Steve Boyd
dc98cad48a
Merge branch '4.10' into 4.11
2022-11-21 13:43:59 +13:00
Steve Boyd
fe13856769
[CVE-2022-37429] Sanitise XSS
2022-11-21 13:06:40 +13:00
Guy Sartorelli
17f1c7ceed
Merge pull request #10585 from creative-commoners/pulls/4.11/cve-2022-37430
...
Sanitise mixed case javascript
2022-11-21 13:03:30 +13:00
Guy Sartorelli
e5b81109de
Merge pull request #10584 from creative-commoners/pulls/4.11/cve-2022-38462
...
Don't allow CRLF in header values
2022-11-21 13:02:25 +13:00
Steve Boyd
4308a93cc8
[CVE-2022-38148] Validate SortColumn exists
2022-11-21 13:01:32 +13:00
Guy Sartorelli
b17b29eea1
Merge pull request #10583 from creative-commoners/pulls/4.11/cve-2022-38724-embed-shortcode
...
Restrict embed shortcode attributes
2022-11-21 13:01:23 +13:00
Steve Boyd
49e637d244
MNT Explicitly test with blowfish
2022-11-10 11:36:56 +13:00
Steve Boyd
a3c1cb0ddf
ENH Set PasswordEncryption on default admin
2022-10-27 13:57:27 +13:00
Guy Sartorelli
168ca00555
[CVE-2022-38724] Restrict embed shortcode attributes
2022-10-26 09:31:12 +13:00
Steve Boyd
e3a6cad8a8
FIX Allow passing objects to InjectionCreator::create()
...
Co-authored-by: Nate Devereux <nate@daveclark.co.nz>
2022-10-19 18:04:48 +13:00
Christian Bünte
e24fb3f86c
Fix i18nTextCollector produces corrupt output / namespaces when running under PHP8.0 ( #10228 )
...
* FIX i18nTextCollector produces corrupt output / namespaces when running under PHP8.0
2022-09-29 13:40:40 +13:00
Guy Sartorelli
4a598ded51
FIX Allow removing named extensions in yaml config
2022-09-27 13:15:28 +13:00
Guy Sartorelli
d3c28579b7
[CVE-2022-38462] Don't allow CRLF in header values
2022-09-07 11:22:07 +12:00
Steve Boyd
2b5420ee7d
[CVE-2022-37430] Sanitise mixed case javascript
2022-08-23 15:36:48 +12:00
Steve Boyd
b24c289892
Merge branch '4.10' into 4.11
2022-07-28 14:05:07 +12:00
Steve Boyd
bdf7d09144
MNT Update Utf8TestHelper for MySQL 8.0.30
2022-07-28 13:21:23 +12:00
Steve Boyd
ce46e2da47
MNT No longer mark tests as skipped if running mysql 8
2022-07-26 13:54:10 +12:00
Steve Boyd
24daf3ae83
MNT Skip test if Page class missing
2022-07-25 16:35:28 +12:00
Steve Boyd
f6693d4ea5
Merge branch '4.10' into 4.11
2022-07-22 11:20:22 +12:00
Steve Boyd
5eb8d3e25f
MNT Skip test in MySQL8
2022-07-22 11:16:32 +12:00
Steve Boyd
674e6d9b7b
MNT Update utf8 aliases for mysql 8 and mariadb 10.6
2022-07-21 15:19:16 +12:00
Sabina Talipova
babc811381
FIX Remove unexpected message
2022-07-04 16:05:57 +12:00
Guy Sartorelli
ffcaed84f3
MNT Update tests for searchable_fields match_any
2022-06-30 15:55:56 +12:00
Steve Boyd
98b985fb91
Merge branch '4.10' into 4.11
2022-06-28 17:41:49 +12:00
Guy Sartorelli
794640247b
Merge pull request #10374 from creative-commoners/pulls/4.10/cve-2022-28803
...
[CVE-2022-28803] Block XSS in links and iframes.
2022-06-28 17:27:37 +12:00
Steve Boyd
b5abc38455
CVE-2021-41559 Disable xml entities
2022-06-28 17:04:34 +12:00
Guy Sartorelli
d2c58f3bbc
[CVE-2022-28803] Block XSS in links and iframes.
2022-06-28 17:01:53 +12:00
Guy Sartorelli
dec85819bd
Merge branch '4.10' into 4.11
2022-05-27 15:19:39 +12:00
Guy Sartorelli
0bc3ed4d2c
Merge branch '4.9' into 4.10
2022-05-27 15:19:17 +12:00
Guy Sartorelli
972a77f4d3
Merge branch '4.10' into 4.11
2022-05-27 12:55:35 +12:00
Guy Sartorelli
e0c4f01c11
FIX Resolve deduping problem with group codes.
...
Also remove dead validation code.
2022-05-27 11:19:32 +12:00
Steve Boyd
ec5b94facf
MNT Update utf8 aliases for mysql 8 and mariadb 10.6
2022-05-26 12:06:51 +12:00
Steve Boyd
6a779d07d0
ENH Allow multiple backtick variables in a single value
2022-05-12 17:12:14 +12:00
Guy Sartorelli
19bb72e7c7
FIX Correctly remove relations with ManyManyThroughList::removeall
...
Instead of just setting one side of the relation to null in the through
list, remove the rows entirely.
Remove only the relations which match the filters that have already been
set on the list.
This is consistent with the way ManyManyList works.
Also some small tidy-up (removing an unnecessary line break and an
unused "use" statement)
2022-05-05 11:21:51 +12:00
Guy Sartorelli
4795992208
Merge pull request #10222 from creative-commoners/pulls/4/php81
...
ENH PHP 8.1 compatibility
2022-04-22 16:15:10 +12:00
Guy Sartorelli
8be94e2588
Merge branch '4.10' into 4
2022-04-22 15:10:45 +12:00
Steve Boyd
656cba05e6
MNT Fix unit tests for kitchen-sink
2022-04-22 12:32:35 +12:00
Steve Boyd
511b3bb060
ENH PHP 8.1 compatibility
2022-04-14 13:12:59 +12:00
Steve Boyd
f1678781a2
ENH Various fixes for PHP 8.1 compatibility
2022-04-11 17:22:22 +12:00
Maxime Rainville
3e5a74c6b2
Merge pull request #10273 from creative-commoners/pulls/4/remove-ini-setting
...
ENH Fix deprecation issues for PHP 8.1 compatibility
2022-04-07 13:25:24 +12:00
Steve Boyd
814c5b2fd0
ENH Fix deprecation issues for PHP 8.1 compatibility
2022-04-06 11:34:34 +12:00
Steve Boyd
3202ef7c52
Merge branch '4.10' into 4
2022-04-06 10:42:58 +12:00
Steve Boyd
9add508718
NEW Use embed/embed v4
2022-03-24 10:27:15 +13:00
Maxime Rainville
77e87875b3
Merge pull request #10211 from creative-commoners/pulls/4.10/seach-filter-tests
...
FIX Default GridField search fields with an index of 0 to use StartWithFilter
2022-03-23 11:37:15 +13:00
Steve Boyd
740d087e97
FIX Default GridField search fields with an index of 0 to use StartWithFilter
2022-03-22 16:17:37 +13:00
Steve Boyd
081ec34461
Merge branch '4.10' into 4
2022-03-10 11:30:03 +13:00
Steve Boyd
82aba312fe
Merge branch '4.9' into 4.10
2022-03-10 11:27:48 +13:00
Steve Boyd
204b39bfdf
FIX Handle admin_email array config
2022-03-10 10:37:47 +13:00
Maxime Rainville
78dcfd217a
Merge pull request #10235 from creative-commoners/pulls/4/meta-generator
...
NEW Get the version for an individual module
2022-03-09 13:41:12 +13:00
Steve Boyd
59f23ad2aa
Merge branch '4.10' into 4
2022-03-08 16:06:08 +13:00