Commit Graph

4695 Commits

Author SHA1 Message Date
Andrew O'Neil
9bf3ae9a19 SECURITY: Ensure javascript content type is sent in form responses. If content type is html, and the javascript contains script tags within the content, this content will be executed. 2012-05-03 17:08:08 +02:00
Ingo Schommer
c1d2cd1293 MINOR Corrected Geoip entries for ex-Yugoslavia ... better late than never 2012-03-30 09:51:21 +02:00
Ingo Schommer
44b9d0560b MINOR Backported bootstrap.php changes from master and cstom TeamCity configuration (required to run tests through phpunit binary) 2012-03-14 14:17:28 +01:00
Sam Minnee
921bf9a439 ENHANCEMENT: Ensure that forceSSL and protocol detection respects the X-Forwarded-Protocol header. 2012-02-03 09:39:10 +13:00
Ingo Schommer
bf4476a3be API CHANGE silverstripe_version file now contains the plain version number, rather than an SVN path 2012-02-01 18:54:59 +01:00
Sam Minnee
af22d0743a MINOR: On PHPUnit 3.6, show the output of tests. 2012-02-01 11:01:49 +13:00
Sam Minnee
5956ad82fc MINOR: Amended PHPUnit execution to work with PHPUnit 3.6 2012-02-01 11:00:58 +13:00
Ingo Schommer
0085876495 BUGFIX Casting return values on text helper methods in StringField, Text, Varchar 2012-01-31 16:28:47 +01:00
Ingo Schommer
252e187015 SECURITY Escape links for SilverStripeNavigatorItem 2012-01-31 15:55:30 +01:00
Ingo Schommer
5fe7091dff SECURITY Sanitize messages passed to generated JS calls in FormResponse::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages 2012-01-31 15:54:59 +01:00
Sam Minnée
84f47f5c86 Merge pull request #63 from simonwelsh/patch-4
Documentation fix
2011-11-02 13:34:40 -07:00
Ingo Schommer
96bee47ab8 MINO Switching 'rewriteHashlinks' sanitization from Convert::raw2att() to strip_tags() to make the resulting PHP more portable when mode is set to 'php' 2011-10-18 10:54:30 +02:00
Ingo Schommer
16c32359c6 BUGFIX Escaping base URLs for anchor links rewritten by SSViewer::process() with the 'rewriteHashlinks' option enabled (which is a framework default, and necessary because of the use of a <base> tag). Also added escaping for base URLs rendered through the 'php' variation of 'rewriteHashlinks' 2011-10-18 10:18:29 +02:00
Ingo Schommer
6d6fdd24d9 ENHANCEMENT Added SSViewer::getOption() as a logical counterpart to SSViewer::setOption() 2011-10-17 18:00:30 +02:00
Sean Harvey
ad13f80f57 ENHANCEMENT Updated Windows installation documentation on using PHP Manager which takes out most of the PHP configuration effort. 2011-09-28 16:05:45 +13:00
Sean Harvey
7805e3e6d9 BUGFIX i18n::include_by_locale() assumes a themes directory always exists and causes error if that's not the case. Some projects don't require any themes, like pure applications. 2011-09-28 15:27:51 +13:00
simonwelsh
d0af084bb5 Fixes tag syntax (should end with %>, not >%) 2011-09-24 10:55:42 +12:00
Ingo Schommer
83ad8d48a9 ENHANCEMENT Added File.ShowInSearch flag to mirror the existing SiteTree.ShowInSearch flag - e.g. useful to limit visibility of user-uploaded files. Enforced in MySQLDatabase->searchEngine(). 2011-09-15 16:13:02 +02:00
Ingo Schommer
73cca09960 BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping 2011-09-15 14:43:34 +02:00
Will Rossiter
01b08a57c0 MINOR: removed incorrect getter/setter statements. 2011-09-07 13:09:03 +12:00
Sam Minnée
cc59effef6 Merge pull request #48 from simonwelsh/2.4
PHP5.4 Support
2011-08-25 03:11:24 -07:00
simonwelsh
0f91fb865b Changes error reporting level to explicitly exclude E_DREPRECATED and E_STRICT, rather than xor. 2011-08-26 16:12:57 +12:00
simonwelsh
9ffa903d50 Adds missing semicolon for PHP5.4 support. 2011-08-26 16:11:06 +12:00
Will Rossiter
d42c115594 Merge pull request #46 from simonwelsh/patch-1
MINOR: removed references to Language Chooser which is only supported in 2.2.
2011-08-23 01:46:10 -07:00
simonwelsh
8342f6b20e Removed references to Language Chooser Widget until it can be updated to work with the new translation model. 2011-08-24 16:42:56 +12:00
Sam Minnée
e126506ca2 Merge pull request #45 from madamimadam/2.4
Removed profanity
2011-08-22 01:46:58 -07:00
Adam Rice
d8c6bdac59 Removed profanity
Not only is profanity unprofessional but it can also be blocked by
corporate web filters (which is somewhat embarrassing when clients call
to ask why it is in their site)
2011-08-22 18:33:25 +10:00
Will Rossiter
0ef416112b MINOR: fixed syntax error in FormAction example. 2011-08-20 05:10:03 +12:00
Ingo Schommer
217a689c6b Merge pull request #36 from lku/cz_translations
MINOR Cz translations
2011-08-14 04:31:28 -07:00
Will Rossiter
62ed1386a3 MINOR: documentation fixes from comments provided by the community. See below for a list of fixes:
* fixed typo in Email documentation.
* updated link for tutorial code to be relative now that bug #6408 is fixed
* removed 2.3 related docs from 2.4 docs folder
* fixed typo with Orientation documentation
* updated old task url for images/flush
2011-08-11 13:55:27 +12:00
devel
46090cf094 fix language namespace 2011-06-09 15:48:05 +02:00
devel
5f3dde56f7 Add some CZ translations 2011-06-09 15:44:49 +02:00
Ingo Schommer
9d344a07d3 ENHANCEMENT Allowing filtered arguments on specific functions like mysql_connect() in SS_Backtrace 2011-05-30 18:06:41 +12:00
Ingo Schommer
1704e42d51 MINOR Return empty string from SQLQuery->sql() if SELECT is the default value, and no FROM is set (moved logic from DB-specific implementations) 2011-05-20 08:42:31 +12:00
Sean Harvey
01f5b3d212 BUGFIX Fixed MigrateSiteTreeLinkingTask not working correctly when CLRF newlines being used 2011-03-22 16:44:39 +13:00
Ingo Schommer
fef7c32535 BUGFIX Fixed SQL injection in Folder::findOrMake() parameter. Exploitable through Upload::, although unlikely to be set via user input. 2011-03-21 16:21:19 +13:00
Ingo Schommer
551bc5dc72 MINOR Improved patch documentation 2011-03-21 11:53:43 +13:00
Michael Andrewartha
f3ac57394d Small text changes, added api links, cont. updating images for tutorials, fixed tutorials from member feedback 2011-03-21 11:53:06 +13:00
Ingo Schommer
e9f20cf9f3 MINOR Documentation fixes 2011-03-21 11:52:56 +13:00
Ingo Schommer
cc0f62c9f5 MINOR Fixed title escaping in 'built in page controls' documentation 2011-03-21 11:52:43 +13:00
Ingo Schommer
4c1866c74c MINOR Updated contributing guidelines
Conflicts:

	docs/en/misc/contributing.md
2011-03-21 11:52:32 +13:00
Ingo Schommer
918d9cbd4e MINOR Added docs/ contributing notes 2011-03-21 11:51:58 +13:00
Michael Andrewartha
8ad630d5a1 MINOR: formatting changes and fixes to original document formatting 2011-03-21 11:51:50 +13:00
Ingo Schommer
f15f083f22 MINOR Updated 'from source' docs 2011-03-21 11:51:44 +13:00
Ingo Schommer
994f7a3520 MINOR Fixed blackcandy github links in docs 2011-03-21 11:51:39 +13:00
Ingo Schommer
629aa9b33e MINOR Removed reference to additional CSS download in tutorial 4, moved to the silverstripe-installer project 2011-03-21 11:51:27 +13:00
Ingo Schommer
753a4549bc MINOR Fixed spacing in docs 2011-03-21 11:51:21 +13:00
Ingo Schommer
5bfc722624 MINOR Removed duplicated 'additional requirements' from docs 2011-03-21 11:51:13 +13:00
Ingo Schommer
c6992f33df ENHANCEMENT Adjusted from-source documentation to github and piston 2011-03-21 11:51:07 +13:00
Ingo Schommer
de1f07045b BUGFIX Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN through TreeMultiselectField (in Member->getCMSFields()) by checking for admin groups in Member->onChangeGroups() 2011-03-09 15:54:05 +13:00