Ingo Schommer
e4adff48bc
Added 3.0.8 changelog
2013-10-07 01:31:28 +02:00
Sean Harvey
2aba81321a
Merge pull request #2488 from tractorcow/pulls/3.0-platform-compatibility
...
BUG 3.0 Fixed cross-platform issues with test cases and file utility
2013-10-06 13:16:09 -07:00
Damian Mooyman
f67b549b77
BUG Fixed cross-platform issues with test cases and file utilities
2013-10-04 13:54:33 +13:00
Ingo Schommer
1a002b7bbf
Merge pull request #2487 from halkyon/installer_error_check_30
...
BUG Fixing installer not checking display_errors correctly.
2013-10-03 16:41:50 -07:00
Sean Harvey
5e5a2f8845
Merge pull request #2288 from chillu/pulls/browser-spellcheck
...
API Disable discontinued Google Spellcheck in TinyMCE (#2213 )
2013-10-03 14:42:45 -07:00
Sean Harvey
8b2e1f2e7c
Merge pull request #2328 from chillu/pulls/versioned-archivemode-validation
...
Validate 'archiveDate' user data in Versioned
2013-10-03 14:33:22 -07:00
Sean Harvey
dd49834b9e
BUG Fixing installer not checking display_errors correctly.
...
Fixes issue #2479 . Installer sets display_errors on, but it checks
the changed value and not the original one set in php.ini.
2013-10-04 10:05:28 +13:00
Ingo Schommer
06b5f142b6
Increased CacheTest time delay, avoid flickering tests
...
Setting a cache lifetime of half a second seems to be
unreliable on Travis when just waiting a second,
so let's wait a bit longer.
2013-10-02 12:13:22 +02:00
Ingo Schommer
6de517bf72
3.0.7 changelog
2013-10-01 00:26:11 +02:00
Ingo Schommer
bda56eb9b0
Don't link record in GridField form message
...
This is no longer allows through Form->sessionMessage() to avoid XSS.
2013-09-30 23:55:32 +02:00
Ingo Schommer
a68e0ba365
Check for jQuery in Behat tests
...
Identified as one potential cause for flickering tests
on our own Selenium box.
2013-09-30 23:36:46 +02:00
Ingo Schommer
d963eac0a6
Merge tag '3.0.6' into 3.0
2013-09-27 00:20:08 +02:00
Ingo Schommer
652682c048
3.0.6 changelog
2013-09-26 11:33:42 +02:00
Sean Harvey
9b1211f071
Merge pull request #2459 from moveforward/patch-1
...
Fixed typo
2013-09-25 19:43:05 -07:00
moveforward
dd0296413f
Fixed typo
2013-09-26 14:41:40 +12:00
Ingo Schommer
ffb316dbc9
Added 3.0.7-rc1 changelog
2013-09-26 01:32:41 +02:00
Ingo Schommer
047e325e27
Merge pull request #2452 from chillu/pulls/escape-3.0
...
Escaping 3.0
2013-09-25 16:02:30 -07:00
Ingo Schommer
e1f9458db1
Added 3.0.7 changelog
2013-09-24 21:54:34 +02:00
Ingo Schommer
c243418597
API Escape form validation messages (SS-2013-008)
2013-09-24 21:54:31 +02:00
Ingo Schommer
114fb59107
FIX Auto-escape titles in TreeDropdownField
...
Related to SS-2013-009. While the default "TreeTitle" was escaped
within the SiteTree->TreeTitle() getter, other properties like SiteTree->Title
weren't escaped. The new logic uses the underlying casting helpers
on the processed objects.
2013-09-24 21:40:17 +02:00
Sean Harvey
b383a07f90
BUG Fixing tabindex added to CreditCardField when tabindex is NULL
...
The tabindex increment *should* only be done if there is a tabindex
that has been set on a CreditCardField already, otherwise it breaks
the tab ordering.
2013-09-24 21:40:17 +02:00
Ingo Schommer
2dd7baac16
Merge pull request #2434 from halkyon/cc_tabindex_fix_2
...
BUG Fixing tabindex added to CreditCardField when tabindex is NULL
2013-09-19 16:37:58 -07:00
Sean Harvey
c453ea3094
BUG Fixing tabindex added to CreditCardField when tabindex is NULL
...
The tabindex increment *should* only be done if there is a tabindex
that has been set on a CreditCardField already, otherwise it breaks
the tab ordering.
2013-09-20 11:13:10 +12:00
Ingo Schommer
a7f38f7b4d
Merge pull request #2413 from ss23/patch-1
...
Update 3.0.6.md
2013-09-12 16:08:04 -07:00
Stephen Shkardoon
f765696d26
Update 3.0.6.md
...
Add reference to information disclosure in Versioned.php (SS-2013-006)
2013-09-13 10:34:51 +12:00
Ingo Schommer
24bae3f922
Tagged 3.0.6-rc2
2013-09-12 16:48:20 +02:00
Ingo Schommer
a6b402f491
Added 3.0.6-rc2 changelog
2013-09-12 16:48:15 +02:00
Ingo Schommer
2da4d76c3b
Updated translations
2013-09-12 16:37:12 +02:00
Ingo Schommer
7c99cb4668
Merge branch 'pulls/security-issues-august-3.0' into 3.0
2013-09-12 15:45:13 +02:00
Ingo Schommer
5e0315dc62
Safety note on DataObject::validation_enabled
2013-09-12 15:42:43 +02:00
Ingo Schommer
f803704d91
FIX Disallow permissions assign for APPLY_ROLES (SS-2013-005)
...
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:43 +02:00
Ingo Schommer
8b5c8eab72
Linking to older security issue in change log
...
Mainly for consistency with the newer format
2013-09-12 15:42:43 +02:00
Ingo Schommer
05757efceb
FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
...
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:43 +02:00
Ingo Schommer
6cff9671d4
FIX Privilege escalation through Group and Member CSV upload (SS-2013-004)
...
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
2013-09-12 15:42:43 +02:00
Ingo Schommer
720c149aee
FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
...
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:42 +02:00
Sean Harvey
a1939dccd1
Merge pull request #2400 from jbridson/patch-9
...
Update 2-extending-a-basic-site.md
2013-09-10 21:47:36 -07:00
Simon Welsh
c2105db6d0
Count, not Length
2013-09-11 12:05:43 +12:00
jbridson
a4fbff4df5
Update 2-extending-a-basic-site.md
...
Fixed a few wording issues and added some clarity to links eg: Tutorial One (Building a basic site)
2013-09-11 11:20:41 +12:00
Ingo Schommer
62608a7772
"edit" form expansion in AssetUploadField
...
Form wasn't expanding because of fixed heights. Backported fix from 3.1.
2013-09-02 16:48:11 +02:00
Ingo Schommer
71b987edb2
Merge pull request #2363 from jbridson/patch-8
...
BUGFIX: fixed grammatical errors and formatting issues
2013-08-28 02:21:46 -07:00
jbridson
65ad51024d
BUGFIX: fixed grammatical errors and formatting issues
2013-08-26 12:18:35 +12:00
Ingo Schommer
54edc0ddac
Fix Behat window switching in chrome
...
Workaround only, see https://groups.google.com/forum/#!topic/behat/QNhOuGHKEWI
2013-08-22 12:49:38 +02:00
Ingo Schommer
0c859b8587
Merge pull request #2348 from simonwelsh/scrut
...
Scrutinizer fixes
2013-08-21 04:43:12 -07:00
Simon Welsh
c66cc952d2
Correct line length and indentation
2013-08-21 21:27:16 +12:00
Simon Welsh
2c0d03b2d6
Exclude docs and images foldes from Scrutinizer
2013-08-21 21:02:12 +12:00
Simon Welsh
4cb98f1afd
Only have Scrutinizer check PHP files
2013-08-21 21:02:12 +12:00
Ingo Schommer
99da5cd198
Merge pull request #2336 from hafriedlander/fix/flush_30
...
FIX Double slashes in ParameterConfirmationToken
2013-08-20 06:26:44 -07:00
Hamish Friedlander
4a7aef0e25
FIX Double slashes in ParameterConfirmationToken
2013-08-19 11:35:34 +12:00
Ingo Schommer
74f65540a2
Validate 'archiveDate' user data in Versioned
...
Not a security issue as such, since the user input is sanitized
before being used in Versioned->augmentSQL(). But it shouldn't
reach the session state either, since that's commonly assumed
to be sanitized data, and it leaves unnecessary room for error.
strtotime() has fairly loose validation rules around dates,
but its a good "first line of defence".
2013-08-15 22:17:38 +02:00
Ingo Schommer
810f505924
Merge pull request #2315 from jbridson/patch-2
...
Fixed Grammatical errors and issues where sentences didn't make sense.
2013-08-09 02:04:01 -07:00