Damian Mooyman
8c0ced311f
Merge pull request #6998 from AntonyThorpe/StrictFormMethodCheck
...
Updated Form.php & 04_Form_Security.md - strictFormMethodCheck to true
2017-06-06 23:06:11 +12:00
Damian Mooyman
057bfdae79
Merge pull request #6991 from jacobbuck/feature/3.6/extend-file-get-url
...
NEW Add 'updateURL' extension hook to File::getURL()
2017-06-06 21:28:16 +12:00
Antony Thorpe
6348f2e3e8
Updated Form.php & 04_Form_Security.md
...
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting. In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf ) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]." The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)
).
Why not make this the default behaviour? Is there a scenario where this would cause a problem? Have manually tested in the CMS (alpha7) and is working fine.
Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8
.
2017-06-06 21:10:49 +12:00
Damian Mooyman
ba44c4c30d
Merge pull request #6988 from open-sausages/pulls/4.0/print-with-gotink
...
Fixes printing from crashing
2017-06-06 18:33:11 +12:00
Damian Mooyman
058ba813e6
Merge pull request #6986 from open-sausages/pulls/3.0/but-its-so-tinymce
...
Fix tinymce image selection issue in newer versions of Chrome
2017-06-06 17:24:31 +12:00
Saophalkun Ponlu
e267d29b9a
BUG Consistent return values for first and last methods
2017-06-06 17:22:55 +12:00
Jacob
92b7341200
Call $this->extend('updateURL', $url);
befor returning $url
2017-06-06 13:38:11 +12:00
Christopher Joe
d12c986dd5
Fixes printing from crashing
2017-06-06 13:31:37 +12:00
Damian Mooyman
9b965ed5fa
Add in missing changelog notes
2017-06-06 11:08:05 +12:00
Christopher Joe
5f5bfa5e70
Fix create temp folder if it does not exist
2017-06-06 09:58:51 +12:00
Jacob Buck
2305255699
Add updateURL
extension hook to File::getURL
2017-06-05 15:17:37 +12:00
Loz Calver
035a9b049e
Merge pull request #6990 from dhensby/pulls/3.6/constructor-fixes
...
FIX Upgrade old style constructors that were missed
2017-06-02 12:47:21 +01:00
Daniel Hensby
a52ed03b49
FIX Upgrade old style constructors that were missed
2017-06-02 12:22:33 +01:00
Christopher Joe
4b9d5dceb8
Fix tinymce image selection issue in newer versions of Chrome
2017-06-02 15:06:16 +12:00
Ingo Schommer
b137e91998
Internal security process docs
2017-06-02 11:30:12 +12:00
Daniel Hensby
9a0e01d4a0
NEW DB Driver defaults to PDO
2017-06-01 11:00:35 +01:00
Daniel Hensby
bf8d4252e3
Merge pull request #6983 from JustinTBrown/patch-1
...
Update to 00_CSV_Import.md
2017-05-31 19:17:33 +01:00
Justin Brown
ac08e16720
Update to 00_CSV_Import.md
...
Adding further explanation for using a custom CsvBulkLoader in ModelAdmin instead of the default one. I think some people might be able to guess at this, but others (like me) might benefit from making things a bit more explicit. This a follow up from my [question on StackOverflow](https://stackoverflow.com/questions/44271755/adding-custom-csvbulkuploader-to-modeladmin-in-silverstripe ).
2017-05-31 09:05:05 -06:00
Chris Joe
44f27645bd
Merge pull request #6981 from edlinklater/patch-1
...
Docs: Correct Stevie's name on committers page
2017-05-31 13:40:31 +12:00
Ed Linklater
f007fca51f
Docs: Correct Stevie's name on committers page
2017-05-31 12:27:06 +12:00
Daniel Hensby
21d2e5cad1
Merge branch '3.6' into 3
2017-05-31 00:12:14 +01:00
Daniel Hensby
becb769167
Merge branch '3.5' into 3.6
2017-05-31 00:11:48 +01:00
Daniel Hensby
653c891f38
Merge tag '3.6.0' into 3.6
...
Release 3.6.0
2017-05-31 00:11:47 +01:00
Daniel Hensby
294df1320f
Merge branch '3.4' into 3.5
2017-05-31 00:11:18 +01:00
Daniel Hensby
ff0bbce326
Merge tag '3.5.4' into 3.5
...
Release 3.5.4
2017-05-31 00:11:18 +01:00
Daniel Hensby
cf8f781238
Merge tag '3.4.6' into 3.4
...
Release 3.4.6
2017-05-31 00:10:48 +01:00
Daniel Hensby
143c4a63cf
Added 3.6.0 changelog
2017-05-30 22:11:03 +00:00
Daniel Hensby
90c2a7de11
Merge pull request #6979 from dhensby/pulls/bracket-test-only
...
FIX Bracket should implement TestOnly
2017-05-30 23:10:16 +01:00
Daniel Hensby
2f7f761a9c
Added 3.5.4 changelog
2017-05-30 22:03:17 +00:00
Daniel Hensby
deca99a5fe
Added 3.4.6 changelog
2017-05-30 21:58:52 +00:00
Daniel Hensby
13ee3148d9
FIX Bracket should implement TestOnly
2017-05-30 22:44:24 +01:00
Daniel Hensby
11de4abe0a
Merge pull request #6977 from andrewandante/FIX/move_dotenv_higher
...
move TRUSTED_PROXY below .env loader
2017-05-30 12:41:09 +01:00
Andrew Aitken-Fincham
8f44b8f0ba
move trusted_proxy_ips below .env loader
2017-05-30 12:18:47 +01:00
Damian Mooyman
b27ef810d4
Merge pull request #6974 from colintucker/fix-csv-bulk-loader
...
Fixes a bug with split file names during CSV import
2017-05-30 16:18:06 +12:00
Chris Joe
8efaa180a4
Merge pull request #6969 from open-sausages/pulls/4.0/insert-page-link
...
API Remove legacy HTMLEditor classes
2017-05-30 11:42:08 +12:00
Damian Mooyman
e7d87add9f
API Remove legacy HTMLEditor classes
2017-05-30 11:01:28 +12:00
Damian Mooyman
36e3a43bdb
Merge pull request #6976 from nfauchelle/patch-5
...
Update 05_Dataobject_Relationship_Management.md
2017-05-30 10:05:27 +12:00
Damian Mooyman
f2fbabec17
Merge pull request #6975 from nfauchelle/patch-4
...
Fix $class variable from being clobbered
2017-05-30 10:04:29 +12:00
Nick
318b0248b7
Update 05_Dataobject_Relationship_Management.md
...
Correct a naffed up code block and a typo
2017-05-29 20:54:50 +12:00
Nick
acb74a8577
Fix $class variable from being clobbered
...
The $class variable gets overwritten in the function.
This causes error messages to be less helpful. For example if you setup a has_many but forget the has_one on the other side the error will look something like
`[Emergency] Uncaught Exception: No has_one found on class 'SomeObject', the has_many relation from 'SilverStripe\View\ViewableData' to 'SomeObject' requires a has_one on 'SomeObject'`
fixing this gives a more useful error, like
`[Emergency] Uncaught Exception: No has_one found on class 'SomeObject', the has_many relation from 'Page' to 'SomeObject' requires a has_one on 'SomeObject'`
2017-05-29 20:31:09 +12:00
Colin Tucker
db59e51c4a
Fixes a bug with split file names during CSV import
2017-05-29 16:08:23 +10:00
Damian Mooyman
a017422817
Merge pull request #6972 from creative-commoners/pulls/3.5/plural-modeladmin-name
...
FIX Use plural name for ModelAdmin tab name
2017-05-29 15:05:24 +12:00
Robbie Averill
b4368196d1
FIX Use plural name for ModelAdmin tab name
2017-05-29 14:02:58 +12:00
Daniel Hensby
659053a256
Added 3.6.0-rc1 changelog
2017-05-29 00:36:04 +00:00
Daniel Hensby
cda7e8dc39
Merge remote-tracking branch 'security/3.5.4' into 3.6.0
2017-05-29 01:29:05 +01:00
Daniel Hensby
9a38bedd18
Added 3.5.4-rc1 changelog
2017-05-29 00:08:27 +00:00
Daniel Hensby
24166700e8
Merge remote-tracking branch 'security/3.4.6' into 3.5.4
2017-05-29 01:02:35 +01:00
Daniel Hensby
b5ad4bdcc6
Added 3.4.6-rc2 changelog
2017-05-28 23:49:04 +00:00
Daniel Hensby
2b72c0f73b
Merge pull request #42 from silverstripe-security/patch/3.4/ss-2017-004
...
[SS-2017-004] FIX DataDifferencer doesnt correctly cast data
2017-05-29 00:41:59 +01:00
Daniel Hensby
16a74bc8a9
FIX DataDifferencer needs to expliclty cast HTMLText values
2017-05-29 00:10:32 +01:00