tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
16,626 Commits 31 Branches 527 Tags 162 MiB
a6763298fe
Commit Graph

16626 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aaron Carlino
a6763298fe
Merge pull request #92 from silverstripe-security/pulls/3.6/cve-2019-12203 
[CVE-2019-12203] Session fixation in "change password" form
 2019-09-24 11:00:22 +12:00
Serge Latyntcev
a86093fee6 [CVE-2019-12203] Session fixation in "change password" form 
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
 2019-09-24 10:57:40 +12:00
Aaron Carlino
afcd966740
MINOR: Fix travis. Use trusty (#9256) 2019-09-24 10:56:44 +12:00
Robbie Averill
e968454465
Merge pull request #8821 from open-sausages/pulls/3.6/restore-dynamic-field-assigment 
BUG Renable the ability to do dynamic assignment with DBField
 2019-02-27 09:52:21 +11:00
Maxime Rainville
bd92969418 FIX Use a function common to MySQL, SQLite and PostgreSQL to test dynamic DBFIeld assigment 2019-02-26 14:20:14 +13:00
Maxime Rainville
adbc560bd7 BUG Address PR feedback. 2019-02-25 15:16:26 +13:00
Maxime Rainville
4ec1a682cf BUG Renable the ability to do dynamic assignment with DBField 2019-02-22 12:09:15 +13:00
Maxime Rainville
ab5f09a9f3 FIX Updated unit test were targeting Float/Int which don't exist on PHP7 (#8810) 2019-02-20 11:44:45 +13:00
Aaron Carlino
8c9e8fb5f3 Added 3.6.7 changelog 2019-02-12 22:02:19 +13:00
Aaron Carlino
c44f06cdf1 [SS-2018-021] Patch SQL Injection vulnerability when arrays are assigned to DataObject Fields 2019-02-12 21:58:27 +13:00
Robbie Averill
6eff32b7ab
Merge pull request #8747 from kinglozzer/defaults-i-got-em-from-my-momma-class 
FIX: Injector may instantiate prototypes as if they're singletons (fixes #8567)
 2019-01-29 13:57:48 +02:00
Loz Calver
746c0679ad FIX: Injector may instantiate prototypes as if they're singletons (fixes #8567) 2019-01-23 11:47:28 +00:00
Robbie Averill
b9c29e7e8f
Merge pull request #8611 from kinglozzer/redirect-loop-3 
FIX: Redirect loop with multiple URL tokens (fixes #8607)
 2018-11-15 14:13:36 +02:00
Loz Calver
86701b8cd0 FIX: Redirect loop with multiple URL tokens (fixes #8607) 2018-11-15 11:15:41 +00:00
Loz Calver
598edd9134 [SS-2018-019] Add confirmation token to dev/build 2018-11-07 11:35:31 +13:00
Daniel Hensby
801a51d0f7
Merge branch '3.5' into 3.6 2018-06-05 16:30:20 +01:00
Robbie Averill
13ea2f9b80
Merge pull request #8132 from dhensby/pulls/3.5/postgres-test-fix 
FIX Regression from #8009
 2018-06-05 13:43:19 +12:00
Daniel Hensby
41e601a036
FIX Regression from #8009 2018-06-04 17:03:05 +01:00
Loz Calver
050018dba6
Merge pull request #8134 from dhensby/pulls/3.5/memory-limit 
Increase memory limit to 2G in Travis builds
 2018-06-04 16:50:52 +01:00
Loz Calver
0a4e3fc716
Merge pull request #8133 from dhensby/pulls/3.5/php53-compat 
FIX PHP 5.3 compat for referencing $this in closures
 2018-06-04 16:30:21 +01:00
Robbie Averill
c1b0c56788
Increase memory limit to 2G in Travis builds 2018-06-04 16:24:18 +01:00
Robbie Averill
1cbf27e0f4
FIX PHP 5.3 compat for referencing $this in closure, and make method public for same reason 
sdf
 2018-06-04 16:05:49 +01:00
Robbie Averill
d21660971f Merge branch 'heads/3.6.6' into 3.6 2018-05-28 17:44:28 +12:00
Robbie Averill
dae8fefb1e Merge remote-tracking branch 'origin/3.5' into 3.6 2018-05-28 17:43:55 +12:00
Robbie Averill
df4648a308 Merge branch 'heads/3.5.8' into 3.5 2018-05-28 17:42:31 +12:00
Robbie Averill
912dc60cf3
Added 3.5.8 changelog 2018-05-28 15:50:54 +12:00
Robbie Averill
91327ab63e
Added 3.6.6 changelog 2018-05-14 10:59:58 +12:00
Robbie Averill
097f16282d
Added 3.6.6-rc1 changelog 2018-05-10 16:03:20 +12:00
Robbie Averill
0408048653
Merge pull request #71 from silverstripe-security/pulls/3.6/ss-2018-014 
[SS-2018-014] Remove dotm, potm, jar, css, js, xltm from default File.allowed_extensions
 2018-05-10 15:55:32 +12:00
Robbie Averill
19fdebfa24 [SS-2018-014] Remove dotm, potm, jar, css, js, xltm from default File.allowed_extensions 2018-05-10 15:53:11 +12:00
Robbie Averill
8b750b3d80 Merge remote-tracking branch 'origin/3.5.8' into 3.6.6 2018-05-10 15:52:23 +12:00
Robbie Averill
89dcc93a4f
Added 3.5.8 changelog 2018-05-10 12:00:45 +12:00
Robbie Averill
9d055dd946
Added 3.5.8-rc1 changelog 2018-05-10 09:38:54 +12:00
Robbie Averill
65668b8b58
Merge pull request #63 from silverstripe-security/pulls/3.6/ss-2018-001 
[ss-2018-001] Restrict non-admins from being assigned to admin groups
 2018-05-10 09:25:19 +12:00
Damian Mooyman
5771388821 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-09 15:12:40 +12:00
Daniel Hensby
cda61fb1ec
Merge branch '3.5' into 3.6 2018-05-01 20:23:21 +01:00
Daniel Hensby
2a9ef6ef94
Merge pull request #8039 from ngaitahutourism/3.6 
Address issue #8038
 2018-04-27 10:22:46 +01:00
Matthew Walker
766b2a4947
Address issue #8038 
Within TinyMCE, adding a link to "page on the site" generates an error "Target page not found" under the Anchor field.
 2018-04-27 09:50:21 +01:00
Daniel Hensby
8359f3dc97
Merge branch '3.5' into 3.6 2018-04-18 13:14:07 +01:00
Daniel Hensby
f30cd61cb7
Merge pull request #8009 from webbuilders-group/duplicate-many-many-fix 
FIX: Duplicating many_many relationships looses the extra fields (fixes #7973)
 2018-04-18 13:11:22 +01:00
UndefinedOffset
36198c482e
Removed extra lookup of the list 2018-04-18 12:16:12 +01:00
UndefinedOffset
af3a9f3ec8
FIX: Duplicating many_many relationships looses the extra fields (fixes #7973) 2018-04-18 12:16:02 +01:00
Damian Mooyman
a761056021
Merge pull request #7994 from creative-commoners/pulls/3.6/phpdocs 
Update some phpdocs that had typos, missing parts or incorrect formats
 2018-04-13 09:07:40 +12:00
Robbie Averill
51d4d2c11e Update some phpdocs that had typos, missing parts or incorrect formats 2018-04-11 20:12:38 +12:00
Robbie Averill
f5c1f181bb
Merge pull request #7990 from lerni/patch-2 
README fix contributing-link, add httpS
 2018-04-11 09:15:04 +12:00
Lukas
6bce88b6ba
README fix contributing-link, add httpS 2018-04-10 17:54:44 +02:00
Daniel Hensby
b36ba81a40
Merge branch '3.5' into 3.6 2018-03-28 11:06:32 +01:00
Damian Mooyman
45a7b44a15
Merge pull request #7858 from dhensby/pulls/3.5/add-support-file 
Add support.md file
 2018-03-28 16:56:11 +13:00
Daniel Hensby
61463424ff
Support file grammer improvements 2018-03-27 11:49:04 +01:00
Daniel Hensby
e3cdefaa3c
Add support.md file 2018-03-27 11:43:13 +01:00