Daniel Hensby
6dde5ce571
FIX Absolute alternate_base_url no longer breaks session cookies
2016-10-04 14:21:32 +01:00
Anton Smith
ae4108bf00
BUG Content-Disposition header breaks in Firefox ( #4087 )
2016-09-29 13:25:14 +13:00
Daniel Hensby
5959419645
Merge branch '3.3' into 3.4
2016-09-07 09:21:50 +01:00
Daniel Hensby
b80dc6450a
Merge branch '3.2' into 3.3
2016-09-07 09:21:21 +01:00
Daniel Hensby
e7ecf6cf15
FIX Bad strpos call in HTTP::register_etag()
2016-09-06 23:32:57 +01:00
Daniel Hensby
d306c884c7
Merge branch '3.3' into 3.4
2016-08-18 22:20:42 +01:00
Daniel Hensby
dc008b38ab
Merge branch '3.2' into 3.3
2016-08-18 22:18:47 +01:00
Daniel Hensby
41be95c95a
[SS-2016-007] FIX Encode user supplied URL for embeding into page
2016-08-15 15:53:36 +12:00
Daniel Hensby
3fa84cf0c6
[SS-2016-007] FIX Encode user supplied URL for embeding into page
2016-08-15 15:03:42 +12:00
Daniel Hensby
56f0b72e8d
FIX ETag header now properly quoted
2016-08-11 15:49:29 +01:00
Daniel Hensby
679185514d
Merge 3.3 into 3
...
Conflicts:
admin/css/screen.css.map
2016-04-26 00:24:59 +01:00
Daniel Hensby
745faebd81
Merge 3.2 into 3.3
...
Conflicts:
.travis.yml
2016-04-26 00:17:09 +01:00
Daniel Hensby
a0812f987a
Merge 3.1 into 3.2
...
Conflicts:
admin/javascript/LeftAndMain.js
control/HTTPRequest.php
docs/en/00_Getting_Started/00_Server_Requirements.md
2016-04-26 00:09:33 +01:00
Patrick Nelson
707aa14c6c
FIX for #5299 Adding <code> blocks to Injector documentation.
2016-04-11 10:56:46 -07:00
Daniel Hensby
817b836870
FIX getIP from behind a load-balancer that adds many IPs to the header
2016-03-01 21:07:48 +00:00
Damian Mooyman
9fed5561f4
Merge remote-tracking branch 'origin/3.3' into 3
...
# Conflicts:
# core/Constants.php
# dev/DevelopmentAdmin.php
2016-02-24 17:39:04 +13:00
Ingo Schommer
37059eb6b3
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-24 11:47:16 +13:00
Ingo Schommer
faa94d51d5
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-24 11:33:54 +13:00
Ingo Schommer
893e49703d
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-18 17:28:54 +13:00
Sam Minnee
3ee8f505b7
MINORE: Remove training whitespace.
...
The main benefit of this is so that authors who make use of
.editorconfig don't end up with whitespace changes in their PRs.
Spaces vs. tabs has been left alone, although that could do with a
tidy-up in SS4 after the switch to PSR-1/2.
The command used was this:
for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do
find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+
find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//'
done
2016-01-07 10:15:54 +13:00
Damian Mooyman
fce82519bd
BUG Workaround for issues in testing version
2015-12-22 17:47:53 +13:00
Damian Mooyman
48a30909f3
Merge remote-tracking branch 'origin/3.2' into 3
...
# Conflicts:
# admin/javascript/LeftAndMain.BatchActions.js
# css/UploadField.css
# forms/HtmlEditorField.php
2015-12-22 14:07:52 +13:00
Ingo Schommer
0175167761
Merge pull request #4830 from open-sausages/pulls/3/fix-querystring-stage
...
API Disable unauthenticated get parameter access to site stage mode
2015-12-10 10:44:43 +13:00
Marcus Nyeholt
fc5e584201
Format for SS3 using tabs instead of spaces
2015-12-08 15:19:24 +11:00
Damian Mooyman
38e154af0a
API Disable get parameter access to site stage mode
...
BUG Fix missing and undocumented response from Security::permissionFailure()
2015-12-07 17:39:18 +13:00
Marcus Nyeholt
f7c270a3ba
NEW Use Config for determining Vary header
...
Existing implementation hardcodes the Vary header; swap to using Config layer
instead
Added test for changing the variable from config
2015-12-02 10:28:24 +11:00
Damian Mooyman
302c741b07
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
control/HTTP.php
forms/Form.php
tests/view/SSViewerTest.php
2015-11-16 16:50:40 +13:00
Damian Mooyman
b943a0c6dd
Merge remote-tracking branch 'origin/3.1.16' into 3.1
2015-11-16 16:30:24 +13:00
Hamish Friedlander
53b3bc707b
[ss-2015-025]: FIX Dont expose class on error
2015-11-11 17:46:46 +13:00
Hamish Friedlander
f290d869e0
[ss-2015-025]: FIX Dont expose class on error
2015-11-11 16:55:23 +13:00
Igor Nadj
f577ecb811
FIX: prevent use cache on browser back button
2015-11-05 16:09:16 +13:00
Damian Mooyman
c4dc10b255
Merge remote-tracking branch 'origin/3.2' into 3
...
Conflicts:
forms/DropdownField.php
tests/model/ImageTest.php
2015-11-03 13:06:39 +13:00
Patrick Nelson
f192a6ecaf
FIX #4392 : Ensure headers are checked first before being clobbered by globally maintained state. Also ensuring tests utilize separate responses for isolation.
2015-10-09 13:50:33 -04:00
Damian Mooyman
278caa86f4
Merge pull request #4636 from spekulatius/converting-spaces-to-tabs
...
converting spaces as intentation to tabs
2015-10-06 11:51:45 +13:00
Damian Mooyman
3b192ea67c
Merge pull request #4649 from cjsewell/3.1
...
FIX: Typo in curr methods PHPDoc
2015-10-05 16:14:47 +13:00
Corey Sewell
4a70ffea06
FIX: Typo in cur methods PHPDoc
2015-10-05 15:58:46 +13:00
Will Morgan
85654a495f
Merge pull request #4635 from spekulatius/adding-space-before-casting
...
adding a space before casting into a different type
2015-09-28 11:17:08 +01:00
Peter Thaleikis
5fda95d951
converting spaces as intentation to tabs
2015-09-28 22:21:30 +13:00
Peter Thaleikis
21216b47ab
remove trailing spaces in the codebase
2015-09-28 22:21:08 +13:00
Peter Thaleikis
e6084b7ad2
adding a space before casting into a different type
2015-09-28 22:21:02 +13:00
Stevie Mayhew
c0be44d238
BUGFIX: fix response regression in initiation of request handler
2015-09-25 09:11:25 +12:00
Damian Mooyman
f10785350e
Merge remote-tracking branch 'origin/3.2' into 3
...
Conflicts:
docs/en/02_Developer_Guides/02_Controllers/01_Introduction.md
2015-09-09 14:50:47 +12:00
Damian Mooyman
309ac0d196
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
.travis.yml
admin/code/CMSProfileController.php
admin/tests/LeftAndMainTest.php
control/HTTP.php
security/Permission.php
tests/forms/FormTest.php
tests/model/ArrayListTest.php
tests/security/PermissionTest.php
2015-09-09 14:35:29 +12:00
Ingo Schommer
dc650e3cf1
Clarify use of HTTP Pragma response header
...
The HTTP Pragma header is obsolete for HTTP 1.1,
and technically only defined for a HTTP request (not response).
Refer to https://www.mnot.net/cache_docs/#PRAGMA
,http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32 .
It is superseded by the "Cache-Control" directive.
See HTTP 1.1 spec at https://tools.ietf.org/html/rfc7234#section-5.4 :
'Because the meaning of "Pragma: no-cache" in responses is
not specified, it does not provide a reliable replacement for
"Cache-Control: no-cache" in them.'
Sending a "Pragma: nocache" response header is a prudent
backwards compatibility measure for HTTP 1.0 clients.
The intended behaviour is for the majority clients as well as any
intermediary proxies to ignore this header.
Sending an empty Pragma is a known hack
for preventing PHP from adding "Pragma: nocache" to responses
with started sessions (see http://php.net/session_cache_limiter ),
since PHP does not allow unsetting existing header() calls.
2015-09-01 11:45:30 +12:00
Sam Minnée
f4b7cd3f68
Merge pull request #4500 from stevie-mayhew/pulls/get-response
...
FEATURE: implement getter and setter usage for response
2015-08-29 15:35:55 +12:00
Stevie Mayhew
1b57e0ca5b
FEATURE: implement getter and setter usage for response
2015-08-29 10:24:06 +12:00
Damian Mooyman
4a011303b9
Add missing packages
2015-08-24 16:15:38 +12:00
Damian Mooyman
1686c83826
Revert #3425 #3396 to restore deprecated functionality
...
Fixes #4514
2015-08-24 11:26:25 +12:00
Damian Mooyman
7ee444e08a
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
admin/code/LeftAndMain.php
control/injector/SilverStripeServiceConfigurationLocator.php
core/ClassInfo.php
filesystem/File.php
model/DataObject.php
model/DataQuery.php
search/filters/FulltextFilter.php
search/filters/SearchFilter.php
tests/core/ClassInfoTest.php
tests/filesystem/FileTest.php
tests/model/DataListTest.php
2015-07-31 11:38:18 +12:00
Daniel Hensby
ffbeac6b7d
Ensuring classinfo is case insensitive
2015-07-28 11:17:50 +01:00