tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-08 20:39:26 +02:00
Code Issues Projects Releases Wiki Activity
10,365 Commits 29 Branches 517 Tags 147 MiB
5e5a2f8845
Commit Graph

10365 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sean Harvey
5e5a2f8845 Merge pull request #2288 from chillu/pulls/browser-spellcheck 
API Disable discontinued Google Spellcheck in TinyMCE (#2213)
 2013-10-03 14:42:45 -07:00
Sean Harvey
8b2e1f2e7c Merge pull request #2328 from chillu/pulls/versioned-archivemode-validation 
Validate 'archiveDate' user data in Versioned
 2013-10-03 14:33:22 -07:00
Ingo Schommer
06b5f142b6 Increased CacheTest time delay, avoid flickering tests 
Setting a cache lifetime of half a second seems to be
unreliable on Travis when just waiting a second,
so let's wait a bit longer.
 2013-10-02 12:13:22 +02:00
Ingo Schommer
6de517bf72 3.0.7 changelog 2013-10-01 00:26:11 +02:00
Ingo Schommer
bda56eb9b0 Don't link record in GridField form message 
This is no longer allows through Form->sessionMessage() to avoid XSS.
 2013-09-30 23:55:32 +02:00
Ingo Schommer
a68e0ba365 Check for jQuery in Behat tests 
Identified as one potential cause for flickering tests
on our own Selenium box.
 2013-09-30 23:36:46 +02:00
Ingo Schommer
d963eac0a6 Merge tag '3.0.6' into 3.0 2013-09-27 00:20:08 +02:00
Ingo Schommer
652682c048 3.0.6 changelog 2013-09-26 11:33:42 +02:00
Sean Harvey
9b1211f071 Merge pull request #2459 from moveforward/patch-1 
Fixed typo
 2013-09-25 19:43:05 -07:00
moveforward
dd0296413f Fixed typo 2013-09-26 14:41:40 +12:00
Ingo Schommer
ffb316dbc9 Added 3.0.7-rc1 changelog 2013-09-26 01:32:41 +02:00
Ingo Schommer
047e325e27 Merge pull request #2452 from chillu/pulls/escape-3.0 
Escaping 3.0
 2013-09-25 16:02:30 -07:00
Ingo Schommer
e1f9458db1 Added 3.0.7 changelog 2013-09-24 21:54:34 +02:00
Ingo Schommer
c243418597 API Escape form validation messages (SS-2013-008) 2013-09-24 21:54:31 +02:00
Ingo Schommer
114fb59107 FIX Auto-escape titles in TreeDropdownField 
Related to SS-2013-009. While the default "TreeTitle" was escaped
within the SiteTree->TreeTitle() getter, other properties like SiteTree->Title
weren't escaped. The new logic uses the underlying casting helpers
on the processed objects.
 2013-09-24 21:40:17 +02:00
Sean Harvey
b383a07f90 BUG Fixing tabindex added to CreditCardField when tabindex is NULL 
The tabindex increment *should* only be done if there is a tabindex
that has been set on a CreditCardField already, otherwise it breaks
the tab ordering.
 2013-09-24 21:40:17 +02:00
Ingo Schommer
2dd7baac16 Merge pull request #2434 from halkyon/cc_tabindex_fix_2 
BUG Fixing tabindex added to CreditCardField when tabindex is NULL
 2013-09-19 16:37:58 -07:00
Sean Harvey
c453ea3094 BUG Fixing tabindex added to CreditCardField when tabindex is NULL 
The tabindex increment *should* only be done if there is a tabindex
that has been set on a CreditCardField already, otherwise it breaks
the tab ordering.
 2013-09-20 11:13:10 +12:00
Ingo Schommer
a7f38f7b4d Merge pull request #2413 from ss23/patch-1 
Update 3.0.6.md
 2013-09-12 16:08:04 -07:00
Stephen Shkardoon
f765696d26 Update 3.0.6.md 
Add reference to information disclosure in Versioned.php (SS-2013-006)
 2013-09-13 10:34:51 +12:00
Ingo Schommer
24bae3f922 Tagged 3.0.6-rc2 2013-09-12 16:48:20 +02:00
Ingo Schommer
a6b402f491 Added 3.0.6-rc2 changelog 2013-09-12 16:48:15 +02:00
Ingo Schommer
2da4d76c3b Updated translations 2013-09-12 16:37:12 +02:00
Ingo Schommer
7c99cb4668 Merge branch 'pulls/security-issues-august-3.0' into 3.0 2013-09-12 15:45:13 +02:00
Ingo Schommer
5e0315dc62 Safety note on DataObject::validation_enabled 2013-09-12 15:42:43 +02:00
Ingo Schommer
f803704d91 FIX Disallow permissions assign for APPLY_ROLES (SS-2013-005) 
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
 2013-09-12 15:42:43 +02:00
Ingo Schommer
8b5c8eab72 Linking to older security issue in change log 
Mainly for consistency with the newer format
 2013-09-12 15:42:43 +02:00
Ingo Schommer
05757efceb FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005) 
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
 2013-09-12 15:42:43 +02:00
Ingo Schommer
6cff9671d4 FIX Privilege escalation through Group and Member CSV upload (SS-2013-004) 
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
 2013-09-12 15:42:43 +02:00
Ingo Schommer
720c149aee FIX Privilege escalation through Group hierarchy setting (SS-2013-003) 
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
 2013-09-12 15:42:42 +02:00
Sean Harvey
a1939dccd1 Merge pull request #2400 from jbridson/patch-9 
Update 2-extending-a-basic-site.md
 2013-09-10 21:47:36 -07:00
Simon Welsh
c2105db6d0 Count, not Length 2013-09-11 12:05:43 +12:00
jbridson
a4fbff4df5 Update 2-extending-a-basic-site.md 
Fixed a few wording issues and added some clarity to links eg: Tutorial One (Building a basic site)
 2013-09-11 11:20:41 +12:00
Ingo Schommer
62608a7772 "edit" form expansion in AssetUploadField 
Form wasn't expanding because of fixed heights. Backported fix from 3.1.
 2013-09-02 16:48:11 +02:00
Ingo Schommer
71b987edb2 Merge pull request #2363 from jbridson/patch-8 
BUGFIX: fixed grammatical errors and formatting issues
 2013-08-28 02:21:46 -07:00
jbridson
65ad51024d BUGFIX: fixed grammatical errors and formatting issues 2013-08-26 12:18:35 +12:00
Ingo Schommer
54edc0ddac Fix Behat window switching in chrome 
Workaround only, see https://groups.google.com/forum/#!topic/behat/QNhOuGHKEWI
 2013-08-22 12:49:38 +02:00
Ingo Schommer
0c859b8587 Merge pull request #2348 from simonwelsh/scrut 
Scrutinizer fixes
 2013-08-21 04:43:12 -07:00
Simon Welsh
c66cc952d2 Correct line length and indentation 2013-08-21 21:27:16 +12:00
Simon Welsh
2c0d03b2d6 Exclude docs and images foldes from Scrutinizer 2013-08-21 21:02:12 +12:00
Simon Welsh
4cb98f1afd Only have Scrutinizer check PHP files 2013-08-21 21:02:12 +12:00
Ingo Schommer
99da5cd198 Merge pull request #2336 from hafriedlander/fix/flush_30 
FIX Double slashes in ParameterConfirmationToken
 2013-08-20 06:26:44 -07:00
Hamish Friedlander
4a7aef0e25 FIX Double slashes in ParameterConfirmationToken 2013-08-19 11:35:34 +12:00
Ingo Schommer
74f65540a2 Validate 'archiveDate' user data in Versioned 
Not a security issue as such, since the user input is sanitized
before being used in Versioned->augmentSQL(). But it shouldn't
reach the session state either, since that's commonly assumed
to be sanitized data, and it leaves unnecessary room for error.

strtotime() has fairly loose validation rules around dates,
but its a good "first line of defence".
 2013-08-15 22:17:38 +02:00
Ingo Schommer
810f505924 Merge pull request #2315 from jbridson/patch-2 
Fixed Grammatical errors and issues where sentences didn't make sense.
 2013-08-09 02:04:01 -07:00
jbridson
1ce0a0d2b9 Fixed Grammatical errors and issues where sentences didn't make sense. 2013-08-09 15:22:03 +12:00
Sean Harvey
f9dca6f857 Merge pull request #2313 from jbridson/patch-1 
Fixed issue with inconsistent use of punctuation and wording of Tutorial...
 2013-08-08 19:22:16 -07:00
jbridson
0c4ff76921 Fixed issue with inconsistent use of punctuation and wording of Tutorial 5 summary 2013-08-09 14:20:41 +12:00
Ingo Schommer
7a117fe713 Added 3.0.6-rc1 changelog 2013-08-07 20:55:10 +02:00
Ingo Schommer
a213afd888 Added 3.0 changelog 2013-08-07 20:16:59 +02:00