Permalink
Commits on Feb 19, 2013
  1. Added changelog

    chillu committed Feb 19, 2013
  2. fixed error property $ of object is not a function

    changed $ to jQuery, because without it the system would generate the following error:
    
    Uncaught TypeError: Property '$' of object [object Window] is not a function 
    roed committed with chillu Feb 19, 2013
  3. BUG Find Form actions in CompositeFields for access checks

    This bug was introduced with the new nested CMS actions
    around December 2012, but wasn't noticed until now
    because checkAccessAction() would wrongly return TRUE
    before the dataFieldByName() check was reached.
    chillu committed Feb 18, 2013
Commits on Feb 18, 2013
  1. Fixed changelog

    chillu committed Feb 18, 2013
  2. Updated changelog

    chillu committed Feb 18, 2013
  3. Updated changelog

    chillu committed Feb 17, 2013
  4. Updated translations

    chillu committed Feb 18, 2013
Commits on Feb 17, 2013
  1. BUGFIX Keep Member.PasswordEncryption setting on empty passwords

    This will prevent empty passwords to set the encryption to 'none',
    which in turn will store any subsequent password changes in cleartext.
    Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
    chillu committed Jan 6, 2013
  2. Improved docs on $allowed_actions

    Added section to "Controllers" and "Form" topics,
    added $allowed_actions definitions to all controller examples
    chillu committed Jan 28, 2013
  3. BUG Undefined `$allowed_actions` overrides parent definitions, strict…

    …er handling of $allowed_actions on Extension
    
    Controller (and subclasses) failed to enforce $allowed_action restrictions
    on parent classes if a child class didn't have it explicitly defined.
    
    Controllers which are extended with $allowed_actions (through an Extension)
    now deny access to methods defined on the controller, unless this class also has them in its own
    $allowed_actions definition.
    chillu committed Jan 14, 2013
  4. 3.0.4 changelog update

    chillu committed Jan 4, 2013
  5. BUGFIX Escape HTML in DropdownField and ListboxField

    Fixes reflected XSS in Group titles when using
    in group selections (e.g. in "New Member" form).
    chillu committed Jan 4, 2013
  6. BUG Secure composer files from web access (fixes #8011)

    Already applied to root .htaccess, but required for dynamically
    generated file from installer as well. Also added upgrade instructions.
    chillu committed Feb 17, 2013
  7. BUG TimeField respects user choice (fixes #8260)

    Regression from c969e04.
    Also fixes width to accommodate for widest common format:
    "11:11:11 AM"
    chillu committed Feb 17, 2013
Commits on Feb 15, 2013
Commits on Feb 12, 2013
  1. Merge pull request #1182 from chillu/pulls/showtemplate-admin-ss3

    API Require ADMIN for ?showtemplate=1 (3.0)
    halkyon committed Feb 12, 2013
  2. Merge pull request #1181 from chillu/pulls/showtemplate-admin

    API Require ADMIN for ?showtemplate=1 (2.4)
    halkyon committed Feb 12, 2013
Commits on Feb 7, 2013
  1. Merge pull request #1160 from uniun/patch-3

    Incorrect Contant-Type header for RSS feeds
    chillu committed Feb 7, 2013
  2. FIX Group->canEdit() correct non-admin checks (fixes #8250)

    Due to changed return value of DataObject::get(),
    the (negated) check always returned false.
    This wasn't noticed in 3.0 because Group->canEdit() is rarely
    enforced, but does become noticeable in 3.1 where GridField
    checks those object-level permissions.
    
    Thanks to @purplespider for reporting!
    chillu committed Feb 7, 2013
Commits on Feb 6, 2013
  1. Removed explicit pass-by-ref in DataExtension->validate()

    Same fix as be97535 for 3.1. Makes the method signature
    more consistent with other DataExtension methods,
    and comply with its subclass implementation in
    Hierarchy->validate(). See accbd7f for more comments.
    chillu committed Feb 6, 2013
  2. Merge pull request #1163 from schwarz-computer-systeme/3.0

    Update admin/javascript/lang/de_DE.js
    chillu committed Feb 6, 2013
  3. Update admin/javascript/lang/de_DE.js

    fixed typo in translation
    senglmann committed Feb 6, 2013
Commits on Feb 5, 2013
  1. Merge pull request #1162 from dhensby/patch-1

    NEW Add Varchar::getSize()
    wilr committed Feb 5, 2013
  2. FEATURE: Added ability to query size of Varchar

    This allows a developer to programatically access the size of the DB Varchar field. This allows us to be a bit more DRY and to define the size in one place and limit TextFields to the same value
    dhensby committed Feb 5, 2013
  3. Incorrect Contant-Type header for RSS feeds

    It should be application/rss+xml but not text/xml.
    uniun committed Feb 5, 2013
Commits on Feb 4, 2013
  1. Revert "FIX: Strict error warnings on DataExtension"

    This reverts commit 1960df8.
    
    Revert "FIX: validate doesn't take var by reference"
    This reverts commit 866bb07.
    
    @ajshort has changed the method signatures in 1f6f7f0. While it wasn't explicitly noted in the commit message, I think its a good change - objects like a FieldList are always passed by reference in PHP, no need to declare that behaviour.
    chillu committed Feb 4, 2013
  2. FIX Don't escape values on TreeDropdownField readonly views

    They typically output TreeTitle() which is assumed to be HTML.
    chillu committed Feb 4, 2013
  3. Merge pull request #1156 from mandrew/patch-1

    FIX: Strict error warnings on DataExtension
    chillu committed Feb 4, 2013
  4. FIX: validate doesn't take var by reference

    Got a bit carried away, validate doesn't take the var by reference
    mandrew committed Feb 4, 2013