Commit Graph

3021 Commits

Author SHA1 Message Date
Damian Mooyman
d6a93f5215
Merge remote-tracking branch 'silverstripe-security/3.5' into 3.6
# Conflicts:
#	security/Member.php
2017-12-06 17:26:45 +13:00
Damian Mooyman
91cf85087b
Merge remote-tracking branch 'origin/3.5' into 3.6 2017-12-06 17:21:09 +13:00
Damian Mooyman
dd4c5417e7
Merge pull request #49 from silverstripe-security/pulls/3.5/ss-2017-007
[ss-2017-007] Ensure xls formulae are safely sanitised on output (3.5)
2017-12-06 16:25:58 +13:00
Damian Mooyman
44de03da01
Merge pull request #53 from silverstripe-security/pulls/3.5/ss-2017-006
[ss-2017-006] Fix user agent invalidation on session startup (3.5 branch)
2017-12-06 16:25:39 +13:00
Damian Mooyman
3e2bcaa0b4
Merge pull request #54 from silverstripe-security/pulls/3.5/ss-2017-009
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt (3.5 branch)
2017-12-06 16:25:19 +13:00
Daniel Hensby
2aa1d8f2c4
remove create_function usage 2017-12-05 14:20:13 +00:00
Damian Mooyman
25e276cf37 [ss-2017-006] Fix user agent invalidation on session startup 2017-12-01 10:55:00 +13:00
Damian Mooyman
22ccf3e2f9
[ss-2017-007] Ensure xls formulae are safely sanitised on output
CSVParser now strips leading tabs on cells
2017-12-01 10:19:48 +13:00
Damian Mooyman
6ba00e829a
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt 2017-11-30 15:53:50 +13:00
Damian Mooyman
bac5f4c8aa
Merge branch '3.5' into pulls/3.5/update-pwd-encryption-on-change 2017-11-27 14:42:32 +13:00
Daniel Hensby
badeb0cc8c
Merge branch '3.5' into 3.6 2017-11-25 16:17:36 +00:00
Daniel Hensby
09a003bc13
Fix deprecated usage of getMock in unit tests 2017-11-24 14:48:30 +00:00
Daniel Hensby
2ad3cc07d5
FIX Update meber passwordencryption to default on password change 2017-11-23 21:17:31 +00:00
Loz Calver
13b02feed7
Merge pull request #7602 from dhensby/pulls/3.5/fix-filter-any-inner-join
FIX ManyMany link table joined with LEFT JOIN
2017-11-16 13:48:07 +00:00
Daniel Hensby
4f3deb13e0
TEST filterAny on many_many relations return correct items 2017-11-16 11:10:12 +00:00
Daniel Hensby
3d3096485b
TEST Uppercase file extensions return correct mime type 2017-11-16 11:01:25 +00:00
Daniel Hensby
4731d3c671
Merge branch '3.5' into 3.6 2017-11-14 12:00:53 +00:00
Andrew Aitken-Fincham
c4a50a3d10 Spelling in DataQueryTest 2017-10-20 12:00:35 +01:00
Robbie Averill
2f579b64cb FIX Files without extensions (folders) do not have a trailing period added 2017-10-18 09:25:27 +13:00
Daniel Hensby
bd7abc73de
Merge branch '3.5.5' into 3.6.2 2017-09-20 16:26:30 +01:00
Daniel Hensby
091d99f599
FIX Authenticators are more resilient to incomplete configuration 2017-09-12 15:57:03 +01:00
Daniel Hensby
921f615e19
Merge branch '3.5' into 3.6 2017-08-17 14:14:31 +01:00
Daniel Hensby
1ae07ac2a3
TEST Prove LastEdited is updated when no changes are made 2017-08-16 22:26:47 +01:00
Daniel Hensby
90be7e806d
Merge branch '3.5' into 3.6 2017-07-19 15:40:01 +01:00
Daniel Hensby
7b6aad8a65 Revert "TreeDropDown performance boost." 2017-07-19 12:44:43 +01:00
Daniel Hensby
7e732da709
Merge branch '3.5' into 3.6 2017-07-18 12:00:04 +01:00
Loz Calver
960a0f8343
Fix: Make File::ini2bytes() compliant with binary prefixes (fixes #7145) 2017-07-10 09:41:36 +01:00
Roman Schmid
a6db16b229 Fix OS X issue with Convert::html2raw, HTMLText::FirstSentence, HTMLText::Summary and Text::FirstSentence.
Use unicode modifier for regular expressions that deal with whitespace.
Added unit-tests to ensure no invalud utf-8 gets generated by these methods.
2017-07-10 09:49:55 +02:00
Daniel Hensby
1e5592a3d9
Merge branch '3.5' into 3.6 2017-06-27 13:14:39 +01:00
Mojmir Fendek
5b6a39e71a TreeDropDown performance boost. 2017-06-19 15:10:23 +12:00
Loz Calver
2afe018dc7
FIX: Ensure HasManyList foreign ID filter includes table name (fixes #7023) 2017-06-15 12:06:30 +01:00
Loz Calver
4ad2cae864
FIX: Upload_Validator failed to fetch max size from PHP ini values (fixes #6999) 2017-06-06 14:28:03 +01:00
Daniel Hensby
cda7e8dc39
Merge remote-tracking branch 'security/3.5.4' into 3.6.0 2017-05-29 01:29:05 +01:00
Daniel Hensby
24166700e8
Merge remote-tracking branch 'security/3.4.6' into 3.5.4 2017-05-29 01:02:35 +01:00
Daniel Hensby
f71efb5063 Merge pull request #40 from silverstripe-security/patch/3.4/ss-2017-002
[SS-2017-002] FIX Lock out users who dont exist in the DB
2017-05-28 22:18:56 +01:00
Daniel Hensby
24a768ae14
Merge branch '3.4' into 3.5 2017-05-26 14:57:15 +01:00
Daniel Hensby
447ce0f84f
[SS-2017-002] FIX Lock out users who dont exist in the DB 2017-05-25 16:14:52 +01:00
Daniel Hensby
85f0650796
Remove unnecessary nesting of config/injector in tests 2017-05-24 16:05:39 +01:00
Daniel Hensby
cc70d893bc
Merge branch '3.4' into 3.5 2017-05-18 13:53:49 +01:00
Daniel Hensby
49a0354998
Make sure that nested relations dont break 2017-05-17 23:01:42 +01:00
Thomas Portelange
efbf14be63
Allow filtering if a relation is defined or a formatting 2017-05-17 21:05:21 +01:00
Daniel Hensby
1f0e1913cd
Merge branch '3.5' into 3 2017-04-08 20:25:27 +01:00
Robbie Averill
55eb7ebdcc FIX Do not insert requirements more than once in includeInHTML
This change consolidates the string replacements used to insert requirements into the page content to help ensure
that they are not compounding and overwriting eachother.

The added test case includes where a user may have a Javascript snippet that contains a closing head tag, and the
test ensures that it does not get injected with requirements as well as the actual head tag in the DOM.
2017-04-07 17:04:17 +12:00
Sam Minnee
22ad39e5ae FIX: Fix SSViewerTest in PHP7
PHP7 is a bit more picky about passing values by reference.
2017-04-05 11:05:29 +10:00
Loz Calver
454646c4df Fix invalid closure param in ShortcodeParserTest 2017-04-05 11:05:28 +10:00
Loz Calver
40bf945322 NEW: PHP 7 compatibility
This patch introduces PHP 7 compatability without breaking semver by adding DBInt
and DBFloat classes, with Int/Float classes that are only loaded into PHP 5 environments
2017-04-05 11:00:04 +10:00
Daniel Hensby
51f98c973f
Merge branch '3.5' into 3 2017-04-03 22:57:58 +01:00
Loz Calver
b3d37880e9
FIX: many_many_extraFields breaks _SortColumn0 ordering (fixes #6730) 2017-03-27 09:16:13 +01:00
Damian Mooyman
f1b99b6fa7
API Enable theming of GroupedDropdownField
Based on partial back-port of 4.0 code
2017-03-06 11:44:42 +13:00
Daniel Hensby
8aaa3e3a86
Merge branch '3.4' into 3.5 2017-03-03 14:54:29 +00:00