIX for #7606: Ensure the object we're handling is actually an Image instance before calling methods specific to that class (e.g. in case of using SVG's in <img> tag which may be File instances). 2017-11-16 11:08:06 +00:00
Daniel Hensby
3d3096485b
TEST Uppercase file extensions return correct mime type 2017-11-16 11:01:25 +00:00
Roman Schmid
dda14e8959
Fix HTTP::get_mime_type with uppercase filenames.
The fallback of `HTTP::get_mime_type` (that uses a lookup instead of `finfo`) doesn't ensure the extension is converted to lowercase before the lookup. A file named `Image.JPG` will return `'application/unknown'`.
This change fixes this issue.
2017-11-16 10:56:34 +00:00
Damian Mooyman
ef86b16854
Merge pull request #7514 from dhensby/pulls/3.5/composer-autoload
Add composer autloading to v3
2017-11-02 11:41:35 +13:00
Chris Joe
a3351589e6 Merge pull request #7118 from phptek/issue/7116
FIX: Fixes #7116 Improves server requirements docs viz: OpCaches.
2017-10-26 11:05:47 +13:00
Russell Michell
00f1ad5d69 FIX: Fixes #7116 Improves server requirements docs viz: OpCaches. 2017-10-26 09:22:07 +13:00
Daniel Hensby
cbac375590
FIX Helpful warning when phpunit bootstrap appears misconfigured 2017-10-25 17:48:35 +01:00
Daniel Hensby
32cef975ef
FIX Use self::inst() for Injector/Config nest methods 2017-10-25 17:48:35 +01:00
Daniel Hensby
8aad080516
Add composer autoloading support to 3.x 2017-10-25 17:48:34 +01:00
Damian Mooyman
59cc45565b Merge pull request #7503 from andrewandante/patch-4
Spelling in DataQueryTest
2017-10-24 12:04:41 +13:00
Andrew Aitken-Fincham
c4a50a3d10 Spelling in DataQueryTest 2017-10-20 12:00:35 +01:00
Damian Mooyman
2b09216b0c Merge pull request #7270 from robbieaverill/pulls/3.6/fix-trailing-period-on-duplicate-folder-name
FIX Files without extensions (folders) do not have a trailing period added
2017-10-18 10:26:05 +13:00
Robbie Averill
2f579b64cb FIX Files without extensions (folders) do not have a trailing period added 2017-10-18 09:25:27 +13:00
Damian Mooyman
7f5ca56e36 Merge pull request #7455 from dhensby/pulls/fix-circular-ref-issue
FIX Dont use var_export for cache key generation
2017-10-10 10:16:16 +13:00
Daniel Hensby
264cec1239
FIX Dont use var_export for cache key generation as it fails on circular references 2017-10-09 10:13:39 +01:00
Daniel Hensby
f745442a55
Merge tag '3.5.5' into 3.5
Release 3.5.5
2017-09-28 17:16:31 +01:00
Daniel Hensby
393d1a9be6
Added 3.5.5 changelog 2017-09-28 15:37:07 +00:00
Daniel Hensby
6e78b9f8d2
Merge pull request #7406 from NightJar/patch-2
Fix ArrayList sort error with old (supported) PHP

PHP 5.3 at least (the reported and tested against version) requires arguments to `call_user_func_array` to be passed by reference. There exists a note as a comment in the code, but was unfortunately overlooked in a previous commit to fix case sensitive sorting 4998b80#diff-6ba746c3d31fd6b4c4a99d7efe35eb21L442

To solve this issue we simply first assign the constant to a variable, so we can then pass that by reference. This has no functional impact, however fixes an issue for users locked in to old PHP versions which we still list as supported (https://docs.silverstripe.org/en/3/getting_started/server_requirements/#web-server-software-requirements).
2017-09-28 15:46:38 +01:00
Dylan Wagstaff
ebe1de8d8b
Fix ArrayList sort error with old (supported) PHP
PHP 5.3 at least (the reported and tested against version) requires arguments to `call_user_func_array` to be passed by reference. There exists a note as a comment in the code, but was unfortunately overlooked in a previous commit to fix case sensitive sorting 4998b80445 (diff-6ba746c3d31fd6b4c4a99d7efe35eb21L442)

To solve this issue we simply first assign the constant to a variable, so we can then pass that by reference. This has no functional impact, however fixes an issue for users locked in to old PHP versions which we still list as supported (https://docs.silverstripe.org/en/3/getting_started/server_requirements/#web-server-software-requirements).
2017-09-28 15:29:54 +01:00
Daniel Hensby
1209b2ae13
Added 3.5.5-beta2 changelog 2017-09-20 13:41:04 +00:00
Daniel Hensby
72702dbd50 Merge pull request #43 from silverstripe-security/pulls/3.5/member-enumeration-timing-attack
[SS-2017-005] User enumeration via timing attack mitigated
2017-09-20 11:39:39 +01:00
Daniel Hensby
6b198336a8 Merge pull request #44 from silverstripe-security/patch/3.5/authenticator-fix
FIX Authenticators are more resilient to incomplete configuration
2017-09-20 11:38:38 +01:00
Daniel Hensby
f0262a8fd9
[SS-2017-005] User enumeration via timing attack mitigated 2017-09-20 11:33:22 +01:00
Daniel Hensby
1f256cf2d2
Added 3.5.5-beta1 changelog 2017-09-19 15:25:41 +00:00
Matthias Schelling
eacfe280c1
TreeDropdownField: replace onadd by onmatch
Makes TreeDropdownField work in situations where it's moved around in the DOM (e.g. when inside a drag'n'drop container)
2017-09-15 12:02:18 +01:00
Daniel Hensby
091d99f599
FIX Authenticators are more resilient to incomplete configuration 2017-09-12 15:57:03 +01:00
Damian Mooyman
c0003bca3d Merge pull request #7319 from open-sausages/pulls/3.5/no-combining-requirements
Fix add combinedFiles to clear logic - ss3
2017-08-29 13:47:52 +12:00
Christopher Joe
7b200a2a64 Fix add combinedFiles to clear logic 2017-08-29 12:57:41 +12:00
Daniel Hensby
9d2503c3da Merge pull request #7274 from PapaBearNZ/patch-1
Fix Truncate Error Issue when using views in a Unittest.
2017-08-25 11:51:36 +01:00