tonyair/silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00

Go to file

Ingo Schommer 0bae1826bb FIX Opt-out pf form message escaping (fixes #2796 )

This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.

2014-08-22 09:08:55 +12:00

MINOR Setting Content-Type to text/plain in various error responses for RestfulServer (from r114750)

2011-02-02 14:20:05 +13:00

MINOR: updated typo in comment for Cache.

2011-02-02 14:19:58 +13:00

MINOR Cleaned up tabbing and code formatting in automated task classes

2011-02-02 14:18:42 +13:00

MINOR Fixed spelling mistake in ConfigureFromEnv class documentation

2011-02-02 14:19:10 +13:00

BUG: Stop undefined error for $reEnableFilter being thrown

2014-01-21 08:39:46 +13:00

MINOR: Fixed an empty utility container adding extra padding to the bottom of table fields.

2011-02-13 15:54:05 +11:00

Removed php5.2 incompatible syntax

2014-05-05 14:05:38 +12:00

Added 2.4.13 changelog

2013-09-26 01:11:59 +02:00

BUGFIX: Applied/edited paradigmincarnate's patch to quote plaintext email with htmlEmail (#5120 )

2011-02-02 14:19:41 +13:00

ENHANCEMENT Added File.ShowInSearch flag to mirror the existing SiteTree.ShowInSearch flag - e.g. useful to limit visibility of user-uploaded files. Enforced in MySQLDatabase->searchEngine().

2011-09-15 16:13:02 +02:00

FIX Opt-out pf form message escaping (fixes #2796 )

2014-08-22 09:08:55 +12:00

Less trademark-encumbered doc icons (fixed #1787 )

2013-04-30 00:41:58 +02:00

MINOR Corrected Geoip entries for ex-Yugoslavia ... better late than never

2012-03-30 09:51:21 +02:00

Removed profanity

2011-08-22 18:33:25 +10:00

Fixed grammatical error for Form.FIELDISREQUIRED

2012-10-05 18:04:38 +02:00

MINOR: Fix links etc, and remove www. from SS urls

2011-02-02 14:19:46 +13:00

MINOR Fixed phpdoc documentation

2011-02-02 14:19:15 +13:00

BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping

2011-09-15 14:43:34 +02:00

FIX Opt-out pf form message escaping (fixes #2796 )

2014-08-22 09:08:55 +12:00

BUGFIX Fixed MigrateSiteTreeLinkingTask not working correctly when CLRF newlines being used

2011-03-22 16:44:39 +13:00

MINOR: Only show the CTF utility bar if there are utilities available.

2011-02-13 15:54:05 +11:00

FIX Opt-out pf form message escaping (fixes #2796 )

2014-08-22 09:08:55 +12:00

Removed profanity

2011-08-22 18:33:25 +10:00

Revert "BUGFIX: sort order of widgets is now fixed."

2011-02-02 14:19:46 +13:00

_config.php

BUGFIX EMAIL_BOUNCEHANDLER_KEY cannot be defined

2011-02-02 14:19:43 +13:00

_register_database.php

MINOR: repair installer for sqlite

2011-02-02 14:19:48 +13:00

.htaccess

BUGFIX Disallow web access to sapphire/silverstripe_version to avoid information leakage (from r114773)

2011-02-02 14:20:05 +13:00

.travis.yml

BUG Allow PHPUnit installation with composer / Fix travis

2014-05-02 18:25:54 +12:00

cli-script.php

BUGFIX Fixed spelling error of $databaseConfig in cli-script.php causing database configuration to not load (thanks aimcom!)

2011-02-02 14:19:35 +13:00

composer.json

MINOR Use composer @stable for PHPUnit

2014-05-09 16:40:49 +12:00

main.php

Split Core.php into Constants.php and Core.php and adjust main.php startup

2013-07-22 14:02:37 +12:00

main.php5

MINOR phpdoc documentation

2009-03-22 22:59:14 +00:00

Makefile

BUGFIX: Removed references to php5 binary in Makefile

2011-02-02 14:19:22 +13:00

README.md

Updated github path

2013-05-17 00:35:28 +02:00

sake

ENHANCEMENT Making "sake" script more portable by using "/usr/bin/env" shebang instead of "/bin/bash" (fixes #6045 , thanks sychan)

2011-02-02 14:19:54 +13:00

silverstripe_version

API CHANGE silverstripe_version file now contains the plain version number, rather than an SVN path

2012-02-01 18:54:59 +01:00

static-main.php

BUGFIX Bypass static caching through static-main.php when GET or POST parameters are set (regression from 2.3 API, fixes #5519 , thanks ktauber)

2011-02-02 14:19:19 +13:00

web.config

BUGFIX Disallow web access to sapphire/silverstripe_version to avoid information leakage (from r114773)

2011-02-02 14:20:05 +13:00

README.md

SilverStripe Framework (a.k.a "sapphire")