tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
11,836 Commits 31 Branches 527 Tags 162 MiB
78ce99be09
Commit Graph

11836 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stephen Shkardoon
999fd3901c FIX preg_replace_callback in emailer was broken 
Fixes bug introduced by 9deb11f9a0
Email has no content
This is what happens when we make commits without testing!
 2013-07-15 16:50:41 +12:00
Ingo Schommer
d1fec14bd1 Merge pull request #2226 from Brancom/3.1 
Updated loop/if/with to be more consistent
 2013-07-14 13:58:06 -07:00
Ingo Schommer
d4a1e6d294 BUG Prevent clickjacking in CMS and Security controllers (fixes #2215) 2013-07-14 22:44:09 +02:00
ARNHOE
2427d57fa5 Updated loop/if/with to be more consistent 2013-07-14 20:43:52 +12:00
Ingo Schommer
920edf88e7 Test allowedExtensions in UploadField, return correct HTTP status 2013-07-12 13:16:34 +02:00
Will Rossiter
d80b16597a Merge pull request #2224 from tractorcow/3.1-foreignkey-typo 
Typo
 2013-07-11 20:45:44 -07:00
Will Rossiter
65e9f05c36 Merge pull request #2220 from jthomerson/pulls/small_doc_fix_1 
Small typo causing linking error
 2013-07-11 20:42:36 -07:00
Damian Mooyman
7fbc752764 Typo 2013-07-12 15:07:43 +12:00
Sean Harvey
a5363aba6d Merge pull request #2214 from chillu/pulls/password-docs 
Member.lock_out_delay_mins, password security docs
 2013-07-11 15:04:15 -07:00
Jeremy Thomerson
71f8c1306f DOCFIX: small typo causing linking error 2013-07-11 13:40:34 +00:00
Ingo Schommer
bdbd61cb22 Merge remote-tracking branch 'origin/3.0' into 3.1 2013-07-11 15:14:07 +02:00
Ingo Schommer
c2c8498c64 BehatFixtureFactory 5.3.8 compat (wrong usage of is_a()) 2013-07-11 15:13:37 +02:00
Ingo Schommer
b58e2dbe3a Member.lock_out_delay_mins configurable, password security docs 2013-07-11 09:47:28 +02:00
Ingo Schommer
84bc3ed024 Merge pull request #2202 from tractorcow/3.1-aggregate-deprecation 
API Deprecate Aggregate and DataObject::getComponentsQuery
 2013-07-11 00:25:26 -07:00
Ingo Schommer
ed69a2bf82 Merge pull request #2212 from dhensby/patch-3 
Adding test to prove issue with HTTP Header parsing in RestfulService
 2013-07-10 08:32:04 -07:00
Daniel Hensby
ddd6a15b4a FIX RestfulService header parsing now accepts non-title case headers 2013-07-10 13:00:40 +01:00
Daniel Hensby
378d829e8f Adding test to prove issue with HTTP Header parsing in RestfulService 
I have a header like:
X-BB-Auth: xxxx

and it is being given back to me as X-Bb-Auth - i want to prove the issue and the fix
 2013-07-10 12:47:13 +01:00
Ingo Schommer
c3f62de0eb Merge pull request #2208 from hafriedlander/fix/sanitise 
Add some docs about admin-side HTML sanitisation
 2013-07-10 01:33:52 -07:00
Hamish Friedlander
7b7982969b Add some docs about admin-side HTML sanitisation 2013-07-10 16:44:51 +12:00
Simon Welsh
e5ed8f1ef2 Merge branch '3.0' into 3.1 2013-07-10 12:31:38 +12:00
Hamish Friedlander
ca2b81c6c2 Merge pull request #2207 from camspiers/config-caching-fix 
FIX ConfigManifest regenerating every request if variantKeySpec is an empty array()
 2013-07-09 17:30:33 -07:00
Simon Welsh
b506eb1b29 Use httpError() instead of non-existent HTTPResponse_Exception class 2013-07-10 12:30:27 +12:00
Cam Spiers
b44641336b FIX ConfigManifest regenerating every request if variantKeySpec is an empty array() 2013-07-10 11:53:44 +12:00
Ingo Schommer
e6011f3aae Rewritten "extend cms" docs (#1671) 
Hopefully this commit can be reverted once we fix the
layout manager to work with all four directions (north, south, east, west).
A "bookmark bar" makes more sense as an example than having the links
in the menu, and it allows us to illustrate the CMS layout techniques.
 2013-07-09 22:15:43 +02:00
Mateusz Uzdowski
b24a0a567e BUG Remove extraneous </div> breaking IE8 image embedding (os#8218) 
Editor was not able to add images to TinyMCE - both newly uploaded and
old ones from the local assets.
 2013-07-09 21:49:23 +02:00
Ingo Schommer
3bfb82d25f Merge pull request #2203 from camspiers/config-memory 
Improve memory performance when generating config static and class caches
 2013-07-08 06:35:31 -07:00
Cam Spiers
2d30592f72 Improve memory performance when generating config static and class caches 2013-07-08 21:24:14 +12:00
Damian Mooyman
0e443bafa0 Deprecate Aggregate and DataObject::getComponentsQuery 2013-07-08 15:27:13 +12:00
Hamish Friedlander
10b55170ea Merge pull request #2139 from jthomerson/pulls/template_includes_with_scope 
FEATURE: <% include %> inherits scope of parent template
 2013-07-07 14:01:40 -07:00
Jeremy Thomerson
f6ff39369f FEATURE: <% include %> inherits iterator scope of parent template 2013-07-07 12:39:42 +00:00
Sam Minnée
596934b107 Merge pull request #2133 from jthomerson/pulls/fix_testcase_comments_setting 
MINOR: fix Email class modifying SSViewer.source_file_comments config val
 2013-07-06 20:32:44 -07:00
Sam Minnée
0173707cd1 Merge pull request #2164 from tractorcow/3.1-datetimefield-fixes 
BUG Fixed DateTimeField where time value was being parsed incorrectly.
 2013-07-06 19:03:33 -07:00
Sam Minnée
ecf8f273c0 Merge pull request #2201 from hafriedlander/fix/session 
Fixes to session, primarily around cookie_secure
 2013-07-06 18:59:07 -07:00
Sam Minnée
aee786b221 Merge pull request #2169 from camspiers/yml-parse-modulename 
Allow module directories to be named with more valid characters ensuring that module names in fragment meta-data are correct
 2013-07-06 16:11:31 -07:00
Hamish Friedlander
d629d9422f FIX Session::$cookie_secure so Sessions still work via HTTP 
Session::$cookie_secure adds the secure property to the session Set-Cookie
command, so that the browser wouldnt send it to the server over an unencrypted
link. However the server would still send the cookie to the browser
unencrypted. Also Sessions would stop working properly in HTTP,
but SilverStripe needs them for several things, such as form validation

This patch effectively causes HTTP and HTTPS requests to each have
their own session when cookie_secure is true. The two sessions are
independant from each other, so information set in the session via
HTTPS is safe from attacks on the session via HTTP, but parts
of the site that use HTTP and the session will still work
 2013-07-07 09:12:10 +12:00
Hamish Friedlander
2886f6ee14 FIX Session was started every time, even if no data set 
Session tracks the user agent in the session, to add some detection of
stolen session IDs. However this was causing a session to always be
created, even if this request didnt store any data in the session.
 2013-07-07 09:12:10 +12:00
Sam Minnée
be311f72a5 Merge pull request #2191 from kinglozzer/uploadfield-disable-on-edit 
FIX: UploadField action buttons aren't disabled when editing an item
 2013-07-05 23:04:49 -07:00
Sam Minnée
da936dd45e Merge pull request #2200 from hafriedlander/fix/varies 
FIX Director::forceSSL and forceWWW not setting Vary header
 2013-07-05 22:59:04 -07:00
Hamish Friedlander
c6b4d993cc FIX Director::forceSSL and forceWWW not setting Vary header 
If you have a Varnish box in front of a SilverStripe install, and
you call forceSSL, the Vary header wouldnt get sent. As a result
Varnish would respond with the same redirect reponse after the
redirect, leading to an infinite loop
 2013-07-06 15:24:01 +12:00
Cam Spiers
0aeb2293bb Allow module directories to be named with more valid characters ensuring that module names in fragment meta-data are correct. 
Unit tests for ConfigManifest reference path parsing
 2013-07-06 14:16:59 +12:00
Loz Calver
041f5f51a5 FIX: UploadField action buttons aren't disabled when editing an item 
Toggle disabled classes/attributes based on form visibility instead of .toggle()

Use jQuery.attr() simply because it looks nicer
 2013-07-05 09:39:09 +01:00
Simon Welsh
ff45f7ce4d DataListTest should not rely on order of values when not explictly sorting 2013-07-05 11:45:34 +12:00
Ingo Schommer
573ec9d58b Merge pull request #2198 from simonwelsh/pgtest 
Quote table/column names when falling back to $fullName
 2013-07-04 15:50:01 -07:00
Simon Welsh
5dc5e0b4c5 Quote table/column names when falling back to $fullName 2013-07-05 10:41:18 +12:00
Ingo Schommer
c3e9e44204 Merge pull request #2197 from hafriedlander/fix/dbapichange 
FIX Recent patch to DataObject#db changed API which broke core
 2013-07-04 15:20:52 -07:00
Simon Welsh
d844c74e3c Merge branch '3.0' into 3.1 
Conflicts:
	.travis.yml
	control/HTTP.php
	email/Mailer.php
	tests/control/HTTPTest.php
 2013-07-05 10:17:14 +12:00
Hamish Friedlander
ca63e33c19 FIX Recent patch to DataObject#db changed API which broke core 2013-07-05 10:11:35 +12:00
Mateusz U
3ac22ed638 Merge pull request #2182 from hafriedlander/fix/sanitise 
FIX HtmlEditorField not re-checking sanitisation server side
 2013-07-04 14:56:37 -07:00
Sam Minnée
7f461ddd75 Merge pull request #2192 from dangerdan/patch-1 
Fixed broken github issue tracker link
 2013-07-04 14:55:08 -07:00
Simon Welsh
fb457e47eb Removes PHP 5.5 from allowed failures 2013-07-05 09:45:30 +12:00