Commit Graph

348 Commits

Author SHA1 Message Date
Maxime Rainville
6ff319a0e1 BUG Implement peer review feedback, 2019-02-27 11:14:47 +13:00
Maxime Rainville
9a59f2f57d BUG Renable the ability to do dynamic assignment with DBField 2019-02-22 11:08:43 +13:00
Maxime Rainville
95505db7d6 [SS-2018-021] Fix potential SQL vulnerability in non-scalar value hyrdation 2019-02-12 21:08:09 +13:00
Robbie Averill
d116b9a8d2 Add test for shortcode parsing with querystring and anchor 2019-01-29 13:15:17 +02:00
Guy Marriott
6edcbe9086
Merge pull request #8592 from open-sausages/pulls/4.0/tree-multiselect-null
FIX TreeMultiselectField passes value 'unchanged' as null to ORM
2018-12-06 14:23:48 +13:00
Serge Latyntcev
4ee63eb4e7 TreeMultiselectFieldTest / make scrutinizer happy 2018-11-29 12:13:56 +13:00
Serge Latyntcev
38f8217f01 TreeMultiselectFieldTest / setUp is protected in PHPUnit5 2018-11-29 09:55:28 +13:00
Serge Latyntcev
f526c794fc Minor / Refactor php tests for TreeMultiselectField 2018-11-23 16:03:44 +13:00
Serge Latyntcev
9ce6d91b76 FIX / TreeMultiselectField::objectForKey handles list of IDs correctly 2018-11-22 12:11:18 +13:00
Serge Latyntcev
80885fc231 ADD php test TreeMultiselectField::testEmptyChoiceReadonly 2018-11-20 16:45:23 +13:00
Loz Calver
b5bae137bd FIX: Redirect loop with multiple confirmation tokens present (fixes #8607) 2018-11-15 10:59:42 +00:00
Werner M. Krauß
3f321f935a Convert::memstring2bytes should return integer value
bytes are by nature an integer

fixes #8572
2018-11-07 17:01:36 +01:00
Loz Calver
11fe5b3adf Implement ConfirmationTokenChain to handle multiple tokens at once 2018-11-07 11:33:24 +13:00
Loz Calver
8d7c2dafab [SS-2018-019] Add confirmation token to dev/build 2018-11-07 11:33:24 +13:00
Werner M. Krauß
adafd73943 Convert::memstring2bytes should preserve -1
fixes #8570
2018-11-06 10:22:13 +01:00
Daniel Hensby
4acec33562
FIX Fixed bug in config merging priorities so that config values set by extensions are now least important instead of most important 2018-07-12 00:55:39 +01:00
Robbie Averill
27e24a4728
Merge pull request #8142 from open-sausages/pulls/4.0/fix-injector-empty
BUG Safely handle empty injector factory responses
2018-06-11 15:20:24 +12:00
Damian Mooyman
546c6c3e22
Merge pull request #8125 from open-sausages/pulls/4/date-field-tweaks
Remove legacy logic from DateField_Disabled
2018-06-11 09:23:33 +12:00
Daniel Hensby
cfe93b7f23
Merge branch '3.6' into 4.0 2018-06-08 14:41:04 +01:00
Maxime Rainville
582c69d32f
BUG Fix issue with Disabled DateField always display (not set). 2018-06-08 13:51:22 +01:00
Damian Mooyman
e37e3e1746
BUG Fix test that relies on implicit ID order breaking postgres 2018-06-08 11:23:24 +12:00
Damian Mooyman
c070e989c4
BUG Safely handle empty injector factory responses
Fixes issue with ImageBackendFactory returning null and breaking injector
2018-06-06 16:45:16 +12:00
Robbie Averill
3a537bc745 Merge branch 'heads/4.0.4' into 4.0 2018-05-28 17:50:07 +12:00
Robbie Averill
e7e32d13a3
FIX Add namespace and encryptor to tests that expect blowfish to be available 2018-05-24 11:24:56 +12:00
Aaron Carlino
f847f186b1 [ss-2018-013] Remove password text from session data on failed submission 2018-05-14 17:14:38 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47 [SS-2018-010] Fix regression of SS-2017-002 2018-05-14 17:12:07 +12:00
Robbie Averill
1e6790bfb6
Merge pull request #62 from silverstripe-security/pulls/4.0/ss-2018-001
[ss-2018-001] Restrict non-admins from being assigned to admin groups
2018-05-14 17:11:03 +12:00
Damian Mooyman
e409d6f673 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-14 17:10:22 +12:00
Robbie Averill
39b62e5fbb
Merge pull request #61 from silverstripe-security/pulls/4.0/ss-2018-008
[ss-2018-008] Validate against malformed urls
2018-05-14 17:07:09 +12:00
Damian Mooyman
9053014a7e [ss-2018-008] Validate against malformed urls 2018-05-14 17:06:47 +12:00
Robbie Averill
6f50728b18
Merge pull request #59 from silverstripe-security/pulls/4.0/ss-2018-006
[ss-2018-006] Prevent code execution in template value resolution
2018-05-14 17:06:04 +12:00
Damian Mooyman
2e13ae746f [ss-2018-006] Prevent code execution in template value resolution 2018-05-14 17:05:31 +12:00
Damian Mooyman
d935140a95 [ss-2018-005] Prevent unauthenticated isDev / isTest being allowed 2018-05-14 17:03:39 +12:00
Daniel Hensby
80bf0fc487
FIX bad syntax 2018-05-02 11:43:12 +01:00
Daniel Hensby
d5e2d3fa67
Merge branch '3.6' into 4.0 2018-05-01 21:47:17 +01:00
UndefinedOffset
fe4b90edc0 FIX: Duplicating many_many relationships looses the extra fields in 4.0 2018-04-18 11:49:20 -03:00
Roman Schmid
40c2e299a0 Fix "mb_stripos(): Empty delimiter" warning when no search-keywords are given for DBText::ContextSummary.
Add unit-test to cover that case.
2018-03-01 11:39:30 +01:00
Aaron Carlino
0863bac29a Update getVariables to return a copy of globals rather than including the reference in an array merge 2018-02-27 09:52:36 +13:00
Damian Mooyman
0e26c06644
BUG Fix behaviour towards versioned but unstagable records 2018-02-20 12:20:18 +13:00
Daniel Hensby
e298fcc345
Merge branch '3.6' into 4.0 2018-02-09 14:32:58 +00:00
Chris Joe
95308e1af6
Merge pull request #7849 from open-sausages/pulls/4.0/fix-debug-string-class-cli
BUG Fix issue with CLIDebugView failing on class name of existing class
2018-02-09 15:41:18 +13:00
Daniel Hensby
d3278d5470 FIX Add Nested DB transaction support (#7848)
* TEST Prove nested transactions break

* Add nested transaction support
2018-02-09 10:28:32 +13:00
Damian Mooyman
0a486b8f57
BUG Fix issue with CLIDebugView failing on class name of existing class
Fixes #7827
2018-02-09 09:52:32 +13:00
Daniel Hensby
660dfd34a8
FIX Issue where default admin has no password encryption 2018-02-06 20:18:32 +00:00
Daniel Hensby
28ca11dd7e
FIX Regex range identifier correctly escaped 2018-02-05 15:17:20 +00:00
Damian Mooyman
288aaf083c
BUG Fix issue with DebugView failing on class name of existing class
Fixes #7827
2018-02-05 10:45:49 +13:00
Damian Mooyman
740c3326e9
BUG Fix critical issue with incorrectly saved session data 2018-02-02 15:08:52 +13:00
Robbie Averill
3d7ecc5240 FIX Allow cleanup marker regex to handle self closing HTML5 tags 2018-01-30 11:16:21 +13:00
Roman Schmid
6fafce766e Fixed Rfc3339 implementation of Date and Datetime 2018-01-24 16:58:12 +01:00