Commit Graph

3028 Commits

Author SHA1 Message Date
Robbie Averill
8b750b3d80 Merge remote-tracking branch 'origin/3.5.8' into 3.6.6 2018-05-10 15:52:23 +12:00
Damian Mooyman
5771388821 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-09 15:12:40 +12:00
Damian Mooyman
4da99efd5d
Merge remote-tracking branch 'origin/3.5' into 3.6 2018-01-31 16:03:42 +13:00
Damian Mooyman
72e2326731
Merge pull request #7798 from kinglozzer/member-groupset-delete
FIX: Fix Member_GroupSet::removeAll() (fixes #3948)
2018-01-25 09:20:30 +13:00
Loz Calver
c2cd6b3832 FIX: Fix Member_GroupSet::removeAll() (fixes #3948) 2018-01-24 17:17:20 +00:00
Daniel Hensby
7b0500982e
Merge branch '3.5' into 3.6 2017-12-14 15:25:36 +00:00
Daniel Hensby
81150c5922
FIX Use PHP 5.3 array syntax 2017-12-14 15:24:53 +00:00
Damian Mooyman
d6a93f5215
Merge remote-tracking branch 'silverstripe-security/3.5' into 3.6
# Conflicts:
#	security/Member.php
2017-12-06 17:26:45 +13:00
Damian Mooyman
91cf85087b
Merge remote-tracking branch 'origin/3.5' into 3.6 2017-12-06 17:21:09 +13:00
Damian Mooyman
dd4c5417e7
Merge pull request #49 from silverstripe-security/pulls/3.5/ss-2017-007
[ss-2017-007] Ensure xls formulae are safely sanitised on output (3.5)
2017-12-06 16:25:58 +13:00
Damian Mooyman
44de03da01
Merge pull request #53 from silverstripe-security/pulls/3.5/ss-2017-006
[ss-2017-006] Fix user agent invalidation on session startup (3.5 branch)
2017-12-06 16:25:39 +13:00
Damian Mooyman
3e2bcaa0b4
Merge pull request #54 from silverstripe-security/pulls/3.5/ss-2017-009
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt (3.5 branch)
2017-12-06 16:25:19 +13:00
Daniel Hensby
2aa1d8f2c4
remove create_function usage 2017-12-05 14:20:13 +00:00
Damian Mooyman
25e276cf37 [ss-2017-006] Fix user agent invalidation on session startup 2017-12-01 10:55:00 +13:00
Damian Mooyman
22ccf3e2f9
[ss-2017-007] Ensure xls formulae are safely sanitised on output
CSVParser now strips leading tabs on cells
2017-12-01 10:19:48 +13:00
Damian Mooyman
6ba00e829a
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt 2017-11-30 15:53:50 +13:00
Damian Mooyman
bac5f4c8aa
Merge branch '3.5' into pulls/3.5/update-pwd-encryption-on-change 2017-11-27 14:42:32 +13:00
Daniel Hensby
badeb0cc8c
Merge branch '3.5' into 3.6 2017-11-25 16:17:36 +00:00
Daniel Hensby
09a003bc13
Fix deprecated usage of getMock in unit tests 2017-11-24 14:48:30 +00:00
Daniel Hensby
2ad3cc07d5
FIX Update meber passwordencryption to default on password change 2017-11-23 21:17:31 +00:00
Loz Calver
13b02feed7
Merge pull request #7602 from dhensby/pulls/3.5/fix-filter-any-inner-join
FIX ManyMany link table joined with LEFT JOIN
2017-11-16 13:48:07 +00:00
Daniel Hensby
4f3deb13e0
TEST filterAny on many_many relations return correct items 2017-11-16 11:10:12 +00:00
Daniel Hensby
3d3096485b
TEST Uppercase file extensions return correct mime type 2017-11-16 11:01:25 +00:00
Daniel Hensby
4731d3c671
Merge branch '3.5' into 3.6 2017-11-14 12:00:53 +00:00
Andrew Aitken-Fincham
c4a50a3d10 Spelling in DataQueryTest 2017-10-20 12:00:35 +01:00
Robbie Averill
2f579b64cb FIX Files without extensions (folders) do not have a trailing period added 2017-10-18 09:25:27 +13:00
Daniel Hensby
bd7abc73de
Merge branch '3.5.5' into 3.6.2 2017-09-20 16:26:30 +01:00
Daniel Hensby
091d99f599
FIX Authenticators are more resilient to incomplete configuration 2017-09-12 15:57:03 +01:00
Daniel Hensby
921f615e19
Merge branch '3.5' into 3.6 2017-08-17 14:14:31 +01:00
Daniel Hensby
1ae07ac2a3
TEST Prove LastEdited is updated when no changes are made 2017-08-16 22:26:47 +01:00
Daniel Hensby
90be7e806d
Merge branch '3.5' into 3.6 2017-07-19 15:40:01 +01:00
Daniel Hensby
7b6aad8a65 Revert "TreeDropDown performance boost." 2017-07-19 12:44:43 +01:00
Daniel Hensby
7e732da709
Merge branch '3.5' into 3.6 2017-07-18 12:00:04 +01:00
Loz Calver
960a0f8343
Fix: Make File::ini2bytes() compliant with binary prefixes (fixes #7145) 2017-07-10 09:41:36 +01:00
Roman Schmid
a6db16b229 Fix OS X issue with Convert::html2raw, HTMLText::FirstSentence, HTMLText::Summary and Text::FirstSentence.
Use unicode modifier for regular expressions that deal with whitespace.
Added unit-tests to ensure no invalud utf-8 gets generated by these methods.
2017-07-10 09:49:55 +02:00
Daniel Hensby
1e5592a3d9
Merge branch '3.5' into 3.6 2017-06-27 13:14:39 +01:00
Mojmir Fendek
5b6a39e71a TreeDropDown performance boost. 2017-06-19 15:10:23 +12:00
Loz Calver
2afe018dc7
FIX: Ensure HasManyList foreign ID filter includes table name (fixes #7023) 2017-06-15 12:06:30 +01:00
Loz Calver
4ad2cae864
FIX: Upload_Validator failed to fetch max size from PHP ini values (fixes #6999) 2017-06-06 14:28:03 +01:00
Daniel Hensby
cda7e8dc39
Merge remote-tracking branch 'security/3.5.4' into 3.6.0 2017-05-29 01:29:05 +01:00
Daniel Hensby
24166700e8
Merge remote-tracking branch 'security/3.4.6' into 3.5.4 2017-05-29 01:02:35 +01:00
Daniel Hensby
f71efb5063 Merge pull request #40 from silverstripe-security/patch/3.4/ss-2017-002
[SS-2017-002] FIX Lock out users who dont exist in the DB
2017-05-28 22:18:56 +01:00
Daniel Hensby
24a768ae14
Merge branch '3.4' into 3.5 2017-05-26 14:57:15 +01:00
Daniel Hensby
447ce0f84f
[SS-2017-002] FIX Lock out users who dont exist in the DB 2017-05-25 16:14:52 +01:00
Daniel Hensby
85f0650796
Remove unnecessary nesting of config/injector in tests 2017-05-24 16:05:39 +01:00
Daniel Hensby
cc70d893bc
Merge branch '3.4' into 3.5 2017-05-18 13:53:49 +01:00
Daniel Hensby
49a0354998
Make sure that nested relations dont break 2017-05-17 23:01:42 +01:00
Thomas Portelange
efbf14be63
Allow filtering if a relation is defined or a formatting 2017-05-17 21:05:21 +01:00
Daniel Hensby
1f0e1913cd
Merge branch '3.5' into 3 2017-04-08 20:25:27 +01:00
Robbie Averill
55eb7ebdcc FIX Do not insert requirements more than once in includeInHTML
This change consolidates the string replacements used to insert requirements into the page content to help ensure
that they are not compounding and overwriting eachother.

The added test case includes where a user may have a Javascript snippet that contains a closing head tag, and the
test ensures that it does not get injected with requirements as well as the actual head tag in the DOM.
2017-04-07 17:04:17 +12:00