tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-30 05:09:06 +02:00
Code Issues Projects Releases Wiki Activity
22,312 Commits 30 Branches 526 Tags 158 MiB
c932d7e7fb
Commit Graph

1921 Commits

Author SHA1 Message Date
Nicolaas
65e0233258
PATCH: using standard way to refer to classes Group and PermissionRoleCode 2020-07-14 07:50:05 +12:00
Garion Herman
d408a4e714 Merge branch '4.6' into 4 2020-07-13 12:28:14 +12:00
Garion Herman
fbe0f5a981 Merge branch '4.5' into 4.6 2020-07-13 12:27:02 +12:00
Garion Herman
2b9ef6be16 Merge tag '4.6.0' into 4.6 
Release 4.6.0
 2020-07-13 12:26:06 +12:00
Ingo Schommer
8d6a248431 Merge remote-tracking branch 'origin/4.6' into 4 2020-07-11 09:07:39 +12:00
Maxime Rainville
cce2b16309 [CVE-2020-6164] Remove/deprecate unused controllers that can potentially give away some information about the underlying project. 2020-07-10 17:57:06 +12:00
Maxime Rainville
8518987cbd [CVE-2019-19326] Stop honouring X-HTTP-Method-Override header, X-Original-Url header and _method POST variable. Add SS_HTTPRequest::setHttpMethod() 2020-07-10 17:56:15 +12:00
Maxime Rainville
996c1b5719 [CVE-2020-6164] Remove/deprecate unused controllers that can potentially give away some information about the underlying project. 2020-07-10 15:03:18 +12:00
Maxime Rainville
71db45b18b [CVE-2019-19326] Stop honouring X-HTTP-Method-Override header, X-Original-Url header and _method POST variable. Add SS_HTTPRequest::setHttpMethod() 2020-07-10 14:57:26 +12:00
Guy Marriott
fae61c0f1d
Merge pull request #9582 from open-sausages/pulls/fix-gridfielddatacolumns-callback 2020-07-09 11:58:39 -07:00
Andre Kiste
0ed340faa9
Merge pull request #9584 from open-sausages/pulls/4.5/plain-method-for-chinese-character 
BUG Tweak DBHTMLText::Plain to avoid treating some chinese characters…
 2020-07-09 23:13:12 +12:00
Maxime Rainville
c3f0ac7718 Merge branch '4.5' into 4.6 2020-07-09 14:33:57 +12:00
Maxime Rainville
f8360356e0 Merge branch '4.4' into 4.5 2020-07-09 14:28:28 +12:00
Maxime Rainville
b780c4f504 BUG Tweak DBHTMLText::Plain to avoid treating some chinese characters as line breaks. 2020-07-09 13:33:43 +12:00
Ingo Schommer
1f0a78e57b FIX More context for GridFieldDataColumns callbacks 
This emulates the callback signature from
GridFieldEditableColumns in the symbiote/silverstripe-gridfieldextensions module, which extends GridFieldDataColumns. In case canEdit() fails, this component passes control back to the parent (rendering a standard column content rather than a formfield). Which can become an issue if you've defined custom 'callback' handlers on setDisplayFields() - GridFieldDataColumns passes in only one arg (`$record`), while GridFieldEditableColumns passes in three (`$record`, `$col` and `$grid`).

While you could argue that this is a bug in the other module,
I think this additional context is beneficial for the main
GridFieldDataColumns use case as well, and it just happens to fix that bug.
 2020-07-09 09:33:21 +12:00
rdigitalg
3bf89b2d13
FIX Try Catch for embeded media (#9424) 
* Try Catch for embeded media
* added missing namespaces, translatable message INVALID_URL
* generate tag only once
* catch after closing bracket
* space after comma
* Update src/View/Shortcodes/EmbedShortcodeProvider.php
* Linting
Co-authored-by: ivan@digitalgarage.ro <ivan@digitalgarage.ro>
Co-authored-by: Steve Boyd <emteknetnz@gmail.com>
Co-authored-by: Loz Calver <kinglozzer@gmail.com>
 2020-07-03 13:04:54 +12:00
Sam Minnee
01d3b4fd96 FIX: Set many-many-through joinRecord on newly added records. 
When many-many-through relations are queried, a joinRecord is set on
each DataObject in the list to provide the extra fields defined on
the connector object. This didn’t previously happen when the record
was first add()ed to a list. This fixes that bug.
 2020-07-02 15:18:12 +12:00
Maxime Rainville
ec83959f2c API Remove UpgradeBootstrap (not part of our official API) 2020-06-30 21:35:51 +12:00
Jackson Darlow
57d75c89d5
NEW Added onAfterBuild (#9545) 
* Added onAfterBuild
* Remove arbitrary argument
 2020-06-30 16:56:14 +12:00
Steve Boyd
16914bfdfc
Merge pull request #9531 from alessandromarotta/patch-1 
DBField Documentation correction
 2020-06-30 13:00:20 +12:00
Tom Yrjas
00ee8d8abf BUGFIX: Re-declare $items to be an ArrayList if it's null 
getBackLink() modified to tolerate empty ArrayList
 2020-06-29 16:07:24 +03:00
Tom Yrjas
824b5e0b67 BUGFIX: Ensure $items isn't null in GridFieldDetailForm_ItemRequest->Breadcrumbs() prior to performing operations on it. 2020-06-29 14:13:49 +03:00
Aaron Carlino
658ca4deb1 MINOR: Add noindex metatag to debugview 2020-06-25 12:09:28 +12:00
Sam Minnée
714c4cba9c
Merge pull request #9546 from andrewandante/feature/disambiguate_first_methods_on_lists 
deprecate First and Last in order to disambiguate for array lists
 2020-06-23 14:46:29 +12:00
Serge Latyntcev
b4669ad1bb FIX 4.6 regression in the TempDatabase reset schema logic 2020-06-22 16:17:14 +12:00
Andrew Aitken-Fincham
09dca5fa9e
Update deprecation notice to 5.0.0 
Co-authored-by: Robbie Averill <robbie@averill.co.nz>
 2020-06-18 21:40:20 +01:00
Andrew Aitken-Fincham
34f660a311
Update src/View/SSViewer_BasicIteratorSupport.php 
Co-authored-by: Robbie Averill <robbie@averill.co.nz>
 2020-06-18 21:39:32 +01:00
Guy Marriott
4df45f4fe0
Merge pull request #9550 from jakxnz/pulls/4/docs-regarding-cached-get-ones 
Added documentation regarding some cached ORM scenarios
 2020-06-17 09:04:07 -07:00
Jackson Darlow
6813c0f7e8 Added documentation regarding some cached ORM scenarios 2020-06-17 17:17:04 +12:00
Guy Marriott
9eadef19d3
Merge pull request #9544 from jakxnz/pulls/4.6/dataextension-doc-blocks 2020-06-15 23:32:59 -07:00
Guy Marriott
1a6e2da995
Merge pull request #9543 from jakxnz/pulls/4.6/undeclared-private-statics 2020-06-15 23:16:57 -07:00
Andrew Aitken-Fincham
7c95237e8d update template docs, move deprecation to 5.0, capitalise Is 2020-06-15 12:25:13 +01:00
Jackson Darlow
dadac00c19
Added array declaration to GridFieldDetailForm_ItemRequest::$formActions 
Co-authored-by: Robbie Averill <robbie@averill.co.nz>
 2020-06-15 11:45:33 +12:00
Jackson Darlow
1edd8fd754
Added array declaration to DevelopmentAdmin::$registered_controllers 
Co-authored-by: Robbie Averill <robbie@averill.co.nz>
 2020-06-15 11:45:10 +12:00
Jackson Darlow
fcc7a9ce5b
Added array declaration to VersionProvider::$modules 
Co-authored-by: Robbie Averill <robbie@averill.co.nz>
 2020-06-15 11:44:43 +12:00
Jackson Darlow
dfe8d23ffc Added extra type-hints to DataExtension DocBlocks 2020-06-12 13:45:14 +12:00
Andrew Aitken-Fincham
2e0e04f701 fix deprecation notices 2020-06-12 01:38:24 +01:00
Steve Boyd
7d87ba72d5 Merge branch '4.6' into 4 2020-06-12 11:20:53 +12:00
Steve Boyd
4daccfab67 Merge branch '4.5' into 4.6 2020-06-12 11:20:13 +12:00
Andrew Aitken-Fincham
bac826bc06 deprecate First and Last in order to disambiguate for array lists 2020-06-11 23:45:42 +01:00
Jackson Darlow
2175de9560 Adjusted DataExtension DocBlocks to another degree of detail 2020-06-12 10:19:15 +12:00
Jackson Darlow
0d6572a2d6 Added DocBlocks to DataExtension methods 2020-06-11 17:04:45 +12:00
Jackson Darlow
84235c6518 Adjusted missing definitions to only include definitions referenced by framework 2020-06-11 14:28:47 +12:00
Jackson Darlow
dfc01457d6 #3236 Added missing config definitions (private statics) 2020-06-11 13:35:15 +12:00
Alessandro Marotta
fa406c1115
Documentation correction 2020-06-02 09:33:52 +02:00
Christopher Darling
4303917ac5
DOCS Form::loadDataFrom constants in docblock 
... missing MERGE_ prefix as defined in this class
 2020-05-28 16:40:12 +01:00
Sam Minnée
eb658e0705
Merge pull request #9528 from silverstripe-terraformers/bugfix/remove-recursive-write-rebased 
Remove recursive write until its fixed [Rebased]
 2020-05-28 17:12:36 +12:00
Adrian Humphreys
d320026375
Remove recursive write until its fixed 2020-05-28 14:34:55 +12:00
cpenny
d4165db690 Update getter name to getCMSCompositeValidator 2020-05-28 12:23:35 +12:00
cpenny
8ba65313e9 Add internal note for protected method 2020-05-28 11:18:46 +12:00
cpenny
bca4be77ed Update name to CompositeValidator. Add docblocks 2020-05-28 11:18:46 +12:00
cpenny
a2b57f0801 Update DefaultFormFactory extension point. Use array for validators 2020-05-28 11:18:46 +12:00
cpenny
11e2005b9b Add deprecation notice for 4.6 and update docs 2020-05-28 11:18:46 +12:00
cpenny
f977f9734c Add base updateValidatorList method to DataExtension 2020-05-28 11:18:46 +12:00
cpenny
b45a3561df Implemented PR feedback. Added some initial test cov 2020-05-28 11:18:46 +12:00
cpenny
d7dd93f7a7 Standardise getCMSValidator for DataObjects/Forms 2020-05-28 11:18:46 +12:00
Maxime Rainville
acccdd8a1c Merge branch '4.5' into 4 2020-05-26 14:31:06 +12:00
Maxime Rainville
42bb28965c Merge branch '4.4' into 4.5 2020-05-26 14:30:27 +12:00
Maxime Rainville
395893b559 Merge branch '4.3' into 4.4 2020-05-26 14:30:02 +12:00
Maxime Rainville
86fcb9e29c Merge branch '4.2' into 4.3 2020-05-26 14:29:16 +12:00
Daniel Hensby
080ce157ce
Fix various typos in comments 2020-05-16 10:34:53 +01:00
Michal Kleiner
21129b1624
Use short array syntax across the framework's codebase 2020-05-16 10:34:45 +01:00
Brett Tasker
1d19051c10 Add sha1 and md5 hashing options in resource URL 2020-05-12 18:14:03 +12:00
Alessandro Marotta
f3d1e308e5 Update Member.php 
The public function isLockedOut() in Member.php call LoginAttempt::getByEmail but serves to it the unique_identifier_field.

This PR could allow to extensions to patch the use of uniqueidentifierfield (otherwise it would be necessary to extends the Member Class to override the isLockedOut function, with a lot of problems)
 2020-05-10 19:07:22 +02:00
Matt Clegg
153e2383e6
DOCS: Minor typo 2020-05-10 08:01:10 +05:45
Mojmir Fendek
7dc6b36c16
Unique key for DataObject (#9400) 
NEW Unique key for DataObject
 2020-05-04 09:10:51 +12:00
Andre Kiste
3a424747df
Merge pull request #9332 from shoosah/feature/add-error-message-into-field 
Allow to add error message into a specific field
 2020-05-01 15:46:29 +12:00
Andre Kiste
ec51f98adb
Merge pull request #8870 from jinjie/4 
Fix: Allow editing of relation if item is created.
 2020-05-01 15:37:52 +12:00
Guy Marriott
693c4cde46
Merge pull request #9499 from lekoala/patch-16 2020-04-28 12:23:28 -07:00
Thomas Portelange
2f3c0fc8dd
Update src/Control/Session.php 
Co-Authored-By: Guy Marriott <guy.the.person@gmail.com>
 2020-04-28 19:21:52 +02:00
Robbie Averill
8bd9f48669
Merge pull request #9501 from mattclegg/1588075087 
DOCS: Fix typos & grammer
 2020-04-28 09:42:03 -07:00
mattclegg
dbecdd52d2
DOCS: Add reference for undocumented TEMP_FOLDER 2020-04-28 17:51:25 +05:45
mattclegg
df8cb9e010
DOCS: Update filter to use correct class 2020-04-28 17:50:40 +05:45
mattclegg
76bc7524a7
DOCS: Fix typos & grammer 2020-04-28 17:50:39 +05:45
Thomas Portelange
b38c35fe90
Fixes warning if session is not active 
See issue https://github.com/silverstripe/silverstripe-framework/issues/9496
 2020-04-27 13:51:19 +02:00
Dan Hensby
28ba4f701a
Merge branch '4.5' into 4 2020-04-27 09:54:27 +01:00
Dan Hensby
13b4d60d4a
Merge branch '4.4' into 4.5 2020-04-27 09:53:42 +01:00
Dan Hensby
85b37999be
Merge branch '4.3' into 4.4 2020-04-27 09:52:52 +01:00
Dan Hensby
e328d6f0d9
Merge branch '4.2' into 4.3 2020-04-27 09:51:24 +01:00
Dan Hensby
33b0b6985a
Update file paths for autoloading compatibility 2020-04-25 10:28:28 +01:00
Dan Hensby
b9f8ab44ac
Rename DBBigint.php for composer autoloading compatability 2020-04-24 23:15:42 +01:00
Garion Herman
50484417da Merge branch '4.5' into 4 2020-04-23 23:11:46 +12:00
Daniel Hensby
42cee6f5fb
Merge pull request #9489 from mattclegg/1587548067 
DOCS: Fix typos
 2020-04-22 12:28:02 +01:00
Daniel Hensby
826d1fa4eb
Merge pull request #9491 from mattclegg/1587548119 
DOCS: Remove unnecessary `return`
 2020-04-22 12:22:15 +01:00
mattclegg
2f717a4d90
DOCS: Remove unnecessary return 2020-04-22 15:50:12 +05:45
mattclegg
d521a52a33
DOCS: Fix typos 2020-04-22 15:20:11 +05:45
Daniel Hensby
237b2d5f74
Convert array delcarations to short array syntax 2020-04-20 18:58:09 +01:00
Garion Herman
9aba767e36
Merge pull request #9460 from chrometoasters/pulls/fix-9459-public-path 
Fix SS_BASE_URL logic when undefined and docroot without public folder
 2020-04-20 21:06:46 +12:00
Garion Herman
f94078d963
Merge pull request #9408 from chrometoasters/pulls/classes-with-extension 
Add ClassInfo method to get all classes with a given extension applied
 2020-04-20 20:11:01 +12:00
Loz Calver
e08bf1cdd9
Merge pull request #9461 from creative-commoners/pulls/4/remove-db-config-glob 
Cache results of _configure_database.php glob
 2020-04-20 08:45:48 +01:00
mattclegg
2169891651
BUGFIX: Ensure realpath returns a string for stripos 
[Deprecated] stripos(): Non-string needles will be interpreted as strings in the future. Use an explicit chr() call to preserve the current behavior
 2020-04-19 11:21:34 +05:45
Serge Latyntcev
cb36aab80c Merge branch '4.5' into 4 2020-04-15 14:49:19 +12:00
Maxime Rainville
7da77be5ce Merge branch '4.5' into 4 2020-04-15 08:22:27 +12:00
Daniel Hensby
03239f9dcc
Merge pull request #9454 from open-sausages/pulls/4/myisam 
NEW Allow InnoDB for FULLTEXT indexes
 2020-04-14 11:50:45 +01:00
mattclegg
60e670176a
DOCS: Correct spelling 2020-04-14 15:00:08 +05:45
mattclegg
5585f6633f
DOCS: Update typos 2020-04-14 15:00:08 +05:45
mattclegg
e968f5cb86
DOCS: Remove outdated TODO 2020-04-14 15:00:08 +05:45
Maxime Rainville
14bbaac1cb Merge tag '4.5.3' into 4.5 
Release 4.5.3
 2020-04-14 14:23:57 +12:00
Maxime Rainville
de8fd82c55 Merge branch '4.4' into 4.5 2020-04-14 14:18:18 +12:00
Maxime Rainville
1fe6255f9b Merge tag '4.4.6' into 4.4 
Release 4.4.6
 2020-04-14 14:13:59 +12:00
Serge Latyntcev
9779e42963 BUG Register new sub tasks to fix files affected by CVE-2020-9280 and CVE-2019-12245 2020-04-13 19:43:53 +12:00
Serge Latyntcev
b269d87490 BUG Register new sub tasks to fix files affected by CVE-2020-9280 and CVE-2019-12245 2020-04-13 17:16:57 +12:00
Steve Boyd
75d31c2cd3 Cache glob results for _configure_database.php 2020-04-10 23:15:12 +12:00
Michal Kleiner
ab87bdc044
Fix SS_BASE_URL logic when undefined and docroot without public folder 2020-04-10 15:06:14 +12:00
Ingo Schommer
a50e15e5ee FIX Avoid VACUUM on test dbs in Postgres 
The Postgres implementation was always faulty,
but the database exception was swallowed until
See https://github.com/silverstripe/silverstripe-framework/pull/9456.

Now that the the exception is only swallowed the first time,
the second recurrence will cause failing test execution.

This is a bit of an awkward fix, but the indirection "through" DataObject doesn't allow for anything else without changing public API surface.
The logic goes from TempDatabase to DBSchemaManager, then through the closure into DataObject->requireTable(),
then back into DBSchemaManager->requireTable(). And updateschema() is subclassed in SQLite3, making it difficult to add more arguments.

VACUUM is described as:

> VACUUM reclaims storage occupied by dead tuples. In normal PostgreSQL operation, tuples that are deleted or obsoleted by an update are not physically removed from their table; they remain present until a VACUUM is done. Therefore it's necessary to do VACUUM periodically, especially on frequently-updated tables.

https://www.postgresql.org/docs/9.1/sql-vacuum.html

Since test databases are short-lived, there's no reason to delete dead tuples, they'll be garbage collected when either the transaction is rolled back, or the database is destroyed after the test run.
 2020-04-09 14:43:16 +12:00
Ingo Schommer
2c5deceeb4 FIX Filter out all FULLTEXT BOOLEAN chars 
The query might still work depending on where these chars are placed,
but it seems weird to only remove *some* of the valid chars here.
See https://dev.mysql.com/doc/refman/5.6/en/fulltext-boolean.html

Note that the query runs both the actual boolean query with chars,
and then a separate relevance search without them.
 2020-04-09 10:32:45 +12:00
Ingo Schommer
0215fdd262 DOC Clarify sanitisation in searchEngine() under boolean mode 
This came up in https://github.com/silverstripe/silverstripe-cms/issues/1452, and wasn't fully addressed.
Either we allow boolean mode and all the constraints this brings around special character usage,
or we filter out those special characters, which makes boolean mode pointless.
You can't just pass arbitrary user input in a power-user function like this.
See https://dev.mysql.com/doc/refman/5.6/en/fulltext-boolean.html

Context: This used to work for some examples like "foo>*" under MyISAM,
presumably because it had a more lenient parser. InnoDB rightfully complains about this now.
 2020-04-09 10:32:45 +12:00
Ingo Schommer
c6b698cb02 NEW Allow InnoDB for FULLTEXT indexes 
MyISAM used to be the only one to support it, now InnoDB has caught up.
Unless an engine is set specifically in create_table_options,
this will auto-convert existing MyISAM tables to InnoDb.

Fixes #9242
 2020-04-09 10:32:45 +12:00
Ingo Schommer
052c5cbc38 BUG Infinite loops in TempDatabase (fixes #8902) 
Ugly, but so is the original implementation that this works around (swallowing an exception to trigger functionality)
 2020-04-08 13:58:02 +12:00
Robbie Averill
f77f725355
Merge pull request #9447 from mattclegg/docs__GridFieldDetailForm_ItemRequest-httpError 
[DOCS] Better debug text for errors generated by GridFieldDetailForm_ItemRequest
 2020-04-02 13:05:49 -07:00
Robbie Averill
d3b19069b3
Apply suggestions from code review 
Add double quotes around object title
 2020-04-02 12:51:13 -07:00
Dan Hensby
d1075f29b8
Remove empty parameter as per feedback 2020-04-02 12:11:35 +01:00
Dan Hensby
9e0ed0a50a
Fix spaces around concatenation operator 2020-04-02 12:09:22 +01:00
Dan Hensby
5bf2ac83ee
Merge branch '4.5' into 4 2020-04-01 19:23:47 +01:00
Loz Calver
39fab1974a
Merge pull request #9435 from unclecheese/pulls/4.5/wha-diff 
BUGFIX: Ensure diff arrays are one-dimensional
 2020-04-01 09:16:20 +01:00
Matt Clegg
e80f1b2b83
[DOCS] Member::logInAs is not a valid example 
Member::logInAs doesn't exist as a static function.

Additionally, `logInAs` does exist as a function in SapphireTest.php, so, should this be updated to also use `Member::actAs` for consistency?
 2020-03-31 18:20:21 +05:45
mattclegg
24bc80ed35
[DOCS] Better debug text for errors generated by GridFieldDetailForm_ItemRequest 2020-03-31 12:09:16 +05:45
Daniel Hensby
1fb574a5bd
NEW: Variadic URL parameter matches for url_handlers (#9438) 
* Add wildcard URL parameter matches for url_handlers

* Extra tests for wildcard parameters

* Add a PHP warning if more params appear after wildcard param
 2020-03-25 09:16:13 +13:00
Michal Kleiner
30c3b127c1 NEW Add ClassInfo method to get all classes with a given extension applied 2020-03-24 10:48:35 +13:00
Robbie Averill
5002f514b3
FIX Capitalisation fixes in welcome back message (#9439) 2020-03-23 15:54:30 +13:00
Aaron Carlino
7ad5f1bb14 BUGFIX: Ensure diff arrays are one-dimensional 2020-03-17 15:57:28 +13:00
Robbie Averill
b6512edec8
Merge pull request #9434 from mattclegg/bugfix--silverstripe-admin--requirements 
[BUGFIX] silverstripe/admin is not required to be installed
 2020-03-16 09:48:39 -07:00
mattclegg
06dab6b539
[BUGFIX] silverstripe/admin is not required to be installed 
If the silverstripe/admin module is not installed then the javascript/css requirements fail to load
 2020-03-16 18:54:01 +05:45
Garion Herman
88660e6435
Merge pull request #9426 from creative-commoners/pulls/4.5/change-atomic-job-title 
DOC Update atomic MigrationTask description
 2020-03-16 15:19:33 +13:00
Ramon Lapenta
9c7eac481e Add "option" to list elements that belong to "listbox" 
The accessibility attribute `role="listbox"` requires its immediate children to be set as `role="option"`, currently they don't have this option and accessibility tests are failing.
 2020-03-10 11:10:04 -06:00
Steve Boyd
667495eaf9 Merge branch '4.5' into 4 2020-03-06 10:53:28 +13:00
Steve Boyd
687435a2f1 Merge branch '4.4' into 4.5 2020-03-06 10:52:22 +13:00
Steve Boyd
6d6cc65927 Update description 2020-03-06 09:57:31 +13:00
UndefinedOffset
bba0f2f72f
BUGFIX: Fixed issue where TimeField_Readonly would only show "(not set)" instead of the value 2020-02-24 09:59:00 -04:00
Maxime Rainville
affd43052a Merge branch '4.5' into 4 2020-02-17 18:11:23 +13:00
Maxime Rainville
acd7d94167 Merge branch '4.4' into 4.5 2020-02-17 13:07:26 +13:00
Maxime Rainville
49fda52b12
Merge pull request #94 from silverstripe-security/fix/cve-2019-19325 
CVE-2019-1935
 2020-02-17 12:54:40 +13:00
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes 
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
 2020-02-17 09:58:29 +13:00
Guy Marriott
c31de772ab
Merge pull request #8838 from creative-commoners/pulls/4/slash-means-root 
Use '/' as an alternative designation for root in routing
 2020-02-14 11:29:32 -08:00
Garion Herman
29943f9049
API TestSession request methods now use the correct HTTP method (#8987) 
* API TestSession request methods now use the correct HTTP method

* DOCS Update requests section in Functional Testing to reflect API change
 2020-02-14 16:01:06 +13:00
Garion Herman
9d1d59d8d1 NEW Accept / as designation for root URL controller 2020-02-14 14:41:10 +13:00
Steve Boyd
8c7e10bd55 Merge branch '4.5' into 4 2020-02-11 16:45:35 +13:00
Steve Boyd
9d5c3ef20e Merge branch '4.4' into 4.5 2020-02-11 16:45:15 +13:00
Mojmir Fendek
285e6caafa PR fixes 2020-02-11 10:43:01 +13:00
Mojmir Fendek
448147c2f1 PR fixes 2020-02-10 09:17:34 +13:00
Mojmir Fendek
660f80d284 PR fixes 2020-02-07 13:49:19 +13:00
mnuguid
ca36a47bb1 FIX Update ORM DBField types to use Injector in scaffoldFormField() 
- This is usable in cases where a DBField is needed to be overloaded through the Injector.
 2020-02-04 21:43:47 +13:00
Mojmir Fendek
99786dda22 ORM Column now supports related table lookup 2020-01-28 15:46:30 +13:00
Mojmir Fendek
9c38c5f625 CMS action related extension points (#9340) 
* CMS action related extension points

* Refactor to use fewer extension points

* Remove explicit return type

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
 2020-01-27 15:09:15 +13:00
Maxime Rainville
6ff0f3f466 BUG The "Link existing" should be disabled rather than readonly. 2020-01-24 14:47:12 +13:00
Robbie Averill
4121099484 Merge branch '4.5' into 4 2020-01-16 20:00:02 -08:00
Robbie Averill
53fcd47dfc Merge branch '4.4' into 4.5 2020-01-16 19:59:42 -08:00
Robbie Averill
26e3b6f4e3 Merge branch '4.3' into 4.4 2020-01-16 19:59:24 -08:00
Mojmir Fendek
acbbf80d14 CMS action related extension points (#9340) 
* CMS action related extension points

* Refactor to use fewer extension points

* Remove explicit return type

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
 2020-01-15 14:24:49 +13:00
Robbie Averill
38d7bd700d
Merge pull request #9373 from manja/4.5 
Fixed issue with merging existing entities in text collector
 2020-01-14 09:27:35 -08:00