Commit Graph

16897 Commits

Author SHA1 Message Date
Ingo Schommer
f935f2f25e Merge pull request #3 from silverstripe-security/fixes/ss-2015-020
[ss-2015-020]: Prevent possible Privilege escalation
2015-09-10 16:51:13 +12:00
Damian Mooyman
7367cf54c4 [ss-2015-020]: Prevent possible Privilege escalation 2015-09-10 13:01:24 +12:00
Damian Mooyman
45b22c788e BUG Fix missing framework/admin/tests 2015-09-10 11:06:15 +12:00
Loz Calver
06cc18526a FIX: UploadField error when attempting to attach non-existent file IDs 2015-09-09 09:24:56 +01:00
Damian Mooyman
143e4eae5f Fix travis php version back to 5.4 2015-09-09 17:46:42 +12:00
Damian Mooyman
812b5ecb62 Fix merge regressions 2015-09-09 16:18:39 +12:00
Damian Mooyman
13e1f52b37 Merge remote-tracking branch 'origin/3.2' into 3 2015-09-09 16:14:28 +12:00
Damian Mooyman
6ad277c412 Fix merge regressions 2015-09-09 16:12:12 +12:00
Damian Mooyman
b552a7370f Merge remote-tracking branch 'origin/3'
Conflicts:
	tests/model/ImageTest.php
2015-09-09 15:44:47 +12:00
Damian Mooyman
f10785350e Merge remote-tracking branch 'origin/3.2' into 3
Conflicts:
	docs/en/02_Developer_Guides/02_Controllers/01_Introduction.md
2015-09-09 14:50:47 +12:00
Damian Mooyman
309ac0d196 Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	.travis.yml
	admin/code/CMSProfileController.php
	admin/tests/LeftAndMainTest.php
	control/HTTP.php
	security/Permission.php
	tests/forms/FormTest.php
	tests/model/ArrayListTest.php
	tests/security/PermissionTest.php
2015-09-09 14:35:29 +12:00
Ingo Schommer
4c73721bab Merge pull request #1 from silverstripe-security/fixes/ss-2015-016
[ss-2015-016]: Fix XSS in install.php
2015-09-09 09:48:56 +12:00
Daniel Hensby
00385792c5 Merge pull request #4588 from tractorcow/fix/3.1/admin-tests
BUG Fix missing framework/admin/tests
2015-09-08 09:57:53 +01:00
Christopher Pitt
751d77386c Merge pull request #2 from silverstripe-security/fixes/ss-2015-015
[ss-2015-015]: Fix insecure returnURL in DatabaseAdmin
2015-09-08 10:53:59 +12:00
Damian Mooyman
d8fd64c3e2 [ss-2015-016]: Fix XSS in install.php 2015-09-08 10:08:28 +12:00
Damian Mooyman
7192932022 [ss-2015-015]: Fix insecure returnURL in DatabaseAdmin 2015-09-08 09:48:09 +12:00
Loz Calver
b87c2ae78d Merge pull request #4589 from johndalangin/patch-3
Typo Correction
2015-09-07 10:56:27 +01:00
johndalangin
1b661c9f17 Typo Correction 2015-09-07 17:08:49 +08:00
Loz Calver
50e798fb51 Merge pull request #4586 from camfindlay/patch-29
DOCS fix to ensure 3.2.0 beta 1 content links work correctly
2015-09-07 09:25:06 +01:00
Loz Calver
d0b53b5135 Merge pull request #4585 from javabrett/patch-1
Update 02_Composer.md
2015-09-07 09:23:08 +01:00
Damian Mooyman
96d20bc180 BUG Fix missing framework/admin/tests 2015-09-07 18:04:56 +12:00
Cam Findlay
58a8bb1327 DOCS fix to ensure 3.2.0 beta 1 content links work correctly
Reported by Community as broken.
2015-09-06 19:29:33 +12:00
Brett Randall
e0b0c17685 Update 02_Composer.md
Fixed typo, "in to thier" -> "into their".
2015-09-05 13:50:57 +10:00
Sam Minnée
a08361810c Merge pull request #4581 from tractorcow/pulls/4.0/fix-testrunner
BUG Fix reference to missing Debug::loadErrorHandlers()
2015-09-04 16:57:03 +12:00
Damian Mooyman
fa8702f0c8 BUG Fix reference to missing Debug::loadErrorHandlers() 2015-09-04 15:50:54 +12:00
Damian Mooyman
7fa97c4d9e Merge pull request #4148 from micmania1/replace-static-manifest
NEW Update SS_ConfigStaticManifest to use Reflection
2015-09-04 10:51:46 +12:00
micmania1
9f91b47825 NEW Update SS_ConfigStaticManifest to use Reflection 2015-09-03 22:25:42 +00:00
Loz Calver
40619be0e6 Merge pull request #4579 from schellmax/patch-1
fixed typo in shortcode docs
2015-09-03 14:58:15 +01:00
Matthias Schelling
f43c528a0d fixed typo in shortcode docs 2015-09-03 14:46:42 +02:00
Damian Mooyman
83f276fa3f Merge pull request #4575 from powtac/patch-1
Typo
2015-09-03 13:51:00 +12:00
Damian Mooyman
46ebdd5a8d Merge pull request #4578 from jonom/image-properties-3
FIX Resampled images inherit source properties
2015-09-03 13:45:40 +12:00
Daniel Hensby
f6fe1427c2 API Making ArrayList (and others) more consistent with DataList 2015-09-02 23:43:27 +01:00
Jonathon Menz
2ae5d83f08 FIX Resampled images inherit source properties
Ensure Image_Cached objects can access all the properties of the source image (fixes #4569)
2015-09-02 10:38:02 -07:00
Simon Brüchner
9416c31805 Typo 2015-09-02 15:51:04 +02:00
Damian Mooyman
ecaf5bb9e6 Merge pull request #4570 from scott1702/notifications
Update cms notifications
2015-09-02 16:58:01 +12:00
scott1702
9cbb235daa update cms notifications
New style - text now wraps instead of overflowing
Now stay on screen longer
Hovering causes notification to stay on screen
2015-09-02 15:47:48 +12:00
Damian Mooyman
92f9af1984 Update translations 2015-09-02 11:15:53 +12:00
Damian Mooyman
ed401176f9 Added 3.1.14-rc1 changelog 2015-09-02 11:04:21 +12:00
Damian Mooyman
17f3afa0e9 Merge pull request #4567 from SilbinaryWolf/modify-htmleditor-toolbar
Modified GridField in 'HtmlEditorField_Toolbar' class to allow GridField custom class
2015-09-02 09:28:19 +12:00
Damian Mooyman
b390f463ea Merge pull request #4566 from chillu/pulls/pragma-docs
Clarify use of HTTP Pragma response header
2015-09-02 09:27:41 +12:00
Will Morgan
17e97babf1 Merge pull request #4549 from kinglozzer/pulls/recursion-arraylist-sort
FIX: Recursion errors when sorting objects with circular dependencies (fixes #4464)
2015-09-01 16:42:17 +01:00
Loz Calver
0943b3b1a0 FIX: Recursion errors when sorting objects with circular dependencies (fixes #4464) 2015-09-01 09:37:06 +01:00
Ingo Schommer
d66dd05458 Merge pull request #4565 from tractorcow/pulls/3.2/fix-numeric
BUG Remove html5 number field due to insufficient localisation support
2015-09-01 13:18:06 +12:00
Jake Bentvelzen
d766f9fd13 Modified GridField in 'HtmlEditorField_Toolbar' class to allow custom classes. 2015-09-01 10:38:58 +10:00
Damian Mooyman
b28729918b Merge pull request #4564 from scott1702/font-icons
Update view mode section w/ font icons
2015-09-01 12:27:04 +12:00
Damian Mooyman
e86b45bf5d BUG Remove html5 number field due to insufficient localisation support 2015-09-01 12:23:35 +12:00
Ingo Schommer
dc650e3cf1 Clarify use of HTTP Pragma response header
The HTTP Pragma header is obsolete for HTTP 1.1,
and technically only defined for a HTTP request (not response).
Refer to https://www.mnot.net/cache_docs/#PRAGMA
,http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32.
It is superseded by the "Cache-Control" directive.

See HTTP 1.1 spec at https://tools.ietf.org/html/rfc7234#section-5.4:
'Because the meaning of "Pragma: no-cache" in responses is
not specified, it does not provide a reliable replacement for
"Cache-Control: no-cache" in them.'

Sending a "Pragma: nocache" response header is a prudent
backwards compatibility measure for HTTP 1.0 clients.
The intended behaviour is for the majority clients as well as any
intermediary proxies to ignore this header.

Sending an empty Pragma is a known hack
for preventing PHP from adding "Pragma: nocache" to responses
with started sessions (see http://php.net/session_cache_limiter),
since PHP does not allow unsetting existing header() calls.
2015-09-01 11:45:30 +12:00
Damian Mooyman
843e54509a Merge pull request #4475 from JeroenDeDauw/rm-unused-vars
Remove unused local vars
2015-09-01 11:42:16 +12:00
Damian Mooyman
f3f0315cc1 Merge pull request #4430 from sminnee/logging-refactor
Replace Zend log with Monolog; rely more on PSR-3
2015-09-01 11:41:05 +12:00
Damian Mooyman
dc4c40f642 Merge pull request #4507 from JorisDebonnet/resampled-images-in-folders
Save resampled images into a folder structure indicating transformations
2015-09-01 11:16:23 +12:00