Ingo Schommer
a7f38f7b4d
Merge pull request #2413 from ss23/patch-1
...
Update 3.0.6.md
2013-09-12 16:08:04 -07:00
Stephen Shkardoon
f765696d26
Update 3.0.6.md
...
Add reference to information disclosure in Versioned.php (SS-2013-006)
2013-09-13 10:34:51 +12:00
Simon Welsh
6df6cb719d
Revert "Merge pull request #2390 from phptek/2389"
...
This reverts commit 58da57dd1b
, reversing
changes made to 8864256601
.
2013-09-13 08:22:32 +12:00
Ingo Schommer
92c9febb99
Merge pull request #2406 from dangerdan/testing
...
Resubmitting pull request, changes to docs: topics/testing
2013-09-12 13:09:07 -07:00
Dan Brooks
6afad377cb
Changes to topics/testing
2013-09-12 18:22:46 +01:00
Ingo Schommer
03d1d58148
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
admin/code/SecurityAdmin.php
css/AssetUploadField.css
docs/en/topics/configuration.md
security/PermissionRole.php
2013-09-12 17:33:36 +02:00
Ingo Schommer
c2b312d76f
Merge remote-tracking branch 'origin/3.1.0' into 3.1
2013-09-12 17:24:42 +02:00
Ingo Schommer
7627d95555
Updated changelog
2013-09-12 17:02:13 +02:00
Ingo Schommer
505db1f731
Updated translations
2013-09-12 16:53:32 +02:00
Ingo Schommer
24bae3f922
Tagged 3.0.6-rc2
2013-09-12 16:48:20 +02:00
Ingo Schommer
a6b402f491
Added 3.0.6-rc2 changelog
2013-09-12 16:48:15 +02:00
Ingo Schommer
2da4d76c3b
Updated translations
2013-09-12 16:37:12 +02:00
Ingo Schommer
7c99cb4668
Merge branch 'pulls/security-issues-august-3.0' into 3.0
2013-09-12 15:45:13 +02:00
Ingo Schommer
5e0315dc62
Safety note on DataObject::validation_enabled
2013-09-12 15:42:43 +02:00
Ingo Schommer
f803704d91
FIX Disallow permissions assign for APPLY_ROLES (SS-2013-005)
...
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:43 +02:00
Ingo Schommer
8b5c8eab72
Linking to older security issue in change log
...
Mainly for consistency with the newer format
2013-09-12 15:42:43 +02:00
Ingo Schommer
05757efceb
FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
...
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:43 +02:00
Ingo Schommer
6cff9671d4
FIX Privilege escalation through Group and Member CSV upload (SS-2013-004)
...
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
2013-09-12 15:42:43 +02:00
Ingo Schommer
720c149aee
FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
...
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:42 +02:00
Ingo Schommer
cb517fda9e
Safety note on DataObject::$validation_enabled
2013-09-12 15:42:36 +02:00
Ingo Schommer
091c096dbf
FIX Disallow permissions assign for APPLY_ROLES (SS-2013-005)
...
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:36 +02:00
Ingo Schommer
a492d56f7c
3.1.0-rc2 changelog
2013-09-12 15:42:36 +02:00
Ingo Schommer
cfa88adf4b
FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
...
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:36 +02:00
Ingo Schommer
46556b609e
FIX Privilege escalation through Group and Member CSV upload (SS-2013-004)
...
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
2013-09-12 15:42:35 +02:00
Ingo Schommer
68ca47b0dd
FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
...
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:35 +02:00
Ingo Schommer
d747334737
Merge pull request #2401 from adrexia/tree-value
...
BUG: TreeDropdownField remove call to get value on search
2013-09-11 01:30:32 -07:00
Sean Harvey
a1939dccd1
Merge pull request #2400 from jbridson/patch-9
...
Update 2-extending-a-basic-site.md
2013-09-10 21:47:36 -07:00
Sean Harvey
c309867a1c
Merge pull request #2373 from chillu/pulls/treedropdown-searchfield-default
...
Default TreeDropdown to "Title" search if $labelField isn't in DB
2013-09-10 21:45:40 -07:00
Sean Harvey
58da57dd1b
Merge pull request #2390 from phptek/2389
...
Prevent circular refs in `GridFieldAddExistingAutocompleter` when linking DataObjects whose ID == current object's ID
2013-09-10 21:43:31 -07:00
Naomi Guyer
697972699d
BUG: TreeDropdownField remove call to get value on search
...
This call was placing the id of the currently selected record into the
search box. Related to
https://github.com/silverstripe/silverstripe-framework/commit/93ea066f53
d5d2b2a19cf0dd2e9479a3fc5796f7
2013-09-11 13:22:27 +12:00
Simon Welsh
c2105db6d0
Count, not Length
2013-09-11 12:05:43 +12:00
jbridson
a4fbff4df5
Update 2-extending-a-basic-site.md
...
Fixed a few wording issues and added some clarity to links eg: Tutorial One (Building a basic site)
2013-09-11 11:20:41 +12:00
ARNHOE
68141b6ca0
i18n documentation - added note for caching in multi language modules
2013-09-07 16:10:52 +02:00
Ingo Schommer
8864256601
Merge pull request #2391 from halkyon/orderby_limit_aggregate
...
BUG Fixing SQLQuery::aggregate() adding ORDER BY when no limit.
2013-09-06 02:21:30 -07:00
Sean Harvey
95bb799e6f
BUG Fixing SQLQuery::aggregate() adding ORDER BY when no limit.
...
DataQuery::initialiseQuery() will add a default sort to a query,
and when calling up an aggregate it will make a query like this
which doesn't make sense:
SELECT MAX("LastEdited") FROM "Member" ORDER BY "ID"
In this case there is no need to add the ORDER BY, and it will
break databases like MSSQL in cases such as
GenericTemplateGlobalProvider
which provides a default List() function for adding aggregates
into SSViewer template cacheblocks.
If we add a limit, however, then it does make sense:
SELECT MAX("LastEdited") FROM "Member" ORDER BY "ID" LIMIT 10
This fixes SQLQuery::aggregate() to NOT add an ORDER BY to an
aggregate call if there is no limit.
2013-09-06 18:11:11 +12:00
Sean Harvey
e43ca931d6
Merge pull request #2343 from chillu/pulls/security-404
...
Returning 404 on /Security, instead of Controller.ss template
2013-09-05 18:56:23 -07:00
Russell Michell
abcb2ef40b
FIX: Modified fix for #2389 to ensure existing tests pass.
2013-09-06 08:48:32 +12:00
Ingo Schommer
ef2fc46eb2
Merge pull request #2386 from adrexia/tinymce-image-resize
...
BUG: Image resize allows skewing of image in IE (fixes CMS #791 )
2013-09-05 04:08:06 -07:00
Ingo Schommer
9872a52a8d
SecurityToken docs
2013-09-05 12:54:31 +02:00
Russell Michell
128c33b82c
FIX: Fixes #2389
...
- Prevent circular references in `GridFieldAddExistingAutocompleter` when linking DataObjects whose ID matches the current object to which the gridfield is attached.
2013-09-05 13:55:47 +12:00
Naomi Guyer
52ef14a9ec
BUG: Image resize allows skewing of image in IE (fixes CMS #791 )
...
Including this plugin seemed like the most complete solution to this
problem, and allows it to be removed when tinymce is upgraded (assuming
they have fixed this issue). Uses a compressed version of the
advimagescale fork from sourceforge
(http://sourceforge.net/p/tinymce/plugins/186/ ), as it allowed for
multiple tinymce instances.
2013-09-04 15:01:46 +12:00
Will Rossiter
daa0b3cb79
Merge pull request #2383 from ryanwachtl/patch-1
...
Update requirements.md
2013-09-02 23:20:36 -07:00
Ryan Wachtl
15a1d96e5b
Update requirements.md
...
Missing semicolon in example code.
2013-09-03 01:18:58 -05:00
Ingo Schommer
62608a7772
"edit" form expansion in AssetUploadField
...
Form wasn't expanding because of fixed heights. Backported fix from 3.1.
2013-09-02 16:48:11 +02:00
Ingo Schommer
1f84db1c54
Merge pull request #2357 from phptek/cms-access-checkbox-toggle
...
BUGFIX: CMS permissions checkbox won't untoggle once selected
2013-09-02 03:15:34 -07:00
Will Rossiter
0a795952b9
Merge pull request #2377 from phptek/issue/2375
...
UploadField showed 2 descriptions in CMS
2013-09-01 22:57:29 -07:00
Russell Michell
0f1ae7a00b
BUGFIX:
...
- Fixes issue with CMS permissions checkbox, which won't un-toggle checked-checkboxes, after being clicked a 2nd time
2013-09-02 12:46:31 +12:00
Russell Michell
a1b04cb371
BUGFIX: Issue #2375
...
- UploadField showed 2 descriptions in CMS with one call to setDescription().
- Removed UploadField-specific template ref to $Description, in favour of using the "default" in FormField_holder.ss
2013-09-02 12:31:33 +12:00
Ingo Schommer
1c31c098ee
FIX Correct Zend_Locale fallbacks in i18n/DateField/DateTimeField
...
Due to the recent change of translations to transifex, some
locales changed their names, which prompted a fix to
i18n::get_available_translations() (see 00ffe7294
).
This caused a regression where short locales are determined
from the YAML file names (e.g. "en"), but weren't matched up
with fully qualified locales from get_available_translations() (e.g. "en_US").
Since this list is used in the admin/myprofile dropdown for the Member.Locale value,
it didn't match up with any entries and defaulted to the first one ("Africaans").
Note that the behaviour of admin/myprofile is still a bit weird:
It defaults the locale on new members to the one set for the current administrator.
So if a site defaults to en_US in _config.php, but the admin happens to view
his backend in de_DE, all members he creates default to de_DE as well.
Thanks to @tractorcow for contributing and peer reviewing!
2013-08-30 10:18:00 +02:00
Ingo Schommer
5f0329c6f2
Re-added entwine src/ in order to use inspector in dev mode
2013-08-30 10:12:50 +02:00