Steve Boyd
805004fd31
MNT Update unit tests to use logInAs()
2021-08-23 09:04:31 +12:00
Steve Boyd
92f47da08b
API Update SwiftMailer from v5 to v6 ( #10048 )
...
* Update SwiftMailer from v5 to v6
- Fixes #9834
- Update default Swift_Transport to use Swift_SendmailTransport
- Update version restraint for Swiftmailer
- Address new parameter type for Swift_Message::setDate()
- Update class references in docblocks
Co-authored-by: Danaë Miller-Clendon <danae.millerclendon@silverstripe.com>
2021-08-18 12:16:45 +12:00
Steve Boyd
733282307e
MNT Update tests to use logInAs()
2021-08-12 10:56:29 +12:00
Steve Boyd
a90d46dbc4
NEW Title tips for form fields
2021-07-31 14:45:24 +12:00
Andre Kiste
ae61be3a49
Merge pull request #10011 from creative-commoners/pulls/4/htmleditor-readonly-lazy-load
...
MNT Update unit test to expect loading attribute
2021-07-09 11:00:26 +12:00
Steve Boyd
f6e8d6e591
Merge branch '4.8' into 4
2021-07-07 14:03:02 +12:00
Steve Boyd
22f809840a
MNT Update unit test to expect loading attribute
2021-07-06 17:27:54 +12:00
Steve Boyd
87d076faa6
FIX Cast DBInt value to int
2021-07-06 16:43:54 +12:00
Ingo Schommer
e8c14a9d5b
Merge pull request #10005 from creative-commoners/pulls/4.8/10k
...
FIX Parse Enums with dots in their values
2021-07-02 09:33:29 +12:00
Steve Boyd
8e803bbcfc
FIX Parse Enums with dots in their values
2021-07-01 16:00:08 +12:00
Steve Boyd
0b979dc345
FIX Cache duplicate embeds separately
2021-06-29 12:17:07 +12:00
Steve Boyd
325021c2f8
Merge branch '4.8' into 4
2021-06-21 14:59:01 +12:00
Steve Boyd
7ed7ad0254
FIX Ensure changing a password to blank is validated
2021-06-17 12:05:20 +12:00
Loz Calver
5bb5ef80ed
FIX: Form::defaultAction() didn't work if actions were in CompositeFields ( fixes #9975 )
2021-06-09 17:26:43 +01:00
Steve Boyd
9463aaf571
Merge branch '4.8' into 4
2021-06-08 11:49:01 +12:00
Steve Boyd
fb0d769049
Merge pull request #9969 from creative-commoners/480-tag
...
Security fixes from 4.8.0
2021-06-08 11:47:35 +12:00
Michal Kleiner
0bd5b98d62
MNT Fix typos in test comments
2021-06-03 13:49:24 +12:00
Michal Kleiner
9dd69c40e3
NEW Add DBText->Summary tests
2021-06-03 13:49:24 +12:00
Steve Boyd
8024551376
[CVE-2020-26138] Validate custom multi-file uploads
2021-06-02 16:24:23 +12:00
Steve Boyd
7f97734a20
[CVE-2020-25817] Prevent loading of xml entities
2021-06-02 16:24:17 +12:00
Steve Boyd
a3df66860f
Merge branch '4.8' into 4
2021-05-31 17:05:11 +12:00
Steve Boyd
9ccdb8efb2
Merge branch '4.7' into 4.8
2021-05-31 17:04:54 +12:00
Maxime Rainville
472fc4ebb4
BUG Update DataQuery::exists to return false when limit causes no result to be returned ( #9946 )
...
* BUG Update DataQuery::exists to return false when limit causes no result to be returned
* Update comment
* Fixing linting issue
2021-05-31 16:50:58 +12:00
Ingo Schommer
196752566f
Merge pull request #9655 from sminnee/pulls/9647-find-lost-records
...
NEW: Add GridFieldDetailForm::setRedirectMissingRecords()
2021-05-21 13:53:18 +12:00
Sam Minnee
8883413ba7
NEW: Add GridFieldDetailForm::setRedirectMissingRecords()
...
This new opt-in setting will let grid field detail forms redirect to the
“Correct” URL of a GridField if it’s not found in the current list.
This works by:
* Looking for the item in the database
* If it exists, check for a CMSEditLink() method that returns a value
* If so, redirect to that
This is useful if you have a number of grid fields that each show a
partial list of records, and it’s possible for the user to make changes
such the item no longer appears in the list, but does appear in another
list.
It’s an opt-in feature as I think all changes like this should be
opt-in, based on previous experiences improving GridField and in turn
breaking SecurityAdmin and slowing versioned-data-browsing down. ;-)
2021-05-21 13:16:00 +12:00
Ingo Schommer
ad4e488dcf
Merge pull request #9192 from sminnee/fix-9163
...
NEW: Support dot syntax in form field names
2021-05-21 10:34:15 +12:00
Guy Marriott
766df06f23
Merge pull request #9631 from open-sausages/pulls/4/custom-sort-gridfield-autocompleter
2021-05-20 14:02:44 -07:00
Ingo Schommer
7a0d354529
Linter fixes
2021-05-21 08:30:43 +12:00
Ingo Schommer
8806b3befc
Fixes required for dot notation support in fields
...
See #9163
2021-05-20 20:32:25 +12:00
Steve Boyd
a6ccc86f94
Merge branch '4.7' into 4.8
2021-05-03 14:21:37 +12:00
Steve Boyd
e6aeff6468
Merge branch '4.6' into 4.7
2021-05-03 14:21:20 +12:00
Garion Herman
debf1ae9fb
Merge pull request #9887 from lekoala/patch-18
2021-04-24 21:05:29 +12:00
Maxime Rainville
440c7cad35
MNT Add test to cover TreeDropdownField::TreeBaseId
2021-04-23 17:53:54 +12:00
Steve Boyd
bcccc63d33
API Methods to override logout_accross_devices
2021-04-19 13:13:35 +12:00
Maxime Rainville
6fc25e4e96
RFC Add chunk method to DataList to iterate over large dataset ( #8940 )
2021-04-14 07:49:44 +12:00
Maxime Rainville
66fa597b3b
FIX Better handling of remember me token when login across devices is disabled ( #9895 )
...
* BUG Make sure remember me tokens are not invalidated when logging out without the logout_across_devices flag
* Remove unneeded comment
2021-03-31 11:31:52 +13:00
Brett Tasker
600f8e5b86
Move hasEmptySchem and emptyString to DataSchema on SingleSelectField
2021-03-23 21:53:30 +13:00
Thomas Portelange
fc40e0b98a
Test that email is trimmed
2021-03-22 09:03:43 +01:00
Maxime Rainville
7a04090bdf
Merge branch '4.7' into 4
2021-03-15 14:27:47 +13:00
Nik
d2fa64b489
BUG Allow Email to re-render when data changes ( #9876 )
...
* Fix: Allow Email to re-render when data changes
* Add invalidateBody function
* Make the linter happy
2021-03-04 11:18:46 +13:00
Maxime Rainville
2c54a3fd2f
Merge branch '4.7' into 4
2021-03-01 20:37:04 +13:00
Maxime Rainville
028c4fdaa1
BUG Tweak shortcode parser so it properly parse empty attributes
2021-02-25 15:18:16 +13:00
Maxime Rainville
9ca33950a2
API Add a CREATE_MEMORY_HYDRATED option to DataObject constructor ( #9767 )
2021-01-21 14:07:06 +13:00
Maxime Rainville
0dd59a1e7b
BUG Reset GridFieldFilterHeader grid state when search is cleared ( #9829 )
2021-01-21 13:47:40 +13:00
Maxime Rainville
54bdabd203
Merge branch '4.7' into 4
2021-01-20 12:57:01 +13:00
Maxime Rainville
d13d3a1134
Merge pull request #9818 from creative-commoners/pulls/4.7/check-object-for-key
...
FIX Type checking in objectForKey() to fix postgres bug
2021-01-20 12:41:49 +13:00
Maxime Rainville
17c6f98ba2
BUG Fix PostgreSQL issue in TreeMultiselectField where field would try to filter list by a blank ID
2021-01-20 12:23:09 +13:00
Maxime Rainville
0da15f0f27
Merge branch '4.7' into 4
2021-01-19 15:33:56 +13:00
Maxime Rainville
92af6b3dd5
FIX Update behat toast logic so it works with quotes
2021-01-19 15:16:26 +13:00
Steve Boyd
76ae5bc38a
FIX Type checking in objectForKey() to fix postgres bug
2021-01-08 15:25:38 +13:00
William Desportes
c932d7e7fb
Fix the phpdoc blocks
2020-12-21 22:23:23 +01:00
Sam Minnée
a8d121d23f
Merge pull request #9800 from creative-commoners/pulls/4.7/arraylist-value-set
...
FIX Bug when specifying 0 in ArrayList::offsetSet
2020-12-16 15:40:20 +13:00
Steve Boyd
5be045f9a2
FIX Bug when specifying 0 in ArrayList::offsetSet
2020-12-15 14:50:10 +13:00
Andre Kiste
460715197d
Merge pull request #9190 from open-sausages/pulls/4/test-state
...
Don't include default value in url grid state
2020-11-18 12:31:50 +13:00
Steve Boyd
6e77d5eada
NEW DataObject related objects service
2020-10-29 09:29:26 +13:00
Garion Herman
e89ae93ac9
FIX Harden hasMethod() against invalid values
...
This method should typehint the incoming value once union types are
available, but for now this ensures that method_exists() is not called
on scalar values, which is unsupported in PHP 8.
2020-10-28 09:34:33 +13:00
wernerkrauss
941df19e88
ENH Improve YamlReader exception message ( #9731 )
...
Fixes #9690
2020-10-12 22:38:13 +13:00
Sam Minnée
c5d676fa4e
FIX Avoid test failure on use of narrow-NBSP ( #9725 )
...
For whatever reason (different locale version) my local dev env uses
narrow-NBSPs (Unicode 8239) rather than regular NBSP in its localised
strings. This patch makes the tests robust against this difference.
Note that this occurred running the tests in Lando.
Co-authored-by: Robbie Averill <robbie@averill.co.nz>
2020-10-09 10:33:51 +13:00
Garion Herman
198b25c900
FIX Hardcode PasswordValidator config in VersionedMemberAuthenticatorTest
2020-10-06 16:07:24 +13:00
Aaron Carlino
544b137328
Merge branch '4.6' into 4
2020-10-05 14:03:05 +13:00
Guy Marriott
478d487f0e
Merge pull request #9707 from robbieaverill/pulls/4.7/exceptions
2020-10-01 17:16:43 -07:00
Daniel Hensby
fe45655a2b
Merge pull request #9698 from sminnee/pulls/symfony4
...
Symfony 4 support
2020-09-30 23:22:51 +01:00
Garion Herman
8ad4c4e024
FIX Fix namespace parsing under PHP 8, tweak readability of parser
...
$hadNamespace was ambiguously named, so the original PHP 8 support
update marked it true when it was strictly meant to indicate that a
namespace separator token had been encountered, resulting in bungled
parsing of complex class specs like Class(["arg" => true]).
2020-09-30 16:16:30 +13:00
Robbie Averill
ae1e17edec
Update exception assertions in tests and remove deprecated annotations
2020-09-25 10:06:49 -07:00
Sam Minnee
9247bc8b79
NEW: Add Symfony 4 support alongside Symfony 3
...
- Remove duplicate key in YML file
- Remove deprecated yaml dump indentation set (the constructor arg works in both ^3 and ^4)
Fixes #9274
2020-09-21 19:09:08 +12:00
Dan Hensby
ae0ece2b02
Merge pull request #9665 from creative-commoners/pulls/4/php8-fqcn-token
2020-09-18 20:44:22 +01:00
Sam Minnee
0d7c5a9ece
NEW Add/remove callbacks on RelationList
...
This provides a mechanism for adjusting the behaviour of these
relations when building more complex data models.
For example the following example has a status field incorporates a
Status field into the relationship:
```php
function MyRelation() {
$rel = $this->getManyManyComponents(‘MyRelation’);
$rel = $rel->filter(‘Status’, ‘Active’);
$rel->addCallbacks()->add(function ($relation, $item, $extra) {
$item->Status = ‘Active’;
$item->write();
});
}
```
Introduces a new library dependency: http://github.com/sminnee/callbacklist
2020-09-18 13:33:42 +12:00
Maxime Rainville
ff18dec2e5
API Add new behat method for interacting with toasts ( #9695 )
2020-09-17 17:12:35 +12:00
Loz Calver
bca0f28b62
FIX: Make template parser error on mismatched brackets ( fixes #8845 )
2020-09-15 16:54:24 +01:00
Loz Calver
bfc3b4b468
FIX: Stop empty comments breaking the template parser ( fixes #8742 )
2020-09-15 16:54:22 +01:00
Garion Herman
099ee2deb7
FIX Remove extraneous @depends annotations
2020-09-15 17:40:42 +12:00
Garion Herman
f1c94e6d54
FIX Allow quotes in expected ReflectionExceptions within tests
2020-09-15 17:40:42 +12:00
Sam Minnee
57bdef3b2e
FIX: Fix test mistakenly labelling content as name arguments in data provider
2020-09-15 17:40:42 +12:00
Sam Minnee
b3dd27953b
NEW: Allow league/csv ^9
...
Hopefully this has better PHP 8 support.
2020-09-15 17:40:42 +12:00
Steve Boyd
015ea8cfc8
Merge branch '4.6' into 4
2020-09-11 11:54:23 +12:00
Damian Mooyman
ac6f34846e
BUG Resolve issue where TreeMultiSelectField would error loading its value ( #9604 )
...
* BUG Resolve issue with TreeMultiSelectField not retaining value in some situations
E.g. in an elemental form
2020-09-11 11:52:36 +12:00
Robbie Averill
de61681dec
Merge pull request #9634 from open-sausages/pulls/4/ellipsis
...
BUG Use proper ellipsis character in the various summary method.
2020-09-10 14:48:33 -07:00
Maxime Rainville
acdebcdba7
Fix unit test
2020-09-10 17:08:13 +12:00
Steve Boyd
4c3a5441b2
Merge branch '4.6' into 4
2020-09-09 13:58:35 +12:00
Nicolaas
27c1c72912
FIX ModuleManifest::getModuleByPath fix to ensure right module is returned ( #9569 )
...
* FIX: ModuleManifest::getModuleByPath returns the wrong module #9561
Co-authored-by: Nicolaas Thiemen <nt@sunnysideup.co.nz>
2020-09-09 13:47:36 +12:00
Maxime Rainville
adaf793ddb
BUG Always validate Member credentials against DRAFT stage ( #9671 )
2020-09-08 11:47:04 +12:00
Guy Marriott
3575070b9d
FIX Removing selected column detail only if having is empty (MySQL "feature")
2020-09-01 16:21:43 +12:00
Garion Herman
6b78428fbb
Merge pull request #9651 from open-sausages/pulls/4/test-mysql-connection-collation
...
ENH Test coverage for MySQL connection collation
2020-08-30 22:44:28 +12:00
Serge Latyntcev
f57d5cc807
ENH Test coverage for MySQL connection collation
2020-08-30 13:21:38 +12:00
Garion Herman
9aa2642d03
Merge pull request #9639 from creative-commoners/pulls/4/embed-performance
...
NEW Cache embed shortcodes
2020-08-27 12:15:24 +12:00
Garion Herman
c143941e44
Merge pull request #9628 from creative-commoners/pulls/4/version-provider
...
NEW Additional logic for VersionProvider
2020-08-21 14:25:23 +12:00
Sam Minnée
b810b7d5c9
API: Allow for user-created objects to have values passed in the constructor ( #8591 )
2020-08-20 12:28:31 +12:00
Steve Boyd
00a60432f6
Backport fix to GroupedDropdownFieldTest
2020-08-19 11:21:46 +12:00
Maxime Rainville
5226d961e8
Fix unit test
2020-08-18 10:29:57 +12:00
Maxime Rainville
a43414dedb
Make sure GridState always outputs a JSON Object string
2020-08-17 23:23:42 +12:00
Maxime Rainville
70ffb3297a
API Only include gridfield state value that differ from the expected default
2020-08-17 12:11:56 +12:00
Steve Boyd
7304acb171
NEW Cache embed shortcodes
2020-08-12 12:14:05 +12:00
Steve Boyd
e19ef240f7
NEW VersionProvider now supports recipes as well as modules
2020-08-11 13:04:48 +12:00
Sam Minnée
8195bb480d
Merge pull request #9630 from silverstripe-terraformers/feature/with-time
...
NEW: WithMockTime callback.
2020-08-07 10:16:30 +12:00
Maxime Rainville
26b8b7964e
Rename DefaultEllipsis to defaultEllipsis
2020-08-07 09:48:42 +12:00
Maxime Rainville
e31565cb71
BUG Fix GroupedDropdownFieldTest::testReadonlyValue
2020-08-06 22:50:40 +12:00
Maxime Rainville
896c0e4388
BUG Use proper ellipsis character in the various summary method.
2020-08-06 19:37:03 +12:00
Mojmir Fendek
c2ed6a4cd6
NEW: WithMockTime callback.
2020-08-06 11:18:39 +12:00
Ingo Schommer
9d03a6856c
FIX Retain custom sort on custom lists in GridFieldAddExistingAutoCompleter
...
Forcing sort by the first search field isn't always appropriate.
When a custom search list is used, we can set the expectation that custom sorting is intended as well.
As an example, this can be used to autocomplete based on FULLTEXT indexes,
and sort based on relevancy.
2020-08-04 22:02:20 +12:00
Steve Boyd
8287fad24d
Merge branch '4.6' into 4
2020-07-29 11:38:49 +12:00
Steve Boyd
52d38a8b4a
Merge pull request #9615 from creative-commoners/pulls/4.6/embed-iframe-dimensions
...
FIX Set iframe dimension attributes specified in shortcode
2020-07-28 11:04:24 +12:00
Steve Boyd
f0936d4c1e
FIX Set iframe dimension attributes specified in shortcode
2020-07-27 18:04:03 +12:00
Martin Heise
404f450ac3
BUG Readonly version of GroupedDropdownField
...
GroupedDropdownField was showing empty values in Readonly mode due to not correctly handling the hierarchical source array.
Uses flattened source now in GroupedDropdownField->performReadonlyTransformation()
2020-07-21 09:23:30 +02:00
Robbie Averill
84b4057a9a
Merge pull request #9406 from chrispenny/feature/standardise-get-cms-validator
...
v4 improvement: Standardise getCMSValidator for DataObjects/Forms
2020-07-16 15:58:33 -07:00
Garion Herman
d408a4e714
Merge branch '4.6' into 4
2020-07-13 12:28:14 +12:00
Garion Herman
fbe0f5a981
Merge branch '4.5' into 4.6
2020-07-13 12:27:02 +12:00
Maxime Rainville
8518987cbd
[CVE-2019-19326] Stop honouring X-HTTP-Method-Override header, X-Original-Url header and _method POST variable. Add SS_HTTPRequest::setHttpMethod()
2020-07-10 17:56:15 +12:00
Maxime Rainville
71db45b18b
[CVE-2019-19326] Stop honouring X-HTTP-Method-Override header, X-Original-Url header and _method POST variable. Add SS_HTTPRequest::setHttpMethod()
2020-07-10 14:57:26 +12:00
Maxime Rainville
b780c4f504
BUG Tweak DBHTMLText::Plain to avoid treating some chinese characters as line breaks.
2020-07-09 13:33:43 +12:00
Sam Minnee
01d3b4fd96
FIX: Set many-many-through joinRecord on newly added records.
...
When many-many-through relations are queried, a joinRecord is set on
each DataObject in the list to provide the extra fields defined on
the connector object. This didn’t previously happen when the record
was first add()ed to a list. This fixes that bug.
2020-07-02 15:18:12 +12:00
cpenny
f72491f7f4
Linting fix
2020-06-08 09:35:00 +12:00
cpenny
d4165db690
Update getter name to getCMSCompositeValidator
2020-05-28 12:23:35 +12:00
cpenny
2765b65f42
Use ReflectionClass for CompositeValidator tests
2020-05-28 11:18:46 +12:00
cpenny
bca4be77ed
Update name to CompositeValidator. Add docblocks
2020-05-28 11:18:46 +12:00
cpenny
b45a3561df
Implemented PR feedback. Added some initial test cov
2020-05-28 11:18:46 +12:00
Maxime Rainville
acccdd8a1c
Merge branch '4.5' into 4
2020-05-26 14:31:06 +12:00
Maxime Rainville
42bb28965c
Merge branch '4.4' into 4.5
2020-05-26 14:30:27 +12:00
Maxime Rainville
395893b559
Merge branch '4.3' into 4.4
2020-05-26 14:30:02 +12:00
Maxime Rainville
86fcb9e29c
Merge branch '4.2' into 4.3
2020-05-26 14:29:16 +12:00
Daniel Hensby
080ce157ce
Fix various typos in comments
2020-05-16 10:34:53 +01:00
Michal Kleiner
21129b1624
Use short array syntax across the framework's codebase
2020-05-16 10:34:45 +01:00
Steve Boyd
b1b61f866e
FIX Set nonce style on unit tests
2020-05-13 16:07:31 +12:00
Brett Tasker
1d19051c10
Add sha1 and md5 hashing options in resource URL
2020-05-12 18:14:03 +12:00
Mojmir Fendek
7dc6b36c16
Unique key for DataObject ( #9400 )
...
NEW Unique key for DataObject
2020-05-04 09:10:51 +12:00
Dan Hensby
33b0b6985a
Update file paths for autoloading compatibility
2020-04-25 10:28:28 +01:00
Daniel Hensby
237b2d5f74
Convert array delcarations to short array syntax
2020-04-20 18:58:09 +01:00
Garion Herman
f94078d963
Merge pull request #9408 from chrometoasters/pulls/classes-with-extension
...
Add ClassInfo method to get all classes with a given extension applied
2020-04-20 20:11:01 +12:00
Serge Latyntcev
cb36aab80c
Merge branch '4.5' into 4
2020-04-15 14:49:19 +12:00
mattclegg
e968f5cb86
DOCS: Remove outdated TODO
2020-04-14 15:00:08 +05:45
Ingo Schommer
2c5deceeb4
FIX Filter out all FULLTEXT BOOLEAN chars
...
The query might still work depending on where these chars are placed,
but it seems weird to only remove *some* of the valid chars here.
See https://dev.mysql.com/doc/refman/5.6/en/fulltext-boolean.html
Note that the query runs both the actual boolean query with chars,
and then a separate relevance search without them.
2020-04-09 10:32:45 +12:00
Ingo Schommer
c6b698cb02
NEW Allow InnoDB for FULLTEXT indexes
...
MyISAM used to be the only one to support it, now InnoDB has caught up.
Unless an engine is set specifically in create_table_options,
this will auto-convert existing MyISAM tables to InnoDb.
Fixes #9242
2020-04-09 10:32:45 +12:00
Dan Hensby
5bf2ac83ee
Merge branch '4.5' into 4
2020-04-01 19:23:47 +01:00
Daniel Hensby
1fb574a5bd
NEW: Variadic URL parameter matches for url_handlers ( #9438 )
...
* Add wildcard URL parameter matches for url_handlers
* Extra tests for wildcard parameters
* Add a PHP warning if more params appear after wildcard param
2020-03-25 09:16:13 +13:00
Michal Kleiner
30c3b127c1
NEW Add ClassInfo method to get all classes with a given extension applied
2020-03-24 10:48:35 +13:00
Aaron Carlino
37e8720fe5
Linting
2020-03-17 16:21:46 +13:00
Aaron Carlino
7ad5f1bb14
BUGFIX: Ensure diff arrays are one-dimensional
2020-03-17 15:57:28 +13:00
Steve Boyd
667495eaf9
Merge branch '4.5' into 4
2020-03-06 10:53:28 +13:00
Steve Boyd
687435a2f1
Merge branch '4.4' into 4.5
2020-03-06 10:52:22 +13:00
UndefinedOffset
bba0f2f72f
BUGFIX: Fixed issue where TimeField_Readonly would only show "(not set)" instead of the value
2020-02-24 09:59:00 -04:00
Maxime Rainville
affd43052a
Merge branch '4.5' into 4
2020-02-17 18:11:23 +13:00
Maxime Rainville
acd7d94167
Merge branch '4.4' into 4.5
2020-02-17 13:07:26 +13:00
Maxime Rainville
49fda52b12
Merge pull request #94 from silverstripe-security/fix/cve-2019-19325
...
CVE-2019-1935
2020-02-17 12:54:40 +13:00
Serge Latyntcev
ad1b00ec7d
[CVE-2019-19325] XSS through non-scalar FormField attributes
...
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
Guy Marriott
c31de772ab
Merge pull request #8838 from creative-commoners/pulls/4/slash-means-root
...
Use '/' as an alternative designation for root in routing
2020-02-14 11:29:32 -08:00
Garion Herman
9d1d59d8d1
NEW Accept / as designation for root URL controller
2020-02-14 14:41:10 +13:00
Steve Boyd
9d5c3ef20e
Merge branch '4.4' into 4.5
2020-02-11 16:45:15 +13:00
Mojmir Fendek
99786dda22
ORM Column now supports related table lookup
2020-01-28 15:46:30 +13:00
Andre Kiste
6650d81324
BUG Fix extra blank Group being created when creating a new Group ( #9325 )
...
* Fix extra blank Group being created when creating a new Group
* Update tests to reflect expected behavior
* Improved tests
2019-11-27 09:32:33 +13:00
Serge Latyntcev
91e4aa90f1
Merge branch '4.4' into 4.5
2019-11-20 11:09:23 +13:00
Serge Latyntcev
8219491705
Merge branch '4.3' into 4.4
2019-11-20 11:08:35 +13:00
Garion Herman
ea2a2b4786
FIX Adjust HTMLEditorField tests to support alt attr changes in assets
...
The default behaviour of the alt attribute has changed from using the
filename to applying an empty value.
2019-11-14 12:04:37 +13:00
Mojmir Fendek
e2bea6b41f
API Add withConfig
method ( #9011 )
...
* With config functionality added.
* Update docs/en/02_Developer_Guides/04_Configuration/00_Configuration.md
2019-10-31 16:12:04 +13:00
Damian Mooyman
e76601e5c8
BUG FormAction title property cannot be set if useButtonTag is false
2019-10-29 17:21:45 +13:00
Garion Herman
17f4cc6e30
Merge pull request #9281 from creative-commoners/pulls/4/textfield-tip-ui
...
NEW: Add support for Tip UI in TextField
2019-10-23 16:50:43 +13:00
Garion Herman
bed3f2b3c6
NEW Add type declarations to Tip API, add TippableFieldInterface
2019-10-23 10:46:22 +13:00
Garion Herman
195417b061
NEW Extract Tip from TextField, add test coverage
2019-10-22 17:04:58 +13:00
Maxime Rainville
e59625fe5a
NEW Add ability to define image size preset for the TinyMCE editor. ( #9276 )
...
* NEW Add ability to define image size preset for the TinyMCE editor.
* DOC Explain how to define image size pre-sets
2019-10-22 11:50:28 +13:00
Serge Latyntcev
33a28394d6
Merge branch '4.4' into 4
2019-10-18 15:59:28 +13:00
Serge Latyntcev
0cf5d4cbe2
Merge branch '4.3' into 4.4
2019-10-18 15:58:13 +13:00
Serge Latyntcev
46b9530d88
PSR2 linting fixes
2019-10-18 15:31:39 +13:00
Serge Latyntcev
7873efde9c
Merge branch '4.4' into 4
2019-10-18 10:58:19 +13:00
Serge Latyntcev
dcbe6d0310
Merge branch '4.3' into 4.4
2019-10-18 10:57:35 +13:00
Damian Mooyman
d7752b7945
Run PSR2 Lint cleaner
2019-10-04 13:26:31 +13:00
Serge Latyntcev
7db524bd90
FIX DebugViewFrendlyErrorFormatter handle of admin_email
2019-10-04 10:26:54 +13:00
Dylan Wagstaff
047ac060c4
Merge pull request #9265 from emteknetnz/feature/noopener
...
Add noopener attribute to links with a target
2019-10-03 14:42:50 +13:00
Steve Boyd
887f198b07
Add rel attribute to link elements with a target attribute
2019-10-03 14:03:12 +13:00
Sam Minnée
af6644f762
Merge pull request #9240 from chrometoasters/pulls/db-readonly-transactions-support
...
NEW Introduce supported database transaction mode check
2019-09-25 10:02:53 +12:00
Aaron Carlino
b002ef1171
Merge branch '4.4' into 4
2019-09-24 17:26:50 +12:00
Garion Herman
0d27f32cc9
FIX Add 'legal empty attributes' to allow empty alt values on imgs
...
In some situations, a caption is used in place of a value in the alt
attribute, and in others an image may be cosmetic and not in need of an
alt attribute value (though the alt attribute must still be rendered in
this case).
2019-09-24 11:44:12 +12:00
Robbie Averill
3cfc21c405
Merge pull request #9241 from open-sausages/pulls/4.4.3/fix-file-permission
...
Fix administrators not being able to see files that are restricted to groups
2019-09-23 11:13:26 -07:00
bergice
6a1c6ecec6
Fix administrators not being able to see files that are restricted to groups
...
Resolves https://github.com/silverstripe/silverstripe-asset-admin/issues/777
2019-09-23 16:44:28 +12:00
Michal Kleiner
bcbf90a837
NEW Introduce supported database transaction mode check
2019-09-16 14:44:15 +12:00
Robbie Averill
aa6b244db9
Merge branch '4.4' into 4
2019-09-13 18:11:46 -07:00
Robbie Averill
592ab6abc1
Merge branch '4.3' into 4.4
2019-09-13 18:11:34 -07:00
Robbie Averill
9a76d4adb4
Merge pull request #9181 from kinglozzer/8762-shortcode-templates
...
NEW: Use templates to render embed shortcodes (closes #8762 )
2019-09-13 17:58:32 -07:00
Serge Latyntsev
233e0e7aa0
ENH PasswordExpirationMiddleware implementation ( #9207 )
2019-09-12 14:34:06 +12:00
Aaron Carlino
da6582f593
NEW: Remove web installer, move to separate package ( #9231 )
...
* Remove installer
* Remove exposed install files
* Replace Dev/Install classes still in use
* Update changelog
* FIX make the grid field actions consistent to what they look like on pages
Resolves https://github.com/silverstripe/silverstripe-admin/issues/904
* Docs changes
2019-09-11 13:10:25 +12:00
Maxime Rainville
591b88a9bc
BUG Allow infinite loop when calling DataObject::writeComponent() recursively
2019-09-10 14:15:28 +12:00
Robbie Averill
e8c2f963fd
FIX Member::getLastName() now correctly returns the Member surname
2019-09-06 12:12:27 -07:00
Maxime Rainville
dd40d53e6b
Merge branch '4.4' into 4
2019-09-04 09:46:33 +12:00
Maxime Rainville
24015c7767
Merge branch '4.3' into 4.4
2019-09-04 09:42:09 +12:00
Robbie Averill
77ba8391c4
FIX Byte Order Marks (BOM) are now stripped when importing CSV files
2019-08-29 14:54:57 +12:00
Loz Calver
759601741d
NEW: Use templates to render embed shortcodes ( closes #8762 )
2019-08-21 09:32:16 +01:00
Robbie Averill
a5d6b998fc
Merge branch '4.4' into 4
2019-08-16 16:40:39 +12:00
Robbie Averill
11a7d6ccb4
Rename test to be clearer about its intent
...
Co-Authored-By: Guy Marriott <guy@scopey.co.nz>
2019-08-16 09:49:36 +12:00
Robbie Averill
bae7e32680
FIX Member::changePassword() no longer applies password validation rules to the hashed value
2019-08-16 09:06:07 +12:00
Robbie Averill
f354e2018d
FIX Set minimum test scores and password length for Members while running fixtured DataObject tests
2019-08-15 15:23:11 +12:00
Robbie Averill
45f86658ca
Merge branch '4.4' into 4
2019-08-14 09:31:05 +12:00
Robbie Averill
4b44272367
Merge branch '4.3' into 4.4
2019-08-14 09:30:53 +12:00
Robbie Averill
d63e4b520c
Merge branch '4.2' into 4.3
2019-08-14 09:30:41 +12:00
Guy Marriott
f3132c89d7
Merge pull request #9170 from open-sausages/pulls/4/add-option-to-disable-user-agent-session-check
...
API Add option to disable user-agent header session validation
2019-08-08 11:47:07 +12:00
Aaron Carlino
b3093b7a1a
BUGFIX: Allow state to be shared across nested GridFields
2019-08-07 23:09:51 +12:00
Maxime Rainville
4380d7d155
API Add option to disable user-agent header session validation
2019-08-06 22:00:01 +12:00
Robbie Averill
0672f8b76b
NEW HTTPRequest now has hasSession() to determine whether a session exists for it
2019-08-02 11:29:23 +12:00
UndefinedOffset
c1ffc4edfb
Added unit tests for multiple relationship sorting
2019-07-29 10:45:10 -03:00
Chee Wai
cb91f5fa06
NEW Added SRI support for Requirements::css, Requirements::javascript ( #9139 )
2019-07-21 09:51:22 +02:00
Simon Gow
22b514c421
#9114 - DBText::ContextSummary() cuts line breaks
...
ContextSummary() was cutting the HTML which was added by nl2br because
it expected plain text elements as it's stripping and replacing text.
Instead this fix changes the behaviour to apply the nl2br after the text
changes have been made. That way we can't cut anything in the middle of
a HTML tag, but new lines, or paragraphs are replaced by BRs after,
should they exist.
- Added tests to ensure text is not cut in the middle of a sentence.
- Added test to ensure that <br>'s are added in the correct place should
the summary span between new lines.
2019-07-19 12:43:20 +12:00
Serge Latyntcev
29a663c65d
Merge branch '4.4' into 4
2019-07-15 09:24:49 +12:00
Serge Latyntcev
d667d64f13
Merge branch '4.3' into 4.4
2019-07-15 09:18:17 +12:00
Serge Latyntcev
fcd7a1e63e
FIX core memory limit test
2019-07-12 16:30:25 +12:00
Serge Latyntsev
7ef13e7ef6
FIX Confirmation components to respect SS_BASE_URL ( #9074 )
2019-07-05 16:05:41 +12:00
Robbie Averill
844d2ef134
NEW DBDate and DBDatetime now support modify() with a strtotime() style adjustment string ( #9105 )
2019-07-05 15:57:23 +12:00
UndefinedOffset
e3aa0ff63a
Added unit tests for config condition if PHP extension is loaded
2019-07-03 10:32:41 -03:00
Sam Minnee
96e7914f23
FIX: Fix MySQLQuery::seek() and Query::rewind() to fix repeated iteration
...
API: Query::seek() and Query::rewind() no longer return a value.
Although breaking an API inside a patch release may seem odd, this in
fact is correcting a long-standing bug in our implementation of
Iterator::rewind(), so I think it’s appropriate.
https://github.com/silverstripe/silverstripe-framework/issues/9097
2019-07-03 09:20:05 +12:00
Saophalkun Ponlu
6a8c6703d1
Remove use_gzip
from HTMLEditorField since it's been removed by TinyMCE codebase ( #7261 )
...
* Remove `use_gzip` from HTMLEditorField
* DOCS Mention remove use_gzip in changelog
2019-06-21 09:27:48 +12:00
Aaron Carlino
d04e54c1be
Merge branch '4.4' into 4
2019-06-10 17:33:30 +12:00
Aaron Carlino
c747b1f8d3
Merge branch '4.3' into 4.4
2019-06-10 17:32:07 +12:00
Aaron Carlino
f766555d61
Merge branch '4.2' into 4.3
2019-06-10 17:27:05 +12:00
Serge Latyntcev
ca56e8d78e
[CVE-2019-12246] Denial of Service on flush and development URL tools
2019-06-10 17:23:56 +12:00
Sam Minnée
654156d46d
FIX: Fix bug when confirmed password is changed but not the password. ( #9012 )
...
In this case the confirmed password field is not reflected. It’s
unclear how often this situation would arise outside of test scenarios,
but may come up if $form->loadDataFrom() is called more than once.
Fixes #2496 (it’s a minor issue but I think this is why Dan flagged it
as a regression). Originally introduced as part of Dan’s initial fix
at 2a6f1f1949
.
2019-06-10 15:48:29 +12:00
Jarkko Linnanvirta
9184056b5e
URLSegmentFilter: Remove : characters from url segments when multibyte characters are allowed.
2019-06-02 11:43:51 +03:00
Robbie Averill
00fd74a0a1
Merge branch '4.4' into 4
...
# Conflicts:
# src/Dev/Tasks/MigrateFileTask.php
2019-05-30 09:36:42 +12:00
Robbie Averill
14673ffd0a
Merge branch '4.3' into 4.4
2019-05-30 09:35:26 +12:00
Robbie Averill
188698dcee
Merge branch '4.2' into 4.3
2019-05-30 09:35:17 +12:00
Robbie Averill
3e2fc6aa0b
Automated phpcbf linting
2019-05-30 09:34:34 +12:00
Guy Marriott
f97ca26e76
Merge pull request #9014 from sminnee/fix-4142
...
FIX: List default items in the readonly view of ListboxField
2019-05-27 20:13:20 +12:00
Sam Minnee
7407096e99
FIX: List default items in the readonly view of ListboxField
...
Adds tests for non-readonly default items too.
Fixes #4142
2019-05-27 17:47:09 +12:00
Sam Minnee
2c71daacfe
MINOR: Add tests for GroupedDropdownField empty strings
...
These bugs were never present in SS4 as the relevant code had a
substantial rewrite at the same time they were introduced in SS3.
In SS3, test C still fails.
Fixes #4705
Fixes #4987
Fixes #4793
2019-05-27 17:46:03 +12:00
Guy Marriott
350888bf50
NEW Adding a shuffle method to ArrayList ( #8984 )
...
* NEW Adding a shuffle method to ArrayList
* API Add shuffle to DataList for ArrayList parity
2019-05-16 09:26:11 +12:00
Aaron Carlino
3f1479edbb
BUGFIX: DataQuery overwriting _SortColumn selects ( #8974 )
...
* BUGFIX: DataQuery overwriting _SortColumn selects
* FIX DataQuery _SortColumn handling
2019-05-15 11:42:10 +12:00
Maxime Rainville
8ee50d2ba7
API Remove DataObjectSchema::getFieldMap() ( #8960 )
...
Introduced as a less public API in https://github.com/silverstripe/silverstripe-assets/pull/227
2019-05-06 12:33:23 +12:00
Guy Marriott
82c8225502
Merge branch '4.3' into 4.4
2019-05-03 09:45:25 +12:00
Serge Latyntcev
3d777cfb8a
Backward compatible behaviour for SQLConditionalExpression::getJoins
2019-05-02 15:39:36 +12:00
Andre Kiste
0c6c57f1ef
Add getFieldMap
method to retrieve a list of all fields for any giv… ( #8892 )
...
* Add `getFieldMap` method to retrieve a list of all fields for any given class
* Add `TagsToShortcodeTask` to upgrading guide
Adding after the file migration part as this is where it makes the most sense to run it.
* `getFieldMap` accepts an array
* Move to `DataObjectSchema`
* Add `HTMLVarchar` to documentation
Minor refactoring
* Add test for checking that `subclassesfor` works without the base class
Add test `DataObjectSchema::getFieldMap` returns the correct array
* Remove cms dependency
2019-04-30 10:43:14 +12:00
Aaron Carlino
c63eecc3e1
Merge branch '4.3' into 4
2019-04-18 11:57:36 +12:00
Sam Minnée
155a9bb1f9
Merge pull request #8934 from creative-commoners/pulls/4.4/pdostgresql-boolean-consistency
...
FIX Postgres booleans should return as int for consistency
2019-04-17 15:43:35 +12:00
Guy Marriott
da1af3d8b0
FIX Postgres booleans should return as int for consistency
2019-04-17 15:15:17 +12:00
Guy Marriott
cc1fdf603b
Resolve incorrect empty string assertion in tests
2019-04-17 13:29:54 +12:00
Guy Marriott
9d6b5048a6
FIX Table aliases are retained on base tables in queries built using SQLConditionalExpression ( #8918 )
...
* Adding failing test for base table aliases using SQLSelect
* FIX Retain table aliases applied to the base table on queries
* FIX Move the trimmed alias outside of the condition so we can use it within the condition
2019-04-16 15:40:09 +12:00
Ralph Slooten
66c372ce28
Include baseURL with relative setGetVar() links ( #8834 )
...
* Return baseURL with setGetVar
* Adjust testSetGetVar tests for base url
2019-04-15 14:50:46 +12:00
Robbie Averill
8a06682e31
Merge branch '4.3' into 4
...
# Conflicts:
# src/ORM/Connect/DBSchemaManager.php
2019-04-11 11:24:17 +12:00
Sam Minnee
d295888838
MINOR: Improve type testing
2019-04-05 15:11:21 +13:00
Sam Minnee
2625cea5e3
MINOR: Add a test that 0 is falser on int, decimal, currency
...
Validates that https://github.com/silverstripe/silverstripe-framework/issues/3473 has been fixed
The bug was fixed in #8448
2019-04-05 15:11:21 +13:00
Sam Minnee
4f4153c834
MINOR: Test test to validate that multiple GreaterThan filters in a filterAny work.
...
Confirms https://github.com/silverstripe/silverstripe-framework/issues/3995 isn’t a bug.
2019-04-05 15:05:42 +13:00
Robbie Averill
123d483213
MemberTest and SecurityTest now set the default authenticator to use
2019-04-05 11:26:29 +13:00
Guy Marriott
a9d57f5bfb
Merge pull request #8241 from creative-commoners/pulls/4.3/separate-logging
...
Separate core error logging from standard LoggerInterface
2019-04-05 08:49:09 +13:00
Aaron Carlino
fc6213c293
Merge branch '4.3' into 4
2019-03-27 13:25:57 +13:00
Johannes Hammersen
e1190e33d2
Fix PDOConnector GeneratedID return type
2019-03-21 09:26:14 +01:00
Aaron Carlino
388baa01b4
Fix linting
2019-03-20 13:19:10 +13:00
Aaron Carlino
aa491d9294
Fix tests
2019-03-20 12:33:00 +13:00
Damian Mooyman
6b450395ce
API Allow empty arraylists to be typed ( #8866 )
...
* API Allow empty arraylists to be typed
* PHPCBF fixes
2019-03-20 11:46:35 +13:00
Dan Hensby
765d1568ab
Merge branch '4.3' into 4
2019-03-06 11:04:50 +00:00
Dan Hensby
a8605b04e0
Merge branch '4.2' into 4.3
2019-03-06 11:04:14 +00:00
Damian Mooyman
d1396b7dfe
BUG Fix writeBaseRecord with unique indexes
...
Fixes #6819
2019-02-27 16:40:12 +13:00
Maxime Rainville
11b9429c34
Merge branch '4.3' into 4
2019-02-27 12:14:51 +13:00
Maxime Rainville
651d537196
Merge branch '4.2' into 4.3
2019-02-27 12:13:24 +13:00
Maxime Rainville
ed013fcfbb
Merge branch '4.1' into 4.2
2019-02-27 12:12:39 +13:00
Maxime Rainville
ac53f77115
Merge branch '4.0' into 4.1
2019-02-27 12:11:47 +13:00
Maxime Rainville
6ff319a0e1
BUG Implement peer review feedback,
2019-02-27 11:14:47 +13:00
Maxime Rainville
9a59f2f57d
BUG Renable the ability to do dynamic assignment with DBField
2019-02-22 11:08:43 +13:00