tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
23,235 Commits 31 Branches 527 Tags 162 MiB
3e5d99dedc
Commit Graph

2285 Commits

Author SHA1 Message Date
Thomas Portelange
3e5d99dedc
Prevent backslash in class name 
since the default code is using get_called_class, you can end up with \ in the class name which is an escape character for css selectors
this update convert for example

even valCMS_ACCESS_SilverStripe\VersionedAdmin\ArchiveAdmin
to
even valCMS_ACCESS_SilverStripe-VersionedAdmin-ArchiveAdmin

ArchiveAdmin class should probably implement     private static $required_permission_codes = 'CMS_ACCESS_ArchiveAdmin '; also
 2023-01-30 10:26:22 +01:00
Florian Thoma
bb8e3b8386
fix: optional return value for paginator state 
`$state->getData()->getData('GridFieldPaginator')' (line 598) returns null by default.
 2023-01-02 15:32:16 +11:00
Shiva Kerdel
4a1eb0c158
ISSUE-10615: Respect SS_BASE_URL scheme in CLI environment. 
Additionally set _SERVER variables for HTTPS and SSL to respect SS_BASE_URL scheme when executing builds and tasks through CLI.
This should solve base tags not being provided with the correct HTTP scheme. This is important to resolve mixed content issues and insecure requests.
 2022-12-20 11:13:02 +13:00
Guy Sartorelli
8bb712a461
Merge branch '4.11' into 4.12-release 2022-11-30 10:54:02 +13:00
Michal Kleiner
b107622400
FIX Improve rounding logic for storing of long decimal numbers (#10593) 
Co-authored-by: Michal Kleiner <michal.kleiner@cub3.com>
 2022-11-29 15:07:56 +13:00
Chris Penny
31d5aef520 Bugfix: SSViewer check object exists before calling prop or method 2022-11-24 13:18:56 +13:00
Steve Boyd
cb76f312a4 Merge branch '4.11' into 4.12-release 2022-11-21 13:44:23 +13:00
Steve Boyd
dc98cad48a Merge branch '4.10' into 4.11 2022-11-21 13:43:59 +13:00
Steve Boyd
fe13856769 [CVE-2022-37429] Sanitise XSS 2022-11-21 13:06:40 +13:00
Guy Sartorelli
17f1c7ceed
Merge pull request #10585 from creative-commoners/pulls/4.11/cve-2022-37430 
Sanitise mixed case javascript
 2022-11-21 13:03:30 +13:00
Guy Sartorelli
e5b81109de
Merge pull request #10584 from creative-commoners/pulls/4.11/cve-2022-38462 
Don't allow CRLF in header values
 2022-11-21 13:02:25 +13:00
Steve Boyd
4308a93cc8 [CVE-2022-38148] Validate SortColumn exists 2022-11-21 13:01:32 +13:00
Guy Sartorelli
b17b29eea1
Merge pull request #10583 from creative-commoners/pulls/4.11/cve-2022-38724-embed-shortcode 
Restrict embed shortcode attributes
 2022-11-21 13:01:23 +13:00
Lee Bradley
78b661dcf6
Prevent infinite loop when getting table name for ComponentID 
If the field isn't in the first 2 classes then would just continue to loop
Fix means it will continue going to parent classes

Can be seen in the UsedOnTable in `admin` module if you have injected a new `Image` class that extends the built in one
 2022-11-10 14:00:29 +00:00
Guy Sartorelli
ed63beeeee
Merge branch '4.11' into 4 2022-11-09 10:53:09 +13:00
Loz Calver
7f8f5afc91 Ensure forms/fields overridden by onBeforeRender() can override templates 2022-11-02 11:57:57 +00:00
Loz Calver
e2cb683f14 FIX: Stop FormField onBeforeRenderHolder extension result being overridden 2022-11-02 10:06:23 +00:00
Loz Calver
c925fae180 NEW: Add onBeforeRender extension hook to Form 2022-11-02 10:05:02 +00:00
Steve Boyd
9091d64652 API Deprecate Member::create_new_password() 2022-11-02 10:08:27 +13:00
Steve Boyd
b1dc861aac NEW Record deprecated config 2022-10-31 19:00:59 +13:00
Steve Boyd
a3c1cb0ddf
ENH Set PasswordEncryption on default admin 2022-10-27 13:57:27 +13:00
Guy Sartorelli
168ca00555
[CVE-2022-38724] Restrict embed shortcode attributes 2022-10-26 09:31:12 +13:00
Steve Boyd
59b980edd7 Merge branch '4.11' into 4 2022-10-21 11:46:39 +13:00
Steve Boyd
897f9906f9 FIX Handle calling Deprecation::notice() before manifests are available 2022-10-21 10:08:31 +13:00
Steve Boyd
bd2eb15c72 FIX Ensure Deprecation works with 1.x branches 2022-10-20 13:14:58 +13:00
Steve Boyd
e3a6cad8a8 FIX Allow passing objects to InjectionCreator::create() 
Co-authored-by: Nate Devereux <nate@daveclark.co.nz>
 2022-10-19 18:04:48 +13:00
Phillip King
c4b3d5304d Update tinymce links in comments 2022-10-14 16:11:58 +13:00
Steve Boyd
9c453abf89 API Update deprecations 2022-10-13 14:49:15 +13:00
Steve Boyd
33b6a00f49 ENH Update deprecation messages 2022-10-13 14:48:40 +13:00
Steve Boyd
e6aa183eb4 API Update deprecations for SapphireTest and FunctionalTest 2022-10-13 14:05:49 +13:00
Steve Boyd
2991901660 ENH Update deprecation messages 2022-10-13 14:05:49 +13:00
Steve Boyd
7b87926428 ENH Update deprecation messages 2022-10-13 14:05:49 +13:00
Steve Boyd
9f541b9a04 MNT Remove deprecation from private method 2022-10-13 14:05:49 +13:00
Steve Boyd
cc49036616 ENH Standardise deprecation messages 2022-10-13 14:05:49 +13:00
Steve Boyd
0852f504fb API Update deprecations for SapphireTest and FunctionalTest 2022-10-13 14:05:49 +13:00
Steve Boyd
1ee0aff1d1 FIX Prevent infinite loops in Deprecation::notice() 2022-10-13 13:37:29 +13:00
Steve Boyd
906cd0e76d
API Deprecate render() (#10527) 2022-10-07 14:44:02 +13:00
Guy Sartorelli
8419984b36
Merge pull request #10517 from creative-commoners/pulls/4/deprecate-swiftmailer 
API Deprecate swiftmailer
 2022-10-07 09:37:11 +13:00
Steve Boyd
96a931d24f API Deprecate swiftmailer 2022-10-06 09:52:06 +13:00
Christian Bünte
e24fb3f86c
Fix i18nTextCollector produces corrupt output / namespaces when running under PHP8.0 (#10228) 
* FIX i18nTextCollector produces corrupt output / namespaces when running under PHP8.0
 2022-09-29 13:40:40 +13:00
Guy Sartorelli
421864d111
Merge branch '4.11' into 4 2022-09-29 09:41:06 +13:00
Thomas Portelange
54892fa267
request may not have a session 
see https://github.com/silverstripe/silverstripe-framework/pull/10512
 2022-09-28 10:44:13 +02:00
Guy Sartorelli
4a598ded51
FIX Allow removing named extensions in yaml config 2022-09-27 13:15:28 +13:00
Bram de Leeuw
f78c3ee5bb
Member updateName extension hook 
Allow updating the Member name from an extension
 2022-09-26 16:57:39 +02:00
Steve Boyd
5111b56ac9 ENH Add PHP 8.1 safe null-coalescing operators to peg file 2022-09-15 12:59:05 +12:00
Guy Sartorelli
c4eadcd074
Merge branch '4.11' into 4 2022-09-09 16:47:49 +12:00
Guy Sartorelli
d3c28579b7
[CVE-2022-38462] Don't allow CRLF in header values 2022-09-07 11:22:07 +12:00
Guy Sartorelli
6d885ab894
FIX Normalise casing before casting fields 2022-08-25 17:36:06 +12:00
Viktor Szépe
94d1ac8d99
ENH Various changes via static analysis tooling 2022-08-24 12:14:32 +12:00
Steve Boyd
2b5420ee7d [CVE-2022-37430] Sanitise mixed case javascript 2022-08-23 15:36:48 +12:00