Commit Graph

3675 Commits

Author SHA1 Message Date
Maxime Rainville
95505db7d6 [SS-2018-021] Fix potential SQL vulnerability in non-scalar value hyrdation 2019-02-12 21:08:09 +13:00
Robbie Averill
d116b9a8d2 Add test for shortcode parsing with querystring and anchor 2019-01-29 13:15:17 +02:00
Guy Marriott
6edcbe9086
Merge pull request #8592 from open-sausages/pulls/4.0/tree-multiselect-null
FIX TreeMultiselectField passes value 'unchanged' as null to ORM
2018-12-06 14:23:48 +13:00
Serge Latyntcev
4ee63eb4e7 TreeMultiselectFieldTest / make scrutinizer happy 2018-11-29 12:13:56 +13:00
Serge Latyntcev
38f8217f01 TreeMultiselectFieldTest / setUp is protected in PHPUnit5 2018-11-29 09:55:28 +13:00
Serge Latyntcev
f526c794fc Minor / Refactor php tests for TreeMultiselectField 2018-11-23 16:03:44 +13:00
Serge Latyntcev
9ce6d91b76 FIX / TreeMultiselectField::objectForKey handles list of IDs correctly 2018-11-22 12:11:18 +13:00
Serge Latyntcev
80885fc231 ADD php test TreeMultiselectField::testEmptyChoiceReadonly 2018-11-20 16:45:23 +13:00
Loz Calver
b5bae137bd FIX: Redirect loop with multiple confirmation tokens present (fixes #8607) 2018-11-15 10:59:42 +00:00
Werner M. Krauß
3f321f935a Convert::memstring2bytes should return integer value
bytes are by nature an integer

fixes #8572
2018-11-07 17:01:36 +01:00
Loz Calver
11fe5b3adf Implement ConfirmationTokenChain to handle multiple tokens at once 2018-11-07 11:33:24 +13:00
Loz Calver
8d7c2dafab [SS-2018-019] Add confirmation token to dev/build 2018-11-07 11:33:24 +13:00
Werner M. Krauß
adafd73943 Convert::memstring2bytes should preserve -1
fixes #8570
2018-11-06 10:22:13 +01:00
Daniel Hensby
4acec33562
FIX Fixed bug in config merging priorities so that config values set by extensions are now least important instead of most important 2018-07-12 00:55:39 +01:00
Robbie Averill
27e24a4728
Merge pull request #8142 from open-sausages/pulls/4.0/fix-injector-empty
BUG Safely handle empty injector factory responses
2018-06-11 15:20:24 +12:00
Damian Mooyman
546c6c3e22
Merge pull request #8125 from open-sausages/pulls/4/date-field-tweaks
Remove legacy logic from DateField_Disabled
2018-06-11 09:23:33 +12:00
Daniel Hensby
cfe93b7f23
Merge branch '3.6' into 4.0 2018-06-08 14:41:04 +01:00
Maxime Rainville
582c69d32f
BUG Fix issue with Disabled DateField always display (not set). 2018-06-08 13:51:22 +01:00
Damian Mooyman
e37e3e1746
BUG Fix test that relies on implicit ID order breaking postgres 2018-06-08 11:23:24 +12:00
Damian Mooyman
c070e989c4
BUG Safely handle empty injector factory responses
Fixes issue with ImageBackendFactory returning null and breaking injector
2018-06-06 16:45:16 +12:00
Daniel Hensby
801a51d0f7
Merge branch '3.5' into 3.6 2018-06-05 16:30:20 +01:00
Daniel Hensby
41e601a036
FIX Regression from #8009 2018-06-04 17:03:05 +01:00
Robbie Averill
3a537bc745 Merge branch 'heads/4.0.4' into 4.0 2018-05-28 17:50:07 +12:00
Robbie Averill
dae8fefb1e Merge remote-tracking branch 'origin/3.5' into 3.6 2018-05-28 17:43:55 +12:00
Robbie Averill
df4648a308 Merge branch 'heads/3.5.8' into 3.5 2018-05-28 17:42:31 +12:00
Robbie Averill
e7e32d13a3
FIX Add namespace and encryptor to tests that expect blowfish to be available 2018-05-24 11:24:56 +12:00
Aaron Carlino
f847f186b1 [ss-2018-013] Remove password text from session data on failed submission 2018-05-14 17:14:38 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47 [SS-2018-010] Fix regression of SS-2017-002 2018-05-14 17:12:07 +12:00
Robbie Averill
1e6790bfb6
Merge pull request #62 from silverstripe-security/pulls/4.0/ss-2018-001
[ss-2018-001] Restrict non-admins from being assigned to admin groups
2018-05-14 17:11:03 +12:00
Damian Mooyman
e409d6f673 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-14 17:10:22 +12:00
Robbie Averill
39b62e5fbb
Merge pull request #61 from silverstripe-security/pulls/4.0/ss-2018-008
[ss-2018-008] Validate against malformed urls
2018-05-14 17:07:09 +12:00
Damian Mooyman
9053014a7e [ss-2018-008] Validate against malformed urls 2018-05-14 17:06:47 +12:00
Robbie Averill
6f50728b18
Merge pull request #59 from silverstripe-security/pulls/4.0/ss-2018-006
[ss-2018-006] Prevent code execution in template value resolution
2018-05-14 17:06:04 +12:00
Damian Mooyman
2e13ae746f [ss-2018-006] Prevent code execution in template value resolution 2018-05-14 17:05:31 +12:00
Damian Mooyman
d935140a95 [ss-2018-005] Prevent unauthenticated isDev / isTest being allowed 2018-05-14 17:03:39 +12:00
Damian Mooyman
5771388821 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-09 15:12:40 +12:00
Daniel Hensby
80bf0fc487
FIX bad syntax 2018-05-02 11:43:12 +01:00
Daniel Hensby
d5e2d3fa67
Merge branch '3.6' into 4.0 2018-05-01 21:47:17 +01:00
UndefinedOffset
fe4b90edc0 FIX: Duplicating many_many relationships looses the extra fields in 4.0 2018-04-18 11:49:20 -03:00
Daniel Hensby
8359f3dc97
Merge branch '3.5' into 3.6 2018-04-18 13:14:07 +01:00
UndefinedOffset
af3a9f3ec8
FIX: Duplicating many_many relationships looses the extra fields (fixes #7973) 2018-04-18 12:16:02 +01:00
Damian Mooyman
c54b07a952
API Update to use new chromedriver + behat-extension + facebook/webdriver 2018-04-12 14:19:14 +12:00
Roman Schmid
40c2e299a0 Fix "mb_stripos(): Empty delimiter" warning when no search-keywords are given for DBText::ContextSummary.
Add unit-test to cover that case.
2018-03-01 11:39:30 +01:00
Aaron Carlino
0863bac29a Update getVariables to return a copy of globals rather than including the reference in an array merge 2018-02-27 09:52:36 +13:00
Damian Mooyman
b27102f810
BUG Fix incorrect assets created when ASSETS_PATH !== BASE_PATH . '/assets' 2018-02-26 13:12:08 +13:00
Damian Mooyman
0e26c06644
BUG Fix behaviour towards versioned but unstagable records 2018-02-20 12:20:18 +13:00
Daniel Hensby
9c50b03b86
Merge branch '3.5' into 3.6 2018-02-13 14:30:29 +00:00
Jonathon Menz
c767e472dc FIX DataObject singleton creation
Ensure DataObject instances are aware they are singletons so functions like populateDefaults() can be skipped. (fixes #4878)
2018-02-12 20:30:35 -08:00
Daniel Hensby
e298fcc345
Merge branch '3.6' into 4.0 2018-02-09 14:32:58 +00:00