Commit Graph

22304 Commits

Author SHA1 Message Date
Steve Boyd
08cc057049
Merge pull request #9404 from creative-commoners/pulls/4/minor-lockstep-release-docs
DOCS Add note to update minimum core requirements in minor releases
2020-02-17 10:11:34 +13:00
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
Guy Marriott
c31de772ab
Merge pull request #8838 from creative-commoners/pulls/4/slash-means-root
Use '/' as an alternative designation for root in routing
2020-02-14 11:29:32 -08:00
Garion Herman
29943f9049
API TestSession request methods now use the correct HTTP method (#8987)
* API TestSession request methods now use the correct HTTP method

* DOCS Update requests section in Functional Testing to reflect API change
2020-02-14 16:01:06 +13:00
Ingo Schommer
bf5a46901c
DOCS Web worker concurrency caveats (#9223) 2020-02-14 15:23:20 +13:00
Garion Herman
be71f34cac DOCS Add documentation covering Root URL Handler behaviour 2020-02-14 14:41:10 +13:00
Garion Herman
9d1d59d8d1 NEW Accept / as designation for root URL controller 2020-02-14 14:41:10 +13:00
Steve Boyd
8c7e10bd55 Merge branch '4.5' into 4 2020-02-11 16:45:35 +13:00
Steve Boyd
9d5c3ef20e Merge branch '4.4' into 4.5 2020-02-11 16:45:15 +13:00
Steve Boyd
8dcaed25f4
Merge pull request #9386 from silverstripe-terraformers/feature/orm-column
ORM bugfix and enhancement
2020-02-11 15:56:03 +13:00
Garion Herman
a2beabd430 DOCS Add note to update minimum core requirements in minor releases 2020-02-11 14:19:03 +13:00
Mojmir Fendek
285e6caafa PR fixes 2020-02-11 10:43:01 +13:00
Mojmir Fendek
448147c2f1 PR fixes 2020-02-10 09:17:34 +13:00
Mojmir Fendek
660f80d284 PR fixes 2020-02-07 13:49:19 +13:00
Guy Marriott
73990ac189
Merge pull request #9399 from creative-commoners/broken-link
DOCS fix a broken link
2020-02-06 16:07:40 -08:00
brynwhyman
b60def66dd DOCS fix a broken link 2020-02-07 12:49:17 +13:00
Robbie Averill
fe496a29ec
Merge pull request #9397 from mikenuguid/bugfix/update-orm-scaffoldformfield
FIX Update ORM DBField types to use Injector in scaffoldFormField()
2020-02-04 22:38:34 +13:00
mnuguid
ca36a47bb1 FIX Update ORM DBField types to use Injector in scaffoldFormField()
- This is usable in cases where a DBField is needed to be overloaded through the Injector.
2020-02-04 21:43:47 +13:00
Dylan Wagstaff
3a99a57d41
Merge pull request #9385 from mooror/patch-1
Updated the "Template Syntax" Documentation
2020-02-04 11:03:22 +13:00
Bryn Whyman
27517c55e7
Merge pull request #9396 from muskie9/patch-11
DOCS correct changelog link in README
2020-02-03 15:48:52 +13:00
Steve Boyd
566b81f326
Merge pull request #9392 from creative-commoners/pulls/4/document-tweak-releases
DOC Add documentation for tweak releases
2020-02-03 15:33:36 +13:00
Garion Herman
4ce63e4460 DOC Tweak wording on detach-tagged-base explanation [ci skip] 2020-02-03 15:20:47 +13:00
Nic
dd537f0cc9
DOCS correct changelog link in README 2020-02-02 20:20:38 -06:00
Garion Herman
efb1ebdd1a DOC Add documentation for tweak releases 2020-02-03 14:53:40 +13:00
Robbie Averill
c6f5e7e2fa
Merge pull request #9393 from open-sausages/pulls/4/docs-damian-core-committer
DOCS Removed Damian as core committer :(
2020-01-31 12:32:12 +13:00
Ingo Schommer
daf32f2327 DOCS Removed Damian as core committer :( 2020-01-31 12:20:01 +13:00
Mojmir Fendek
99786dda22 ORM Column now supports related table lookup 2020-01-28 15:46:30 +13:00
Benjamin Blake
7c32a848aa
Updated the "Template Syntax" Documentation
Added a notice to the "Variables" section of the "Template Syntax" documentation to warn developers about common template variable gotchas
2020-01-27 15:18:40 -07:00
Mojmir Fendek
9c38c5f625 CMS action related extension points (#9340)
* CMS action related extension points

* Refactor to use fewer extension points

* Remove explicit return type

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
2020-01-27 15:09:15 +13:00
Robbie Averill
a80fd433e2
Merge pull request #9384 from kenlog/patch-3
Docs: Fix link to Middleware not found
2020-01-25 11:02:30 -08:00
Valentino Pesce
24c28e4457
Docs: Fix link to Middleware not found
Fix link to Middleware not found in page Rate Limiting
2020-01-25 19:21:15 +01:00
Robbie Averill
a98a2d9c7f
Merge pull request #9379 from tiller1010/patch-1
Update to link
2020-01-24 12:41:44 -08:00
Loz Calver
87ad14dad3
Merge pull request #9371 from Greg808/patch-1
added addExtraClass
2020-01-24 09:20:16 +00:00
Andre Kiste
c7cec6e48b
Merge pull request #9320 from open-sausages/pulls/4/disabled-link-to-existing-gridfield-button
BUG The "Link existing" should be disabled rather than readonly
2020-01-24 15:59:34 +13:00
Maxime Rainville
6ff0f3f466 BUG The "Link existing" should be disabled rather than readonly. 2020-01-24 14:47:12 +13:00
Robbie Averill
1fac44ab7a
Merge pull request #9378 from kenlog/patch-2
Docs: Fix route that doesn't exist
2020-01-21 12:53:10 -08:00
Tyler Trout
4a1c91f91d
Update to link
Clicking "ReactJS in SilverStripe" on https://docs.silverstripe.org/en/4/developer_guides/customising_the_admin_interface/cms_layout/ directs to 404.
2020-01-20 09:47:43 -05:00
Valentino Pesce
0c5fda2003
Docs: Fix route that doesn't exist 2020-01-19 19:03:35 +01:00
Robbie Averill
4121099484 Merge branch '4.5' into 4 2020-01-16 20:00:02 -08:00
Robbie Averill
53fcd47dfc Merge branch '4.4' into 4.5 2020-01-16 19:59:42 -08:00
Robbie Averill
26e3b6f4e3 Merge branch '4.3' into 4.4 2020-01-16 19:59:24 -08:00
Garion Herman
aa37e887be
Merge pull request #9375 from unclecheese/pulls/4/fix-injector-callout
DOC: Fix unterminated injector callout block
2020-01-17 11:03:29 +13:00
Aaron Carlino
681ed4f78a DOC: Fix unterminated injector callout block 2020-01-17 10:47:16 +13:00
Mojmir Fendek
acbbf80d14 CMS action related extension points (#9340)
* CMS action related extension points

* Refactor to use fewer extension points

* Remove explicit return type

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
2020-01-15 14:24:49 +13:00
Robbie Averill
7c1a0571f7
Merge pull request #9367 from martinduparc/patch-2
array_key_exists() on objects is deprecated in PHP 7.4
2020-01-14 09:39:49 -08:00
Robbie Averill
38d7bd700d
Merge pull request #9373 from manja/4.5
Fixed issue with merging existing entities in text collector
2020-01-14 09:27:35 -08:00
Robbie Averill
bdc723ff69
Merge pull request #9361 from kinglozzer/configure-database-glob
Minor performance improvement in DatabaseAdapterRegistry::autoconfigure()
2020-01-14 09:25:07 -08:00
Martin D
ec6a353543 array_key_exists() on objects is deprecated
Ref: https://wiki.php.net/rfc/deprecations_php_7_4#array_key_exists_with_objects
2020-01-14 09:22:49 -08:00
Robbie Averill
0567dce72f
Merge pull request #9370 from mandrew/patch-4
Adding SS_ENVIRONMENT_TYPE to documentation
2020-01-14 09:20:45 -08:00
Nemanja Karadzic
18f0829053 Fixed issue with merging existing entities in text collector 2020-01-14 14:20:40 +01:00