Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge up from 4 to 5 #10651

Merged
merged 23 commits into from
Jan 18, 2023
Merged

Merge up from 4 to 5 #10651

merged 23 commits into from
Jan 18, 2023

Conversation

maxime-rainville
Copy link
Contributor

Just did a merge up from the 4 branch to the 5 branch.

Normally I would just push directly to the branch, but there's enough merge conflicts to resolve that it's probably worth doing an actual peer review.

The following files had conflicts.

        both modified:   src/Control/HTTPResponse.php
        deleted by us:   src/View/Parsers/HTML4Value.php
        both modified:   src/View/SSViewer_DataPresenter.php
        both modified:   src/View/Shortcodes/EmbedShortcodeProvider.php
        deleted by us:   tests/php/View/Parsers/HTML4ValueTest.php

emteknetnz and others added 23 commits August 23, 2022 15:36
@emteknetnz
[CVE-2022-37430] Sanitise mixed case javascript
2b5420e
@GuySartorelli
[CVE-2022-38462] Don't allow CRLF in header values
d3c2857
@GuySartorelli
[CVE-2022-38724] Restrict embed shortcode attributes
168ca00
@GuySartorelli
Update translations
f8befa3
@GuySartorelli
Merge pull request silverstripe#10583 from creative-commoners/pulls/4…
b17b29e 
….11/cve-2022-38724-embed-shortcode

Restrict embed shortcode attributes
@emteknetnz
[CVE-2022-38148] Validate SortColumn exists
4308a93
@GuySartorelli
Merge pull request silverstripe#10584 from creative-commoners/pulls/4…
e5b8110 
….11/cve-2022-38462

Don't allow CRLF in header values
@GuySartorelli
Merge pull request silverstripe#10585 from creative-commoners/pulls/4…
17f1c7c 
….11/cve-2022-37430

Sanitise mixed case javascript
@emteknetnz
[CVE-2022-37429] Sanitise XSS
fe13856
@GuySartorelli
Merge pull request silverstripe#10586 from creative-commoners/pulls/4…
20de819 
….11/cve-2022-37429

Sanitise XSS
@GuySartorelli
Merge pull request silverstripe#10582 from creative-commoners/pulls/4…
c7c108b 
….10/cve-2022-38148

Validate SortColumn exists
@emteknetnz
Merge branch '4.10' into 4.11
dc98cad
@emteknetnz
Merge branch '4.11' into 4.12-release
cb76f31
@chrispenny
Bugfix: SSViewer check object exists before calling prop or method
31d5aef
@michalkleiner
Merge pull request silverstripe#10589 from silverstripe-terraformers/…
f57a77d 
…pulls/runtemplate-fix
@michalkleiner
FIX Improve rounding logic for storing of long decimal numbers (silve…
b107622 
…rstripe#10593)

Co-authored-by: Michal Kleiner <[email protected]>
@GuySartorelli
Merge branch '4.11' into 4.12-release
8bb712a
@GuySartorelli
Merge branch '4.12-release' into 4.12
ce53318
@GuySartorelli
Merge branch '4.12' into 4
0d662ba
@mfendeksilverstripe
ENH: saveInto() new extension points. (silverstripe#10636)
2c105cf 
* ENH: saveInto() new extension points.
@emteknetnz
API Deprecate HTML4Value
b973c88
Merge pull request silverstripe#10648 from creative-commoners/pulls/4…
c430011 
…/deprecate-html5

API Deprecate HTML4Value
Merge branch '4' into 5
b6b0bce
maxime-rainville
maxime-rainville commented Jan 18, 2023
View reviewed changes
src/Control/HTTPResponse.php
/**
* Sanitise header values to avoid possible XSS vectors
*/
private function sanitiseHeader(string $value): string
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This method is new from 4 and was conflicting with the strongly typed parameters of redirect in 5

maxime-rainville
maxime-rainville commented Jan 18, 2023
View reviewed changes
Copy link
Contributor Author

@maxime-rainville maxime-rainville left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deprecation notice in HTML4Value and HTML4ValueTest were conflicting with the removal of those files in 5.

maxime-rainville
maxime-rainville commented Jan 18, 2023
View reviewed changes
Copy link
Contributor Author

@maxime-rainville maxime-rainville left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both Guy and Chris updated src/View/SSViewer_DataPresenter.php with very similar fixes.

maxime-rainville
maxime-rainville commented Jan 18, 2023
View reviewed changes
src/View/Shortcodes/EmbedShortcodeProvider.php
@@ -16,6 +16,7 @@
use SilverStripe\View\Parsers\ShortcodeHandler;
use SilverStripe\View\Parsers\ShortcodeParser;
use SilverStripe\Control\Director;
use SilverStripe\Core\Config\Configurable;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There was a use use SilverStripe\Dev\Deprecation; statement here that was causing a conflict.

@GuySartorelli
Copy link
Member

GuySartorelli commented Jan 18, 2023
edited
Loading

You mention src/View/SSViewer_DataPresenter.php but I don't see that here?
Edit: The incoming changes were rejected, so it doesn't show as a change in the PR.

GuySartorelli
GuySartorelli approved these changes Jan 18, 2023
View reviewed changes
Copy link
Member

@GuySartorelli GuySartorelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I got the same results when doing a local merge up so this looks good to me. For what it's worth, the conflicts were very small, I'd have been comfortable with that being merged and pushed without a PR.

@GuySartorelli GuySartorelli merged commit a8c374b into silverstripe:5 Jan 18, 2023
@GuySartorelli GuySartorelli deleted the pulls/5/merge-up-from-4 branch January 18, 2023 20:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GuySartorelli GuySartorelli GuySartorelli approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@maxime-rainville @GuySartorelli @emteknetnz @chrispenny @michalkleiner @mfendeksilverstripe