Commit Graph

888 Commits

Author SHA1 Message Date
mattclegg
6a640f1498
DOCS: Example should show how to disable VersionedGridfieldDetailForm as it's enabled by default 2020-04-13 17:34:55 +05:45
Robbie Averill
5002f514b3
FIX Capitalisation fixes in welcome back message (#9439) 2020-03-23 15:54:30 +13:00
Maxime Rainville
acd7d94167 Merge branch '4.4' into 4.5 2020-02-17 13:07:26 +13:00
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
DorsetDigital
7e361b6127
Doc: Remove old reference to theme
Update siteconfig doc to remove reference to setting the current theme.
2019-11-09 10:28:05 +00:00
Mojmir Fendek
e2bea6b41f API Add withConfig method (#9011)
* With config functionality added.
* Update docs/en/02_Developer_Guides/04_Configuration/00_Configuration.md
2019-10-31 16:12:04 +13:00
Serge Latyntsev
bd2ccf70fa
Merge pull request #9282 from open-sausages/pulls/4/docs/clarify-basic-auth
DOCS Clarify BasicAuth limitations
2019-10-22 14:01:51 +13:00
Maxime Rainville
e59625fe5a
NEW Add ability to define image size preset for the TinyMCE editor. (#9276)
* NEW Add ability to define image size preset for the TinyMCE editor.
* DOC Explain how to define image size pre-sets
2019-10-22 11:50:28 +13:00
jeremy
7900d2aeb1
Update docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md
Better worded

Co-Authored-By: Robbie Averill <robbie@averill.co.nz>
2019-10-18 11:23:44 +11:00
jeremy
1197b94415
Update Test documentation about database behaviours
This update is based on what I have experienced and this conversation on Slack https://silverstripe-users.slack.com/archives/C6PLF83H9/p1571281365001600
2019-10-18 10:38:23 +11:00
Ingo Schommer
8dcda91538 DOCS Clarify BasicAuth limitations 2019-10-10 10:41:39 +13:00
Serge Latyntcev
7dfc35d204 DOC Fix the required NodeJS version for CMS custamisation 2019-10-01 14:27:23 +13:00
Loz Calver
daf995da63
Fix syntax error in DataList docs 2019-09-30 09:36:12 +01:00
Maxime Rainville
d7f5ed3e65 DOC Substituce old apache syntax for Require 2019-09-25 16:59:48 +12:00
Garion Herman
637a891b8c DOC Include link to semver.org in modern JS / GQL warning 2019-09-25 11:22:04 +12:00
Garion Herman
3db0fa46b5 DOC Add warning about Semver status of modern JS / GraphQL tooling 2019-09-25 10:26:06 +12:00
Christopher Darling
c8f274de80
DOCS fix DataList::exclude() code example 2019-09-15 20:34:18 +01:00
Robbie Averill
b8e81983b9 DOCS Update PSR-12 compliance in GridField_ActionProvider docs code examples
[ci skip]
2019-09-13 18:09:10 -07:00
Robbie Averill
ed47f43133
Merge pull request #9169 from jakxnz/patch-1
Update 04_Create_a_GridField_ActionProvider.md
2019-09-13 18:05:51 -07:00
Ingo Schommer
229df95fe9 DOCS Warning about protected file serving in 4.x 2019-09-13 18:01:44 -07:00
Andre Kiste
75cd9dc944
Merge pull request #9202 from open-sausages/pulls/4/document-ss32-variant-migration
DOC Explain how to mgirate SS3.2 variants
2019-09-11 11:47:28 +12:00
Matt Peel
7083f016c1
Update secure coding standards
As of SS4.0.0 and the introduction of TrustedProxyMiddleware, the default now if no trusted proxies are defined is that nothing is a trusted proxy, whereas in SS3 a missing declaration was treated as everything being allowed.
2019-09-10 12:55:24 +12:00
Andre Kiste
23719af2a1
Apply suggestions from code review
Typos
2019-09-09 13:36:53 +12:00
Maxime Rainville
c165561580
Fix typos
Co-Authored-By: Robbie Averill <robbie@averill.co.nz>
2019-09-09 09:06:40 +12:00
Ingo Schommer
ca5b1cbf61 DOCS Rewrite server requirements
* Remove overly specific PHP RNG instructions (that's just built into PHP7 through random_bytes now, which will throw if no suitable RNG is available)
 * Remove PHP 5 RNG requirements, since we don't support that PHP release any mre
 * Remove verbose explanation of PHP 5.6 support
 * Remove conflicting instructions for PHP memory limits
 * Remove version numbers from supporetd databases other than MySQL, it's up to the community modules to define that
 * Remove Oracle support (code is nine years old!)
 * Make "community supported" status clearer on databases, people can draw their own conclusions as open source users on Github
 * Remove IIS version number, I think we should just stick to "needs web.config" and not give the impression that this is actively tested
 * Remove mention of OSes for web servers, that's kind of irrelevant in today's hosting world (containers, PaaS, etc)
 * Shorten install instructions in favour of a "quickstart" and point to lessons instead
 * Remove mention of archive download option, we really shouldn't promote this - composer is the de-facto standard
 * Add generic descriptions of the hosting environment considerations without going too much into specifics
 * Remove Apache version number, we don't test on different versions, and really mostly rely on mod_rewrite working properly. Laravel does the same (doesn't claim specific Apache version support)
2019-09-03 18:38:15 +12:00
Serge Latyntsev
296dc6a489 DOC Fix versioned snapshot image markdown (#9209) 2019-09-02 13:29:08 +12:00
Maxime Rainville
534e59faad DOC Explain how to mgirate SS3.2 variants 2019-08-28 15:08:55 +12:00
Ryan Potter
fa325d2360
Update pagination code snippet
Update pagination snippet to use summarised pagination.
2019-08-13 15:17:38 +12:00
Maxime Rainville
4380d7d155 API Add option to disable user-agent header session validation 2019-08-06 22:00:01 +12:00
Jackson Darlow
753b02d915
Update 04_Create_a_GridField_ActionProvider.md
Added missing parameters to boilerplate method
2019-08-06 13:36:45 +12:00
Jackson Darlow
9f7aad3b8f
Update 04_Create_a_GridField_ActionProvider.md 2019-08-06 13:32:44 +12:00
Robbie Averill
3224c9971b Merge branch '4.4' into 4 2019-08-02 11:24:54 +12:00
Robbie Averill
3b96c51688 Merge branch '4.3' into 4.4 2019-08-02 11:24:45 +12:00
Robbie Averill
2d2b0b82f0 DOCS Fix incorrect rendering of note on list item
[ci skip]
2019-07-25 12:03:12 +02:00
Robbie Averill
f1d8a04928
DOCS Fix broken markdown links for docs.silverstripe.org
[ci skip]
2019-07-22 13:02:57 +02:00
Ingo Schommer
4d93e48b10
DOCS Add silverstripe/login-forms (#9112)
See https://github.com/silverstripe/recipe-cms/issues/26.
Dependant on https://github.com/silverstripe/silverstripe-installer/pull/257.
2019-07-16 10:11:37 +12:00
UndefinedOffset
571a4d9ace NEW: Added support for config condition if PHP extension is loaded 2019-07-02 14:55:36 -03:00
Ingo Schommer
0a6096a1bb
DOCS File migration background notes (#9058) 2019-06-21 08:47:40 +12:00
Robbie Averill
dcf4c64704
Merge pull request #9077 from lerni/ss-log-example-config-docs-fix
fix #9075 log example yml-config in docs
2019-06-19 20:17:43 +12:00
lerni
0c7458cd21 add single quotes 2019-06-19 08:21:31 +02:00
lerni
e652b3e421 fix #9075 log example yml-config in docs 2019-06-18 09:17:25 +02:00
Ingo Schommer
732dfe5aaa DOCS Clarify cascade publish/delete perm checks
We decided during implementation not to check permissions explicitly on cascading objects due to performance concerns.
For example, when publishing a page with embedded images, publish permissions on the image are implied - even if Image->canPublish() would return false for this author.

See https://github.com/silverstripe-security/security-issues/issues/57
2019-06-18 16:27:29 +12:00
Guy Marriott
bb5b610636
Merge branch '4.4' into 4 2019-06-17 08:58:50 +12:00
Serge Latyntsev
2e33456e46 Mention versioned snapshots in the versions documentation (#9057)
* Mention versioned snapshots in the versions documentation

* Add screenshot
2019-06-16 23:52:30 +12:00
Rob Ingram
663e23fae3
Update 03_Track_member_logins.md
The extension point for members has changed from `memberLoggedIn` to `afterMemberLoggedIn`.
2019-06-12 10:13:20 +12:00
Juan Molina
ef5f2a526f
Minor revision, broken link
Minor typos and broken link corrected, added some typographic consistency.
2019-06-10 18:46:14 +02:00
Aaron Carlino
d04e54c1be Merge branch '4.4' into 4 2019-06-10 17:33:30 +12:00
Aaron Carlino
c747b1f8d3 Merge branch '4.3' into 4.4 2019-06-10 17:32:07 +12:00
Aaron Carlino
f766555d61 Merge branch '4.2' into 4.3 2019-06-10 17:27:05 +12:00
Serge Latyntcev
ca56e8d78e [CVE-2019-12246] Denial of Service on flush and development URL tools 2019-06-10 17:23:56 +12:00