Skip to content
This repository

Feb 18, 2013

  1. Ingo Schommer

    Fixed changelog

    authored
  2. Ingo Schommer

    Updated changelog

    authored
  3. Ingo Schommer

    Fixed screen.css (wrong compilation)

    authored
  4. Ingo Schommer

    Updated changelog

    authored
  5. Ingo Schommer

    Updated translations

    authored

Feb 17, 2013

  1. Ingo Schommer

    BUGFIX Keep Member.PasswordEncryption setting on empty passwords

    This will prevent empty passwords to set the encryption to 'none',
    which in turn will store any subsequent password changes in cleartext.
    Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
    authored
  2. Ingo Schommer

    Improved docs on $allowed_actions

    Added section to "Controllers" and "Form" topics,
    added $allowed_actions definitions to all controller examples
    authored
  3. Ingo Schommer

    BUG Undefined `$allowed_actions` overrides parent definitions, strict…

    …er handling of $allowed_actions on Extension
    
    Controller (and subclasses) failed to enforce $allowed_action restrictions
    on parent classes if a child class didn't have it explicitly defined.
    
    Controllers which are extended with $allowed_actions (through an Extension)
    now deny access to methods defined on the controller, unless this class also has them in its own
    $allowed_actions definition.
    authored
  4. Ingo Schommer

    3.0.4 changelog update

    authored
  5. Ingo Schommer

    BUGFIX Escape HTML in DropdownField and ListboxField

    Fixes reflected XSS in Group titles when using
    in group selections (e.g. in "New Member" form).
    authored
  6. Ingo Schommer

    BUGFIX Escape HTML in CMS status messages

    authored
  7. Ingo Schommer

    BUGFIX Fixed XSS in admin/security and "My Profile" forms

    authored
  8. Ingo Schommer

    Merge remote-tracking branch 'origin/2.4' into 3.0

    authored
  9. Ingo Schommer

    BUG Secure composer files from web access (fixes #8011)

    Already applied to root .htaccess, but required for dynamically
    generated file from installer as well. Also added upgrade instructions.
    authored
  10. Ingo Schommer

    BUG TimeField respects user choice (fixes #8260)

    Regression from c969e04.
    Also fixes width to accommodate for widest common format:
    "11:11:11 AM"
    authored

Feb 15, 2013

  1. Ingo Schommer

    Nginx docs for denying composer file access (fixes #8011)

    authored

Feb 12, 2013

  1. Sean Harvey

    Merge pull request #1182 from chillu/pulls/showtemplate-admin-ss3

    API Require ADMIN for ?showtemplate=1 (3.0)
    authored
  2. Sean Harvey

    Merge pull request #1181 from chillu/pulls/showtemplate-admin

    API Require ADMIN for ?showtemplate=1 (2.4)
    authored
  3. Ingo Schommer

    API Require ADMIN for ?showtemplate=1

    authored
  4. Ingo Schommer

    API Require ADMIN for ?showtemplate=1

    authored

Feb 07, 2013

  1. Ingo Schommer

    Merge pull request #1160 from uniun/patch-3

    Incorrect Contant-Type header for RSS feeds
    authored
  2. Ingo Schommer

    FIX Group->canEdit() correct non-admin checks (fixes #8250)

    Due to changed return value of DataObject::get(),
    the (negated) check always returned false.
    This wasn't noticed in 3.0 because Group->canEdit() is rarely
    enforced, but does become noticeable in 3.1 where GridField
    checks those object-level permissions.
    
    Thanks to @purplespider for reporting!
    authored

Feb 06, 2013

  1. Ingo Schommer

    Removed explicit pass-by-ref in DataExtension->validate()

    Same fix as be97535 for 3.1. Makes the method signature
    more consistent with other DataExtension methods,
    and comply with its subclass implementation in
    Hierarchy->validate(). See accbd7f for more comments.
    authored
  2. Ingo Schommer

    Merge pull request #1163 from schwarz-computer-systeme/3.0

    Update admin/javascript/lang/de_DE.js
    authored
  3. senglmann

    Update admin/javascript/lang/de_DE.js

    fixed typo in translation
    authored

Feb 05, 2013

  1. Will Rossiter

    Merge pull request #1162 from dhensby/patch-1

    NEW Add Varchar::getSize()
    authored
  2. Daniel Hensby

    FEATURE: Added ability to query size of Varchar

    This allows a developer to programatically access the size of the DB Varchar field. This allows us to be a bit more DRY and to define the size in one place and limit TextFields to the same value
    authored
  3. Elvinas L.

    Incorrect Contant-Type header for RSS feeds

    It should be application/rss+xml but not text/xml.
    authored

Feb 04, 2013

  1. Ingo Schommer

    Revert "FIX: Strict error warnings on DataExtension"

    This reverts commit 1960df8.
    
    Revert "FIX: validate doesn't take var by reference"
    This reverts commit 866bb07.
    
    @ajshort has changed the method signatures in 1f6f7f0. While it wasn't explicitly noted in the commit message, I think its a good change - objects like a FieldList are always passed by reference in PHP, no need to declare that behaviour.
    authored
  2. Ingo Schommer

    FIX Don't escape values on TreeDropdownField readonly views

    They typically output TreeTitle() which is assumed to be HTML.
    authored
  3. Ingo Schommer

    Merge pull request #1156 from mandrew/patch-1

    FIX: Strict error warnings on DataExtension
    authored
  4. Michael Andrewartha

    FIX: validate doesn't take var by reference

    Got a bit carried away, validate doesn't take the var by reference
    authored
  5. Michael Andrewartha

    FIX: Strict error warnings on DataExtension

    PHP is throwing strict error warnings when overriding the
    updateCMSFields and other functions in custom DataExtensions due to
    the fact that the abstract class doesn't declare the variables should
    be passed by reference
    authored

Feb 01, 2013

  1. Ingo Schommer

    Include "media" attr for module customCSS() (fixes #8219)

    authored

Jan 31, 2013

  1. Ingo Schommer

    Merge pull request #1123 from chillu/pulls/revert-content-length

    API Remove Content-Length setting from HTTPResponse (fixes #8010)
    authored
Something went wrong with that request. Please try again.