Commit Graph

19399 Commits

Author SHA1 Message Date
Daniel Hensby
29300c2c2d
Merge remote-tracking branch 'security/3.5.5' into HEAD 2017-09-28 15:48:29 +01:00
Daniel Hensby
6e78b9f8d2
Merge pull request #7406 from NightJar/patch-2
Fix ArrayList sort error with old (supported) PHP

PHP 5.3 at least (the reported and tested against version) requires arguments to `call_user_func_array` to be passed by reference. There exists a note as a comment in the code, but was unfortunately overlooked in a previous commit to fix case sensitive sorting 4998b80#diff-6ba746c3d31fd6b4c4a99d7efe35eb21L442

To solve this issue we simply first assign the constant to a variable, so we can then pass that by reference. This has no functional impact, however fixes an issue for users locked in to old PHP versions which we still list as supported (https://docs.silverstripe.org/en/3/getting_started/server_requirements/#web-server-software-requirements).
2017-09-28 15:46:38 +01:00
Dylan Wagstaff
ebe1de8d8b
Fix ArrayList sort error with old (supported) PHP
PHP 5.3 at least (the reported and tested against version) requires arguments to `call_user_func_array` to be passed by reference. There exists a note as a comment in the code, but was unfortunately overlooked in a previous commit to fix case sensitive sorting 4998b80445 (diff-6ba746c3d31fd6b4c4a99d7efe35eb21L442)

To solve this issue we simply first assign the constant to a variable, so we can then pass that by reference. This has no functional impact, however fixes an issue for users locked in to old PHP versions which we still list as supported (https://docs.silverstripe.org/en/3/getting_started/server_requirements/#web-server-software-requirements).
2017-09-28 15:29:54 +01:00
Damian Mooyman
f574f6d1b2
Reset test state for modified config options 2017-09-28 17:24:32 +13:00
Christopher Joe
53b2fcd1ea Fix amend TinyMCE combined generator's unit test to be more lenient with encoding 2017-09-28 16:47:13 +13:00
Christopher Joe
90d0361a6c Enhancement update set_themes to not update config 2017-09-28 16:47:13 +13:00
Christopher Joe
7e92b053f4 Enhancement Add setter and getter for certain classes, so that LeftAndMain no longer updates config during init 2017-09-28 16:47:13 +13:00
Damian Mooyman
da27948777 Merge pull request #7373 from dhensby/pulls/4/rate-limit-security
NEW RateLimiter for Security controller
2017-09-28 11:01:37 +13:00
Damian Mooyman
e4fd9b4ff7
Code style fixes 2017-09-28 09:54:29 +13:00
Damian Mooyman
3a7c8fd0d7
Adjust YML conditionals 2017-09-28 09:15:00 +13:00
Daniel Hensby
c077abf353
DOCS new rate limiting docs 2017-09-27 17:40:04 +01:00
Daniel Hensby
5f739c111e
added ratelimiter tests 2017-09-27 16:42:04 +01:00
Daniel Hensby
51ac297c59
Fixes to ratelimiter and new features 2017-09-27 14:44:38 +01:00
Daniel Hensby
060c2d62d3
Merge pull request #7408 from ajoneil/fix-paginated-list-get-vars
Prior to this change, if there were already GET vars on a page
with a PaginatedList, the links would include a mix of '&' and '&'.
2017-09-27 09:41:32 +01:00
Andrew O'Neil
c7cbbb29f4 Fix links on paginated lists when there are GET vars
Prior to this change, if there were already GET vars on a page
with a PaginatedList, the links would include a mix of '&' and '&'.
2017-09-27 15:41:08 +10:00
Ingo Schommer
f981d09080 Merge pull request #7400 from open-sausages/pulls/4.0/expose-i18n
Update docs for i18n
2017-09-27 09:45:33 +13:00
Loz Calver
1ba18461f5 Merge pull request #7403 from dhensby/pulls/4/act-as-for-tests
NEW Add actWithPermission to SapphireTest
2017-09-26 14:19:14 +01:00
Daniel Hensby
28552155c3
NEW Add actWithPermission to SapphireTest for shortcut to perform actions with specific permissions 2017-09-26 13:39:31 +01:00
Robbie Averill
33ae463e5b FIX Class name in _t() call in installer and run text collector 2017-09-26 14:57:16 +13:00
Damian Mooyman
a478939ea9
Update docs for i18n 2017-09-26 12:08:40 +13:00
Daniel Hensby
5f8eb0806e Merge pull request #7398 from mikenz/patch-14
FIX readonly PermissionCheckboxSetField
2017-09-25 11:17:01 +01:00
Mike Cochrane
b8e5a2ce32 FIX readonly PermissionCheckboxSetField
A readonly PermissionCheckboxSetField (eg in Security when viewing a member without permission to edit it) can result in calling "getRecord()" on null.  Add is_object check, consistent with line 98.
2017-09-25 15:25:10 +13:00
Damian Mooyman
5164f003d9 Merge pull request #7393 from kinglozzer/ssviewer-tidy
Tidy up + document SSViewer classes
2017-09-25 09:23:19 +13:00
Daniel Hensby
4ed0857127 Merge pull request #7396 from danielmcclure/patch-1
Updated Minimum Default PHP Version
2017-09-22 09:36:44 +01:00
Daniel McClure
d1cd3b7d49 Updated Minimum Default PHP Version 2017-09-22 17:33:35 +12:00
Loz Calver
1dd0c04891 Tidy up + document SSViewer classes 2017-09-21 17:03:21 +01:00
Daniel Hensby
5956e63745 Merge pull request #7387 from chhschou/patch-1
update RHEL distro used from `box-cutter/centos70` to `box-cutter/cen…
2017-09-21 12:51:47 +01:00
Daniel Hensby
b4412cedf6
Added 3.6.2-beta2 changelog 2017-09-21 09:11:36 +00:00
Loz Calver
34f69c6cf4 Merge pull request #7389 from open-sausages/pulls/4.0/lazy-templates-includes
BUG Fix sub-template lookup for includes
2017-09-21 09:02:36 +01:00
Chris Joe
28fc035426 Merge pull request #7391 from open-sausages/pulls/4.0/toolbar-style-layout
FIX gridfield button title alignment
2017-09-21 16:48:29 +12:00
Saophalkun Ponlu
fe4688b932 FIX gridfield button title alignment 2017-09-21 13:03:57 +12:00
Daniel Hensby
bd7abc73de
Merge branch '3.5.5' into 3.6.2 2017-09-20 16:26:30 +01:00
Daniel Hensby
1209b2ae13
Added 3.5.5-beta2 changelog 2017-09-20 13:41:04 +00:00
Daniel Hensby
72702dbd50 Merge pull request #43 from silverstripe-security/pulls/3.5/member-enumeration-timing-attack
[SS-2017-005] User enumeration via timing attack mitigated
2017-09-20 11:39:39 +01:00
Daniel Hensby
6b198336a8 Merge pull request #44 from silverstripe-security/patch/3.5/authenticator-fix
FIX Authenticators are more resilient to incomplete configuration
2017-09-20 11:38:38 +01:00
Daniel Hensby
f0262a8fd9
[SS-2017-005] User enumeration via timing attack mitigated 2017-09-20 11:33:22 +01:00
Damian Mooyman
f1a12e15be
BUG Fix sub-template lookup for includes 2017-09-20 18:04:01 +12:00
Chris Joe
c939737e5c Merge pull request #7386 from open-sausages/pulls/4.0/class-case-fixing
ENHANCEMENT Don't force all class names to lowercase
2017-09-20 16:46:49 +12:00
Damian Mooyman
261302a121
ENHANCEMENT Don't force all class names to lowercase
Speeds up autoloading because composer psr-4 works properly now
2017-09-20 15:14:55 +12:00
Chris Joe
0e10412b86 Merge pull request #7388 from open-sausages/pulls/4.0/fix-base-absolute-url
BUG Detect, warn, and fix invalid SS_BASE_URL
2017-09-20 14:32:18 +12:00
Christopher Joe
265f91060c Fix phpcs error 2017-09-20 12:42:45 +12:00
Damian Mooyman
09b3a24f30
BUG Detect, warn, and fix invalid SS_BASE_URL
Fixes #7362
2017-09-20 10:42:13 +12:00
Chris Chou
2d8f0fadd7 update RHEL distro used from box-cutter/centos70 to box-cutter/centos73
`box-cutter/centos70` no longer available
2017-09-20 09:51:03 +12:00
Daniel Hensby
fc79a76718
Added 3.6.2-beta1 changelog 2017-09-19 16:51:57 +00:00
Daniel Hensby
1f256cf2d2
Added 3.5.5-beta1 changelog 2017-09-19 15:25:41 +00:00
Damian Mooyman
9a7adc46f8 Merge pull request #7379 from dhensby/pulls/4/fix-image-quality-docs
DOCS Fix Image docs regarding setting image quality
2017-09-19 10:06:57 +12:00
Daniel Hensby
2abc20a0f7 Merge pull request #7355 from kinglozzer/7278-configurable-token-expiry
Make auto login token expiry configurable (closes #7278)
2017-09-18 16:09:14 +01:00
Loz Calver
7431122b58
Make auto login token expiry configurable (closes #7278) 2017-09-18 14:06:13 +01:00
Daniel Hensby
0aabcac747 Merge pull request #7380 from mikenz/patch-13
Test fix: Don't hard code the security page_class controller
2017-09-17 00:08:17 +01:00
Mike Cochrane
41d1b2a882 Test fix: Don't hard code the security page_class controller 2017-09-16 11:27:16 +12:00