Commit Graph

1070 Commits

Author SHA1 Message Date
Damian Mooyman
1e1a7a345c Merge remote-tracking branch 'origin/3'
Conflicts:
	control/Director.php
	filesystem/File.php
	filesystem/GD.php
	filesystem/ImagickBackend.php
	forms/HtmlEditorField.php
	javascript/UploadField_uploadtemplate.js
	model/Image.php
	model/Image_Backend.php
	model/fieldtypes/Enum.php
	templates/AssetUploadField.ss
	tests/model/ImageTest.php
	tests/search/FulltextFilterTest.php
2015-11-03 14:23:16 +13:00
Manuel Teuber
5224fc460c FIX: Permission::checkMember() use of undefined variable $codes 2015-09-29 23:49:29 +02:00
Damian Mooyman
10dece653f API Consolidate DataObject db methods
BUG Fix namespace and getField on composite fields
2015-09-22 10:38:12 +12:00
Damian Mooyman
34b71cf6c8 Merge remote-tracking branch 'origin/3' 2015-09-15 13:42:17 +12:00
Damian Mooyman
71b8aec306 Merge remote-tracking branch 'origin/3.2' into 3 2015-09-15 13:35:51 +12:00
Damian Mooyman
c4710b2272 Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	admin/code/GroupImportForm.php
	admin/code/MemberImportForm.php
	tests/model/DataListTest.php
2015-09-15 13:18:47 +12:00
Damian Mooyman
7e76f769b1 Merge pull request #4600 from patricknelson/issue-4597-gridfieldconfig-injector
FIX for #4597: Ensuring GridFieldConfig_RelationEditor is instantiated via Injector, not via "new" keyword.
2015-09-14 10:14:05 +12:00
Patrick Nelson
5cc0878dc1 FIX for #4597: Ensuring GridFieldConfig_RelationEditor is instantiated via Injector, not via "new" keyword. 2015-09-11 17:57:13 -04:00
Damian Mooyman
7367cf54c4 [ss-2015-020]: Prevent possible Privilege escalation 2015-09-10 13:01:24 +12:00
Damian Mooyman
b552a7370f Merge remote-tracking branch 'origin/3'
Conflicts:
	tests/model/ImageTest.php
2015-09-09 15:44:47 +12:00
Damian Mooyman
f10785350e Merge remote-tracking branch 'origin/3.2' into 3
Conflicts:
	docs/en/02_Developer_Guides/02_Controllers/01_Introduction.md
2015-09-09 14:50:47 +12:00
Damian Mooyman
309ac0d196 Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	.travis.yml
	admin/code/CMSProfileController.php
	admin/tests/LeftAndMainTest.php
	control/HTTP.php
	security/Permission.php
	tests/forms/FormTest.php
	tests/model/ArrayListTest.php
	tests/security/PermissionTest.php
2015-09-09 14:35:29 +12:00
Sam Minnée
f4b7cd3f68 Merge pull request #4500 from stevie-mayhew/pulls/get-response
FEATURE: implement getter and setter usage for response
2015-08-29 15:35:55 +12:00
Stevie Mayhew
1b57e0ca5b FEATURE: implement getter and setter usage for response 2015-08-29 10:24:06 +12:00
Daniel Hensby
2d4b743090 FIX Members can access their own profiles in CMS 2015-08-26 15:47:51 +01:00
Damian Mooyman
4a011303b9 Add missing packages 2015-08-24 16:15:38 +12:00
Damian Mooyman
958f98b1cf Merge remote-tracking branch 'origin/3' 2015-08-24 13:08:54 +12:00
Damian Mooyman
1686c83826 Revert #3425 #3396 to restore deprecated functionality
Fixes #4514
2015-08-24 11:26:25 +12:00
Daniel Hensby
ab0572e7cc DOCS Permission comments made a bit clearer 2015-08-21 09:16:46 +01:00
Daniel Hensby
6eede57ff2 Fix issue where Access All CMS Sections doesnt work 2015-08-20 22:30:43 +01:00
Damian Mooyman
09210efbc0 Merge remote-tracking branch 'origin/3'
Conflicts:
	composer.json
	control/Session.php
	docs/en/05_Contributing/01_Code.md
	docs/en/05_Contributing/02_Release_Process.md
	forms/FormField.php
	model/DataQuery.php
	model/Image.php
	model/queries/SQLConditionalExpression.php
	view/SSViewer.php
	view/ViewableData.php
2015-07-31 15:49:35 +12:00
Damian Mooyman
4ca5237185 Merge pull request #4321 from dhensby/pulls/formfield-docs
DOCS Fixing docs (and bad API usage)
2015-07-30 15:29:28 +12:00
Loz Calver
b7480b92a9 FIX: Hide 'Logged Passwords' tab in member CMS fields (fixes #4422) 2015-07-22 14:40:09 +01:00
Daniel Hensby
79c4f63855 DOCS Fixing docs (and bad API usage) 2015-07-20 16:42:33 +01:00
Daniel Hensby
ca8d0f2818 Merge branch '3.1' into 3.2
Conflicts:
	dev/Debug.php
	docs/en/05_Contributing/01_Code.md
	forms/FormField.php
	i18n/i18nTextCollector.php
	model/DataQuery.php
2015-07-20 10:48:01 +01:00
Damian Mooyman
6fabd0122b BUG Fix potential XSS injection 2015-07-01 17:41:32 +12:00
Sean Harvey
fd755a7ff9 BUG ChangePasswordForm validation message should render HTML correctly.
HTML shows up in the form message escaped, but it shouldn't be.
2015-07-01 17:41:32 +12:00
Daniel Hensby
3507ddb0e8 FIX MemberPassword history removed with with Members
Currently Members that were deleted would still have their passwords
stored in the DB even though they were deleted. This seems unnecessary
and just increases data that could potentially be compromised later.
2015-06-24 21:04:23 +01:00
Phill Price
b2024107a9 DOCS: Typo in a block 2015-06-24 11:57:12 +01:00
Damian Mooyman
e14f743bf0 Set deprecation level for all changes in 3.x to 4.0 2015-06-19 13:07:41 +12:00
Damian Mooyman
55170a0b74 API make DataObject::validate public 2015-06-17 15:51:30 +12:00
Damian Mooyman
0103b076c3 Merge remote-tracking branch 'origin/3'
Conflicts:
	forms/Form.php
	model/ManyManyList.php
2015-06-17 15:41:13 +12:00
Damian Mooyman
58cc3da8d8 API Revert DataObject::validate to 3.1 method signature (protected) 2015-06-16 11:59:21 +12:00
Damian Mooyman
e9d4863828 API Formalise new additional arguments to DataObject::canCreate, DataExtension::augmentSQL, and DataObject::extendedCan 2015-06-09 11:31:34 +12:00
Damian Mooyman
786b1dd5d4 Merge remote-tracking branch 'origin/3'
Conflicts:
	control/HTTPRequest.php
	filesystem/Upload.php
	model/ManyManyList.php
2015-06-09 11:10:14 +12:00
Damian Mooyman
8331171f2c Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	.scrutinizer.yml
	admin/javascript/LeftAndMain.Panel.js
	core/startup/ParameterConfirmationToken.php
	dev/Debug.php
	dev/FixtureBlueprint.php
	docs/en/00_Getting_Started/05_Coding_Conventions.md
	docs/en/00_Getting_Started/index.md
	docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
	filesystem/File.php
	filesystem/Folder.php
	forms/FieldList.php
	forms/LabelField.php
	forms/MoneyField.php
	forms/TextField.php
	forms/TreeDropdownField.php
	forms/Validator.php
	forms/gridfield/GridField.php
	forms/gridfield/GridFieldExportButton.php
	lang/de.yml
	lang/fi.yml
	model/DataObject.php
	model/SQLQuery.php
	parsers/ShortcodeParser.php
	security/ChangePasswordForm.php
	security/Security.php
	tests/control/DirectorTest.php
	tests/core/startup/ParameterConfirmationTokenTest.php
	tests/dev/FixtureBlueprintTest.php
	tests/forms/FieldListTest.php
	tests/forms/MoneyFieldTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
2015-06-02 19:13:38 +12:00
Damian Mooyman
22a35e48a9 BUG Fix malformed urls redirecting to external sites 2015-05-28 10:12:18 +12:00
Damian Mooyman
cd1eb1b484 Merge remote-tracking branch 'origin/3'
Conflicts:
	admin/tests/CMSFormTest.php
2015-05-19 09:19:47 +12:00
Stevie Mayhew
0d94cf15a5 UPDATE: change all instances of $this->request to use appropriate getter/setter 2015-04-30 11:04:08 +12:00
Daniel Hensby
c2fd18e829 FIX use config for Security::$login_url 2015-04-23 17:20:07 +01:00
Ingo Schommer
72a284c9b8 Merge remote-tracking branch 'origin/3'
Conflicts:
	core/Constants.php
	docs/en/05_Contributing/01_Code.md
	tests/model/SQLQueryTest.php
2015-04-09 16:26:16 +12:00
Damian Mooyman
95c162ef0d API Security better respects BackURL on login
BUG Restore missing authentication message not appearing in the login form $Content area (regression from #1807)
2015-03-31 20:22:35 +13:00
Damian Mooyman
43f49e8434 Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	admin/code/ModelAdmin.php
	control/Director.php
	model/SQLQuery.php
	security/Member.php
	tests/control/HTTPTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
	tests/view/SSViewerTest.php
2015-03-31 19:54:15 +13:00
Damian Mooyman
8d6cd1529f BUG Fix some database errors during dev/build where an auth token exists for the current user
Fixes #3660
2015-03-25 11:34:13 +13:00
Damian Mooyman
a775a44387 Merge pull request #4016 from guru-digital/REDIRECT_fix
HTTP basic auth fix
2015-03-19 14:55:20 +13:00
Daniel Hensby
de2aa47250 Merge pull request #4006 from kinglozzer/patch-1
FIX: Security::$default_message_set Config value unusable
2015-03-17 17:05:01 +00:00
Loz Calver
a61c08d031 FIX: Security::$default_message_set Config value unusable 2015-03-17 15:51:31 +00:00
Corey Sewell
46e61b3448 Check both $_SERVER['HTTP_AUTHORIZATION'] and $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] for HTTP Basic authentication headers 2015-03-17 14:15:54 +13:00
Loz Calver
c58f4c469d Replace core uses of DataObject::has_one/has_many/many_many 2015-03-13 16:16:12 +00:00
Damian Mooyman
319b96b48b Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
	docs/en/05_Contributing/01_Code.md
	forms/TreeDropdownField.php
	model/DataObject.php
	security/Member.php
	tests/model/DataObjectTest.php
2015-03-11 11:40:06 +13:00