/silverstripe-framework

Permalink
Switch branches/tags
4.1.0 4.1.0-rc2 4.1.0-rc1 4.0.3 4.0.2 4.0.1 4.0.0 4.0.0-rc3 4.0.0-rc2 4.0.0-rc1 4.0.0-beta4 4.0.0-beta3 4.0.0-beta2 4.0.0-beta1 4.0.0-alpha7 4.0.0-alpha6 4.0.0-alpha5 4.0.0-alpha4 4.0.0-alpha3 4.0.0-alpha2 4.0.0-alpha1 3.6.5 3.6.4 3.6.3 3.6.2 3.6.2-beta1 3.6.1 3.6.1-alpha2 3.6.0 3.6.0-rc1 3.6.0-beta2 3.6.0-beta1 3.5.7 3.5.6 3.5.5 3.5.5-beta1 3.5.4 3.5.4-rc1 3.5.3 3.5.3-rc1 3.5.2 3.5.2-rc1 3.5.1 3.5.1-rc2 3.5.1-rc1 3.5.0 3.5.0-rc3 3.5.0-rc2 3.5.0-rc1 3.4.6 3.4.6-rc2 3.4.6-rc1 3.4.5 3.4.5-rc1 3.4.4 3.4.4-rc1 3.4.3 3.4.3-rc1 3.4.2 3.4.1 3.4.1-rc2 3.4.1-rc1 3.4.0 3.4.0-rc1 3.3.4 3.3.3 3.3.3-rc2 3.3.3-rc1 3.3.2 3.3.2-rc1 3.3.1 3.3.1-rc2 3.3.1-rc1 3.3.0 3.3.0-rc3 3.3.0-rc2 3.3.0-rc1 3.3.0-beta1 3.2.6 3.2.5 3.2.5-rc2 3.2.5-rc1 3.2.4 3.2.4-rc1 3.2.3 3.2.3-rc2 3.2.3-rc1 3.2.2 3.2.2-rc2 3.2.2-rc1 3.2.1 3.2.1-rc2 3.2.1-rc1 3.2.0 3.2.0-rc2 3.2.0-rc1 3.2.0-beta2 3.2.0-beta1 3.1.21 3.1.20
Nothing to show
Commits on Jan 31, 2012

  1. BUGFIX Casting return values on text helper methods in StringField, T…

    @chillu
    chillu committed Jan 31, 2012 
    …ext, Varchar
    1
    15e9e05

  2. BUGFIX: Don't break CMS tree if HTML gets into MenuTitle

    @sminnee @chillu
    sminnee authored and chillu committed May 26, 2009 
    git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@77826 467b73ca-7a2a-4603-9d3b-597d59a354a9
    acf9e01

  3. SECURITY Sanitize messages passed to generated JS calls in FormRespon…

    @chillu
    chillu committed Jan 31, 2012 
    …se::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages
    475e077
Commits on Oct 18, 2011

  1. BUGFIX Respecting SSViewer::$options["rewriteHashlinks"] in SSViewer:…

    @chillu
    chillu committed Oct 18, 2011 
    …:process()
    bdd6391

  2. MINO Switching 'rewriteHashlinks' sanitization from Convert::raw2att(…

    @chillu
    chillu committed Oct 18, 2011 
    …) to strip_tags() to make the resulting PHP more portable when mode is set to 'php'
    fbe8b7b

  3. ENHANCEMENT Added SSViewer::getOption() as a logical counterpart to S…

    @chillu
    chillu committed Oct 17, 2011 
    …SViewer::setOption()
    8113e9c

  4. BUGFIX Escaping base URLs for anchor links rewritten by SSViewer::pro…

    @chillu
    chillu committed Oct 17, 2011 
    …cess() with the 'rewriteHashlinks' option enabled (which is a framework default, and necessary because of the use of a <base> tag). Also added escaping for base URLs rendered through the 'php' variation of 'rewriteHashlinks'
    52a895f

  5. BUGFIX Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN thro…

    @chillu
    chillu committed Mar 9, 2011 
    …ugh TreeMultiselectField (in Member->getCMSFields()) by checking for admin groups in Member->onChangeGroups()
    5bc0d00
Commits on Sep 15, 2011

  1. BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()…

    @chillu
    chillu committed Sep 15, 2011 
    …->addslashes() or PHP's deprecated addslashes() for database escaping
    6d6c294

  2. SECURITY Backporting MySQLDatabase->addslashes() to use mysql_real_es…

    @chillu
    chillu committed Sep 15, 2011 
    …cape_string() instead of the non-multibyte-safe addslashes() PHP function, and using it in Convert::raw2sql()
    ca78784
Commits on Feb 21, 2011

  1. MINOR Added deprecated SapphireTest->assertType() in order to support…

    @chillu
    chillu committed Feb 21, 2011 
    … PHPUnit 3.5 or newer, but stay backwards compatible to PHPUnit 3.4

Conflicts:

	dev/SapphireTest.php
    b37836f
Commits on Feb 7, 2011

  1. MINOR Fixing image links in docs/en/tutorials/

    @chillu
    chillu committed Feb 7, 2011
    e527e54

  2. ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chi…

    @chillu
    chillu committed Feb 7, 2011 
    …llu/silverstripe-doc-restructuring)
    e2267a0
Commits on Feb 2, 2011

  1. BUGFIX #6291 Remove rollback action from CMSMain allowed_actions and …

    @halkyon @sminnee
    halkyon authored and sminnee committed Jan 31, 2011 
    …rely on form action_rollback instead which is safer (from r115440)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@115919 467b73ca-7a2a-4603-9d3b-597d59a354a9
    a96e5a7

  2. BUGFIX Checking for existence of FormAction in Form->httpSubmission()…

    @chillu @sminnee
    chillu authored and sminnee committed Dec 20, 2010 
    … to avoid bypassing $allowed_actions definitions in controllers containing this form

BUGFIX Checking for $allowed_actions in Form class, through Form->httpSubmission() (from r115182)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@115191 467b73ca-7a2a-4603-9d3b-597d59a354a9
    e174276

  3. BUGFIX Disallow web access to sapphire/silverstripe_version to avoid …

    @chillu @sminnee
    chillu authored and sminnee committed Dec 9, 2010 
    …information leakage (from r114773)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114776 467b73ca-7a2a-4603-9d3b-597d59a354a9
    459a524

  4. BUGFIX Avoid potential referer leaking in Security->changepassword() …

    @chillu @sminnee
    chillu authored and sminnee committed Dec 9, 2010 
    …form by storing Member->AutoLoginHash in session instead of 'h' GET parameter (from r114758)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114763 467b73ca-7a2a-4603-9d3b-597d59a354a9
    061d2ec

  5. BUGFIX: Fixed CSRF warning in image form after selecting a folder. (f…

    @chillu @sminnee
    chillu authored and sminnee committed Dec 9, 2010 
    …rom r80237)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114741 467b73ca-7a2a-4603-9d3b-597d59a354a9
    5b0ecd9

  6. BUGFIX Escaping $locale values in Translatable->augmentSQL() in addit…

    @chillu @sminnee
    chillu authored and sminnee committed Dec 5, 2010 
    …ion to the i18n::validate_locale() input validation (from r114515) (from r114516)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114517 467b73ca-7a2a-4603-9d3b-597d59a354a9
    bed7d8c

  7. BUGFIX Limiting usage of mcrypt_create_iv() in RandomGenerator->gener…

    @chillu @sminnee
    chillu authored and sminnee committed Dec 5, 2010 
    …ateEntropy() to *nix platforms to avoid fatal errors (specically in IIS) (from r114510) (from r114512)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114513 467b73ca-7a2a-4603-9d3b-597d59a354a9
    51e5568

  8. BUGFIX Using RandomGenerator class in Member->logIn(), Member->autoLo…

    @chillu @sminnee
    chillu authored and sminnee committed Dec 5, 2010 
    …gin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of 'RememberLoginToken' and 'AutoLoginHash' fields to 1024 characters to support longer token strings. (from r114504) (from r114507)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114509 467b73ca-7a2a-4603-9d3b-597d59a354a9
    a7c8de9

  9. BUGFIX Using RandomGenerator class in SecurityToken->generate() for m…

    @chillu @sminnee
    chillu authored and sminnee committed Dec 5, 2010 
    …ore random tokens (from r114500)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114502 467b73ca-7a2a-4603-9d3b-597d59a354a9
    0fb19f2

  10. ENHANCEMENT Added RandomGenerator for more secure CRSF tokens etc. (f…

    @chillu @sminnee
    chillu authored and sminnee committed Dec 5, 2010 
    …rom r114497) (from r114499)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114501 467b73ca-7a2a-4603-9d3b-597d59a354a9
    67af64f

  11. BUGFIX Removing quotes from test data in RestfulServiceTest, it gives…

    Rainer Spittel @sminnee
    Rainer Spittel authored and sminnee committed Nov 29, 2010 
    … different results depending on magic_quotes_gpc setting on PHP configuration (merged from r80132).

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114266 467b73ca-7a2a-4603-9d3b-597d59a354a9
    0e5d48f

  12. API CHANGE Using Controller::join_links() to construct links in Compl…

    @chillu @sminnee
    chillu authored and sminnee committed Nov 1, 2010 
    …exTableField and TableListField (partially merged from r88495, r96775)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113321 467b73ca-7a2a-4603-9d3b-597d59a354a9
    2d1d536

  13. BUGFIX: Fixed Controller::join_links() handling of fragment identifie…

    @chillu @sminnee
    chillu authored and sminnee committed Nov 1, 2010 
    …rs (merged from r104580)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113319 467b73ca-7a2a-4603-9d3b-597d59a354a9
    09d25b0

  14. MINOR Using SecurityToken in ViewableData->getSecurityID() (from r113…

    @chillu @sminnee
    chillu authored and sminnee committed Nov 1, 2010 
    …274)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113312 467b73ca-7a2a-4603-9d3b-597d59a354a9
    452a8f8

  15. ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the…

    @chillu @sminnee
    chillu authored and sminnee committed Nov 1, 2010 
    … existing disableSecurityToken() (from r113284)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113305 467b73ca-7a2a-4603-9d3b-597d59a354a9
    7aa32c0

  16. MINOR Reverted commented out code (regression from r113293)

    @chillu @sminnee
    chillu authored and sminnee committed Nov 1, 2010 
    git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113303 467b73ca-7a2a-4603-9d3b-597d59a354a9
    af92845

  17. BUGFIX Clear static marking caches on Hierarchy->flushCache() (from r…

    @chillu @sminnee
    chillu authored and sminnee committed Nov 1, 2010 
    …113277)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113302 467b73ca-7a2a-4603-9d3b-597d59a354a9
    75bd92d

  18. BUGFIX Fixed ComplexTableField and TableListField GET actions against…

    @chillu @sminnee
    chillu authored and sminnee committed Nov 1, 2010 
    … CSRF attacks (with Form_SecurityToken->checkRequest()) (from r113276)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113301 467b73ca-7a2a-4603-9d3b-597d59a354a9
    2627281

  19. MINOR Fixed HTTPRequest class usage (regression from r113293)

    @chillu @sminnee
    chillu authored and sminnee committed Nov 1, 2010 
    git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113298 467b73ca-7a2a-4603-9d3b-597d59a354a9
    79bc6d5

  20. API CHANGE Added security token to TableListField->Link() in order to…

    @chillu @sminnee
    chillu authored and sminnee committed Nov 1, 2010 
    … include it in all URL actions automatically. This ensures that field actions bypassing Form->httpSubmission() still get CSRF protection (from r113275)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113297 467b73ca-7a2a-4603-9d3b-597d59a354a9
    b305ea0

  21. BUGFIX Using current controller for MemberTableField constructor in G…

    @chillu @sminnee
    chillu authored and sminnee committed Nov 1, 2010 
    …roup->getCMSFields() instead of passing in a wrong instance (Group) (from r113273)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113294 467b73ca-7a2a-4603-9d3b-597d59a354a9
    2cc957a

  22. ENHANCEMENT Added SecurityToken to wrap CSRF protection via "Security…

    @chillu @sminnee
    chillu authored and sminnee committed Nov 1, 2010 
    …ID" request parameter (from r113272)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113293 467b73ca-7a2a-4603-9d3b-597d59a354a9
    9fff91d