Robbie Averill
c28f411abd
Merge pull request #66 from silverstripe-security/pulls/4.0/security-password-fix
...
SECURITY: Remove password text from session data on failed submission
2018-05-14 17:15:28 +12:00
Aaron Carlino
f847f186b1
[ss-2018-013] Remove password text from session data on failed submission
2018-05-14 17:14:38 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010
...
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:07 +12:00
Robbie Averill
1e6790bfb6
Merge pull request #62 from silverstripe-security/pulls/4.0/ss-2018-001
...
[ss-2018-001] Restrict non-admins from being assigned to admin groups
2018-05-14 17:11:03 +12:00
Damian Mooyman
e409d6f673
[ss-2018-001] Restrict non-admins from being assigned to admin groups
2018-05-14 17:10:22 +12:00
Robbie Averill
39b62e5fbb
Merge pull request #61 from silverstripe-security/pulls/4.0/ss-2018-008
...
[ss-2018-008] Validate against malformed urls
2018-05-14 17:07:09 +12:00
Damian Mooyman
9053014a7e
[ss-2018-008] Validate against malformed urls
2018-05-14 17:06:47 +12:00
Robbie Averill
6f50728b18
Merge pull request #59 from silverstripe-security/pulls/4.0/ss-2018-006
...
[ss-2018-006] Prevent code execution in template value resolution
2018-05-14 17:06:04 +12:00
Robbie Averill
cd716fb61b
Switch check for is_string
2018-05-14 17:05:31 +12:00
Damian Mooyman
2e13ae746f
[ss-2018-006] Prevent code execution in template value resolution
2018-05-14 17:05:31 +12:00
Robbie Averill
3e205d69c3
Merge pull request #57 from silverstripe-security/pulls/4.0/ss-2018-005
...
[ss-2018-005] Prevent unauthenticated isDev / isTest being allowed
2018-05-14 17:04:23 +12:00
Damian Mooyman
d935140a95
[ss-2018-005] Prevent unauthenticated isDev / isTest being allowed
2018-05-14 17:03:39 +12:00
Damian Mooyman
e967ab09a2
Added 4.0.3 changelog
2018-02-05 17:10:00 +13:00
Damian Mooyman
e111da2769
Update translations
2018-02-05 16:58:21 +13:00
Damian Mooyman
02ec0b8375
Merge pull request #7829 from Firesphere/patch-3
...
[bugfix] $request == null breaks
2018-02-05 16:43:40 +13:00
Simon Erkelens
a071672b48
[bugfix] $request == null breaks
...
The $request incoming as null was not properly detected by the if/elseif structure.
2018-02-05 13:02:07 +13:00
Robbie Averill
209635b467
Merge pull request #7828 from open-sausages/pulls/4.0/fix-debug-string-class
...
BUG Fix issue with DebugView failing on class name of existing class
2018-02-05 12:08:58 +13:00
Damian Mooyman
288aaf083c
BUG Fix issue with DebugView failing on class name of existing class
...
Fixes #7827
2018-02-05 10:45:49 +13:00
Chris Joe
b81ac41b5d
Merge pull request #7825 from open-sausages/pulls/4.0/fix-session-unsaved
...
BUG Fix critical issue with incorrectly saved session data
2018-02-02 16:14:26 +13:00
Damian Mooyman
740c3326e9
BUG Fix critical issue with incorrectly saved session data
2018-02-02 15:08:52 +13:00
Damian Mooyman
9faf1e7f77
Merge pull request #7823 from open-sausages/pulls/4.0/ehh-whats-up-doc
...
Cleanup upgrade docs and 4.0 change logs
2018-02-02 14:26:07 +13:00
Chris Joe
628c5caad3
Merge pull request #7821 from open-sausages/pulls/4.0/update-message
...
Update reference from $databaseConfig to .env
2018-02-01 22:57:46 +13:00
Christopher Joe
78a6b4b4c3
Cleanup upgrade docs and 4.0 change logs
2018-02-01 15:27:02 +13:00
Damian Mooyman
cb30e09130
Update reference from $databaseConfig to .env
2018-02-01 12:58:55 +13:00
Damian Mooyman
11f4693648
Merge pull request #7816 from creative-commoners/pulls/4.0/setrighttitle-phpdoc
...
Update phpdoc for FormField::setRightTitle regarding escaped HTML
2018-01-31 16:48:17 +13:00
Robbie Averill
c0ffe2797a
Update phpdoc for FormField::setRightTitle regarding escaped HTML
2018-01-31 11:03:35 +13:00
Damian Mooyman
ab6428ef59
Merge pull request #7808 from creative-commoners/pulls/4.0/fix-html5-parsing-embeds
...
FIX Allow cleanup marker regex to handle self closing HTML5 tags
2018-01-31 10:24:34 +13:00
Robbie Averill
8a6686bc0f
Merge pull request #7814 from raissanorth/patch-1
...
FIX Fix typo in error message
2018-01-30 16:24:34 +13:00
Raissa North
cd6faac7a9
FIX Fix typo in error message
2018-01-30 15:48:42 +13:00
Robbie Averill
3d7ecc5240
FIX Allow cleanup marker regex to handle self closing HTML5 tags
2018-01-30 11:16:21 +13:00
Damian Mooyman
c7e341c67d
Added 4.0.2 changelog
2018-01-25 12:26:49 +13:00
Damian Mooyman
7ba19fc282
Update translations
2018-01-25 12:15:34 +13:00
Damian Mooyman
f764ab04e8
Merge pull request #7796 from bummzack/fix-date-rfc3339
...
Fixed Rfc3339 implementation of Date and Datetime
2018-01-25 11:44:53 +13:00
Roman Schmid
6fafce766e
Fixed Rfc3339 implementation of Date and Datetime
2018-01-24 16:58:12 +01:00
Robbie Averill
1a421dc947
Merge pull request #7792 from open-sausages/pulls/4.0/fix-limit-phpdoc
...
DOC Fix phpdoc on ArrayList::limit
2018-01-24 11:20:37 +13:00
Chris Joe
c0085efae6
Merge pull request #7785 from open-sausages/pulls/4.0/better-upload-message
...
BUG Better upload error message
2018-01-24 10:37:47 +13:00
Damian Mooyman
3fce5372b0
DOC Fix phpdoc on ArrayList::limit
...
Fixes #7781
2018-01-24 10:18:15 +13:00
Robbie Averill
795c07c51d
Merge pull request #7787 from NightJar/patch-2
...
FIX: Allow absolute URLs be use as resources
2018-01-24 09:44:16 +13:00
Dylan Wagstaff
e1a4b89912
Code lint fix
...
change `else if` to `elseif`
2018-01-24 09:04:22 +13:00
Dylan Wagstaff
943821f984
Add a test for external resource support
...
`SimpleResourceURLGenerator` has been altered to allow absolute URLs to be loaded directly, as so is now also tested to ensure the added functionality is true to design.
2018-01-23 17:43:01 +13:00
Dylan Wagstaff
9c3feb4ab4
FIX: Allow absolute URLs be use as resources
...
At current certain interfaces exist that assume only local assets will be loaded (e.g. `SilverStripe\Forms\HTMLEditor\TinyMCEConfig::getConfig()`), where as someone may wish to load an off site resource via the use of an absolute URL (e.g. for fontawesome css provided via a CDN). Because asset path parsing is filtered through a `SilverStripe\Core\Manifest\ResourceURLGenerator`, one must either know in advance if they want an internal or external resource (loading different generators), or the API must allow for this (i.e. an inclusion function for each type of asset). So we can either double the API on the implementing class, or simply make an exception for an absolute URL as high as possible; inside the filter - for which the `vendor/module : path/to/file.asset` shorthand syntax was specifically designed not to conflict with.
2018-01-23 17:31:43 +13:00
Damian Mooyman
b44273d1d6
BUG Better upload error message
...
Fixes https://github.com/silverstripe/silverstripe-asset-admin/issues/720
2018-01-23 16:08:42 +13:00
Loz Calver
7603c6d798
Merge pull request #7779 from open-sausages/pulls/4.0/fix-login-casting
...
BUG Fix double casting in login authenticator name
2018-01-22 09:10:35 +00:00
Damian Mooyman
60fa7558d3
BUG Fix double casting in login authenticator name
...
Fixes #7769
2018-01-22 14:06:24 +13:00
Loz Calver
4a8f9a8da8
Merge pull request #7773 from open-sausages/pulls/4.0/safer-gridfield-version
...
BUG Make GridFieldConfig less susceptible to error when versioned isn't installed
2018-01-18 09:23:06 +00:00
Damian Mooyman
16ad7e8fea
BUG Make GridFieldConfig less susceptible to error when versioned isn't installed
2018-01-18 16:43:51 +13:00
Damian Mooyman
24e6794352
Merge pull request #7771 from DrMartinGonzo/patch-1
...
Added style_formats example + links to docs
2018-01-18 10:50:43 +13:00
Damian Mooyman
6b69907d1e
Merge pull request #7770 from dhensby/pulls/4.0/add-public-dir-constants
...
Add `PUBLIC_*` constants to 4.0.x for easier compatibility
2018-01-18 09:02:36 +13:00
Martin Portevin
0ca152c156
Added style_formats example
2018-01-17 18:27:28 +01:00