Commit Graph

333 Commits

Author SHA1 Message Date
Daniel Hensby
4acec33562
FIX Fixed bug in config merging priorities so that config values set by extensions are now least important instead of most important 2018-07-12 00:55:39 +01:00
Robbie Averill
27e24a4728
Merge pull request #8142 from open-sausages/pulls/4.0/fix-injector-empty
BUG Safely handle empty injector factory responses
2018-06-11 15:20:24 +12:00
Damian Mooyman
546c6c3e22
Merge pull request #8125 from open-sausages/pulls/4/date-field-tweaks
Remove legacy logic from DateField_Disabled
2018-06-11 09:23:33 +12:00
Daniel Hensby
cfe93b7f23
Merge branch '3.6' into 4.0 2018-06-08 14:41:04 +01:00
Maxime Rainville
582c69d32f
BUG Fix issue with Disabled DateField always display (not set). 2018-06-08 13:51:22 +01:00
Damian Mooyman
e37e3e1746
BUG Fix test that relies on implicit ID order breaking postgres 2018-06-08 11:23:24 +12:00
Damian Mooyman
c070e989c4
BUG Safely handle empty injector factory responses
Fixes issue with ImageBackendFactory returning null and breaking injector
2018-06-06 16:45:16 +12:00
Robbie Averill
3a537bc745 Merge branch 'heads/4.0.4' into 4.0 2018-05-28 17:50:07 +12:00
Robbie Averill
e7e32d13a3
FIX Add namespace and encryptor to tests that expect blowfish to be available 2018-05-24 11:24:56 +12:00
Aaron Carlino
f847f186b1 [ss-2018-013] Remove password text from session data on failed submission 2018-05-14 17:14:38 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47 [SS-2018-010] Fix regression of SS-2017-002 2018-05-14 17:12:07 +12:00
Robbie Averill
1e6790bfb6
Merge pull request #62 from silverstripe-security/pulls/4.0/ss-2018-001
[ss-2018-001] Restrict non-admins from being assigned to admin groups
2018-05-14 17:11:03 +12:00
Damian Mooyman
e409d6f673 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-14 17:10:22 +12:00
Robbie Averill
39b62e5fbb
Merge pull request #61 from silverstripe-security/pulls/4.0/ss-2018-008
[ss-2018-008] Validate against malformed urls
2018-05-14 17:07:09 +12:00
Damian Mooyman
9053014a7e [ss-2018-008] Validate against malformed urls 2018-05-14 17:06:47 +12:00
Robbie Averill
6f50728b18
Merge pull request #59 from silverstripe-security/pulls/4.0/ss-2018-006
[ss-2018-006] Prevent code execution in template value resolution
2018-05-14 17:06:04 +12:00
Damian Mooyman
2e13ae746f [ss-2018-006] Prevent code execution in template value resolution 2018-05-14 17:05:31 +12:00
Damian Mooyman
d935140a95 [ss-2018-005] Prevent unauthenticated isDev / isTest being allowed 2018-05-14 17:03:39 +12:00
Daniel Hensby
80bf0fc487
FIX bad syntax 2018-05-02 11:43:12 +01:00
Daniel Hensby
d5e2d3fa67
Merge branch '3.6' into 4.0 2018-05-01 21:47:17 +01:00
UndefinedOffset
fe4b90edc0 FIX: Duplicating many_many relationships looses the extra fields in 4.0 2018-04-18 11:49:20 -03:00
Roman Schmid
40c2e299a0 Fix "mb_stripos(): Empty delimiter" warning when no search-keywords are given for DBText::ContextSummary.
Add unit-test to cover that case.
2018-03-01 11:39:30 +01:00
Aaron Carlino
0863bac29a Update getVariables to return a copy of globals rather than including the reference in an array merge 2018-02-27 09:52:36 +13:00
Damian Mooyman
0e26c06644
BUG Fix behaviour towards versioned but unstagable records 2018-02-20 12:20:18 +13:00
Daniel Hensby
e298fcc345
Merge branch '3.6' into 4.0 2018-02-09 14:32:58 +00:00
Chris Joe
95308e1af6
Merge pull request #7849 from open-sausages/pulls/4.0/fix-debug-string-class-cli
BUG Fix issue with CLIDebugView failing on class name of existing class
2018-02-09 15:41:18 +13:00
Daniel Hensby
d3278d5470 FIX Add Nested DB transaction support (#7848)
* TEST Prove nested transactions break

* Add nested transaction support
2018-02-09 10:28:32 +13:00
Damian Mooyman
0a486b8f57
BUG Fix issue with CLIDebugView failing on class name of existing class
Fixes #7827
2018-02-09 09:52:32 +13:00
Daniel Hensby
660dfd34a8
FIX Issue where default admin has no password encryption 2018-02-06 20:18:32 +00:00
Daniel Hensby
28ca11dd7e
FIX Regex range identifier correctly escaped 2018-02-05 15:17:20 +00:00
Damian Mooyman
288aaf083c
BUG Fix issue with DebugView failing on class name of existing class
Fixes #7827
2018-02-05 10:45:49 +13:00
Damian Mooyman
740c3326e9
BUG Fix critical issue with incorrectly saved session data 2018-02-02 15:08:52 +13:00
Robbie Averill
3d7ecc5240 FIX Allow cleanup marker regex to handle self closing HTML5 tags 2018-01-30 11:16:21 +13:00
Roman Schmid
6fafce766e Fixed Rfc3339 implementation of Date and Datetime 2018-01-24 16:58:12 +01:00
Dylan Wagstaff
943821f984
Add a test for external resource support
`SimpleResourceURLGenerator` has been altered to allow absolute URLs to be loaded directly, as so is now also tested to ensure the added functionality is true to design.
2018-01-23 17:43:01 +13:00
Daniel Hensby
db610aaf3b
Fixing string concat CS issues 2018-01-16 18:39:30 +00:00
Werner M. Krauß
422857f381
SapphireTestTest: use named data providers and more error messages
* use keys for naming each data set
* adding error messages
* clean up a bit
2018-01-16 15:25:40 +00:00
Loz Calver
daac577e62
Merge pull request #7763 from creative-commoners/pulls/4.0/fix-remove-header
FIX HTTPResponse::removeHeader incorrectly converts header name to lowercase
2018-01-16 11:04:03 +00:00
Robbie Averill
cc90cb0125 FIX HTTPResponse::removeHeader incorrectly converts header name to lowercase 2018-01-16 23:20:52 +13:00
Daniel Hensby
de6afd4405
TEST Cant reliably use Injector to replace Extensions 2018-01-11 14:08:29 +00:00
Damian Mooyman
f885101a1b
BUG Fix basic auth in PHP-CGI
Fixes #7717
2017-12-21 14:58:19 +13:00
Robbie Averill
aa7ab0c494 Update test assertions to be more readable 2017-12-17 16:22:26 +13:00
Robbie Averill
ea8ed5067d FIX Allow Requirements::block to handle module resource paths 2017-12-17 16:09:22 +13:00
Daniel Hensby
1c72d6946d
Merge branch '3.6' into 4.0 2017-12-14 21:01:35 +00:00
Damian Mooyman
1c8576cee7
Linting cleanup 2017-12-14 14:18:41 +13:00
Damian Mooyman
ed6561d9f5
BUG Fix incorrect merge of associative / non-associative summary fields
Fixes #7696
2017-12-14 14:17:19 +13:00
Damian Mooyman
286271a1e1
Merge pull request #56 from silverstripe-security/pulls/4.0/ss-2017-009
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt (4.0 branch)
2017-12-06 18:22:47 +13:00
Damian Mooyman
99e772b361
Merge pull request #51 from silverstripe-security/pulls/4.0/ss-2017-007
[ss-2017-007] Ensure xls formulae are safely sanitised on output (4.0)
2017-12-06 18:22:11 +13:00
Chris Joe
0e8d288240
Merge pull request #7667 from open-sausages/pulls/4.0/better-tinymce-locales
BUG Ensure that all tinymce_lang mappings are valid
2017-12-06 11:24:02 +13:00