-
BUGFIX Casting return values on text helper methods in StringField, T…
chillu committedJan 31, 2012 …ext, Varchar
-
BUGFIX: Don't break CMS tree if HTML gets into MenuTitle
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@77826 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
SECURITY Sanitize messages passed to generated JS calls in FormRespon…
chillu committedJan 31, 2012 …se::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages
-
BUGFIX Respecting SSViewer::$options["rewriteHashlinks"] in SSViewer:…
chillu committedOct 18, 2011 …:process()
-
MINO Switching 'rewriteHashlinks' sanitization from Convert::raw2att(…
chillu committedOct 18, 2011 …) to strip_tags() to make the resulting PHP more portable when mode is set to 'php'
-
ENHANCEMENT Added SSViewer::getOption() as a logical counterpart to S…
chillu committedOct 17, 2011 …SViewer::setOption()
-
BUGFIX Escaping base URLs for anchor links rewritten by SSViewer::pro…
chillu committedOct 17, 2011 …cess() with the 'rewriteHashlinks' option enabled (which is a framework default, and necessary because of the use of a <base> tag). Also added escaping for base URLs rendered through the 'php' variation of 'rewriteHashlinks'
-
BUGFIX Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN thro…
chillu committedMar 9, 2011 …ugh TreeMultiselectField (in Member->getCMSFields()) by checking for admin groups in Member->onChangeGroups()
-
BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()…
chillu committedSep 15, 2011 …->addslashes() or PHP's deprecated addslashes() for database escaping
-
SECURITY Backporting MySQLDatabase->addslashes() to use mysql_real_es…
chillu committedSep 15, 2011 …cape_string() instead of the non-multibyte-safe addslashes() PHP function, and using it in Convert::raw2sql()
-
MINOR Added deprecated SapphireTest->assertType() in order to support…
chillu committedFeb 21, 2011 … PHPUnit 3.5 or newer, but stay backwards compatible to PHPUnit 3.4 Conflicts: dev/SapphireTest.php
-
MINOR Fixing image links in docs/en/tutorials/
chillu committedFeb 7, 2011 -
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chi…
chillu committedFeb 7, 2011
-
BUGFIX #6291 Remove rollback action from CMSMain allowed_actions and …
…rely on form action_rollback instead which is safer (from r115440) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@115919 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
BUGFIX Checking for existence of FormAction in Form->httpSubmission()…
… to avoid bypassing $allowed_actions definitions in controllers containing this form BUGFIX Checking for $allowed_actions in Form class, through Form->httpSubmission() (from r115182) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@115191 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
BUGFIX Disallow web access to sapphire/silverstripe_version to avoid …
…information leakage (from r114773) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114776 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
BUGFIX Avoid potential referer leaking in Security->changepassword() …
…form by storing Member->AutoLoginHash in session instead of 'h' GET parameter (from r114758) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114763 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
BUGFIX: Fixed CSRF warning in image form after selecting a folder. (f…
…rom r80237) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114741 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
BUGFIX Escaping $locale values in Translatable->augmentSQL() in addit…
…ion to the i18n::validate_locale() input validation (from r114515) (from r114516) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114517 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
BUGFIX Limiting usage of mcrypt_create_iv() in RandomGenerator->gener…
…ateEntropy() to *nix platforms to avoid fatal errors (specically in IIS) (from r114510) (from r114512) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114513 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
BUGFIX Using RandomGenerator class in Member->logIn(), Member->autoLo…
…gin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of 'RememberLoginToken' and 'AutoLoginHash' fields to 1024 characters to support longer token strings. (from r114504) (from r114507) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114509 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
BUGFIX Using RandomGenerator class in SecurityToken->generate() for m…
…ore random tokens (from r114500) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114502 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
ENHANCEMENT Added RandomGenerator for more secure CRSF tokens etc. (f…
…rom r114497) (from r114499) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114501 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
BUGFIX Removing quotes from test data in RestfulServiceTest, it gives…
… different results depending on magic_quotes_gpc setting on PHP configuration (merged from r80132). git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114266 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
API CHANGE Using Controller::join_links() to construct links in Compl…
…exTableField and TableListField (partially merged from r88495, r96775) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113321 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
BUGFIX: Fixed Controller::join_links() handling of fragment identifie…
…rs (merged from r104580) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113319 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
MINOR Using SecurityToken in ViewableData->getSecurityID() (from r113…
…274) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113312 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the…
… existing disableSecurityToken() (from r113284) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113305 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
MINOR Reverted commented out code (regression from r113293)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113303 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
BUGFIX Clear static marking caches on Hierarchy->flushCache() (from r…
…113277) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113302 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
BUGFIX Fixed ComplexTableField and TableListField GET actions against…
… CSRF attacks (with Form_SecurityToken->checkRequest()) (from r113276) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113301 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
MINOR Fixed HTTPRequest class usage (regression from r113293)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113298 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
API CHANGE Added security token to TableListField->Link() in order to…
… include it in all URL actions automatically. This ensures that field actions bypassing Form->httpSubmission() still get CSRF protection (from r113275) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113297 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
BUGFIX Using current controller for MemberTableField constructor in G…
…roup->getCMSFields() instead of passing in a wrong instance (Group) (from r113273) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113294 467b73ca-7a2a-4603-9d3b-597d59a354a9
-
ENHANCEMENT Added SecurityToken to wrap CSRF protection via "Security…
…ID" request parameter (from r113272) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113293 467b73ca-7a2a-4603-9d3b-597d59a354a9