silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00

History

Ingo Schommer 46064f8f88 SECURITY More solid relative/site URL checks (related to "BackURL" redirection) Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL) More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes		2012-10-16 10:17:07 +02:00
..
control	SECURITY More solid relative/site URL checks (related to "BackURL" redirection)	2012-10-16 10:17:07 +02:00
model	BUG Fix to prevent unintended results from getComponentsQuery(...)	2012-09-14 18:25:29 +03:00
ArrayData.php	ENHANCEMENT: added getter to get array back out of an ArrayData instance. MINOR: updated docblocks in ArrayData	2011-02-02 14:19:39 +13:00
ArrayLib.php	ENHANCEMENT Use array_combine() instead of custom logic for ArrayLib::valuekey() (thanks paradigmincarnate!)	2011-02-02 14:19:35 +13:00
ClassInfo.php	ENHANCEMENT #5977 Added optional argument to ClassInfo::getValidSubClasses() and removed harcoded SiteTree	2011-02-02 14:19:49 +13:00
Convert.php	ENHANCEMENT: html2raw now properly replace strong tag with asterix #5494	2011-02-02 14:19:37 +13:00
Cookie.php	BUGFIX Cookies set to a value other than NULL (effectively unsetting the cookie) will now use the httpOnly parameter by default for better XSS protection (from r101045)	2011-02-02 14:19:00 +13:00
Core.php	Changes error reporting level to explicitly exclude E_DREPRECATED and E_STRICT, rather than xor.	2011-08-26 16:12:57 +12:00
Extension.php	API CHANGE: Extension no longer inherits from Object.	2009-08-11 08:35:14 +00:00
HTTP.php	BUGFIX: added optional separator for http_build_query in HTTP:setGetVar(). this fixes sorting columns in ModelAdmin (ticket #5325 ).	2011-02-02 14:19:12 +13:00
i18n.php	BUGFIX i18n::include_by_locale() assumes a themes directory always exists and causes error if that's not the case. Some projects don't require any themes, like pure applications.	2011-09-28 15:27:51 +13:00
i18nEntityProvider.php	Merged changes from 2.3 branch	2009-02-01 23:49:53 +00:00
i18nTextCollector.php	ENHANCEMENT Allowing i18nTextCollector to discover entities in templates stored in themes/ directory (thanks nlou) (from r113918)	2011-02-02 14:20:01 +13:00
i18nTextCollectorTask.php	MINOR Unified permission control for i18nTextCollectorTask, TaskRunner, TestRunner, ModelViewer, DevelopmentAdmin, TestViewer, MigrateTranslatableTask	2009-09-10 01:49:56 +00:00
ManifestBuilder.php	Adds missing semicolon for PHP5.4 support.	2011-08-26 16:11:06 +12:00
Object.php	BUGFIX #5337 : Allow decoration of DataObject	2011-02-02 14:19:11 +13:00
Requirements.php	ENHANCEMENT: in referencing a file in combine_files() it should fall back to standard requirement tags if combining has been disabled eg dev mode	2011-02-02 14:19:33 +13:00
Session.php	ENHANCEMENT Allow setting secure session cookies when using SSL. Recent change r114567 made this impossible. (thanks simon_w!) (from r114900)	2011-02-02 14:20:06 +13:00
SSViewer.php	MINOR fixed array to string conversion to avoid PHP 5.4 warnings	2012-08-15 11:40:40 -05:00
TokenisedRegularExpression.php	Merged in parent::__construct() additions from branches/2.3 - r83580 and r83587	2009-09-18 03:02:19 +00:00
ValidationException.php	MINOR phpdoc documentation	2009-03-22 22:59:14 +00:00
ValidationResult.php	MINOR Removed message alteration from ValidationResult->error() to make it more predictable for string matching in unit tests like SecurityTest	2011-02-02 14:18:25 +13:00
ViewableData.php	MINOR Using SecurityToken in ViewableData->getSecurityID()	2011-02-02 14:19:58 +13:00