Commit Graph

11843 Commits

Author SHA1 Message Date
Ingo Schommer
98d676bfdc Updated translations 2013-10-01 00:04:58 +02:00
Ingo Schommer
deadc154ca Don't link record in GridField form message
This is no longer allows through Form->sessionMessage() to avoid XSS.
2013-10-01 00:00:37 +02:00
Ingo Schommer
298de5a67d FIX Escape breadcrumbs in SecurityAdmin (SS-2013-007) 2013-09-30 22:53:43 +02:00
Ingo Schommer
d8d07d971e FIX Auto-escape titles in TreeDropdownField
Related to SS-2013-009. While the default "TreeTitle" was escaped
within the SiteTree->TreeTitle() getter, other properties like SiteTree->Title
weren't escaped. The new logic uses the underlying casting helpers
on the processed objects.
2013-09-30 22:53:21 +02:00
Ingo Schommer
a338e608b8 API Escape form validation messages (SS-2013-008) 2013-09-30 22:53:07 +02:00
Ingo Schommer
cbaa91ebd7 Tagged 3.1.0-rc3 2013-09-26 01:42:31 +02:00
Ingo Schommer
b3c91ecac9 Added 3.1.0-rc3 changelog 2013-09-26 01:42:27 +02:00
Sean Harvey
5b47c3aa1c Merge pull request #2445 from tractorcow/pulls/3.1.0-http-add_cache_headers-fix
BUG Fix regression introduced in #2356 (method call on non-object)
2013-09-22 18:53:06 -07:00
Damian Mooyman
477c3c9de6 BUG Fix regression introduced in #2356 (method call on non-object) 2013-09-23 13:32:55 +12:00
Ingo Schommer
7627d95555 Updated changelog 2013-09-12 17:02:13 +02:00
Ingo Schommer
505db1f731 Updated translations 2013-09-12 16:53:32 +02:00
Ingo Schommer
cb517fda9e Safety note on DataObject::$validation_enabled 2013-09-12 15:42:36 +02:00
Ingo Schommer
091c096dbf FIX Disallow permissions assign for APPLY_ROLES (SS-2013-005)
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:36 +02:00
Ingo Schommer
a492d56f7c 3.1.0-rc2 changelog 2013-09-12 15:42:36 +02:00
Ingo Schommer
cfa88adf4b FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:36 +02:00
Ingo Schommer
46556b609e FIX Privilege escalation through Group and Member CSV upload (SS-2013-004)
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
2013-09-12 15:42:35 +02:00
Ingo Schommer
68ca47b0dd FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:35 +02:00
Ingo Schommer
1c31c098ee FIX Correct Zend_Locale fallbacks in i18n/DateField/DateTimeField
Due to the recent change of translations to transifex, some
locales changed their names, which prompted a fix to
i18n::get_available_translations() (see 00ffe7294).
This caused a regression where short locales are determined
from the YAML file names (e.g. "en"), but weren't matched up
with fully qualified locales from get_available_translations() (e.g. "en_US").
Since this list is used in the admin/myprofile dropdown for the Member.Locale value,
it didn't match up with any entries and defaulted to the first one ("Africaans").

Note that the behaviour of admin/myprofile is still a bit weird:
It defaults the locale on new members to the one set for the current administrator.
So if a site defaults to en_US in _config.php, but the admin happens to view
his backend in de_DE, all members he creates default to de_DE as well.

Thanks to @tractorcow for contributing and peer reviewing!
2013-08-30 10:18:00 +02:00
Mateusz U
c396645aed Merge pull request #2351 from hafriedlander/fix/ie8brokenfonts
FIX webfonts in preview iframe breaking admin fonts
2013-08-26 15:57:35 -07:00
Hamish Friedlander
45c1d2b0ce FIX webfonts in preview iframe breaking admin fonts
In IE8, when a page in the preview iframe uses a web font (not just
references it in CSS, but actually has glyphs present in the page),
the fonts in the containing admin interface will become corrupted
(display as all squares) until the mouse moves.

This commit uses the technique described at
http://stackoverflow.com/questions/9809351/ie8-css-font-face-fonts-only-working-for-before-content-on-over-and-sometimes#10557782
to cause the admin panel to re-calculated all it's fonts
after the preview iframe has loaded, fixing the glitch
2013-08-27 10:49:24 +12:00
Hamish Friedlander
716e3b9d47 Merge pull request #2356 from mateusz/ie-download-fix
BUG Fix regression in IE no-cache https file downloads.
2013-08-26 15:47:57 -07:00
Mateusz Uzdowski
1461ae9e4c BUG Fix regression in IE no-cache https file downloads.
Currently IE6-8 will refuse to download files over HTTPS with default
Framework settings.

Currently the HTTP::add_cache_headers competely overrides Cache-Control
headers on each request, so there is no way to inject custom headers
from the API-consuning methods.

Also of note: adding no-store header also fixes the issue but will
prevent proxies from caching the request body (which they do when using
no-cache). So the setting max-age to some low number is a better choice
here.
2013-08-26 17:15:58 +12:00
Ingo Schommer
40c239076b Merge remote-tracking branch 'origin/3.0' into 3.1.0
Conflicts:
	model/Hierarchy.php
2013-08-22 12:55:47 +02:00
Ingo Schommer
54edc0ddac Fix Behat window switching in chrome
Workaround only, see https://groups.google.com/forum/#!topic/behat/QNhOuGHKEWI
2013-08-22 12:49:38 +02:00
Ingo Schommer
0c859b8587 Merge pull request #2348 from simonwelsh/scrut
Scrutinizer fixes
2013-08-21 04:43:12 -07:00
Simon Welsh
c66cc952d2 Correct line length and indentation 2013-08-21 21:27:16 +12:00
Simon Welsh
2c0d03b2d6 Exclude docs and images foldes from Scrutinizer 2013-08-21 21:02:12 +12:00
Simon Welsh
4cb98f1afd Only have Scrutinizer check PHP files 2013-08-21 21:02:12 +12:00
Sean Harvey
c461ed51d6 Merge pull request #2346 from hafriedlander/fix/flush_when_secure
FIX flush when secure
2013-08-20 15:35:00 -07:00
Hamish Friedlander
a2026add04 FIX flushing on non-dev when Session::cookie_secure is true 2013-08-21 09:50:07 +12:00
Mateusz U
afd3e3f0d0 Merge pull request #2345 from hafriedlander/fix/performance
Couple of performance fixes - eliminate un-necessary redraws and preview updating
2013-08-20 14:40:22 -07:00
Hamish Friedlander
0ca4969cda FIX Dont update preview iframe if hidden
Updating the iframe src when the iframe isnt visible in IE8 causes a
view disconcerting font glitch (and it slows down navigation anyway),
so if the iframe isnt visible, delay setting the src until it is
2013-08-21 09:29:28 +12:00
Hamish Friedlander
c59305d6d4 FIX Multiple redraw calls on navigation 2013-08-21 09:29:28 +12:00
Ingo Schommer
a592c36adf Merge remote-tracking branch 'origin/3.0' into 3.1.0
Conflicts:
	docs/en/changelogs/index.md
2013-08-20 20:49:01 +02:00
Ingo Schommer
a2f9af54c7 Merge pull request #2340 from hafriedlander/fix/memleaks
Fix some memory leaks in 3.1.0 admin
2013-08-20 07:28:14 -07:00
Ingo Schommer
2fd5558a70 Fixed "insert image" behat feature
Was using wrong button label, and ignoring the
"unsaved changes" warning dialog
2013-08-20 16:19:30 +02:00
Ingo Schommer
99da5cd198 Merge pull request #2336 from hafriedlander/fix/flush_30
FIX Double slashes in ParameterConfirmationToken
2013-08-20 06:26:44 -07:00
Hamish Friedlander
68d8ec31a5 FIX Memory leaks in jstree drag & drop 2013-08-20 16:07:54 +12:00
Hamish Friedlander
fda4b91d06 FIX Make sure CurrentXHR is set back to null on completion 2013-08-20 15:49:37 +12:00
Hamish Friedlander
e282f0b661 FIX Two memory leaks with HtmlEditorField
We werent calling tinyMCE.Editor.destroy, which is needed to
clean up event bindings. The advanced theme also wasnt cleaning
up after itself on destroy properly
2013-08-20 15:49:04 +12:00
Hamish Friedlander
13377ee4bd Update jQuery Entwine to latest to pull memory leak fix 2013-08-20 15:17:50 +12:00
Hamish Friedlander
4a7aef0e25 FIX Double slashes in ParameterConfirmationToken 2013-08-19 11:35:34 +12:00
Ingo Schommer
de3b1b22d3 Fixed behat tests for confirming grid field dialogs 2013-08-16 13:34:23 +02:00
Ingo Schommer
362d35742f Fixed behat tests to confirm file deletion dialog 2013-08-16 13:34:23 +02:00
Naomi Guyer
fb67181366 BUG: Context menu too long - CSS only (Fixes CMS #811) 2013-08-16 13:34:23 +02:00
Ingo Schommer
b6b06945d0 Merge pull request #2320 from jbridson/3.1
MINOR: ISSUE-19 CWP Accessibility fixes - Added macron to Māori toggle b...
2013-08-15 14:35:25 -07:00
Jeremy Bridson
cf75166d83 MINOR: ISSUE-19 CWP Accessibility fixes - Added macron to Māori toggle button for translations on the CWP demo site. 2013-08-12 15:39:00 +12:00
Ingo Schommer
fd2a0cd1f9 Updated translations 2013-08-09 15:33:01 +02:00
Hamish Friedlander
0918cd2092 Remove SiteTree link tracking out of HtmlEditorField 2013-08-09 11:24:10 +02:00
Ingo Schommer
810f505924 Merge pull request #2315 from jbridson/patch-2
Fixed Grammatical errors and issues where sentences didn't make sense.
2013-08-09 02:04:01 -07:00