tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-06 03:19:32 +02:00
Code Issues Projects Releases Wiki Activity
14,112 Commits 29 Branches 517 Tags 147 MiB
ec969c21e6
Commit Graph

14112 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Hensby
8e2fa4d225 Merge pull request #4743 from IgorNadj/cache-headers 
FIX: prevent use cache on browser back button
 2015-11-11 14:05:12 +00:00
Damian Mooyman
245e0aae2f [ss-2015-026]: BUG Fix FormField error messages not being encoded safely 2015-11-11 17:50:02 +13:00
Hamish Friedlander
53b3bc707b [ss-2015-025]: FIX Dont expose class on error 2015-11-11 17:46:46 +13:00
Ingo Schommer
ac4342d81d [ss-2015-022]: XML escape RSSFeed $link parameter 2015-11-11 17:46:39 +13:00
Damian Mooyman
97f21fddb3 [ss-2015-021] Fix rewrite hash links XSS 2015-11-11 17:46:27 +13:00
Damian Mooyman
e68eb7e45d Update translations 2015-11-11 17:06:45 +13:00
Igor Nadj
f577ecb811 FIX: prevent use cache on browser back button 2015-11-05 16:09:16 +13:00
Damian Mooyman
6fd2923d3b Merge pull request #4732 from silverstripe/revert-4720-pulls/3.1/fix-js-includes 
Revert "BUG Fix duplicate files being included in case of flush"
 2015-11-02 18:40:12 +13:00
Damian Mooyman
074718fcfa Revert "BUG Fix duplicate files being included in case of flush" 2015-11-02 17:11:22 +13:00
Damian Mooyman
b857bdf209 BUG Fix duplicate files being included in case of flush 
Fixes #4553
 2015-10-29 17:48:30 +13:00
Damian Mooyman
82f2f63a01 Merge pull request #4714 from mparkhill/patch-1 
Fix broken link to DataObject api
 2015-10-28 12:00:41 +13:00
Michael Parkhill
e44f22c6b2 Fix broken link to DataObject api 2015-10-28 11:52:35 +13:00
Ingo Schommer
421d1b53b0 Merge pull request #4674 from ss23/parentidfix 
Fix page reordering bug with ParentID
 2015-10-13 11:35:52 +13:00
Stephen Shkardoon
6030854725 Fix page reordering bug with ParentID 
If you are viewing PageA in the CMS, but move PageB into PageC,
the edit form will recieve an edit form ParentID of PageC.
This is incorrect, as only PageB had it's ParentID change.
 2015-10-12 20:10:48 +13:00
Damian Mooyman
04e167ad4c Merge pull request #4665 from hafriedlander/minor/update_core_contributors 
Update core contributors docs to include Jono Menz
 2015-10-07 14:41:08 +13:00
Hamish Friedlander
b03ae843ca Update core contributors docs to include Jono Menz 2015-10-07 14:35:29 +13:00
Daniel Hensby
fa878b1e1f Merge pull request #4642 from hailwood/patch-1 
DOCS Remove extra set of li's
 2015-10-03 10:28:50 +01:00
Will Morgan
92970f8a8c Merge pull request #4641 from LiamW/patch-2 
fixed minor GridField initialization syntax.
 2015-10-01 09:37:57 +01:00
Matthew Hailwood
5e68512e1c Remove extra set of li's 2015-09-30 14:19:20 +13:00
Liam Whittle
71a2ef1350 fixed minor GridField initialization syntax. 2015-09-29 18:51:08 -04:00
Damian Mooyman
a13d7e2b53 Merge pull request #4616 from spekulatius/patch-1 
Update 01_Extensions.md
 2015-09-21 10:40:13 +12:00
Peter Thaleikis
7ca97cd86d Update 01_Extensions.md 
adding missing space
 2015-09-20 15:15:54 +12:00
Damian Mooyman
c2a407a01b Add note to changelog 2015-09-18 14:51:04 +12:00
Damian Mooyman
b12bdb754b Added 3.1.15 changelog 2015-09-18 14:21:20 +12:00
Damian Mooyman
7f71a2ccfe Update translations 2015-09-18 14:21:20 +12:00
johndalangin
23d0f51592 Added cookie_secure configuration directive 
Seeing that cookie_secure is not yet added to the documentation, I took the liberty to add it myself.

Thanks and hope this helps!
 2015-09-17 15:53:58 +08:00
Damian Mooyman
e64d73c1f7 BUG Fix ClassInfo::table_for_object_field 2015-09-17 18:31:46 +12:00
Damian Mooyman
8ddb4c7ffe Merge remote-tracking branch 'origin/3.1.14' into 3.1 2015-09-15 11:07:14 +12:00
Damian Mooyman
00caeb700d Added 3.1.14 changelog 
Update translations
 2015-09-15 10:58:15 +12:00
Damian Mooyman
6699f65b3f Merge pull request #4594 from kinglozzer/uploadfield-attach-nonexistent 
FIX: UploadField error when attempting to attach non-existent file IDs
 2015-09-11 16:33:42 +12:00
Ingo Schommer
f935f2f25e Merge pull request #3 from silverstripe-security/fixes/ss-2015-020 
[ss-2015-020]: Prevent possible Privilege escalation
 2015-09-10 16:51:13 +12:00
Damian Mooyman
7367cf54c4 [ss-2015-020]: Prevent possible Privilege escalation 2015-09-10 13:01:24 +12:00
Damian Mooyman
45b22c788e BUG Fix missing framework/admin/tests 2015-09-10 11:06:15 +12:00
Loz Calver
06cc18526a FIX: UploadField error when attempting to attach non-existent file IDs 2015-09-09 09:24:56 +01:00
Ingo Schommer
4c73721bab Merge pull request #1 from silverstripe-security/fixes/ss-2015-016 
[ss-2015-016]: Fix XSS in install.php
 2015-09-09 09:48:56 +12:00
Daniel Hensby
00385792c5 Merge pull request #4588 from tractorcow/fix/3.1/admin-tests 
BUG Fix missing framework/admin/tests
 2015-09-08 09:57:53 +01:00
Christopher Pitt
751d77386c Merge pull request #2 from silverstripe-security/fixes/ss-2015-015 
[ss-2015-015]: Fix insecure returnURL in DatabaseAdmin
 2015-09-08 10:53:59 +12:00
Damian Mooyman
d8fd64c3e2 [ss-2015-016]: Fix XSS in install.php 2015-09-08 10:08:28 +12:00
Damian Mooyman
7192932022 [ss-2015-015]: Fix insecure returnURL in DatabaseAdmin 2015-09-08 09:48:09 +12:00
Loz Calver
b87c2ae78d Merge pull request #4589 from johndalangin/patch-3 
Typo Correction
 2015-09-07 10:56:27 +01:00
johndalangin
1b661c9f17 Typo Correction 2015-09-07 17:08:49 +08:00
Loz Calver
d0b53b5135 Merge pull request #4585 from javabrett/patch-1 
Update 02_Composer.md
 2015-09-07 09:23:08 +01:00
Damian Mooyman
96d20bc180 BUG Fix missing framework/admin/tests 2015-09-07 18:04:56 +12:00
Brett Randall
e0b0c17685 Update 02_Composer.md 
Fixed typo, "in to thier" -> "into their".
 2015-09-05 13:50:57 +10:00
Damian Mooyman
92f9af1984 Update translations 2015-09-02 11:15:53 +12:00
Damian Mooyman
ed401176f9 Added 3.1.14-rc1 changelog 2015-09-02 11:04:21 +12:00
Damian Mooyman
b390f463ea Merge pull request #4566 from chillu/pulls/pragma-docs 
Clarify use of HTTP Pragma response header
 2015-09-02 09:27:41 +12:00
Will Morgan
17e97babf1 Merge pull request #4549 from kinglozzer/pulls/recursion-arraylist-sort 
FIX: Recursion errors when sorting objects with circular dependencies (fixes #4464)
 2015-09-01 16:42:17 +01:00
Loz Calver
0943b3b1a0 FIX: Recursion errors when sorting objects with circular dependencies (fixes #4464) 2015-09-01 09:37:06 +01:00
Ingo Schommer
dc650e3cf1 Clarify use of HTTP Pragma response header 
The HTTP Pragma header is obsolete for HTTP 1.1,
and technically only defined for a HTTP request (not response).
Refer to https://www.mnot.net/cache_docs/#PRAGMA
,http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32.
It is superseded by the "Cache-Control" directive.

See HTTP 1.1 spec at https://tools.ietf.org/html/rfc7234#section-5.4:
'Because the meaning of "Pragma: no-cache" in responses is
not specified, it does not provide a reliable replacement for
"Cache-Control: no-cache" in them.'

Sending a "Pragma: nocache" response header is a prudent
backwards compatibility measure for HTTP 1.0 clients.
The intended behaviour is for the majority clients as well as any
intermediary proxies to ignore this header.

Sending an empty Pragma is a known hack
for preventing PHP from adding "Pragma: nocache" to responses
with started sessions (see http://php.net/session_cache_limiter),
since PHP does not allow unsetting existing header() calls.
 2015-09-01 11:45:30 +12:00