Commit Graph

10456 Commits

Author SHA1 Message Date
Damian Mooyman
5f6ac27934 Bug fix sqlquery select 2015-05-28 18:24:07 +12:00
Damian Mooyman
94b2963ad8 Added 3.0.13 changelog 2015-03-31 14:11:11 +13:00
Chris Pitt
9a97ae962f Merge branch 'pulls/3.0/xss-fix' into '3.0.13'
Backport of SS-2015-009 into 3.0

See merge request !4
2015-03-30 11:23:18 +13:00
Christopher Pitt
bdef4fc7a5 Fixed XSS vulnerability relating to rewrite_hash 2015-03-30 10:59:39 +13:00
Damian Mooyman
11521fb92d Added 3.0.12 changelog 2015-03-19 17:35:09 +13:00
Daniel Hensby
663f9c9cbe Merge pull request #3913 from muskie9/patch-5
DOCS Update common-problems.md
2015-02-17 22:33:33 +00:00
Nic
54fef8961b Update common-problems.md
Properly instruct where to put `DirectoryIndex disabled`
2015-02-17 16:32:54 -06:00
Daniel Hensby
75299f7e4d Merge pull request #3911 from muskie9/patch-4
Update Common Problems with mod_rewrite issue
2015-02-17 15:44:25 +00:00
Nic
a41f860ee2 Update Common Problems with mod_rewrite issue
3.0 docs
2015-02-17 09:42:21 -06:00
Daniel Hensby
aa6debcdea Removing redundant PHP syntax declaration 2015-02-16 13:57:04 +00:00
Will Rossiter
d6336873d4 Merge pull request #3761 from camfindlay/patch-12
BUG Fix tutorial index page for the new doc site
2015-01-08 10:17:49 +13:00
Cam Findlay
ac922a0aa6 BUG Fix tutorial index page for the new doc site
Required for roll out of new docs.
2015-01-08 09:59:35 +13:00
Ingo Schommer
28760e051d Merge pull request #3674 from ss23/api-https-fix
API Fix HTTPS proxy header detection (Same as #3152)
2014-11-25 08:23:44 +13:00
Stephen Shkardoon
b3407abe4b API Fix HTTPS proxy header detection (Same as #3152)
Didn't use the de facto standard HTTP_X_FORWARDED_PROTO or the less standard HTTP_FRONT_END_HTTPS.
Removed the 'X-Forwarded-Proto', since PHP should prefix/underscore all HTTP headers before it hits $_SERVER.

References:
- https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
- https://drupal.org/node/1859252
- https://drupal.org/node/313145
- http://scottwb.com/blog/2013/02/06/always-on-https-with-rails-behind-an-elb/
2014-11-25 03:21:36 +13:00
Ingo Schommer
1661213e5b FIX Opt-out pf form message escaping (fixes #2796)
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.
2014-08-22 16:59:34 +12:00
Joel Marcey
0c85680371 Support PHPUnit 3.8+ compatibility
Summary:

PHPUnit 3.8+ adds a method to its PHPUnit_Framework_TestListener called addRiskyTest(). Need to stub it out to avoid "must implement this interface method" fatals when using 3.8+

Test Plan:

Reviewers:

CC:

Task ID: #

Blame Rev:
2014-08-22 13:43:23 +12:00
Damian Mooyman
a6f244faff Merge pull request #3231 from tscole/patch-2
Update i18n.php
2014-06-24 09:14:17 +12:00
tscole
32c2028368 Update i18n.php
Norwegian should use 'nb' and not 'no' in common languages array
2014-06-23 14:52:08 +01:00
Damian Mooyman
d76486344a Merge pull request #3172 from stevie-mayhew/patch-1
Update datamodel.md
2014-05-29 16:58:26 +12:00
Stevie Mayhew
0da889bde2 Update datamodel.md
Fix broken link to SS_List->column
2014-05-29 16:25:40 +12:00
Damian Mooyman
083c0e083b Merge pull request #3171 from ss23/patch-4
Update i18n.md
2014-05-29 14:34:10 +12:00
Stephen Shkardoon
6b410aa9a0 Update i18n.md
Fix a link being inside backticks, which broke the formatting.
2014-05-29 13:13:45 +12:00
Damian Mooyman
d9c037bb69 Merge remote-tracking branch 'origin/3.0.11' into 3.0 2014-05-13 14:02:28 +12:00
Damian Mooyman
ce516ca1cd Release docs 2014-05-13 13:02:21 +12:00
Will Morgan
1d4082b6f0 MINOR Use composer @stable for PHPUnit
Using stable will allow some packages to be downloaded as zips instead of clones all the time.
2014-05-13 11:25:56 +12:00
Will Morgan
8ab3881bfa MINOR Use composer @stable for PHPUnit
Using stable will allow some packages to be downloaded as zips instead of clones all the time.
2014-05-09 16:42:43 +12:00
Damian Mooyman
98e5c1556f Release docs update 2014-05-07 15:54:55 +12:00
Damian Mooyman
0099a18182 Merge pull request #3100 from tractorcow/pulls/3.0-fix-foldername
FIX Folder Title not being exactly the same as Name field
2014-05-07 15:34:59 +12:00
Damian Mooyman
0ae96ab030 Changelog tags 2014-05-07 14:11:10 +12:00
Damian Mooyman
953e4b4c49 Added change log for 3.0.11-rc1 2014-05-07 14:03:13 +12:00
Ingo Schommer
ea1a0d16fc Merge pull request #3106 from tractorcow/pulls/3.0/path-checking
Path resolution cleanup
2014-05-07 08:39:17 +12:00
Damian Mooyman
9bfeffd06a Path resolution cleanup
Backport of #3085 to 3.0
2014-05-06 15:20:57 +12:00
Simon Welsh
ddae5825b3 Merge pull request #3102 from ss23/patch-3
MINOR LeftAndMain::getRecord check $ClassName before use
2014-05-05 17:47:57 +10:00
Stephen Shkardoon
677f0edcfc MINOR LeftAndMain::getRecord check $ClassName before use
While the check for `$classname` was done in the first conditional, it was left out of the other two, leading to potential issues when an invalid ID was given, instead of the expected `false`.
2014-05-05 19:26:05 +12:00
Hamish Friedlander
ad27cd5ec9 FIX Folder Title not being exactly the same as Name field
Backport to 3.0 of PR #3086
2014-05-05 14:39:45 +12:00
Ingo Schommer
fc8da3fb1d Merge pull request #3087 from tractorcow/pulls/3.0-phpunit
BUG Allow PHPUnit installation with composer / Fix travis
2014-05-05 13:20:17 +12:00
Damian Mooyman
b9872c0856 Allow PHPUnit installations with composer
Instruct travis to use composer version of phpunit
2014-05-02 18:23:58 +12:00
Damian Mooyman
1766cccace Merge pull request #3044 from mateusz/hash
FIX: ConfirmedPasswordField used to expose existing hash
2014-04-17 13:11:58 +12:00
Hamish Friedlander
f2c4a629a7 FIX: ConfirmedPasswordField used to expose existing hash 2014-04-17 11:57:57 +12:00
Damian Mooyman
6bc9cfe46d Merge pull request #3040 from mateusz/plugins30
BUG Load just one of each plugin.
2014-04-16 15:38:52 +12:00
Mateusz Uzdowski
9d74bc461d BUG Load just one of each plugin. 2014-04-16 15:08:31 +12:00
Damian Mooyman
c87373d095 Add 3.0.10 upgrade docs 2014-04-08 12:30:24 +12:00
Hamish Friedlander
5b0a969794 Merge pull request #3011 from tractorcow/pulls/absurl
Docs / Tests for Director::absoluteURL
2014-04-08 10:04:36 +12:00
Damian Mooyman
15c6b67c29 Docs / Tests for Director::absoluteURL 2014-04-08 09:16:48 +12:00
Damian Mooyman
9230d41186 Include announcement links for security fixes 2014-04-01 17:40:39 +13:00
Damian Mooyman
cf2a314a50 Added change log to upgrade docs 2014-03-31 16:31:25 +13:00
Damian Mooyman
21f50f44e5 3.0.10-rc1 upgrading docs 2014-03-31 16:07:53 +13:00
Martin D
3e05ccb9b7 Fix link to the HtmlEditorField API page
Closes #2990
2014-03-30 18:04:17 +13:00
Hamish Friedlander
b5c14150cc Merge pull request #2987 from tractorcow/pulls/2981
FIX Escape the redirect URL before outputting (alternate implementation)
2014-03-27 14:46:18 +13:00
Damian Mooyman
f8e3bbe3ae BUG Fix encoding of JS redirection script 2014-03-27 14:35:14 +13:00