Robbie Averill
db2aa38228
Merge pull request #9277 from tractorcow/pulls/4.4/respect-can-create
...
BUG Ensure that canCreate() context matches that respected by GridFieldAddNewButton
2019-10-03 18:21:43 -07:00
Damian Mooyman
d7752b7945
Run PSR2 Lint cleaner
2019-10-04 13:26:31 +13:00
Damian Mooyman
f1594fd991
BUG Ensure that canCreate() context matches that respected by GridFieldAddNewButton
2019-10-04 11:24:34 +13:00
Robbie Averill
1265f09f4f
Merge pull request #9271 from michalkleiner/pulls/4/check-array-props-in-custom-methods
...
FIX Check array keys existence when removing methods in CustomMethods
2019-10-03 14:30:22 -07:00
Michal Kleiner
1a2dbfd3a5
Update conditional logic when checking array keys before removing methods in CustomMethods
2019-09-30 10:17:59 +13:00
Michal Kleiner
52a039f631
Check array keys existence prior to their usage when removing methods in CustomMethods
2019-09-27 14:57:15 +12:00
Serge Latyntcev
50a1aa4c4d
Merge branch '4.3' into 4.4
2019-09-24 17:28:31 +12:00
Aaron Carlino
a0ec2f2811
Update translations
2019-09-24 17:26:37 +12:00
Serge Latyntcev
26a4fb38ba
Added 4.3.6 changelog
2019-09-24 17:20:48 +12:00
Aaron Carlino
79a89e751d
Added 4.4.4 changelog
2019-09-24 17:05:26 +12:00
Aaron Carlino
c1047fac32
DOCS: Add docs for versioned files migration
2019-09-24 16:04:22 +12:00
Aaron Carlino
28057e3a71
DOCS: Add FileShortcodeProvider change to changelog
2019-09-24 16:03:48 +12:00
Serge Latyntcev
8b7063a8e2
[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution
2019-09-24 16:03:48 +12:00
Serge Latyntcev
eccfa9b10d
[CVE-2019-12203] Session fixation in "change password" form
...
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 16:03:48 +12:00
Aaron Carlino
1f92b21a04
DOCS: Add FileShortcodeProvider change to changelog
2019-09-24 16:03:48 +12:00
Aaron Carlino
8ee5e621fd
DOCS: Add docs for versioned files migration
2019-09-24 16:00:51 +12:00
Serge Latyntcev
5af205993d
[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution
2019-09-24 16:00:51 +12:00
Serge Latyntcev
569237c0f4
[CVE-2019-12203] Session fixation in "change password" form
...
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 16:00:51 +12:00
Aaron Carlino
99ab3c6421
DOCS: Add FileShortcodeProvider change to changelog
2019-09-24 16:00:51 +12:00
Guy Marriott
3659f2888d
FIX Add 'legal empty attributes' to allow empty alt values on i… ( #9257 )
...
FIX Add 'legal empty attributes' to allow empty alt values on imgs
2019-09-23 17:03:01 -07:00
Garion Herman
0d27f32cc9
FIX Add 'legal empty attributes' to allow empty alt values on imgs
...
In some situations, a caption is used in place of a value in the alt
attribute, and in others an image may be cosmetic and not in need of an
alt attribute value (though the alt attribute must still be rendered in
this case).
2019-09-24 11:44:12 +12:00
Robbie Averill
3cfc21c405
Merge pull request #9241 from open-sausages/pulls/4.4.3/fix-file-permission
...
Fix administrators not being able to see files that are restricted to groups
2019-09-23 11:13:26 -07:00
Guy Marriott
aa7c057422
FIX: Don't force-add view button to readonly GridField (fixes #… ( #9254 )
...
FIX: Don't force-add view button to readonly GridField (fixes #9249 )
2019-09-23 10:31:25 -07:00
Guy Marriott
190b2f2842
FIX: run member CMS validator when editing via groups (fixes #9… ( #9255 )
...
FIX: run member CMS validator when editing via groups (fixes #9184 )
2019-09-23 10:28:38 -07:00
Loz Calver
efdb9cc718
FIX: run member CMS validator when editing via groups ( fixes #9184 )
2019-09-23 16:59:58 +01:00
Loz Calver
d85ff3bc44
FIX: Don't force-add view button to readonly GridField ( fixes #9249 )
2019-09-23 16:52:47 +01:00
bergice
6a1c6ecec6
Fix administrators not being able to see files that are restricted to groups
...
Resolves https://github.com/silverstripe/silverstripe-asset-admin/issues/777
2019-09-23 16:44:28 +12:00
Guy Marriott
7877ffcc85
Merge branch '4.3' into 4.4
2019-09-18 15:52:18 -07:00
Guy Marriott
109ac3f75f
Allow non summary fields to be used as grid field export fields ( #9248 )
...
Allow non summary fields to be used as grid field export fields
2019-09-18 15:33:25 -07:00
Hayden Shaw
daf9d55ecb
Allow non summary fields to be used as export fields
...
Fixes regression in 3d989a6eae
.
2019-09-19 10:00:54 +12:00
Robbie Averill
592ab6abc1
Merge branch '4.3' into 4.4
2019-09-13 18:11:34 -07:00
Robbie Averill
066ce8e01c
Merge branch '4.2' into 4.3
...
# Conflicts:
# src/View/ThemeResourceLoader.php
2019-09-13 18:10:37 -07:00
Robbie Averill
cfe86ad5a1
Merge pull request #9153 from creative-commoners/pulls/4.4/stream-ree-tags
...
FIX Skip md5-ing the whole contents of a stream for etags
2019-09-13 17:59:26 -07:00
Andre Kiste
cf90cfdd2a
Merge pull request #9221 from open-sausages/pulls/4.3/recursive-writeComponent
...
BUG Allow infinite loop when calling DataObject::writeComponent() recursively
2019-09-12 17:18:08 +12:00
Maxime Rainville
591b88a9bc
BUG Allow infinite loop when calling DataObject::writeComponent() recursively
2019-09-10 14:15:28 +12:00
Robbie Averill
41a766d135
Merge pull request #9085 from kinglozzer/9084-path-join-exception
...
Catch Path::join() exceptions in findTemplate() (fixes #9084 )
2019-09-06 12:00:39 -07:00
Maxime Rainville
24015c7767
Merge branch '4.3' into 4.4
2019-09-04 09:42:09 +12:00
Robbie Averill
aec5051a24
Merge pull request #9206 from creative-commoners/pulls/4.3/strip-bom-on-csv-import
...
FIX Byte Order Marks (BOM) are now stripped when importing CSV files
2019-09-03 09:55:38 -07:00
Maxime Rainville
a2a202c016
Merge pull request #9200 from open-sausages/pulls/4.4.3/consistent-actions
...
FIX make the grid field actions consistent to what they look like on pages
2019-09-02 14:07:22 +12:00
bergice
2f8d847a10
FIX make the grid field actions consistent to what they look like on pages
...
Resolves https://github.com/silverstripe/silverstripe-admin/issues/904
2019-09-02 12:22:32 +12:00
Robbie Averill
02194908e2
Merge pull request #9205 from wilr/pulls/add-upgrade-notes-for-email
...
Add missing upgrade rules for Email class
2019-08-30 14:15:17 +12:00
Robbie Averill
0b991cc039
Merge pull request #9198 from elabuwa/pulls/4.3/bug-fix-html-entities-breadcrumbs-in-group
...
Bug : Add html_entity_decode to group parents
2019-08-30 09:51:52 +12:00
Dileep Ratnayake
fe4eb5dd2a
Update src/Security/Group.php
...
Co-Authored-By: Maxime Rainville <maxime@rainville.me>
2019-08-29 15:44:41 +12:00
Robbie Averill
77ba8391c4
FIX Byte Order Marks (BOM) are now stripped when importing CSV files
2019-08-29 14:54:57 +12:00
Will Rossiter
e07bcee182
Add missing upgrade rules for Email class
2019-08-29 09:10:03 +12:00
Maxime Rainville
4cfce30842
Merge pull request #9204 from open-sausages/pulls/4.3/remove-dumb-place-holder-text
...
BUG Remove placeholder text on new group form
2019-08-29 09:05:38 +12:00
Maxime Rainville
73f43c6f42
BUG Remove placeholder text on new group form
2019-08-28 17:14:19 +12:00
Dileep Ratnayake
9b7075ed5d
Update Group.php
2019-08-27 16:22:00 +12:00
Dileep Ratnayake
a976a1688b
Update Group.php
...
move to private method
2019-08-27 16:21:08 +12:00
Dileep Ratnayake
40e5c4ec59
Update Group.php
...
use of convert::raw2xml, rename $grp to $group
2019-08-27 16:19:40 +12:00