Commit Graph

19768 Commits

Author SHA1 Message Date
Damian Mooyman
2a51f34c3e
BUG Prevent canonical URL causing a redirect on CLI unless explicitly enabled
Replaces #8157
2018-06-11 13:54:27 +12:00
Nicolaas
8f03c7df05 PATCH: removing duplicate key (SS_TRUSTED_PROXY_HOST_HEADER) 2018-06-11 13:35:27 +12:00
Damian Mooyman
546c6c3e22
Merge pull request #8125 from open-sausages/pulls/4/date-field-tweaks
Remove legacy logic from DateField_Disabled
2018-06-11 09:23:33 +12:00
Daniel Hensby
cfe93b7f23
Merge branch '3.6' into 4.0 2018-06-08 14:41:04 +01:00
Maxime Rainville
582c69d32f
BUG Fix issue with Disabled DateField always display (not set). 2018-06-08 13:51:22 +01:00
Daniel Hensby
e1450b5e82
Merge pull request #8147 from kinglozzer/mysql-pdo-attr
FIX: Only set MYSQL_ATTR_INIT_COMMAND when using mysql driver (fixes #8103)
2018-06-08 13:06:03 +01:00
Ingo Schommer
510b0f7759
Merge pull request #8150 from open-sausages/pulls/4.0/fix-postgres-duplication-issue
BUG Fix test that relies on implicit ID order breaking postgres
2018-06-08 12:58:43 +12:00
Damian Mooyman
29f9b1c18f
Fix linting issues 2018-06-08 11:38:36 +12:00
Damian Mooyman
e37e3e1746
BUG Fix test that relies on implicit ID order breaking postgres 2018-06-08 11:23:24 +12:00
Loz Calver
66f57bd4da FIX: Only set MYSQL_ATTR_INIT_COMMAND when using mysql driver (fixes #8103) 2018-06-07 10:26:00 +01:00
Damian Mooyman
c070e989c4
BUG Safely handle empty injector factory responses
Fixes issue with ImageBackendFactory returning null and breaking injector
2018-06-06 16:45:16 +12:00
Daniel Hensby
801a51d0f7
Merge branch '3.5' into 3.6 2018-06-05 16:30:20 +01:00
Robbie Averill
13ea2f9b80
Merge pull request #8132 from dhensby/pulls/3.5/postgres-test-fix
FIX Regression from #8009
2018-06-05 13:43:19 +12:00
Daniel Hensby
41e601a036
FIX Regression from #8009 2018-06-04 17:03:05 +01:00
Loz Calver
050018dba6
Merge pull request #8134 from dhensby/pulls/3.5/memory-limit
Increase memory limit to 2G in Travis builds
2018-06-04 16:50:52 +01:00
Loz Calver
0a4e3fc716
Merge pull request #8133 from dhensby/pulls/3.5/php53-compat
FIX PHP 5.3 compat for referencing $this in closures
2018-06-04 16:30:21 +01:00
Robbie Averill
c1b0c56788
Increase memory limit to 2G in Travis builds 2018-06-04 16:24:18 +01:00
Robbie Averill
1cbf27e0f4
FIX PHP 5.3 compat for referencing $this in closure, and make method public for same reason
sdf
2018-06-04 16:05:49 +01:00
Daniel Hensby
1658fe7617
Merge pull request #8127 from jonom/4.0-read-only-currency
Fix: negative values in read only currency field
2018-06-04 11:52:01 +01:00
Jonathon Menz
5a5ba1e5c0 Fix: negative values in read only currency field
Don’t strip out ‘-‘ character as this makes negative values appear to be positive (Fixes #8126)
2018-06-01 12:59:02 -07:00
Robbie Averill
624a5326a7
Typo in PHPDoc type 2018-05-30 14:51:09 +12:00
Robbie Averill
3244603458 Merge remote-tracking branch 'origin/3.6' into 4.0 2018-05-28 17:50:54 +12:00
Robbie Averill
3a537bc745 Merge branch 'heads/4.0.4' into 4.0 2018-05-28 17:50:07 +12:00
Robbie Averill
d21660971f Merge branch 'heads/3.6.6' into 3.6 2018-05-28 17:44:28 +12:00
Robbie Averill
dae8fefb1e Merge remote-tracking branch 'origin/3.5' into 3.6 2018-05-28 17:43:55 +12:00
Robbie Averill
df4648a308 Merge branch 'heads/3.5.8' into 3.5 2018-05-28 17:42:31 +12:00
Robbie Averill
912dc60cf3
Added 3.5.8 changelog 2018-05-28 15:50:54 +12:00
Robbie Averill
fe4f6f42d3
Updated 4.0.4 changelog 2018-05-24 13:51:21 +12:00
Damian Mooyman
5bff64b47b BUG Fix Director::test() not persisting removed session keys on teardown 2018-05-24 13:10:03 +12:00
Robbie Averill
e7e32d13a3
FIX Add namespace and encryptor to tests that expect blowfish to be available 2018-05-24 11:24:56 +12:00
Robbie Averill
bb1f0cce58
Added 4.0.4 changelog 2018-05-24 11:15:14 +12:00
Robbie Averill
5b7eca2b63
Merge pull request #70 from silverstripe-security/pulls/4.0/ss-2018-012
[ss-2018-012] File security documentation
2018-05-14 17:16:53 +12:00
Damian Mooyman
299131ed22 [ss-2018-012] File security documentation 2018-05-14 17:16:36 +12:00
Robbie Averill
c28f411abd
Merge pull request #66 from silverstripe-security/pulls/4.0/security-password-fix
SECURITY: Remove password text from session data on failed submission
2018-05-14 17:15:28 +12:00
Aaron Carlino
f847f186b1 [ss-2018-013] Remove password text from session data on failed submission 2018-05-14 17:14:38 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47 [SS-2018-010] Fix regression of SS-2017-002 2018-05-14 17:12:07 +12:00
Robbie Averill
1e6790bfb6
Merge pull request #62 from silverstripe-security/pulls/4.0/ss-2018-001
[ss-2018-001] Restrict non-admins from being assigned to admin groups
2018-05-14 17:11:03 +12:00
Damian Mooyman
e409d6f673 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-14 17:10:22 +12:00
Robbie Averill
39b62e5fbb
Merge pull request #61 from silverstripe-security/pulls/4.0/ss-2018-008
[ss-2018-008] Validate against malformed urls
2018-05-14 17:07:09 +12:00
Damian Mooyman
9053014a7e [ss-2018-008] Validate against malformed urls 2018-05-14 17:06:47 +12:00
Robbie Averill
6f50728b18
Merge pull request #59 from silverstripe-security/pulls/4.0/ss-2018-006
[ss-2018-006] Prevent code execution in template value resolution
2018-05-14 17:06:04 +12:00
Robbie Averill
cd716fb61b Switch check for is_string 2018-05-14 17:05:31 +12:00
Damian Mooyman
2e13ae746f [ss-2018-006] Prevent code execution in template value resolution 2018-05-14 17:05:31 +12:00
Robbie Averill
3e205d69c3
Merge pull request #57 from silverstripe-security/pulls/4.0/ss-2018-005
[ss-2018-005] Prevent unauthenticated isDev / isTest being allowed
2018-05-14 17:04:23 +12:00
Damian Mooyman
d935140a95 [ss-2018-005] Prevent unauthenticated isDev / isTest being allowed 2018-05-14 17:03:39 +12:00
Robbie Averill
91327ab63e
Added 3.6.6 changelog 2018-05-14 10:59:58 +12:00
Robbie Averill
097f16282d
Added 3.6.6-rc1 changelog 2018-05-10 16:03:20 +12:00
Robbie Averill
0408048653
Merge pull request #71 from silverstripe-security/pulls/3.6/ss-2018-014
[SS-2018-014] Remove dotm, potm, jar, css, js, xltm from default File.allowed_extensions
2018-05-10 15:55:32 +12:00
Robbie Averill
19fdebfa24 [SS-2018-014] Remove dotm, potm, jar, css, js, xltm from default File.allowed_extensions 2018-05-10 15:53:11 +12:00