silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00

Author	SHA1	Message	Date
Maxime Rainville	49fda52b12	Merge pull request #94 from silverstripe-security/fix/cve-2019-19325 CVE-2019-1935	2020-02-17 12:54:40 +13:00
Serge Latyntcev	ad1b00ec7d	[CVE-2019-19325] XSS through non-scalar FormField attributes Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. There is no known attack vector for extracting user-session information or credentials automatically, it required a user to fall for the phishing attempt. XSS can also be used to modify the presentation of content in malicious ways.	2020-02-17 09:58:29 +13:00
Mojmir Fendek	99786dda22	ORM Column now supports related table lookup	2020-01-28 15:46:30 +13:00
Serge Latyntcev	8219491705	Merge branch '4.3' into 4.4	2019-11-20 11:08:35 +13:00
Damian Mooyman	e76601e5c8	BUG FormAction title property cannot be set if useButtonTag is false	2019-10-29 17:21:45 +13:00
Serge Latyntcev	0cf5d4cbe2	Merge branch '4.3' into 4.4	2019-10-18 15:58:13 +13:00
Serge Latyntcev	46b9530d88	PSR2 linting fixes	2019-10-18 15:31:39 +13:00
Serge Latyntcev	dcbe6d0310	Merge branch '4.3' into 4.4	2019-10-18 10:57:35 +13:00
Damian Mooyman	d7752b7945	Run PSR2 Lint cleaner	2019-10-04 13:26:31 +13:00
Serge Latyntcev	7db524bd90	FIX DebugViewFrendlyErrorFormatter handle of admin_email	2019-10-04 10:26:54 +13:00
Garion Herman	0d27f32cc9	FIX Add 'legal empty attributes' to allow empty alt values on imgs In some situations, a caption is used in place of a value in the alt attribute, and in others an image may be cosmetic and not in need of an alt attribute value (though the alt attribute must still be rendered in this case).	2019-09-24 11:44:12 +12:00
Robbie Averill	3cfc21c405	Merge pull request #9241 from open-sausages/pulls/4.4.3/fix-file-permission Fix administrators not being able to see files that are restricted to groups	2019-09-23 11:13:26 -07:00
bergice	6a1c6ecec6	Fix administrators not being able to see files that are restricted to groups Resolves https://github.com/silverstripe/silverstripe-asset-admin/issues/777	2019-09-23 16:44:28 +12:00
Robbie Averill	592ab6abc1	Merge branch '4.3' into 4.4	2019-09-13 18:11:34 -07:00
Maxime Rainville	591b88a9bc	BUG Allow infinite loop when calling DataObject::writeComponent() recursively	2019-09-10 14:15:28 +12:00
Maxime Rainville	24015c7767	Merge branch '4.3' into 4.4	2019-09-04 09:42:09 +12:00
Robbie Averill	77ba8391c4	FIX Byte Order Marks (BOM) are now stripped when importing CSV files	2019-08-29 14:54:57 +12:00
Robbie Averill	11a7d6ccb4	Rename test to be clearer about its intent Co-Authored-By: Guy Marriott <guy@scopey.co.nz>	2019-08-16 09:49:36 +12:00
Robbie Averill	bae7e32680	FIX Member::changePassword() no longer applies password validation rules to the hashed value	2019-08-16 09:06:07 +12:00
Robbie Averill	f354e2018d	FIX Set minimum test scores and password length for Members while running fixtured DataObject tests	2019-08-15 15:23:11 +12:00
Robbie Averill	4b44272367	Merge branch '4.3' into 4.4	2019-08-14 09:30:53 +12:00
Robbie Averill	d63e4b520c	Merge branch '4.2' into 4.3	2019-08-14 09:30:41 +12:00
UndefinedOffset	c1ffc4edfb	Added unit tests for multiple relationship sorting	2019-07-29 10:45:10 -03:00
Serge Latyntcev	d667d64f13	Merge branch '4.3' into 4.4	2019-07-15 09:18:17 +12:00
Serge Latyntcev	fcd7a1e63e	FIX core memory limit test	2019-07-12 16:30:25 +12:00
Serge Latyntsev	7ef13e7ef6	FIX Confirmation components to respect SS_BASE_URL (#9074 )	2019-07-05 16:05:41 +12:00
Sam Minnee	96e7914f23	FIX: Fix MySQLQuery::seek() and Query::rewind() to fix repeated iteration API: Query::seek() and Query::rewind() no longer return a value. Although breaking an API inside a patch release may seem odd, this in fact is correcting a long-standing bug in our implementation of Iterator::rewind(), so I think it’s appropriate. https://github.com/silverstripe/silverstripe-framework/issues/9097	2019-07-03 09:20:05 +12:00
Aaron Carlino	c747b1f8d3	Merge branch '4.3' into 4.4	2019-06-10 17:32:07 +12:00
Aaron Carlino	f766555d61	Merge branch '4.2' into 4.3	2019-06-10 17:27:05 +12:00
Serge Latyntcev	ca56e8d78e	[CVE-2019-12246] Denial of Service on flush and development URL tools	2019-06-10 17:23:56 +12:00
Robbie Averill	14673ffd0a	Merge branch '4.3' into 4.4	2019-05-30 09:35:26 +12:00
Robbie Averill	188698dcee	Merge branch '4.2' into 4.3	2019-05-30 09:35:17 +12:00
Robbie Averill	3e2fc6aa0b	Automated phpcbf linting	2019-05-30 09:34:34 +12:00
Aaron Carlino	3f1479edbb	BUGFIX: DataQuery overwriting _SortColumn selects (#8974 ) * BUGFIX: DataQuery overwriting _SortColumn selects * FIX DataQuery _SortColumn handling	2019-05-15 11:42:10 +12:00
Maxime Rainville	8ee50d2ba7	API Remove DataObjectSchema::getFieldMap() (#8960 ) Introduced as a less public API in https://github.com/silverstripe/silverstripe-assets/pull/227	2019-05-06 12:33:23 +12:00
Guy Marriott	82c8225502	Merge branch '4.3' into 4.4	2019-05-03 09:45:25 +12:00
Serge Latyntcev	3d777cfb8a	Backward compatible behaviour for SQLConditionalExpression::getJoins	2019-05-02 15:39:36 +12:00
Andre Kiste	0c6c57f1ef	Add `getFieldMap` method to retrieve a list of all fields for any giv… (#8892 ) * Add `getFieldMap` method to retrieve a list of all fields for any given class * Add `TagsToShortcodeTask` to upgrading guide Adding after the file migration part as this is where it makes the most sense to run it. * `getFieldMap` accepts an array * Move to `DataObjectSchema` * Add `HTMLVarchar` to documentation Minor refactoring * Add test for checking that `subclassesfor` works without the base class Add test `DataObjectSchema::getFieldMap` returns the correct array * Remove cms dependency	2019-04-30 10:43:14 +12:00
Aaron Carlino	c63eecc3e1	Merge branch '4.3' into 4	2019-04-18 11:57:36 +12:00
Sam Minnée	155a9bb1f9	Merge pull request #8934 from creative-commoners/pulls/4.4/pdostgresql-boolean-consistency FIX Postgres booleans should return as int for consistency	2019-04-17 15:43:35 +12:00
Guy Marriott	da1af3d8b0	FIX Postgres booleans should return as int for consistency	2019-04-17 15:15:17 +12:00
Guy Marriott	cc1fdf603b	Resolve incorrect empty string assertion in tests	2019-04-17 13:29:54 +12:00
Guy Marriott	9d6b5048a6	FIX Table aliases are retained on base tables in queries built using SQLConditionalExpression (#8918 ) * Adding failing test for base table aliases using SQLSelect * FIX Retain table aliases applied to the base table on queries * FIX Move the trimmed alias outside of the condition so we can use it within the condition	2019-04-16 15:40:09 +12:00
Ralph Slooten	66c372ce28	Include baseURL with relative setGetVar() links (#8834 ) * Return baseURL with setGetVar * Adjust testSetGetVar tests for base url	2019-04-15 14:50:46 +12:00
Robbie Averill	8a06682e31	Merge branch '4.3' into 4 # Conflicts: # src/ORM/Connect/DBSchemaManager.php	2019-04-11 11:24:17 +12:00
Sam Minnee	d295888838	MINOR: Improve type testing	2019-04-05 15:11:21 +13:00
Sam Minnee	2625cea5e3	MINOR: Add a test that 0 is falser on int, decimal, currency Validates that https://github.com/silverstripe/silverstripe-framework/issues/3473 has been fixed The bug was fixed in #8448	2019-04-05 15:11:21 +13:00
Sam Minnee	4f4153c834	MINOR: Test test to validate that multiple GreaterThan filters in a filterAny work. Confirms https://github.com/silverstripe/silverstripe-framework/issues/3995 isn’t a bug.	2019-04-05 15:05:42 +13:00
Robbie Averill	123d483213	MemberTest and SecurityTest now set the default authenticator to use	2019-04-05 11:26:29 +13:00
Guy Marriott	a9d57f5bfb	Merge pull request #8241 from creative-commoners/pulls/4.3/separate-logging Separate core error logging from standard LoggerInterface	2019-04-05 08:49:09 +13:00

1 2 3 4 5 ...

706 Commits