tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
23,157 Commits 31 Branches 527 Tags
Commit Graph

2239 Commits

Author SHA1 Message Date
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes 
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
 2020-02-17 09:58:29 +13:00
Guy Marriott
c31de772ab
Merge pull request #8838 from creative-commoners/pulls/4/slash-means-root 
Use '/' as an alternative designation for root in routing
 2020-02-14 11:29:32 -08:00
Garion Herman
29943f9049
API TestSession request methods now use the correct HTTP method (#8987) 
* API TestSession request methods now use the correct HTTP method

* DOCS Update requests section in Functional Testing to reflect API change
 2020-02-14 16:01:06 +13:00
Garion Herman
9d1d59d8d1 NEW Accept / as designation for root URL controller 2020-02-14 14:41:10 +13:00
Steve Boyd
8c7e10bd55 Merge branch '4.5' into 4 2020-02-11 16:45:35 +13:00
Steve Boyd
9d5c3ef20e Merge branch '4.4' into 4.5 2020-02-11 16:45:15 +13:00
Mojmir Fendek
285e6caafa PR fixes 2020-02-11 10:43:01 +13:00
Mojmir Fendek
448147c2f1 PR fixes 2020-02-10 09:17:34 +13:00
Mojmir Fendek
660f80d284 PR fixes 2020-02-07 13:49:19 +13:00
mnuguid
ca36a47bb1 FIX Update ORM DBField types to use Injector in scaffoldFormField() 
- This is usable in cases where a DBField is needed to be overloaded through the Injector.
 2020-02-04 21:43:47 +13:00
Mojmir Fendek
99786dda22 ORM Column now supports related table lookup 2020-01-28 15:46:30 +13:00
Mojmir Fendek
9c38c5f625 CMS action related extension points (#9340) 
* CMS action related extension points

* Refactor to use fewer extension points

* Remove explicit return type

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
 2020-01-27 15:09:15 +13:00
Maxime Rainville
6ff0f3f466 BUG The "Link existing" should be disabled rather than readonly. 2020-01-24 14:47:12 +13:00
Robbie Averill
4121099484 Merge branch '4.5' into 4 2020-01-16 20:00:02 -08:00
Robbie Averill
53fcd47dfc Merge branch '4.4' into 4.5 2020-01-16 19:59:42 -08:00
Robbie Averill
26e3b6f4e3 Merge branch '4.3' into 4.4 2020-01-16 19:59:24 -08:00
Mojmir Fendek
acbbf80d14 CMS action related extension points (#9340) 
* CMS action related extension points

* Refactor to use fewer extension points

* Remove explicit return type

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
 2020-01-15 14:24:49 +13:00
Robbie Averill
38d7bd700d
Merge pull request #9373 from manja/4.5 
Fixed issue with merging existing entities in text collector
 2020-01-14 09:27:35 -08:00
Martin D
ec6a353543 array_key_exists() on objects is deprecated 
Ref: https://wiki.php.net/rfc/deprecations_php_7_4#array_key_exists_with_objects
 2020-01-14 09:22:49 -08:00
Nemanja Karadzic
18f0829053 Fixed issue with merging existing entities in text collector 2020-01-14 14:20:40 +01:00
Garion Herman
af90d17e19
Merge pull request #9359 from open-sausages/pulls/4.4/dbhtmlvarchar-scafolding 
BUG Remove bad default when scaffolding form field for DBHTMLVarchar
 2020-01-07 09:33:25 +13:00
Maxime Rainville
31a8c16c43
Remove default row size 2020-01-07 09:13:03 +13:00
Loz Calver
a42249b6fc Minor performance improvement in DatabaseAdapterRegistry::autoconfigure() 2019-12-19 14:39:46 +00:00
Serge Latyntcev
eaf6bca706 Merge branch '4.5' into 4 2019-12-19 11:26:38 +13:00
Maxime Rainville
8d69cf9f75 BUG Remove bad default when scaffolding form field for DBHTMLVarchar 2019-12-18 17:32:02 +13:00
Andre Kiste
6650d81324 BUG Fix extra blank Group being created when creating a new Group (#9325) 
* Fix extra blank Group being created when creating a new Group

* Update tests to reflect expected behavior

* Improved tests
 2019-11-27 09:32:33 +13:00
shoosah
2724d93111 Allow to add error message into a specific field 2019-11-22 11:03:27 +13:00
Loz Calver
453945da14 FIX: Session::restart() didn't correctly restart session (fixes #9259) 2019-11-20 14:21:30 +00:00
Serge Latyntcev
f67e15b8ee Merge branch '4.5' into 4 2019-11-20 11:12:49 +13:00
Serge Latyntcev
91e4aa90f1 Merge branch '4.4' into 4.5 2019-11-20 11:09:23 +13:00
Serge Latyntcev
8219491705 Merge branch '4.3' into 4.4 2019-11-20 11:08:35 +13:00
Robbie Averill
77ccadd663
Merge pull request #9300 from LABCAT/patch-1 
Improvement to docs for send_file function
 2019-11-14 09:08:16 -08:00
Serge Latyntcev
559f660e0e Merge branch '4.4' into 4 2019-11-13 15:40:34 +13:00
Mojmir Fendek
e2bea6b41f API Add withConfig method (#9011) 
* With config functionality added.
* Update docs/en/02_Developer_Guides/04_Configuration/00_Configuration.md
 2019-10-31 16:12:04 +13:00
Michal Kleiner
4f614423ad Ensure Requirements_Backend respects explicit false for async/defer 2019-10-30 09:59:57 +13:00
Damian Mooyman
e76601e5c8
BUG FormAction title property cannot be set if useButtonTag is false 2019-10-29 17:21:45 +13:00
LABCAT
501d9a1480
Update HTTPRequest.php 2019-10-23 22:52:53 +13:00
LABCAT
630c6c0514
Update src/Control/HTTPRequest.php 
Co-Authored-By: Robbie Averill <robbie@averill.co.nz>
 2019-10-23 21:05:22 +13:00
Garion Herman
17f4cc6e30
Merge pull request #9281 from creative-commoners/pulls/4/textfield-tip-ui 
NEW: Add support for Tip UI in TextField
 2019-10-23 16:50:43 +13:00
Garion Herman
bed3f2b3c6 NEW Add type declarations to Tip API, add TippableFieldInterface 2019-10-23 10:46:22 +13:00
Garion Herman
195417b061 NEW Extract Tip from TextField, add test coverage 2019-10-22 17:04:58 +13:00
LABCAT
d3a17958ef
Update src/Control/HTTPRequest.php 
Co-Authored-By: Robbie Averill <robbie@averill.co.nz>
 2019-10-22 16:17:04 +13:00
LABCAT
67c944c962
Improvement to docs for send_file function 2019-10-22 15:18:03 +13:00
Serge Latyntsev
bd2ccf70fa
Merge pull request #9282 from open-sausages/pulls/4/docs/clarify-basic-auth 
DOCS Clarify BasicAuth limitations
 2019-10-22 14:01:51 +13:00
Maxime Rainville
e59625fe5a
NEW Add ability to define image size preset for the TinyMCE editor. (#9276) 
* NEW Add ability to define image size preset for the TinyMCE editor.
* DOC Explain how to define image size pre-sets
 2019-10-22 11:50:28 +13:00
Serge Latyntcev
33a28394d6 Merge branch '4.4' into 4 2019-10-18 15:59:28 +13:00
Serge Latyntcev
0cf5d4cbe2 Merge branch '4.3' into 4.4 2019-10-18 15:58:13 +13:00
Serge Latyntcev
46b9530d88 PSR2 linting fixes 2019-10-18 15:31:39 +13:00
Serge Latyntcev
7873efde9c Merge branch '4.4' into 4 2019-10-18 10:58:19 +13:00
Serge Latyntcev
dcbe6d0310 Merge branch '4.3' into 4.4 2019-10-18 10:57:35 +13:00