tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
4,790 Commits 31 Branches 527 Tags 162 MiB
PHP 99.4%
Scheme 0.5%
0bae1826bb
Go to file
Ingo Schommer 0bae1826bb FIX Opt-out pf form message escaping (fixes #2796) 
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.
2014-08-22 09:08:55 +12:00
api MINOR Setting Content-Type to text/plain in various error responses for RestfulServer (from r114750) 2011-02-02 14:20:05 +13:00
cache MINOR: updated typo in comment for Cache. 2011-02-02 14:19:58 +13:00
cli MINOR Cleaned up tabbing and code formatting in automated task classes 2011-02-02 14:18:42 +13:00
conf MINOR Fixed spelling mistake in ConfigureFromEnv class documentation 2011-02-02 14:19:10 +13:00
core BUG: Stop undefined error for $reEnableFilter being thrown 2014-01-21 08:39:46 +13:00
css MINOR: Fixed an empty utility container adding extra padding to the bottom of table fields. 2011-02-13 15:54:05 +11:00
dev Removed php5.2 incompatible syntax 2014-05-05 14:05:38 +12:00
docs Added 2.4.13 changelog 2013-09-26 01:11:59 +02:00
email BUGFIX: Applied/edited paradigmincarnate's patch to quote plaintext email with htmlEmail (#5120) 2011-02-02 14:19:41 +13:00
filesystem ENHANCEMENT Added File.ShowInSearch flag to mirror the existing SiteTree.ShowInSearch flag - e.g. useful to limit visibility of user-uploaded files. Enforced in MySQLDatabase->searchEngine(). 2011-09-15 16:13:02 +02:00
forms FIX Opt-out pf form message escaping (fixes #2796) 2014-08-22 09:08:55 +12:00
images Less trademark-encumbered doc icons (fixed #1787) 2013-04-30 00:41:58 +02:00
integration MINOR Corrected Geoip entries for ex-Yugoslavia ... better late than never 2012-03-30 09:51:21 +02:00
javascript Removed profanity 2011-08-22 18:33:25 +10:00
lang Fixed grammatical error for Form.FIELDISREQUIRED 2012-10-05 18:04:38 +02:00
parsers MINOR: Fix links etc, and remove www. from SS urls 2011-02-02 14:19:46 +13:00
profiler MINOR Fixed phpdoc documentation 2011-02-02 14:19:15 +13:00
search BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping 2011-09-15 14:43:34 +02:00
security FIX Opt-out pf form message escaping (fixes #2796) 2014-08-22 09:08:55 +12:00
tasks BUGFIX Fixed MigrateSiteTreeLinkingTask not working correctly when CLRF newlines being used 2011-03-22 16:44:39 +13:00
templates MINOR: Only show the CTF utility bar if there are utilities available. 2011-02-13 15:54:05 +11:00
tests FIX Opt-out pf form message escaping (fixes #2796) 2014-08-22 09:08:55 +12:00
thirdparty Removed profanity 2011-08-22 18:33:25 +10:00
widgets Revert "BUGFIX: sort order of widgets is now fixed." 2011-02-02 14:19:46 +13:00
_config.php BUGFIX EMAIL_BOUNCEHANDLER_KEY cannot be defined 2011-02-02 14:19:43 +13:00
_register_database.php MINOR: repair installer for sqlite 2011-02-02 14:19:48 +13:00
.htaccess BUGFIX Disallow web access to sapphire/silverstripe_version to avoid information leakage (from r114773) 2011-02-02 14:20:05 +13:00
.travis.yml BUG Allow PHPUnit installation with composer / Fix travis 2014-05-02 18:25:54 +12:00
cli-script.php BUGFIX Fixed spelling error of $databaseConfig in cli-script.php causing database configuration to not load (thanks aimcom!) 2011-02-02 14:19:35 +13:00
composer.json MINOR Use composer @stable for PHPUnit 2014-05-09 16:40:49 +12:00
main.php Split Core.php into Constants.php and Core.php and adjust main.php startup 2013-07-22 14:02:37 +12:00
main.php5 MINOR phpdoc documentation 2009-03-22 22:59:14 +00:00
Makefile BUGFIX: Removed references to php5 binary in Makefile 2011-02-02 14:19:22 +13:00
README.md Updated github path 2013-05-17 00:35:28 +02:00
sake ENHANCEMENT Making "sake" script more portable by using "/usr/bin/env" shebang instead of "/bin/bash" (fixes #6045, thanks sychan) 2011-02-02 14:19:54 +13:00
silverstripe_version API CHANGE silverstripe_version file now contains the plain version number, rather than an SVN path 2012-02-01 18:54:59 +01:00
static-main.php BUGFIX Bypass static caching through static-main.php when GET or POST parameters are set (regression from 2.3 API, fixes #5519, thanks ktauber) 2011-02-02 14:19:19 +13:00
web.config BUGFIX Disallow web access to sapphire/silverstripe_version to avoid information leakage (from r114773) 2011-02-02 14:20:05 +13:00

README.md

SilverStripe Framework (a.k.a "sapphire")

Build Status