Serge Latyntcev
6c39962b7a
Merge branch '4.5' into 4
2020-02-19 10:21:11 +13:00
Serge Latyntcev
6c2f179a43
Merge branch '4.4' into 4.5
2020-02-19 10:20:50 +13:00
Serge Latyntsev
91f091f418
Merge pull request #9410 from blueo/patch-1
...
Update CVE number to CVE-2019-19325
2020-02-19 10:15:52 +13:00
Bernard Hamlin
765810b013
Update CVE number to CVE-2019-19325
2020-02-19 09:58:12 +13:00
Robbie Averill
4aade0a39a
Merge pull request #9409 from tiller1010/patch-2
...
Update 02_FixtureFactories.md
2020-02-18 13:43:32 +13:00
Tyler Trout
b7391fd34f
Update 02_FixtureFactories.md
...
- Removed duplicate `use SilverStripe\Core\Injector\Injector;`
- Changed $myPageObj to $MyObjectObj
2020-02-17 16:49:52 -05:00
Maxime Rainville
affd43052a
Merge branch '4.5' into 4
2020-02-17 18:11:23 +13:00
Maxime Rainville
5fd16cd7e1
Add 4.5.1 changelog
2020-02-17 17:47:23 +13:00
Maxime Rainville
d95e911f1d
Update translations
2020-02-17 02:29:18 +00:00
Maxime Rainville
7ce2abf74d
Merge remote-tracking branch 'origin/4.4' into 4.5
2020-02-17 14:43:38 +13:00
Maxime Rainville
a9598eec3f
Added 4.4.5 changelog
2020-02-17 14:02:57 +13:00
Maxime Rainville
0a9866c087
Update translations
2020-02-17 14:01:02 +13:00
Maxime Rainville
acd7d94167
Merge branch '4.4' into 4.5
2020-02-17 13:07:26 +13:00
Maxime Rainville
49fda52b12
Merge pull request #94 from silverstripe-security/fix/cve-2019-19325
...
CVE-2019-1935
2020-02-17 12:54:40 +13:00
Steve Boyd
08cc057049
Merge pull request #9404 from creative-commoners/pulls/4/minor-lockstep-release-docs
...
DOCS Add note to update minimum core requirements in minor releases
2020-02-17 10:11:34 +13:00
Serge Latyntcev
ad1b00ec7d
[CVE-2019-19325] XSS through non-scalar FormField attributes
...
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
Guy Marriott
c31de772ab
Merge pull request #8838 from creative-commoners/pulls/4/slash-means-root
...
Use '/' as an alternative designation for root in routing
2020-02-14 11:29:32 -08:00
Garion Herman
29943f9049
API TestSession request methods now use the correct HTTP method ( #8987 )
...
* API TestSession request methods now use the correct HTTP method
* DOCS Update requests section in Functional Testing to reflect API change
2020-02-14 16:01:06 +13:00
Ingo Schommer
bf5a46901c
DOCS Web worker concurrency caveats ( #9223 )
2020-02-14 15:23:20 +13:00
Garion Herman
be71f34cac
DOCS Add documentation covering Root URL Handler behaviour
2020-02-14 14:41:10 +13:00
Garion Herman
9d1d59d8d1
NEW Accept / as designation for root URL controller
2020-02-14 14:41:10 +13:00
Steve Boyd
8c7e10bd55
Merge branch '4.5' into 4
2020-02-11 16:45:35 +13:00
Steve Boyd
9d5c3ef20e
Merge branch '4.4' into 4.5
2020-02-11 16:45:15 +13:00
Steve Boyd
8dcaed25f4
Merge pull request #9386 from silverstripe-terraformers/feature/orm-column
...
ORM bugfix and enhancement
2020-02-11 15:56:03 +13:00
Garion Herman
a2beabd430
DOCS Add note to update minimum core requirements in minor releases
2020-02-11 14:19:03 +13:00
Mojmir Fendek
285e6caafa
PR fixes
2020-02-11 10:43:01 +13:00
Mojmir Fendek
448147c2f1
PR fixes
2020-02-10 09:17:34 +13:00
Mojmir Fendek
660f80d284
PR fixes
2020-02-07 13:49:19 +13:00
Guy Marriott
73990ac189
Merge pull request #9399 from creative-commoners/broken-link
...
DOCS fix a broken link
2020-02-06 16:07:40 -08:00
brynwhyman
b60def66dd
DOCS fix a broken link
2020-02-07 12:49:17 +13:00
Robbie Averill
fe496a29ec
Merge pull request #9397 from mikenuguid/bugfix/update-orm-scaffoldformfield
...
FIX Update ORM DBField types to use Injector in scaffoldFormField()
2020-02-04 22:38:34 +13:00
mnuguid
ca36a47bb1
FIX Update ORM DBField types to use Injector in scaffoldFormField()
...
- This is usable in cases where a DBField is needed to be overloaded through the Injector.
2020-02-04 21:43:47 +13:00
Dylan Wagstaff
3a99a57d41
Merge pull request #9385 from mooror/patch-1
...
Updated the "Template Syntax" Documentation
2020-02-04 11:03:22 +13:00
Bryn Whyman
27517c55e7
Merge pull request #9396 from muskie9/patch-11
...
DOCS correct changelog link in README
2020-02-03 15:48:52 +13:00
Steve Boyd
566b81f326
Merge pull request #9392 from creative-commoners/pulls/4/document-tweak-releases
...
DOC Add documentation for tweak releases
2020-02-03 15:33:36 +13:00
Garion Herman
4ce63e4460
DOC Tweak wording on detach-tagged-base explanation [ci skip]
2020-02-03 15:20:47 +13:00
Nic
dd537f0cc9
DOCS correct changelog link in README
2020-02-02 20:20:38 -06:00
Garion Herman
efb1ebdd1a
DOC Add documentation for tweak releases
2020-02-03 14:53:40 +13:00
Robbie Averill
c6f5e7e2fa
Merge pull request #9393 from open-sausages/pulls/4/docs-damian-core-committer
...
DOCS Removed Damian as core committer :(
2020-01-31 12:32:12 +13:00
Ingo Schommer
daf32f2327
DOCS Removed Damian as core committer :(
2020-01-31 12:20:01 +13:00
Mojmir Fendek
99786dda22
ORM Column now supports related table lookup
2020-01-28 15:46:30 +13:00
Benjamin Blake
7c32a848aa
Updated the "Template Syntax" Documentation
...
Added a notice to the "Variables" section of the "Template Syntax" documentation to warn developers about common template variable gotchas
2020-01-27 15:18:40 -07:00
Mojmir Fendek
9c38c5f625
CMS action related extension points ( #9340 )
...
* CMS action related extension points
* Refactor to use fewer extension points
* Remove explicit return type
Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
2020-01-27 15:09:15 +13:00
Robbie Averill
a80fd433e2
Merge pull request #9384 from kenlog/patch-3
...
Docs: Fix link to Middleware not found
2020-01-25 11:02:30 -08:00
Valentino Pesce
24c28e4457
Docs: Fix link to Middleware not found
...
Fix link to Middleware not found in page Rate Limiting
2020-01-25 19:21:15 +01:00
Robbie Averill
a98a2d9c7f
Merge pull request #9379 from tiller1010/patch-1
...
Update to link
2020-01-24 12:41:44 -08:00
Loz Calver
87ad14dad3
Merge pull request #9371 from Greg808/patch-1
...
added addExtraClass
2020-01-24 09:20:16 +00:00
Andre Kiste
c7cec6e48b
Merge pull request #9320 from open-sausages/pulls/4/disabled-link-to-existing-gridfield-button
...
BUG The "Link existing" should be disabled rather than readonly
2020-01-24 15:59:34 +13:00
Maxime Rainville
6ff0f3f466
BUG The "Link existing" should be disabled rather than readonly.
2020-01-24 14:47:12 +13:00
Robbie Averill
1fac44ab7a
Merge pull request #9378 from kenlog/patch-2
...
Docs: Fix route that doesn't exist
2020-01-21 12:53:10 -08:00