Loz Calver
d1df67d308
FIX: SQLSelect count methods now cast to int ( fixes #5498 )
2016-05-10 12:31:45 +01:00
Daniel Hensby
8673ac15bc
MINOR Empty YAML config causes invalid argument error
2016-04-26 12:58:27 +01:00
Daniel Hensby
745faebd81
Merge 3.2 into 3.3
...
Conflicts:
.travis.yml
2016-04-26 00:17:09 +01:00
Daniel Hensby
a0812f987a
Merge 3.1 into 3.2
...
Conflicts:
admin/javascript/LeftAndMain.js
control/HTTPRequest.php
docs/en/00_Getting_Started/00_Server_Requirements.md
2016-04-26 00:09:33 +01:00
Roman Schmid
9146450c49
Fix Email test issue discovered in #5271 .
...
Updated/added tests for changed- and forgot-password Emails.
Updated fixture and tests to no longer use a real Email address.
2016-04-11 13:46:41 +02:00
Damian Mooyman
6ec2656201
BUG fix ErrorControlChain causing errors to be displayed if display_errors in php.ini is false
...
Fixes #5250
2016-04-01 11:04:06 +13:00
Roman Schmid
25c453fe7b
Fixed issue where canViewVersioned
caused a DB error when Versioned was used with stages other than the default "Stage" and "Live".
...
Updated VersionedTest to also check an Object with a single stage in the canView test.
2016-03-22 09:42:21 +01:00
Daniel Hensby
817b836870
FIX getIP from behind a load-balancer that adds many IPs to the header
2016-03-01 21:07:48 +00:00
Damian Mooyman
5f2d3f31d7
Merge remote-tracking branch 'origin/3.2' into 3.3
...
# Conflicts:
# dev/DevelopmentAdmin.php
# docs/en/02_Developer_Guides/08_Performance/02_HTTP_Cache_Headers.md
# lang/cs.yml
# lang/lt.yml
2016-02-24 17:29:06 +13:00
Damian Mooyman
ff5ed6efeb
Merge remote-tracking branch 'origin/3.2.2' into 3.2
2016-02-24 17:03:43 +13:00
Damian Mooyman
013524af50
[ss-2016-002] Ensure Gridfield actions respect CSRF
2016-02-24 11:47:15 +13:00
Damian Mooyman
e2c77c5a8f
[ss-2016-002] Ensure Gridfield actions respect CSRF
2016-02-24 11:33:53 +13:00
Damian Mooyman
65a0981c08
BUG Correct behaviour of publish with $createNewVersion = true
...
Fixes #5040
Cleanup code to make behaviour more apparent
2016-02-23 10:15:49 +13:00
Damian Mooyman
56e92f5a32
[ss-2016-002] Ensure Gridfield actions respect CSRF
2016-02-18 17:28:54 +13:00
Mark Stephens
3fcf1e2c98
BUG edge case on many many extra fields (fixes 4991)
...
Fixes an edge case where extraFields are not returned if
one side of a many many is added via extension (although this
may not be the only failure case). Fixes a
downstream issue with dms breaking the CMS on framework 3.2.
The bug is where a many many relationship exists on a class,
and a sub-class attempts to get the extra fields of the
relationship. The change fixes the test for exact matching of
the relationship class to the instance class, to checking if
the instance is the class or a subclass of the relationship.
The unit tests check the dms failure case, which is a more
complex failure case.
2016-02-04 12:47:07 +13:00
Damian Mooyman
7c448bb4a2
Merge remote-tracking branch 'origin/3.2' into 3.3
...
# Conflicts:
# tests/model/DataObjectLazyLoadingTest.php
# tests/model/VersionedTest.yml
2016-01-25 14:11:37 +13:00
Damian Mooyman
bf8bf5e4d5
BUG Prevent Versioned::doRollbackTo from creating incorrect versions on subclasses of Versioned DataObjects
...
Document correct configuration of Versioned DataObjects
Fixes #4936
2016-01-22 15:35:58 +13:00
Damian Mooyman
df76d783fe
BUG Fix VersionedTest sometimes failing given certain querystring arguments
2016-01-20 14:49:46 +13:00
Damian Mooyman
5d240feaec
Merge remote-tracking branch 'origin/3.2' into 3.3
2016-01-19 15:08:24 +13:00
Damian Mooyman
46cbe809ac
Merge remote-tracking branch 'origin/3.1' into 3.2
...
# Conflicts:
# docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
# docs/en/02_Developer_Guides/14_Files/01_Image.md
# docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md
# docs/en/03_Upgrading/index.md
# docs/en/05_Contributing/01_Code.md
# forms/TreeMultiselectField.php
# security/Permission.php
2016-01-19 14:00:19 +13:00
Daniel Hensby
4335d8ed22
FIX Members with no ID inherit logged in user permission
2016-01-05 08:16:18 +00:00
Damian Mooyman
fce82519bd
BUG Workaround for issues in testing version
2015-12-22 17:47:53 +13:00
Damian Mooyman
19b10044ec
Merge remote-tracking branch 'origin/3.2' into 3
2015-12-22 17:05:07 +13:00
Damian Mooyman
66b3a6a2c5
Merge pull request #4840 from mateusz/guard
...
BUG Guard against users being added to all groups on unsaved Group.
2015-12-22 16:29:09 +13:00
Damian Mooyman
48a30909f3
Merge remote-tracking branch 'origin/3.2' into 3
...
# Conflicts:
# admin/javascript/LeftAndMain.BatchActions.js
# css/UploadField.css
# forms/HtmlEditorField.php
2015-12-22 14:07:52 +13:00
Loz Calver
d265c9b733
FIX: Allow omitting a value for OptionsetField submissions ( fixes #4824 )
2015-12-14 16:50:22 +00:00
Loz Calver
9467ab9a7e
NEW: Implement unshift() in field list classes ( closes #4834 )
2015-12-14 16:18:57 +00:00
Mateusz Uzdowski
5a21b2fb15
BUG Guard against users being added to all groups on unsaved Group.
...
If ->Members()->add() is called on an unsaved group (with ID 0), the
collateFamilyIDs() will errorneously return all root Groups thinking
it's looking for Groups with ParentID=0. As a result, the Member will be
added to all root groups, instead of just the selected group and all its
children.
2015-12-11 14:51:51 +13:00
Ingo Schommer
0175167761
Merge pull request #4830 from open-sausages/pulls/3/fix-querystring-stage
...
API Disable unauthenticated get parameter access to site stage mode
2015-12-10 10:44:43 +13:00
Damian Mooyman
fa0160a874
BUG Fix regression in canViewStage
2015-12-09 14:53:21 +13:00
Hamish Friedlander
1eda9151a4
Merge pull request #4831 from open-sausages/pulls/3/fix-versioned-canview
...
API Create default security permission model for versioned data objects
2015-12-09 14:17:27 +13:00
Damian Mooyman
6089a7c5bd
API Create default security permission model for versioned data objects
2015-12-09 11:33:53 +13:00
Marcus Nyeholt
fc5e584201
Format for SS3 using tabs instead of spaces
2015-12-08 15:19:24 +11:00
Damian Mooyman
38e154af0a
API Disable get parameter access to site stage mode
...
BUG Fix missing and undocumented response from Security::permissionFailure()
2015-12-07 17:39:18 +13:00
Marcus Nyeholt
f7c270a3ba
NEW Use Config for determining Vary header
...
Existing implementation hardcodes the Vary header; swap to using Config layer
instead
Added test for changing the variable from config
2015-12-02 10:28:24 +11:00
Christopher Darling
e9b833f5f0
FIX: ConfirmedPassword field correctly reports mismatching passwords
...
added testFormValidation to prove #4780
2015-11-20 15:56:27 +00:00
Loz Calver
68d99be24b
FIX: Hidden errors for composite fields nested inside FieldGroups ( fixes #4773 )
2015-11-17 16:34:17 +00:00
Damian Mooyman
fd6ae72e1d
Merge remote-tracking branch 'origin/3.2.1' into 3.2
2015-11-16 16:39:15 +13:00
Hamish Friedlander
b61d6dcd57
[ss-2015-027]: FIX HtmlEditorField_Toolbar#viewfile not whitelisting URLs
2015-11-13 15:20:09 +13:00
Damian Mooyman
fea1158d19
BUG Fix print button only displaying first page
2015-11-12 14:59:08 +13:00
Damian Mooyman
245e0aae2f
[ss-2015-026]: BUG Fix FormField error messages not being encoded safely
2015-11-11 17:50:02 +13:00
Ingo Schommer
ac4342d81d
[ss-2015-022]: XML escape RSSFeed $link parameter
2015-11-11 17:46:39 +13:00
Damian Mooyman
97f21fddb3
[ss-2015-021] Fix rewrite hash links XSS
2015-11-11 17:46:27 +13:00
Damian Mooyman
bc1b2893ac
[ss-2015-026]: BUG Fix FormField error messages not being encoded safely
2015-11-11 16:56:19 +13:00
Ingo Schommer
4f55b6a115
[ss-2015-022]: XML escape RSSFeed $link parameter
2015-11-11 16:54:04 +13:00
Damian Mooyman
132e9b3e2f
[ss-2015-021] Fix rewrite hash links XSS
2015-11-11 16:52:53 +13:00
Damian Mooyman
0272e443f4
BUG Prevent dev/build continually regenerating Number field type
2015-11-11 09:21:50 +13:00
Daniel Hensby
d380252488
Merge pull request #4760 from tractorcow/pulls/3.2/fix-empty-filter
...
BUG Correct behaviour for empty filter array (as per 3.1)
2015-11-10 01:48:47 +00:00
muskie9
603caccb90
ENHANCEMENT CurrencyField to use Currency.currency_symbol
...
fixes #4035
I have limited experience with regex, so I hope I did it correctly. I was able to save/save & publish with the curent regex and the values look good.
2015-11-09 19:38:51 -06:00
Damian Mooyman
732e705bbf
BUG Correct behaviour for empty filter array (as per 3.1)
2015-11-10 14:24:45 +13:00