Daniel Hensby
29300c2c2d
Merge remote-tracking branch 'security/3.5.5' into HEAD
2017-09-28 15:48:29 +01:00
Daniel Hensby
6e78b9f8d2
Merge pull request #7406 from NightJar/patch-2
...
Fix ArrayList sort error with old (supported) PHP
PHP 5.3 at least (the reported and tested against version) requires arguments to `call_user_func_array` to be passed by reference. There exists a note as a comment in the code, but was unfortunately overlooked in a previous commit to fix case sensitive sorting 4998b80#diff-6ba746c3d31fd6b4c4a99d7efe35eb21L442
To solve this issue we simply first assign the constant to a variable, so we can then pass that by reference. This has no functional impact, however fixes an issue for users locked in to old PHP versions which we still list as supported (https://docs.silverstripe.org/en/3/getting_started/server_requirements/#web-server-software-requirements ).
2017-09-28 15:46:38 +01:00
Dylan Wagstaff
ebe1de8d8b
Fix ArrayList sort error with old (supported) PHP
...
PHP 5.3 at least (the reported and tested against version) requires arguments to `call_user_func_array` to be passed by reference. There exists a note as a comment in the code, but was unfortunately overlooked in a previous commit to fix case sensitive sorting 4998b80445 (diff-6ba746c3d31fd6b4c4a99d7efe35eb21L442)
To solve this issue we simply first assign the constant to a variable, so we can then pass that by reference. This has no functional impact, however fixes an issue for users locked in to old PHP versions which we still list as supported (https://docs.silverstripe.org/en/3/getting_started/server_requirements/#web-server-software-requirements ).
2017-09-28 15:29:54 +01:00
Damian Mooyman
f574f6d1b2
Reset test state for modified config options
2017-09-28 17:24:32 +13:00
Christopher Joe
53b2fcd1ea
Fix amend TinyMCE combined generator's unit test to be more lenient with encoding
2017-09-28 16:47:13 +13:00
Christopher Joe
90d0361a6c
Enhancement update set_themes to not update config
2017-09-28 16:47:13 +13:00
Christopher Joe
7e92b053f4
Enhancement Add setter and getter for certain classes, so that LeftAndMain no longer updates config during init
2017-09-28 16:47:13 +13:00
Damian Mooyman
da27948777
Merge pull request #7373 from dhensby/pulls/4/rate-limit-security
...
NEW RateLimiter for Security controller
2017-09-28 11:01:37 +13:00
Damian Mooyman
e4fd9b4ff7
Code style fixes
2017-09-28 09:54:29 +13:00
Damian Mooyman
3a7c8fd0d7
Adjust YML conditionals
2017-09-28 09:15:00 +13:00
Daniel Hensby
c077abf353
DOCS new rate limiting docs
2017-09-27 17:40:04 +01:00
Daniel Hensby
5f739c111e
added ratelimiter tests
2017-09-27 16:42:04 +01:00
Daniel Hensby
51ac297c59
Fixes to ratelimiter and new features
2017-09-27 14:44:38 +01:00
Daniel Hensby
060c2d62d3
Merge pull request #7408 from ajoneil/fix-paginated-list-get-vars
...
Prior to this change, if there were already GET vars on a page
with a PaginatedList, the links would include a mix of '&' and '&'.
2017-09-27 09:41:32 +01:00
Andrew O'Neil
c7cbbb29f4
Fix links on paginated lists when there are GET vars
...
Prior to this change, if there were already GET vars on a page
with a PaginatedList, the links would include a mix of '&' and '&'.
2017-09-27 15:41:08 +10:00
Ingo Schommer
f981d09080
Merge pull request #7400 from open-sausages/pulls/4.0/expose-i18n
...
Update docs for i18n
2017-09-27 09:45:33 +13:00
Loz Calver
1ba18461f5
Merge pull request #7403 from dhensby/pulls/4/act-as-for-tests
...
NEW Add actWithPermission to SapphireTest
2017-09-26 14:19:14 +01:00
Daniel Hensby
28552155c3
NEW Add actWithPermission to SapphireTest for shortcut to perform actions with specific permissions
2017-09-26 13:39:31 +01:00
Robbie Averill
33ae463e5b
FIX Class name in _t() call in installer and run text collector
2017-09-26 14:57:16 +13:00
Damian Mooyman
a478939ea9
Update docs for i18n
2017-09-26 12:08:40 +13:00
Daniel Hensby
5f8eb0806e
Merge pull request #7398 from mikenz/patch-14
...
FIX readonly PermissionCheckboxSetField
2017-09-25 11:17:01 +01:00
Mike Cochrane
b8e5a2ce32
FIX readonly PermissionCheckboxSetField
...
A readonly PermissionCheckboxSetField (eg in Security when viewing a member without permission to edit it) can result in calling "getRecord()" on null. Add is_object check, consistent with line 98.
2017-09-25 15:25:10 +13:00
Damian Mooyman
5164f003d9
Merge pull request #7393 from kinglozzer/ssviewer-tidy
...
Tidy up + document SSViewer classes
2017-09-25 09:23:19 +13:00
Daniel Hensby
4ed0857127
Merge pull request #7396 from danielmcclure/patch-1
...
Updated Minimum Default PHP Version
2017-09-22 09:36:44 +01:00
Daniel McClure
d1cd3b7d49
Updated Minimum Default PHP Version
2017-09-22 17:33:35 +12:00
Loz Calver
1dd0c04891
Tidy up + document SSViewer classes
2017-09-21 17:03:21 +01:00
Daniel Hensby
5956e63745
Merge pull request #7387 from chhschou/patch-1
...
update RHEL distro used from `box-cutter/centos70` to `box-cutter/cen…
2017-09-21 12:51:47 +01:00
Daniel Hensby
b4412cedf6
Added 3.6.2-beta2 changelog
2017-09-21 09:11:36 +00:00
Loz Calver
34f69c6cf4
Merge pull request #7389 from open-sausages/pulls/4.0/lazy-templates-includes
...
BUG Fix sub-template lookup for includes
2017-09-21 09:02:36 +01:00
Chris Joe
28fc035426
Merge pull request #7391 from open-sausages/pulls/4.0/toolbar-style-layout
...
FIX gridfield button title alignment
2017-09-21 16:48:29 +12:00
Saophalkun Ponlu
fe4688b932
FIX gridfield button title alignment
2017-09-21 13:03:57 +12:00
Daniel Hensby
bd7abc73de
Merge branch '3.5.5' into 3.6.2
2017-09-20 16:26:30 +01:00
Daniel Hensby
1209b2ae13
Added 3.5.5-beta2 changelog
2017-09-20 13:41:04 +00:00
Daniel Hensby
72702dbd50
Merge pull request #43 from silverstripe-security/pulls/3.5/member-enumeration-timing-attack
...
[SS-2017-005] User enumeration via timing attack mitigated
2017-09-20 11:39:39 +01:00
Daniel Hensby
6b198336a8
Merge pull request #44 from silverstripe-security/patch/3.5/authenticator-fix
...
FIX Authenticators are more resilient to incomplete configuration
2017-09-20 11:38:38 +01:00
Daniel Hensby
f0262a8fd9
[SS-2017-005] User enumeration via timing attack mitigated
2017-09-20 11:33:22 +01:00
Damian Mooyman
f1a12e15be
BUG Fix sub-template lookup for includes
2017-09-20 18:04:01 +12:00
Chris Joe
c939737e5c
Merge pull request #7386 from open-sausages/pulls/4.0/class-case-fixing
...
ENHANCEMENT Don't force all class names to lowercase
2017-09-20 16:46:49 +12:00
Damian Mooyman
261302a121
ENHANCEMENT Don't force all class names to lowercase
...
Speeds up autoloading because composer psr-4 works properly now
2017-09-20 15:14:55 +12:00
Chris Joe
0e10412b86
Merge pull request #7388 from open-sausages/pulls/4.0/fix-base-absolute-url
...
BUG Detect, warn, and fix invalid SS_BASE_URL
2017-09-20 14:32:18 +12:00
Christopher Joe
265f91060c
Fix phpcs error
2017-09-20 12:42:45 +12:00
Damian Mooyman
09b3a24f30
BUG Detect, warn, and fix invalid SS_BASE_URL
...
Fixes #7362
2017-09-20 10:42:13 +12:00
Chris Chou
2d8f0fadd7
update RHEL distro used from box-cutter/centos70
to box-cutter/centos73
...
`box-cutter/centos70` no longer available
2017-09-20 09:51:03 +12:00
Daniel Hensby
fc79a76718
Added 3.6.2-beta1 changelog
2017-09-19 16:51:57 +00:00
Daniel Hensby
1f256cf2d2
Added 3.5.5-beta1 changelog
2017-09-19 15:25:41 +00:00
Damian Mooyman
9a7adc46f8
Merge pull request #7379 from dhensby/pulls/4/fix-image-quality-docs
...
DOCS Fix Image docs regarding setting image quality
2017-09-19 10:06:57 +12:00
Daniel Hensby
2abc20a0f7
Merge pull request #7355 from kinglozzer/7278-configurable-token-expiry
...
Make auto login token expiry configurable (closes #7278 )
2017-09-18 16:09:14 +01:00
Loz Calver
7431122b58
Make auto login token expiry configurable ( closes #7278 )
2017-09-18 14:06:13 +01:00
Daniel Hensby
0aabcac747
Merge pull request #7380 from mikenz/patch-13
...
Test fix: Don't hard code the security page_class controller
2017-09-17 00:08:17 +01:00
Mike Cochrane
41d1b2a882
Test fix: Don't hard code the security page_class controller
2017-09-16 11:27:16 +12:00