Commit Graph

21714 Commits

Author SHA1 Message Date
Maxime Rainville
acd7d94167 Merge branch '4.4' into 4.5 2020-02-17 13:07:26 +13:00
Maxime Rainville
49fda52b12
Merge pull request #94 from silverstripe-security/fix/cve-2019-19325
CVE-2019-1935
2020-02-17 12:54:40 +13:00
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
Steve Boyd
9d5c3ef20e Merge branch '4.4' into 4.5 2020-02-11 16:45:15 +13:00
Steve Boyd
8dcaed25f4
Merge pull request #9386 from silverstripe-terraformers/feature/orm-column
ORM bugfix and enhancement
2020-02-11 15:56:03 +13:00
Mojmir Fendek
285e6caafa PR fixes 2020-02-11 10:43:01 +13:00
Mojmir Fendek
448147c2f1 PR fixes 2020-02-10 09:17:34 +13:00
Mojmir Fendek
660f80d284 PR fixes 2020-02-07 13:49:19 +13:00
Robbie Averill
fe496a29ec
Merge pull request #9397 from mikenuguid/bugfix/update-orm-scaffoldformfield
FIX Update ORM DBField types to use Injector in scaffoldFormField()
2020-02-04 22:38:34 +13:00
mnuguid
ca36a47bb1 FIX Update ORM DBField types to use Injector in scaffoldFormField()
- This is usable in cases where a DBField is needed to be overloaded through the Injector.
2020-02-04 21:43:47 +13:00
Bryn Whyman
27517c55e7
Merge pull request #9396 from muskie9/patch-11
DOCS correct changelog link in README
2020-02-03 15:48:52 +13:00
Nic
dd537f0cc9
DOCS correct changelog link in README 2020-02-02 20:20:38 -06:00
Mojmir Fendek
99786dda22 ORM Column now supports related table lookup 2020-01-28 15:46:30 +13:00
Mojmir Fendek
9c38c5f625 CMS action related extension points (#9340)
* CMS action related extension points

* Refactor to use fewer extension points

* Remove explicit return type

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
2020-01-27 15:09:15 +13:00
Robbie Averill
53fcd47dfc Merge branch '4.4' into 4.5 2020-01-16 19:59:42 -08:00
Robbie Averill
26e3b6f4e3 Merge branch '4.3' into 4.4 2020-01-16 19:59:24 -08:00
Robbie Averill
7c1a0571f7
Merge pull request #9367 from martinduparc/patch-2
array_key_exists() on objects is deprecated in PHP 7.4
2020-01-14 09:39:49 -08:00
Robbie Averill
38d7bd700d
Merge pull request #9373 from manja/4.5
Fixed issue with merging existing entities in text collector
2020-01-14 09:27:35 -08:00
Robbie Averill
bdc723ff69
Merge pull request #9361 from kinglozzer/configure-database-glob
Minor performance improvement in DatabaseAdapterRegistry::autoconfigure()
2020-01-14 09:25:07 -08:00
Martin D
ec6a353543 array_key_exists() on objects is deprecated
Ref: https://wiki.php.net/rfc/deprecations_php_7_4#array_key_exists_with_objects
2020-01-14 09:22:49 -08:00
Nemanja Karadzic
18f0829053 Fixed issue with merging existing entities in text collector 2020-01-14 14:20:40 +01:00
Loz Calver
a42249b6fc Minor performance improvement in DatabaseAdapterRegistry::autoconfigure() 2019-12-19 14:39:46 +00:00
Serge Latyntcev
08eaed4190 Added 4.5.0 changelog 2019-12-19 11:24:04 +13:00
Serge Latyntcev
e1a1459df3 Added 4.5.0-rc2 changelog 2019-12-19 11:23:31 +13:00
Andre Kiste
6650d81324 BUG Fix extra blank Group being created when creating a new Group (#9325)
* Fix extra blank Group being created when creating a new Group

* Update tests to reflect expected behavior

* Improved tests
2019-11-27 09:32:33 +13:00
Stevie Mayhew
92acc764f7
Merge pull request #9327 from kinglozzer/9259-session-restart
FIX: Session::restart() didn't correctly restart session (fixes #9259)
2019-11-21 11:52:36 +13:00
Loz Calver
453945da14 FIX: Session::restart() didn't correctly restart session (fixes #9259) 2019-11-20 14:21:30 +00:00
Serge Latyntcev
91e4aa90f1 Merge branch '4.4' into 4.5 2019-11-20 11:09:23 +13:00
Serge Latyntcev
8219491705 Merge branch '4.3' into 4.4 2019-11-20 11:08:35 +13:00
Serge Latyntcev
84d0d75e96 Added 4.5.0-rc1 changelog 2019-11-18 17:18:05 +13:00
Garion Herman
4f117e1850
Merge pull request #9318 from open-sausages/pulls/4.5/travis-tweak
Updating targeted recipes on travis build
2019-11-15 10:56:22 +13:00
Maxime Rainville
d91ee25f68 Updating targeted recipes 2019-11-15 10:22:46 +13:00
Serge Latyntsev
eef1e2b6a2
Merge pull request #9315 from creative-commoners/pulls/4/fix-alt-text-in-tests
FIX Adjust HTMLEditorField tests to support alt attr changes in assets
2019-11-15 08:24:22 +13:00
Robbie Averill
bd658ca745
Merge pull request #9305 from tractorcow/pulls/4.3/action-title
BUG FormAction title property cannot be set if useButtonTag is false
2019-11-14 09:06:46 -08:00
Serge Latyntcev
efc9bec5e6 Added 4.5.0-alpha1 changelog 2019-11-14 14:39:41 +13:00
Serge Latyntcev
18074cb891 Remove obsolete branch-alias 2019-11-14 01:24:36 +00:00
Garion Herman
ea2a2b4786 FIX Adjust HTMLEditorField tests to support alt attr changes in assets
The default behaviour of the alt attribute has changed from using the
filename to applying an empty value.
2019-11-14 12:04:37 +13:00
Serge Latyntcev
559f660e0e Merge branch '4.4' into 4 2019-11-13 15:40:34 +13:00
Robbie Averill
c0a716f86c
Merge pull request #9313 from DorsetDigital/patch-5
Doc:  Remove reference to themes
2019-11-09 09:28:41 -08:00
DorsetDigital
7e361b6127
Doc: Remove old reference to theme
Update siteconfig doc to remove reference to setting the current theme.
2019-11-09 10:28:05 +00:00
Mojmir Fendek
e2bea6b41f API Add withConfig method (#9011)
* With config functionality added.
* Update docs/en/02_Developer_Guides/04_Configuration/00_Configuration.md
2019-10-31 16:12:04 +13:00
Serge Latyntsev
d814158002
Merge pull request #9310 from open-sausages/pulls/4/doc-git-branch-conventions
DOC Describe our current branch naming conventions
2019-10-31 08:31:59 +13:00
Serge Latyntcev
2d4cbf8fef DOC Describe our current branch naming conventions 2019-10-30 15:31:36 +13:00
Guy Marriott
44b9e331f6
Ensure Requirements_Backend respects explicit false for async/d… (#9309)
Ensure Requirements_Backend respects explicit false for async/defer
2019-10-29 14:37:32 -07:00
Michal Kleiner
4f614423ad Ensure Requirements_Backend respects explicit false for async/defer 2019-10-30 09:59:57 +13:00
Damian Mooyman
e76601e5c8
BUG FormAction title property cannot be set if useButtonTag is false 2019-10-29 17:21:45 +13:00
Garion Herman
17f4cc6e30
Merge pull request #9281 from creative-commoners/pulls/4/textfield-tip-ui
NEW: Add support for Tip UI in TextField
2019-10-23 16:50:43 +13:00
Sam Minnée
e6ea109127
Merge pull request #9298 from ScopeyNZ/pulls/4/update-method-visibility-docs
DOCS Update contribution guidelines around method visibility
2019-10-23 11:52:20 +13:00
Garion Herman
bed3f2b3c6 NEW Add type declarations to Tip API, add TippableFieldInterface 2019-10-23 10:46:22 +13:00
Garion Herman
195417b061 NEW Extract Tip from TextField, add test coverage 2019-10-22 17:04:58 +13:00