Guy Sartorelli
1a5bb4cbec
[CVE-2023-22729] Escaped double slash is absolute URL
2023-04-26 09:49:59 +12:00
Guy Sartorelli
fd5d8217e8
[CVE-2023-22728] Check canView before printing from GridField
2023-04-26 09:45:34 +12:00
Steve Boyd
3d03a93b8f
Merge branch '4.12' into 4.13
2023-04-11 10:55:17 +12:00
Dylan Wagstaff
92061a3ba6
FIX stabilise typed APIs ( #10740 )
...
Since 4.12 the use of typehints and return types has caused issues with
values fetched directly from config without validation. This has lead to
upgrade woes in a minor version (#10721 ) with no immediate recourse
other than manual system intervention.
To use types, we should ensure types, leaving a stable API that won't
error on a bad value - or should give a thoughtful and directive error
message if so.
Issue #10721 summary:
SessionMiddleware runs before FlushMiddleware
SessionMiddleware causes a PHP fatal error passing `null` to a `string`
parameter.
`null` comes from config, because default string value doesn't exist. We
need flush for this - but system execution never makes it that far.
2023-04-11 10:52:41 +12:00
Guy Sartorelli
a42bb856c3
Merge pull request #10750 from xini/patch-6
...
FIX: Group visibility for SITETREE_GRANT_ACCESS permissions
2023-04-11 09:58:43 +12:00
Florian Thoma
cd946b6c80
Group visibility for SITETREE_GRANT_ACCESS permissions
...
Make groups visible if member has SITETREE_GRANT_ACCESS permissions, otherwise the dropdown for selecting the group is empty
2023-04-05 16:33:41 +10:00
Guy Sartorelli
600f188287
MNT Revert erroneous dependency changes ( #10739 )
2023-03-28 16:46:46 +13:00
Guy Sartorelli
a62e554409
Merge pull request #10733 from creative-commoners/pulls/4.13/searchable
...
FIX Respect searchable_fields
2023-03-23 11:51:02 +13:00
Steve Boyd
0f40cc38ec
FIX Respect searchable_fields
2023-03-23 10:57:03 +13:00
Guy Sartorelli
0d041e7d7d
Merge pull request #10730 from creative-commoners/pulls/4.13/fix-depr
...
FIX Reduce array method calls
2023-03-22 11:34:10 +13:00
Steve Boyd
41bb35f3f3
FIX Reduce array method calls
2023-03-22 11:06:23 +13:00
Guy Sartorelli
e47eedff7d
Merge pull request #10725 from zemiacsik/patch-ArrayList-fix
...
FIX property_exists() parameters mixup
2023-03-20 18:52:02 +13:00
zemiacsik
d60af9d16e
FIX property_exists() parameters mixup
...
ensure that property parameter is a string
2023-03-14 08:42:22 +01:00
zemiacsik
5b8d61b55b
FIX property_exists() parameters mixup
...
property_exists() has first parameter "object_or_class" and second is a property to check
2023-03-13 13:51:48 +01:00
Guy Sartorelli
77cbe20ba9
MNT Update development dependencies
2023-03-10 16:29:44 +13:00
Guy Sartorelli
75b7622a21
MNT Update release dependencies
2023-03-10 16:29:40 +13:00
Guy Sartorelli
a387c9b9e4
MNT Update development dependencies
2023-03-10 12:21:27 +13:00
Guy Sartorelli
a4929a171e
Merge pull request #10697 from creative-commoners/pulls/4/nicer-deprecations
...
ENH Improve deprecation logging
2023-03-09 14:39:51 +13:00
Guy Sartorelli
f29577853a
Merge pull request #10720 from creative-commoners/pulls/4/tx-1678079865
...
ENH Update translations
2023-03-08 10:25:02 +13:00
Steve Boyd
a37be27bd7
ENH Update translations
2023-03-06 18:17:45 +13:00
Guy Sartorelli
046befc4ba
ENH Improve deprecation logging
2023-03-06 13:25:44 +13:00
Guy Sartorelli
128b327c6d
API Add method to check if env var is set
2023-03-06 11:49:22 +13:00
Steve Boyd
8b148bf293
Merge branch '4.12' into 4
2023-03-02 15:37:03 +13:00
Guy Sartorelli
66561ccb49
FIX Correctly deprecation Sources.module_priority ( #10711 )
...
This config was deprecated back in #7154 and hasn't been used since
2023-03-02 11:05:35 +13:00
Maxime Rainville
403f924d22
BUG Update RelatedDataService to properly escape ClassName in Polymorphic relations ( #10713 )
2023-03-02 09:56:40 +13:00
Michal Kleiner
94b24b2390
Merge pull request #10687 from xini/fix-classinfo-paths-windows
2023-03-01 20:56:49 +13:00
Florian Thoma
6585d499f5
FIX Convert slashes in paths when getting list of classes for file/folder
...
This is to support the mechanism working on all operating systems where Windows may produce a mix of forward and backward slashes in some paths.
For working with the files it may not be a problem, but for exact string comparison the path delimiters need to be unified.
2023-03-01 20:32:19 +13:00
Guy Sartorelli
277e97a84f
Merge pull request #10709 from creative-commoners/pulls/4/deprecated-args
...
ENH Updated deprecation warning message
2023-03-01 14:19:18 +13:00
Guy Sartorelli
58ca426f11
Merge branch '4.12' into 4
2023-03-01 12:54:30 +13:00
Sabina Talipova
05674adf51
ENH Updated deprecation warning message
2023-03-01 12:39:42 +13:00
Guy Sartorelli
5295ba6c16
API Throw deprecation warnings for bad configuration ( #10702 )
2023-03-01 11:36:08 +13:00
Guy Sartorelli
6669d54f59
FIX Wrap deprecated config with no replacement ( #10704 )
2023-02-27 18:13:31 +13:00
Guy Sartorelli
652281507f
FIX Correctly identify deprecated API in withNoReplacement ( #10706 )
2023-02-27 15:25:27 +13:00
Guy Sartorelli
ab566b0a15
API Add new deprecation notices. ( #10691 )
...
These are removed in CMS 5.
2023-02-15 13:26:36 +13:00
Florian Thoma
54fc4ee9d2
fix directory separator in i18nTextCollector on Windows ( #10681 )
...
* fix directory separator in i18nTextCollector for Windows
* fix typo
2023-02-09 19:09:48 +13:00
Sabina Talipova
1f7adab62e
Merge pull request #10677 from creative-commoners/pulls/4/deprecate-diff
...
API Deprecate Diff in favour of CMS5's HtmlDiff
2023-02-08 16:36:58 +13:00
Guy Sartorelli
3a14aafc7f
API Deprecate Diff in favour of CMS5's HtmlDiff
2023-02-08 11:15:28 +13:00
Guy Sartorelli
ce9fa05dc7
Merge pull request #10678 from creative-commoners/pulls/4/depr
...
API Deprecate code
2023-02-08 10:44:44 +13:00
Steve Boyd
4e9c74243d
API Deprecate code
2023-02-07 11:56:04 +13:00
Steve Boyd
23efed1802
Merge branch '4.12' into 4
2023-02-02 16:20:00 +13:00
Michal Kleiner
20e4aae25b
Merge pull request #10663 from lekoala/patch-33
...
FIX Prevent backslash in CSS class name
2023-01-30 22:51:09 +13:00
Thomas Portelange
3e5d99dedc
Prevent backslash in class name
...
since the default code is using get_called_class, you can end up with \ in the class name which is an escape character for css selectors
this update convert for example
even valCMS_ACCESS_SilverStripe\VersionedAdmin\ArchiveAdmin
to
even valCMS_ACCESS_SilverStripe-VersionedAdmin-ArchiveAdmin
ArchiveAdmin class should probably implement private static $required_permission_codes = 'CMS_ACCESS_ArchiveAdmin '; also
2023-01-30 10:26:22 +01:00
Maxime Rainville
c430011f19
Merge pull request #10648 from creative-commoners/pulls/4/deprecate-html5
...
API Deprecate HTML4Value
2023-01-17 22:20:07 +13:00
Steve Boyd
b973c88648
API Deprecate HTML4Value
2023-01-16 15:28:23 +13:00
Mojmir Fendek
2c105cffc9
ENH: saveInto() new extension points. ( #10636 )
...
* ENH: saveInto() new extension points.
2023-01-13 09:43:22 +13:00
Guy Sartorelli
62f71a321d
Merge pull request #10631 from xini/patch-5
...
fix: optional return value for paginator state
2023-01-09 10:47:17 +13:00
Florian Thoma
bb8e3b8386
fix: optional return value for paginator state
...
`$state->getData()->getData('GridFieldPaginator')' (line 598) returns null by default.
2023-01-02 15:32:16 +11:00
Guy Sartorelli
3564f98c9c
Merge pull request #10616 from s-kerdel/10615-Respect-SS_BASE_URL-for-CLI-RequestBuilder
...
FIX Respect SS_BASE_URL scheme in CLI environment
2022-12-20 11:38:12 +13:00
Shiva Kerdel
4a1eb0c158
ISSUE-10615: Respect SS_BASE_URL scheme in CLI environment.
...
Additionally set _SERVER variables for HTTPS and SSL to respect SS_BASE_URL scheme when executing builds and tasks through CLI.
This should solve base tags not being provided with the correct HTTP scheme. This is important to resolve mixed content issues and insecure requests.
2022-12-20 11:13:02 +13:00
Guy Sartorelli
0d662ba95f
Merge branch '4.12' into 4
2022-12-19 01:38:09 +00:00