cpenny
f977f9734c
Add base updateValidatorList method to DataExtension
2020-05-28 11:18:46 +12:00
cpenny
b45a3561df
Implemented PR feedback. Added some initial test cov
2020-05-28 11:18:46 +12:00
cpenny
d7dd93f7a7
Standardise getCMSValidator for DataObjects/Forms
2020-05-28 11:18:46 +12:00
Maxime Rainville
acccdd8a1c
Merge branch '4.5' into 4
2020-05-26 14:31:06 +12:00
Maxime Rainville
42bb28965c
Merge branch '4.4' into 4.5
2020-05-26 14:30:27 +12:00
Maxime Rainville
395893b559
Merge branch '4.3' into 4.4
2020-05-26 14:30:02 +12:00
Maxime Rainville
86fcb9e29c
Merge branch '4.2' into 4.3
2020-05-26 14:29:16 +12:00
Daniel Hensby
080ce157ce
Fix various typos in comments
2020-05-16 10:34:53 +01:00
Michal Kleiner
21129b1624
Use short array syntax across the framework's codebase
2020-05-16 10:34:45 +01:00
Brett Tasker
1d19051c10
Add sha1 and md5 hashing options in resource URL
2020-05-12 18:14:03 +12:00
Alessandro Marotta
f3d1e308e5
Update Member.php
...
The public function isLockedOut() in Member.php call LoginAttempt::getByEmail but serves to it the unique_identifier_field.
This PR could allow to extensions to patch the use of uniqueidentifierfield (otherwise it would be necessary to extends the Member Class to override the isLockedOut function, with a lot of problems)
2020-05-10 19:07:22 +02:00
Matt Clegg
153e2383e6
DOCS: Minor typo
2020-05-10 08:01:10 +05:45
Mojmir Fendek
7dc6b36c16
Unique key for DataObject ( #9400 )
...
NEW Unique key for DataObject
2020-05-04 09:10:51 +12:00
Andre Kiste
3a424747df
Merge pull request #9332 from shoosah/feature/add-error-message-into-field
...
Allow to add error message into a specific field
2020-05-01 15:46:29 +12:00
Andre Kiste
ec51f98adb
Merge pull request #8870 from jinjie/4
...
Fix: Allow editing of relation if item is created.
2020-05-01 15:37:52 +12:00
Guy Marriott
693c4cde46
Merge pull request #9499 from lekoala/patch-16
2020-04-28 12:23:28 -07:00
Thomas Portelange
2f3c0fc8dd
Update src/Control/Session.php
...
Co-Authored-By: Guy Marriott <guy.the.person@gmail.com>
2020-04-28 19:21:52 +02:00
Robbie Averill
8bd9f48669
Merge pull request #9501 from mattclegg/1588075087
...
DOCS: Fix typos & grammer
2020-04-28 09:42:03 -07:00
mattclegg
dbecdd52d2
DOCS: Add reference for undocumented TEMP_FOLDER
2020-04-28 17:51:25 +05:45
mattclegg
df8cb9e010
DOCS: Update filter
to use correct class
2020-04-28 17:50:40 +05:45
mattclegg
76bc7524a7
DOCS: Fix typos & grammer
2020-04-28 17:50:39 +05:45
Thomas Portelange
b38c35fe90
Fixes warning if session is not active
...
See issue https://github.com/silverstripe/silverstripe-framework/issues/9496
2020-04-27 13:51:19 +02:00
Dan Hensby
28ba4f701a
Merge branch '4.5' into 4
2020-04-27 09:54:27 +01:00
Dan Hensby
13b4d60d4a
Merge branch '4.4' into 4.5
2020-04-27 09:53:42 +01:00
Dan Hensby
85b37999be
Merge branch '4.3' into 4.4
2020-04-27 09:52:52 +01:00
Dan Hensby
e328d6f0d9
Merge branch '4.2' into 4.3
2020-04-27 09:51:24 +01:00
Dan Hensby
33b0b6985a
Update file paths for autoloading compatibility
2020-04-25 10:28:28 +01:00
Dan Hensby
b9f8ab44ac
Rename DBBigint.php for composer autoloading compatability
2020-04-24 23:15:42 +01:00
Garion Herman
50484417da
Merge branch '4.5' into 4
2020-04-23 23:11:46 +12:00
Daniel Hensby
42cee6f5fb
Merge pull request #9489 from mattclegg/1587548067
...
DOCS: Fix typos
2020-04-22 12:28:02 +01:00
Daniel Hensby
826d1fa4eb
Merge pull request #9491 from mattclegg/1587548119
...
DOCS: Remove unnecessary `return`
2020-04-22 12:22:15 +01:00
mattclegg
2f717a4d90
DOCS: Remove unnecessary return
2020-04-22 15:50:12 +05:45
mattclegg
d521a52a33
DOCS: Fix typos
2020-04-22 15:20:11 +05:45
Daniel Hensby
237b2d5f74
Convert array delcarations to short array syntax
2020-04-20 18:58:09 +01:00
Garion Herman
9aba767e36
Merge pull request #9460 from chrometoasters/pulls/fix-9459-public-path
...
Fix SS_BASE_URL logic when undefined and docroot without public folder
2020-04-20 21:06:46 +12:00
Garion Herman
f94078d963
Merge pull request #9408 from chrometoasters/pulls/classes-with-extension
...
Add ClassInfo method to get all classes with a given extension applied
2020-04-20 20:11:01 +12:00
Loz Calver
e08bf1cdd9
Merge pull request #9461 from creative-commoners/pulls/4/remove-db-config-glob
...
Cache results of _configure_database.php glob
2020-04-20 08:45:48 +01:00
mattclegg
2169891651
BUGFIX: Ensure realpath returns a string for stripos
...
[Deprecated] stripos(): Non-string needles will be interpreted as strings in the future. Use an explicit chr() call to preserve the current behavior
2020-04-19 11:21:34 +05:45
Serge Latyntcev
cb36aab80c
Merge branch '4.5' into 4
2020-04-15 14:49:19 +12:00
Maxime Rainville
7da77be5ce
Merge branch '4.5' into 4
2020-04-15 08:22:27 +12:00
Daniel Hensby
03239f9dcc
Merge pull request #9454 from open-sausages/pulls/4/myisam
...
NEW Allow InnoDB for FULLTEXT indexes
2020-04-14 11:50:45 +01:00
mattclegg
60e670176a
DOCS: Correct spelling
2020-04-14 15:00:08 +05:45
mattclegg
5585f6633f
DOCS: Update typos
2020-04-14 15:00:08 +05:45
mattclegg
e968f5cb86
DOCS: Remove outdated TODO
2020-04-14 15:00:08 +05:45
Maxime Rainville
14bbaac1cb
Merge tag '4.5.3' into 4.5
...
Release 4.5.3
2020-04-14 14:23:57 +12:00
Maxime Rainville
de8fd82c55
Merge branch '4.4' into 4.5
2020-04-14 14:18:18 +12:00
Maxime Rainville
1fe6255f9b
Merge tag '4.4.6' into 4.4
...
Release 4.4.6
2020-04-14 14:13:59 +12:00
Serge Latyntcev
9779e42963
BUG Register new sub tasks to fix files affected by CVE-2020-9280 and CVE-2019-12245
2020-04-13 19:43:53 +12:00
Serge Latyntcev
b269d87490
BUG Register new sub tasks to fix files affected by CVE-2020-9280 and CVE-2019-12245
2020-04-13 17:16:57 +12:00
Steve Boyd
75d31c2cd3
Cache glob results for _configure_database.php
2020-04-10 23:15:12 +12:00
Michal Kleiner
ab87bdc044
Fix SS_BASE_URL logic when undefined and docroot without public folder
2020-04-10 15:06:14 +12:00
Ingo Schommer
a50e15e5ee
FIX Avoid VACUUM on test dbs in Postgres
...
The Postgres implementation was always faulty,
but the database exception was swallowed until
See https://github.com/silverstripe/silverstripe-framework/pull/9456 .
Now that the the exception is only swallowed the first time,
the second recurrence will cause failing test execution.
This is a bit of an awkward fix, but the indirection "through" DataObject doesn't allow for anything else without changing public API surface.
The logic goes from TempDatabase to DBSchemaManager, then through the closure into DataObject->requireTable(),
then back into DBSchemaManager->requireTable(). And updateschema() is subclassed in SQLite3, making it difficult to add more arguments.
VACUUM is described as:
> VACUUM reclaims storage occupied by dead tuples. In normal PostgreSQL operation, tuples that are deleted or obsoleted by an update are not physically removed from their table; they remain present until a VACUUM is done. Therefore it's necessary to do VACUUM periodically, especially on frequently-updated tables.
https://www.postgresql.org/docs/9.1/sql-vacuum.html
Since test databases are short-lived, there's no reason to delete dead tuples, they'll be garbage collected when either the transaction is rolled back, or the database is destroyed after the test run.
2020-04-09 14:43:16 +12:00
Ingo Schommer
2c5deceeb4
FIX Filter out all FULLTEXT BOOLEAN chars
...
The query might still work depending on where these chars are placed,
but it seems weird to only remove *some* of the valid chars here.
See https://dev.mysql.com/doc/refman/5.6/en/fulltext-boolean.html
Note that the query runs both the actual boolean query with chars,
and then a separate relevance search without them.
2020-04-09 10:32:45 +12:00
Ingo Schommer
0215fdd262
DOC Clarify sanitisation in searchEngine() under boolean mode
...
This came up in https://github.com/silverstripe/silverstripe-cms/issues/1452 , and wasn't fully addressed.
Either we allow boolean mode and all the constraints this brings around special character usage,
or we filter out those special characters, which makes boolean mode pointless.
You can't just pass arbitrary user input in a power-user function like this.
See https://dev.mysql.com/doc/refman/5.6/en/fulltext-boolean.html
Context: This used to work for some examples like "foo>*" under MyISAM,
presumably because it had a more lenient parser. InnoDB rightfully complains about this now.
2020-04-09 10:32:45 +12:00
Ingo Schommer
c6b698cb02
NEW Allow InnoDB for FULLTEXT indexes
...
MyISAM used to be the only one to support it, now InnoDB has caught up.
Unless an engine is set specifically in create_table_options,
this will auto-convert existing MyISAM tables to InnoDb.
Fixes #9242
2020-04-09 10:32:45 +12:00
Ingo Schommer
052c5cbc38
BUG Infinite loops in TempDatabase ( fixes #8902 )
...
Ugly, but so is the original implementation that this works around (swallowing an exception to trigger functionality)
2020-04-08 13:58:02 +12:00
Robbie Averill
f77f725355
Merge pull request #9447 from mattclegg/docs__GridFieldDetailForm_ItemRequest-httpError
...
[DOCS] Better debug text for errors generated by GridFieldDetailForm_ItemRequest
2020-04-02 13:05:49 -07:00
Robbie Averill
d3b19069b3
Apply suggestions from code review
...
Add double quotes around object title
2020-04-02 12:51:13 -07:00
Dan Hensby
d1075f29b8
Remove empty parameter as per feedback
2020-04-02 12:11:35 +01:00
Dan Hensby
9e0ed0a50a
Fix spaces around concatenation operator
2020-04-02 12:09:22 +01:00
Dan Hensby
5bf2ac83ee
Merge branch '4.5' into 4
2020-04-01 19:23:47 +01:00
Loz Calver
39fab1974a
Merge pull request #9435 from unclecheese/pulls/4.5/wha-diff
...
BUGFIX: Ensure diff arrays are one-dimensional
2020-04-01 09:16:20 +01:00
Matt Clegg
e80f1b2b83
[DOCS] Member::logInAs is not a valid example
...
Member::logInAs doesn't exist as a static function.
Additionally, `logInAs` does exist as a function in SapphireTest.php, so, should this be updated to also use `Member::actAs` for consistency?
2020-03-31 18:20:21 +05:45
mattclegg
24bc80ed35
[DOCS] Better debug text for errors generated by GridFieldDetailForm_ItemRequest
2020-03-31 12:09:16 +05:45
Daniel Hensby
1fb574a5bd
NEW: Variadic URL parameter matches for url_handlers ( #9438 )
...
* Add wildcard URL parameter matches for url_handlers
* Extra tests for wildcard parameters
* Add a PHP warning if more params appear after wildcard param
2020-03-25 09:16:13 +13:00
Michal Kleiner
30c3b127c1
NEW Add ClassInfo method to get all classes with a given extension applied
2020-03-24 10:48:35 +13:00
Robbie Averill
5002f514b3
FIX Capitalisation fixes in welcome back message ( #9439 )
2020-03-23 15:54:30 +13:00
Aaron Carlino
7ad5f1bb14
BUGFIX: Ensure diff arrays are one-dimensional
2020-03-17 15:57:28 +13:00
Robbie Averill
b6512edec8
Merge pull request #9434 from mattclegg/bugfix--silverstripe-admin--requirements
...
[BUGFIX] silverstripe/admin is not required to be installed
2020-03-16 09:48:39 -07:00
mattclegg
06dab6b539
[BUGFIX] silverstripe/admin is not required to be installed
...
If the silverstripe/admin module is not installed then the javascript/css requirements fail to load
2020-03-16 18:54:01 +05:45
Garion Herman
88660e6435
Merge pull request #9426 from creative-commoners/pulls/4.5/change-atomic-job-title
...
DOC Update atomic MigrationTask description
2020-03-16 15:19:33 +13:00
Ramon Lapenta
9c7eac481e
Add "option" to list elements that belong to "listbox"
...
The accessibility attribute `role="listbox"` requires its immediate children to be set as `role="option"`, currently they don't have this option and accessibility tests are failing.
2020-03-10 11:10:04 -06:00
Steve Boyd
667495eaf9
Merge branch '4.5' into 4
2020-03-06 10:53:28 +13:00
Steve Boyd
687435a2f1
Merge branch '4.4' into 4.5
2020-03-06 10:52:22 +13:00
Steve Boyd
6d6cc65927
Update description
2020-03-06 09:57:31 +13:00
UndefinedOffset
bba0f2f72f
BUGFIX: Fixed issue where TimeField_Readonly would only show "(not set)" instead of the value
2020-02-24 09:59:00 -04:00
Maxime Rainville
affd43052a
Merge branch '4.5' into 4
2020-02-17 18:11:23 +13:00
Maxime Rainville
acd7d94167
Merge branch '4.4' into 4.5
2020-02-17 13:07:26 +13:00
Maxime Rainville
49fda52b12
Merge pull request #94 from silverstripe-security/fix/cve-2019-19325
...
CVE-2019-1935
2020-02-17 12:54:40 +13:00
Serge Latyntcev
ad1b00ec7d
[CVE-2019-19325] XSS through non-scalar FormField attributes
...
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
Guy Marriott
c31de772ab
Merge pull request #8838 from creative-commoners/pulls/4/slash-means-root
...
Use '/' as an alternative designation for root in routing
2020-02-14 11:29:32 -08:00
Garion Herman
29943f9049
API TestSession request methods now use the correct HTTP method ( #8987 )
...
* API TestSession request methods now use the correct HTTP method
* DOCS Update requests section in Functional Testing to reflect API change
2020-02-14 16:01:06 +13:00
Garion Herman
9d1d59d8d1
NEW Accept / as designation for root URL controller
2020-02-14 14:41:10 +13:00
Steve Boyd
8c7e10bd55
Merge branch '4.5' into 4
2020-02-11 16:45:35 +13:00
Steve Boyd
9d5c3ef20e
Merge branch '4.4' into 4.5
2020-02-11 16:45:15 +13:00
Mojmir Fendek
285e6caafa
PR fixes
2020-02-11 10:43:01 +13:00
Mojmir Fendek
448147c2f1
PR fixes
2020-02-10 09:17:34 +13:00
Mojmir Fendek
660f80d284
PR fixes
2020-02-07 13:49:19 +13:00
mnuguid
ca36a47bb1
FIX Update ORM DBField types to use Injector in scaffoldFormField()
...
- This is usable in cases where a DBField is needed to be overloaded through the Injector.
2020-02-04 21:43:47 +13:00
Mojmir Fendek
99786dda22
ORM Column now supports related table lookup
2020-01-28 15:46:30 +13:00
Mojmir Fendek
9c38c5f625
CMS action related extension points ( #9340 )
...
* CMS action related extension points
* Refactor to use fewer extension points
* Remove explicit return type
Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
2020-01-27 15:09:15 +13:00
Maxime Rainville
6ff0f3f466
BUG The "Link existing" should be disabled rather than readonly.
2020-01-24 14:47:12 +13:00
Robbie Averill
4121099484
Merge branch '4.5' into 4
2020-01-16 20:00:02 -08:00
Robbie Averill
53fcd47dfc
Merge branch '4.4' into 4.5
2020-01-16 19:59:42 -08:00
Robbie Averill
26e3b6f4e3
Merge branch '4.3' into 4.4
2020-01-16 19:59:24 -08:00
Mojmir Fendek
acbbf80d14
CMS action related extension points ( #9340 )
...
* CMS action related extension points
* Refactor to use fewer extension points
* Remove explicit return type
Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
2020-01-15 14:24:49 +13:00
Robbie Averill
38d7bd700d
Merge pull request #9373 from manja/4.5
...
Fixed issue with merging existing entities in text collector
2020-01-14 09:27:35 -08:00
Martin D
ec6a353543
array_key_exists() on objects is deprecated
...
Ref: https://wiki.php.net/rfc/deprecations_php_7_4#array_key_exists_with_objects
2020-01-14 09:22:49 -08:00
Nemanja Karadzic
18f0829053
Fixed issue with merging existing entities in text collector
2020-01-14 14:20:40 +01:00
Garion Herman
af90d17e19
Merge pull request #9359 from open-sausages/pulls/4.4/dbhtmlvarchar-scafolding
...
BUG Remove bad default when scaffolding form field for DBHTMLVarchar
2020-01-07 09:33:25 +13:00
Maxime Rainville
31a8c16c43
Remove default row size
2020-01-07 09:13:03 +13:00
Loz Calver
a42249b6fc
Minor performance improvement in DatabaseAdapterRegistry::autoconfigure()
2019-12-19 14:39:46 +00:00
Serge Latyntcev
eaf6bca706
Merge branch '4.5' into 4
2019-12-19 11:26:38 +13:00
Maxime Rainville
8d69cf9f75
BUG Remove bad default when scaffolding form field for DBHTMLVarchar
2019-12-18 17:32:02 +13:00
Andre Kiste
6650d81324
BUG Fix extra blank Group being created when creating a new Group ( #9325 )
...
* Fix extra blank Group being created when creating a new Group
* Update tests to reflect expected behavior
* Improved tests
2019-11-27 09:32:33 +13:00
shoosah
2724d93111
Allow to add error message into a specific field
2019-11-22 11:03:27 +13:00
Loz Calver
453945da14
FIX: Session::restart() didn't correctly restart session ( fixes #9259 )
2019-11-20 14:21:30 +00:00
Serge Latyntcev
f67e15b8ee
Merge branch '4.5' into 4
2019-11-20 11:12:49 +13:00
Serge Latyntcev
91e4aa90f1
Merge branch '4.4' into 4.5
2019-11-20 11:09:23 +13:00
Serge Latyntcev
8219491705
Merge branch '4.3' into 4.4
2019-11-20 11:08:35 +13:00
Robbie Averill
77ccadd663
Merge pull request #9300 from LABCAT/patch-1
...
Improvement to docs for send_file function
2019-11-14 09:08:16 -08:00
Serge Latyntcev
559f660e0e
Merge branch '4.4' into 4
2019-11-13 15:40:34 +13:00
Mojmir Fendek
e2bea6b41f
API Add withConfig
method ( #9011 )
...
* With config functionality added.
* Update docs/en/02_Developer_Guides/04_Configuration/00_Configuration.md
2019-10-31 16:12:04 +13:00
Michal Kleiner
4f614423ad
Ensure Requirements_Backend respects explicit false for async/defer
2019-10-30 09:59:57 +13:00
Damian Mooyman
e76601e5c8
BUG FormAction title property cannot be set if useButtonTag is false
2019-10-29 17:21:45 +13:00
LABCAT
501d9a1480
Update HTTPRequest.php
2019-10-23 22:52:53 +13:00
LABCAT
630c6c0514
Update src/Control/HTTPRequest.php
...
Co-Authored-By: Robbie Averill <robbie@averill.co.nz>
2019-10-23 21:05:22 +13:00
Garion Herman
17f4cc6e30
Merge pull request #9281 from creative-commoners/pulls/4/textfield-tip-ui
...
NEW: Add support for Tip UI in TextField
2019-10-23 16:50:43 +13:00
Garion Herman
bed3f2b3c6
NEW Add type declarations to Tip API, add TippableFieldInterface
2019-10-23 10:46:22 +13:00
Garion Herman
195417b061
NEW Extract Tip from TextField, add test coverage
2019-10-22 17:04:58 +13:00
LABCAT
d3a17958ef
Update src/Control/HTTPRequest.php
...
Co-Authored-By: Robbie Averill <robbie@averill.co.nz>
2019-10-22 16:17:04 +13:00
LABCAT
67c944c962
Improvement to docs for send_file function
2019-10-22 15:18:03 +13:00
Serge Latyntsev
bd2ccf70fa
Merge pull request #9282 from open-sausages/pulls/4/docs/clarify-basic-auth
...
DOCS Clarify BasicAuth limitations
2019-10-22 14:01:51 +13:00
Maxime Rainville
e59625fe5a
NEW Add ability to define image size preset for the TinyMCE editor. ( #9276 )
...
* NEW Add ability to define image size preset for the TinyMCE editor.
* DOC Explain how to define image size pre-sets
2019-10-22 11:50:28 +13:00
Serge Latyntcev
33a28394d6
Merge branch '4.4' into 4
2019-10-18 15:59:28 +13:00
Serge Latyntcev
0cf5d4cbe2
Merge branch '4.3' into 4.4
2019-10-18 15:58:13 +13:00
Serge Latyntcev
46b9530d88
PSR2 linting fixes
2019-10-18 15:31:39 +13:00
Serge Latyntcev
7873efde9c
Merge branch '4.4' into 4
2019-10-18 10:58:19 +13:00
Serge Latyntcev
dcbe6d0310
Merge branch '4.3' into 4.4
2019-10-18 10:57:35 +13:00
Garion Herman
efc7ba9520
NEW Tweak TextField Tip API to match changes to component
2019-10-11 15:04:56 +13:00
Ingo Schommer
8dcda91538
DOCS Clarify BasicAuth limitations
2019-10-10 10:41:39 +13:00
Garion Herman
a44bc5bcf3
NEW Add support for Tip UI in TextField
...
See TextField documentation in silverstripe/admin Pattern Library
2019-10-09 16:26:06 +13:00
Damian Mooyman
d7752b7945
Run PSR2 Lint cleaner
2019-10-04 13:26:31 +13:00
Damian Mooyman
f1594fd991
BUG Ensure that canCreate() context matches that respected by GridFieldAddNewButton
2019-10-04 11:24:34 +13:00
Robbie Averill
4d5d7a34a1
NEW Add FilterInterface and retrofit into URLSegmentFilter
...
There are other filters in the core SilverStripe product, e.g. FileNameFilter in silverstripe/assets
which would benefit from having a common filter interface. This retrofits one for URLSegmentFilter
in framework. I have not added any PHP 7 syntax in method signatures to avoid breaking backwards
compatibility.
2019-10-04 10:51:24 +13:00
Robbie Averill
1265f09f4f
Merge pull request #9271 from michalkleiner/pulls/4/check-array-props-in-custom-methods
...
FIX Check array keys existence when removing methods in CustomMethods
2019-10-03 14:30:22 -07:00
Serge Latyntcev
7db524bd90
FIX DebugViewFrendlyErrorFormatter handle of admin_email
2019-10-04 10:26:54 +13:00
Robbie Averill
e49cec3a00
Merge pull request #9247 from jakxnz/pulls/4/record-login-attempt-outputs
...
ENHANCEMENT: MemberAuthenticator::recordLoginAttempt() outputs
2019-10-03 10:46:34 -07:00
Dylan Wagstaff
047ac060c4
Merge pull request #9265 from emteknetnz/feature/noopener
...
Add noopener attribute to links with a target
2019-10-03 14:42:50 +13:00
Steve Boyd
887f198b07
Add rel attribute to link elements with a target attribute
2019-10-03 14:03:12 +13:00
Damian Mooyman
58c080db5a
FEATURE Option placeholder for upload folder id ( #9262 )
...
* FEATURE Option placeholder for upload folder id
* ENHANCEMENT Add setFolderName() to TinyMCEConfig
* Typehint return type
* Add type to param
2019-09-30 10:50:55 +13:00
Michal Kleiner
1a2dbfd3a5
Update conditional logic when checking array keys before removing methods in CustomMethods
2019-09-30 10:17:59 +13:00
Michal Kleiner
52a039f631
Check array keys existence prior to their usage when removing methods in CustomMethods
2019-09-27 14:57:15 +12:00
JorisDebonnet
349589b23b
Clarify that $title in FormField can accept ViewableData
...
When constructing a FormField, an IDE would previously tell you the `$title` needs to be string (or null). Let's make it more clear that a ViewableData instance (such as `HTMLValue::create($title)`) is also accepted. This should help people more quickly find a solution to put html in labels.
2019-09-26 02:39:39 +02:00
Sam Minnée
af6644f762
Merge pull request #9240 from chrometoasters/pulls/db-readonly-transactions-support
...
NEW Introduce supported database transaction mode check
2019-09-25 10:02:53 +12:00
Serge Latyntcev
88fde6e7c3
Merge branch '4.4' into 4
2019-09-24 17:29:06 +12:00
Serge Latyntcev
50a1aa4c4d
Merge branch '4.3' into 4.4
2019-09-24 17:28:31 +12:00
Aaron Carlino
b002ef1171
Merge branch '4.4' into 4
2019-09-24 17:26:50 +12:00
Serge Latyntcev
8b7063a8e2
[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution
2019-09-24 16:03:48 +12:00
Serge Latyntcev
eccfa9b10d
[CVE-2019-12203] Session fixation in "change password" form
...
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 16:03:48 +12:00
Serge Latyntcev
5af205993d
[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution
2019-09-24 16:00:51 +12:00
Serge Latyntcev
569237c0f4
[CVE-2019-12203] Session fixation in "change password" form
...
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 16:00:51 +12:00
Jackson Darlow
a033662a3a
MemberAuthenticator::recordLoginAttempt() outputs
2019-09-24 14:24:59 +12:00
Garion Herman
0d27f32cc9
FIX Add 'legal empty attributes' to allow empty alt values on imgs
...
In some situations, a caption is used in place of a value in the alt
attribute, and in others an image may be cosmetic and not in need of an
alt attribute value (though the alt attribute must still be rendered in
this case).
2019-09-24 11:44:12 +12:00
Robbie Averill
3cfc21c405
Merge pull request #9241 from open-sausages/pulls/4.4.3/fix-file-permission
...
Fix administrators not being able to see files that are restricted to groups
2019-09-23 11:13:26 -07:00
Guy Marriott
aa7c057422
FIX: Don't force-add view button to readonly GridField (fixes #… ( #9254 )
...
FIX: Don't force-add view button to readonly GridField (fixes #9249 )
2019-09-23 10:31:25 -07:00
Loz Calver
efdb9cc718
FIX: run member CMS validator when editing via groups ( fixes #9184 )
2019-09-23 16:59:58 +01:00
Loz Calver
d85ff3bc44
FIX: Don't force-add view button to readonly GridField ( fixes #9249 )
2019-09-23 16:52:47 +01:00
bergice
6a1c6ecec6
Fix administrators not being able to see files that are restricted to groups
...
Resolves https://github.com/silverstripe/silverstripe-asset-admin/issues/777
2019-09-23 16:44:28 +12:00
Guy Marriott
6ff97821ed
Merge branch '4.4' into 4
2019-09-18 15:52:36 -07:00
Guy Marriott
7877ffcc85
Merge branch '4.3' into 4.4
2019-09-18 15:52:18 -07:00
Hayden Shaw
daf9d55ecb
Allow non summary fields to be used as export fields
...
Fixes regression in 3d989a6eae
.
2019-09-19 10:00:54 +12:00
Michal Kleiner
bcbf90a837
NEW Introduce supported database transaction mode check
2019-09-16 14:44:15 +12:00
Robbie Averill
aa6b244db9
Merge branch '4.4' into 4
2019-09-13 18:11:46 -07:00
Robbie Averill
592ab6abc1
Merge branch '4.3' into 4.4
2019-09-13 18:11:34 -07:00
Robbie Averill
066ce8e01c
Merge branch '4.2' into 4.3
...
# Conflicts:
# src/View/ThemeResourceLoader.php
2019-09-13 18:10:37 -07:00
Robbie Averill
cfe86ad5a1
Merge pull request #9153 from creative-commoners/pulls/4.4/stream-ree-tags
...
FIX Skip md5-ing the whole contents of a stream for etags
2019-09-13 17:59:26 -07:00
Robbie Averill
9a76d4adb4
Merge pull request #9181 from kinglozzer/8762-shortcode-templates
...
NEW: Use templates to render embed shortcodes (closes #8762 )
2019-09-13 17:58:32 -07:00
Serge Latyntsev
233e0e7aa0
ENH PasswordExpirationMiddleware implementation ( #9207 )
2019-09-12 14:34:06 +12:00
Aaron Carlino
da6582f593
NEW: Remove web installer, move to separate package ( #9231 )
...
* Remove installer
* Remove exposed install files
* Replace Dev/Install classes still in use
* Update changelog
* FIX make the grid field actions consistent to what they look like on pages
Resolves https://github.com/silverstripe/silverstripe-admin/issues/904
* Docs changes
2019-09-11 13:10:25 +12:00
Maxime Rainville
591b88a9bc
BUG Allow infinite loop when calling DataObject::writeComponent() recursively
2019-09-10 14:15:28 +12:00
Robbie Averill
e8c2f963fd
FIX Member::getLastName() now correctly returns the Member surname
2019-09-06 12:12:27 -07:00
Robbie Averill
41a766d135
Merge pull request #9085 from kinglozzer/9084-path-join-exception
...
Catch Path::join() exceptions in findTemplate() (fixes #9084 )
2019-09-06 12:00:39 -07:00
Robbie Averill
42dd02ef78
Merge pull request #9122 from aNickzz/4
...
Add onBeforeRenderHolder extension point for FormField
2019-09-06 11:53:10 -07:00
Hels666
22a6a5b1e3
NEW Add getLastName() method to Member.php ( #9222 )
...
* Add getLastName() method to Member.php
Add getLastName() method to Silverstripe\Security\Member.php to allow use of $LastName instead of $Surname in templates as it is a common mistake made
this is for issue #9219
as discussed in Slack on 04-Sep-2019
* Minor doc block clean-up
* Update src/Security/Member.php - typo fix
Co-Authored-By: Guy Marriott <guy@scopey.co.nz>
2019-09-06 20:31:22 +12:00
Maxime Rainville
dd40d53e6b
Merge branch '4.4' into 4
2019-09-04 09:46:33 +12:00
Maxime Rainville
24015c7767
Merge branch '4.3' into 4.4
2019-09-04 09:42:09 +12:00
Robbie Averill
aec5051a24
Merge pull request #9206 from creative-commoners/pulls/4.3/strip-bom-on-csv-import
...
FIX Byte Order Marks (BOM) are now stripped when importing CSV files
2019-09-03 09:55:38 -07:00
Damian Mooyman
6759af3767
Escape strings a bit safer for doc generation
2019-09-03 19:38:19 +12:00
Damian Mooyman
f649657182
Clarify Director::absoluteURL behaviour
...
Fixes #9111
2019-09-03 19:34:16 +12:00
Robbie Averill
ef49dcf726
Merge pull request #9164 from sminnee/fix-9162
...
FIX: Write relations when saving in grid-field item edit form
2019-09-01 20:44:13 -07:00
Maxime Rainville
a2a202c016
Merge pull request #9200 from open-sausages/pulls/4.4.3/consistent-actions
...
FIX make the grid field actions consistent to what they look like on pages
2019-09-02 14:07:22 +12:00
bergice
2f8d847a10
FIX make the grid field actions consistent to what they look like on pages
...
Resolves https://github.com/silverstripe/silverstripe-admin/issues/904
2019-09-02 12:22:32 +12:00
Robbie Averill
0b991cc039
Merge pull request #9198 from elabuwa/pulls/4.3/bug-fix-html-entities-breadcrumbs-in-group
...
Bug : Add html_entity_decode to group parents
2019-08-30 09:51:52 +12:00
Dileep Ratnayake
fe4eb5dd2a
Update src/Security/Group.php
...
Co-Authored-By: Maxime Rainville <maxime@rainville.me>
2019-08-29 15:44:41 +12:00
Robbie Averill
77ba8391c4
FIX Byte Order Marks (BOM) are now stripped when importing CSV files
2019-08-29 14:54:57 +12:00
Maxime Rainville
73f43c6f42
BUG Remove placeholder text on new group form
2019-08-28 17:14:19 +12:00
Dileep Ratnayake
9b7075ed5d
Update Group.php
2019-08-27 16:22:00 +12:00
Dileep Ratnayake
a976a1688b
Update Group.php
...
move to private method
2019-08-27 16:21:08 +12:00
Dileep Ratnayake
40e5c4ec59
Update Group.php
...
use of convert::raw2xml, rename $grp to $group
2019-08-27 16:19:40 +12:00
Dileep Ratnayake
4f8240bd48
Update src/Security/Group.php
...
Co-Authored-By: Andre Kiste <bergice@users.noreply.github.com>
2019-08-27 12:19:03 +12:00
Will Rossiter
d2a07b1047
FIX Remove error when exporting a column that is not displayed in a GridField
2019-08-27 11:54:31 +12:00
Dileep Ratnayake
f7a602137a
add html_entity_decode to breadcrumbs
2019-08-27 11:49:17 +12:00
Loz Calver
759601741d
NEW: Use templates to render embed shortcodes ( closes #8762 )
2019-08-21 09:32:16 +01:00
Robbie Averill
a5d6b998fc
Merge branch '4.4' into 4
2019-08-16 16:40:39 +12:00
Robbie Averill
bae7e32680
FIX Member::changePassword() no longer applies password validation rules to the hashed value
2019-08-16 09:06:07 +12:00
Robbie Averill
45f86658ca
Merge branch '4.4' into 4
2019-08-14 09:31:05 +12:00
Robbie Averill
4b44272367
Merge branch '4.3' into 4.4
2019-08-14 09:30:53 +12:00
Robbie Averill
d63e4b520c
Merge branch '4.2' into 4.3
2019-08-14 09:30:41 +12:00
Nicholas Sorokin
4a32b3418a
Add onBeforeRenderHolder extension point for FormField
2019-08-09 14:43:14 +09:30