Commit Graph

10383 Commits

Author SHA1 Message Date
Tim
e2238245b9 Fixed RSS example 2013-11-12 10:50:27 +13:00
Sean Harvey
b5b8cb25e0 Merge pull request #2632 from chillu/pulls/versioned-docs
FIX "Draft" stage to fix dev/build, Versioned docs (fixes #2619)
2013-11-03 12:31:12 -08:00
Ingo Schommer
65b4407337 FIX "Draft" stage to fix dev/build, Versioned docs (fixes #2619) 2013-11-03 21:27:26 +01:00
Sean Harvey
d8f29fcc04 Merge pull request #2236 from chillu/pulls/isdev-infinite-loop
FIX Avoid infinite loops on ?isDev=1 and Deprecation class
2013-10-31 15:59:31 -07:00
Ingo Schommer
5b5f98a6fa Merge pull request #2625 from colymba/mysqli-backtrace-filtering
BUG backtrace now filters MySQLi arguments
2013-10-30 08:00:18 -07:00
colymba
4131f574fd BUG backtrace now filters MySQLi arguments
Add MySQLi functions mysqli() and select_db() to the list of filtered
function arguments to avoid exposing sensitive data
2013-10-30 12:36:07 +02:00
Ingo Schommer
0e37eaf5fa Merge pull request #2586 from ss23/3.0-staging-fix
FIX: Move stage choosing into a pre-request filter.
2013-10-23 01:47:57 -07:00
Andrew Short
e7c8fed6ab FIX: Move stage choosing into a pre-request filter.
This ensures that the correct stage is selected, even if the request
does not come through the model as controller system. This fixes an
issue where custom controllers would always be on the "Stage" stage.
2013-10-23 18:22:15 +13:00
Simon Welsh
699272a2e7 Merge pull request #2584 from ss23/patch-3
MINOR typo where display_errors wasn't checked properly
2013-10-22 20:34:33 -07:00
Stephen Shkardoon
696e6f65ab MINOR typo where display_errors wasn't checked properly 2013-10-23 16:32:31 +13:00
Ingo Schommer
5235a3f3a2 Installer regression from dd49834 2013-10-16 11:29:44 +02:00
Ingo Schommer
9824168b45 Removed link to non-functional dokuwiki install 2013-10-07 16:17:21 +02:00
Ingo Schommer
e4adff48bc Added 3.0.8 changelog 2013-10-07 01:31:28 +02:00
Sean Harvey
2aba81321a Merge pull request #2488 from tractorcow/pulls/3.0-platform-compatibility
BUG 3.0 Fixed cross-platform issues with test cases and file utility
2013-10-06 13:16:09 -07:00
Damian Mooyman
f67b549b77 BUG Fixed cross-platform issues with test cases and file utilities 2013-10-04 13:54:33 +13:00
Ingo Schommer
1a002b7bbf Merge pull request #2487 from halkyon/installer_error_check_30
BUG Fixing installer not checking display_errors correctly.
2013-10-03 16:41:50 -07:00
Sean Harvey
5e5a2f8845 Merge pull request #2288 from chillu/pulls/browser-spellcheck
API Disable discontinued Google Spellcheck in TinyMCE (#2213)
2013-10-03 14:42:45 -07:00
Sean Harvey
8b2e1f2e7c Merge pull request #2328 from chillu/pulls/versioned-archivemode-validation
Validate 'archiveDate' user data in Versioned
2013-10-03 14:33:22 -07:00
Sean Harvey
dd49834b9e BUG Fixing installer not checking display_errors correctly.
Fixes issue #2479. Installer sets display_errors on, but it checks
the changed value and not the original one set in php.ini.
2013-10-04 10:05:28 +13:00
Ingo Schommer
06b5f142b6 Increased CacheTest time delay, avoid flickering tests
Setting a cache lifetime of half a second seems to be
unreliable on Travis when just waiting a second,
so let's wait a bit longer.
2013-10-02 12:13:22 +02:00
Ingo Schommer
6de517bf72 3.0.7 changelog 2013-10-01 00:26:11 +02:00
Ingo Schommer
bda56eb9b0 Don't link record in GridField form message
This is no longer allows through Form->sessionMessage() to avoid XSS.
2013-09-30 23:55:32 +02:00
Ingo Schommer
a68e0ba365 Check for jQuery in Behat tests
Identified as one potential cause for flickering tests
on our own Selenium box.
2013-09-30 23:36:46 +02:00
Ingo Schommer
d963eac0a6 Merge tag '3.0.6' into 3.0 2013-09-27 00:20:08 +02:00
Ingo Schommer
652682c048 3.0.6 changelog 2013-09-26 11:33:42 +02:00
Sean Harvey
9b1211f071 Merge pull request #2459 from moveforward/patch-1
Fixed typo
2013-09-25 19:43:05 -07:00
moveforward
dd0296413f Fixed typo 2013-09-26 14:41:40 +12:00
Ingo Schommer
ffb316dbc9 Added 3.0.7-rc1 changelog 2013-09-26 01:32:41 +02:00
Ingo Schommer
047e325e27 Merge pull request #2452 from chillu/pulls/escape-3.0
Escaping 3.0
2013-09-25 16:02:30 -07:00
Ingo Schommer
e1f9458db1 Added 3.0.7 changelog 2013-09-24 21:54:34 +02:00
Ingo Schommer
c243418597 API Escape form validation messages (SS-2013-008) 2013-09-24 21:54:31 +02:00
Ingo Schommer
114fb59107 FIX Auto-escape titles in TreeDropdownField
Related to SS-2013-009. While the default "TreeTitle" was escaped
within the SiteTree->TreeTitle() getter, other properties like SiteTree->Title
weren't escaped. The new logic uses the underlying casting helpers
on the processed objects.
2013-09-24 21:40:17 +02:00
Sean Harvey
b383a07f90 BUG Fixing tabindex added to CreditCardField when tabindex is NULL
The tabindex increment *should* only be done if there is a tabindex
that has been set on a CreditCardField already, otherwise it breaks
the tab ordering.
2013-09-24 21:40:17 +02:00
Ingo Schommer
2dd7baac16 Merge pull request #2434 from halkyon/cc_tabindex_fix_2
BUG Fixing tabindex added to CreditCardField when tabindex is NULL
2013-09-19 16:37:58 -07:00
Sean Harvey
c453ea3094 BUG Fixing tabindex added to CreditCardField when tabindex is NULL
The tabindex increment *should* only be done if there is a tabindex
that has been set on a CreditCardField already, otherwise it breaks
the tab ordering.
2013-09-20 11:13:10 +12:00
Ingo Schommer
a7f38f7b4d Merge pull request #2413 from ss23/patch-1
Update 3.0.6.md
2013-09-12 16:08:04 -07:00
Stephen Shkardoon
f765696d26 Update 3.0.6.md
Add reference to information disclosure in Versioned.php (SS-2013-006)
2013-09-13 10:34:51 +12:00
Ingo Schommer
24bae3f922 Tagged 3.0.6-rc2 2013-09-12 16:48:20 +02:00
Ingo Schommer
a6b402f491 Added 3.0.6-rc2 changelog 2013-09-12 16:48:15 +02:00
Ingo Schommer
2da4d76c3b Updated translations 2013-09-12 16:37:12 +02:00
Ingo Schommer
7c99cb4668 Merge branch 'pulls/security-issues-august-3.0' into 3.0 2013-09-12 15:45:13 +02:00
Ingo Schommer
5e0315dc62 Safety note on DataObject::validation_enabled 2013-09-12 15:42:43 +02:00
Ingo Schommer
f803704d91 FIX Disallow permissions assign for APPLY_ROLES (SS-2013-005)
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:43 +02:00
Ingo Schommer
8b5c8eab72 Linking to older security issue in change log
Mainly for consistency with the newer format
2013-09-12 15:42:43 +02:00
Ingo Schommer
05757efceb FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:43 +02:00
Ingo Schommer
6cff9671d4 FIX Privilege escalation through Group and Member CSV upload (SS-2013-004)
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
2013-09-12 15:42:43 +02:00
Ingo Schommer
720c149aee FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:42 +02:00
Sean Harvey
a1939dccd1 Merge pull request #2400 from jbridson/patch-9
Update 2-extending-a-basic-site.md
2013-09-10 21:47:36 -07:00
Simon Welsh
c2105db6d0 Count, not Length 2013-09-11 12:05:43 +12:00
jbridson
a4fbff4df5 Update 2-extending-a-basic-site.md
Fixed a few wording issues and added some clarity to links eg: Tutorial One (Building a basic site)
2013-09-11 11:20:41 +12:00