Roman Schmid
798a1158d6
Added missing route to SubsiteXHRController
for SilverStripe 3.2 compatibility.
2015-10-28 10:39:21 +01:00
Damian Mooyman
3bcaa48d67
Update translations
2015-08-20 12:47:37 +12:00
Daniel Hensby
ce3f8c9060
Merge pull request #191 from wernerkrauss/patch-1
...
Wrong edit link in SubsitesVirtualPage
2015-07-22 13:39:44 +01:00
wernerkrauss
996abfcc58
Wrong edit link in SubsitesVirtualPage
...
In SS3.1 we have /admin/pages for cms, was still old link.
2015-06-17 16:30:56 +02:00
Damian Mooyman
601e174b34
Merge pull request #190 from assertchris/3.2-compat
...
3.2 compat changes
2015-06-09 11:12:45 +12:00
Christopher Pitt
750cdbcff9
3.2 compat changes
2015-06-09 10:50:43 +12:00
Damian Mooyman
bfc70f9b06
Fix subsites to use correct permissions
...
See http://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability
Conflicts:
tests/SiteTreeSubsitesTest.php
2015-04-30 22:34:28 +12:00
Ingo Schommer
c18a0a266f
Adjusted tests to new SiteTree->canCreate() logic in 3.1.11+
...
Checks SiteConfig permissions by default now
2015-04-30 22:34:28 +12:00
Ingo Schommer
999c115961
Merge pull request #173 from dhensby/master
...
Adding .editorconfig
2015-04-30 19:51:48 +12:00
Damian Mooyman
c389f36eda
Merge pull request #184 from unclecheese/patch-2
...
MINOR: Update documentation to have more clarity around risks/benefits
2015-03-25 11:43:03 +13:00
unclecheese
2d4d35b1a7
MINOR: Update documentation to have more clarity around risks/benefits
2015-03-25 10:07:12 +13:00
Sean Harvey
d701afcb61
Merge pull request #183 from tractorcow/pulls/1.0/update-test-permissions
...
Fix subsites to use correct permissions
2015-03-23 14:58:11 +13:00
Damian Mooyman
2595d655cb
Fix subsites to use correct permissions
...
See http://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability
2015-03-23 14:35:52 +13:00
Daniel Hensby
831a918f8d
Merge pull request #181 from tractorcow/pulls/3.2-compat
...
Use 3.2 compatible API
2015-02-24 16:52:56 +00:00
Damian Mooyman
73e0202dec
Merge pull request #180 from micmania1/fix-unnecessary-redirect
...
FIX: Removed unnecessary redirect.
2015-02-24 14:52:11 +13:00
Damian Mooyman
5b9af35566
Use 3.2 compatible API
2015-02-24 09:34:34 +13:00
Damian Mooyman
e6c8dff7be
Merge remote-tracking branch 'origin/1.0'
...
Conflicts:
.travis.yml
code/extensions/LeftAndMainSubsites.php
composer.json
2015-02-24 09:12:38 +13:00
micmania1
3ca2861c2d
FIX: Removed unnecessary redirect. This is early enough in the script that the correct subsite will be used from hereon.
2015-02-17 01:13:56 +00:00
Damian Mooyman
ebebff248f
Merge pull request #172 from dnadesign/redirect_fix_between_CMS_sections
...
redirect_fix_between_CMS_sections
2015-02-09 09:44:43 +13:00
Daniel Hensby
6d6667aa08
Adding .editorconfig
2014-12-04 15:48:23 +00:00
John Milmine
91591a3752
redirect_fix_between_CMS_sections
...
previously if you were editing settings and you changed subsites ti would revert you to /admin, now it stays within your current controller
2014-11-24 15:32:05 +13:00
James Cocker
498d6e0619
Fixes #135 : LeftAndMain switching between subsites
...
When trying to switch to a different subsite from a page's editing view, it wouldn't switch. This was partly due to a $record always existing due to the homepage fallback on currentPageID : https://github.com/silverstripe/silverstripe-cms/blob/3.1/code/controllers/CMSMain.php#L816
So as currentPage() couldn't actually be used to test for the existance of a current page, I've added in a check for isset($this->owner->urlParams['ID']).
I've also moved the check for $_GET['SubsiteID’] which indicated a forced subsite switch (eg. via the dropdown switcher) above the check for a current page, as it should take precedence, and it wasn't being run when both conditions matched causing the subsite not to change.
Tested changing subsites from /admin/pages, from page edit view, from a page edit URL, and from other CMS sections such as Files and Security, and all seems to be working perfectly now.
2014-11-24 15:25:53 +13:00
Will Rossiter
0520b57f84
Merge pull request #145 from purplespider/patch-2
...
Fixes #135 : LeftAndMain switching between subsites
2014-11-24 15:11:12 +13:00
Damian Mooyman
b6f59741d6
Update master-alias to follow stable release versioning
2014-11-19 14:12:34 +13:00
Damian Mooyman
bf747f98be
Update translations
2014-11-19 12:09:52 +13:00
Damian Mooyman
533c7fae8d
Merge pull request #163 from unclecheese/patch-1
...
Update subsites caveat to align more with other references.
2014-10-06 11:05:45 +13:00
unclecheese
8acc4a230a
Update subsites caveat to align more with other references.
...
e.g. here https://www.cwp.govt.nz/about/how-does-cwp-work/
Rewording of subsites caveat
2014-10-06 10:59:58 +13:00
Sean Harvey
62f47628e3
Merge pull request #158 from tractorcow/pulls/0.5/compat
...
Fix composer and travis to framework 3.1
2014-08-27 09:23:21 +12:00
Damian Mooyman
71e3b9db2d
Fix composer and travis to framework 3.1
2014-08-27 09:14:52 +12:00
Sean Harvey
4203a707bc
Fixing travis for 3.1 builds
2014-08-27 09:06:16 +12:00
Sean Harvey
ba6cb193b7
Merge pull request #157 from tractorcow/pulls/0.6/branch
...
BUG Fix incompatibility with framework 3.2
2014-08-26 18:06:40 +12:00
Damian Mooyman
a97b0d33eb
BUG Fix incompatibility with framework 3.2
2014-08-26 11:42:50 +12:00
Sean Harvey
ffe6c34565
Merge pull request #156 from wecodenl/master
...
Bugfix for urls with %27 in the url
2014-08-23 11:57:43 +12:00
Juul Hobert
2e32eab6ae
Bugfix for urls with %28 in the url
2014-08-22 13:21:18 +02:00
Damian Mooyman
25c0341715
Updated translations
2014-08-21 14:48:48 +12:00
Damian Mooyman
b19e86e402
Update translations
2014-08-21 14:16:12 +12:00
Sean Harvey
f27ba9094b
Updating translations
2014-08-20 09:05:37 +12:00
Sean Harvey
e5ea8ebc35
Merge pull request #155 from shoaibali/master
...
Removed hard coding of HTTP protocol
2014-08-19 09:16:48 +12:00
Shoaib Ali
1f2cb4380d
Removed hard coding of HTTP protocol
2014-08-18 21:03:52 +12:00
Damian Mooyman
a3b2be734f
Merge pull request #154 from halkyon/irrelevant_permission_removal
...
Removing unused permission SUBSITE_ASSETS_CREATE_SUBSITE
2014-08-18 11:50:43 +12:00
Sean Harvey
1477155653
Removing unused permission SUBSITE_ASSETS_CREATE_SUBSITE
...
This isn't used, according to the description it would limit the list
of subsites you can choose to apply a File/Folder to. However, this
dropdown is shown to the user based on whether they have access to
that subsite, so this unused permission code isn't needed.
2014-08-18 11:31:03 +12:00
Mateusz Uzdowski
07257ddc79
Fix minor styling issue with a list.
2014-08-15 13:29:03 +12:00
Damian Mooyman
71b5842f79
Merge pull request #153 from silverstripe-rebelalliance/plat100
...
NEW: Adding more user documentation with a FAQ
2014-08-14 17:08:26 +12:00
Kirk Mayo
8fe6c045fa
NEW: Adding more user documentation with a FAQ
2014-08-14 15:37:48 +12:00
Sean Harvey
ccf125a4d6
Merge pull request #151 from stojg/pull/prevent-xss-attacks
...
Security: XSS can be injected in the group edit view
2014-08-01 10:51:38 +12:00
Stig Lindqvist
bd5bd877fd
Security: XSS can be injected in the group edit view
2014-08-01 10:48:44 +12:00
Damian Mooyman
f75c501e0d
Merge pull request #150 from silverstripe-elliot/docs/setup
...
PLAT-63 update documentation for disallowed page types
2014-07-23 15:33:44 +12:00
Elliot Sawyer
1ac46b60b0
PLAT-63 update documentation for disallowed page types
2014-07-23 15:29:36 +12:00
Mateusz U
4b54951e9e
Merge pull request #149 from silverstripe-elliot/SubDomain-XSS
...
Sanitise domain name field
2014-07-16 16:18:22 +12:00
Elliot Sawyer
205754854c
Sanitise domain name field to prevent XSS attack on the CMS
...
PWC identified an issue with the subsites module that would allow someone with authenticated access to attack other CMS users, such as "stealing the session ID and hijacking an authenticated user's session".
I can't imagine a case where HTML would ever be allowed in the subdomain of a website, so it's a good practice to strip it out anyway.
Steps to reproduce the original issue:
1. Enter a subsite name and mark as the default site.
2. Add a new domain named <script>alert(2)</script> and mark it as primary
3. Switch to the new subsite.
4. Make a new Page. This will execute a javascript alert containing "2".
MINOR update documentation for onBeforeWrite()
MINOR add @property attributes into docblock
2014-07-16 15:43:05 +12:00