Commit Graph

412 Commits

Author SHA1 Message Date
Loz Calver
02ad0f44aa Implement ConfirmationTokenChain to handle multiple tokens at once 2018-11-07 11:32:55 +13:00
Loz Calver
af000bea9b [SS-2018-019] Add confirmation token to dev/build 2018-11-07 11:32:55 +13:00
Robbie Averill
6d2665d687 Merge branch '4.0' into 4.1 2018-11-06 11:04:28 +01:00
Werner M. Krauß
adafd73943 Convert::memstring2bytes should preserve -1
fixes #8570
2018-11-06 10:22:13 +01:00
Sam Minnée
e72fc9e3d0 FIX DataObject singleton creation (#8516)
Ensure DataObject instances are aware they are singletons so functions like populateDefaults() can be skipped. (fixes #4878)

Correctly applies https://github.com/silverstripe/silverstripe-framework/pull/7850 to the 4.x line
This has already been fixed in 3.x
2018-10-25 11:42:45 +13:00
Daniel Hensby
8703839eb1
FIX updateValidatePassword calls need to be masked from backtraces 2018-07-15 01:06:45 +01:00
Daniel Hensby
ec9281ee02
Merge branch '4.0' into 4.1 2018-07-13 16:42:00 +01:00
Daniel Hensby
4acec33562
FIX Fixed bug in config merging priorities so that config values set by extensions are now least important instead of most important 2018-07-12 00:55:39 +01:00
Maxime Rainville
3f80e2dc67 FIX Don't reload form session data using FormField::setSubmittedValue… (#8184) 2018-06-19 11:27:09 +12:00
Damian Mooyman
b636587945
Respect semver and add tests 2018-06-15 11:04:12 +12:00
Damian Mooyman
c414388220
FIX DatetimeFieldTest 2018-06-14 18:14:12 +12:00
Daniel Hensby
ce58890baf
Merge branch '4.0' into 4.1 2018-06-11 09:27:42 +01:00
Robbie Averill
27e24a4728
Merge pull request #8142 from open-sausages/pulls/4.0/fix-injector-empty
BUG Safely handle empty injector factory responses
2018-06-11 15:20:24 +12:00
Damian Mooyman
546c6c3e22
Merge pull request #8125 from open-sausages/pulls/4/date-field-tweaks
Remove legacy logic from DateField_Disabled
2018-06-11 09:23:33 +12:00
Daniel Hensby
e260319823
Merge branch '4.0' into 4.1 2018-06-08 23:05:24 +01:00
Daniel Hensby
cfe93b7f23
Merge branch '3.6' into 4.0 2018-06-08 14:41:04 +01:00
Daniel Hensby
1d6d601050
Use chaining syntax for setting up middleware 2018-06-08 14:00:59 +01:00
Maxime Rainville
582c69d32f
BUG Fix issue with Disabled DateField always display (not set). 2018-06-08 13:51:22 +01:00
Ingo Schommer
48304fd6f0
Merge pull request #8102 from creative-commoners/pulls/4.1/response-assertion
Add test assertion for response instance
2018-06-08 14:08:25 +12:00
Damian Mooyman
e37e3e1746
BUG Fix test that relies on implicit ID order breaking postgres 2018-06-08 11:23:24 +12:00
Damian Mooyman
c070e989c4
BUG Safely handle empty injector factory responses
Fixes issue with ImageBackendFactory returning null and breaking injector
2018-06-06 16:45:16 +12:00
Damian Mooyman
0aa13da0d9
BUG Backport bugfix for belongs_many_many with many_many through.
Partial backport of #7928
Fixes #8131
2018-06-06 09:43:04 +12:00
Robbie Averill
8064ed8220 FIX Minor updates to unit tests to pass with HTML5 parser and various themes 2018-06-01 17:47:03 +12:00
Robbie Averill
c8b0bc0ad7 Merge branch '4.0' into 4.1
# Conflicts:
  #	src/ORM/DataObject.php
  #	tests/php/ORM/DataObjectDuplicationTest.php
  #	tests/php/ORM/DataObjectDuplicationTest/Class1.php
2018-05-30 14:52:07 +12:00
Robbie Averill
7a8a24d175 Reset force SSL domain/patterns in setup to prevent global state pollution 2018-05-29 17:34:22 +12:00
Robbie Averill
063d765e94 Add test assertion for response instance
This prevents middlewares that return null (like the example delegate in this test) from killing a testsuite
2018-05-29 17:26:29 +12:00
Robbie Averill
6d98a912c9 Merge branch 'heads/4.1.1' into 4.1 2018-05-28 18:26:20 +12:00
Robbie Averill
3a537bc745 Merge branch 'heads/4.0.4' into 4.0 2018-05-28 17:50:07 +12:00
Robbie Averill
722202fef4 Merge remote-tracking branch 'origin/4.0.4' into 4.1.1
# Conflicts:
  #	src/Control/Director.php
2018-05-24 15:41:11 +12:00
Robbie Averill
e7e32d13a3
FIX Add namespace and encryptor to tests that expect blowfish to be available 2018-05-24 11:24:56 +12:00
Aaron Carlino
f847f186b1 [ss-2018-013] Remove password text from session data on failed submission 2018-05-14 17:14:38 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47 [SS-2018-010] Fix regression of SS-2017-002 2018-05-14 17:12:07 +12:00
Robbie Averill
1e6790bfb6
Merge pull request #62 from silverstripe-security/pulls/4.0/ss-2018-001
[ss-2018-001] Restrict non-admins from being assigned to admin groups
2018-05-14 17:11:03 +12:00
Damian Mooyman
e409d6f673 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-14 17:10:22 +12:00
Robbie Averill
39b62e5fbb
Merge pull request #61 from silverstripe-security/pulls/4.0/ss-2018-008
[ss-2018-008] Validate against malformed urls
2018-05-14 17:07:09 +12:00
Damian Mooyman
9053014a7e [ss-2018-008] Validate against malformed urls 2018-05-14 17:06:47 +12:00
Robbie Averill
6f50728b18
Merge pull request #59 from silverstripe-security/pulls/4.0/ss-2018-006
[ss-2018-006] Prevent code execution in template value resolution
2018-05-14 17:06:04 +12:00
Damian Mooyman
2e13ae746f [ss-2018-006] Prevent code execution in template value resolution 2018-05-14 17:05:31 +12:00
Damian Mooyman
d935140a95 [ss-2018-005] Prevent unauthenticated isDev / isTest being allowed 2018-05-14 17:03:39 +12:00
Daniel Hensby
80bf0fc487
FIX bad syntax 2018-05-02 11:43:12 +01:00
Daniel Hensby
d5e2d3fa67
Merge branch '3.6' into 4.0 2018-05-01 21:47:17 +01:00
UndefinedOffset
fe4b90edc0 FIX: Duplicating many_many relationships looses the extra fields in 4.0 2018-04-18 11:49:20 -03:00
Damian Mooyman
9a12fac218
BUG Prevent password validator min score producing false negatives
Replaces #7995
2018-04-18 10:35:31 +12:00
Will Rossiter
09cc75a656 MINOR Add visiblity to SelectionGroup test functions 2018-04-05 10:33:27 +12:00
Will Rossiter
2512761587 Fix invalid markup in SelectionGroup selected values 2018-04-05 10:16:25 +12:00
Damian Mooyman
625f7b4eee
Merge remote-tracking branch 'origin/4.0' into 4.1 2018-03-13 14:26:18 +13:00
Roman Schmid
40c2e299a0 Fix "mb_stripos(): Empty delimiter" warning when no search-keywords are given for DBText::ContextSummary.
Add unit-test to cover that case.
2018-03-01 11:39:30 +01:00
Aaron Carlino
0863bac29a Update getVariables to return a copy of globals rather than including the reference in an array merge 2018-02-27 09:52:36 +13:00
Aaron Carlino
d91648dd6e Update getVariables to return a copy of globals rather than including the reference in an array merge 2018-02-23 16:25:41 +13:00