Commit Graph

19546 Commits

Author SHA1 Message Date
Robbie Averill
c28f411abd
Merge pull request #66 from silverstripe-security/pulls/4.0/security-password-fix
SECURITY: Remove password text from session data on failed submission
2018-05-14 17:15:28 +12:00
Aaron Carlino
f847f186b1 [ss-2018-013] Remove password text from session data on failed submission 2018-05-14 17:14:38 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47 [SS-2018-010] Fix regression of SS-2017-002 2018-05-14 17:12:07 +12:00
Robbie Averill
1e6790bfb6
Merge pull request #62 from silverstripe-security/pulls/4.0/ss-2018-001
[ss-2018-001] Restrict non-admins from being assigned to admin groups
2018-05-14 17:11:03 +12:00
Damian Mooyman
e409d6f673 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-14 17:10:22 +12:00
Robbie Averill
39b62e5fbb
Merge pull request #61 from silverstripe-security/pulls/4.0/ss-2018-008
[ss-2018-008] Validate against malformed urls
2018-05-14 17:07:09 +12:00
Damian Mooyman
9053014a7e [ss-2018-008] Validate against malformed urls 2018-05-14 17:06:47 +12:00
Robbie Averill
6f50728b18
Merge pull request #59 from silverstripe-security/pulls/4.0/ss-2018-006
[ss-2018-006] Prevent code execution in template value resolution
2018-05-14 17:06:04 +12:00
Robbie Averill
cd716fb61b Switch check for is_string 2018-05-14 17:05:31 +12:00
Damian Mooyman
2e13ae746f [ss-2018-006] Prevent code execution in template value resolution 2018-05-14 17:05:31 +12:00
Robbie Averill
3e205d69c3
Merge pull request #57 from silverstripe-security/pulls/4.0/ss-2018-005
[ss-2018-005] Prevent unauthenticated isDev / isTest being allowed
2018-05-14 17:04:23 +12:00
Damian Mooyman
d935140a95 [ss-2018-005] Prevent unauthenticated isDev / isTest being allowed 2018-05-14 17:03:39 +12:00
Damian Mooyman
e967ab09a2 Added 4.0.3 changelog 2018-02-05 17:10:00 +13:00
Damian Mooyman
e111da2769 Update translations 2018-02-05 16:58:21 +13:00
Damian Mooyman
02ec0b8375
Merge pull request #7829 from Firesphere/patch-3
[bugfix] $request == null breaks
2018-02-05 16:43:40 +13:00
Simon Erkelens
a071672b48 [bugfix] $request == null breaks
The $request incoming as null was not properly detected by the if/elseif structure.
2018-02-05 13:02:07 +13:00
Robbie Averill
209635b467
Merge pull request #7828 from open-sausages/pulls/4.0/fix-debug-string-class
BUG Fix issue with DebugView failing on class name of existing class
2018-02-05 12:08:58 +13:00
Damian Mooyman
288aaf083c
BUG Fix issue with DebugView failing on class name of existing class
Fixes #7827
2018-02-05 10:45:49 +13:00
Chris Joe
b81ac41b5d
Merge pull request #7825 from open-sausages/pulls/4.0/fix-session-unsaved
BUG Fix critical issue with incorrectly saved session data
2018-02-02 16:14:26 +13:00
Damian Mooyman
740c3326e9
BUG Fix critical issue with incorrectly saved session data 2018-02-02 15:08:52 +13:00
Damian Mooyman
9faf1e7f77
Merge pull request #7823 from open-sausages/pulls/4.0/ehh-whats-up-doc
Cleanup upgrade docs and 4.0 change logs
2018-02-02 14:26:07 +13:00
Chris Joe
628c5caad3
Merge pull request #7821 from open-sausages/pulls/4.0/update-message
Update reference from $databaseConfig to .env
2018-02-01 22:57:46 +13:00
Christopher Joe
78a6b4b4c3 Cleanup upgrade docs and 4.0 change logs 2018-02-01 15:27:02 +13:00
Damian Mooyman
cb30e09130
Update reference from $databaseConfig to .env 2018-02-01 12:58:55 +13:00
Damian Mooyman
11f4693648
Merge pull request #7816 from creative-commoners/pulls/4.0/setrighttitle-phpdoc
Update phpdoc for FormField::setRightTitle regarding escaped HTML
2018-01-31 16:48:17 +13:00
Robbie Averill
c0ffe2797a Update phpdoc for FormField::setRightTitle regarding escaped HTML 2018-01-31 11:03:35 +13:00
Damian Mooyman
ab6428ef59
Merge pull request #7808 from creative-commoners/pulls/4.0/fix-html5-parsing-embeds
FIX Allow cleanup marker regex to handle self closing HTML5 tags
2018-01-31 10:24:34 +13:00
Robbie Averill
8a6686bc0f
Merge pull request #7814 from raissanorth/patch-1
FIX Fix typo in error message
2018-01-30 16:24:34 +13:00
Raissa North
cd6faac7a9
FIX Fix typo in error message 2018-01-30 15:48:42 +13:00
Robbie Averill
3d7ecc5240 FIX Allow cleanup marker regex to handle self closing HTML5 tags 2018-01-30 11:16:21 +13:00
Damian Mooyman
c7e341c67d Added 4.0.2 changelog 2018-01-25 12:26:49 +13:00
Damian Mooyman
7ba19fc282 Update translations 2018-01-25 12:15:34 +13:00
Damian Mooyman
f764ab04e8
Merge pull request #7796 from bummzack/fix-date-rfc3339
Fixed Rfc3339 implementation of Date and Datetime
2018-01-25 11:44:53 +13:00
Roman Schmid
6fafce766e Fixed Rfc3339 implementation of Date and Datetime 2018-01-24 16:58:12 +01:00
Robbie Averill
1a421dc947
Merge pull request #7792 from open-sausages/pulls/4.0/fix-limit-phpdoc
DOC Fix phpdoc on ArrayList::limit
2018-01-24 11:20:37 +13:00
Chris Joe
c0085efae6
Merge pull request #7785 from open-sausages/pulls/4.0/better-upload-message
BUG Better upload error message
2018-01-24 10:37:47 +13:00
Damian Mooyman
3fce5372b0
DOC Fix phpdoc on ArrayList::limit
Fixes #7781
2018-01-24 10:18:15 +13:00
Robbie Averill
795c07c51d
Merge pull request #7787 from NightJar/patch-2
FIX: Allow absolute URLs be use as resources
2018-01-24 09:44:16 +13:00
Dylan Wagstaff
e1a4b89912
Code lint fix
change `else if` to `elseif`
2018-01-24 09:04:22 +13:00
Dylan Wagstaff
943821f984
Add a test for external resource support
`SimpleResourceURLGenerator` has been altered to allow absolute URLs to be loaded directly, as so is now also tested to ensure the added functionality is true to design.
2018-01-23 17:43:01 +13:00
Dylan Wagstaff
9c3feb4ab4
FIX: Allow absolute URLs be use as resources
At current certain interfaces exist that assume only local assets will be loaded (e.g. `SilverStripe\Forms\HTMLEditor\TinyMCEConfig::getConfig()`), where as someone may wish to load an off site resource via the use of an absolute URL (e.g. for fontawesome css provided via a CDN). Because asset path parsing is filtered through a `SilverStripe\Core\Manifest\ResourceURLGenerator`, one must either know in advance if they want an internal or external resource (loading different generators), or the API must allow for this (i.e. an inclusion function for each type of asset). So we can either double the API on the implementing class, or simply make an exception for an absolute URL as high as possible; inside the filter - for which the `vendor/module : path/to/file.asset` shorthand syntax was specifically designed not to conflict with.
2018-01-23 17:31:43 +13:00
Damian Mooyman
b44273d1d6
BUG Better upload error message
Fixes https://github.com/silverstripe/silverstripe-asset-admin/issues/720
2018-01-23 16:08:42 +13:00
Loz Calver
7603c6d798
Merge pull request #7779 from open-sausages/pulls/4.0/fix-login-casting
BUG Fix double casting in login authenticator name
2018-01-22 09:10:35 +00:00
Damian Mooyman
60fa7558d3
BUG Fix double casting in login authenticator name
Fixes #7769
2018-01-22 14:06:24 +13:00
Loz Calver
4a8f9a8da8
Merge pull request #7773 from open-sausages/pulls/4.0/safer-gridfield-version
BUG Make GridFieldConfig less susceptible to error when versioned isn't installed
2018-01-18 09:23:06 +00:00
Damian Mooyman
16ad7e8fea
BUG Make GridFieldConfig less susceptible to error when versioned isn't installed 2018-01-18 16:43:51 +13:00
Damian Mooyman
24e6794352
Merge pull request #7771 from DrMartinGonzo/patch-1
Added style_formats example + links to docs
2018-01-18 10:50:43 +13:00
Damian Mooyman
6b69907d1e
Merge pull request #7770 from dhensby/pulls/4.0/add-public-dir-constants
Add `PUBLIC_*` constants to 4.0.x for easier compatibility
2018-01-18 09:02:36 +13:00
Martin Portevin
0ca152c156
Added style_formats example 2018-01-17 18:27:28 +01:00