… its explicitly passed to the method
…direction) Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL) More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
Fixed grammatical error for Form.FIELDISREQUIRED
BUGFIX Fix to prevent unintended results from getComponentsQuery(...)
Wrapped $filter inside parentheses to prevent unintended results if $filter contains "OR".
MINOR fixed array to string conversion to avoid PHP 5.4 warnings
…PHPUnit 3.6 warnings
… configuration (required to run tests through phpunit binary)
… X-Forwarded-Protocol header.
…umber, rather than an SVN path
…se::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages
…) to strip_tags() to make the resulting PHP more portable when mode is set to 'php'
…cess() with the 'rewriteHashlinks' option enabled (which is a framework default, and necessary because of the use of a <base> tag). Also added escaping for base URLs rendered through the 'php' variation of 'rewriteHashlinks'
…anager which takes out most of the PHP configuration effort.
…ists and causes error if that's not the case. Some projects don't require any themes, like pure applications.
…ree.ShowInSearch flag - e.g. useful to limit visibility of user-uploaded files. Enforced in MySQLDatabase->searchEngine().
…->addslashes() or PHP's deprecated addslashes() for database escaping
… E_STRICT, rather than xor.
… to work with the new translation model.