Ingo Schommer
ffb316dbc9
Added 3.0.7-rc1 changelog
2013-09-26 01:32:41 +02:00
Ingo Schommer
debd81d380
Merge pull request #2453 from chillu/pulls/escape-3.1.0
...
Escaping 3.1
2013-09-25 16:02:45 -07:00
Ingo Schommer
e1f9458db1
Added 3.0.7 changelog
2013-09-24 21:54:34 +02:00
Ingo Schommer
2b7a2a289e
API Escape form validation messages (SS-2013-008)
2013-09-24 21:41:21 +02:00
Ingo Schommer
f3ef04a432
FIX Auto-escape titles in TreeDropdownField
...
Related to SS-2013-009. While the default "TreeTitle" was escaped
within the SiteTree->TreeTitle() getter, other properties like SiteTree->Title
weren't escaped. The new logic uses the underlying casting helpers
on the processed objects.
2013-09-24 21:41:21 +02:00
Ingo Schommer
78ce99be09
FIX Escape breadcrumbs in SecurityAdmin (SS-2013-007)
2013-09-24 21:41:18 +02:00
Tomáš Bílek
65d5f10e60
Update 3.1.0-rc2.md
...
Corrected RC number in heading of page.
2013-09-13 18:50:45 +02:00
Stephen Shkardoon
f765696d26
Update 3.0.6.md
...
Add reference to information disclosure in Versioned.php (SS-2013-006)
2013-09-13 10:34:51 +12:00
Ingo Schommer
03d1d58148
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
admin/code/SecurityAdmin.php
css/AssetUploadField.css
docs/en/topics/configuration.md
security/PermissionRole.php
2013-09-12 17:33:36 +02:00
Ingo Schommer
c2b312d76f
Merge remote-tracking branch 'origin/3.1.0' into 3.1
2013-09-12 17:24:42 +02:00
Ingo Schommer
7627d95555
Updated changelog
2013-09-12 17:02:13 +02:00
Ingo Schommer
a6b402f491
Added 3.0.6-rc2 changelog
2013-09-12 16:48:15 +02:00
Ingo Schommer
8b5c8eab72
Linking to older security issue in change log
...
Mainly for consistency with the newer format
2013-09-12 15:42:43 +02:00
Ingo Schommer
05757efceb
FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
...
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:43 +02:00
Ingo Schommer
6cff9671d4
FIX Privilege escalation through Group and Member CSV upload (SS-2013-004)
...
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
2013-09-12 15:42:43 +02:00
Ingo Schommer
720c149aee
FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
...
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:42 +02:00
Ingo Schommer
a492d56f7c
3.1.0-rc2 changelog
2013-09-12 15:42:36 +02:00
Ingo Schommer
cfa88adf4b
FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
...
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:36 +02:00
Ingo Schommer
46556b609e
FIX Privilege escalation through Group and Member CSV upload (SS-2013-004)
...
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
2013-09-12 15:42:35 +02:00
Ingo Schommer
68ca47b0dd
FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
...
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:35 +02:00
Naomi Guyer
8b5f89f3b9
API: Treedropdownfield showsearch default true, provide better ui
...
Set search option true on treedropdown fields by default, to provide a
fallback solution when trees fail to render (too many children errors)
Provide better indication/more meaningful styling to search (match
chosen styles for consistency)
2013-08-29 16:21:04 +12:00
Ingo Schommer
a4c6ae3e90
Merge remote-tracking branch 'origin/3.1'
2013-08-22 13:56:33 +02:00
Ingo Schommer
a592c36adf
Merge remote-tracking branch 'origin/3.0' into 3.1.0
...
Conflicts:
docs/en/changelogs/index.md
2013-08-20 20:49:01 +02:00
Ingo Schommer
3690ae1658
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
docs/en/changelogs/index.md
2013-08-16 17:12:12 +02:00
Ingo Schommer
64d7438681
Merge remote-tracking branch 'origin/3.1'
2013-08-09 12:12:10 +02:00
Sam Minnee
3510b60ab8
Added 3.1.0-rc1 changelog
2013-08-09 14:25:58 +12:00
Ingo Schommer
7a117fe713
Added 3.0.6-rc1 changelog
2013-08-07 20:55:10 +02:00
Ingo Schommer
a213afd888
Added 3.0 changelog
2013-08-07 20:16:59 +02:00
Ingo Schommer
2a35f2f928
Merge remote-tracking branch 'origin/3.1'
2013-08-07 17:34:11 +02:00
Ingo Schommer
afe06661ef
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
admin/templates/Includes/LeftAndMain_Menu.ss
admin/templates/Includes/ModelAdmin_ImportSpec.ss
admin/templates/Includes/ModelAdmin_Tools.ss
admin/templates/LeftAndMain.ss
admin/templates/ModelSidebar.ss
i18n/i18n.php
templates/ComplexTableField.ss
templates/ComplexTableField_popup.ss
templates/FileIFrameField_iframe.ss
templates/Includes/GridFieldItemEditView.ss
templates/Includes/TableListField_PageControls.ss
templates/RelationComplexTableField.ss
templates/TableField.ss
templates/TableListField.ss
2013-08-07 17:14:47 +02:00
Ingo Schommer
00ffe72944
Translations: Switch to Transifex format
...
- Based on new (last) translation download from getlocalization.com
- Removed untranslated strings. Getlocalization started including those at some point
which is highly annoying, unnecessary and breaks the new transfix system,
since it'll mark all of the english strings as actual translations
- Avoid dots in entities. It confuses the Transifex YML parser
- Removed some locales unknown to Transifex which didn't have any translations anyway
- Removed "lolcat" locale, uses custom notation (en@lolcal)
which SilverStripe's i18n system can't handle
(needs mapping from SS naming to Zend naming)
- Renamed "Te Reo/Maori" locale from "mi_NZ" to "mi" (Transifex/CLDR notation)
- Namespaced all entities used in templates (deprecated usage)
- Converted dots to underscores where template filenames are used for namespaces,
since Transifex YML parsing handles them as separate YML keys otherwise
- Removed whitespace in entity names, SilverStripe i18n can't handle it
- Only allow selection of locales registered through i18n::$all_locales to avoid
issues with unknown locales in Zend's CLDR database
2013-08-07 00:25:16 +02:00
Ingo Schommer
542728cd94
Merge remote-tracking branch 'origin/3.1'
2013-08-03 19:47:32 +02:00
Ingo Schommer
0e7231ff60
API Disable discontinued Google Spellcheck in TinyMCE
...
Replaced by browser-based spellchecking if available (Chrome, Firefox),
with instructions on how to use PSpell as an alternative.
2013-08-03 16:16:45 +02:00
Ingo Schommer
97e6108fa9
Changelog note on form method limitations
...
See 14c59be85e
.
Raised by Fara Rustein of Deloitte Argentina (CVE-2013-2653).
2013-08-01 15:48:51 +02:00
Hamish Friedlander
0a79ac3592
Merge branch 'origin/3.1'
...
Conflicts:
templates/forms/CheckboxSetField.ss
templates/forms/FormField_holder.ss
templates/forms/OptionsetField.ss
2013-07-19 16:25:38 +12:00
Hamish Friedlander
d38bd7d5cb
Merge branch 'origin/3.0' into 3.1
2013-07-19 14:18:49 +12:00
Hamish Friedlander
1298d4a5bd
FIX Prevent DOS by checking for env and admin on ?flush=1 ( #1692 )
2013-07-19 12:24:32 +12:00
Simon Welsh
fbce9fd7cd
Merge branch '3.1'
...
Conflicts:
.travis.yml
docs/en/misc/contributing/code.md
javascript/HtmlEditorField.js
2013-07-05 10:22:58 +12:00
Hamish Friedlander
dacb2aa638
FIX HtmlEditorField not re-checking sanitisation server side
2013-07-04 08:53:23 +12:00
Ingo Schommer
fb784af738
API Enforce $allowed_actions in RequestHandler->checkAccessAction()
...
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk
Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.
Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Ingo Schommer
94b4237372
Merge remote-tracking branch 'origin/3.1'
2013-06-19 11:17:33 +02:00
Sean Harvey
726e4c313e
Merge pull request #2084 from chillu/pulls/cmsform
...
Handle ValidationException on CMS forms
2013-06-18 14:41:51 -07:00
vikas srivastava
2f16d93d48
Update 3.1.0.md
...
I was trying
Member:
extensions:
MyMemberExtension
And it didn't work then someone on IRC pointed that I need to put a '-' before values. So this works.
Member:
extensions:
- MyMemberExtension
Hope will help someone else.
2013-06-17 14:21:46 +05:30
CheeseSucker
091e34e2e8
[MINOR] Typo
2013-06-15 02:49:52 +03:00
Ingo Schommer
9d4b8f61ca
Note about IE10 support
2013-06-13 10:27:19 +02:00
Ingo Schommer
bfff11eb9c
API New CMSForm class to allow validation responses in CMS ( fixes #1777 )
...
Thanks to @willmorgan for getting this discussion started
(see https://github.com/silverstripe/sapphire/pull/1814 ).
2013-06-13 07:51:05 +02:00
Ingo Schommer
5a1d476e8d
Merge branch 'idvalidattr' of git://github.com/wilr/sapphire into wilr-idvalidattr
2013-05-31 19:27:19 +02:00
Ingo Schommer
88536998b9
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
2013-05-31 18:08:59 +02:00
Damian Mooyman
163917b83e
Fixed scrutiniser issues
2013-05-27 15:42:10 +12:00
Damian Mooyman
7f057ce343
API UploadField functions on new records
...
Fixed regression from 1e5d40474d
(UploadField::canPreviewFolder).
Merged in pull request #2009 - (6018bdd631
).
Merged pull request #1259 (34bfc862ee
).
2013-05-27 15:22:59 +12:00
Will Rossiter
ca87b8b794
API: Form Field ID attribute should follow HTML specification
...
Fixes: http://open.silverstripe.org/ticket/4431 .
Changes Form and Form Field classes to make use of Convert::raw2htmlid() which follows http://www.w3.org/TR/REC-html40/types.html#type-cdata .
Introduces a FormTemplateHelper class to assist in these sort of updates in the future.
2013-05-26 11:11:55 +12:00
Simon Welsh
e90012787d
Merge branch 'hackfest_may_2013' of https://github.com/NightJar/sapphire into 3.1
...
Conflicts:
docs/en/changelogs/3.1.0.md
2013-05-25 20:07:54 +12:00
Nightjar
5ec8158977
Check that Webserver is not Apache/1.x in light of installer assets/.htaccess alterations
2013-05-25 20:03:36 +12:00
Stephen Shkardoon
5e5b892043
Note for magic quotes change
2013-05-25 20:02:51 +12:00
Sam Minnee
d97ca43cd0
Merge branch '3.1'
...
Conflicts:
README.md
dev/install/install.php5
forms/ConfirmedPasswordField.php
tests/forms/FormTest.php
2013-05-23 19:01:58 +12:00
Damian Mooyman
6e0e3564e1
NEW Added beforeExtending, afterExtending, and beforeUpdateCMSFields to allow user code better control over interaction with extending methods
2013-05-16 10:34:45 +12:00
Ingo Schommer
3b02d22989
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
dev/CsvBulkLoader.php
2013-05-09 10:34:20 +02:00
Will Morgan
a5b04ba334
Updating docs for Security template changes
...
See https://github.com/silverstripe/sapphire/pull/1807
2013-05-08 11:52:36 +01:00
Ingo Schommer
6c2e791a48
Merge remote-tracking branch 'origin/3.1'
2013-04-29 08:59:06 +02:00
Sam Minnee
eb583c5f14
NEW: Added DataObject::getQueriedDatabaseFields() as faster alternative to toMap()
...
API: CompositeDBField::setValue() may be passed an object as its second argument, in addition to array.
These changes provide a 15% - 20% performance improvement, and as such justify an small API change in the 3.0 branch. It will likely affect anyone who has created their own composite fields, which is fortunately not all that common.
2013-04-21 13:39:11 +12:00
Ingo Schommer
6e3a150424
3.1.0-beta3 changelog
2013-04-18 19:28:13 +02:00
Ingo Schommer
d877c1063d
Updated changelog, moved "statics in Page.php" to top
...
Its going to be a fatal error on every upgrade unless tended to,
so we need to ensure people don't overlook it in the guide.
2013-04-18 18:28:09 +02:00
Ingo Schommer
0343a77d30
Merge remote-tracking branch 'origin/3.1'
2013-04-11 11:42:04 +02:00
Ingo Schommer
ae09301c8c
Revert deprecation of Object::add_extension() usage
...
This reverts commit 14b997eea3
.
Its just not practical to use the Config API as it stands,
the add_extension() wrapper does more than just a Config->update().
Most use cases can be covered via YML, but any conditional
additions (e.g. in unit tests) can still benefit from the
add_extensions() shorthand.
2013-04-11 11:40:53 +02:00
Ingo Schommer
14b997eea3
API Deprecated Object::add_extension() usage (as of 3.2)
2013-04-09 15:00:34 +02:00
Ingo Schommer
baca12bf37
3.1 changelog summaries
2013-04-09 13:36:39 +02:00
Ingo Schommer
01f46d039f
NEW Enforce max node counts to avoid excessive resource usage
...
Rendering potentially 1000s of nodes can exceed the CPU and memory constraints
of a normal PHP process, as well as the rendering capabilities of browsers.
Set a hard maximum for the renderable nodes, deferring to a "show as list" action
in the main CMS tree. For TreeDropdownField, we don't have the list fallback option,
so ask the user to search for the node title instead.
Also makes both the "node_threshold_total" and "node_threshold_leaf" values configurable
2013-04-09 10:24:18 +12:00
s-m
6a95db0eff
API: Support inequalities in templates
...
This adds support for <, <=, >, >= in templates
2013-04-08 17:07:39 +02:00
Ingo Schommer
f296439a24
NEW Hints for scaffolded date/time fields
2013-04-08 19:38:50 +12:00
Ingo Schommer
828ac7fe4f
API Replaced SSViewer.custom_theme with SSViewer.theme_enabled
...
Since we can't influence the setting of configuration values,
we also can't set/unset the 'custom_theme' value based on which
theme is set. This means the 'custom_theme' value goes stale,
and we can't rely on it e.g. in FilesystemPublisher.
The 'theme_enabled' toggle is a cleaner solution to the same problem,
since the 'custom_theme' was really just a way to remember the original
theme, while still disabling it. The toggle makes this more explicit,
but also requires users of the 'theme' setting to check for it.
2013-04-07 23:59:10 +02:00
Ingo Schommer
afb8465d05
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
2013-03-29 17:37:19 +01:00
Ingo Schommer
e97c034922
API i18n::$common_languages and i18n::$common_locales converted to Config API
...
They are now accessed via the Config API, and contain associative rather than indexed arrays.
Before: `array('de_DE' => array('German', 'Deutsch'))`, after: `array('de_DE' => array('name' => 'German', 'native' => 'Deutsch'))`.
Also fixed a i18n.js_i18n config accessor
2013-03-27 20:42:46 +01:00
Ingo Schommer
538bf01860
Merge remote-tracking branch 'origin/3.1'
2013-03-27 12:12:16 +01:00
Ingo Schommer
8b4fb6ef0f
Clarified 3.1 upgrading docs
2013-03-26 19:01:36 +01:00
Ingo Schommer
b0d3f7f3a2
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
api/RSSFeed.php
dev/SapphireTest.php
tests/control/RequestHandlingTest.php
2013-03-26 10:46:41 +01:00
Ingo Schommer
4ea98ae440
Removed Object::*_extension() non-LSB deprecation
...
Its just a simplication, and unnecessarily complicates
module compatibilities.
2013-03-26 00:31:25 +01:00
Ingo Schommer
7470f5e0b6
More upgrading notes about 3.1 and statics
2013-03-25 22:09:21 +01:00
Ingo Schommer
c8f26e673a
3.1 changelog improvements
2013-03-25 09:52:55 +01:00
Ingo Schommer
3334eafcb1
API Marked statics private, use Config API instead ( #8317 )
...
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
81a51331d6
IX Load _config.php's after static config manifest
...
This allows more sophisticated handling of config alterations
in _config.php. One example is additions to DataObject::$db
based on configuration which requires some processing.
See https://github.com/unclecheese/TranslatableDataObject/blob/master/TranslatableDataObject.php
2013-03-21 00:16:36 +01:00
Ingo Schommer
5b83de4049
Added note about deprecations to 3.1 upgrading guide
2013-03-20 10:28:39 +01:00
Ingo Schommer
53c84ee1fe
Merge remote-tracking branch 'origin/3.0' into 3.1
2013-03-19 14:04:29 +01:00
Ingo Schommer
99ca0471f7
Merge remote-tracking branch 'origin/2.4' into 3.0
...
Conflicts:
control/RequestHandler.php
core/control/ContentController.php
dev/CsvBulkLoader.php
docs/en/changelogs/index.md
docs/en/reference/execution-pipeline.md
docs/en/topics/commandline.md
docs/en/topics/controller.md
docs/en/topics/form-validation.md
docs/en/topics/forms.md
docs/en/topics/security.md
model/MySQLDatabase.php
security/Security.php
tests/control/ControllerTest.php
tests/control/RequestHandlingTest.php
2013-03-19 13:56:04 +01:00
Andrew Short
94f209eb74
Merge branch '3.1'
2013-03-19 22:36:47 +11:00
Ingo Schommer
250834d9d2
Updated browser requirements, dropping IE7 support
...
See https://groups.google.com/forum/?fromgroups=#!topic/silverstripe-dev/GahZfDLvb-I
2013-03-18 14:33:43 +01:00
Andrew Short
bc941c18b6
Merge branch '3.1'
2013-03-15 21:58:37 +11:00
Hamish Friedlander
a2845735b0
Update 3.1.0 upgrading notes for casting changes
2013-03-14 12:49:34 +13:00
Sam Minnée
09377f0ba4
Added upgrade note for config static immutability
...
Config statics are now immutable for performance, this requires an upgrade change.
2013-03-13 11:22:41 +13:00
Ingo Schommer
53e988bb09
Merge remote-tracking branch 'origin/3.1.0-beta2' into 3.1
2013-03-12 10:45:44 +01:00
Ingo Schommer
ce66bc1eaf
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
tests/travis/before_script
2013-02-27 13:34:03 +01:00
Ingo Schommer
bea1b9002d
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
control/HTTP.php
2013-02-26 13:28:35 +01:00
Sam Minnee
50f36447a9
Merge branch '3.1'
2013-02-25 16:59:37 +13:00
Ingo Schommer
9ceef6be07
Added changelog
2013-02-20 00:39:00 +01:00
Ingo Schommer
876c660018
Merge pull request #1195 from chillu/pulls/deprecate-scheduled-tasks
...
API Deprecated ScheduledTask and subclasses
2013-02-19 01:01:53 -08:00
Ingo Schommer
43fb566388
Note about RestfulService SSL verification in upgrading guide
2013-02-18 15:59:15 +01:00
Ingo Schommer
bb724c43b9
Merge pull request #1142 from chillu/pulls/remove-auto-controller-routing
...
API Removed auto-routing of controller name
2013-02-18 05:30:37 -08:00
Ingo Schommer
957469d770
API Removed auto-routing of controller name
...
Use custom routing rules to achieve this effect (see changelog)
2013-02-18 14:29:47 +01:00
Ingo Schommer
af96432c1e
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
api/RSSFeed.php
2013-02-18 14:18:54 +01:00
Ingo Schommer
88867cdd23
API Deprecated ScheduledTask and subclasses
...
Base CliController or BuildTask instead, with custom cron job intervals.
2013-02-18 14:01:15 +01:00
Hamish Friedlander
7ec8ebbf9e
Add 3.1.0-beta2 changelog
2013-02-18 17:09:22 +13:00