Permalink
Commits on Feb 18, 2013
  1. Fixed changelog

    chillu committed Feb 18, 2013
  2. Updated changelog

    chillu committed Feb 18, 2013
  3. Updated changelog

    chillu committed Feb 17, 2013
  4. Updated translations

    chillu committed Feb 18, 2013
Commits on Feb 17, 2013
  1. BUGFIX Keep Member.PasswordEncryption setting on empty passwords

    chillu committed Jan 6, 2013
    This will prevent empty passwords to set the encryption to 'none',
    which in turn will store any subsequent password changes in cleartext.
    Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
  2. Improved docs on $allowed_actions

    chillu committed Jan 28, 2013
    Added section to "Controllers" and "Form" topics,
    added $allowed_actions definitions to all controller examples
  3. BUG Undefined `$allowed_actions` overrides parent definitions, strict…

    chillu committed Jan 14, 2013
    …er handling of $allowed_actions on Extension
    
    Controller (and subclasses) failed to enforce $allowed_action restrictions
    on parent classes if a child class didn't have it explicitly defined.
    
    Controllers which are extended with $allowed_actions (through an Extension)
    now deny access to methods defined on the controller, unless this class also has them in its own
    $allowed_actions definition.
  4. 3.0.4 changelog update

    chillu committed Jan 4, 2013
  5. BUGFIX Escape HTML in DropdownField and ListboxField

    chillu committed Jan 4, 2013
    Fixes reflected XSS in Group titles when using
    in group selections (e.g. in "New Member" form).
  6. BUG Secure composer files from web access (fixes #8011)

    chillu committed Feb 17, 2013
    Already applied to root .htaccess, but required for dynamically
    generated file from installer as well. Also added upgrade instructions.
  7. BUG TimeField respects user choice (fixes #8260)

    chillu committed Feb 17, 2013
    Regression from c969e04.
    Also fixes width to accommodate for widest common format:
    "11:11:11 AM"
Commits on Feb 15, 2013
Commits on Feb 12, 2013
  1. Merge pull request #1182 from chillu/pulls/showtemplate-admin-ss3

    halkyon committed Feb 12, 2013
    API Require ADMIN for ?showtemplate=1 (3.0)
  2. Merge pull request #1181 from chillu/pulls/showtemplate-admin

    halkyon committed Feb 12, 2013
    API Require ADMIN for ?showtemplate=1 (2.4)
Commits on Feb 7, 2013
  1. Merge pull request #1160 from uniun/patch-3

    chillu committed Feb 7, 2013
    Incorrect Contant-Type header for RSS feeds
  2. FIX Group->canEdit() correct non-admin checks (fixes #8250)

    chillu committed Feb 7, 2013
    Due to changed return value of DataObject::get(),
    the (negated) check always returned false.
    This wasn't noticed in 3.0 because Group->canEdit() is rarely
    enforced, but does become noticeable in 3.1 where GridField
    checks those object-level permissions.
    
    Thanks to @purplespider for reporting!
Commits on Feb 6, 2013
  1. Removed explicit pass-by-ref in DataExtension->validate()

    chillu committed Feb 6, 2013
    Same fix as be97535 for 3.1. Makes the method signature
    more consistent with other DataExtension methods,
    and comply with its subclass implementation in
    Hierarchy->validate(). See accbd7f for more comments.
  2. Merge pull request #1163 from schwarz-computer-systeme/3.0

    chillu committed Feb 6, 2013
    Update admin/javascript/lang/de_DE.js
  3. Update admin/javascript/lang/de_DE.js

    senglmann committed Feb 6, 2013
    fixed typo in translation
Commits on Feb 5, 2013
  1. Merge pull request #1162 from dhensby/patch-1

    wilr committed Feb 5, 2013
    NEW Add Varchar::getSize()
  2. FEATURE: Added ability to query size of Varchar

    dhensby committed Feb 5, 2013
    This allows a developer to programatically access the size of the DB Varchar field. This allows us to be a bit more DRY and to define the size in one place and limit TextFields to the same value
  3. Incorrect Contant-Type header for RSS feeds

    uniun committed Feb 5, 2013
    It should be application/rss+xml but not text/xml.
Commits on Feb 4, 2013
  1. Revert "FIX: Strict error warnings on DataExtension"

    chillu committed Feb 4, 2013
    This reverts commit 1960df8.
    
    Revert "FIX: validate doesn't take var by reference"
    This reverts commit 866bb07.
    
    @ajshort has changed the method signatures in 1f6f7f0. While it wasn't explicitly noted in the commit message, I think its a good change - objects like a FieldList are always passed by reference in PHP, no need to declare that behaviour.
  2. FIX Don't escape values on TreeDropdownField readonly views

    chillu committed Feb 4, 2013
    They typically output TreeTitle() which is assumed to be HTML.
  3. Merge pull request #1156 from mandrew/patch-1

    chillu committed Feb 4, 2013
    FIX: Strict error warnings on DataExtension
  4. FIX: validate doesn't take var by reference

    mandrew committed Feb 4, 2013
    Got a bit carried away, validate doesn't take the var by reference
  5. FIX: Strict error warnings on DataExtension

    mandrew committed Feb 4, 2013
    PHP is throwing strict error warnings when overriding the
    updateCMSFields and other functions in custom DataExtensions due to
    the fact that the abstract class doesn't declare the variables should
    be passed by reference
Commits on Feb 1, 2013
Commits on Jan 31, 2013
  1. Merge pull request #1123 from chillu/pulls/revert-content-length

    chillu committed Jan 31, 2013
    API Remove Content-Length setting from HTTPResponse (fixes #8010)