silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-02 01:19:29 +02:00

Author	SHA1	Message	Date
Serge Latyntcev	88fde6e7c3	Merge branch '4.4' into 4	2019-09-24 17:29:06 +12:00
Serge Latyntcev	50a1aa4c4d	Merge branch '4.3' into 4.4	2019-09-24 17:28:31 +12:00
Aaron Carlino	b002ef1171	Merge branch '4.4' into 4	2019-09-24 17:26:50 +12:00
Serge Latyntcev	8b7063a8e2	[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution	2019-09-24 16:03:48 +12:00
Serge Latyntcev	eccfa9b10d	[CVE-2019-12203] Session fixation in "change password" form A potential account hijacking may happen if an attacker has physical access to victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability. Requires the victim to click the password reset link sent to their email. If all the above happens, attackers may reset the password before the actual user does that.	2019-09-24 16:03:48 +12:00
Serge Latyntcev	5af205993d	[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution	2019-09-24 16:00:51 +12:00
Serge Latyntcev	569237c0f4	[CVE-2019-12203] Session fixation in "change password" form A potential account hijacking may happen if an attacker has physical access to victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability. Requires the victim to click the password reset link sent to their email. If all the above happens, attackers may reset the password before the actual user does that.	2019-09-24 16:00:51 +12:00
Garion Herman	0d27f32cc9	FIX Add 'legal empty attributes' to allow empty alt values on imgs In some situations, a caption is used in place of a value in the alt attribute, and in others an image may be cosmetic and not in need of an alt attribute value (though the alt attribute must still be rendered in this case).	2019-09-24 11:44:12 +12:00
Robbie Averill	3cfc21c405	Merge pull request #9241 from open-sausages/pulls/4.4.3/fix-file-permission Fix administrators not being able to see files that are restricted to groups	2019-09-23 11:13:26 -07:00
Guy Marriott	aa7c057422	FIX: Don't force-add view button to readonly GridField (fixes #… (#9254 ) FIX: Don't force-add view button to readonly GridField (fixes #9249)	2019-09-23 10:31:25 -07:00
Loz Calver	efdb9cc718	FIX: run member CMS validator when editing via groups (fixes #9184 )	2019-09-23 16:59:58 +01:00
Loz Calver	d85ff3bc44	FIX: Don't force-add view button to readonly GridField (fixes #9249 )	2019-09-23 16:52:47 +01:00
bergice	6a1c6ecec6	Fix administrators not being able to see files that are restricted to groups Resolves https://github.com/silverstripe/silverstripe-asset-admin/issues/777	2019-09-23 16:44:28 +12:00
Guy Marriott	6ff97821ed	Merge branch '4.4' into 4	2019-09-18 15:52:36 -07:00
Guy Marriott	7877ffcc85	Merge branch '4.3' into 4.4	2019-09-18 15:52:18 -07:00
Hayden Shaw	daf9d55ecb	Allow non summary fields to be used as export fields Fixes regression in `3d989a6eae`.	2019-09-19 10:00:54 +12:00
Robbie Averill	aa6b244db9	Merge branch '4.4' into 4	2019-09-13 18:11:46 -07:00
Robbie Averill	592ab6abc1	Merge branch '4.3' into 4.4	2019-09-13 18:11:34 -07:00
Robbie Averill	066ce8e01c	Merge branch '4.2' into 4.3 # Conflicts: # src/View/ThemeResourceLoader.php	2019-09-13 18:10:37 -07:00
Robbie Averill	cfe86ad5a1	Merge pull request #9153 from creative-commoners/pulls/4.4/stream-ree-tags FIX Skip md5-ing the whole contents of a stream for etags	2019-09-13 17:59:26 -07:00
Robbie Averill	9a76d4adb4	Merge pull request #9181 from kinglozzer/8762-shortcode-templates NEW: Use templates to render embed shortcodes (closes #8762)	2019-09-13 17:58:32 -07:00
Serge Latyntsev	233e0e7aa0	ENH PasswordExpirationMiddleware implementation (#9207 )	2019-09-12 14:34:06 +12:00
Aaron Carlino	da6582f593	NEW: Remove web installer, move to separate package (#9231 ) * Remove installer * Remove exposed install files * Replace Dev/Install classes still in use * Update changelog * FIX make the grid field actions consistent to what they look like on pages Resolves https://github.com/silverstripe/silverstripe-admin/issues/904 * Docs changes	2019-09-11 13:10:25 +12:00
Maxime Rainville	591b88a9bc	BUG Allow infinite loop when calling DataObject::writeComponent() recursively	2019-09-10 14:15:28 +12:00
Robbie Averill	e8c2f963fd	FIX Member::getLastName() now correctly returns the Member surname	2019-09-06 12:12:27 -07:00
Robbie Averill	41a766d135	Merge pull request #9085 from kinglozzer/9084-path-join-exception Catch Path::join() exceptions in findTemplate() (fixes #9084)	2019-09-06 12:00:39 -07:00
Robbie Averill	42dd02ef78	Merge pull request #9122 from aNickzz/4 Add onBeforeRenderHolder extension point for FormField	2019-09-06 11:53:10 -07:00
Hels666	22a6a5b1e3	NEW Add getLastName() method to Member.php (#9222 ) * Add getLastName() method to Member.php Add getLastName() method to Silverstripe\Security\Member.php to allow use of $LastName instead of $Surname in templates as it is a common mistake made this is for issue #9219 as discussed in Slack on 04-Sep-2019 * Minor doc block clean-up * Update src/Security/Member.php - typo fix Co-Authored-By: Guy Marriott <guy@scopey.co.nz>	2019-09-06 20:31:22 +12:00
Maxime Rainville	dd40d53e6b	Merge branch '4.4' into 4	2019-09-04 09:46:33 +12:00
Maxime Rainville	24015c7767	Merge branch '4.3' into 4.4	2019-09-04 09:42:09 +12:00
Robbie Averill	aec5051a24	Merge pull request #9206 from creative-commoners/pulls/4.3/strip-bom-on-csv-import FIX Byte Order Marks (BOM) are now stripped when importing CSV files	2019-09-03 09:55:38 -07:00
Damian Mooyman	6759af3767	Escape strings a bit safer for doc generation	2019-09-03 19:38:19 +12:00
Damian Mooyman	f649657182	Clarify Director::absoluteURL behaviour Fixes #9111	2019-09-03 19:34:16 +12:00
Robbie Averill	ef49dcf726	Merge pull request #9164 from sminnee/fix-9162 FIX: Write relations when saving in grid-field item edit form	2019-09-01 20:44:13 -07:00
Maxime Rainville	a2a202c016	Merge pull request #9200 from open-sausages/pulls/4.4.3/consistent-actions FIX make the grid field actions consistent to what they look like on pages	2019-09-02 14:07:22 +12:00
bergice	2f8d847a10	FIX make the grid field actions consistent to what they look like on pages Resolves https://github.com/silverstripe/silverstripe-admin/issues/904	2019-09-02 12:22:32 +12:00
Robbie Averill	0b991cc039	Merge pull request #9198 from elabuwa/pulls/4.3/bug-fix-html-entities-breadcrumbs-in-group Bug : Add html_entity_decode to group parents	2019-08-30 09:51:52 +12:00
Dileep Ratnayake	fe4eb5dd2a	Update src/Security/Group.php Co-Authored-By: Maxime Rainville <maxime@rainville.me>	2019-08-29 15:44:41 +12:00
Robbie Averill	77ba8391c4	FIX Byte Order Marks (BOM) are now stripped when importing CSV files	2019-08-29 14:54:57 +12:00
Maxime Rainville	73f43c6f42	BUG Remove placeholder text on new group form	2019-08-28 17:14:19 +12:00
Dileep Ratnayake	9b7075ed5d	Update Group.php	2019-08-27 16:22:00 +12:00
Dileep Ratnayake	a976a1688b	Update Group.php move to private method	2019-08-27 16:21:08 +12:00
Dileep Ratnayake	40e5c4ec59	Update Group.php use of convert::raw2xml, rename $grp to $group	2019-08-27 16:19:40 +12:00
Dileep Ratnayake	4f8240bd48	Update src/Security/Group.php Co-Authored-By: Andre Kiste <bergice@users.noreply.github.com>	2019-08-27 12:19:03 +12:00
Will Rossiter	d2a07b1047	FIX Remove error when exporting a column that is not displayed in a GridField	2019-08-27 11:54:31 +12:00
Dileep Ratnayake	f7a602137a	add html_entity_decode to breadcrumbs	2019-08-27 11:49:17 +12:00
Loz Calver	759601741d	NEW: Use templates to render embed shortcodes (closes #8762 )	2019-08-21 09:32:16 +01:00
Robbie Averill	a5d6b998fc	Merge branch '4.4' into 4	2019-08-16 16:40:39 +12:00
Robbie Averill	bae7e32680	FIX Member::changePassword() no longer applies password validation rules to the hashed value	2019-08-16 09:06:07 +12:00
Robbie Averill	45f86658ca	Merge branch '4.4' into 4	2019-08-14 09:31:05 +12:00

1 2 3 4 5 ...

1620 Commits