tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-20 00:16:55 +02:00
Code Issues Projects Releases Wiki Activity
18,827 Commits 30 Branches 526 Tags 156 MiB
4dbc2a99e5
Commit Graph

18827 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Damian Mooyman
7cf7a7094c Merge pull request #7000 from kinglozzer/uploadfield-size-ini 
FIX: Upload_Validator failed to fetch max size from PHP ini values (fixes #6999)
 2017-06-07 15:48:27 +12:00
Daniel Hensby
856aa79892 Merge pull request #6987 from open-sausages/pull/4.0/3239-consisten-fist-last-returns 
Consistent return values for first and last methods
 2017-06-06 16:59:04 +01:00
Loz Calver
4ad2cae864
FIX: Upload_Validator failed to fetch max size from PHP ini values (fixes #6999) 2017-06-06 14:28:03 +01:00
Damian Mooyman
8c0ced311f Merge pull request #6998 from AntonyThorpe/StrictFormMethodCheck 
Updated Form.php & 04_Form_Security.md  - strictFormMethodCheck to true
 2017-06-06 23:06:11 +12:00
Damian Mooyman
057bfdae79 Merge pull request #6991 from jacobbuck/feature/3.6/extend-file-get-url 
NEW Add 'updateURL' extension hook to File::getURL()
 2017-06-06 21:28:16 +12:00
Antony Thorpe
6348f2e3e8 Updated Form.php & 04_Form_Security.md 
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
 2017-06-06 21:10:49 +12:00
Damian Mooyman
ba44c4c30d Merge pull request #6988 from open-sausages/pulls/4.0/print-with-gotink 
Fixes printing from crashing
 2017-06-06 18:33:11 +12:00
Damian Mooyman
058ba813e6 Merge pull request #6986 from open-sausages/pulls/3.0/but-its-so-tinymce 
Fix tinymce image selection issue in newer versions of Chrome
 2017-06-06 17:24:31 +12:00
Saophalkun Ponlu
e267d29b9a BUG Consistent return values for first and last methods 2017-06-06 17:22:55 +12:00
Jacob
92b7341200 Call $this->extend('updateURL', $url); befor returning $url 2017-06-06 13:38:11 +12:00
Christopher Joe
d12c986dd5
Fixes printing from crashing 2017-06-06 13:31:37 +12:00
Damian Mooyman
9b965ed5fa
Add in missing changelog notes 2017-06-06 11:08:05 +12:00
Christopher Joe
5f5bfa5e70 Fix create temp folder if it does not exist 2017-06-06 09:58:51 +12:00
Jacob Buck
2305255699 Add updateURL extension hook to File::getURL 2017-06-05 15:17:37 +12:00
Loz Calver
035a9b049e Merge pull request #6990 from dhensby/pulls/3.6/constructor-fixes 
FIX Upgrade old style constructors that were missed
 2017-06-02 12:47:21 +01:00
Daniel Hensby
a52ed03b49
FIX Upgrade old style constructors that were missed 2017-06-02 12:22:33 +01:00
Christopher Joe
4b9d5dceb8 Fix tinymce image selection issue in newer versions of Chrome 2017-06-02 15:06:16 +12:00
Ingo Schommer
b137e91998 Internal security process docs 2017-06-02 11:30:12 +12:00
Daniel Hensby
9a0e01d4a0
NEW DB Driver defaults to PDO 2017-06-01 11:00:35 +01:00
Daniel Hensby
bf8d4252e3 Merge pull request #6983 from JustinTBrown/patch-1 
Update to 00_CSV_Import.md
 2017-05-31 19:17:33 +01:00
Justin Brown
ac08e16720 Update to 00_CSV_Import.md 
Adding further explanation for using a custom CsvBulkLoader in ModelAdmin instead of the default one. I think some people might be able to guess at this, but others (like me) might benefit from making things a bit more explicit. This a follow up from my [question on StackOverflow](https://stackoverflow.com/questions/44271755/adding-custom-csvbulkuploader-to-modeladmin-in-silverstripe).
 2017-05-31 09:05:05 -06:00
Chris Joe
44f27645bd Merge pull request #6981 from edlinklater/patch-1 
Docs: Correct Stevie's name on committers page
 2017-05-31 13:40:31 +12:00
Ed Linklater
f007fca51f Docs: Correct Stevie's name on committers page 2017-05-31 12:27:06 +12:00
Daniel Hensby
21d2e5cad1
Merge branch '3.6' into 3 2017-05-31 00:12:14 +01:00
Daniel Hensby
becb769167
Merge branch '3.5' into 3.6 2017-05-31 00:11:48 +01:00
Daniel Hensby
653c891f38
Merge tag '3.6.0' into 3.6 
Release 3.6.0
 2017-05-31 00:11:47 +01:00
Daniel Hensby
294df1320f
Merge branch '3.4' into 3.5 2017-05-31 00:11:18 +01:00
Daniel Hensby
ff0bbce326
Merge tag '3.5.4' into 3.5 
Release 3.5.4
 2017-05-31 00:11:18 +01:00
Daniel Hensby
cf8f781238
Merge tag '3.4.6' into 3.4 
Release 3.4.6
 2017-05-31 00:10:48 +01:00
Daniel Hensby
143c4a63cf
Added 3.6.0 changelog 2017-05-30 22:11:03 +00:00
Daniel Hensby
90c2a7de11 Merge pull request #6979 from dhensby/pulls/bracket-test-only 
FIX Bracket should implement TestOnly
 2017-05-30 23:10:16 +01:00
Daniel Hensby
2f7f761a9c
Added 3.5.4 changelog 2017-05-30 22:03:17 +00:00
Daniel Hensby
deca99a5fe
Added 3.4.6 changelog 2017-05-30 21:58:52 +00:00
Daniel Hensby
13ee3148d9
FIX Bracket should implement TestOnly 2017-05-30 22:44:24 +01:00
Daniel Hensby
11de4abe0a Merge pull request #6977 from andrewandante/FIX/move_dotenv_higher 
move TRUSTED_PROXY below .env loader
 2017-05-30 12:41:09 +01:00
Andrew Aitken-Fincham
8f44b8f0ba move trusted_proxy_ips below .env loader 2017-05-30 12:18:47 +01:00
Damian Mooyman
b27ef810d4 Merge pull request #6974 from colintucker/fix-csv-bulk-loader 
Fixes a bug with split file names during CSV import
 2017-05-30 16:18:06 +12:00
Chris Joe
8efaa180a4 Merge pull request #6969 from open-sausages/pulls/4.0/insert-page-link 
API Remove legacy HTMLEditor classes
 2017-05-30 11:42:08 +12:00
Damian Mooyman
e7d87add9f API Remove legacy HTMLEditor classes 2017-05-30 11:01:28 +12:00
Damian Mooyman
36e3a43bdb Merge pull request #6976 from nfauchelle/patch-5 
Update 05_Dataobject_Relationship_Management.md
 2017-05-30 10:05:27 +12:00
Damian Mooyman
f2fbabec17 Merge pull request #6975 from nfauchelle/patch-4 
Fix $class variable from being clobbered
 2017-05-30 10:04:29 +12:00
Nick
318b0248b7 Update 05_Dataobject_Relationship_Management.md 
Correct a naffed up code block and a typo
 2017-05-29 20:54:50 +12:00
Nick
acb74a8577 Fix $class variable from being clobbered 
The $class variable gets overwritten in the function.

This causes error messages to be less helpful. For example if you setup a has_many but forget the has_one on the other side the error will look something like

`[Emergency] Uncaught Exception: No has_one found on class 'SomeObject', the has_many relation from 'SilverStripe\View\ViewableData' to 'SomeObject' requires a has_one on 'SomeObject'`

fixing this gives a more useful error, like

`[Emergency] Uncaught Exception: No has_one found on class 'SomeObject', the has_many relation from 'Page' to 'SomeObject' requires a has_one on 'SomeObject'`
 2017-05-29 20:31:09 +12:00
Colin Tucker
db59e51c4a Fixes a bug with split file names during CSV import 2017-05-29 16:08:23 +10:00
Damian Mooyman
a017422817 Merge pull request #6972 from creative-commoners/pulls/3.5/plural-modeladmin-name 
FIX Use plural name for ModelAdmin tab name
 2017-05-29 15:05:24 +12:00
Robbie Averill
b4368196d1 FIX Use plural name for ModelAdmin tab name 2017-05-29 14:02:58 +12:00
Daniel Hensby
659053a256
Added 3.6.0-rc1 changelog 2017-05-29 00:36:04 +00:00
Daniel Hensby
cda7e8dc39
Merge remote-tracking branch 'security/3.5.4' into 3.6.0 2017-05-29 01:29:05 +01:00
Daniel Hensby
9a38bedd18
Added 3.5.4-rc1 changelog 2017-05-29 00:08:27 +00:00
Daniel Hensby
24166700e8
Merge remote-tracking branch 'security/3.4.6' into 3.5.4 2017-05-29 01:02:35 +01:00