Commit Graph

10230 Commits

Author SHA1 Message Date
Ingo Schommer
25af4adce2 Merge tag '3.0.5' into 3.0 2013-02-20 02:21:41 +01:00
Ingo Schommer
9ceef6be07 Added changelog 2013-02-20 00:39:00 +01:00
UndefinedOffset
e954c8c1d1 No longer caching the target element to be toggled 2013-02-19 12:10:19 -04:00
UndefinedOffset
b3e40dd0c3 Fixed issue with cms help toggles not functioning correctly 2013-02-19 11:38:40 -04:00
roed
9e7c622abe fixed error property $ of object is not a function
changed $ to jQuery, because without it the system would generate the following error:

Uncaught TypeError: Property '$' of object [object Window] is not a function
2013-02-19 15:48:29 +01:00
Ingo Schommer
16d0c188ee BUG Find Form actions in CompositeFields for access checks
This bug was introduced with the new nested CMS actions
around December 2012, but wasn't noticed until now
because checkAccessAction() would wrongly return TRUE
before the dataFieldByName() check was reached.
2013-02-19 15:48:29 +01:00
Sean Harvey
29de6431fd Merge pull request #1199 from drzax/patch-1
Update docs/en/installation/composer.md
2013-02-18 17:48:58 -08:00
drzax
fc0a81fef4 Update docs/en/installation/composer.md
No need to talk down to people in documentation.
2013-02-19 11:19:50 +10:00
Will Rossiter
813730b96e Merge pull request #1197 from dhensby/patch-2
Remove redundant extraClasses from FieldActions
2013-02-18 14:47:45 -08:00
Daniel Hensby
b7e34bd54c Removing redundant function
At the moment form actions (buttons) have the classes 'action action' as default. This is because the extraClass function adds 'action' and then calls the parent method. The parent then includes the $this->Type() ('action') again.

So I've remove this overloading of extraClass
2013-02-18 16:38:15 +00:00
Ingo Schommer
0c6ac1960e Fixed whitespace usage 2013-02-18 15:43:52 +01:00
Ingo Schommer
92458d9f43 Fixed line lengths 2013-02-18 14:41:49 +01:00
Ingo Schommer
9e2e050f20 Hardcode travis branch on dependencies, otherwise breaks pull request builds
Pull requests are always on a branch, and this branch
typically is not present on the installer.

This changes means we need to be careful when merging into 3.1
and master, but that's a necessary evil.
2013-02-18 14:13:07 +01:00
Ingo Schommer
2b3098a3f4 Merge pull request #1194 from ARNHOE/patch-4
Create nl_NL.js for framework admin
2013-02-18 03:15:20 -08:00
ARNHOE
924c76ccb1 Create nl_NL.js 2013-02-18 03:13:09 -08:00
Ingo Schommer
2ee57eb715 Merge pull request #1193 from ARNHOE/patch-3
Update javascript/lang/nl_NL.js
2013-02-18 03:11:47 -08:00
ARNHOE
823b2acda3 Update javascript/lang/nl_NL.js 2013-02-18 12:09:38 +01:00
Ingo Schommer
89f963c468 Merge pull request #1191 from ARNHOE/patch-1
Create nl.js for ssbuttons
2013-02-18 02:26:33 -08:00
Ingo Schommer
32943dff1b Merge pull request #1192 from ARNHOE/patch-2
Create nl.js for ssmacron
2013-02-18 02:25:58 -08:00
ARNHOE
7e88e67621 Create nl.js 2013-02-18 02:20:50 -08:00
ARNHOE
70d20ada3a Create nl.js 2013-02-18 02:20:02 -08:00
Simon Welsh
b81386a431 Correct check for File subclass 2013-02-18 17:35:17 +13:00
Hamish Friedlander
9ecea763c3 Merge pull request #1186 from nyeholt/injector_configged_create
FIX issue with Injector::create not passing args
2013-02-17 18:38:24 -08:00
Ingo Schommer
37b8034462 Fixed changelog 2013-02-18 01:34:51 +01:00
Ingo Schommer
ad9f26a00f Updated changelog 2013-02-18 01:29:30 +01:00
Ingo Schommer
eafafb31e3 Fixed screen.css (wrong compilation) 2013-02-18 01:28:17 +01:00
Ingo Schommer
62987139d4 Updated changelog 2013-02-18 01:19:33 +01:00
Ingo Schommer
d3d0b21e80 Updated translations 2013-02-18 01:17:30 +01:00
Ingo Schommer
56ad1d027e Updated changelog 2013-02-18 01:03:57 +01:00
Ingo Schommer
190e0b8a47 Add ContentController->handleWidget() to $allowed_actions
Required by recent $allowed_actions security fix
2013-02-18 00:10:06 +01:00
Ingo Schommer
30096ee730 BUGFIX Keep Member.PasswordEncryption setting on empty passwords
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
2013-02-17 23:30:41 +01:00
Ingo Schommer
d51e0bc2ec Improved docs on $allowed_actions
Added section to "Controllers" and "Form" topics,
added $allowed_actions definitions to all controller examples
2013-02-17 23:30:40 +01:00
Ingo Schommer
f06ba70fc9 BUG Undefined $allowed_actions overrides parent definitions, stricter handling of $allowed_actions on Extension
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.

Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
2013-02-17 23:30:36 +01:00
Ingo Schommer
303352926b 3.0.4 changelog update 2013-02-17 23:28:22 +01:00
Ingo Schommer
f8bbc0a726 BUGFIX Escape HTML in DropdownField and ListboxField
Fixes reflected XSS in Group titles when using
in group selections (e.g. in "New Member" form).
2013-02-17 23:27:15 +01:00
Ingo Schommer
604ede30a4 BUGFIX Escape HTML in CMS status messages 2013-02-17 23:27:15 +01:00
Ingo Schommer
7bb0bbff0e BUGFIX Fixed XSS in admin/security and "My Profile" forms 2013-02-17 23:27:15 +01:00
Ingo Schommer
eecd34868f BUGFIX Keep Member.PasswordEncryption setting on empty passwords
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
2013-02-17 23:16:25 +01:00
Ingo Schommer
3e27d27f7a Improved docs on $allowed_actions
Added section to "Controllers" and "Form" topics,
added $allowed_actions definitions to all controller examples
2013-02-17 23:16:25 +01:00
Ingo Schommer
50995fbecb BUG Undefined $allowed_actions overrides parent definitions, stricter handling of $allowed_actions on Extension
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.

Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
2013-02-17 23:16:22 +01:00
Ingo Schommer
7830b5d1b1 Merge remote-tracking branch 'origin/2.4' into 3.0 2013-02-17 22:43:56 +01:00
Ingo Schommer
ede381326b BUG Secure composer files from web access (fixes #8011)
Already applied to root .htaccess, but required for dynamically
generated file from installer as well. Also added upgrade instructions.
2013-02-17 22:33:04 +01:00
Ingo Schommer
e21bd49462 BUG TimeField respects user choice (fixes #8260)
Regression from c969e04731.
Also fixes width to accommodate for widest common format:
"11:11:11 AM"
2013-02-17 21:00:02 +01:00
Ingo Schommer
5d3ed12e20 Nginx docs for denying composer file access (fixes #8011) 2013-02-15 19:22:21 +01:00
Marcus Nyeholt
428cbe4b03 FIX issue with Injector::create not passing args
If creating an object using Injector::create() and constructor arguments
are passed through, in some cases where the object being created had a yml
configuration set for it, the passed in constructor arguments weren't being
passed through to the instantiation of the object.
2013-02-15 10:24:47 +11:00
Julian Seidenberg
10199f908a API Data corruption on Versioned due to lazy loading
Lazy loading no longer loads fields from the versions table when querying. This could lead to incorrect data being displayed if the data on the object and the version it pointed to did not match.

API methods to allow setting of the context of the query that generated the DataObject on that object (used by the lazy loading mechanism to correctly query the Stage, Live, or Versions tables)

See https://github.com/silverstripe/sapphire/pull/1178 for context.
2013-02-14 14:28:42 +01:00
jean
e2bf9649f3 FIX 7934 When lazy loading fields respect version of the record 2013-02-14 14:27:44 +01:00
Sean Harvey
b25b6d4769 Merge pull request #1182 from chillu/pulls/showtemplate-admin-ss3
API Require ADMIN for ?showtemplate=1 (3.0)
2013-02-12 15:07:34 -08:00
Sean Harvey
9337902fdd Merge pull request #1181 from chillu/pulls/showtemplate-admin
API Require ADMIN for ?showtemplate=1 (2.4)
2013-02-12 15:07:13 -08:00
Ingo Schommer
d969e29d00 API Require ADMIN for ?showtemplate=1 2013-02-12 23:26:04 +01:00