LABCAT
d3a17958ef
Update src/Control/HTTPRequest.php
...
Co-Authored-By: Robbie Averill <robbie@averill.co.nz>
2019-10-22 16:17:04 +13:00
LABCAT
67c944c962
Improvement to docs for send_file function
2019-10-22 15:18:03 +13:00
Serge Latyntsev
bd2ccf70fa
Merge pull request #9282 from open-sausages/pulls/4/docs/clarify-basic-auth
...
DOCS Clarify BasicAuth limitations
2019-10-22 14:01:51 +13:00
Maxime Rainville
e59625fe5a
NEW Add ability to define image size preset for the TinyMCE editor. ( #9276 )
...
* NEW Add ability to define image size preset for the TinyMCE editor.
* DOC Explain how to define image size pre-sets
2019-10-22 11:50:28 +13:00
Serge Latyntcev
33a28394d6
Merge branch '4.4' into 4
2019-10-18 15:59:28 +13:00
Serge Latyntcev
0cf5d4cbe2
Merge branch '4.3' into 4.4
2019-10-18 15:58:13 +13:00
Serge Latyntcev
46b9530d88
PSR2 linting fixes
2019-10-18 15:31:39 +13:00
Serge Latyntcev
7873efde9c
Merge branch '4.4' into 4
2019-10-18 10:58:19 +13:00
Serge Latyntcev
dcbe6d0310
Merge branch '4.3' into 4.4
2019-10-18 10:57:35 +13:00
Garion Herman
efc7ba9520
NEW Tweak TextField Tip API to match changes to component
2019-10-11 15:04:56 +13:00
Ingo Schommer
8dcda91538
DOCS Clarify BasicAuth limitations
2019-10-10 10:41:39 +13:00
Garion Herman
a44bc5bcf3
NEW Add support for Tip UI in TextField
...
See TextField documentation in silverstripe/admin Pattern Library
2019-10-09 16:26:06 +13:00
Damian Mooyman
d7752b7945
Run PSR2 Lint cleaner
2019-10-04 13:26:31 +13:00
Damian Mooyman
f1594fd991
BUG Ensure that canCreate() context matches that respected by GridFieldAddNewButton
2019-10-04 11:24:34 +13:00
Robbie Averill
1265f09f4f
Merge pull request #9271 from michalkleiner/pulls/4/check-array-props-in-custom-methods
...
FIX Check array keys existence when removing methods in CustomMethods
2019-10-03 14:30:22 -07:00
Serge Latyntcev
7db524bd90
FIX DebugViewFrendlyErrorFormatter handle of admin_email
2019-10-04 10:26:54 +13:00
Robbie Averill
e49cec3a00
Merge pull request #9247 from jakxnz/pulls/4/record-login-attempt-outputs
...
ENHANCEMENT: MemberAuthenticator::recordLoginAttempt() outputs
2019-10-03 10:46:34 -07:00
Dylan Wagstaff
047ac060c4
Merge pull request #9265 from emteknetnz/feature/noopener
...
Add noopener attribute to links with a target
2019-10-03 14:42:50 +13:00
Steve Boyd
887f198b07
Add rel attribute to link elements with a target attribute
2019-10-03 14:03:12 +13:00
Damian Mooyman
58c080db5a
FEATURE Option placeholder for upload folder id ( #9262 )
...
* FEATURE Option placeholder for upload folder id
* ENHANCEMENT Add setFolderName() to TinyMCEConfig
* Typehint return type
* Add type to param
2019-09-30 10:50:55 +13:00
Michal Kleiner
1a2dbfd3a5
Update conditional logic when checking array keys before removing methods in CustomMethods
2019-09-30 10:17:59 +13:00
Michal Kleiner
52a039f631
Check array keys existence prior to their usage when removing methods in CustomMethods
2019-09-27 14:57:15 +12:00
JorisDebonnet
349589b23b
Clarify that $title in FormField can accept ViewableData
...
When constructing a FormField, an IDE would previously tell you the `$title` needs to be string (or null). Let's make it more clear that a ViewableData instance (such as `HTMLValue::create($title)`) is also accepted. This should help people more quickly find a solution to put html in labels.
2019-09-26 02:39:39 +02:00
Sam Minnée
af6644f762
Merge pull request #9240 from chrometoasters/pulls/db-readonly-transactions-support
...
NEW Introduce supported database transaction mode check
2019-09-25 10:02:53 +12:00
Serge Latyntcev
88fde6e7c3
Merge branch '4.4' into 4
2019-09-24 17:29:06 +12:00
Serge Latyntcev
50a1aa4c4d
Merge branch '4.3' into 4.4
2019-09-24 17:28:31 +12:00
Aaron Carlino
b002ef1171
Merge branch '4.4' into 4
2019-09-24 17:26:50 +12:00
Serge Latyntcev
8b7063a8e2
[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution
2019-09-24 16:03:48 +12:00
Serge Latyntcev
eccfa9b10d
[CVE-2019-12203] Session fixation in "change password" form
...
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 16:03:48 +12:00
Serge Latyntcev
5af205993d
[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution
2019-09-24 16:00:51 +12:00
Serge Latyntcev
569237c0f4
[CVE-2019-12203] Session fixation in "change password" form
...
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 16:00:51 +12:00
Jackson Darlow
a033662a3a
MemberAuthenticator::recordLoginAttempt() outputs
2019-09-24 14:24:59 +12:00
Garion Herman
0d27f32cc9
FIX Add 'legal empty attributes' to allow empty alt values on imgs
...
In some situations, a caption is used in place of a value in the alt
attribute, and in others an image may be cosmetic and not in need of an
alt attribute value (though the alt attribute must still be rendered in
this case).
2019-09-24 11:44:12 +12:00
Robbie Averill
3cfc21c405
Merge pull request #9241 from open-sausages/pulls/4.4.3/fix-file-permission
...
Fix administrators not being able to see files that are restricted to groups
2019-09-23 11:13:26 -07:00
Guy Marriott
aa7c057422
FIX: Don't force-add view button to readonly GridField (fixes #… ( #9254 )
...
FIX: Don't force-add view button to readonly GridField (fixes #9249 )
2019-09-23 10:31:25 -07:00
Loz Calver
efdb9cc718
FIX: run member CMS validator when editing via groups ( fixes #9184 )
2019-09-23 16:59:58 +01:00
Loz Calver
d85ff3bc44
FIX: Don't force-add view button to readonly GridField ( fixes #9249 )
2019-09-23 16:52:47 +01:00
bergice
6a1c6ecec6
Fix administrators not being able to see files that are restricted to groups
...
Resolves https://github.com/silverstripe/silverstripe-asset-admin/issues/777
2019-09-23 16:44:28 +12:00
Guy Marriott
6ff97821ed
Merge branch '4.4' into 4
2019-09-18 15:52:36 -07:00
Guy Marriott
7877ffcc85
Merge branch '4.3' into 4.4
2019-09-18 15:52:18 -07:00
Hayden Shaw
daf9d55ecb
Allow non summary fields to be used as export fields
...
Fixes regression in 3d989a6eae
.
2019-09-19 10:00:54 +12:00
Michal Kleiner
bcbf90a837
NEW Introduce supported database transaction mode check
2019-09-16 14:44:15 +12:00
Robbie Averill
aa6b244db9
Merge branch '4.4' into 4
2019-09-13 18:11:46 -07:00
Robbie Averill
592ab6abc1
Merge branch '4.3' into 4.4
2019-09-13 18:11:34 -07:00
Robbie Averill
066ce8e01c
Merge branch '4.2' into 4.3
...
# Conflicts:
# src/View/ThemeResourceLoader.php
2019-09-13 18:10:37 -07:00
Robbie Averill
cfe86ad5a1
Merge pull request #9153 from creative-commoners/pulls/4.4/stream-ree-tags
...
FIX Skip md5-ing the whole contents of a stream for etags
2019-09-13 17:59:26 -07:00
Robbie Averill
9a76d4adb4
Merge pull request #9181 from kinglozzer/8762-shortcode-templates
...
NEW: Use templates to render embed shortcodes (closes #8762 )
2019-09-13 17:58:32 -07:00
Serge Latyntsev
233e0e7aa0
ENH PasswordExpirationMiddleware implementation ( #9207 )
2019-09-12 14:34:06 +12:00
Aaron Carlino
da6582f593
NEW: Remove web installer, move to separate package ( #9231 )
...
* Remove installer
* Remove exposed install files
* Replace Dev/Install classes still in use
* Update changelog
* FIX make the grid field actions consistent to what they look like on pages
Resolves https://github.com/silverstripe/silverstripe-admin/issues/904
* Docs changes
2019-09-11 13:10:25 +12:00
Maxime Rainville
591b88a9bc
BUG Allow infinite loop when calling DataObject::writeComponent() recursively
2019-09-10 14:15:28 +12:00
Robbie Averill
e8c2f963fd
FIX Member::getLastName() now correctly returns the Member surname
2019-09-06 12:12:27 -07:00
Robbie Averill
41a766d135
Merge pull request #9085 from kinglozzer/9084-path-join-exception
...
Catch Path::join() exceptions in findTemplate() (fixes #9084 )
2019-09-06 12:00:39 -07:00
Robbie Averill
42dd02ef78
Merge pull request #9122 from aNickzz/4
...
Add onBeforeRenderHolder extension point for FormField
2019-09-06 11:53:10 -07:00
Hels666
22a6a5b1e3
NEW Add getLastName() method to Member.php ( #9222 )
...
* Add getLastName() method to Member.php
Add getLastName() method to Silverstripe\Security\Member.php to allow use of $LastName instead of $Surname in templates as it is a common mistake made
this is for issue #9219
as discussed in Slack on 04-Sep-2019
* Minor doc block clean-up
* Update src/Security/Member.php - typo fix
Co-Authored-By: Guy Marriott <guy@scopey.co.nz>
2019-09-06 20:31:22 +12:00
Maxime Rainville
dd40d53e6b
Merge branch '4.4' into 4
2019-09-04 09:46:33 +12:00
Maxime Rainville
24015c7767
Merge branch '4.3' into 4.4
2019-09-04 09:42:09 +12:00
Robbie Averill
aec5051a24
Merge pull request #9206 from creative-commoners/pulls/4.3/strip-bom-on-csv-import
...
FIX Byte Order Marks (BOM) are now stripped when importing CSV files
2019-09-03 09:55:38 -07:00
Damian Mooyman
6759af3767
Escape strings a bit safer for doc generation
2019-09-03 19:38:19 +12:00
Damian Mooyman
f649657182
Clarify Director::absoluteURL behaviour
...
Fixes #9111
2019-09-03 19:34:16 +12:00
Robbie Averill
ef49dcf726
Merge pull request #9164 from sminnee/fix-9162
...
FIX: Write relations when saving in grid-field item edit form
2019-09-01 20:44:13 -07:00
Maxime Rainville
a2a202c016
Merge pull request #9200 from open-sausages/pulls/4.4.3/consistent-actions
...
FIX make the grid field actions consistent to what they look like on pages
2019-09-02 14:07:22 +12:00
bergice
2f8d847a10
FIX make the grid field actions consistent to what they look like on pages
...
Resolves https://github.com/silverstripe/silverstripe-admin/issues/904
2019-09-02 12:22:32 +12:00
Robbie Averill
0b991cc039
Merge pull request #9198 from elabuwa/pulls/4.3/bug-fix-html-entities-breadcrumbs-in-group
...
Bug : Add html_entity_decode to group parents
2019-08-30 09:51:52 +12:00
Dileep Ratnayake
fe4eb5dd2a
Update src/Security/Group.php
...
Co-Authored-By: Maxime Rainville <maxime@rainville.me>
2019-08-29 15:44:41 +12:00
Robbie Averill
77ba8391c4
FIX Byte Order Marks (BOM) are now stripped when importing CSV files
2019-08-29 14:54:57 +12:00
Maxime Rainville
73f43c6f42
BUG Remove placeholder text on new group form
2019-08-28 17:14:19 +12:00
Dileep Ratnayake
9b7075ed5d
Update Group.php
2019-08-27 16:22:00 +12:00
Dileep Ratnayake
a976a1688b
Update Group.php
...
move to private method
2019-08-27 16:21:08 +12:00
Dileep Ratnayake
40e5c4ec59
Update Group.php
...
use of convert::raw2xml, rename $grp to $group
2019-08-27 16:19:40 +12:00
Dileep Ratnayake
4f8240bd48
Update src/Security/Group.php
...
Co-Authored-By: Andre Kiste <bergice@users.noreply.github.com>
2019-08-27 12:19:03 +12:00
Will Rossiter
d2a07b1047
FIX Remove error when exporting a column that is not displayed in a GridField
2019-08-27 11:54:31 +12:00
Dileep Ratnayake
f7a602137a
add html_entity_decode to breadcrumbs
2019-08-27 11:49:17 +12:00
Loz Calver
759601741d
NEW: Use templates to render embed shortcodes ( closes #8762 )
2019-08-21 09:32:16 +01:00
Robbie Averill
a5d6b998fc
Merge branch '4.4' into 4
2019-08-16 16:40:39 +12:00
Robbie Averill
bae7e32680
FIX Member::changePassword() no longer applies password validation rules to the hashed value
2019-08-16 09:06:07 +12:00
Robbie Averill
45f86658ca
Merge branch '4.4' into 4
2019-08-14 09:31:05 +12:00
Robbie Averill
4b44272367
Merge branch '4.3' into 4.4
2019-08-14 09:30:53 +12:00
Robbie Averill
d63e4b520c
Merge branch '4.2' into 4.3
2019-08-14 09:30:41 +12:00
Nicholas Sorokin
4a32b3418a
Add onBeforeRenderHolder extension point for FormField
2019-08-09 14:43:14 +09:30
Guy Marriott
3d989a6eae
FIX Use content generated by DataColumns component for print and csv export
2019-08-09 15:04:38 +12:00
Guy Marriott
f3132c89d7
Merge pull request #9170 from open-sausages/pulls/4/add-option-to-disable-user-agent-session-check
...
API Add option to disable user-agent header session validation
2019-08-08 11:47:07 +12:00
Aaron Carlino
b3093b7a1a
BUGFIX: Allow state to be shared across nested GridFields
2019-08-07 23:09:51 +12:00
Maxime Rainville
4380d7d155
API Add option to disable user-agent header session validation
2019-08-06 22:00:01 +12:00
Robbie Averill
4268db069d
Merge pull request #9165 from sminnee/fix-multiline-gridfield
...
FIX: Allow multi-line content in grid field cells
2019-08-05 09:59:22 +12:00
Sam Minnee
6ec02da577
FIX: Allow multi-line content in grid field cells
...
It’s amazing that this but has been present for 7 years, but there you
go!
2019-08-02 17:46:56 +12:00
Sam Minnee
d088354f46
FIX: Write relations when saving in grid-field item edit form
...
Fixes https://github.com/silverstripe/silverstripe-framework/issues/9162
2019-08-02 16:17:42 +12:00
Robbie Averill
0672f8b76b
NEW HTTPRequest now has hasSession() to determine whether a session exists for it
2019-08-02 11:29:23 +12:00
Robbie Averill
3224c9971b
Merge branch '4.4' into 4
2019-08-02 11:24:54 +12:00
Robbie Averill
3b96c51688
Merge branch '4.3' into 4.4
2019-08-02 11:24:45 +12:00
Will Rossiter
82cc8b40a4
Create SearchContext via Injector ( #9156 )
2019-08-01 14:39:58 +12:00
Guy Marriott
0abfed3e06
FIX Skip md5-ing the whole contents of a stream for etags
2019-07-30 08:25:03 +12:00
Robbie Averill
5c794dfcdd
FIX Prevent setting session value when no session exists yet
2019-07-29 17:16:01 +02:00
UndefinedOffset
40cd66852e
BUGFIX: Fixed issue where multiple relationship sort order columns would be lost in favor of only the last relationship column in the sort order
2019-07-26 11:54:10 -03:00
Robbie Averill
89eb6c88b2
FIX Do not try and load fixtures from directories, fixes PHP 7.4 build errors
2019-07-26 10:13:47 +02:00
Robbie Averill
d1c927ff23
FIX Remove curly brace access to string offsets, deprecated in PHP 7.4
2019-07-24 12:17:49 +02:00
Chee Wai
cb91f5fa06
NEW Added SRI support for Requirements::css, Requirements::javascript ( #9139 )
2019-07-21 09:51:22 +02:00
Robbie Averill
79fa61edf8
FIX Type safety on nullable argument, fixes PHP 7.4 test
2019-07-19 12:05:27 +02:00
Robbie Averill
2a1394bed7
Merge branch '4.4' into 4
2019-07-19 10:46:00 +02:00
Robbie Averill
40f06fafa9
Merge branch '4.3' into 4.4
2019-07-19 10:45:44 +02:00
Robbie Averill
c7b15eaef5
Merge branch '4.2' into 4.3
2019-07-19 10:45:29 +02:00