Commit Graph

16516 Commits

Author SHA1 Message Date
Damian Mooyman
e281c64fca
Merge remote-tracking branch 'silverstripe-security/3.5' into 3.6 2017-12-06 17:32:56 +13:00
Damian Mooyman
a8465900bd
Merge pull request #47 from silverstripe-security/patch/3.5/SS-2017-008
[SS-2017-008] FIX Make sure int params are successfull cast to int
2017-12-06 17:30:51 +13:00
Damian Mooyman
d6a93f5215
Merge remote-tracking branch 'silverstripe-security/3.5' into 3.6
# Conflicts:
#	security/Member.php
2017-12-06 17:26:45 +13:00
Damian Mooyman
91cf85087b
Merge remote-tracking branch 'origin/3.5' into 3.6 2017-12-06 17:21:09 +13:00
Damian Mooyman
d09c2d7b03 Added 3.5.6-rc1 changelog 2017-12-06 16:27:12 +13:00
Damian Mooyman
5f7f1ea150 Added 3.5.6-rc1 changelog 2017-12-06 16:27:08 +13:00
Damian Mooyman
dd4c5417e7
Merge pull request #49 from silverstripe-security/pulls/3.5/ss-2017-007
[ss-2017-007] Ensure xls formulae are safely sanitised on output (3.5)
2017-12-06 16:25:58 +13:00
Damian Mooyman
44de03da01
Merge pull request #53 from silverstripe-security/pulls/3.5/ss-2017-006
[ss-2017-006] Fix user agent invalidation on session startup (3.5 branch)
2017-12-06 16:25:39 +13:00
Damian Mooyman
3e2bcaa0b4
Merge pull request #54 from silverstripe-security/pulls/3.5/ss-2017-009
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt (3.5 branch)
2017-12-06 16:25:19 +13:00
Damian Mooyman
975d462e0c
Merge pull request #7661 from dhensby/pulls/3.5/versioned-base-class
FIX Use baseDataClass for allVersions as with other methods
2017-12-06 14:13:14 +13:00
Damian Mooyman
77b46672e2
Merge branch '3.5' into pulls/3.5/versioned-base-class 2017-12-06 11:37:46 +13:00
Damian Mooyman
c5837c62e8
Merge pull request #7679 from dhensby/pulls/3.5/fix-critical-issues
Fixing scrutinizer issues
2017-12-06 11:30:57 +13:00
Daniel Hensby
8d1a5ed8b7
More code style fixes 2017-12-05 14:20:13 +00:00
Daniel Hensby
2aa1d8f2c4
remove create_function usage 2017-12-05 14:20:13 +00:00
Daniel Hensby
84d7afb347
FIX Use baseDataClass for allVersions as with other methods 2017-12-05 13:02:20 +00:00
Robbie Averill
2538f59ab7
Merge pull request #5211 from stevie-mayhew/pulls/reset-button
BUGFIX: don't try and switch out of context of the tab system
2017-12-05 19:59:49 +13:00
Damian Mooyman
25e276cf37 [ss-2017-006] Fix user agent invalidation on session startup 2017-12-01 10:55:00 +13:00
Damian Mooyman
22ccf3e2f9
[ss-2017-007] Ensure xls formulae are safely sanitised on output
CSVParser now strips leading tabs on cells
2017-12-01 10:19:48 +13:00
Damian Mooyman
6ba00e829a
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt 2017-11-30 15:53:50 +13:00
Loz Calver
b31b22ac8e
Merge pull request #7635 from dhensby/pulls/3.5/update-pwd-encryption-on-change
FIX Update meber passwordencryption to default on password change
2017-11-27 09:05:43 +00:00
Damian Mooyman
bac5f4c8aa
Merge branch '3.5' into pulls/3.5/update-pwd-encryption-on-change 2017-11-27 14:42:32 +13:00
Daniel Hensby
badeb0cc8c
Merge branch '3.5' into 3.6 2017-11-25 16:17:36 +00:00
Daniel Hensby
f31caaa429
Merge pull request #7640 from kinglozzer/travis-firefox
Specify Firefox 31 for Travis Behat builds
2017-11-24 21:53:35 +00:00
Loz Calver
7b719d7b9d Specify Firefox 31 for Travis Behat builds 2017-11-24 21:16:36 +00:00
Loz Calver
6ab9dba9c8
Merge pull request #7639 from dhensby/pulls/3.5/phpunit-warnings
Fix deprecated usage of getMock in unit tests
2017-11-24 15:16:26 +00:00
Daniel Hensby
09a003bc13
Fix deprecated usage of getMock in unit tests 2017-11-24 14:48:30 +00:00
Daniel Hensby
2ad3cc07d5
FIX Update meber passwordencryption to default on password change 2017-11-23 21:17:31 +00:00
Daniel Hensby
79bba8bfd1
Merge pull request #7632 from open-sausages/pulls/3.5/fix-director-cli-redirect
BUG Don't redirect in force_redirect() in CLI
2017-11-23 12:49:32 +00:00
Damian Mooyman
1053de7ec3 BUG Don't redirect in force_redirect() in CLI
Replaces #4025
2017-11-23 14:26:55 +13:00
Loz Calver
a7dfda2a85
Merge pull request #7628 from dhensby/pulls/3.5/travis-retry
Travis retry on imagick install
2017-11-22 17:04:01 +00:00
Loz Calver
7c98346c68
Merge pull request #7629 from dhensby/pulls/3.6/int-lowercase-fix
FIX Allow lowercase and uppercase delcaration of legacy Int class
2017-11-22 16:58:17 +00:00
Daniel Hensby
ef6d86f2c6
FIX Allow lowercase and uppercase delcaration of legacy Int class 2017-11-22 16:34:42 +00:00
Daniel Hensby
a63bb12d92
Travis retry on imagick install 2017-11-22 13:25:26 +00:00
Daniel Hensby
2e76936878
Merge pull request #7345 from schellmax/patch-2
TreeDropdownField: replace onadd by onmatch
2017-11-22 12:37:11 +00:00
Daniel Hensby
0f2049d4d4
[SS-2017-008] Fix SQL injection in search engine 2017-11-21 14:45:36 +00:00
Damian Mooyman
d047c921ed
Merge pull request #7617 from open-sausages/pulls/3.6/inject-datadifferencer
Make DataDifferencer injectable
2017-11-20 16:59:52 +13:00
Ingo Schommer
d39e9b0bb0 Make DataDifferencer injectable
Requested by Steve Boyd
2017-11-20 15:47:35 +13:00
Damian Mooyman
a73f75ccc5
Merge pull request #7613 from dhensby/pulls/3.5/phpunit-loosen-constraint
Loosen PHPUnit constraints
2017-11-20 13:58:20 +13:00
Daniel Hensby
36bb28a41d
Loosen PHPUnit constraints 2017-11-17 11:48:24 +00:00
Loz Calver
13b02feed7
Merge pull request #7602 from dhensby/pulls/3.5/fix-filter-any-inner-join
FIX ManyMany link table joined with LEFT JOIN
2017-11-16 13:48:07 +00:00
Daniel Hensby
c96ed89cbe
Merge pull request #7607 from patricknelson/issue-7606-svg-image-tags
FIX: Prevent crash when saving page with <img> that has an SVG source.
2017-11-16 12:12:49 +00:00
Daniel Hensby
ce3fd370fb
FIX ManyMany link table joined with LEFT JOIN 2017-11-16 12:11:16 +00:00
Daniel Hensby
29e57d8015
Merge pull request #7608 from bummzack/patch-1
Fix HTTP::get_mime_type with uppercase filenames.
2017-11-16 11:48:11 +00:00
Daniel Hensby
4f3deb13e0
TEST filterAny on many_many relations return correct items 2017-11-16 11:10:12 +00:00
Patrick Nelson
52f0eadd3b
FIX for #7606: Ensure the object we're handling is actually an Image instance before calling methods specific to that class (e.g. in case of using SVG's in <img> tag which may be File instances). 2017-11-16 11:08:06 +00:00
Daniel Hensby
3d3096485b
TEST Uppercase file extensions return correct mime type 2017-11-16 11:01:25 +00:00
Roman Schmid
dda14e8959
Fix HTTP::get_mime_type with uppercase filenames.
The fallback of `HTTP::get_mime_type` (that uses a lookup instead of `finfo`) doesn't ensure the extension is converted to lowercase before the lookup. A file named `Image.JPG` will return `'application/unknown'`.
This change fixes this issue.
2017-11-16 10:56:34 +00:00
Daniel Hensby
4731d3c671
Merge branch '3.5' into 3.6 2017-11-14 12:00:53 +00:00
Damian Mooyman
ef86b16854
Merge pull request #7514 from dhensby/pulls/3.5/composer-autoload
Add composer autloading to v3
2017-11-02 11:41:35 +13:00
Chris Joe
a3351589e6 Merge pull request #7118 from phptek/issue/7116
FIX: Fixes #7116 Improves server requirements docs viz: OpCaches.
2017-10-26 11:05:47 +13:00