Damian Mooyman
56e92f5a32
[ss-2016-002] Ensure Gridfield actions respect CSRF
2016-02-18 17:28:54 +13:00
Damian Mooyman
7c448bb4a2
Merge remote-tracking branch 'origin/3.2' into 3.3
...
# Conflicts:
# tests/model/DataObjectLazyLoadingTest.php
# tests/model/VersionedTest.yml
2016-01-25 14:11:37 +13:00
Damian Mooyman
bf8bf5e4d5
BUG Prevent Versioned::doRollbackTo from creating incorrect versions on subclasses of Versioned DataObjects
...
Document correct configuration of Versioned DataObjects
Fixes #4936
2016-01-22 15:35:58 +13:00
Damian Mooyman
df76d783fe
BUG Fix VersionedTest sometimes failing given certain querystring arguments
2016-01-20 14:49:46 +13:00
Damian Mooyman
5d240feaec
Merge remote-tracking branch 'origin/3.2' into 3.3
2016-01-19 15:08:24 +13:00
Damian Mooyman
46cbe809ac
Merge remote-tracking branch 'origin/3.1' into 3.2
...
# Conflicts:
# docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
# docs/en/02_Developer_Guides/14_Files/01_Image.md
# docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md
# docs/en/03_Upgrading/index.md
# docs/en/05_Contributing/01_Code.md
# forms/TreeMultiselectField.php
# security/Permission.php
2016-01-19 14:00:19 +13:00
Daniel Hensby
4335d8ed22
FIX Members with no ID inherit logged in user permission
2016-01-05 08:16:18 +00:00
Damian Mooyman
fce82519bd
BUG Workaround for issues in testing version
2015-12-22 17:47:53 +13:00
Damian Mooyman
19b10044ec
Merge remote-tracking branch 'origin/3.2' into 3
2015-12-22 17:05:07 +13:00
Damian Mooyman
66b3a6a2c5
Merge pull request #4840 from mateusz/guard
...
BUG Guard against users being added to all groups on unsaved Group.
2015-12-22 16:29:09 +13:00
Damian Mooyman
48a30909f3
Merge remote-tracking branch 'origin/3.2' into 3
...
# Conflicts:
# admin/javascript/LeftAndMain.BatchActions.js
# css/UploadField.css
# forms/HtmlEditorField.php
2015-12-22 14:07:52 +13:00
Loz Calver
d265c9b733
FIX: Allow omitting a value for OptionsetField submissions ( fixes #4824 )
2015-12-14 16:50:22 +00:00
Loz Calver
9467ab9a7e
NEW: Implement unshift() in field list classes ( closes #4834 )
2015-12-14 16:18:57 +00:00
Mateusz Uzdowski
5a21b2fb15
BUG Guard against users being added to all groups on unsaved Group.
...
If ->Members()->add() is called on an unsaved group (with ID 0), the
collateFamilyIDs() will errorneously return all root Groups thinking
it's looking for Groups with ParentID=0. As a result, the Member will be
added to all root groups, instead of just the selected group and all its
children.
2015-12-11 14:51:51 +13:00
Ingo Schommer
0175167761
Merge pull request #4830 from open-sausages/pulls/3/fix-querystring-stage
...
API Disable unauthenticated get parameter access to site stage mode
2015-12-10 10:44:43 +13:00
Damian Mooyman
fa0160a874
BUG Fix regression in canViewStage
2015-12-09 14:53:21 +13:00
Hamish Friedlander
1eda9151a4
Merge pull request #4831 from open-sausages/pulls/3/fix-versioned-canview
...
API Create default security permission model for versioned data objects
2015-12-09 14:17:27 +13:00
Damian Mooyman
6089a7c5bd
API Create default security permission model for versioned data objects
2015-12-09 11:33:53 +13:00
Marcus Nyeholt
fc5e584201
Format for SS3 using tabs instead of spaces
2015-12-08 15:19:24 +11:00
Damian Mooyman
38e154af0a
API Disable get parameter access to site stage mode
...
BUG Fix missing and undocumented response from Security::permissionFailure()
2015-12-07 17:39:18 +13:00
Marcus Nyeholt
f7c270a3ba
NEW Use Config for determining Vary header
...
Existing implementation hardcodes the Vary header; swap to using Config layer
instead
Added test for changing the variable from config
2015-12-02 10:28:24 +11:00
Christopher Darling
e9b833f5f0
FIX: ConfirmedPassword field correctly reports mismatching passwords
...
added testFormValidation to prove #4780
2015-11-20 15:56:27 +00:00
Loz Calver
68d99be24b
FIX: Hidden errors for composite fields nested inside FieldGroups ( fixes #4773 )
2015-11-17 16:34:17 +00:00
Damian Mooyman
fd6ae72e1d
Merge remote-tracking branch 'origin/3.2.1' into 3.2
2015-11-16 16:39:15 +13:00
Hamish Friedlander
b61d6dcd57
[ss-2015-027]: FIX HtmlEditorField_Toolbar#viewfile not whitelisting URLs
2015-11-13 15:20:09 +13:00
Damian Mooyman
fea1158d19
BUG Fix print button only displaying first page
2015-11-12 14:59:08 +13:00
Damian Mooyman
245e0aae2f
[ss-2015-026]: BUG Fix FormField error messages not being encoded safely
2015-11-11 17:50:02 +13:00
Ingo Schommer
ac4342d81d
[ss-2015-022]: XML escape RSSFeed $link parameter
2015-11-11 17:46:39 +13:00
Damian Mooyman
97f21fddb3
[ss-2015-021] Fix rewrite hash links XSS
2015-11-11 17:46:27 +13:00
Damian Mooyman
bc1b2893ac
[ss-2015-026]: BUG Fix FormField error messages not being encoded safely
2015-11-11 16:56:19 +13:00
Ingo Schommer
4f55b6a115
[ss-2015-022]: XML escape RSSFeed $link parameter
2015-11-11 16:54:04 +13:00
Damian Mooyman
132e9b3e2f
[ss-2015-021] Fix rewrite hash links XSS
2015-11-11 16:52:53 +13:00
Damian Mooyman
0272e443f4
BUG Prevent dev/build continually regenerating Number field type
2015-11-11 09:21:50 +13:00
Daniel Hensby
d380252488
Merge pull request #4760 from tractorcow/pulls/3.2/fix-empty-filter
...
BUG Correct behaviour for empty filter array (as per 3.1)
2015-11-10 01:48:47 +00:00
muskie9
603caccb90
ENHANCEMENT CurrencyField to use Currency.currency_symbol
...
fixes #4035
I have limited experience with regex, so I hope I did it correctly. I was able to save/save & publish with the curent regex and the values look good.
2015-11-09 19:38:51 -06:00
Damian Mooyman
732e705bbf
BUG Correct behaviour for empty filter array (as per 3.1)
2015-11-10 14:24:45 +13:00
Will Morgan
6d85d618b6
Merge pull request #4751 from dhensby/pulls/plural-fix
...
Fixing issue where words ending ay/ey/iy/oy/uy are not pluralised correctly
2015-11-06 16:55:25 +00:00
Daniel Hensby
dad3784621
Fixing issue where words ending ay/ey/iy/oy/uy are not pluralised correctly
2015-11-06 16:23:45 +00:00
Garion Herman
6a1a3bf182
Corrected TotalItems() method to use Count(). Added test coverage. ( fixes #4646 )
2015-11-04 00:20:45 +13:00
Damian Mooyman
c4dc10b255
Merge remote-tracking branch 'origin/3.2' into 3
...
Conflicts:
forms/DropdownField.php
tests/model/ImageTest.php
2015-11-03 13:06:39 +13:00
Damian Mooyman
2813f94124
BUG Ensure that filters on any fixed field are scoped to the base data table
...
Fixes #4700
2015-10-30 16:26:14 +13:00
Damian Mooyman
db16248b9a
BUG Fix broken InlineFormAction
2015-10-29 10:48:49 +13:00
Daniel Hensby
1974e79d71
Allow multi-line enum declarations
2015-10-15 16:23:19 +01:00
Patrick Nelson
f192a6ecaf
FIX #4392 : Ensure headers are checked first before being clobbered by globally maintained state. Also ensuring tests utilize separate responses for isolation.
2015-10-09 13:50:33 -04:00
Daniel Hensby
95ae107c4c
Merge pull request #4486 from uniun/patch-2
...
BUGFIX. FulltextFilter requires table identifiers in match query
2015-10-07 10:28:15 +01:00
Elvinas L.
630062c0e0
Removed whitespaces
2015-10-07 09:33:02 +03:00
Elvinas L.
19c754bf9a
Fixed tests
2015-10-06 18:59:39 +03:00
Damian Mooyman
df805af67b
BUG Imagick tests compare image dimensions rather than image hashes
2015-10-06 16:35:44 +13:00
Damian Mooyman
b8335793d6
Merge pull request #4620 from kinglozzer/pulls/manymanyextrafields-compat
...
FIX: GridFieldDetailForm failing to save many_many relations
2015-10-06 11:49:56 +13:00
Loz Calver
1aa1d65932
Merge pull request #4610 from tractorcow/pulls/3/suppress-custom-theme
...
Minor: Suppress custom themes in Formtest
2015-09-24 16:17:11 +01:00