Ingo Schommer
f803704d91
FIX Disallow permissions assign for APPLY_ROLES (SS-2013-005)
...
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:43 +02:00
Ingo Schommer
8b5c8eab72
Linking to older security issue in change log
...
Mainly for consistency with the newer format
2013-09-12 15:42:43 +02:00
Ingo Schommer
05757efceb
FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
...
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:43 +02:00
Ingo Schommer
6cff9671d4
FIX Privilege escalation through Group and Member CSV upload (SS-2013-004)
...
See http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/
2013-09-12 15:42:43 +02:00
Ingo Schommer
720c149aee
FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
...
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:42 +02:00
Ingo Schommer
62608a7772
"edit" form expansion in AssetUploadField
...
Form wasn't expanding because of fixed heights. Backported fix from 3.1.
2013-09-02 16:48:11 +02:00
Ingo Schommer
71b987edb2
Merge pull request #2363 from jbridson/patch-8
...
BUGFIX: fixed grammatical errors and formatting issues
2013-08-28 02:21:46 -07:00
jbridson
65ad51024d
BUGFIX: fixed grammatical errors and formatting issues
2013-08-26 12:18:35 +12:00
Ingo Schommer
54edc0ddac
Fix Behat window switching in chrome
...
Workaround only, see https://groups.google.com/forum/#!topic/behat/QNhOuGHKEWI
2013-08-22 12:49:38 +02:00
Ingo Schommer
0c859b8587
Merge pull request #2348 from simonwelsh/scrut
...
Scrutinizer fixes
2013-08-21 04:43:12 -07:00
Simon Welsh
c66cc952d2
Correct line length and indentation
2013-08-21 21:27:16 +12:00
Simon Welsh
2c0d03b2d6
Exclude docs and images foldes from Scrutinizer
2013-08-21 21:02:12 +12:00
Simon Welsh
4cb98f1afd
Only have Scrutinizer check PHP files
2013-08-21 21:02:12 +12:00
Ingo Schommer
99da5cd198
Merge pull request #2336 from hafriedlander/fix/flush_30
...
FIX Double slashes in ParameterConfirmationToken
2013-08-20 06:26:44 -07:00
Hamish Friedlander
4a7aef0e25
FIX Double slashes in ParameterConfirmationToken
2013-08-19 11:35:34 +12:00
Ingo Schommer
810f505924
Merge pull request #2315 from jbridson/patch-2
...
Fixed Grammatical errors and issues where sentences didn't make sense.
2013-08-09 02:04:01 -07:00
jbridson
1ce0a0d2b9
Fixed Grammatical errors and issues where sentences didn't make sense.
2013-08-09 15:22:03 +12:00
Sean Harvey
f9dca6f857
Merge pull request #2313 from jbridson/patch-1
...
Fixed issue with inconsistent use of punctuation and wording of Tutorial...
2013-08-08 19:22:16 -07:00
jbridson
0c4ff76921
Fixed issue with inconsistent use of punctuation and wording of Tutorial 5 summary
2013-08-09 14:20:41 +12:00
Ingo Schommer
7a117fe713
Added 3.0.6-rc1 changelog
2013-08-07 20:55:10 +02:00
Ingo Schommer
a213afd888
Added 3.0 changelog
2013-08-07 20:16:59 +02:00
Ingo Schommer
c0f5007d57
Create folder if required in dev/generatesecuretoken
2013-08-07 16:59:18 +02:00
Ingo Schommer
b159284c6c
Fixed "session started" error on install.php
2013-08-07 16:28:54 +02:00
Hamish Friedlander
428391ad1e
Merge pull request #2291 from chillu/pulls/transifex-3.0
...
Translations: Switch to Transifex format (3.0)
2013-08-06 15:26:40 -07:00
Ingo Schommer
00ffe72944
Translations: Switch to Transifex format
...
- Based on new (last) translation download from getlocalization.com
- Removed untranslated strings. Getlocalization started including those at some point
which is highly annoying, unnecessary and breaks the new transfix system,
since it'll mark all of the english strings as actual translations
- Avoid dots in entities. It confuses the Transifex YML parser
- Removed some locales unknown to Transifex which didn't have any translations anyway
- Removed "lolcat" locale, uses custom notation (en@lolcal)
which SilverStripe's i18n system can't handle
(needs mapping from SS naming to Zend naming)
- Renamed "Te Reo/Maori" locale from "mi_NZ" to "mi" (Transifex/CLDR notation)
- Namespaced all entities used in templates (deprecated usage)
- Converted dots to underscores where template filenames are used for namespaces,
since Transifex YML parsing handles them as separate YML keys otherwise
- Removed whitespace in entity names, SilverStripe i18n can't handle it
- Only allow selection of locales registered through i18n::$all_locales to avoid
issues with unknown locales in Zend's CLDR database
2013-08-07 00:25:16 +02:00
Ingo Schommer
f037cf0781
Merge pull request #2285 from hafriedlander/fix/flush_30
...
FIX Flush on memory exhaustion and when headers sent
2013-08-06 14:22:16 -07:00
Hamish Friedlander
5f9387c42c
FIX Constants magic_quotes handling needs function from Core
2013-08-05 14:58:44 +12:00
Hamish Friedlander
041466fe02
FIX Token redirect where in IIS a / needs adding between host & url
2013-08-05 09:15:11 +12:00
Hamish Friedlander
a685a8dee9
FIX Include flushtoken when install redirects to successfullyinstalled
2013-08-02 11:00:26 +12:00
Hamish Friedlander
342058742c
FIX Flush on memory exhaustion and headers sent
2013-08-02 09:41:16 +12:00
Sam Minnée
3c6ba1c322
Merge pull request #2257 from hafriedlander/fix/flush_30
...
FIX Nice errors and allows flush on module removal
2013-07-23 16:44:25 -07:00
Hamish Friedlander
a1ea905ca8
FIX Nice errors and allows flush on module removal
2013-07-24 09:57:01 +12:00
Sam Minnée
88d0cbea62
Merge pull request #2255 from hafriedlander/fix/flush_30
...
Split Core.php into Constants.php and Core.php and adjust main.php startup
2013-07-22 15:33:35 -07:00
Hamish Friedlander
84011aa736
FIX Only suppress fatal errors
2013-07-22 14:48:16 +12:00
Hamish Friedlander
604d9bf7dc
Split Core.php into Constants.php and Core.php and adjust main.php startup
...
The recent flush filter fix had a problem that you couldnt set a custom
BASE_PATH in _ss_environment because that file didnt get included until
after checking the confirmation token. This patch pulls the part of Core.php
that defines BASE_PATH into a seperate file that can be included earlier
in the startup sequence so that ParameterConfirmationToken can access it.
Core.php includes Constants.php with a require_once call, so for startup
scripts that dont pull in Constants.php themselves (like cli-script.php)
no change is needed.
2013-07-22 13:52:00 +12:00
Sam Minnée
7bfc872a8e
Merge pull request #2248 from hafriedlander/fix/flush_30
...
FIX: Have ParameterConfirmationToken work regardless of include path
2013-07-18 20:46:56 -07:00
Hamish Friedlander
a312cd08e1
FIX: Ignore invalid tokens instead of throwing 403
2013-07-19 14:47:05 +12:00
Hamish Friedlander
036c36a7dd
FIX: Have ParameterConfirmationToken work regardless of include path
2013-07-19 14:33:56 +12:00
Sam Minnée
7656a22329
Merge pull request #2243 from hafriedlander/fix/flush_30
...
FIX Prevent DOS by checking for env and admin on ?flush=1 (#1692 )
2013-07-18 17:39:10 -07:00
Hamish Friedlander
1298d4a5bd
FIX Prevent DOS by checking for env and admin on ?flush=1 ( #1692 )
2013-07-19 12:24:32 +12:00
Simon Welsh
d9b0d14ee9
Merge pull request #2229 from ss23/patch-6
...
FIX preg_replace_callback in emailer was broken
2013-07-14 21:55:07 -07:00
Stephen Shkardoon
999fd3901c
FIX preg_replace_callback in emailer was broken
...
Fixes bug introduced by 9deb11f9a0
Email has no content
This is what happens when we make commits without testing!
2013-07-15 16:50:41 +12:00
Ingo Schommer
920edf88e7
Test allowedExtensions in UploadField, return correct HTTP status
2013-07-12 13:16:34 +02:00
Ingo Schommer
c2c8498c64
BehatFixtureFactory 5.3.8 compat (wrong usage of is_a())
2013-07-11 15:13:37 +02:00
Simon Welsh
b506eb1b29
Use httpError() instead of non-existent HTTPResponse_Exception class
2013-07-10 12:30:27 +12:00
Mateusz Uzdowski
b24a0a567e
BUG Remove extraneous </div> breaking IE8 image embedding (os#8218)
...
Editor was not able to add images to TinyMCE - both newly uploaded and
old ones from the local assets.
2013-07-09 21:49:23 +02:00
Simon Welsh
fb457e47eb
Removes PHP 5.5 from allowed failures
2013-07-05 09:45:30 +12:00
Damian Mooyman
11f4b2c620
API HTTP::urlRewriter with (string)$code deprecated in 3.1. Fixed regressions and CSS urls.
...
urlRewriter will expect a callable as a second parameter,
but will work with the current api and simply raise a deprecation error.
HTTP::absoluteURLs now correctly rewrites urls into absolute urls. Resolves introduced in c56a80d6ce
HTTP::absoluteURLs now handles additional cases where urls were not translated.
Test cases for HTTP::absoluteURLs added for both css and attribute links.
Cleaned up replacement expression and improved documentation.
2013-07-05 09:08:58 +12:00
Simon Welsh
9deb11f9a0
Use preg_replace_callback over preg_replace with e modifier
2013-07-05 09:08:58 +12:00
Ingo Schommer
c809bd7183
Merge pull request #2196 from chillu/pulls/travis-matrix
...
PHP 5.5 CI, don't allow failures for sqlite3 and postgres
2013-07-04 13:59:33 -07:00