Commit Graph

16801 Commits

Author SHA1 Message Date
Fred Condo
8f91f35526 Remove module blacklist
- It's not necessary, as SilverStripe returns a not-found page when an
  attempt is made to retrieve a file directly from a module.
- Also format as a fenced code block and style as nginx.
2018-01-24 15:53:23 -08:00
Fred Condo
de25c93b75 Update nginx configuration
- Add buffer parameters without which some parts of the CMS fail with
  "too big header"
- Use RFC-2606-compliant example domains
- Remove configuration that allows arbitrary PHP execution
- Improve sample denials to show how to secure modules
- Restore missing boilerplate for MIME types
2018-01-24 15:36:43 -08:00
Damian Mooyman
72e2326731
Merge pull request #7798 from kinglozzer/member-groupset-delete
FIX: Fix Member_GroupSet::removeAll() (fixes #3948)
2018-01-25 09:20:30 +13:00
Loz Calver
c2cd6b3832 FIX: Fix Member_GroupSet::removeAll() (fixes #3948) 2018-01-24 17:17:20 +00:00
Loz Calver
f2b4c192ec FIX: Fix UploadField cuts off “Save” button (closes #2862) 2018-01-24 15:49:46 +00:00
Damian Mooyman
83de0a0d36
Merge pull request #7783 from emteknetnz/emteknetnz-member-id-cast
Ensure currentUserID() returns an int
2018-01-23 18:18:28 +13:00
Steve Boyd
f214cd52e0
Ensure currentUserID() returns an int
Cast $id returned from Session as an int to ensure it's never returned as a string
2018-01-23 13:37:06 +13:00
Damian Mooyman
e770146141
Merge remote-tracking branch 'origin/3.6' into 3 2018-01-16 17:06:59 +13:00
Damian Mooyman
bb37bc5491 Added 3.6.4 changelog 2018-01-16 16:40:43 +13:00
Daniel Hensby
bb90751cc8
Merge branch '3.6' into 3 2018-01-15 16:44:48 +00:00
Damian Mooyman
39a8410460
Merge pull request #7754 from oetiker/patch-1
JSON.parse does not like empty strings
2018-01-15 10:56:15 +13:00
Tobias Oetiker
396005381f
JSON.parse does not like empty strings
Add some protection for the case that envent.data is empty or null
2018-01-12 16:21:33 +01:00
Daniel Hensby
4c51cf67e7
Merge pull request #7742 from nglasl/3.6
FIX, adding a missing return statement.
2018-01-09 23:43:18 +00:00
Nathan
2ef4a2d4ee
FIX, adding a missing return statement.
This causes issues such as an `_function` to incorrectly return null.
2018-01-10 09:50:18 +11:00
Daniel Hensby
c80cc17cf6
Merge branch '3.6' into 3 2018-01-09 13:35:45 +00:00
Daniel Hensby
a049876418
Merge branch '3.5' into 3.6 2018-01-09 13:34:56 +00:00
Damian Mooyman
677336fbef
Merge pull request #7726 from dhensby/pulls/3.5/functionaltest-html5-forms
FIX Allow HTML 5 input tags in FunctionalTest form submissions
2018-01-08 13:32:44 +13:00
Daniel Hensby
44930f211b
FIX Allow HTML 5 input tags in FunctionalTest form submissions 2017-12-22 11:15:56 +00:00
Daniel Hensby
7897b3bb25
Merge branch '3.6' into 3 2017-12-14 15:31:51 +00:00
Daniel Hensby
7b0500982e
Merge branch '3.5' into 3.6 2017-12-14 15:25:36 +00:00
Daniel Hensby
81150c5922
FIX Use PHP 5.3 array syntax 2017-12-14 15:24:53 +00:00
Damian Mooyman
3346b37ef0
Merge branch '3.6' into 3 2017-12-08 11:53:49 +13:00
Damian Mooyman
052f11a427
Remove merge artifact 2017-12-08 11:52:48 +13:00
Damian Mooyman
b7b3e4b1f8
Merge remote-tracking branch 'origin/3.6' into 3 2017-12-07 14:09:33 +13:00
Damian Mooyman
c22726bfd7
Merge remote-tracking branch 'origin/3.5' into 3 2017-12-07 14:09:02 +13:00
Damian Mooyman
bf74e8347a Added 3.6.3 changelog 2017-12-07 13:35:49 +13:00
Damian Mooyman
b6a7e47441 Added 3.5.6 changelog 2017-12-07 13:27:17 +13:00
Damian Mooyman
50aa1f22a6
Merge branch '3.6' into 3 2017-12-07 13:20:58 +13:00
Loz Calver
aac828a6ee
Merge pull request #7559 from silverstripe/pulls/3/auto-index-sort
NEW Add sort columns to DB index automatically
2017-12-06 16:13:48 +00:00
Daniel Hensby
89166a2ff2
Try using parseSortColumn from ArrayList 2017-12-06 13:38:58 +00:00
Daniel Hensby
2e43780a8a
NEW Add sort columns to DB index automatically 2017-12-06 13:38:25 +00:00
Damian Mooyman
8537dd56dd Added 3.6.3-rc2 changelog 2017-12-06 18:11:03 +13:00
Damian Mooyman
55739fa5af
Merge pull request #50 from silverstripe-security/pulls/3.6/ss-2017-007
[ss-2017-007] Ensure xls formulae are safely sanitised on output (3.6)
2017-12-06 17:41:49 +13:00
Damian Mooyman
d47667bb07
Merge pull request #52 from silverstripe-security/pulls/3.6/ss-2017-006
[ss-2017-006] Fix user agent invalidation on session startup (3.6 branch)
2017-12-06 17:41:07 +13:00
Damian Mooyman
c5d6eb816d
Merge pull request #55 from silverstripe-security/pulls/3.6/ss-2017-009
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt (3.6 branch)
2017-12-06 17:39:17 +13:00
Damian Mooyman
c0fffb33cd
Merge branch '3.6' into pulls/3.6/ss-2017-009 2017-12-06 17:39:01 +13:00
Damian Mooyman
e281c64fca
Merge remote-tracking branch 'silverstripe-security/3.5' into 3.6 2017-12-06 17:32:56 +13:00
Damian Mooyman
a8465900bd
Merge pull request #47 from silverstripe-security/patch/3.5/SS-2017-008
[SS-2017-008] FIX Make sure int params are successfull cast to int
2017-12-06 17:30:51 +13:00
Damian Mooyman
d6a93f5215
Merge remote-tracking branch 'silverstripe-security/3.5' into 3.6
# Conflicts:
#	security/Member.php
2017-12-06 17:26:45 +13:00
Damian Mooyman
91cf85087b
Merge remote-tracking branch 'origin/3.5' into 3.6 2017-12-06 17:21:09 +13:00
Damian Mooyman
d09c2d7b03 Added 3.5.6-rc1 changelog 2017-12-06 16:27:12 +13:00
Damian Mooyman
5f7f1ea150 Added 3.5.6-rc1 changelog 2017-12-06 16:27:08 +13:00
Damian Mooyman
dd4c5417e7
Merge pull request #49 from silverstripe-security/pulls/3.5/ss-2017-007
[ss-2017-007] Ensure xls formulae are safely sanitised on output (3.5)
2017-12-06 16:25:58 +13:00
Damian Mooyman
44de03da01
Merge pull request #53 from silverstripe-security/pulls/3.5/ss-2017-006
[ss-2017-006] Fix user agent invalidation on session startup (3.5 branch)
2017-12-06 16:25:39 +13:00
Damian Mooyman
3e2bcaa0b4
Merge pull request #54 from silverstripe-security/pulls/3.5/ss-2017-009
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt (3.5 branch)
2017-12-06 16:25:19 +13:00
Damian Mooyman
975d462e0c
Merge pull request #7661 from dhensby/pulls/3.5/versioned-base-class
FIX Use baseDataClass for allVersions as with other methods
2017-12-06 14:13:14 +13:00
Damian Mooyman
77b46672e2
Merge branch '3.5' into pulls/3.5/versioned-base-class 2017-12-06 11:37:46 +13:00
Damian Mooyman
c5837c62e8
Merge pull request #7679 from dhensby/pulls/3.5/fix-critical-issues
Fixing scrutinizer issues
2017-12-06 11:30:57 +13:00
Daniel Hensby
8d1a5ed8b7
More code style fixes 2017-12-05 14:20:13 +00:00
Daniel Hensby
2aa1d8f2c4
remove create_function usage 2017-12-05 14:20:13 +00:00