Commit Graph

554 Commits

Author SHA1 Message Date
Damian Mooyman
dd4c5417e7
Merge pull request #49 from silverstripe-security/pulls/3.5/ss-2017-007
[ss-2017-007] Ensure xls formulae are safely sanitised on output (3.5)
2017-12-06 16:25:58 +13:00
Daniel Hensby
2aa1d8f2c4
remove create_function usage 2017-12-05 14:20:13 +00:00
Damian Mooyman
22ccf3e2f9
[ss-2017-007] Ensure xls formulae are safely sanitised on output
CSVParser now strips leading tabs on cells
2017-12-01 10:19:48 +13:00
Daniel Hensby
24a768ae14
Merge branch '3.4' into 3.5 2017-05-26 14:57:15 +01:00
Daniel Hensby
85f0650796
Remove unnecessary nesting of config/injector in tests 2017-05-24 16:05:39 +01:00
Daniel Hensby
cc70d893bc
Merge branch '3.4' into 3.5 2017-05-18 13:53:49 +01:00
Daniel Hensby
49a0354998
Make sure that nested relations dont break 2017-05-17 23:01:42 +01:00
Thomas Portelange
efbf14be63
Allow filtering if a relation is defined or a formatting 2017-05-17 21:05:21 +01:00
Robbie Averill
55eb7ebdcc FIX Do not insert requirements more than once in includeInHTML
This change consolidates the string replacements used to insert requirements into the page content to help ensure
that they are not compounding and overwriting eachother.

The added test case includes where a user may have a Javascript snippet that contains a closing head tag, and the
test ensures that it does not get injected with requirements as well as the actual head tag in the DOM.
2017-04-07 17:04:17 +12:00
Daniel Hensby
56b887f578
Merge branch '3.4' into 3.5 2017-01-31 13:33:00 +00:00
Daniel Hensby
de7372ad3b
Test fixes - reorder assertions and ensure string returned 2017-01-16 14:46:22 +00:00
Daniel Hensby
78ed003977
Merge branch '3.4' into 3.5 2016-12-19 10:48:10 +00:00
Damian Mooyman
c007e85d1b
BUG Suppress HtmlEditorField casting
Fixes #6396
2016-12-19 16:03:48 +13:00
Daniel Hensby
efd8114fd5
Merge branch '3.4' into 3.5 2016-12-16 15:52:53 +00:00
Daniel Hensby
f8132b39af
Assertions should be $this->assert($expected, $actual) 2016-12-13 11:32:52 +00:00
Daniel Hensby
3e36f5691b
Merge branch '3.4' into 3.5.0 2016-11-22 11:31:39 +00:00
Daniel Hensby
f57244d526
Merge branch '3.3' into 3.4 2016-11-22 11:29:32 +00:00
Daniel Hensby
f17e21c4a3
Merge branch '3.2' into 3.3 2016-11-22 11:26:41 +00:00
Daniel Hensby
d2633be56d
Merge branch '3.1' into 3.2 2016-11-22 11:21:08 +00:00
Damian Mooyman
f43a91a4f8 API Add FormField::canSubmitValue()
API Add HTMLText::getProcessShortcodes() / setProcessShortcodes()
API Split TextareaField::Value() into ValueEntities() with shortcodes disabled
2016-11-17 09:55:03 +13:00
Daniel Hensby
3f4445641d
Merge branch '3.3' into 3.4 2016-11-15 11:35:38 +00:00
Daniel Hensby
c7778a1e9a
Merge branch '3.2' into 3.3 2016-11-15 11:19:27 +00:00
Daniel Hensby
06d0210233
Merge branch '3.1' into 3.2 2016-11-15 11:18:46 +00:00
Damian Mooyman
cc9d17063a
Add tests for FormField submission behaviour
Fix ReadonlyField casting with empty values
Restore Value() behaviour for TextareaField
2016-11-15 11:55:48 +13:00
Daniel Hensby
61e4055bdb
[SS-2016-010] FIX Cast FormField values as Text to prevent readonly fields embeding rogue HTML 2016-11-14 10:38:15 +00:00
Daniel Hensby
4c7ba731be
Merge branch 'open-sausages/pulls/3.4/fix-checkbox-datalist' into 3.4 2016-10-11 20:16:33 +01:00
Damian Mooyman
7368deca8f
BUG Fix issue with SS_List as datasource for dropdown field
BUG Fix validation issue with CheckboxSetField
Fixes #6166
2016-10-11 14:58:48 +13:00
Damian Mooyman
c6457c50e9
API Allow has_many fixtures to be declared with array format as well as many_many (#5944)
BUG Fix issue with parsing of extrafields in fixtures
BUG Fix issue in duplicate relation name, and ensure FixtureBlueprint fails on these
2016-09-12 14:01:08 +01:00
Daniel Hensby
f2ed59e185
FIX Empty dmyfields on DateField now validate as true 2016-09-01 11:55:17 +01:00
Damian Mooyman
b0ba2015d9 [ss-2016-015] Fix value / title escaping in CheckboxSetField and OptionsetField 2016-08-15 15:53:21 +12:00
Damian Mooyman
049cdefacf [ss-2016-015] Fix value / title escaping in CheckboxSetField and OptionsetField 2016-08-15 15:02:58 +12:00
Damian Mooyman
12a6b357e7 [ss-2016-015] Fix value / title escaping in CheckboxSetField and OptionsetField 2016-08-15 14:14:42 +12:00
Damian Mooyman
62a242154e [ss-2016-015] Fix value / title escaping in CheckboxSetField and OptionsetField 2016-08-15 13:24:06 +12:00
Loz Calver
44d7919496
Merge branch '3.3' into 3.4 2016-07-15 14:34:18 +01:00
Loz Calver
b3fea3723f
FIX: Fixes support for "inline" form actions (fixes #2534) 2016-07-15 10:11:47 +01:00
Damian Mooyman
bf00810e1f
BUG Fix buttonClicked() error
Fixes #3208
2016-06-08 12:26:11 +12:00
Damian Mooyman
303f695751 Merge 3.3 into 3
# Conflicts:
#	admin/javascript/LeftAndMain.EditForm.js
2016-05-18 17:29:30 +12:00
Shawn Lin
2a856300c0 Fix bug, export button cannot export value '0' 2016-05-16 16:49:10 +12:00
Daniel Hensby
8ebdedf330 Merge pull request #5488 from robbieaverill/bugfix/4835-array-to-string
Fix for array to string conversion in DropdownField
2016-05-13 13:54:04 +01:00
Robbie Averill
7d7800e5e7 Fix for array to string conversion in DropdownField
* Resolves #4835
* Add unit test to cover array values
* Add value assertion
2016-05-13 10:11:42 +12:00
Damian Mooyman
4f06a43986 Merge 3.3 into 3
# Conflicts:
#	admin/javascript/lang/src/cs.js
#	admin/javascript/lang/src/de.js
#	admin/javascript/lang/src/en.js
#	admin/javascript/lang/src/eo.js
#	admin/javascript/lang/src/es.js
#	admin/javascript/lang/src/fi.js
#	admin/javascript/lang/src/fr.js
#	admin/javascript/lang/src/id.js
#	admin/javascript/lang/src/id_ID.js
#	admin/javascript/lang/src/it.js
#	admin/javascript/lang/src/ja.js
#	admin/javascript/lang/src/lt.js
#	admin/javascript/lang/src/mi.js
#	admin/javascript/lang/src/nb.js
#	admin/javascript/lang/src/nl.js
#	admin/javascript/lang/src/pl.js
#	admin/javascript/lang/src/ro.js
#	admin/javascript/lang/src/ru.js
#	admin/javascript/lang/src/sk.js
#	admin/javascript/lang/src/sl.js
#	admin/javascript/lang/src/sr.js
#	admin/javascript/lang/src/sr@latin.js
#	admin/javascript/lang/src/sr_RS.js
#	admin/javascript/lang/src/sr_RS@latin.js
#	admin/javascript/lang/src/sv.js
#	admin/javascript/lang/src/zh.js
#	javascript/lang/fr.js
#	javascript/lang/src/ar.js
#	javascript/lang/src/cs.js
#	javascript/lang/src/de.js
#	javascript/lang/src/en.js
#	javascript/lang/src/eo.js
#	javascript/lang/src/es.js
#	javascript/lang/src/fi.js
#	javascript/lang/src/fr.js
#	javascript/lang/src/id.js
#	javascript/lang/src/id_ID.js
#	javascript/lang/src/it.js
#	javascript/lang/src/ja.js
#	javascript/lang/src/lt.js
#	javascript/lang/src/mi.js
#	javascript/lang/src/nb.js
#	javascript/lang/src/nl.js
#	javascript/lang/src/pl.js
#	javascript/lang/src/ru.js
#	javascript/lang/src/sk.js
#	javascript/lang/src/sl.js
#	javascript/lang/src/sr.js
#	javascript/lang/src/sr@latin.js
#	javascript/lang/src/sr_RS.js
#	javascript/lang/src/sr_RS@latin.js
#	javascript/lang/src/sv.js
#	javascript/lang/src/zh.js
#	lang/it.yml
2016-05-11 14:06:23 +12:00
Damian Mooyman
096f30ebe5 BUG Fix GridFieldAddExistingAutocompleter
This fix exchanges references to sub-components by ID with class references
Fixes #5382
2016-05-03 14:28:41 +12:00
Loz Calver
61a9b2a41a
FIX: GridFieldPaginator now prevents viewing pages with no results (fixes #3192) 2016-04-26 09:34:03 +01:00
Joris Debonnet
4c741125c5 fix #5195: allow empty values in Enum 2016-03-17 22:43:26 +01:00
Damian Mooyman
9fed5561f4 Merge remote-tracking branch 'origin/3.3' into 3
# Conflicts:
#	core/Constants.php
#	dev/DevelopmentAdmin.php
2016-02-24 17:39:04 +13:00
Damian Mooyman
013524af50 [ss-2016-002] Ensure Gridfield actions respect CSRF 2016-02-24 11:47:15 +13:00
Damian Mooyman
e2c77c5a8f [ss-2016-002] Ensure Gridfield actions respect CSRF 2016-02-24 11:33:53 +13:00
Damian Mooyman
56e92f5a32 [ss-2016-002] Ensure Gridfield actions respect CSRF 2016-02-18 17:28:54 +13:00
Damian Mooyman
8e4db95f72 Fix merge regressions 2016-01-19 17:08:40 +13:00
Damian Mooyman
8c1cafd1a0 Merge remote-tracking branch 'origin/3.3' into 3
# Conflicts:
#	admin/scss/_forms.scss
#	admin/scss/_style.scss
#	admin/scss/_tree.scss
#	javascript/TreeDropdownField.js
2016-01-19 17:08:26 +13:00