tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
21791e4114
silverstripe-framework/core/control
History
Ingo Schommer 46064f8f88 SECURITY More solid relative/site URL checks (related to "BackURL" redirection) 
Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)

More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
2012-10-16 10:17:07 +02:00
..
ContentController.php BUGFIX ContentController::SiteConfig() should look to the SiteTree record so an alternate SiteConfig is considered, if this method doesn't exist on the data record then fall back to the default SiteConfig 2011-02-02 14:19:53 +13:00
ContentNegotiator.php BUGFIX Fixed ContentNegotiator to handle HTML and XHTML base tags properly when converting, regression from r108413 2011-02-02 14:19:42 +13:00
Controller.php BUGFIX: Added condition to avoid error creating "PastMember" cookie on dev/build (ticket #5780) Thanks simon_w 2011-02-02 14:19:41 +13:00
Director.php SECURITY More solid relative/site URL checks (related to "BackURL" redirection) 2012-10-16 10:17:07 +02:00
FormResponse.php SECURITY: Ensure javascript content type is sent in form responses. If content type is html, and the javascript contains script tags within the content, this content will be executed. 2012-05-03 17:08:08 +02:00
HTTPRequest.php BUGFIX: prevented HTTPRequest->shift() throwing notices when shifting multiple elements. APICHANGE: SS_HTTPRequest->shift($multiple) no longer returns an array of size $multiple spaced with nulls, it returns an array up to the size of $multiple. 2011-02-02 14:19:33 +13:00
HTTPResponse.php ENHANCEMENT Added SS_HTTPResponse->setStatusDescription() as equivalent to setStatusCode(). Added documentation. 2011-02-02 14:20:02 +13:00
ModelAsController.php BUGFIX: When finding an old page in the 404 handler, favour existing subpages over historical ones. 2011-02-02 14:19:21 +13:00
NestedController.php MINOR Unified @package PHPdoc (added where missing, removed duplicates) 2008-06-15 13:33:53 +00:00
RequestHandler.php BUGFIX Checking for existence of FormAction in Form->httpSubmission() to avoid bypassing $allowed_actions definitions in controllers containing this form 2011-02-02 14:20:06 +13:00
RootURLController.php API CHANGE Removed deprecated function RootURLController::get_homepage_urlsegment(), please use RootURLController::get_homepage_link() instead! 2011-02-02 14:18:46 +13:00
SilverStripeNavigatorItem.php SECURITY Escape links for SilverStripeNavigatorItem 2012-01-31 15:55:30 +01:00