Serge Latyntcev
f67e15b8ee
Merge branch '4.5' into 4
2019-11-20 11:12:49 +13:00
Serge Latyntcev
91e4aa90f1
Merge branch '4.4' into 4.5
2019-11-20 11:09:23 +13:00
Serge Latyntcev
8219491705
Merge branch '4.3' into 4.4
2019-11-20 11:08:35 +13:00
Robbie Averill
77ccadd663
Merge pull request #9300 from LABCAT/patch-1
...
Improvement to docs for send_file function
2019-11-14 09:08:16 -08:00
Serge Latyntcev
559f660e0e
Merge branch '4.4' into 4
2019-11-13 15:40:34 +13:00
Mojmir Fendek
e2bea6b41f
API Add withConfig
method ( #9011 )
...
* With config functionality added.
* Update docs/en/02_Developer_Guides/04_Configuration/00_Configuration.md
2019-10-31 16:12:04 +13:00
Michal Kleiner
4f614423ad
Ensure Requirements_Backend respects explicit false for async/defer
2019-10-30 09:59:57 +13:00
Damian Mooyman
e76601e5c8
BUG FormAction title property cannot be set if useButtonTag is false
2019-10-29 17:21:45 +13:00
LABCAT
501d9a1480
Update HTTPRequest.php
2019-10-23 22:52:53 +13:00
LABCAT
630c6c0514
Update src/Control/HTTPRequest.php
...
Co-Authored-By: Robbie Averill <robbie@averill.co.nz>
2019-10-23 21:05:22 +13:00
Garion Herman
17f4cc6e30
Merge pull request #9281 from creative-commoners/pulls/4/textfield-tip-ui
...
NEW: Add support for Tip UI in TextField
2019-10-23 16:50:43 +13:00
Garion Herman
bed3f2b3c6
NEW Add type declarations to Tip API, add TippableFieldInterface
2019-10-23 10:46:22 +13:00
Garion Herman
195417b061
NEW Extract Tip from TextField, add test coverage
2019-10-22 17:04:58 +13:00
LABCAT
d3a17958ef
Update src/Control/HTTPRequest.php
...
Co-Authored-By: Robbie Averill <robbie@averill.co.nz>
2019-10-22 16:17:04 +13:00
LABCAT
67c944c962
Improvement to docs for send_file function
2019-10-22 15:18:03 +13:00
Serge Latyntsev
bd2ccf70fa
Merge pull request #9282 from open-sausages/pulls/4/docs/clarify-basic-auth
...
DOCS Clarify BasicAuth limitations
2019-10-22 14:01:51 +13:00
Maxime Rainville
e59625fe5a
NEW Add ability to define image size preset for the TinyMCE editor. ( #9276 )
...
* NEW Add ability to define image size preset for the TinyMCE editor.
* DOC Explain how to define image size pre-sets
2019-10-22 11:50:28 +13:00
Serge Latyntcev
33a28394d6
Merge branch '4.4' into 4
2019-10-18 15:59:28 +13:00
Serge Latyntcev
0cf5d4cbe2
Merge branch '4.3' into 4.4
2019-10-18 15:58:13 +13:00
Serge Latyntcev
46b9530d88
PSR2 linting fixes
2019-10-18 15:31:39 +13:00
Serge Latyntcev
7873efde9c
Merge branch '4.4' into 4
2019-10-18 10:58:19 +13:00
Serge Latyntcev
dcbe6d0310
Merge branch '4.3' into 4.4
2019-10-18 10:57:35 +13:00
Garion Herman
efc7ba9520
NEW Tweak TextField Tip API to match changes to component
2019-10-11 15:04:56 +13:00
Ingo Schommer
8dcda91538
DOCS Clarify BasicAuth limitations
2019-10-10 10:41:39 +13:00
Garion Herman
a44bc5bcf3
NEW Add support for Tip UI in TextField
...
See TextField documentation in silverstripe/admin Pattern Library
2019-10-09 16:26:06 +13:00
Damian Mooyman
d7752b7945
Run PSR2 Lint cleaner
2019-10-04 13:26:31 +13:00
Damian Mooyman
f1594fd991
BUG Ensure that canCreate() context matches that respected by GridFieldAddNewButton
2019-10-04 11:24:34 +13:00
Robbie Averill
1265f09f4f
Merge pull request #9271 from michalkleiner/pulls/4/check-array-props-in-custom-methods
...
FIX Check array keys existence when removing methods in CustomMethods
2019-10-03 14:30:22 -07:00
Serge Latyntcev
7db524bd90
FIX DebugViewFrendlyErrorFormatter handle of admin_email
2019-10-04 10:26:54 +13:00
Robbie Averill
e49cec3a00
Merge pull request #9247 from jakxnz/pulls/4/record-login-attempt-outputs
...
ENHANCEMENT: MemberAuthenticator::recordLoginAttempt() outputs
2019-10-03 10:46:34 -07:00
Dylan Wagstaff
047ac060c4
Merge pull request #9265 from emteknetnz/feature/noopener
...
Add noopener attribute to links with a target
2019-10-03 14:42:50 +13:00
Steve Boyd
887f198b07
Add rel attribute to link elements with a target attribute
2019-10-03 14:03:12 +13:00
Damian Mooyman
58c080db5a
FEATURE Option placeholder for upload folder id ( #9262 )
...
* FEATURE Option placeholder for upload folder id
* ENHANCEMENT Add setFolderName() to TinyMCEConfig
* Typehint return type
* Add type to param
2019-09-30 10:50:55 +13:00
Michal Kleiner
1a2dbfd3a5
Update conditional logic when checking array keys before removing methods in CustomMethods
2019-09-30 10:17:59 +13:00
Michal Kleiner
52a039f631
Check array keys existence prior to their usage when removing methods in CustomMethods
2019-09-27 14:57:15 +12:00
JorisDebonnet
349589b23b
Clarify that $title in FormField can accept ViewableData
...
When constructing a FormField, an IDE would previously tell you the `$title` needs to be string (or null). Let's make it more clear that a ViewableData instance (such as `HTMLValue::create($title)`) is also accepted. This should help people more quickly find a solution to put html in labels.
2019-09-26 02:39:39 +02:00
Sam Minnée
af6644f762
Merge pull request #9240 from chrometoasters/pulls/db-readonly-transactions-support
...
NEW Introduce supported database transaction mode check
2019-09-25 10:02:53 +12:00
Serge Latyntcev
88fde6e7c3
Merge branch '4.4' into 4
2019-09-24 17:29:06 +12:00
Serge Latyntcev
50a1aa4c4d
Merge branch '4.3' into 4.4
2019-09-24 17:28:31 +12:00
Aaron Carlino
b002ef1171
Merge branch '4.4' into 4
2019-09-24 17:26:50 +12:00
Serge Latyntcev
8b7063a8e2
[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution
2019-09-24 16:03:48 +12:00
Serge Latyntcev
eccfa9b10d
[CVE-2019-12203] Session fixation in "change password" form
...
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 16:03:48 +12:00
Serge Latyntcev
5af205993d
[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution
2019-09-24 16:00:51 +12:00
Serge Latyntcev
569237c0f4
[CVE-2019-12203] Session fixation in "change password" form
...
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 16:00:51 +12:00
Jackson Darlow
a033662a3a
MemberAuthenticator::recordLoginAttempt() outputs
2019-09-24 14:24:59 +12:00
Garion Herman
0d27f32cc9
FIX Add 'legal empty attributes' to allow empty alt values on imgs
...
In some situations, a caption is used in place of a value in the alt
attribute, and in others an image may be cosmetic and not in need of an
alt attribute value (though the alt attribute must still be rendered in
this case).
2019-09-24 11:44:12 +12:00
Robbie Averill
3cfc21c405
Merge pull request #9241 from open-sausages/pulls/4.4.3/fix-file-permission
...
Fix administrators not being able to see files that are restricted to groups
2019-09-23 11:13:26 -07:00
Guy Marriott
aa7c057422
FIX: Don't force-add view button to readonly GridField (fixes #… ( #9254 )
...
FIX: Don't force-add view button to readonly GridField (fixes #9249 )
2019-09-23 10:31:25 -07:00
Loz Calver
efdb9cc718
FIX: run member CMS validator when editing via groups ( fixes #9184 )
2019-09-23 16:59:58 +01:00
Loz Calver
d85ff3bc44
FIX: Don't force-add view button to readonly GridField ( fixes #9249 )
2019-09-23 16:52:47 +01:00