Commit Graph

2495 Commits

Author SHA1 Message Date
Damian Mooyman
013524af50 [ss-2016-002] Ensure Gridfield actions respect CSRF 2016-02-24 11:47:15 +13:00
Daniel Hensby
4335d8ed22 FIX Members with no ID inherit logged in user permission 2016-01-05 08:16:18 +00:00
Christopher Darling
e9b833f5f0 FIX: ConfirmedPassword field correctly reports mismatching passwords
added testFormValidation to prove #4780
2015-11-20 15:56:27 +00:00
Damian Mooyman
245e0aae2f [ss-2015-026]: BUG Fix FormField error messages not being encoded safely 2015-11-11 17:50:02 +13:00
Ingo Schommer
ac4342d81d [ss-2015-022]: XML escape RSSFeed $link parameter 2015-11-11 17:46:39 +13:00
Damian Mooyman
97f21fddb3 [ss-2015-021] Fix rewrite hash links XSS 2015-11-11 17:46:27 +13:00
Damian Mooyman
7367cf54c4 [ss-2015-020]: Prevent possible Privilege escalation 2015-09-10 13:01:24 +12:00
Will Morgan
17e97babf1 Merge pull request #4549 from kinglozzer/pulls/recursion-arraylist-sort
FIX: Recursion errors when sorting objects with circular dependencies (fixes #4464)
2015-09-01 16:42:17 +01:00
Loz Calver
0943b3b1a0 FIX: Recursion errors when sorting objects with circular dependencies (fixes #4464) 2015-09-01 09:37:06 +01:00
Ingo Schommer
28554dbe94 Merge pull request #4504 from dhensby/pulls/fields-fix
When loading data into a form, make sure its using ALL fields
2015-08-28 08:38:49 +12:00
Daniel Hensby
cffb11e568 TEST Ensure data is loaded into complete FieldList 2015-08-27 17:56:22 +01:00
Daniel Hensby
2d4b743090 FIX Members can access their own profiles in CMS 2015-08-26 15:47:51 +01:00
Loz Calver
99a8a81e9a Fix issues with tests and "subfolder" URLs 2015-08-25 11:49:01 +12:00
Daniel Hensby
6eede57ff2 Fix issue where Access All CMS Sections doesnt work 2015-08-20 22:30:43 +01:00
Loz Calver
687de33d0d Ensure ClassInfo is backwards compatible with non-existant classes 2015-08-04 15:07:07 +01:00
Daniel Hensby
ffbeac6b7d Ensuring classinfo is case insensitive 2015-07-28 11:17:50 +01:00
Daniel Hensby
5f0d0ab66a Merge pull request #4155 from kinglozzer/pulls/getfiletype-case
FIX: File::getFileType() was case sensitive (fixes #3631)
2015-07-28 00:13:26 +01:00
Russell
51722e3d12 DataObject accept arrays or stdClass
The constructor of DataObject can take an array or stdClass for $record.
However, it is access as an array [here](https://github.com/silverstripe/silverstripe-framework/blob/3.1/model/DataObject.php#L416) and [here](https://github.com/silverstripe/silverstripe-framework/blob/3.1/model/DataObject.php#L431)

This pull request ensures $record is an array after validation
2015-07-27 10:29:34 +01:00
Sam Minnée
532bf6ccb9 Merge pull request #3554 from tractorcow/pr/3179
FIX: FulltextFilter did not work and was not usable
2015-07-22 11:29:57 +12:00
Sam Minnée
40e9515233 Merge pull request #4053 from tractorcow/pulls/3.1/fix-stringfield-exists
BUG Fix default casted (boolean)false evaluating to true in templates
2015-07-22 11:26:49 +12:00
Damian Mooyman
a556b4854a BUG Fix of multiple i18nTextCollector issues: #3797, #3798, #3417 2015-07-09 10:45:08 +12:00
Hamish Friedlander
f5d6f20113 Merge pull request #4333 from sminnee/shortcode-fix
Allow shortcodes inside script tags. Fixes #4332.
2015-06-25 14:51:03 +12:00
Sam Minnee
6d05c57881 Ensure that shortcodes inside script tags are parsed. Fixes #4332.
The problem is that the marker images aren’t picked up by DOMDocument
if they are inserted into a <script> tag, due to the semantics of HTML.

This fix does an additional replacement after the marker images are
replaced in this way to pick up any leftover tags.
2015-06-22 11:29:12 +01:00
Daniel Hensby
aa3871d716 Merge pull request #4306 from gregsmirnov/pulls/3.1/fixed-datetimefield-setname-issue-4305
Issue #4305: fixed DatetimeField::setName()
2015-06-18 22:10:13 +01:00
Gregory Smirnov
5b22e3afc5 Test TimeField value at 12:00 am 2015-06-18 18:53:44 +02:00
Gregory Smirnov
66b1dd9154 Issue 4305: fixed DatetimeField::setName() 2015-06-18 18:36:02 +02:00
Damian Mooyman
0653ba9630 Merge pull request #3979 from dhensby/pulls/test-nest
Nest and unnest Config and Controller for each test
2015-06-17 16:04:27 +12:00
Daniel Hensby
6169bf2760 FIX No longer caching has_one after ID change 2015-06-16 17:38:34 +01:00
Damian Mooyman
7ff131daa7 BUG Fix default casted (boolean)false evaluating to true in templates 2015-06-12 15:47:15 +12:00
Damian Mooyman
782c4cbf6f API Enable single-column fulltext filter search as fallback 2015-06-12 15:36:03 +12:00
micmania1
40c5b8b675 FIX FulltextFilter did not work and was not usable 2015-06-12 15:31:45 +12:00
Loz Calver
28be51cab0 FIX: Config state leaking between unit tests 2015-06-11 16:37:26 +01:00
Daniel Hensby
3ee5b24898 Nest and unnest Config and Controller for each test and test suite 2015-06-11 16:37:25 +01:00
Daniel Hensby
c062670ba3 Removing unreachable test line 2015-06-09 16:01:33 +01:00
Damian Mooyman
b42ddd107c Merge pull request #3499 from colymba/ie-multi-file-upload-fix
FIX #3458 iframe transport multi file upload FIX #3343, FIX #3148
2015-06-09 13:22:10 +12:00
Ingo Schommer
dac1b5818b Merge pull request #4217 from tractorcow/pulls/3.1/fix-directortest
BUG Fix DirectorTest failing when run with sake
2015-06-01 17:34:26 +12:00
Damian Mooyman
e733efa195 Merge pull request #4206 from gregsmirnov/pulls/localised-moneyfield-fix
BUG Fixed handling of numbers in certain locales
2015-05-29 09:21:43 +12:00
Damian Mooyman
50e33b8e5e Merge remote-tracking branch 'origin/3.1.13' into 3.1 2015-05-28 19:08:12 +12:00
Damian Mooyman
0a8f328947 Fix merge / test regressions 2015-05-28 16:59:05 +12:00
Damian Mooyman
a978b891e1 BUG Fix handling of empty parameter token 2015-05-28 10:13:10 +12:00
Damian Mooyman
79cfa2bb64 Bug fix sqlquery select 2015-05-28 10:11:32 +12:00
Gregory Smirnov
94f6a13729 BUG Fixed setting LastEdited for DataObject with class ancestry 2015-05-22 11:32:59 +02:00
Damian Mooyman
e0710ae4e4 BUG Fix DirectorTest failing when run with sake 2015-05-22 14:48:35 +12:00
Gregory Smirnov
f9bdf61b6f BUG Fixed handling of numbers in certain locales 2015-05-20 12:18:34 +01:00
Jonathon Menz
c6bcfea3e3 BUG: FieldList::changeFieldOrder() leftovers discarded
Logical error. Use of + operator means items from second array are only merged if the key does not already appear in the first array. The first array has numeric keys 0,1,2 etc. The second array is keyed by field name, but array_values() resets the keys to be numberic starting at 0. This means that some or all leftovers are discarded instead of appended.
2015-05-17 09:09:35 -07:00
Daniel Hensby
e94c2a944e Test to prove having count issue 2015-05-07 21:26:11 +01:00
Loz Calver
1cca37c908 FIX: File::getFileType() was case sensitive (fixes #3631) 2015-05-04 15:10:16 +01:00
Damian Mooyman
8e24511266 BUG Fix users with all cms section access not able to edit files
Fixes #4078
2015-04-20 18:20:56 +12:00
Damian Mooyman
7f983c2bae BUG Fix SS-2014-017 2015-03-20 18:27:30 +13:00
Damian Mooyman
80fc55decf Merge branch 'xss-fix' into '3.1'
Xss fix

See merge request !3
2015-03-20 18:19:53 +13:00