Commit Graph

4342 Commits

Author SHA1 Message Date
Steve Boyd
dc98cad48a Merge branch '4.10' into 4.11 2022-11-21 13:43:59 +13:00
Steve Boyd
fe13856769 [CVE-2022-37429] Sanitise XSS 2022-11-21 13:06:40 +13:00
Guy Sartorelli
17f1c7ceed
Merge pull request #10585 from creative-commoners/pulls/4.11/cve-2022-37430
Sanitise mixed case javascript
2022-11-21 13:03:30 +13:00
Guy Sartorelli
e5b81109de
Merge pull request #10584 from creative-commoners/pulls/4.11/cve-2022-38462
Don't allow CRLF in header values
2022-11-21 13:02:25 +13:00
Steve Boyd
4308a93cc8 [CVE-2022-38148] Validate SortColumn exists 2022-11-21 13:01:32 +13:00
Guy Sartorelli
b17b29eea1
Merge pull request #10583 from creative-commoners/pulls/4.11/cve-2022-38724-embed-shortcode
Restrict embed shortcode attributes
2022-11-21 13:01:23 +13:00
Steve Boyd
49e637d244 MNT Explicitly test with blowfish 2022-11-10 11:36:56 +13:00
Steve Boyd
a3c1cb0ddf
ENH Set PasswordEncryption on default admin 2022-10-27 13:57:27 +13:00
Guy Sartorelli
168ca00555
[CVE-2022-38724] Restrict embed shortcode attributes 2022-10-26 09:31:12 +13:00
Steve Boyd
e3a6cad8a8 FIX Allow passing objects to InjectionCreator::create()
Co-authored-by: Nate Devereux <nate@daveclark.co.nz>
2022-10-19 18:04:48 +13:00
Christian Bünte
e24fb3f86c
Fix i18nTextCollector produces corrupt output / namespaces when running under PHP8.0 (#10228)
* FIX i18nTextCollector produces corrupt output / namespaces when running under PHP8.0
2022-09-29 13:40:40 +13:00
Guy Sartorelli
4a598ded51
FIX Allow removing named extensions in yaml config 2022-09-27 13:15:28 +13:00
Guy Sartorelli
d3c28579b7
[CVE-2022-38462] Don't allow CRLF in header values 2022-09-07 11:22:07 +12:00
Steve Boyd
2b5420ee7d [CVE-2022-37430] Sanitise mixed case javascript 2022-08-23 15:36:48 +12:00
Steve Boyd
b24c289892 Merge branch '4.10' into 4.11 2022-07-28 14:05:07 +12:00
Steve Boyd
bdf7d09144 MNT Update Utf8TestHelper for MySQL 8.0.30 2022-07-28 13:21:23 +12:00
Steve Boyd
ce46e2da47 MNT No longer mark tests as skipped if running mysql 8 2022-07-26 13:54:10 +12:00
Steve Boyd
24daf3ae83 MNT Skip test if Page class missing 2022-07-25 16:35:28 +12:00
Steve Boyd
f6693d4ea5 Merge branch '4.10' into 4.11 2022-07-22 11:20:22 +12:00
Steve Boyd
5eb8d3e25f MNT Skip test in MySQL8 2022-07-22 11:16:32 +12:00
Steve Boyd
674e6d9b7b MNT Update utf8 aliases for mysql 8 and mariadb 10.6 2022-07-21 15:19:16 +12:00
Sabina Talipova
babc811381 FIX Remove unexpected message 2022-07-04 16:05:57 +12:00
Guy Sartorelli
ffcaed84f3 MNT Update tests for searchable_fields match_any 2022-06-30 15:55:56 +12:00
Steve Boyd
98b985fb91 Merge branch '4.10' into 4.11 2022-06-28 17:41:49 +12:00
Guy Sartorelli
794640247b
Merge pull request #10374 from creative-commoners/pulls/4.10/cve-2022-28803
[CVE-2022-28803] Block XSS in links and iframes.
2022-06-28 17:27:37 +12:00
Steve Boyd
b5abc38455 CVE-2021-41559 Disable xml entities 2022-06-28 17:04:34 +12:00
Guy Sartorelli
d2c58f3bbc [CVE-2022-28803] Block XSS in links and iframes. 2022-06-28 17:01:53 +12:00
Guy Sartorelli
dec85819bd Merge branch '4.10' into 4.11 2022-05-27 15:19:39 +12:00
Guy Sartorelli
0bc3ed4d2c Merge branch '4.9' into 4.10 2022-05-27 15:19:17 +12:00
Guy Sartorelli
972a77f4d3 Merge branch '4.10' into 4.11 2022-05-27 12:55:35 +12:00
Guy Sartorelli
e0c4f01c11 FIX Resolve deduping problem with group codes.
Also remove dead validation code.
2022-05-27 11:19:32 +12:00
Steve Boyd
ec5b94facf MNT Update utf8 aliases for mysql 8 and mariadb 10.6 2022-05-26 12:06:51 +12:00
Steve Boyd
6a779d07d0 ENH Allow multiple backtick variables in a single value 2022-05-12 17:12:14 +12:00
Guy Sartorelli
19bb72e7c7 FIX Correctly remove relations with ManyManyThroughList::removeall
Instead of just setting one side of the relation to null in the through
list, remove the rows entirely.
Remove only the relations which match the filters that have already been
set on the list.
This is consistent with the way ManyManyList works.

Also some small tidy-up (removing an unnecessary line break and an
unused "use" statement)
2022-05-05 11:21:51 +12:00
Guy Sartorelli
4795992208
Merge pull request #10222 from creative-commoners/pulls/4/php81
ENH PHP 8.1 compatibility
2022-04-22 16:15:10 +12:00
Guy Sartorelli
8be94e2588 Merge branch '4.10' into 4 2022-04-22 15:10:45 +12:00
Steve Boyd
656cba05e6 MNT Fix unit tests for kitchen-sink 2022-04-22 12:32:35 +12:00
Steve Boyd
511b3bb060 ENH PHP 8.1 compatibility 2022-04-14 13:12:59 +12:00
Steve Boyd
f1678781a2 ENH Various fixes for PHP 8.1 compatibility 2022-04-11 17:22:22 +12:00
Maxime Rainville
3e5a74c6b2
Merge pull request #10273 from creative-commoners/pulls/4/remove-ini-setting
ENH Fix deprecation issues for PHP 8.1 compatibility
2022-04-07 13:25:24 +12:00
Steve Boyd
814c5b2fd0 ENH Fix deprecation issues for PHP 8.1 compatibility 2022-04-06 11:34:34 +12:00
Steve Boyd
3202ef7c52 Merge branch '4.10' into 4 2022-04-06 10:42:58 +12:00
Steve Boyd
9add508718 NEW Use embed/embed v4 2022-03-24 10:27:15 +13:00
Maxime Rainville
77e87875b3
Merge pull request #10211 from creative-commoners/pulls/4.10/seach-filter-tests
FIX Default GridField search fields with an index of 0 to use StartWithFilter
2022-03-23 11:37:15 +13:00
Steve Boyd
740d087e97 FIX Default GridField search fields with an index of 0 to use StartWithFilter 2022-03-22 16:17:37 +13:00
Steve Boyd
081ec34461 Merge branch '4.10' into 4 2022-03-10 11:30:03 +13:00
Steve Boyd
82aba312fe Merge branch '4.9' into 4.10 2022-03-10 11:27:48 +13:00
Steve Boyd
204b39bfdf FIX Handle admin_email array config 2022-03-10 10:37:47 +13:00
Maxime Rainville
78dcfd217a
Merge pull request #10235 from creative-commoners/pulls/4/meta-generator
NEW Get the version for an individual module
2022-03-09 13:41:12 +13:00
Steve Boyd
59f23ad2aa Merge branch '4.10' into 4 2022-03-08 16:06:08 +13:00