silverstripe-framework/forms
Ingo Schommer 0bae1826bb FIX Opt-out pf form message escaping (fixes #2796)
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.
2014-08-22 09:08:55 +12:00
..
AjaxUniqueTextField.php Merged from branches/2.3 2009-03-10 22:08:52 +00:00
AutocompleteTextField.php API CHANGE Deprecated AutocompleteTextField, use third-party solutions 2011-02-02 14:19:33 +13:00
CheckboxField.php Fix empty $messageBlock on CheckboxFields 2013-12-11 16:17:30 +01:00
CheckboxSetField.php MINOR Fixed documentation in CheckboxSetField (fixes #6068, thanks paradigmincarnate) 2011-02-02 14:19:54 +13:00
ComplexTableField.php FIX Opt-out pf form message escaping (fixes #2796) 2014-08-22 09:08:55 +12:00
CompositeField.php BUGFIX Setting brokenOnConstruct to FALSE in CompositeField::__construct() - it skips a constructor, hence breaking request handling (and therefore direct field access through /Form/Field/MyCompositeField/FieldHolder 2009-07-06 21:48:12 +00:00
ConfirmedPasswordField.php MINOR Code formatting change in ConfirmedPasswordField::__construct() 2011-02-02 14:20:05 +13:00
CountryDropdownField.php Merged changes from 2.3 branch 2009-02-01 23:49:53 +00:00
CreditCardField.php MINOR Unified @package PHPdoc (added where missing, removed duplicates) 2008-06-15 13:33:53 +00:00
CurrencyField.php BUGFIX CurrencyField doesn't accept negative value (#5769, thanks simon_w) 2011-02-02 14:19:42 +13:00
CustomRequiredFields.php BUGFIX Validator/RequiredFields should not regard "0" as an empty value 2011-02-02 14:19:43 +13:00
DatalessField.php MINOR merged branches/2.3 into trunk 2008-12-04 22:38:32 +00:00
DateField.php BUGFIX DateField wrong datepicker-%s.js path (fixes #6296, thanks martijn) 2011-02-02 14:20:07 +13:00
DatetimeField.php BUGFIX Respecting field specific locale settings in DatetimeField and DateField when validating and saving values (fixes #5931, thanks Tjofras) 2011-02-02 14:19:50 +13:00
DisabledTransformation.php MINOR Unified @package PHPdoc (added where missing, removed duplicates) 2008-06-15 13:33:53 +00:00
DropdownField.php MINOR Cross-referencing some documentation 2011-02-02 14:19:40 +13:00
EmailField.php BUGFIX RFC 2822 compliant validation of email adresses in EmailField->jsValidation() and EmailField->validate() (fixes #6067, thanks paradigmincarnate) 2011-02-02 14:19:55 +13:00
FieldGroup.php MINOR Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc 2011-02-02 14:19:38 +13:00
FieldSet.php MINOR Reverted r105264, breaks CompositeFieldTest, FieldSetTest, TranslatableTest 2011-02-02 14:19:27 +13:00
FileField.php MINOR Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc 2011-02-02 14:19:38 +13:00
FileIFrameField.php MINOR: change the requirement's link to use current protocol (we don't want messages from browsers saying the page has unsecured content, when accessing the CMS over SSL) 2011-02-02 14:19:57 +13:00
Form.php FIX Opt-out pf form message escaping (fixes #2796) 2014-08-22 09:08:55 +12:00
FormAction.php MINOR Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc 2011-02-02 14:19:38 +13:00
FormField.php FIX Opt-out pf form message escaping (fixes #2796) 2014-08-22 09:08:55 +12:00
FormScaffolder.php BUGFIX: column and table names now quoted properly 2011-02-02 14:18:59 +13:00
FormTransformation.php Reverted r78129 2009-06-01 23:09:03 +00:00
GroupedDropdownField.php MINOR Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc 2011-02-02 14:19:38 +13:00
HasManyComplexTableField.php MINOR Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc 2011-02-02 14:19:38 +13:00
HasOneComplexTableField.php MINOR Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc 2011-02-02 14:19:38 +13:00
HeaderField.php BUGFIX Removed 'name' attribute from HeaderField markup - its invalid HTML to put in <h*> elements (#4623) 2009-10-17 00:01:55 +00:00
HiddenField.php MINOR: added $extraClass of a hidden field to its rendered html 2009-06-19 01:36:09 +00:00
HtmlEditorConfig.php MINOR Fixed phpdoc documentation (from r103385) 2011-02-02 14:19:15 +13:00
HtmlEditorField.php BUGFIX Removing "typography" class from HTMLEditorField container (should just apply to the contained <iframe>) (fixes #5949) 2011-02-02 14:19:49 +13:00
ImageField.php MINOR Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc 2011-02-02 14:19:38 +13:00
ImageFormAction.php MINOR Using jquery.live instead of livequery on ImageFormAction.js 2011-02-02 14:18:55 +13:00
InlineFormAction.php Merged from branches/2.3 2009-04-28 23:52:15 +00:00
LabelField.php BUGFIX: removed name attribute from label fields since this is invalid html. Ticket: #4887. PATCH via tobych 2011-02-02 14:18:09 +13:00
LanguageDropdownField.php BUGFIX Filter both 'available' and 'new' languages in LanguageDropdownField for canTranslate() permissions 2009-10-05 20:40:22 +00:00
ListboxField.php MINOR Cross-referencing some documentation 2011-02-02 14:19:40 +13:00
LiteralField.php MINOR Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc 2011-02-02 14:19:38 +13:00
LookupField.php Merged changes from 2.3 branch 2009-02-01 23:49:53 +00:00
ManyManyComplexTableField.php BUGFIX Fixed quoting and GROUP BY statement in ManyManyComplexTableField->getQuery() for Postgres compatibility 2011-02-02 14:19:53 +13:00
MoneyField.php BUGFIX Passing $name in MoneyField->FieldCurrency() (fixes #5982, thanks andersw) 2011-02-02 14:19:49 +13:00
NestedForm.php MINOR phpdoc documentation 2009-03-22 22:59:14 +00:00
NullableField.php MINOR Fixed phpdoc documentation (from r103385) 2011-02-02 14:19:15 +13:00
NumericField.php BUGFIX NumericField javascript does not accept negatives, make use of isNaN built-in javascript function instead of custom regex 2011-02-02 14:19:44 +13:00
OptionsetField.php MINOR Cross-referencing some documentation 2011-02-02 14:19:40 +13:00
PasswordField.php Merged from branches/2.3 2009-04-28 23:55:53 +00:00
PhoneNumberField.php Merged changes from 2.3 branch 2009-02-01 23:49:53 +00:00
PrintableTransformation.php MINOR Unified @package PHPdoc (added where missing, removed duplicates) 2008-06-15 13:33:53 +00:00
ReadonlyField.php MINOR Documentation 2009-03-10 15:03:34 +00:00
ReadonlyTransformation.php MINOR Unified @package PHPdoc (added where missing, removed duplicates) 2008-06-15 13:33:53 +00:00
RequiredFields.php BUGFIX Better checking of file validity (#6093) Thanks Pigeon 2011-02-02 14:19:59 +13:00
ResetFormAction.php Merged from branches/2.3 2009-04-28 23:55:53 +00:00
RestrictedTextField.php MINOR Pushed @deprecated 2.3 items out to 2.5 since they're still in use for now 2011-02-02 14:18:46 +13:00
ScaffoldingComplexTableField.php API CHANGE: Renamed conflicting classes to have an "SS_" namespace, and renamed existing "SS" namespace to "SS_". The affected classes are: HTTPRequest, HTTPResponse, Query, Database, SSBacktrace, SSCli, SSDatetime, SSDatetimeTest, SSLog, SSLogTest, SSLogEmailWriter, SSLogErrorEmailFormatter, SSLogErrorFileFormatter, SSLogFileWriter and SSZendLog. 2009-10-26 03:06:31 +00:00
SelectionGroup.php ENHANCEMENT Using jquery.live instead of livequery for SelectionGroup.js 2011-02-02 14:18:55 +13:00
SimpleImageField.php MINOR Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc 2011-02-02 14:19:38 +13:00
Tab.php MINOR Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc 2011-02-02 14:19:38 +13:00
TableField.php BUGFIX Removing overloaded TableField->sourceItems() method, which enables features of the underlying TableListField implementation, such as pagination and source item caching (fixed #5965, thanks martijn) 2011-02-02 14:19:53 +13:00
TableListField.php BUGFIX #6299 TableListField::Link() includes $action value twice (thanks ajshort!) 2011-02-02 14:20:06 +13:00
TabSet.php MINOR Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc 2011-02-02 14:19:38 +13:00
TabularStyle.php (merged from branches/roa. use "svn log -c <changeset> -g <module-svn-path>" for detailed commit message) 2008-08-06 06:54:59 +00:00
TextareaField.php MINOR Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc 2011-02-02 14:19:38 +13:00
TextField.php FEATURE New DatetimeField class (form field wrapper composed of DateField andTimeField) 2011-02-02 14:18:38 +13:00
TimeField.php ENHANCEMENT Added class to time icon in TimeField so it can be styled 2011-02-02 14:19:38 +13:00
ToggleCompositeField.php MINOR Updated paths from jsparty to sapphire/thirdparty, cms/thirdparty and sapphire/javascript 2011-02-02 14:17:52 +13:00
ToggleField.php MINOR Updated paths from jsparty to sapphire/thirdparty, cms/thirdparty and sapphire/javascript 2011-02-02 14:17:52 +13:00
TreeDropdownField.php FIX Auto-escape titles in TreeDropdownField 2013-09-24 14:28:28 +02:00
TreeMultiselectField.php MINOR Cross-referencing some documentation 2011-02-02 14:19:40 +13:00
TreeSelectorField.php MINOR Updated paths from jsparty to sapphire/thirdparty, cms/thirdparty and sapphire/javascript 2011-02-02 14:17:52 +13:00
UniqueRestrictedTextField.php MINOR Pushed @deprecated 2.3 items out to 2.5 since they're still in use for now 2011-02-02 14:18:46 +13:00
UniqueTextField.php Merged from branches/2.3 2009-03-10 22:08:52 +00:00
Validator.php BUGFIX: Validator::requiredField() should check the required field submitted value is an array before check strlen(). Some fields submitted as an array, e.g. MoneyField 2011-02-02 14:19:46 +13:00