Commit Graph

23417 Commits

Author SHA1 Message Date
Guy Sartorelli
c7c108b29a
Merge pull request #10582 from creative-commoners/pulls/4.10/cve-2022-38148
Validate SortColumn exists
2022-11-21 13:30:35 +13:00
Guy Sartorelli
20de819d2b
Merge pull request #10586 from creative-commoners/pulls/4.11/cve-2022-37429
Sanitise XSS
2022-11-21 13:30:30 +13:00
Steve Boyd
fe13856769 [CVE-2022-37429] Sanitise XSS 2022-11-21 13:06:40 +13:00
Guy Sartorelli
17f1c7ceed
Merge pull request #10585 from creative-commoners/pulls/4.11/cve-2022-37430
Sanitise mixed case javascript
2022-11-21 13:03:30 +13:00
Guy Sartorelli
e5b81109de
Merge pull request #10584 from creative-commoners/pulls/4.11/cve-2022-38462
Don't allow CRLF in header values
2022-11-21 13:02:25 +13:00
Steve Boyd
4308a93cc8 [CVE-2022-38148] Validate SortColumn exists 2022-11-21 13:01:32 +13:00
Guy Sartorelli
b17b29eea1
Merge pull request #10583 from creative-commoners/pulls/4.11/cve-2022-38724-embed-shortcode
Restrict embed shortcode attributes
2022-11-21 13:01:23 +13:00
Sabina Talipova
ad116c63e6
Merge pull request #10565 from creative-commoners/pulls/4/stop-depr
API Stop using deprecated API
2022-11-16 14:26:18 +13:00
Steve Boyd
137ebcebec API Stop using deprecated API 2022-11-15 18:20:54 +13:00
Daniel Hensby
c49abf0fcc
Merge remote-tracking branch 'upstream/4.11' into 4.12 2022-11-11 13:25:54 +00:00
Guy Sartorelli
521c8179b1
ENH Correctly parse SomeClass::class syntax in textcollection 2022-11-11 11:37:53 +13:00
Daniel Hensby
bb5b093004
Merge pull request #10578 from MadeHQ/4.11
Prevent infinite loop when getting table name for ComponentID
2022-11-10 21:49:03 +00:00
Lee Bradley
78b661dcf6
Prevent infinite loop when getting table name for ComponentID
If the field isn't in the first 2 classes then would just continue to loop
Fix means it will continue going to parent classes

Can be seen in the UsedOnTable in `admin` module if you have injected a new `Image` class that extends the built in one
2022-11-10 14:00:29 +00:00
Guy Sartorelli
e53380ce89
Merge pull request #10576 from creative-commoners/pulls/4.11/use-blowfish
MNT Explicitly test with blowfish
2022-11-10 17:18:20 +13:00
Guy Sartorelli
f8befa3dcf
Update translations 2022-11-10 01:56:20 +00:00
Steve Boyd
49e637d244 MNT Explicitly test with blowfish 2022-11-10 11:36:56 +13:00
Guy Sartorelli
ed63beeeee
Merge branch '4.11' into 4 2022-11-09 10:53:09 +13:00
Guy Sartorelli
00d1701d37
Merge pull request #10568 from creative-commoners/pulls/4/restore-err
MNT Use restore_error_handler()
2022-11-04 09:29:51 +13:00
Steve Boyd
7cfd827776 MNT Use restore_error_handler() 2022-11-03 16:19:17 +13:00
Daniel Hensby
00f0b01d0e
Merge pull request #10566 from kinglozzer/form-extension-hook
NEW: Add onBeforeRender extension hook to Form
2022-11-02 23:54:22 +00:00
Loz Calver
7f8f5afc91 Ensure forms/fields overridden by onBeforeRender() can override templates 2022-11-02 11:57:57 +00:00
Loz Calver
e2cb683f14 FIX: Stop FormField onBeforeRenderHolder extension result being overridden 2022-11-02 10:06:23 +00:00
Loz Calver
c925fae180 NEW: Add onBeforeRender extension hook to Form 2022-11-02 10:05:02 +00:00
Guy Sartorelli
e454db6dc9
Merge pull request #10563 from creative-commoners/pulls/4/conf-version
FIX Filter out E_USER_DEPRECATED unrelated to unit test
2022-11-02 12:02:33 +13:00
Steve Boyd
128f78c1cf FIX Filter out E_USER_DEPRECATED unrelated to unit test 2022-11-02 11:40:34 +13:00
Guy Sartorelli
001e9c75d7
Merge pull request #10562 from creative-commoners/pulls/4/depr-random
API Deprecate Member::create_new_password()
2022-11-02 11:10:10 +13:00
Steve Boyd
9091d64652 API Deprecate Member::create_new_password() 2022-11-02 10:08:27 +13:00
Guy Sartorelli
e323fe478e
Merge pull request #10559 from creative-commoners/pulls/4/deprecated-config
NEW Record deprecated config
2022-11-01 11:45:03 +13:00
Steve Boyd
b1dc861aac NEW Record deprecated config 2022-10-31 19:00:59 +13:00
Michal Kleiner
27eb390d2b
Merge pull request #10560 from creative-commoners/pulls/4.11/default-admin-encryption 2022-10-27 14:48:52 +13:00
Steve Boyd
a3c1cb0ddf
ENH Set PasswordEncryption on default admin 2022-10-27 13:57:27 +13:00
Guy Sartorelli
168ca00555
[CVE-2022-38724] Restrict embed shortcode attributes 2022-10-26 09:31:12 +13:00
Michal Kleiner
e11216d8ea
Merge pull request #10558 from creative-commoners/pulls/5/broken-builds 2022-10-21 18:46:41 +13:00
Steve Boyd
df1d4a4b9a ENH Move email to data conversion to protected method 2022-10-21 15:54:06 +13:00
Steve Boyd
6e9d3ab632 Merge branch '4' into 5 2022-10-21 12:00:39 +13:00
Steve Boyd
59b980edd7 Merge branch '4.11' into 4 2022-10-21 11:46:39 +13:00
Maxime Rainville
25241a98e1
Merge pull request #10556 from creative-commoners/pulls/4/deprecation-no-manifests
FIX Handle calling Deprecation::notice() before manifests are available
2022-10-21 10:28:40 +13:00
Steve Boyd
897f9906f9 FIX Handle calling Deprecation::notice() before manifests are available 2022-10-21 10:08:31 +13:00
Sabina Talipova
3601b7ab8b
DEP Upgrade installer dependencies (#10534) 2022-10-21 09:59:34 +13:00
Guy Sartorelli
421b706a38
Merge pull request #10554 from creative-commoners/pulls/4/deprecation-api
FIX Ensure Deprecation works with 1.x branches
2022-10-20 14:18:22 +13:00
Steve Boyd
bd2eb15c72 FIX Ensure Deprecation works with 1.x branches 2022-10-20 13:14:58 +13:00
Michal Kleiner
0c207c3079
Merge pull request #10555 from creative-commoners/pulls/4.11/inject-objects 2022-10-19 21:07:48 +13:00
Steve Boyd
e3a6cad8a8 FIX Allow passing objects to InjectionCreator::create()
Co-authored-by: Nate Devereux <nate@daveclark.co.nz>
2022-10-19 18:04:48 +13:00
Guy Sartorelli
919cfcf435
Merge pull request #10494 from creative-commoners/pulls/5/symfony-mailer
NEW Migrate from swiftmailer/swiftmailer to symfony/mailer
2022-10-19 15:52:31 +13:00
Steve Boyd
2e85674ccc NEW Migrate from swiftmailer/swiftmailer to symfony/mailer 2022-10-19 15:16:14 +13:00
Guy Sartorelli
868f790dc5
Merge pull request #10536 from creative-commoners/pulls/5/action-signature
API Strongly-type action method signatures
2022-10-19 10:08:14 +13:00
Steve Boyd
a57c7315a2 API Strongly-type action method signatures 2022-10-17 17:58:20 +13:00
Daniel Hensby
0027d9414d
Merge pull request #10547 from HeyImPhil/task/10442-tinymce-links
Update tinymce links in comments
2022-10-14 10:14:17 +01:00
Phillip King
c4b3d5304d Update tinymce links in comments 2022-10-14 16:11:58 +13:00
Guy Sartorelli
d6b3f4d515
Merge pull request #10525 from creative-commoners/pulls/4/deprecated
API Update deprecations
2022-10-13 15:25:47 +13:00