Commit Graph

22103 Commits

Author SHA1 Message Date
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
Guy Marriott
c31de772ab
Merge pull request #8838 from creative-commoners/pulls/4/slash-means-root
Use '/' as an alternative designation for root in routing
2020-02-14 11:29:32 -08:00
Garion Herman
29943f9049
API TestSession request methods now use the correct HTTP method (#8987)
* API TestSession request methods now use the correct HTTP method

* DOCS Update requests section in Functional Testing to reflect API change
2020-02-14 16:01:06 +13:00
Ingo Schommer
bf5a46901c
DOCS Web worker concurrency caveats (#9223) 2020-02-14 15:23:20 +13:00
Garion Herman
be71f34cac DOCS Add documentation covering Root URL Handler behaviour 2020-02-14 14:41:10 +13:00
Garion Herman
9d1d59d8d1 NEW Accept / as designation for root URL controller 2020-02-14 14:41:10 +13:00
Steve Boyd
8c7e10bd55 Merge branch '4.5' into 4 2020-02-11 16:45:35 +13:00
Steve Boyd
9d5c3ef20e Merge branch '4.4' into 4.5 2020-02-11 16:45:15 +13:00
Steve Boyd
8dcaed25f4
Merge pull request #9386 from silverstripe-terraformers/feature/orm-column
ORM bugfix and enhancement
2020-02-11 15:56:03 +13:00
Garion Herman
a2beabd430 DOCS Add note to update minimum core requirements in minor releases 2020-02-11 14:19:03 +13:00
Mojmir Fendek
285e6caafa PR fixes 2020-02-11 10:43:01 +13:00
Mojmir Fendek
448147c2f1 PR fixes 2020-02-10 09:17:34 +13:00
Mojmir Fendek
660f80d284 PR fixes 2020-02-07 13:49:19 +13:00
Guy Marriott
73990ac189
Merge pull request #9399 from creative-commoners/broken-link
DOCS fix a broken link
2020-02-06 16:07:40 -08:00
brynwhyman
b60def66dd DOCS fix a broken link 2020-02-07 12:49:17 +13:00
Robbie Averill
fe496a29ec
Merge pull request #9397 from mikenuguid/bugfix/update-orm-scaffoldformfield
FIX Update ORM DBField types to use Injector in scaffoldFormField()
2020-02-04 22:38:34 +13:00
mnuguid
ca36a47bb1 FIX Update ORM DBField types to use Injector in scaffoldFormField()
- This is usable in cases where a DBField is needed to be overloaded through the Injector.
2020-02-04 21:43:47 +13:00
Dylan Wagstaff
3a99a57d41
Merge pull request #9385 from mooror/patch-1
Updated the "Template Syntax" Documentation
2020-02-04 11:03:22 +13:00
Bryn Whyman
27517c55e7
Merge pull request #9396 from muskie9/patch-11
DOCS correct changelog link in README
2020-02-03 15:48:52 +13:00
Steve Boyd
566b81f326
Merge pull request #9392 from creative-commoners/pulls/4/document-tweak-releases
DOC Add documentation for tweak releases
2020-02-03 15:33:36 +13:00
Garion Herman
4ce63e4460 DOC Tweak wording on detach-tagged-base explanation [ci skip] 2020-02-03 15:20:47 +13:00
Nic
dd537f0cc9
DOCS correct changelog link in README 2020-02-02 20:20:38 -06:00
Garion Herman
efb1ebdd1a DOC Add documentation for tweak releases 2020-02-03 14:53:40 +13:00
Robbie Averill
c6f5e7e2fa
Merge pull request #9393 from open-sausages/pulls/4/docs-damian-core-committer
DOCS Removed Damian as core committer :(
2020-01-31 12:32:12 +13:00
Ingo Schommer
daf32f2327 DOCS Removed Damian as core committer :( 2020-01-31 12:20:01 +13:00
Mojmir Fendek
99786dda22 ORM Column now supports related table lookup 2020-01-28 15:46:30 +13:00
Benjamin Blake
7c32a848aa
Updated the "Template Syntax" Documentation
Added a notice to the "Variables" section of the "Template Syntax" documentation to warn developers about common template variable gotchas
2020-01-27 15:18:40 -07:00
Mojmir Fendek
9c38c5f625 CMS action related extension points (#9340)
* CMS action related extension points

* Refactor to use fewer extension points

* Remove explicit return type

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
2020-01-27 15:09:15 +13:00
Robbie Averill
a80fd433e2
Merge pull request #9384 from kenlog/patch-3
Docs: Fix link to Middleware not found
2020-01-25 11:02:30 -08:00
Valentino Pesce
24c28e4457
Docs: Fix link to Middleware not found
Fix link to Middleware not found in page Rate Limiting
2020-01-25 19:21:15 +01:00
Robbie Averill
a98a2d9c7f
Merge pull request #9379 from tiller1010/patch-1
Update to link
2020-01-24 12:41:44 -08:00
Loz Calver
87ad14dad3
Merge pull request #9371 from Greg808/patch-1
added addExtraClass
2020-01-24 09:20:16 +00:00
Andre Kiste
c7cec6e48b
Merge pull request #9320 from open-sausages/pulls/4/disabled-link-to-existing-gridfield-button
BUG The "Link existing" should be disabled rather than readonly
2020-01-24 15:59:34 +13:00
Maxime Rainville
6ff0f3f466 BUG The "Link existing" should be disabled rather than readonly. 2020-01-24 14:47:12 +13:00
Robbie Averill
1fac44ab7a
Merge pull request #9378 from kenlog/patch-2
Docs: Fix route that doesn't exist
2020-01-21 12:53:10 -08:00
Tyler Trout
4a1c91f91d
Update to link
Clicking "ReactJS in SilverStripe" on https://docs.silverstripe.org/en/4/developer_guides/customising_the_admin_interface/cms_layout/ directs to 404.
2020-01-20 09:47:43 -05:00
Valentino Pesce
0c5fda2003
Docs: Fix route that doesn't exist 2020-01-19 19:03:35 +01:00
Robbie Averill
4121099484 Merge branch '4.5' into 4 2020-01-16 20:00:02 -08:00
Robbie Averill
53fcd47dfc Merge branch '4.4' into 4.5 2020-01-16 19:59:42 -08:00
Robbie Averill
26e3b6f4e3 Merge branch '4.3' into 4.4 2020-01-16 19:59:24 -08:00
Garion Herman
aa37e887be
Merge pull request #9375 from unclecheese/pulls/4/fix-injector-callout
DOC: Fix unterminated injector callout block
2020-01-17 11:03:29 +13:00
Aaron Carlino
681ed4f78a DOC: Fix unterminated injector callout block 2020-01-17 10:47:16 +13:00
Mojmir Fendek
acbbf80d14 CMS action related extension points (#9340)
* CMS action related extension points

* Refactor to use fewer extension points

* Remove explicit return type

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
2020-01-15 14:24:49 +13:00
Robbie Averill
7c1a0571f7
Merge pull request #9367 from martinduparc/patch-2
array_key_exists() on objects is deprecated in PHP 7.4
2020-01-14 09:39:49 -08:00
Robbie Averill
38d7bd700d
Merge pull request #9373 from manja/4.5
Fixed issue with merging existing entities in text collector
2020-01-14 09:27:35 -08:00
Robbie Averill
bdc723ff69
Merge pull request #9361 from kinglozzer/configure-database-glob
Minor performance improvement in DatabaseAdapterRegistry::autoconfigure()
2020-01-14 09:25:07 -08:00
Martin D
ec6a353543 array_key_exists() on objects is deprecated
Ref: https://wiki.php.net/rfc/deprecations_php_7_4#array_key_exists_with_objects
2020-01-14 09:22:49 -08:00
Robbie Averill
0567dce72f
Merge pull request #9370 from mandrew/patch-4
Adding SS_ENVIRONMENT_TYPE to documentation
2020-01-14 09:20:45 -08:00
Nemanja Karadzic
18f0829053 Fixed issue with merging existing entities in text collector 2020-01-14 14:20:40 +01:00
Greg808
67725fe271
added addExtraClass
I am not quiet sure if this is needed but if you want to only add the custom action to the GridField action menu than you need to add the extra classes otherwise it would add it to the action menu and to the gridfield.
2020-01-13 13:05:39 +01:00