Commits on Oct 16, 2012
  1. @chillu

    BUGFIX Don't' set 'Referer' header in FunctionalTest->get()/post() if…

    … its explicitly passed to the method
    chillu committed May 4, 2012
  2. @chillu

    SECURITY More solid relative/site URL checks (related to "BackURL" re…

    …direction)
    
    Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)
    
    More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
    chillu committed May 4, 2012
Commits on Oct 5, 2012
  1. @chillu

    Merge pull request #850 from willmorgan/patch-2

    Fixed grammatical error for Form.FIELDISREQUIRED
    chillu committed Oct 5, 2012
  2. @willmorgan
Commits on Sep 18, 2012
  1. @chillu

    Merge pull request #797 from stozze/2.4-bugfix

    BUGFIX Fix to prevent unintended results from getComponentsQuery(...)
    chillu committed Sep 17, 2012
Commits on Sep 14, 2012
  1. @stozze @stozze

    BUG Fix to prevent unintended results from getComponentsQuery(...)

    Wrapped $filter inside parentheses to prevent unintended results if $filter contains "OR".
    stozze committed with stozze Sep 14, 2012
Commits on Aug 16, 2012
  1. @chillu

    Merge pull request #722 from sonet/2.4

    MINOR fixed array to string conversion to avoid PHP 5.4 warnings
    chillu committed Aug 16, 2012
Commits on Aug 15, 2012
  1. @sonet
Commits on Aug 8, 2012
  1. @wilr
Commits on May 14, 2012
  1. @chillu

    MINOR Manually testing exceptions in SSViewerCacheBlockTest to avoid …

    …PHPUnit 3.6 warnings
    chillu committed May 14, 2012
Commits on May 3, 2012
  1. @chillu

    SECURITY: Ensure javascript content type is sent in form responses. I…

    …f content type is html, and the javascript contains script tags within the content, this content will be executed.
    Andrew O'Neil committed with chillu May 3, 2012
Commits on Mar 30, 2012
  1. @chillu
Commits on Mar 14, 2012
  1. @chillu

    MINOR Backported bootstrap.php changes from master and cstom TeamCity…

    … configuration (required to run tests through phpunit binary)
    chillu committed Mar 14, 2012
Commits on Feb 2, 2012
  1. @sminnee

    ENHANCEMENT: Ensure that forceSSL and protocol detection respects the…

    … X-Forwarded-Protocol header.
    sminnee committed Feb 3, 2012
Commits on Feb 1, 2012
  1. @chillu

    API CHANGE silverstripe_version file now contains the plain version n…

    …umber, rather than an SVN path
    chillu committed Feb 1, 2012
Commits on Jan 31, 2012
  1. @sminnee
  2. @sminnee
  3. @chillu
  4. @chillu
  5. @chillu

    SECURITY Sanitize messages passed to generated JS calls in FormRespon…

    …se::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages
    chillu committed Jan 31, 2012
Commits on Nov 2, 2011
  1. @sminnee

    Merge pull request #63 from simonwelsh/patch-4

    Documentation fix
    sminnee committed Nov 2, 2011
Commits on Oct 18, 2011
  1. @chillu

    MINO Switching 'rewriteHashlinks' sanitization from Convert::raw2att(…

    …) to strip_tags() to make the resulting PHP more portable when mode is set to 'php'
    chillu committed Oct 18, 2011
  2. @chillu

    BUGFIX Escaping base URLs for anchor links rewritten by SSViewer::pro…

    …cess() with the 'rewriteHashlinks' option enabled (which is a framework default, and necessary because of the use of a <base> tag). Also added escaping for base URLs rendered through the 'php' variation of 'rewriteHashlinks'
    chillu committed Oct 17, 2011
Commits on Oct 17, 2011
  1. @chillu

    ENHANCEMENT Added SSViewer::getOption() as a logical counterpart to S…

    …SViewer::setOption()
    chillu committed Oct 17, 2011
Commits on Sep 28, 2011
  1. @halkyon

    ENHANCEMENT Updated Windows installation documentation on using PHP M…

    …anager which takes out most of the PHP configuration effort.
    halkyon committed Sep 28, 2011
  2. @halkyon

    BUGFIX i18n::include_by_locale() assumes a themes directory always ex…

    …ists and causes error if that's not the case. Some projects don't require any themes, like pure applications.
    halkyon committed Sep 28, 2011
Commits on Sep 23, 2011
  1. @simonwelsh
Commits on Sep 15, 2011
  1. @chillu

    ENHANCEMENT Added File.ShowInSearch flag to mirror the existing SiteT…

    …ree.ShowInSearch flag - e.g. useful to limit visibility of user-uploaded files. Enforced in MySQLDatabase->searchEngine().
    chillu committed Sep 15, 2011
  2. @chillu

    BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()…

    …->addslashes() or PHP's deprecated addslashes() for database escaping
    chillu committed Sep 15, 2011
Commits on Sep 7, 2011
  1. @wilr
Commits on Aug 26, 2011
  1. @simonwelsh

    Changes error reporting level to explicitly exclude E_DREPRECATED and…

    … E_STRICT, rather than xor.
    simonwelsh committed Aug 26, 2011
  2. @simonwelsh
Commits on Aug 25, 2011
  1. @sminnee

    Merge pull request #48 from simonwelsh/2.4

    PHP5.4 Support
    sminnee committed Aug 25, 2011
Commits on Aug 24, 2011
  1. @simonwelsh

    Removed references to Language Chooser Widget until it can be updated…

    … to work with the new translation model.
    simonwelsh committed Aug 24, 2011
Commits on Aug 23, 2011
  1. @wilr

    Merge pull request #46 from simonwelsh/patch-1

    MINOR: removed references to Language Chooser which is only supported in 2.2.
    wilr committed Aug 23, 2011