silverstripe/silverstripe-framework

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Jan 31, 2012

BUGFIX Casting return values on text helper methods in StringField, T… …
```
…ext, Varchar
```
1 15e9e059e5 Browse code

chillu authored January 31, 2012
BUGFIX: Don't break CMS tree if HTML gets into MenuTitle …
```
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@77826 467b73ca-7a2a-4603-9d3b-597d59a354a9
```
acf9e01f61 Browse code

sminnee authored May 26, 2009 chillu committed January 31, 2012
SECURITY Sanitize messages passed to generated JS calls in FormRespon… …
```
…se::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages
```
475e0772a2 Browse code

chillu authored January 31, 2012

Oct 18, 2011

BUGFIX Respecting SSViewer::$options["rewriteHashlinks"] in SSViewer:… …
```
…:process()
```
bdd63913bc Browse code

chillu authored October 18, 2011
MINO Switching 'rewriteHashlinks' sanitization from Convert::raw2att(… …
```
…) to strip_tags() to make the resulting PHP more portable when mode is set to 'php'
```
fbe8b7bec3 Browse code

chillu authored October 18, 2011
ENHANCEMENT Added SSViewer::getOption() as a logical counterpart to S… …
```
…SViewer::setOption()
```
8113e9ce84 Browse code

chillu authored October 17, 2011

BUGFIX Escaping base URLs for anchor links rewritten by SSViewer::pro… …

…cess() with the 'rewriteHashlinks' option enabled (which is a framework default, and necessary because of the use of a <base> tag). Also added escaping for base URLs rendered through the 'php' variation of 'rewriteHashlinks'

52a895fbb2 Browse code

chillu authored October 17, 2011

BUGFIX Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN thro… …
```
…ugh TreeMultiselectField (in Member->getCMSFields()) by checking for admin groups in Member->onChangeGroups()
```
5bc0d008e9 Browse code

chillu authored March 09, 2011

Sep 15, 2011

BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()… …
```
…->addslashes() or PHP's deprecated addslashes() for database escaping
```
6d6c294ae3 Browse code

chillu authored September 15, 2011
SECURITY Backporting MySQLDatabase->addslashes() to use mysql_real_es… …
```
…cape_string() instead of the non-multibyte-safe addslashes() PHP function, and using it in Convert::raw2sql()
```
ca7878453f Browse code

chillu authored September 15, 2011

Feb 21, 2011

MINOR Added deprecated SapphireTest->assertType() in order to support… …
```
… PHPUnit 3.5 or newer, but stay backwards compatible to PHPUnit 3.4

Conflicts:

	dev/SapphireTest.php
```
b37836ffa1 Browse code

chillu authored February 21, 2011

Feb 07, 2011

MINOR Fixing image links in docs/en/tutorials/

e527e54494 Browse code

chillu authored February 07, 2011
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chi… …
```
…llu/silverstripe-doc-restructuring)
```
e2267a0728 Browse code

chillu authored February 07, 2011

Feb 02, 2011

BUGFIX #6291 Remove rollback action from CMSMain allowed_actions and … …

…rely on form action_rollback instead which is safer (from r115440)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@115919 467b73ca-7a2a-4603-9d3b-597d59a354a9

a96e5a7dd5 Browse code

halkyon authored January 31, 2011 sminnee committed February 02, 2011

BUGFIX Checking for existence of FormAction in Form->httpSubmission()… …

… to avoid bypassing $allowed_actions definitions in controllers containing this form

BUGFIX Checking for $allowed_actions in Form class, through Form->httpSubmission() (from r115182)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@115191 467b73ca-7a2a-4603-9d3b-597d59a354a9

e1742760c0 Browse code

chillu authored December 20, 2010 sminnee committed February 02, 2011

BUGFIX Disallow web access to sapphire/silverstripe_version to avoid … …

…information leakage (from r114773)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114776 467b73ca-7a2a-4603-9d3b-597d59a354a9

459a524388 Browse code

chillu authored December 09, 2010 sminnee committed February 02, 2011

BUGFIX Avoid potential referer leaking in Security->changepassword() … …

…form by storing Member->AutoLoginHash in session instead of 'h' GET parameter (from r114758)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114763 467b73ca-7a2a-4603-9d3b-597d59a354a9

061d2ecc0e Browse code

chillu authored December 09, 2010 sminnee committed February 02, 2011

BUGFIX: Fixed CSRF warning in image form after selecting a folder. (f… …
```
…rom r80237)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114741 467b73ca-7a2a-4603-9d3b-597d59a354a9
```
5b0ecd913f Browse code

chillu authored December 09, 2010 sminnee committed February 02, 2011

BUGFIX Escaping $locale values in Translatable->augmentSQL() in addit… …

…ion to the i18n::validate_locale() input validation (from r114515) (from r114516)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114517 467b73ca-7a2a-4603-9d3b-597d59a354a9

bed7d8cee6 Browse code

chillu authored December 05, 2010 sminnee committed February 02, 2011

BUGFIX Limiting usage of mcrypt_create_iv() in RandomGenerator->gener… …

…ateEntropy() to *nix platforms to avoid fatal errors (specically in IIS) (from r114510) (from r114512)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114513 467b73ca-7a2a-4603-9d3b-597d59a354a9

51e55681f4 Browse code

chillu authored December 05, 2010 sminnee committed February 02, 2011

BUGFIX Using RandomGenerator class in Member->logIn(), Member->autoLo… …

…gin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of 'RememberLoginToken' and 'AutoLoginHash' fields to 1024 characters to support longer token strings. (from r114504) (from r114507)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114509 467b73ca-7a2a-4603-9d3b-597d59a354a9

a7c8de9bdf Browse code

chillu authored December 05, 2010 sminnee committed February 02, 2011

BUGFIX Using RandomGenerator class in SecurityToken->generate() for m… …

…ore random tokens (from r114500)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114502 467b73ca-7a2a-4603-9d3b-597d59a354a9

0fb19f2884 Browse code

chillu authored December 05, 2010 sminnee committed February 02, 2011

ENHANCEMENT Added RandomGenerator for more secure CRSF tokens etc. (f… …

…rom r114497) (from r114499)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114501 467b73ca-7a2a-4603-9d3b-597d59a354a9

67af64f484 Browse code

chillu authored December 05, 2010 sminnee committed February 02, 2011

BUGFIX Removing quotes from test data in RestfulServiceTest, it gives… …

… different results depending on magic_quotes_gpc setting on PHP configuration (merged from r80132).

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114266 467b73ca-7a2a-4603-9d3b-597d59a354a9

0e5d48fa6a Browse code

fb3rasp authored November 29, 2010 sminnee committed February 02, 2011

API CHANGE Using Controller::join_links() to construct links in Compl… …

…exTableField and TableListField (partially merged from r88495, r96775)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113321 467b73ca-7a2a-4603-9d3b-597d59a354a9

2d1d5363c8 Browse code