Commit Graph

3623 Commits

Author SHA1 Message Date
Aaron Carlino
f847f186b1 [ss-2018-013] Remove password text from session data on failed submission 2018-05-14 17:14:38 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47 [SS-2018-010] Fix regression of SS-2017-002 2018-05-14 17:12:07 +12:00
Robbie Averill
1e6790bfb6
Merge pull request #62 from silverstripe-security/pulls/4.0/ss-2018-001
[ss-2018-001] Restrict non-admins from being assigned to admin groups
2018-05-14 17:11:03 +12:00
Damian Mooyman
e409d6f673 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-14 17:10:22 +12:00
Robbie Averill
39b62e5fbb
Merge pull request #61 from silverstripe-security/pulls/4.0/ss-2018-008
[ss-2018-008] Validate against malformed urls
2018-05-14 17:07:09 +12:00
Damian Mooyman
9053014a7e [ss-2018-008] Validate against malformed urls 2018-05-14 17:06:47 +12:00
Robbie Averill
6f50728b18
Merge pull request #59 from silverstripe-security/pulls/4.0/ss-2018-006
[ss-2018-006] Prevent code execution in template value resolution
2018-05-14 17:06:04 +12:00
Damian Mooyman
2e13ae746f [ss-2018-006] Prevent code execution in template value resolution 2018-05-14 17:05:31 +12:00
Damian Mooyman
d935140a95 [ss-2018-005] Prevent unauthenticated isDev / isTest being allowed 2018-05-14 17:03:39 +12:00
Damian Mooyman
288aaf083c
BUG Fix issue with DebugView failing on class name of existing class
Fixes #7827
2018-02-05 10:45:49 +13:00
Damian Mooyman
740c3326e9
BUG Fix critical issue with incorrectly saved session data 2018-02-02 15:08:52 +13:00
Robbie Averill
3d7ecc5240 FIX Allow cleanup marker regex to handle self closing HTML5 tags 2018-01-30 11:16:21 +13:00
Roman Schmid
6fafce766e Fixed Rfc3339 implementation of Date and Datetime 2018-01-24 16:58:12 +01:00
Dylan Wagstaff
943821f984
Add a test for external resource support
`SimpleResourceURLGenerator` has been altered to allow absolute URLs to be loaded directly, as so is now also tested to ensure the added functionality is true to design.
2018-01-23 17:43:01 +13:00
Daniel Hensby
db610aaf3b
Fixing string concat CS issues 2018-01-16 18:39:30 +00:00
Werner M. Krauß
422857f381
SapphireTestTest: use named data providers and more error messages
* use keys for naming each data set
* adding error messages
* clean up a bit
2018-01-16 15:25:40 +00:00
Loz Calver
daac577e62
Merge pull request #7763 from creative-commoners/pulls/4.0/fix-remove-header
FIX HTTPResponse::removeHeader incorrectly converts header name to lowercase
2018-01-16 11:04:03 +00:00
Robbie Averill
cc90cb0125 FIX HTTPResponse::removeHeader incorrectly converts header name to lowercase 2018-01-16 23:20:52 +13:00
Daniel Hensby
de6afd4405
TEST Cant reliably use Injector to replace Extensions 2018-01-11 14:08:29 +00:00
Damian Mooyman
f885101a1b
BUG Fix basic auth in PHP-CGI
Fixes #7717
2017-12-21 14:58:19 +13:00
Robbie Averill
aa7ab0c494 Update test assertions to be more readable 2017-12-17 16:22:26 +13:00
Robbie Averill
ea8ed5067d FIX Allow Requirements::block to handle module resource paths 2017-12-17 16:09:22 +13:00
Daniel Hensby
1c72d6946d
Merge branch '3.6' into 4.0 2017-12-14 21:01:35 +00:00
Damian Mooyman
1c8576cee7
Linting cleanup 2017-12-14 14:18:41 +13:00
Damian Mooyman
ed6561d9f5
BUG Fix incorrect merge of associative / non-associative summary fields
Fixes #7696
2017-12-14 14:17:19 +13:00
Damian Mooyman
286271a1e1
Merge pull request #56 from silverstripe-security/pulls/4.0/ss-2017-009
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt (4.0 branch)
2017-12-06 18:22:47 +13:00
Damian Mooyman
99e772b361
Merge pull request #51 from silverstripe-security/pulls/4.0/ss-2017-007
[ss-2017-007] Ensure xls formulae are safely sanitised on output (4.0)
2017-12-06 18:22:11 +13:00
Damian Mooyman
d6a93f5215
Merge remote-tracking branch 'silverstripe-security/3.5' into 3.6
# Conflicts:
#	security/Member.php
2017-12-06 17:26:45 +13:00
Damian Mooyman
91cf85087b
Merge remote-tracking branch 'origin/3.5' into 3.6 2017-12-06 17:21:09 +13:00
Damian Mooyman
dd4c5417e7
Merge pull request #49 from silverstripe-security/pulls/3.5/ss-2017-007
[ss-2017-007] Ensure xls formulae are safely sanitised on output (3.5)
2017-12-06 16:25:58 +13:00
Damian Mooyman
44de03da01
Merge pull request #53 from silverstripe-security/pulls/3.5/ss-2017-006
[ss-2017-006] Fix user agent invalidation on session startup (3.5 branch)
2017-12-06 16:25:39 +13:00
Damian Mooyman
3e2bcaa0b4
Merge pull request #54 from silverstripe-security/pulls/3.5/ss-2017-009
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt (3.5 branch)
2017-12-06 16:25:19 +13:00
Chris Joe
0e8d288240
Merge pull request #7667 from open-sausages/pulls/4.0/better-tinymce-locales
BUG Ensure that all tinymce_lang mappings are valid
2017-12-06 11:24:02 +13:00
Daniel Hensby
2aa1d8f2c4
remove create_function usage 2017-12-05 14:20:13 +00:00
Loz Calver
91bd92df31 FIX: Remove some unnecessary ClassInfo calls in DataObjectSchema 2017-12-05 12:23:10 +00:00
Damian Mooyman
69295a6e22
BUG Ensure that all tinymce_lang mappings are valid 2017-12-01 15:00:39 +13:00
Damian Mooyman
25e276cf37 [ss-2017-006] Fix user agent invalidation on session startup 2017-12-01 10:55:00 +13:00
Damian Mooyman
cfe1d4f481
[ss-2017-007] Ensure xls formulae are safely sanitised on output
CSVParser now strips leading tabs on cells
2017-12-01 10:24:49 +13:00
Damian Mooyman
22ccf3e2f9
[ss-2017-007] Ensure xls formulae are safely sanitised on output
CSVParser now strips leading tabs on cells
2017-12-01 10:19:48 +13:00
Damian Mooyman
f1dd3d6f03
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt 2017-11-30 17:00:49 +13:00
Damian Mooyman
6ba00e829a
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt 2017-11-30 15:53:50 +13:00
Damian Mooyman
5bfc0c43eb
Merge pull request #7648 from creative-commoners/pulls/4.0/support-some-class-collection
FIX Support self::class text collection
2017-11-29 11:37:06 +13:00
Damian Mooyman
2fe59680e3
Merge pull request #7620 from open-sausages/pulls/4.0/its-too-big-to-fit
BUG Added warning for auto-generated table_name
2017-11-28 09:42:12 +13:00
Robbie Averill
b7ea05900e FIX Support self::class text collection 2017-11-27 23:20:29 +13:00
Christopher Joe
cc72b5c852 BUG Added warning for auto-generated table_name for non-test classes 2017-11-27 20:22:37 +13:00
Damian Mooyman
6e7fb4747e
Restore legacy $ThemeDir support 2017-11-27 15:24:40 +13:00
Damian Mooyman
bac5f4c8aa
Merge branch '3.5' into pulls/3.5/update-pwd-encryption-on-change 2017-11-27 14:42:32 +13:00
Daniel Hensby
07a0f75426
Merge branch '3.6' into 4.0 2017-11-25 16:56:50 +00:00
Daniel Hensby
badeb0cc8c
Merge branch '3.5' into 3.6 2017-11-25 16:17:36 +00:00