tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
23,053 Commits 31 Branches 527 Tags
Commit Graph

2189 Commits

Author SHA1 Message Date
Chris Penny
31d5aef520 Bugfix: SSViewer check object exists before calling prop or method 2022-11-24 13:18:56 +13:00
Steve Boyd
dc98cad48a Merge branch '4.10' into 4.11 2022-11-21 13:43:59 +13:00
Steve Boyd
fe13856769 [CVE-2022-37429] Sanitise XSS 2022-11-21 13:06:40 +13:00
Guy Sartorelli
17f1c7ceed
Merge pull request #10585 from creative-commoners/pulls/4.11/cve-2022-37430 
Sanitise mixed case javascript
 2022-11-21 13:03:30 +13:00
Guy Sartorelli
e5b81109de
Merge pull request #10584 from creative-commoners/pulls/4.11/cve-2022-38462 
Don't allow CRLF in header values
 2022-11-21 13:02:25 +13:00
Steve Boyd
4308a93cc8 [CVE-2022-38148] Validate SortColumn exists 2022-11-21 13:01:32 +13:00
Guy Sartorelli
b17b29eea1
Merge pull request #10583 from creative-commoners/pulls/4.11/cve-2022-38724-embed-shortcode 
Restrict embed shortcode attributes
 2022-11-21 13:01:23 +13:00
Lee Bradley
78b661dcf6
Prevent infinite loop when getting table name for ComponentID 
If the field isn't in the first 2 classes then would just continue to loop
Fix means it will continue going to parent classes

Can be seen in the UsedOnTable in `admin` module if you have injected a new `Image` class that extends the built in one
 2022-11-10 14:00:29 +00:00
Steve Boyd
a3c1cb0ddf
ENH Set PasswordEncryption on default admin 2022-10-27 13:57:27 +13:00
Guy Sartorelli
168ca00555
[CVE-2022-38724] Restrict embed shortcode attributes 2022-10-26 09:31:12 +13:00
Steve Boyd
e3a6cad8a8 FIX Allow passing objects to InjectionCreator::create() 
Co-authored-by: Nate Devereux <nate@daveclark.co.nz>
 2022-10-19 18:04:48 +13:00
Christian Bünte
e24fb3f86c
Fix i18nTextCollector produces corrupt output / namespaces when running under PHP8.0 (#10228) 
* FIX i18nTextCollector produces corrupt output / namespaces when running under PHP8.0
 2022-09-29 13:40:40 +13:00
Thomas Portelange
54892fa267
request may not have a session 
see https://github.com/silverstripe/silverstripe-framework/pull/10512
 2022-09-28 10:44:13 +02:00
Guy Sartorelli
4a598ded51
FIX Allow removing named extensions in yaml config 2022-09-27 13:15:28 +13:00
Guy Sartorelli
d3c28579b7
[CVE-2022-38462] Don't allow CRLF in header values 2022-09-07 11:22:07 +12:00
Guy Sartorelli
6d885ab894
FIX Normalise casing before casting fields 2022-08-25 17:36:06 +12:00
Steve Boyd
2b5420ee7d [CVE-2022-37430] Sanitise mixed case javascript 2022-08-23 15:36:48 +12:00
Loz Calver
6b15bd6dd4 FIX: Invalid argument warning in backtrace 2022-08-01 09:08:52 +01:00
Steve Boyd
dd210e0f84
FIX Check if blank method passed (#10417) 2022-07-21 15:49:48 +12:00
Guy Sartorelli
3cad03357a
Merge pull request #10384 from creative-commoners/pulls/4.11/remove-wrong-message 
FIX Unexpected message issue
 2022-07-08 13:20:11 +12:00
Loz Calver
9b45342a06 FIX: Add missing casting for Form::getAttributesHTML (fixes #10386) 2022-07-04 12:24:58 +01:00
Sabina Talipova
babc811381 FIX Remove unexpected message 2022-07-04 16:05:57 +12:00
Steve Boyd
5a940b0f14 FIX PDO in PHP 8 2022-07-04 15:08:52 +12:00
Brandon Iffert
ad83b78a10
FIX Handle null values passed to PDO::quote() (#10383) 2022-07-04 13:17:51 +12:00
Loz Calver
b37178e831
FIX: 'passwordsent' title was not being displayed (fixes #10366) (#10367) 2022-07-01 13:58:57 +12:00
Guy Sartorelli
6c01661512 FIX Support search filters with match_any searchable_fields 2022-06-30 15:55:53 +12:00
Guy Sartorelli
4e53c35b53 MNT Deprecate unusable property 
This property must always have the value 'AND' or an exception will be
thrown - it should be deprecated. Also, no need to process the query
before throwing.
 2022-06-30 15:53:17 +12:00
Steve Boyd
3a0fff25de FIX PDO in PHP 8 2022-06-30 12:34:05 +12:00
Steve Boyd
a77ca74a7e FIX Ensure not passing null to mysql methods for PHP 8.1 compatibility 2022-06-29 09:34:30 +12:00
Steve Boyd
98b985fb91 Merge branch '4.10' into 4.11 2022-06-28 17:41:49 +12:00
Guy Sartorelli
794640247b
Merge pull request #10374 from creative-commoners/pulls/4.10/cve-2022-28803 
[CVE-2022-28803] Block XSS in links and iframes.
 2022-06-28 17:27:37 +12:00
Guy Sartorelli
a78d3458ea
Merge pull request #10375 from creative-commoners/pulls/4.10/cve-2022-25238 
[CVE-2022-25238] Sanitise htmlfields serverside by default
 2022-06-28 17:27:21 +12:00
Steve Boyd
b5abc38455 CVE-2021-41559 Disable xml entities 2022-06-28 17:04:34 +12:00
Steve Boyd
991aedf017 [CVE-2022-25238] Sanitise htmlfields serverside by default 2022-06-28 17:03:05 +12:00
Guy Sartorelli
d2c58f3bbc [CVE-2022-28803] Block XSS in links and iframes. 2022-06-28 17:01:53 +12:00
Guy Sartorelli
dec85819bd Merge branch '4.10' into 4.11 2022-05-27 15:19:39 +12:00
Guy Sartorelli
0bc3ed4d2c Merge branch '4.9' into 4.10 2022-05-27 15:19:17 +12:00
Guy Sartorelli
972a77f4d3 Merge branch '4.10' into 4.11 2022-05-27 12:55:35 +12:00
Guy Sartorelli
e0c4f01c11 FIX Resolve deduping problem with group codes. 
Also remove dead validation code.
 2022-05-27 11:19:32 +12:00
Steve Boyd
d3252b1645 Merge branch '4.10' into 4.11 2022-05-19 17:25:15 +12:00
Loz Calver
903dd860b7 ENH: Add extension hooks to core emails 2022-05-16 10:02:49 +01:00
Steve Piner
e91b7be056 FIX Use DataColumns content when available in CSV export 
Fix #9248 broke #9173 by accidentally checking for a string key in a
numerically indexed array. Change the check to search the array instead
(fixes #10308)
 2022-05-13 13:53:04 +12:00
Steve Boyd
89582dd476
Merge pull request #10313 from creative-commoners/pulls/4.11/email-when-password-changes 
ENH Ensure users are sent emails when passwords are changed by default
 2022-05-13 09:39:14 +12:00
Steve Boyd
6a779d07d0 ENH Allow multiple backtick variables in a single value 2022-05-12 17:12:14 +12:00
Guy Sartorelli
63f3637dc2 ENH Ensure users are sent emails when passwords are changed by default. 2022-05-12 11:42:27 +12:00
Guy Sartorelli
19bb72e7c7 FIX Correctly remove relations with ManyManyThroughList::removeall 
Instead of just setting one side of the relation to null in the through
list, remove the rows entirely.
Remove only the relations which match the filters that have already been
set on the list.
This is consistent with the way ManyManyList works.

Also some small tidy-up (removing an unnecessary line break and an
unused "use" statement)
 2022-05-05 11:21:51 +12:00
Ed Wilde
0b6b2d1524
Fix error when posix_getpwuid returns false 
The posix_getpwuid function can return false if it fails (see [docs](https://www.php.net/manual/en/function.posix-getpwuid.php#:~:text=The%20function%20returns%20false%20on%20failure.)).
 2022-05-04 09:05:19 +12:00
Steve Boyd
337c6e583c ENH Various fixes for PHP 8.1 compatibility 2022-04-27 09:29:40 +12:00
Guy Sartorelli
2411a83d5d
Merge pull request #10291 from creative-commoners/pulls/4/revert 
FIX Revert adding extension hook
 2022-04-26 12:00:26 +12:00
Steve Boyd
345173343c FIX Revert adding extension hook 2022-04-26 09:58:45 +12:00