Commit Graph

12422 Commits

Author SHA1 Message Date
Ingo Schommer
a7f38f7b4d Merge pull request #2413 from ss23/patch-1
Update 3.0.6.md
2013-09-12 16:08:04 -07:00
Stephen Shkardoon
f765696d26 Update 3.0.6.md
Add reference to information disclosure in Versioned.php (SS-2013-006)
2013-09-13 10:34:51 +12:00
Ingo Schommer
92c9febb99 Merge pull request #2406 from dangerdan/testing
Resubmitting pull request, changes to docs: topics/testing
2013-09-12 13:09:07 -07:00
Dan Brooks
6afad377cb Changes to topics/testing 2013-09-12 18:22:46 +01:00
Ingo Schommer
03d1d58148 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/code/SecurityAdmin.php
	css/AssetUploadField.css
	docs/en/topics/configuration.md
	security/PermissionRole.php
2013-09-12 17:33:36 +02:00
Ingo Schommer
c2b312d76f Merge remote-tracking branch 'origin/3.1.0' into 3.1 2013-09-12 17:24:42 +02:00
Ingo Schommer
7627d95555 Updated changelog 2013-09-12 17:02:13 +02:00
Ingo Schommer
505db1f731 Updated translations 2013-09-12 16:53:32 +02:00
Ingo Schommer
24bae3f922 Tagged 3.0.6-rc2 2013-09-12 16:48:20 +02:00
Ingo Schommer
a6b402f491 Added 3.0.6-rc2 changelog 2013-09-12 16:48:15 +02:00
Ingo Schommer
2da4d76c3b Updated translations 2013-09-12 16:37:12 +02:00
Ingo Schommer
7c99cb4668 Merge branch 'pulls/security-issues-august-3.0' into 3.0 2013-09-12 15:45:13 +02:00
Ingo Schommer
5e0315dc62 Safety note on DataObject::validation_enabled 2013-09-12 15:42:43 +02:00
Ingo Schommer
f803704d91 FIX Disallow permissions assign for APPLY_ROLES (SS-2013-005)
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:43 +02:00
Ingo Schommer
8b5c8eab72 Linking to older security issue in change log
Mainly for consistency with the newer format
2013-09-12 15:42:43 +02:00
Ingo Schommer
05757efceb FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:43 +02:00
Ingo Schommer
6cff9671d4 FIX Privilege escalation through Group and Member CSV upload (SS-2013-004)
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
2013-09-12 15:42:43 +02:00
Ingo Schommer
720c149aee FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:42 +02:00
Ingo Schommer
cb517fda9e Safety note on DataObject::$validation_enabled 2013-09-12 15:42:36 +02:00
Ingo Schommer
091c096dbf FIX Disallow permissions assign for APPLY_ROLES (SS-2013-005)
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:36 +02:00
Ingo Schommer
a492d56f7c 3.1.0-rc2 changelog 2013-09-12 15:42:36 +02:00
Ingo Schommer
cfa88adf4b FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:36 +02:00
Ingo Schommer
46556b609e FIX Privilege escalation through Group and Member CSV upload (SS-2013-004)
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
2013-09-12 15:42:35 +02:00
Ingo Schommer
68ca47b0dd FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:35 +02:00
Ingo Schommer
d747334737 Merge pull request #2401 from adrexia/tree-value
BUG: TreeDropdownField remove call to get value on search
2013-09-11 01:30:32 -07:00
Sean Harvey
a1939dccd1 Merge pull request #2400 from jbridson/patch-9
Update 2-extending-a-basic-site.md
2013-09-10 21:47:36 -07:00
Sean Harvey
c309867a1c Merge pull request #2373 from chillu/pulls/treedropdown-searchfield-default
Default TreeDropdown to "Title" search if $labelField isn't in DB
2013-09-10 21:45:40 -07:00
Sean Harvey
58da57dd1b Merge pull request #2390 from phptek/2389
Prevent circular refs in `GridFieldAddExistingAutocompleter` when linking DataObjects whose ID == current object's ID
2013-09-10 21:43:31 -07:00
Naomi Guyer
697972699d BUG: TreeDropdownField remove call to get value on search
This call was placing the id of the currently selected record into the
search box. Related to
https://github.com/silverstripe/silverstripe-framework/commit/93ea066f53
d5d2b2a19cf0dd2e9479a3fc5796f7
2013-09-11 13:22:27 +12:00
Simon Welsh
c2105db6d0 Count, not Length 2013-09-11 12:05:43 +12:00
jbridson
a4fbff4df5 Update 2-extending-a-basic-site.md
Fixed a few wording issues and added some clarity to links eg: Tutorial One (Building a basic site)
2013-09-11 11:20:41 +12:00
Ingo Schommer
8864256601 Merge pull request #2391 from halkyon/orderby_limit_aggregate
BUG Fixing SQLQuery::aggregate() adding ORDER BY when no limit.
2013-09-06 02:21:30 -07:00
Sean Harvey
95bb799e6f BUG Fixing SQLQuery::aggregate() adding ORDER BY when no limit.
DataQuery::initialiseQuery() will add a default sort to a query,
and when calling up an aggregate it will make a query like this
which doesn't make sense:

SELECT MAX("LastEdited") FROM "Member" ORDER BY "ID"

In this case there is no need to add the ORDER BY, and it will
break databases like MSSQL in cases such as
GenericTemplateGlobalProvider
which provides a default List() function for adding aggregates
into SSViewer template cacheblocks.

If we add a limit, however, then it does make sense:

SELECT MAX("LastEdited") FROM "Member" ORDER BY "ID" LIMIT 10

This fixes SQLQuery::aggregate() to NOT add an ORDER BY to an
aggregate call if there is no limit.
2013-09-06 18:11:11 +12:00
Sean Harvey
e43ca931d6 Merge pull request #2343 from chillu/pulls/security-404
Returning 404 on /Security, instead of Controller.ss template
2013-09-05 18:56:23 -07:00
Russell Michell
abcb2ef40b FIX: Modified fix for #2389 to ensure existing tests pass. 2013-09-06 08:48:32 +12:00
Ingo Schommer
ef2fc46eb2 Merge pull request #2386 from adrexia/tinymce-image-resize
BUG: Image resize allows skewing of image in IE (fixes CMS #791)
2013-09-05 04:08:06 -07:00
Ingo Schommer
9872a52a8d SecurityToken docs 2013-09-05 12:54:31 +02:00
Russell Michell
128c33b82c FIX: Fixes #2389
- Prevent circular references in `GridFieldAddExistingAutocompleter` when linking DataObjects whose ID matches the current object to which the gridfield is attached.
2013-09-05 13:55:47 +12:00
Naomi Guyer
52ef14a9ec BUG: Image resize allows skewing of image in IE (fixes CMS #791)
Including this plugin seemed like the most complete solution to this
problem, and allows it to be removed when tinymce is upgraded (assuming
they have fixed this issue). Uses a compressed version of the
advimagescale fork from sourceforge
(http://sourceforge.net/p/tinymce/plugins/186/), as it allowed for
multiple tinymce instances.
2013-09-04 15:01:46 +12:00
Will Rossiter
daa0b3cb79 Merge pull request #2383 from ryanwachtl/patch-1
Update requirements.md
2013-09-02 23:20:36 -07:00
Ryan Wachtl
15a1d96e5b Update requirements.md
Missing semicolon in example code.
2013-09-03 01:18:58 -05:00
Ingo Schommer
62608a7772 "edit" form expansion in AssetUploadField
Form wasn't expanding because of fixed heights. Backported fix from 3.1.
2013-09-02 16:48:11 +02:00
Ingo Schommer
1f84db1c54 Merge pull request #2357 from phptek/cms-access-checkbox-toggle
BUGFIX: CMS permissions checkbox won't untoggle once selected
2013-09-02 03:15:34 -07:00
Will Rossiter
0a795952b9 Merge pull request #2377 from phptek/issue/2375
UploadField showed 2 descriptions in CMS
2013-09-01 22:57:29 -07:00
Russell Michell
0f1ae7a00b BUGFIX:
- Fixes issue with CMS permissions checkbox, which won't un-toggle checked-checkboxes, after being clicked a 2nd time
2013-09-02 12:46:31 +12:00
Russell Michell
a1b04cb371 BUGFIX: Issue #2375
- UploadField showed 2 descriptions in CMS with one call to setDescription().
- Removed UploadField-specific template ref to $Description, in favour of using the "default" in FormField_holder.ss
2013-09-02 12:31:33 +12:00
Ingo Schommer
1c31c098ee FIX Correct Zend_Locale fallbacks in i18n/DateField/DateTimeField
Due to the recent change of translations to transifex, some
locales changed their names, which prompted a fix to
i18n::get_available_translations() (see 00ffe7294).
This caused a regression where short locales are determined
from the YAML file names (e.g. "en"), but weren't matched up
with fully qualified locales from get_available_translations() (e.g. "en_US").
Since this list is used in the admin/myprofile dropdown for the Member.Locale value,
it didn't match up with any entries and defaulted to the first one ("Africaans").

Note that the behaviour of admin/myprofile is still a bit weird:
It defaults the locale on new members to the one set for the current administrator.
So if a site defaults to en_US in _config.php, but the admin happens to view
his backend in de_DE, all members he creates default to de_DE as well.

Thanks to @tractorcow for contributing and peer reviewing!
2013-08-30 10:18:00 +02:00
Ingo Schommer
5f0329c6f2 Re-added entwine src/ in order to use inspector in dev mode 2013-08-30 10:12:50 +02:00
Ingo Schommer
93ea066f53 Remove TreeDropdownField placeholder support (see #2364)
It breaks the semantics of getValue(), leading to a broken field.
Regression from 8b5f89f. In the end, placeholder support is
considered "progressive enhancement", the search box should
be pretty obvious to IE8/IE9 users either way, given the main
field label is called "choose or search".
2013-08-30 09:50:07 +02:00
Ingo Schommer
20b49e215c Merge pull request #2136 from nedmas/fix-remove-export-button-padding
FIX: GridField button styling
2013-08-30 00:24:21 -07:00