Commit Graph

139 Commits

Author SHA1 Message Date
Damian Mooyman
4415a75d93 BUG Fix issue with versioned dataobjects being cached between stages 2014-03-27 13:17:29 +13:00
Ingo Schommer
b489f40866 Added 3.0.9 changelog 2014-03-03 10:19:08 +13:00
Ingo Schommer
2bc62f2e71 Added changelog links 2014-02-19 15:39:54 +13:00
Ingo Schommer
ec02df2160 Removed SS-2014-002 from changelog, not backported to 3.0 2014-02-19 15:22:12 +13:00
Ingo Schommer
a6f794c3b9 Added 3.0.9-rc1 changelog 2014-02-19 15:20:24 +13:00
Ingo Schommer
65b4407337 FIX "Draft" stage to fix dev/build, Versioned docs (fixes #2619) 2013-11-03 21:27:26 +01:00
Ingo Schommer
e4adff48bc Added 3.0.8 changelog 2013-10-07 01:31:28 +02:00
Sean Harvey
5e5a2f8845 Merge pull request #2288 from chillu/pulls/browser-spellcheck
API Disable discontinued Google Spellcheck in TinyMCE (#2213)
2013-10-03 14:42:45 -07:00
Ingo Schommer
6de517bf72 3.0.7 changelog 2013-10-01 00:26:11 +02:00
Ingo Schommer
652682c048 3.0.6 changelog 2013-09-26 11:33:42 +02:00
Ingo Schommer
ffb316dbc9 Added 3.0.7-rc1 changelog 2013-09-26 01:32:41 +02:00
Ingo Schommer
e1f9458db1 Added 3.0.7 changelog 2013-09-24 21:54:34 +02:00
Stephen Shkardoon
f765696d26 Update 3.0.6.md
Add reference to information disclosure in Versioned.php (SS-2013-006)
2013-09-13 10:34:51 +12:00
Ingo Schommer
a6b402f491 Added 3.0.6-rc2 changelog 2013-09-12 16:48:15 +02:00
Ingo Schommer
8b5c8eab72 Linking to older security issue in change log
Mainly for consistency with the newer format
2013-09-12 15:42:43 +02:00
Ingo Schommer
05757efceb FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:43 +02:00
Ingo Schommer
6cff9671d4 FIX Privilege escalation through Group and Member CSV upload (SS-2013-004)
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
2013-09-12 15:42:43 +02:00
Ingo Schommer
720c149aee FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:42 +02:00
Ingo Schommer
7a117fe713 Added 3.0.6-rc1 changelog 2013-08-07 20:55:10 +02:00
Ingo Schommer
a213afd888 Added 3.0 changelog 2013-08-07 20:16:59 +02:00
Ingo Schommer
00ffe72944 Translations: Switch to Transifex format
- Based on new (last) translation download from getlocalization.com
- Removed untranslated strings. Getlocalization started including those at some point
which is highly annoying, unnecessary and breaks the new transfix system,
since it'll mark all of the english strings as actual translations
- Avoid dots in entities. It confuses the Transifex YML parser
- Removed some locales unknown to Transifex which didn't have any translations anyway
- Removed "lolcat" locale, uses custom notation (en@lolcal)
  which SilverStripe's i18n system can't handle
  (needs mapping from SS naming to Zend naming)
- Renamed "Te Reo/Maori" locale from "mi_NZ" to "mi" (Transifex/CLDR notation)
- Namespaced all entities used in templates (deprecated usage)
- Converted dots to underscores where template filenames are used for namespaces,
since Transifex YML parsing handles them as separate YML keys otherwise
- Removed whitespace in entity names, SilverStripe i18n can't handle it
- Only allow selection of locales registered through i18n::$all_locales to avoid
  issues with unknown locales in Zend's CLDR database
2013-08-07 00:25:16 +02:00
Ingo Schommer
0e7231ff60 API Disable discontinued Google Spellcheck in TinyMCE
Replaced by browser-based spellchecking if available (Chrome, Firefox),
with instructions on how to use PSpell as an alternative.
2013-08-03 16:16:45 +02:00
Hamish Friedlander
1298d4a5bd FIX Prevent DOS by checking for env and admin on ?flush=1 (#1692) 2013-07-19 12:24:32 +12:00
Sam Minnee
eb583c5f14 NEW: Added DataObject::getQueriedDatabaseFields() as faster alternative to toMap()
API: CompositeDBField::setValue() may be passed an object as its second argument, in addition to array.

These changes provide a 15% - 20% performance improvement, and as such justify an small API change in the 3.0 branch. It will likely affect anyone who has created their own composite fields, which is fortunately not all that common.
2013-04-21 13:39:11 +12:00
Ingo Schommer
99ca0471f7 Merge remote-tracking branch 'origin/2.4' into 3.0
Conflicts:
	control/RequestHandler.php
	core/control/ContentController.php
	dev/CsvBulkLoader.php
	docs/en/changelogs/index.md
	docs/en/reference/execution-pipeline.md
	docs/en/topics/commandline.md
	docs/en/topics/controller.md
	docs/en/topics/form-validation.md
	docs/en/topics/forms.md
	docs/en/topics/security.md
	model/MySQLDatabase.php
	security/Security.php
	tests/control/ControllerTest.php
	tests/control/RequestHandlingTest.php
2013-03-19 13:56:04 +01:00
Ingo Schommer
9ceef6be07 Added changelog 2013-02-20 00:39:00 +01:00
Ingo Schommer
37b8034462 Fixed changelog 2013-02-18 01:34:51 +01:00
Ingo Schommer
ad9f26a00f Updated changelog 2013-02-18 01:29:30 +01:00
Ingo Schommer
62987139d4 Updated changelog 2013-02-18 01:19:33 +01:00
Ingo Schommer
56ad1d027e Updated changelog 2013-02-18 01:03:57 +01:00
Ingo Schommer
f06ba70fc9 BUG Undefined $allowed_actions overrides parent definitions, stricter handling of $allowed_actions on Extension
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.

Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
2013-02-17 23:30:36 +01:00
Ingo Schommer
303352926b 3.0.4 changelog update 2013-02-17 23:28:22 +01:00
Ingo Schommer
50995fbecb BUG Undefined $allowed_actions overrides parent definitions, stricter handling of $allowed_actions on Extension
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.

Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
2013-02-17 23:16:22 +01:00
Ingo Schommer
ede381326b BUG Secure composer files from web access (fixes #8011)
Already applied to root .htaccess, but required for dynamically
generated file from installer as well. Also added upgrade instructions.
2013-02-17 22:33:04 +01:00
Ingo Schommer
d969e29d00 API Require ADMIN for ?showtemplate=1 2013-02-12 23:26:04 +01:00
Nicolaas
7f4541e9f0 Update docs/en/changelogs/3.0.0.md
minor typo
2013-01-29 17:11:47 +01:00
Ingo Schommer
c6b1d4aa6b API Storing alternative DB name in cookie rather than session
Session is not initialized by the time we need to use
the setting in DB::connect(). Cookie values get initialized
automatically for each request.

Tightened name format validation to ensure it can only
be used for temporary databases, rather than switching
the browser session to a different production database.

Encrypting token for secure cookie usage.
Added dev/generatesecuretoken to generate this token.
Not storing in YML config directly because of web access issues.
2012-12-13 23:21:48 +01:00
Ingo Schommer
3fad49e2c0 2.4.9 changelog 2012-12-04 22:47:47 +01:00
Hamish Friedlander
e934030bc1 Merge changes for 3.0.3 release into 3.0 2012-11-26 11:34:28 +13:00
Hamish Friedlander
77f7778b4a Add 3.0.3 changelog 2012-11-26 11:20:21 +13:00
Hamish Friedlander
5edf86fe7a Merge branch '3.0.3' into 3.0 2012-11-16 14:57:50 +13:00
Hamish Friedlander
fb7db6de6d Add 3.0.3-rc2 changelog 2012-11-16 14:45:20 +13:00
Sean Harvey
34f9c8e866 adding 3.0.3-rc1 to changelog index 2012-11-06 10:58:55 +13:00
Sean Harvey
896ce60432 Adding changelog for 3.0.3-rc1 2012-11-06 10:41:24 +13:00
Ingo Schommer
a7753dfa5b Moved GridField docs to reference 2012-10-30 18:59:26 +01:00
Ingo Schommer
a502b222cc Merge remote-tracking branch 'origin/2.4' into 3.0 2012-10-30 17:24:52 +01:00
Ingo Schommer
9e595db7f3 Changelogs 2012-10-30 17:00:41 +01:00
Juan Molina
f6f96a630e Update docs/en/changelogs/3.0.0.md
Fixed broken links. Hash links were not working. I don’t know how to hide heading-anchor-link links. Tried to correct some layout errors (code quotes).
2012-10-25 17:21:31 +03:00
Sean Harvey
ea35b08634 Added 3.0.2 changelog (and added missing 3.0.1 changelog to the list) 2012-09-17 13:25:31 +12:00
Ingo Schommer
db1bffb054 Added 3.0.2-rc2 changelog 2012-09-12 11:17:40 +02:00