Daniel Hensby
d2633be56d
Merge branch '3.1' into 3.2
2016-11-22 11:21:08 +00:00
Damian Mooyman
cc9d17063a
Add tests for FormField submission behaviour
...
Fix ReadonlyField casting with empty values
Restore Value() behaviour for TextareaField
2016-11-15 11:55:48 +13:00
Daniel Hensby
61e4055bdb
[SS-2016-010] FIX Cast FormField values as Text to prevent readonly fields embeding rogue HTML
2016-11-14 10:38:15 +00:00
Daniel Hensby
4998b80445
FIX ArrayList sorting now caseinsensitive
2016-08-22 11:21:50 +01:00
Damian Mooyman
12a6b357e7
[ss-2016-015] Fix value / title escaping in CheckboxSetField and OptionsetField
2016-08-15 14:14:42 +12:00
Damian Mooyman
62a242154e
[ss-2016-015] Fix value / title escaping in CheckboxSetField and OptionsetField
2016-08-15 13:24:06 +12:00
madmatt
43dcde5197
FIX: Hierarchy was incorrectly unexpanding nodes that had been previously expanded
2016-07-19 11:22:36 +12:00
Loz Calver
27cea80b15
FIX: SS_ConfigStaticManifest_Parser failed to handle ::class syntax ( fixes #5701 ) ( #5781 )
2016-07-07 10:23:38 +01:00
Daniel Hensby
39238d908e
FIX falsey attribute values in shortcodes now work
2016-07-04 15:17:24 +01:00
Daniel Hensby
765f45eaf1
Check for shortcode tag before trying to parse shortcodes
2016-07-04 15:10:42 +01:00
Daniel Hensby
2cdfe6cc21
FIX Use RAW for DBField template helpers
2016-07-04 14:39:56 +01:00
Daniel Hensby
b0f237bb3a
FIX Use RAW instead of Value for parsing shortcodes
2016-07-04 13:53:56 +01:00
Daniel Hensby
3fe8d30c2c
Merge branch '3.1' into 3.2
2016-06-29 11:40:27 +01:00
Daniel Hensby
c11ac5d248
Merge pull request #4162 from kinglozzer/pulls/object-parse-class-spec
...
FIX: Object::parse_class_spec failed to parse associative arrays
2016-06-28 16:07:12 +01:00
Damian Mooyman
8dfeeb0eb6
Merge 3.1 into 3.2
2016-05-18 17:25:42 +12:00
Hamish Friedlander
d350aa4153
Merge pull request #5555 from open-sausages/pulls/3.1/fix-display-errors
...
BUG Fix suppression of display_errors in ErrorControlChain
2016-05-18 16:04:57 +12:00
Damian Mooyman
62bd26d11a
BUG Fix suppression of display_errors in ErrorControlChain
2016-05-18 13:36:54 +12:00
Daniel Hensby
e8962b95d0
Merge branch '3.1' into 3.2
2016-05-12 16:05:54 +01:00
Loz Calver
5b275376d3
Many many bug
2016-05-12 12:38:04 +01:00
Daniel Hensby
dd554d883f
Proving bug with Deep nested many_many relations
...
When adding a filter to a many_many with a shared inheritance, the FROM table is removed and added as a LEFT JOIN which causes a syntax error.
This means `$dataList->filter('ManyManyRel.ID', array(1,2))` doesn't work.
2016-05-12 12:38:02 +01:00
Damian Mooyman
9da594b326
Merge 3.1 into 3.2
...
# Conflicts:
# admin/javascript/lang/cs.js
# admin/javascript/lang/de.js
# admin/javascript/lang/eo.js
# admin/javascript/lang/es.js
# admin/javascript/lang/fa_IR.js
# admin/javascript/lang/fi.js
# admin/javascript/lang/fr.js
# admin/javascript/lang/id.js
# admin/javascript/lang/id_ID.js
# admin/javascript/lang/it.js
# admin/javascript/lang/ja.js
# admin/javascript/lang/lt.js
# admin/javascript/lang/mi.js
# admin/javascript/lang/nb.js
# admin/javascript/lang/nl.js
# admin/javascript/lang/pl.js
# admin/javascript/lang/ro.js
# admin/javascript/lang/ru.js
# admin/javascript/lang/sk.js
# admin/javascript/lang/sl.js
# admin/javascript/lang/sr.js
# admin/javascript/lang/sr@latin.js
# admin/javascript/lang/sr_RS.js
# admin/javascript/lang/sr_RS@latin.js
# admin/javascript/lang/src/nl.js
# admin/javascript/lang/sv.js
# admin/javascript/lang/zh.js
# javascript/lang/ar.js
# javascript/lang/bg.js
# javascript/lang/cs.js
# javascript/lang/de.js
# javascript/lang/eo.js
# javascript/lang/es.js
# javascript/lang/fa_IR.js
# javascript/lang/fi.js
# javascript/lang/fr.js
# javascript/lang/id.js
# javascript/lang/id_ID.js
# javascript/lang/it.js
# javascript/lang/ja.js
# javascript/lang/lt.js
# javascript/lang/mi.js
# javascript/lang/nb.js
# javascript/lang/nl.js
# javascript/lang/pl.js
# javascript/lang/ru.js
# javascript/lang/sk.js
# javascript/lang/sl.js
# javascript/lang/sr.js
# javascript/lang/sr@latin.js
# javascript/lang/sr_RS.js
# javascript/lang/sr_RS@latin.js
# javascript/lang/sv.js
# javascript/lang/zh.js
# lang/nl.yml
# lang/sk.yml
2016-05-11 13:48:22 +12:00
Damian Mooyman
b612c0549d
Merge 3.1.19 into 3.1
2016-05-11 13:15:10 +12:00
Daniel Hensby
971d561633
Allow ManyManyListTest to run standalone
2016-05-10 15:24:07 +01:00
Daniel Hensby
cf29b2c146
Merge remote-tracking branch '3.1.19' into 3.2.4
2016-05-05 11:17:45 +01:00
Daniel Hensby
a0812f987a
Merge 3.1 into 3.2
...
Conflicts:
admin/javascript/LeftAndMain.js
control/HTTPRequest.php
docs/en/00_Getting_Started/00_Server_Requirements.md
2016-04-26 00:09:33 +01:00
Daniel Hensby
f32c893546
[SS-2016-005] FIX Apply brute force protection to default admin
2016-04-19 23:20:29 +01:00
Roman Schmid
9146450c49
Fix Email test issue discovered in #5271 .
...
Updated/added tests for changed- and forgot-password Emails.
Updated fixture and tests to no longer use a real Email address.
2016-04-11 13:46:41 +02:00
Damian Mooyman
6ec2656201
BUG fix ErrorControlChain causing errors to be displayed if display_errors in php.ini is false
...
Fixes #5250
2016-04-01 11:04:06 +13:00
Daniel Hensby
817b836870
FIX getIP from behind a load-balancer that adds many IPs to the header
2016-03-01 21:07:48 +00:00
Damian Mooyman
ff5ed6efeb
Merge remote-tracking branch 'origin/3.2.2' into 3.2
2016-02-24 17:03:43 +13:00
Damian Mooyman
013524af50
[ss-2016-002] Ensure Gridfield actions respect CSRF
2016-02-24 11:47:15 +13:00
Damian Mooyman
e2c77c5a8f
[ss-2016-002] Ensure Gridfield actions respect CSRF
2016-02-24 11:33:53 +13:00
Damian Mooyman
65a0981c08
BUG Correct behaviour of publish with $createNewVersion = true
...
Fixes #5040
Cleanup code to make behaviour more apparent
2016-02-23 10:15:49 +13:00
Mark Stephens
3fcf1e2c98
BUG edge case on many many extra fields (fixes 4991)
...
Fixes an edge case where extraFields are not returned if
one side of a many many is added via extension (although this
may not be the only failure case). Fixes a
downstream issue with dms breaking the CMS on framework 3.2.
The bug is where a many many relationship exists on a class,
and a sub-class attempts to get the extra fields of the
relationship. The change fixes the test for exact matching of
the relationship class to the instance class, to checking if
the instance is the class or a subclass of the relationship.
The unit tests check the dms failure case, which is a more
complex failure case.
2016-02-04 12:47:07 +13:00
Damian Mooyman
bf8bf5e4d5
BUG Prevent Versioned::doRollbackTo from creating incorrect versions on subclasses of Versioned DataObjects
...
Document correct configuration of Versioned DataObjects
Fixes #4936
2016-01-22 15:35:58 +13:00
Damian Mooyman
46cbe809ac
Merge remote-tracking branch 'origin/3.1' into 3.2
...
# Conflicts:
# docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
# docs/en/02_Developer_Guides/14_Files/01_Image.md
# docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md
# docs/en/03_Upgrading/index.md
# docs/en/05_Contributing/01_Code.md
# forms/TreeMultiselectField.php
# security/Permission.php
2016-01-19 14:00:19 +13:00
Daniel Hensby
4335d8ed22
FIX Members with no ID inherit logged in user permission
2016-01-05 08:16:18 +00:00
Damian Mooyman
66b3a6a2c5
Merge pull request #4840 from mateusz/guard
...
BUG Guard against users being added to all groups on unsaved Group.
2015-12-22 16:29:09 +13:00
Loz Calver
d265c9b733
FIX: Allow omitting a value for OptionsetField submissions ( fixes #4824 )
2015-12-14 16:50:22 +00:00
Mateusz Uzdowski
5a21b2fb15
BUG Guard against users being added to all groups on unsaved Group.
...
If ->Members()->add() is called on an unsaved group (with ID 0), the
collateFamilyIDs() will errorneously return all root Groups thinking
it's looking for Groups with ParentID=0. As a result, the Member will be
added to all root groups, instead of just the selected group and all its
children.
2015-12-11 14:51:51 +13:00
Christopher Darling
e9b833f5f0
FIX: ConfirmedPassword field correctly reports mismatching passwords
...
added testFormValidation to prove #4780
2015-11-20 15:56:27 +00:00
Loz Calver
68d99be24b
FIX: Hidden errors for composite fields nested inside FieldGroups ( fixes #4773 )
2015-11-17 16:34:17 +00:00
Damian Mooyman
fd6ae72e1d
Merge remote-tracking branch 'origin/3.2.1' into 3.2
2015-11-16 16:39:15 +13:00
Hamish Friedlander
b61d6dcd57
[ss-2015-027]: FIX HtmlEditorField_Toolbar#viewfile not whitelisting URLs
2015-11-13 15:20:09 +13:00
Damian Mooyman
fea1158d19
BUG Fix print button only displaying first page
2015-11-12 14:59:08 +13:00
Damian Mooyman
245e0aae2f
[ss-2015-026]: BUG Fix FormField error messages not being encoded safely
2015-11-11 17:50:02 +13:00
Ingo Schommer
ac4342d81d
[ss-2015-022]: XML escape RSSFeed $link parameter
2015-11-11 17:46:39 +13:00
Damian Mooyman
97f21fddb3
[ss-2015-021] Fix rewrite hash links XSS
2015-11-11 17:46:27 +13:00
Damian Mooyman
bc1b2893ac
[ss-2015-026]: BUG Fix FormField error messages not being encoded safely
2015-11-11 16:56:19 +13:00
Ingo Schommer
4f55b6a115
[ss-2015-022]: XML escape RSSFeed $link parameter
2015-11-11 16:54:04 +13:00