silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-30 05:09:06 +02:00

Author	SHA1	Message	Date
LABCAT	501d9a1480	Update HTTPRequest.php	2019-10-23 22:52:53 +13:00
LABCAT	630c6c0514	Update src/Control/HTTPRequest.php Co-Authored-By: Robbie Averill <robbie@averill.co.nz>	2019-10-23 21:05:22 +13:00
LABCAT	d3a17958ef	Update src/Control/HTTPRequest.php Co-Authored-By: Robbie Averill <robbie@averill.co.nz>	2019-10-22 16:17:04 +13:00
LABCAT	67c944c962	Improvement to docs for send_file function	2019-10-22 15:18:03 +13:00
Serge Latyntsev	bd2ccf70fa	Merge pull request #9282 from open-sausages/pulls/4/docs/clarify-basic-auth DOCS Clarify BasicAuth limitations	2019-10-22 14:01:51 +13:00
Maxime Rainville	e59625fe5a	NEW Add ability to define image size preset for the TinyMCE editor. (#9276 ) * NEW Add ability to define image size preset for the TinyMCE editor. * DOC Explain how to define image size pre-sets	2019-10-22 11:50:28 +13:00
Serge Latyntcev	33a28394d6	Merge branch '4.4' into 4	2019-10-18 15:59:28 +13:00
Serge Latyntcev	0cf5d4cbe2	Merge branch '4.3' into 4.4	2019-10-18 15:58:13 +13:00
Serge Latyntcev	46b9530d88	PSR2 linting fixes	2019-10-18 15:31:39 +13:00
Serge Latyntcev	7873efde9c	Merge branch '4.4' into 4	2019-10-18 10:58:19 +13:00
Serge Latyntcev	dcbe6d0310	Merge branch '4.3' into 4.4	2019-10-18 10:57:35 +13:00
Ingo Schommer	8dcda91538	DOCS Clarify BasicAuth limitations	2019-10-10 10:41:39 +13:00
Damian Mooyman	d7752b7945	Run PSR2 Lint cleaner	2019-10-04 13:26:31 +13:00
Damian Mooyman	f1594fd991	BUG Ensure that canCreate() context matches that respected by GridFieldAddNewButton	2019-10-04 11:24:34 +13:00
Robbie Averill	1265f09f4f	Merge pull request #9271 from michalkleiner/pulls/4/check-array-props-in-custom-methods FIX Check array keys existence when removing methods in CustomMethods	2019-10-03 14:30:22 -07:00
Serge Latyntcev	7db524bd90	FIX DebugViewFrendlyErrorFormatter handle of admin_email	2019-10-04 10:26:54 +13:00
Robbie Averill	e49cec3a00	Merge pull request #9247 from jakxnz/pulls/4/record-login-attempt-outputs ENHANCEMENT: MemberAuthenticator::recordLoginAttempt() outputs	2019-10-03 10:46:34 -07:00
Dylan Wagstaff	047ac060c4	Merge pull request #9265 from emteknetnz/feature/noopener Add noopener attribute to links with a target	2019-10-03 14:42:50 +13:00
Steve Boyd	887f198b07	Add rel attribute to link elements with a target attribute	2019-10-03 14:03:12 +13:00
Damian Mooyman	58c080db5a	FEATURE Option placeholder for upload folder id (#9262 ) * FEATURE Option placeholder for upload folder id * ENHANCEMENT Add setFolderName() to TinyMCEConfig * Typehint return type * Add type to param	2019-09-30 10:50:55 +13:00
Michal Kleiner	1a2dbfd3a5	Update conditional logic when checking array keys before removing methods in CustomMethods	2019-09-30 10:17:59 +13:00
Michal Kleiner	52a039f631	Check array keys existence prior to their usage when removing methods in CustomMethods	2019-09-27 14:57:15 +12:00
JorisDebonnet	349589b23b	Clarify that $title in FormField can accept ViewableData When constructing a FormField, an IDE would previously tell you the `$title` needs to be string (or null). Let's make it more clear that a ViewableData instance (such as `HTMLValue::create($title)`) is also accepted. This should help people more quickly find a solution to put html in labels.	2019-09-26 02:39:39 +02:00
Sam Minnée	af6644f762	Merge pull request #9240 from chrometoasters/pulls/db-readonly-transactions-support NEW Introduce supported database transaction mode check	2019-09-25 10:02:53 +12:00
Serge Latyntcev	88fde6e7c3	Merge branch '4.4' into 4	2019-09-24 17:29:06 +12:00
Serge Latyntcev	50a1aa4c4d	Merge branch '4.3' into 4.4	2019-09-24 17:28:31 +12:00
Aaron Carlino	b002ef1171	Merge branch '4.4' into 4	2019-09-24 17:26:50 +12:00
Serge Latyntcev	8b7063a8e2	[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution	2019-09-24 16:03:48 +12:00
Serge Latyntcev	eccfa9b10d	[CVE-2019-12203] Session fixation in "change password" form A potential account hijacking may happen if an attacker has physical access to victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability. Requires the victim to click the password reset link sent to their email. If all the above happens, attackers may reset the password before the actual user does that.	2019-09-24 16:03:48 +12:00
Serge Latyntcev	5af205993d	[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution	2019-09-24 16:00:51 +12:00
Serge Latyntcev	569237c0f4	[CVE-2019-12203] Session fixation in "change password" form A potential account hijacking may happen if an attacker has physical access to victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability. Requires the victim to click the password reset link sent to their email. If all the above happens, attackers may reset the password before the actual user does that.	2019-09-24 16:00:51 +12:00
Jackson Darlow	a033662a3a	MemberAuthenticator::recordLoginAttempt() outputs	2019-09-24 14:24:59 +12:00
Garion Herman	0d27f32cc9	FIX Add 'legal empty attributes' to allow empty alt values on imgs In some situations, a caption is used in place of a value in the alt attribute, and in others an image may be cosmetic and not in need of an alt attribute value (though the alt attribute must still be rendered in this case).	2019-09-24 11:44:12 +12:00
Robbie Averill	3cfc21c405	Merge pull request #9241 from open-sausages/pulls/4.4.3/fix-file-permission Fix administrators not being able to see files that are restricted to groups	2019-09-23 11:13:26 -07:00
Guy Marriott	aa7c057422	FIX: Don't force-add view button to readonly GridField (fixes #… (#9254 ) FIX: Don't force-add view button to readonly GridField (fixes #9249)	2019-09-23 10:31:25 -07:00
Loz Calver	efdb9cc718	FIX: run member CMS validator when editing via groups (fixes #9184 )	2019-09-23 16:59:58 +01:00
Loz Calver	d85ff3bc44	FIX: Don't force-add view button to readonly GridField (fixes #9249 )	2019-09-23 16:52:47 +01:00
bergice	6a1c6ecec6	Fix administrators not being able to see files that are restricted to groups Resolves https://github.com/silverstripe/silverstripe-asset-admin/issues/777	2019-09-23 16:44:28 +12:00
Guy Marriott	6ff97821ed	Merge branch '4.4' into 4	2019-09-18 15:52:36 -07:00
Guy Marriott	7877ffcc85	Merge branch '4.3' into 4.4	2019-09-18 15:52:18 -07:00
Hayden Shaw	daf9d55ecb	Allow non summary fields to be used as export fields Fixes regression in `3d989a6eae`.	2019-09-19 10:00:54 +12:00
Michal Kleiner	bcbf90a837	NEW Introduce supported database transaction mode check	2019-09-16 14:44:15 +12:00
Robbie Averill	aa6b244db9	Merge branch '4.4' into 4	2019-09-13 18:11:46 -07:00
Robbie Averill	592ab6abc1	Merge branch '4.3' into 4.4	2019-09-13 18:11:34 -07:00
Robbie Averill	066ce8e01c	Merge branch '4.2' into 4.3 # Conflicts: # src/View/ThemeResourceLoader.php	2019-09-13 18:10:37 -07:00
Robbie Averill	cfe86ad5a1	Merge pull request #9153 from creative-commoners/pulls/4.4/stream-ree-tags FIX Skip md5-ing the whole contents of a stream for etags	2019-09-13 17:59:26 -07:00
Robbie Averill	9a76d4adb4	Merge pull request #9181 from kinglozzer/8762-shortcode-templates NEW: Use templates to render embed shortcodes (closes #8762)	2019-09-13 17:58:32 -07:00
Serge Latyntsev	233e0e7aa0	ENH PasswordExpirationMiddleware implementation (#9207 )	2019-09-12 14:34:06 +12:00
Aaron Carlino	da6582f593	NEW: Remove web installer, move to separate package (#9231 ) * Remove installer * Remove exposed install files * Replace Dev/Install classes still in use * Update changelog * FIX make the grid field actions consistent to what they look like on pages Resolves https://github.com/silverstripe/silverstripe-admin/issues/904 * Docs changes	2019-09-11 13:10:25 +12:00
Maxime Rainville	591b88a9bc	BUG Allow infinite loop when calling DataObject::writeComponent() recursively	2019-09-10 14:15:28 +12:00

1 2 3 4 5 ...

1646 Commits