Commit Graph

12314 Commits

Author SHA1 Message Date
Hamish Friedlander
541436feb0 Merge branch 'origin/3.0' into 3.1 2013-07-24 12:09:44 +12:00
Sam Minnée
3c6ba1c322 Merge pull request #2257 from hafriedlander/fix/flush_30
FIX Nice errors and allows flush on module removal
2013-07-23 16:44:25 -07:00
Sean Harvey
23d1e8c76d Merge pull request #2260 from ARNHOE/3.1-fixedeastgermany
Fixed CountryDropDownField showing East Germany
2013-07-23 15:25:17 -07:00
Hamish Friedlander
a1ea905ca8 FIX Nice errors and allows flush on module removal 2013-07-24 09:57:01 +12:00
Arno Poot
aa6da4ee4e Fixed CountryDropDownField showing East Germany 2013-07-23 19:13:11 +02:00
Will Rossiter
ff1b0e3a08 Merge pull request #2256 from tractorcow/3.1-setratiosize-dbz-fix
BUG Fixed divide by zero with SetRatioSize on missing image file
2013-07-22 23:02:29 -07:00
Damian Mooyman
b3ca4a275b BUG Fixed divide by zero with SetRatioSize on missing image file
Fixes issue #2047
2013-07-23 11:24:48 +12:00
Sam Minnée
88d0cbea62 Merge pull request #2255 from hafriedlander/fix/flush_30
Split Core.php into Constants.php and Core.php and adjust main.php startup
2013-07-22 15:33:35 -07:00
Hamish Friedlander
84011aa736 FIX Only suppress fatal errors 2013-07-22 14:48:16 +12:00
Hamish Friedlander
604d9bf7dc Split Core.php into Constants.php and Core.php and adjust main.php startup
The recent flush filter fix had a problem that you couldnt set a custom
BASE_PATH in _ss_environment because that file didnt get included until
after checking the confirmation token. This patch pulls the part of Core.php
that defines BASE_PATH into a seperate file that can be included earlier
in the startup sequence so that ParameterConfirmationToken can access it.

Core.php includes Constants.php with a require_once call, so for startup
scripts that dont pull in Constants.php themselves (like cli-script.php)
no change is needed.
2013-07-22 13:52:00 +12:00
Will Rossiter
58a2eb0155 Versioned documentation typo (Thanks aragonne) 2013-07-19 18:14:53 +12:00
Hamish Friedlander
bed25a7a79 Merge branch 'origin/3.0' into 3.1 2013-07-19 15:51:54 +12:00
Sam Minnée
7bfc872a8e Merge pull request #2248 from hafriedlander/fix/flush_30
FIX: Have ParameterConfirmationToken work regardless of include path
2013-07-18 20:46:56 -07:00
Hamish Friedlander
a312cd08e1 FIX: Ignore invalid tokens instead of throwing 403 2013-07-19 14:47:05 +12:00
Hamish Friedlander
036c36a7dd FIX: Have ParameterConfirmationToken work regardless of include path 2013-07-19 14:33:56 +12:00
Hamish Friedlander
d38bd7d5cb Merge branch 'origin/3.0' into 3.1 2013-07-19 14:18:49 +12:00
Sam Minnée
7656a22329 Merge pull request #2243 from hafriedlander/fix/flush_30
FIX Prevent DOS by checking for env and admin on ?flush=1 (#1692)
2013-07-18 17:39:10 -07:00
Hamish Friedlander
1298d4a5bd FIX Prevent DOS by checking for env and admin on ?flush=1 (#1692) 2013-07-19 12:24:32 +12:00
Hamish Friedlander
b915c2364c Merge pull request #2244 from mateusz/lockout-errors
BUG First error should take precedence here. No further checks needed.
2013-07-18 14:38:23 -07:00
Mateusz Uzdowski
d4a6f7304e BUG First error should take precedence here. No further checks needed. 2013-07-19 08:54:52 +12:00
Ingo Schommer
9d764d6794 FIX Avoid infinite loops on ?isDev=1 and Deprecation class
If any of the functionality triggered by Director::isDev()
was causing deprecation errors, the system would go into
an infinite loop. Since the only way to cause this is the DB
checking functionality, we disable that for Deprecation.
Side effect of this change: You can't show deprecation notices
on a live site by forcing the session into dev mode.
2013-07-17 11:55:19 +02:00
Sam Minnée
2ca089532f Merge pull request #2219 from chillu/pulls/clickjacking
BUG Prevent clickjacking in CMS and Security controllers (fixes #2215)
2013-07-16 14:35:53 -07:00
Simon Welsh
d9b0d14ee9 Merge pull request #2229 from ss23/patch-6
FIX preg_replace_callback in emailer was broken
2013-07-14 21:55:07 -07:00
Stephen Shkardoon
999fd3901c FIX preg_replace_callback in emailer was broken
Fixes bug introduced by 9deb11f9a0
Email has no content
This is what happens when we make commits without testing!
2013-07-15 16:50:41 +12:00
Ingo Schommer
d1fec14bd1 Merge pull request #2226 from Brancom/3.1
Updated loop/if/with to be more consistent
2013-07-14 13:58:06 -07:00
Ingo Schommer
d4a1e6d294 BUG Prevent clickjacking in CMS and Security controllers (fixes #2215) 2013-07-14 22:44:09 +02:00
ARNHOE
2427d57fa5 Updated loop/if/with to be more consistent 2013-07-14 20:43:52 +12:00
Ingo Schommer
920edf88e7 Test allowedExtensions in UploadField, return correct HTTP status 2013-07-12 13:16:34 +02:00
Will Rossiter
d80b16597a Merge pull request #2224 from tractorcow/3.1-foreignkey-typo
Typo
2013-07-11 20:45:44 -07:00
Will Rossiter
65e9f05c36 Merge pull request #2220 from jthomerson/pulls/small_doc_fix_1
Small typo causing linking error
2013-07-11 20:42:36 -07:00
Damian Mooyman
7fbc752764 Typo 2013-07-12 15:07:43 +12:00
Sean Harvey
a5363aba6d Merge pull request #2214 from chillu/pulls/password-docs
Member.lock_out_delay_mins, password security docs
2013-07-11 15:04:15 -07:00
Jeremy Thomerson
71f8c1306f DOCFIX: small typo causing linking error 2013-07-11 13:40:34 +00:00
Ingo Schommer
bdbd61cb22 Merge remote-tracking branch 'origin/3.0' into 3.1 2013-07-11 15:14:07 +02:00
Ingo Schommer
c2c8498c64 BehatFixtureFactory 5.3.8 compat (wrong usage of is_a()) 2013-07-11 15:13:37 +02:00
Ingo Schommer
b58e2dbe3a Member.lock_out_delay_mins configurable, password security docs 2013-07-11 09:47:28 +02:00
Ingo Schommer
84bc3ed024 Merge pull request #2202 from tractorcow/3.1-aggregate-deprecation
API Deprecate Aggregate and DataObject::getComponentsQuery
2013-07-11 00:25:26 -07:00
Ingo Schommer
ed69a2bf82 Merge pull request #2212 from dhensby/patch-3
Adding test to prove issue with HTTP Header parsing in RestfulService
2013-07-10 08:32:04 -07:00
Daniel Hensby
ddd6a15b4a FIX RestfulService header parsing now accepts non-title case headers 2013-07-10 13:00:40 +01:00
Daniel Hensby
378d829e8f Adding test to prove issue with HTTP Header parsing in RestfulService
I have a header like:
X-BB-Auth: xxxx

and it is being given back to me as X-Bb-Auth - i want to prove the issue and the fix
2013-07-10 12:47:13 +01:00
Ingo Schommer
c3f62de0eb Merge pull request #2208 from hafriedlander/fix/sanitise
Add some docs about admin-side HTML sanitisation
2013-07-10 01:33:52 -07:00
Hamish Friedlander
7b7982969b Add some docs about admin-side HTML sanitisation 2013-07-10 16:44:51 +12:00
Simon Welsh
e5ed8f1ef2 Merge branch '3.0' into 3.1 2013-07-10 12:31:38 +12:00
Hamish Friedlander
ca2b81c6c2 Merge pull request #2207 from camspiers/config-caching-fix
FIX ConfigManifest regenerating every request if variantKeySpec is an empty array()
2013-07-09 17:30:33 -07:00
Simon Welsh
b506eb1b29 Use httpError() instead of non-existent HTTPResponse_Exception class 2013-07-10 12:30:27 +12:00
Cam Spiers
b44641336b FIX ConfigManifest regenerating every request if variantKeySpec is an empty array() 2013-07-10 11:53:44 +12:00
Jeremy Thomerson
dbb2efcbb3 FIX: wrong class name being returned
This resulted in an error since the returned class name did not exist.
Note that this only happened when someone subclassed GridFieldDetailForm
and did not subclass GridFieldDetailForm_ItemRequest.
2013-07-09 20:59:56 +00:00
Ingo Schommer
e6011f3aae Rewritten "extend cms" docs (#1671)
Hopefully this commit can be reverted once we fix the
layout manager to work with all four directions (north, south, east, west).
A "bookmark bar" makes more sense as an example than having the links
in the menu, and it allows us to illustrate the CMS layout techniques.
2013-07-09 22:15:43 +02:00
Mateusz Uzdowski
b24a0a567e BUG Remove extraneous </div> breaking IE8 image embedding (os#8218)
Editor was not able to add images to TinyMCE - both newly uploaded and
old ones from the local assets.
2013-07-09 21:49:23 +02:00
Daniel Hensby
e225cffcf8 FIX Empty Datefield with defined min or max has non-object error thrown
When submitting a Datefield with no value but with a min / max config date, the validate() function attempts to access a function on $this->valueObj (which is a non-object)
2013-07-08 16:07:21 +01:00