Commit Graph

739 Commits

Author SHA1 Message Date
Robbie Averill
6f50728b18
Merge pull request #59 from silverstripe-security/pulls/4.0/ss-2018-006
[ss-2018-006] Prevent code execution in template value resolution
2018-05-14 17:06:04 +12:00
Robbie Averill
cd716fb61b Switch check for is_string 2018-05-14 17:05:31 +12:00
Damian Mooyman
2e13ae746f [ss-2018-006] Prevent code execution in template value resolution 2018-05-14 17:05:31 +12:00
Damian Mooyman
d935140a95 [ss-2018-005] Prevent unauthenticated isDev / isTest being allowed 2018-05-14 17:03:39 +12:00
Damian Mooyman
02ec0b8375
Merge pull request #7829 from Firesphere/patch-3
[bugfix] $request == null breaks
2018-02-05 16:43:40 +13:00
Simon Erkelens
a071672b48 [bugfix] $request == null breaks
The $request incoming as null was not properly detected by the if/elseif structure.
2018-02-05 13:02:07 +13:00
Damian Mooyman
288aaf083c
BUG Fix issue with DebugView failing on class name of existing class
Fixes #7827
2018-02-05 10:45:49 +13:00
Damian Mooyman
740c3326e9
BUG Fix critical issue with incorrectly saved session data 2018-02-02 15:08:52 +13:00
Damian Mooyman
cb30e09130
Update reference from $databaseConfig to .env 2018-02-01 12:58:55 +13:00
Damian Mooyman
11f4693648
Merge pull request #7816 from creative-commoners/pulls/4.0/setrighttitle-phpdoc
Update phpdoc for FormField::setRightTitle regarding escaped HTML
2018-01-31 16:48:17 +13:00
Robbie Averill
c0ffe2797a Update phpdoc for FormField::setRightTitle regarding escaped HTML 2018-01-31 11:03:35 +13:00
Damian Mooyman
ab6428ef59
Merge pull request #7808 from creative-commoners/pulls/4.0/fix-html5-parsing-embeds
FIX Allow cleanup marker regex to handle self closing HTML5 tags
2018-01-31 10:24:34 +13:00
Raissa North
cd6faac7a9
FIX Fix typo in error message 2018-01-30 15:48:42 +13:00
Robbie Averill
3d7ecc5240 FIX Allow cleanup marker regex to handle self closing HTML5 tags 2018-01-30 11:16:21 +13:00
Roman Schmid
6fafce766e Fixed Rfc3339 implementation of Date and Datetime 2018-01-24 16:58:12 +01:00
Robbie Averill
1a421dc947
Merge pull request #7792 from open-sausages/pulls/4.0/fix-limit-phpdoc
DOC Fix phpdoc on ArrayList::limit
2018-01-24 11:20:37 +13:00
Chris Joe
c0085efae6
Merge pull request #7785 from open-sausages/pulls/4.0/better-upload-message
BUG Better upload error message
2018-01-24 10:37:47 +13:00
Damian Mooyman
3fce5372b0
DOC Fix phpdoc on ArrayList::limit
Fixes #7781
2018-01-24 10:18:15 +13:00
Dylan Wagstaff
e1a4b89912
Code lint fix
change `else if` to `elseif`
2018-01-24 09:04:22 +13:00
Dylan Wagstaff
9c3feb4ab4
FIX: Allow absolute URLs be use as resources
At current certain interfaces exist that assume only local assets will be loaded (e.g. `SilverStripe\Forms\HTMLEditor\TinyMCEConfig::getConfig()`), where as someone may wish to load an off site resource via the use of an absolute URL (e.g. for fontawesome css provided via a CDN). Because asset path parsing is filtered through a `SilverStripe\Core\Manifest\ResourceURLGenerator`, one must either know in advance if they want an internal or external resource (loading different generators), or the API must allow for this (i.e. an inclusion function for each type of asset). So we can either double the API on the implementing class, or simply make an exception for an absolute URL as high as possible; inside the filter - for which the `vendor/module : path/to/file.asset` shorthand syntax was specifically designed not to conflict with.
2018-01-23 17:31:43 +13:00
Damian Mooyman
b44273d1d6
BUG Better upload error message
Fixes https://github.com/silverstripe/silverstripe-asset-admin/issues/720
2018-01-23 16:08:42 +13:00
Damian Mooyman
60fa7558d3
BUG Fix double casting in login authenticator name
Fixes #7769
2018-01-22 14:06:24 +13:00
Damian Mooyman
16ad7e8fea
BUG Make GridFieldConfig less susceptible to error when versioned isn't installed 2018-01-18 16:43:51 +13:00
Daniel Hensby
3eaa83ed82
Add PUBLIC_* constants to constants.php for easier backwards compatible support of 4.0 and 4.1 2018-01-17 15:16:15 +00:00
Daniel Hensby
6aaee429db
Remove inaccurate comment from constants.php 2018-01-17 15:15:38 +00:00
Daniel Hensby
db610aaf3b
Fixing string concat CS issues 2018-01-16 18:39:30 +00:00
Daniel Hensby
42511d8061
Merge pull request #7714 from @zanderwar 2018-01-16 15:43:18 +00:00
Loz Calver
daac577e62
Merge pull request #7763 from creative-commoners/pulls/4.0/fix-remove-header
FIX HTTPResponse::removeHeader incorrectly converts header name to lowercase
2018-01-16 11:04:03 +00:00
Robbie Averill
a8c156ae98
Merge pull request #7756 from dhensby/pulls/4.0/fix-bad-request-form-handlers
Forms with FormHandlers don't have access to current request object
2018-01-16 23:32:00 +13:00
Robbie Averill
cc90cb0125 FIX HTTPResponse::removeHeader incorrectly converts header name to lowercase 2018-01-16 23:20:52 +13:00
Damian Mooyman
f86b855c90
BUG Prevent basic-auth from disallowing logout
Fixes #7555
2018-01-16 15:24:20 +13:00
Daniel Hensby
dc96862cac
FIX Forms run through FormHandler rather than Controllers now have access to current Request 2018-01-15 13:08:43 +00:00
Damian Mooyman
a15c6887fc
Merge pull request #7746 from dhensby/pulls/4.0/allow-injector-extensions
FIX Allow extension instances to be overridden by injector
2018-01-12 17:10:04 +13:00
Daniel Hensby
7d66342496
FIX Allow extension instances to be overridden by injector 2018-01-12 00:38:15 +00:00
Andrew Aitken-Fincham
fb5476cb70 check for UPLOAD_ERR_NO_FILE on FileField::saveinto 2018-01-03 12:01:18 +00:00
Daniel Hensby
02761d6ca8
Merge pull request #7712 from creative-commoners/pulls/4.0/fix-last-non-sortable-column
FIX Ensure last GridField column when non sortable has its title displayed
2017-12-28 11:53:14 +00:00
Damian Mooyman
f885101a1b
BUG Fix basic auth in PHP-CGI
Fixes #7717
2017-12-21 14:58:19 +13:00
Damian Mooyman
ce07e4781e BUG Do database migrations before default records
Fixes #7703
2017-12-18 16:37:21 +13:00
Damian Mooyman
d9d1e13735
Merge pull request #7707 from gorriecoe/Requirements-javascriptTemplate-ModuleResourceLoader
FIX: Added ModuleResourceLoader to javascriptTemplate
2017-12-18 14:27:32 +13:00
Reece Alexander
9c91e9820e
Returns chainability in setValue from parent 2017-12-17 17:21:42 +10:00
Robbie Averill
ea8ed5067d FIX Allow Requirements::block to handle module resource paths 2017-12-17 16:09:22 +13:00
Raissa North
369653b5df FIX Ensure last GridField column when non sortable has its title displayed 2017-12-15 16:45:46 +13:00
Gorrie Coe
ef74911922 Added ModuleResourceLoader to javascriptTemplate 2017-12-15 11:20:20 +13:00
Daniel Hensby
1c72d6946d
Merge branch '3.6' into 4.0 2017-12-14 21:01:35 +00:00
Damian Mooyman
1c8576cee7
Linting cleanup 2017-12-14 14:18:41 +13:00
Damian Mooyman
ed6561d9f5
BUG Fix incorrect merge of associative / non-associative summary fields
Fixes #7696
2017-12-14 14:17:19 +13:00
Damian Mooyman
a2fa9f0943
Merge pull request #7694 from creative-commoners/pulls/4.0/injection-session
FIX Use Injector to retrieve the current session
2017-12-12 16:47:36 +13:00
Robbie Averill
eb6c1fc6de FIX Allow the current controller as well as injectable HTTPRequest objects 2017-12-12 16:35:53 +13:00
Robbie Averill
097d0697c5 FIX Use Injector to retrieve the current session 2017-12-12 16:03:16 +13:00
Damian Mooyman
2391af5ba7
Fix literal linting 2017-12-12 09:22:18 +13:00