Robbie Averill
6f50728b18
Merge pull request #59 from silverstripe-security/pulls/4.0/ss-2018-006
...
[ss-2018-006] Prevent code execution in template value resolution
2018-05-14 17:06:04 +12:00
Robbie Averill
cd716fb61b
Switch check for is_string
2018-05-14 17:05:31 +12:00
Damian Mooyman
2e13ae746f
[ss-2018-006] Prevent code execution in template value resolution
2018-05-14 17:05:31 +12:00
Damian Mooyman
d935140a95
[ss-2018-005] Prevent unauthenticated isDev / isTest being allowed
2018-05-14 17:03:39 +12:00
Damian Mooyman
02ec0b8375
Merge pull request #7829 from Firesphere/patch-3
...
[bugfix] $request == null breaks
2018-02-05 16:43:40 +13:00
Simon Erkelens
a071672b48
[bugfix] $request == null breaks
...
The $request incoming as null was not properly detected by the if/elseif structure.
2018-02-05 13:02:07 +13:00
Damian Mooyman
288aaf083c
BUG Fix issue with DebugView failing on class name of existing class
...
Fixes #7827
2018-02-05 10:45:49 +13:00
Damian Mooyman
740c3326e9
BUG Fix critical issue with incorrectly saved session data
2018-02-02 15:08:52 +13:00
Damian Mooyman
cb30e09130
Update reference from $databaseConfig to .env
2018-02-01 12:58:55 +13:00
Damian Mooyman
11f4693648
Merge pull request #7816 from creative-commoners/pulls/4.0/setrighttitle-phpdoc
...
Update phpdoc for FormField::setRightTitle regarding escaped HTML
2018-01-31 16:48:17 +13:00
Robbie Averill
c0ffe2797a
Update phpdoc for FormField::setRightTitle regarding escaped HTML
2018-01-31 11:03:35 +13:00
Damian Mooyman
ab6428ef59
Merge pull request #7808 from creative-commoners/pulls/4.0/fix-html5-parsing-embeds
...
FIX Allow cleanup marker regex to handle self closing HTML5 tags
2018-01-31 10:24:34 +13:00
Raissa North
cd6faac7a9
FIX Fix typo in error message
2018-01-30 15:48:42 +13:00
Robbie Averill
3d7ecc5240
FIX Allow cleanup marker regex to handle self closing HTML5 tags
2018-01-30 11:16:21 +13:00
Roman Schmid
6fafce766e
Fixed Rfc3339 implementation of Date and Datetime
2018-01-24 16:58:12 +01:00
Robbie Averill
1a421dc947
Merge pull request #7792 from open-sausages/pulls/4.0/fix-limit-phpdoc
...
DOC Fix phpdoc on ArrayList::limit
2018-01-24 11:20:37 +13:00
Chris Joe
c0085efae6
Merge pull request #7785 from open-sausages/pulls/4.0/better-upload-message
...
BUG Better upload error message
2018-01-24 10:37:47 +13:00
Damian Mooyman
3fce5372b0
DOC Fix phpdoc on ArrayList::limit
...
Fixes #7781
2018-01-24 10:18:15 +13:00
Dylan Wagstaff
e1a4b89912
Code lint fix
...
change `else if` to `elseif`
2018-01-24 09:04:22 +13:00
Dylan Wagstaff
9c3feb4ab4
FIX: Allow absolute URLs be use as resources
...
At current certain interfaces exist that assume only local assets will be loaded (e.g. `SilverStripe\Forms\HTMLEditor\TinyMCEConfig::getConfig()`), where as someone may wish to load an off site resource via the use of an absolute URL (e.g. for fontawesome css provided via a CDN). Because asset path parsing is filtered through a `SilverStripe\Core\Manifest\ResourceURLGenerator`, one must either know in advance if they want an internal or external resource (loading different generators), or the API must allow for this (i.e. an inclusion function for each type of asset). So we can either double the API on the implementing class, or simply make an exception for an absolute URL as high as possible; inside the filter - for which the `vendor/module : path/to/file.asset` shorthand syntax was specifically designed not to conflict with.
2018-01-23 17:31:43 +13:00
Damian Mooyman
b44273d1d6
BUG Better upload error message
...
Fixes https://github.com/silverstripe/silverstripe-asset-admin/issues/720
2018-01-23 16:08:42 +13:00
Damian Mooyman
60fa7558d3
BUG Fix double casting in login authenticator name
...
Fixes #7769
2018-01-22 14:06:24 +13:00
Damian Mooyman
16ad7e8fea
BUG Make GridFieldConfig less susceptible to error when versioned isn't installed
2018-01-18 16:43:51 +13:00
Daniel Hensby
3eaa83ed82
Add PUBLIC_* constants to constants.php for easier backwards compatible support of 4.0 and 4.1
2018-01-17 15:16:15 +00:00
Daniel Hensby
6aaee429db
Remove inaccurate comment from constants.php
2018-01-17 15:15:38 +00:00
Daniel Hensby
db610aaf3b
Fixing string concat CS issues
2018-01-16 18:39:30 +00:00
Daniel Hensby
42511d8061
Merge pull request #7714 from @zanderwar
2018-01-16 15:43:18 +00:00
Loz Calver
daac577e62
Merge pull request #7763 from creative-commoners/pulls/4.0/fix-remove-header
...
FIX HTTPResponse::removeHeader incorrectly converts header name to lowercase
2018-01-16 11:04:03 +00:00
Robbie Averill
a8c156ae98
Merge pull request #7756 from dhensby/pulls/4.0/fix-bad-request-form-handlers
...
Forms with FormHandlers don't have access to current request object
2018-01-16 23:32:00 +13:00
Robbie Averill
cc90cb0125
FIX HTTPResponse::removeHeader incorrectly converts header name to lowercase
2018-01-16 23:20:52 +13:00
Damian Mooyman
f86b855c90
BUG Prevent basic-auth from disallowing logout
...
Fixes #7555
2018-01-16 15:24:20 +13:00
Daniel Hensby
dc96862cac
FIX Forms run through FormHandler rather than Controllers now have access to current Request
2018-01-15 13:08:43 +00:00
Damian Mooyman
a15c6887fc
Merge pull request #7746 from dhensby/pulls/4.0/allow-injector-extensions
...
FIX Allow extension instances to be overridden by injector
2018-01-12 17:10:04 +13:00
Daniel Hensby
7d66342496
FIX Allow extension instances to be overridden by injector
2018-01-12 00:38:15 +00:00
Andrew Aitken-Fincham
fb5476cb70
check for UPLOAD_ERR_NO_FILE on FileField::saveinto
2018-01-03 12:01:18 +00:00
Daniel Hensby
02761d6ca8
Merge pull request #7712 from creative-commoners/pulls/4.0/fix-last-non-sortable-column
...
FIX Ensure last GridField column when non sortable has its title displayed
2017-12-28 11:53:14 +00:00
Damian Mooyman
f885101a1b
BUG Fix basic auth in PHP-CGI
...
Fixes #7717
2017-12-21 14:58:19 +13:00
Damian Mooyman
ce07e4781e
BUG Do database migrations before default records
...
Fixes #7703
2017-12-18 16:37:21 +13:00
Damian Mooyman
d9d1e13735
Merge pull request #7707 from gorriecoe/Requirements-javascriptTemplate-ModuleResourceLoader
...
FIX: Added ModuleResourceLoader to javascriptTemplate
2017-12-18 14:27:32 +13:00
Reece Alexander
9c91e9820e
Returns chainability in setValue from parent
2017-12-17 17:21:42 +10:00
Robbie Averill
ea8ed5067d
FIX Allow Requirements::block to handle module resource paths
2017-12-17 16:09:22 +13:00
Raissa North
369653b5df
FIX Ensure last GridField column when non sortable has its title displayed
2017-12-15 16:45:46 +13:00
Gorrie Coe
ef74911922
Added ModuleResourceLoader to javascriptTemplate
2017-12-15 11:20:20 +13:00
Daniel Hensby
1c72d6946d
Merge branch '3.6' into 4.0
2017-12-14 21:01:35 +00:00
Damian Mooyman
1c8576cee7
Linting cleanup
2017-12-14 14:18:41 +13:00
Damian Mooyman
ed6561d9f5
BUG Fix incorrect merge of associative / non-associative summary fields
...
Fixes #7696
2017-12-14 14:17:19 +13:00
Damian Mooyman
a2fa9f0943
Merge pull request #7694 from creative-commoners/pulls/4.0/injection-session
...
FIX Use Injector to retrieve the current session
2017-12-12 16:47:36 +13:00
Robbie Averill
eb6c1fc6de
FIX Allow the current controller as well as injectable HTTPRequest objects
2017-12-12 16:35:53 +13:00
Robbie Averill
097d0697c5
FIX Use Injector to retrieve the current session
2017-12-12 16:03:16 +13:00
Damian Mooyman
2391af5ba7
Fix literal linting
2017-12-12 09:22:18 +13:00