Commit Graph

21975 Commits

Author SHA1 Message Date
Loz Calver
2f35cbd88c
Merge pull request #9266 from open-sausages/pulls/4/update-usage-doc-with-rquire
DOC Substituce old apache syntax for Require
2019-09-25 10:42:00 +01:00
Christopher Darling
578dd973a2
drop random_compat dependency now PHP support is 7.1+
since 4.5+ is going to be PHP 7.1+ random_compat should no longer be needed
2019-09-25 09:03:11 +01:00
Maxime Rainville
d7f5ed3e65 DOC Substituce old apache syntax for Require 2019-09-25 16:59:48 +12:00
Robbie Averill
d95fe203b8
Merge pull request #9263 from creative-commoners/pulls/4/js-api-docs-semver-warning
DOC Add warning about Semver status of modern JS / GraphQL tooling
2019-09-24 18:17:29 -07:00
Aaron Carlino
b0a17f5df1 Update changelog 2019-09-25 11:23:57 +12:00
Garion Herman
637a891b8c DOC Include link to semver.org in modern JS / GQL warning 2019-09-25 11:22:04 +12:00
Garion Herman
3db0fa46b5 DOC Add warning about Semver status of modern JS / GraphQL tooling 2019-09-25 10:26:06 +12:00
Sam Minnée
af6644f762
Merge pull request #9240 from chrometoasters/pulls/db-readonly-transactions-support
NEW Introduce supported database transaction mode check
2019-09-25 10:02:53 +12:00
Serge Latyntcev
88fde6e7c3 Merge branch '4.4' into 4 2019-09-24 17:29:06 +12:00
Serge Latyntcev
50a1aa4c4d Merge branch '4.3' into 4.4 2019-09-24 17:28:31 +12:00
Aaron Carlino
b002ef1171 Merge branch '4.4' into 4 2019-09-24 17:26:50 +12:00
Aaron Carlino
a0ec2f2811 Update translations 2019-09-24 17:26:37 +12:00
Serge Latyntcev
26a4fb38ba Added 4.3.6 changelog 2019-09-24 17:20:48 +12:00
Aaron Carlino
79a89e751d Added 4.4.4 changelog 2019-09-24 17:05:26 +12:00
Aaron Carlino
c1047fac32 DOCS: Add docs for versioned files migration 2019-09-24 16:04:22 +12:00
Aaron Carlino
28057e3a71 DOCS: Add FileShortcodeProvider change to changelog 2019-09-24 16:03:48 +12:00
Serge Latyntcev
8b7063a8e2 [CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution 2019-09-24 16:03:48 +12:00
Serge Latyntcev
eccfa9b10d [CVE-2019-12203] Session fixation in "change password" form
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 16:03:48 +12:00
Aaron Carlino
1f92b21a04 DOCS: Add FileShortcodeProvider change to changelog 2019-09-24 16:03:48 +12:00
Aaron Carlino
8ee5e621fd DOCS: Add docs for versioned files migration 2019-09-24 16:00:51 +12:00
Serge Latyntcev
5af205993d [CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution 2019-09-24 16:00:51 +12:00
Serge Latyntcev
569237c0f4 [CVE-2019-12203] Session fixation in "change password" form
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 16:00:51 +12:00
Aaron Carlino
99ab3c6421 DOCS: Add FileShortcodeProvider change to changelog 2019-09-24 16:00:51 +12:00
Jackson Darlow
a033662a3a MemberAuthenticator::recordLoginAttempt() outputs 2019-09-24 14:24:59 +12:00
Guy Marriott
3659f2888d
FIX Add 'legal empty attributes' to allow empty alt values on i… (#9257)
FIX Add 'legal empty attributes' to allow empty alt values on imgs
2019-09-23 17:03:01 -07:00
Garion Herman
0d27f32cc9 FIX Add 'legal empty attributes' to allow empty alt values on imgs
In some situations, a caption is used in place of a value in the alt
attribute, and in others an image may be cosmetic and not in need of an
alt attribute value (though the alt attribute must still be rendered in
this case).
2019-09-24 11:44:12 +12:00
Robbie Averill
3cfc21c405
Merge pull request #9241 from open-sausages/pulls/4.4.3/fix-file-permission
Fix administrators not being able to see files that are restricted to groups
2019-09-23 11:13:26 -07:00
Guy Marriott
aa7c057422
FIX: Don't force-add view button to readonly GridField (fixes #… (#9254)
FIX: Don't force-add view button to readonly GridField (fixes #9249)
2019-09-23 10:31:25 -07:00
Guy Marriott
190b2f2842
FIX: run member CMS validator when editing via groups (fixes #9… (#9255)
FIX: run member CMS validator when editing via groups (fixes #9184)
2019-09-23 10:28:38 -07:00
Loz Calver
efdb9cc718 FIX: run member CMS validator when editing via groups (fixes #9184) 2019-09-23 16:59:58 +01:00
Loz Calver
d85ff3bc44 FIX: Don't force-add view button to readonly GridField (fixes #9249) 2019-09-23 16:52:47 +01:00
bergice
6a1c6ecec6 Fix administrators not being able to see files that are restricted to groups
Resolves https://github.com/silverstripe/silverstripe-asset-admin/issues/777
2019-09-23 16:44:28 +12:00
Guy Marriott
6ff97821ed Merge branch '4.4' into 4 2019-09-18 15:52:36 -07:00
Guy Marriott
7877ffcc85 Merge branch '4.3' into 4.4 2019-09-18 15:52:18 -07:00
Guy Marriott
109ac3f75f
Allow non summary fields to be used as grid field export fields (#9248)
Allow non summary fields to be used as grid field export fields
2019-09-18 15:33:25 -07:00
Hayden Shaw
daf9d55ecb Allow non summary fields to be used as export fields
Fixes regression in 3d989a6eae.
2019-09-19 10:00:54 +12:00
Robbie Averill
5f59d0e6d5
Merge pull request #9245 from open-sausages/pulls/4/docs-sec-release-is-core-release
DOC Clarify that Security release is a SilverStripe Core release
2019-09-17 16:44:58 -07:00
Serge Latyntcev
f185dfb2c5 DOC Clarify that Security release is a SilverStripe Core release 2019-09-18 11:19:55 +12:00
Michal Kleiner
bcbf90a837 NEW Introduce supported database transaction mode check 2019-09-16 14:44:15 +12:00
Robbie Averill
ed64adf12a
Merge pull request #9238 from christopherdarling/patch-15
DOCS fix DataList::exclude() code example
2019-09-15 12:36:10 -07:00
Christopher Darling
c8f274de80
DOCS fix DataList::exclude() code example 2019-09-15 20:34:18 +01:00
Robbie Averill
aa6b244db9 Merge branch '4.4' into 4 2019-09-13 18:11:46 -07:00
Robbie Averill
592ab6abc1 Merge branch '4.3' into 4.4 2019-09-13 18:11:34 -07:00
Robbie Averill
066ce8e01c Merge branch '4.2' into 4.3
# Conflicts:
 #	src/View/ThemeResourceLoader.php
2019-09-13 18:10:37 -07:00
Robbie Averill
b8e81983b9 DOCS Update PSR-12 compliance in GridField_ActionProvider docs code examples
[ci skip]
2019-09-13 18:09:10 -07:00
Robbie Averill
ed47f43133
Merge pull request #9169 from jakxnz/patch-1
Update 04_Create_a_GridField_ActionProvider.md
2019-09-13 18:05:51 -07:00
Robbie Averill
750818ba9b Merge branch 'pulls/4/docs-file-header-upgrade-warning' into 4 2019-09-13 18:02:40 -07:00
Ingo Schommer
229df95fe9 DOCS Warning about protected file serving in 4.x 2019-09-13 18:01:44 -07:00
Robbie Averill
cfe86ad5a1
Merge pull request #9153 from creative-commoners/pulls/4.4/stream-ree-tags
FIX Skip md5-ing the whole contents of a stream for etags
2019-09-13 17:59:26 -07:00
Robbie Averill
9a76d4adb4
Merge pull request #9181 from kinglozzer/8762-shortcode-templates
NEW: Use templates to render embed shortcodes (closes #8762)
2019-09-13 17:58:32 -07:00