Commit Graph

16398 Commits

Author SHA1 Message Date
Daniel Hensby
0f2049d4d4
[SS-2017-008] Fix SQL injection in search engine 2017-11-21 14:45:36 +00:00
Damian Mooyman
a73f75ccc5
Merge pull request #7613 from dhensby/pulls/3.5/phpunit-loosen-constraint
Loosen PHPUnit constraints
2017-11-20 13:58:20 +13:00
Daniel Hensby
36bb28a41d
Loosen PHPUnit constraints 2017-11-17 11:48:24 +00:00
Loz Calver
13b02feed7
Merge pull request #7602 from dhensby/pulls/3.5/fix-filter-any-inner-join
FIX ManyMany link table joined with LEFT JOIN
2017-11-16 13:48:07 +00:00
Daniel Hensby
c96ed89cbe
Merge pull request #7607 from patricknelson/issue-7606-svg-image-tags
FIX: Prevent crash when saving page with <img> that has an SVG source.
2017-11-16 12:12:49 +00:00
Daniel Hensby
ce3fd370fb
FIX ManyMany link table joined with LEFT JOIN 2017-11-16 12:11:16 +00:00
Daniel Hensby
29e57d8015
Merge pull request #7608 from bummzack/patch-1
Fix HTTP::get_mime_type with uppercase filenames.
2017-11-16 11:48:11 +00:00
Daniel Hensby
4f3deb13e0
TEST filterAny on many_many relations return correct items 2017-11-16 11:10:12 +00:00
Patrick Nelson
52f0eadd3b
FIX for #7606: Ensure the object we're handling is actually an Image instance before calling methods specific to that class (e.g. in case of using SVG's in <img> tag which may be File instances). 2017-11-16 11:08:06 +00:00
Daniel Hensby
3d3096485b
TEST Uppercase file extensions return correct mime type 2017-11-16 11:01:25 +00:00
Roman Schmid
dda14e8959
Fix HTTP::get_mime_type with uppercase filenames.
The fallback of `HTTP::get_mime_type` (that uses a lookup instead of `finfo`) doesn't ensure the extension is converted to lowercase before the lookup. A file named `Image.JPG` will return `'application/unknown'`.
This change fixes this issue.
2017-11-16 10:56:34 +00:00
Damian Mooyman
ef86b16854
Merge pull request #7514 from dhensby/pulls/3.5/composer-autoload
Add composer autloading to v3
2017-11-02 11:41:35 +13:00
Chris Joe
a3351589e6 Merge pull request #7118 from phptek/issue/7116
FIX: Fixes #7116 Improves server requirements docs viz: OpCaches.
2017-10-26 11:05:47 +13:00
Russell Michell
00f1ad5d69 FIX: Fixes #7116 Improves server requirements docs viz: OpCaches. 2017-10-26 09:22:07 +13:00
Daniel Hensby
cbac375590
FIX Helpful warning when phpunit bootstrap appears misconfigured 2017-10-25 17:48:35 +01:00
Daniel Hensby
32cef975ef
FIX Use self::inst() for Injector/Config nest methods 2017-10-25 17:48:35 +01:00
Daniel Hensby
8aad080516
Add composer autoloading support to 3.x 2017-10-25 17:48:34 +01:00
Damian Mooyman
59cc45565b Merge pull request #7503 from andrewandante/patch-4
Spelling in DataQueryTest
2017-10-24 12:04:41 +13:00
Andrew Aitken-Fincham
c4a50a3d10 Spelling in DataQueryTest 2017-10-20 12:00:35 +01:00
Damian Mooyman
2b09216b0c Merge pull request #7270 from robbieaverill/pulls/3.6/fix-trailing-period-on-duplicate-folder-name
FIX Files without extensions (folders) do not have a trailing period added
2017-10-18 10:26:05 +13:00
Robbie Averill
2f579b64cb FIX Files without extensions (folders) do not have a trailing period added 2017-10-18 09:25:27 +13:00
Damian Mooyman
7f5ca56e36 Merge pull request #7455 from dhensby/pulls/fix-circular-ref-issue
FIX Dont use var_export for cache key generation
2017-10-10 10:16:16 +13:00
Daniel Hensby
264cec1239
FIX Dont use var_export for cache key generation as it fails on circular references 2017-10-09 10:13:39 +01:00
Daniel Hensby
f745442a55
Merge tag '3.5.5' into 3.5
Release 3.5.5
2017-09-28 17:16:31 +01:00
Daniel Hensby
393d1a9be6
Added 3.5.5 changelog 2017-09-28 15:37:07 +00:00
Daniel Hensby
6e78b9f8d2
Merge pull request #7406 from NightJar/patch-2
Fix ArrayList sort error with old (supported) PHP

PHP 5.3 at least (the reported and tested against version) requires arguments to `call_user_func_array` to be passed by reference. There exists a note as a comment in the code, but was unfortunately overlooked in a previous commit to fix case sensitive sorting 4998b80#diff-6ba746c3d31fd6b4c4a99d7efe35eb21L442

To solve this issue we simply first assign the constant to a variable, so we can then pass that by reference. This has no functional impact, however fixes an issue for users locked in to old PHP versions which we still list as supported (https://docs.silverstripe.org/en/3/getting_started/server_requirements/#web-server-software-requirements).
2017-09-28 15:46:38 +01:00
Dylan Wagstaff
ebe1de8d8b
Fix ArrayList sort error with old (supported) PHP
PHP 5.3 at least (the reported and tested against version) requires arguments to `call_user_func_array` to be passed by reference. There exists a note as a comment in the code, but was unfortunately overlooked in a previous commit to fix case sensitive sorting 4998b80445 (diff-6ba746c3d31fd6b4c4a99d7efe35eb21L442)

To solve this issue we simply first assign the constant to a variable, so we can then pass that by reference. This has no functional impact, however fixes an issue for users locked in to old PHP versions which we still list as supported (https://docs.silverstripe.org/en/3/getting_started/server_requirements/#web-server-software-requirements).
2017-09-28 15:29:54 +01:00
Daniel Hensby
1209b2ae13
Added 3.5.5-beta2 changelog 2017-09-20 13:41:04 +00:00
Daniel Hensby
72702dbd50 Merge pull request #43 from silverstripe-security/pulls/3.5/member-enumeration-timing-attack
[SS-2017-005] User enumeration via timing attack mitigated
2017-09-20 11:39:39 +01:00
Daniel Hensby
6b198336a8 Merge pull request #44 from silverstripe-security/patch/3.5/authenticator-fix
FIX Authenticators are more resilient to incomplete configuration
2017-09-20 11:38:38 +01:00
Daniel Hensby
f0262a8fd9
[SS-2017-005] User enumeration via timing attack mitigated 2017-09-20 11:33:22 +01:00
Daniel Hensby
1f256cf2d2
Added 3.5.5-beta1 changelog 2017-09-19 15:25:41 +00:00
Matthias Schelling
eacfe280c1
TreeDropdownField: replace onadd by onmatch
Makes TreeDropdownField work in situations where it's moved around in the DOM (e.g. when inside a drag'n'drop container)
2017-09-15 12:02:18 +01:00
Daniel Hensby
091d99f599
FIX Authenticators are more resilient to incomplete configuration 2017-09-12 15:57:03 +01:00
Damian Mooyman
c0003bca3d Merge pull request #7319 from open-sausages/pulls/3.5/no-combining-requirements
Fix add combinedFiles to clear logic - ss3
2017-08-29 13:47:52 +12:00
Christopher Joe
7b200a2a64 Fix add combinedFiles to clear logic 2017-08-29 12:57:41 +12:00
Daniel Hensby
9d2503c3da Merge pull request #7274 from PapaBearNZ/patch-1
Fix Truncate Error Issue when using views in a Unittest.
2017-08-25 11:51:36 +01:00
Damian Mooyman
7ad081a20b Merge pull request #7288 from dhensby/pulls/3.5/write-no-change-edit
FIX Don't update LastEdited on skipped writes
2017-08-17 15:09:03 +12:00
Daniel Hensby
eb80a5f9e8
FIX LastEdited no longer updated on skipped writes 2017-08-16 23:39:22 +01:00
Daniel Hensby
1ae07ac2a3
TEST Prove LastEdited is updated when no changes are made 2017-08-16 22:26:47 +01:00
James Pluck
b04a1ab41c Fix Truncate Error Issue when using views in a Unittest.
When using a view in a SilverStripe project, whenever the tear down scripts for the Unittests are run the following error occurs:

Couldn't run query:
TRUNCATE "ActivityPoints_view"
Table 'ss_tmpdb2391727.ActivityPoints_view' doesn't exist

This was due to the MySQLSchemaManager::tableList() function assuming that all records in the TABLES were actual tables containing data.

This small tweak fixes the issue by modifying the SQL to filter out views from the list before truncating.
2017-08-14 15:22:19 +12:00
Damian Mooyman
69451790d6 Merge pull request #7224 from dhensby/pulls/3.5/spyc-composer
Move spyc dependency to composer
2017-08-02 16:19:00 +12:00
Daniel Hensby
6494bc820c
Move spyc dependency to composer 2017-07-28 13:35:30 +01:00
Damian Mooyman
9b378d8c08 Merge pull request #7213 from dhensby/pulls/3.5/fix-small-htmlfield
FIX Avoid JS errors for HTMLEditorFields in small holders
2017-07-28 13:25:31 +12:00
Daniel Hensby
2e34730d3d Merge pull request #7211 from kinglozzer/migrate-legacy-hashes-config
Fix: Use Config API for MemberAuthenticator::$migrate_legacy_hashes (fixes #7208)
2017-07-26 11:21:51 +01:00
Daniel Hensby
31c5eebda0
FIX Avoid JS errors for HTMLEditorFields in small holders 2017-07-26 11:20:00 +01:00
Loz Calver
82c0632f46
Fix: Use Config API for MemberAuthenticator::$migrate_legacy_hashes (fixes #7208) 2017-07-26 09:54:29 +01:00
Daniel Hensby
ba8c149b78
Stay on travis precise dist for now 2017-07-25 16:02:02 +01:00
Chris Joe
3e8b636dc9 Merge pull request #6942 from open-sausages/pulls/3.4/fix-gridfield-state
BUG Ensure GridState_Component is added to GridField config
2017-07-21 10:54:07 +12:00
Klemen Dolinsek
3dd3036792 BUG Ensure GridState_Component is added to GridField config even if we set config with GridField::setConfig
Fixes #6886
2017-07-21 10:32:13 +12:00