This will prevent empty passwords to set the encryption to 'none', which in turn will store any subsequent password changes in cleartext. Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
Added section to "Controllers" and "Form" topics, added $allowed_actions definitions to all controller examples
…er handling of $allowed_actions on Extension Controller (and subclasses) failed to enforce $allowed_action restrictions on parent classes if a child class didn't have it explicitly defined. Controllers which are extended with $allowed_actions (through an Extension) now deny access to methods defined on the controller, unless this class also has them in its own $allowed_actions definition.
Fixes reflected XSS in Group titles when using in group selections (e.g. in "New Member" form).
Already applied to root .htaccess, but required for dynamically generated file from installer as well. Also added upgrade instructions.
Regression from c969e04. Also fixes width to accommodate for widest common format: "11:11:11 AM"
API Require ADMIN for ?showtemplate=1 (3.0)
API Require ADMIN for ?showtemplate=1 (2.4)
Incorrect Contant-Type header for RSS feeds
Due to changed return value of DataObject::get(), the (negated) check always returned false. This wasn't noticed in 3.0 because Group->canEdit() is rarely enforced, but does become noticeable in 3.1 where GridField checks those object-level permissions. Thanks to @purplespider for reporting!
fixed typo in translation
NEW Add Varchar::getSize()
This allows a developer to programatically access the size of the DB Varchar field. This allows us to be a bit more DRY and to define the size in one place and limit TextFields to the same value
It should be application/rss+xml but not text/xml.
This reverts commit 1960df8. Revert "FIX: validate doesn't take var by reference" This reverts commit 866bb07. @ajshort has changed the method signatures in 1f6f7f0. While it wasn't explicitly noted in the commit message, I think its a good change - objects like a FieldList are always passed by reference in PHP, no need to declare that behaviour.
They typically output TreeTitle() which is assumed to be HTML.
FIX: Strict error warnings on DataExtension
Got a bit carried away, validate doesn't take the var by reference
PHP is throwing strict error warnings when overriding the updateCMSFields and other functions in custom DataExtensions due to the fact that the abstract class doesn't declare the variables should be passed by reference