Skip to content
Commits on Feb 18, 2013
  1. @chillu

    Updated changelog

    chillu committed
Commits on Feb 17, 2013
  1. @chillu

    Add ContentController->handleWidget() to $allowed_actions

    chillu committed
    Required by recent $allowed_actions security fix
  2. @chillu

    BUGFIX Keep Member.PasswordEncryption setting on empty passwords

    chillu committed
    This will prevent empty passwords to set the encryption to 'none',
    which in turn will store any subsequent password changes in cleartext.
    Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
  3. @chillu

    Improved docs on $allowed_actions

    chillu committed
    Added section to "Controllers" and "Form" topics,
    added $allowed_actions definitions to all controller examples
  4. @chillu

    BUG Undefined `$allowed_actions` overrides parent definitions, strict…

    chillu committed
    …er handling of $allowed_actions on Extension
    
    Controller (and subclasses) failed to enforce $allowed_action restrictions
    on parent classes if a child class didn't have it explicitly defined.
    
    Controllers which are extended with $allowed_actions (through an Extension)
    now deny access to methods defined on the controller, unless this class also has them in its own
    $allowed_actions definition.
Commits on Feb 15, 2013
  1. @chillu
Commits on Feb 12, 2013
  1. @halkyon

    Merge pull request #1181 from chillu/pulls/showtemplate-admin

    halkyon committed
    API Require ADMIN for ?showtemplate=1 (2.4)
  2. @chillu
Commits on Jan 11, 2013
  1. @oddnoc @chillu

    Update documentation of nginx configuration

    oddnoc committed with chillu
    - Avoid using "if" to check for file existence (use try_files instead)
    - Replicate the behavior of the .htaccess files
    - TODO: get static error pages to work
Commits on Jan 6, 2013
  1. @chillu

    Copying request params before Core.php exec in PHPUnit bootstrap

    chillu committed
    Same behaviour as with 3.0 bootstrap.php and the
    2.4 cli-script.php (which it is based on).
    This allows to use GET switches which are evaluated in _config.php
    files, e.g. db=<db-alias> settings for running tests
    with various DBs without changing the underlying PHP config.
Commits on Dec 4, 2012
  1. @chillu

    2.4.9 changelog

    chillu committed
  2. @chillu
  3. @chillu

    Support for composer-created themes dir structure

    chillu committed
    Due to git limitations, we can't check out the blackcandy
    "parent" theme into themes/blackcandy/ directly, since that
    would require sharing paths with git repositories of other themes.
  4. @chillu

    Fixed DateTest timezone settings

    chillu committed
    Backport from 3.x, see d1a9e2b and 0aeda5c
Commits on Nov 30, 2012
  1. @chillu

    Merge pull request #977 from simonwelsh/rename-Transliterator

    chillu committed
    API Rename Transliterator to SS_Transliterator to remove conflict with Intl extension
Commits on Nov 28, 2012
  1. @simonwelsh
  2. @chillu

    Excluded or removed tests relying on actual webserver routing

    chillu committed
    The "sanitychecks" group excludes through phpunit.xml.dist.
    Removed RestfulService->testHttpErrorWithoutCache()
    since its not sufficiently isolated in terms of testing.
    Has been refactored in 3.x, but too intrusive to backport.
    
    Changes mainly necessary to get Travis builds passing,
    since we don't want to start mucking around with
    dynamically generated file-to-url mappings just to
    get *unit* tests passing - as opposed to integration-testing
    the whole environment incl. webserver.
Commits on Nov 9, 2012
  1. @chillu
  2. @chillu

    Added README with build status

    chillu committed
  3. @chillu

    Added travis support

    chillu committed
  4. @mateusz @chillu

    API Hash autologin tokens before storing in the database.

    mateusz committed with chillu
    Backported from 3.0, cc423c3.
Commits on Nov 1, 2012
  1. @chillu

    Added composer.json

    chillu committed
Commits on Oct 30, 2012
  1. @chillu

    Changelogs

    chillu committed
Commits on Oct 16, 2012
  1. @chillu

    Merge pull request #881 from simonwelsh/2.4-5.4-fixes

    chillu committed
    Minor PHP5.4 fixes
  2. @simonwelsh

    Minor PHP5.4 fixes

    simonwelsh committed
    Explictly excludes E_STRICT from live error level and handle arrays in a backtrace
    output, rather than trying to convert to string.
  3. @chillu

    BUGFIX Don't' set 'Referer' header in FunctionalTest->get()/post() if…

    chillu committed
    … its explicitly passed to the method
  4. @chillu

    SECURITY More solid relative/site URL checks (related to "BackURL" re…

    chillu committed
    …direction)
    
    Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)
    
    More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
Commits on Oct 5, 2012
  1. @chillu

    Merge pull request #850 from willmorgan/patch-2

    chillu committed
    Fixed grammatical error for Form.FIELDISREQUIRED
  2. @willmorgan
Commits on Sep 18, 2012
  1. @chillu

    Merge pull request #797 from stozze/2.4-bugfix

    chillu committed
    BUGFIX Fix to prevent unintended results from getComponentsQuery(...)
Commits on Sep 14, 2012
  1. @stozze

    BUG Fix to prevent unintended results from getComponentsQuery(...)

    stozze committed
    Wrapped $filter inside parentheses to prevent unintended results if $filter contains "OR".
Commits on Aug 16, 2012
  1. @chillu

    Merge pull request #722 from sonet/2.4

    chillu committed
    MINOR fixed array to string conversion to avoid PHP 5.4 warnings
Commits on Aug 15, 2012
  1. @sonet
Commits on Aug 8, 2012
  1. @wilr
Commits on May 14, 2012
  1. @chillu
Something went wrong with that request. Please try again.