tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-29 07:59:31 +02:00
Code Issues Projects Releases Wiki Activity
19,748 Commits 29 Branches 516 Tags 147 MiB
a8f4f23c66
Commit Graph

801 Commits

Author SHA1 Message Date
Loz Calver
b5bae137bd FIX: Redirect loop with multiple confirmation tokens present (fixes #8607) 2018-11-15 10:59:42 +00:00
Werner M. Krauß
3f321f935a Convert::memstring2bytes should return integer value 
bytes are by nature an integer

fixes #8572
 2018-11-07 17:01:36 +01:00
Loz Calver
11fe5b3adf Implement ConfirmationTokenChain to handle multiple tokens at once 2018-11-07 11:33:24 +13:00
Robbie Averill
9aabe0a0f7 [SS-2018-018] Ignore arguments in mysqli::real_connect backtrace calls 2018-11-07 11:33:24 +13:00
Loz Calver
8d7c2dafab [SS-2018-019] Add confirmation token to dev/build 2018-11-07 11:33:24 +13:00
Werner M. Krauß
adafd73943 Convert::memstring2bytes should preserve -1 
fixes #8570
 2018-11-06 10:22:13 +01:00
Robbie Averill
b922c0d732 FIX Check scheme is truthy before setting it to the request 2018-09-03 08:59:37 +02:00
Maxime Rainville
dd3379e68f
Merge pull request #8075 from creative-commoners/pulls/4.0/remap-polymorphics 
FIX Polymorphic relationship class columns have obsolete class names remapped
 2018-08-28 17:03:39 +12:00
Robbie Averill
d651d0fbfc FIX Use base class (not remapping target class) when looking up whether object is versioned 2018-08-28 14:15:02 +12:00
Robbie Averill
3178fbf3bb
Merge pull request #8028 from andrewandante/pulls/4.0/unset_http_scheme_on_cli 
unset http scheme on CLIRequestBuilder
 2018-08-27 16:11:42 +12:00
Robbie Averill
953153500d FIX Polymorphic relationship class columns have obsolete class names remapped 2018-08-15 10:40:51 +12:00
Daniel Hensby
4acec33562
FIX Fixed bug in config merging priorities so that config values set by extensions are now least important instead of most important 2018-07-12 00:55:39 +01:00
Robbie Averill
f256045020
Merge pull request #8158 from open-sausages/pulls/4.0/fix-cli-canonical-middleware 
BUG Prevent canonical URL causing a redirect on CLI unless explicitly enabled
 2018-06-12 10:53:37 +12:00
Robbie Averill
27e24a4728
Merge pull request #8142 from open-sausages/pulls/4.0/fix-injector-empty 
BUG Safely handle empty injector factory responses
 2018-06-11 15:20:24 +12:00
Damian Mooyman
2a51f34c3e
BUG Prevent canonical URL causing a redirect on CLI unless explicitly enabled 
Replaces #8157
 2018-06-11 13:54:27 +12:00
Damian Mooyman
546c6c3e22
Merge pull request #8125 from open-sausages/pulls/4/date-field-tweaks 
Remove legacy logic from DateField_Disabled
 2018-06-11 09:23:33 +12:00
Maxime Rainville
582c69d32f
BUG Fix issue with Disabled DateField always display (not set). 2018-06-08 13:51:22 +01:00
Daniel Hensby
e1450b5e82
Merge pull request #8147 from kinglozzer/mysql-pdo-attr 
FIX: Only set MYSQL_ATTR_INIT_COMMAND when using mysql driver (fixes #8103)
 2018-06-08 13:06:03 +01:00
Damian Mooyman
29f9b1c18f
Fix linting issues 2018-06-08 11:38:36 +12:00
Loz Calver
66f57bd4da FIX: Only set MYSQL_ATTR_INIT_COMMAND when using mysql driver (fixes #8103) 2018-06-07 10:26:00 +01:00
Damian Mooyman
c070e989c4
BUG Safely handle empty injector factory responses 
Fixes issue with ImageBackendFactory returning null and breaking injector
 2018-06-06 16:45:16 +12:00
Jonathon Menz
5a5ba1e5c0 Fix: negative values in read only currency field 
Don’t strip out ‘-‘ character as this makes negative values appear to be positive (Fixes #8126)
 2018-06-01 12:59:02 -07:00
Robbie Averill
624a5326a7
Typo in PHPDoc type 2018-05-30 14:51:09 +12:00
Robbie Averill
3a537bc745 Merge branch 'heads/4.0.4' into 4.0 2018-05-28 17:50:07 +12:00
Damian Mooyman
5bff64b47b BUG Fix Director::test() not persisting removed session keys on teardown 2018-05-24 13:10:03 +12:00
Aaron Carlino
f847f186b1 [ss-2018-013] Remove password text from session data on failed submission 2018-05-14 17:14:38 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010 
[SS-2018-010] Fix regression of SS-2017-002
 2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47 [SS-2018-010] Fix regression of SS-2017-002 2018-05-14 17:12:07 +12:00
Robbie Averill
1e6790bfb6
Merge pull request #62 from silverstripe-security/pulls/4.0/ss-2018-001 
[ss-2018-001] Restrict non-admins from being assigned to admin groups
 2018-05-14 17:11:03 +12:00
Damian Mooyman
e409d6f673 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-14 17:10:22 +12:00
Robbie Averill
39b62e5fbb
Merge pull request #61 from silverstripe-security/pulls/4.0/ss-2018-008 
[ss-2018-008] Validate against malformed urls
 2018-05-14 17:07:09 +12:00
Damian Mooyman
9053014a7e [ss-2018-008] Validate against malformed urls 2018-05-14 17:06:47 +12:00
Robbie Averill
6f50728b18
Merge pull request #59 from silverstripe-security/pulls/4.0/ss-2018-006 
[ss-2018-006] Prevent code execution in template value resolution
 2018-05-14 17:06:04 +12:00
Robbie Averill
cd716fb61b Switch check for is_string 2018-05-14 17:05:31 +12:00
Damian Mooyman
2e13ae746f [ss-2018-006] Prevent code execution in template value resolution 2018-05-14 17:05:31 +12:00
Damian Mooyman
d935140a95 [ss-2018-005] Prevent unauthenticated isDev / isTest being allowed 2018-05-14 17:03:39 +12:00
Andrew Aitken-Fincham
64964f7402
unset http scheme on CLIRequestBuilder 2018-05-02 11:43:51 +01:00
Daniel Hensby
d5e2d3fa67
Merge branch '3.6' into 4.0 2018-05-01 21:47:17 +01:00
azt3k
6b39b25e20
Fixes a count() php warning without an api change 
Warning: count(): Parameter must be an array or an object that implements Countable in /path/to/vendor/silverstripe/framework/src/Security/Member.php on line 1355
 2018-04-27 09:31:07 +01:00
Damian Mooyman
0e2bf7871d
Merge pull request #8016 from webbuilders-group/duplicate-many-many-fix-4-0 
FIX: Duplicating many_many relationships looses the extra fields in 4.0
 2018-04-19 12:17:47 +12:00
UndefinedOffset
d17f424541 Changed checked for UnsavedRelationList to ManyManyList 2018-04-18 12:15:16 -03:00
UndefinedOffset
fe4b90edc0 FIX: Duplicating many_many relationships looses the extra fields in 4.0 2018-04-18 11:49:20 -03:00
Damian Mooyman
f83691e7f7
BUG Make invalid dev actions 404 not 500 error 
Fixes #8012
 2018-04-18 11:37:31 +12:00
Damian Mooyman
e11ba9a2d7 BUG Fix many_many through crashing ModelAdmin 2018-04-10 14:51:49 +12:00
Andreas Lindahl
dd44deacb4 Fix for "too few parameters" error when using DBMultiEnum 2018-03-28 16:42:12 +02:00
Thomas Portelange
2e1c70b56c
Ensure tmpData exists 
Otherwise you might get illegal string offset
 2018-03-15 20:40:05 +01:00
Daniel Hensby
d28a1b5cfc
Merge branch '3.6' into 4.0 2018-03-14 14:08:41 +00:00
Joe Harvey
bf2cee3989 Bugfix - Correct duplicate nesting of 'Content' to be returned to template 
In scenarios where:

- No member is logged in
- An 'AutoLoginHash' is provided via the 't' (token) query param
- The token isn't valid (determined by Member::validateAutoLoginToken())

The message which is intended to be returned to the end-user via $Content
in the template, is mistakenly double nested in ['Content' => ['Content' => 'Message']]
this leads to "The method forTemplate() doesn't exist on ArrayData" errors.

See - https://github.com/silverstripe/silverstripe-framework/issues/7866
 2018-03-07 14:14:05 +00:00
Damian Mooyman
5fee4a81aa
BUG Files dataobjects with missing asset shouldn't un-attach themselves from parent object on save 2018-03-07 11:17:17 +13:00
Chris Joe
6ae07d100c
Merge pull request #7603 from open-sausages/pulls/4.0/error-trace-included 
ENHANCEMENT Don't infer trace if explicitly provided
 2018-03-07 10:10:40 +13:00