Update jQuery 3.5.1 and jQuery Migrate 3.3.0 (CVE-2020-11022 FIX) #5114
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a major update from V4 to V5 and will need some testing to make sure October CMS works ok with this update.
Have removed all the Data: elements and will now pass with a basic CSP Policy
Remove these extra lines of code - not needed
Update Deprecated code in October into (event.key)
The keydown/keyup/input events were not working correctly. Also the $cb selector was not specific enough and was picking up on the hidden input used to define the default state.
* Add a small JSON Parser to October framework lib
* Update jQuery mousewheel
We've also included it as a separate framework.parser.js file in case its needed by some external lib, such as Storm UI
…brand CSS override with the config item "brand.customLessPath"
* Fix the overflow on the primary tabs
Also had to revert the 100vw improvement on tabs because it causes unnecessary scroll/drag activation. Also reverted change in form.base.less that had no reasoning.
I have no idea why the $user variable can ever be null in the first place, but for me it happens if I remove all main menu items (including the settings). The same check is already in place at the navigation manager: https://github.com/octobercms/october/blob/master/modules/backend/classes/NavigationManager.php#L509-L511 The change shouldn't brake anything.
Credit to @bennothommo & @daftspunk Replaces: 9f8d8ec. Refs: #4439
) * Support additional file name and path characters in media manager When working with abstract file names that may contain additional characters, such as quotes or ampersands, the media manager would throw an error. This PR adds two additional characters to the character whitelist. * Add unicode filename to tests
If the DataTable widget is loaded in a Popup, the .focus() call does not seem to focus the target element correctly, which leads to the problem, that the updateCellFromFocusedItem method fails to find the focused item. This commit passes the target item along since it is already known.
Let's save this for L6 upgrade. Although PHP 7 partially support this, we should revisit once the PHP version is bumped + better support for it
This occurs due to a race condition in the rendering where the scrollbars enable and disable over and over because of a slow height calculation. Giving any height number appears to close the loop by never letting the height resolve to 0 Refs #4632
This fixes PHP 7.4 support by pulling in Symfony packages at v3.4.36
* Added lazy loading for backend form tabs
This avoids "Function ReflectionType::__toString() is deprecated" warnings
Adds a dismissable message to the CMS object code editor indicating that the PHP code section of a CMS object cannot be edited when `cms.enableSafeMode` is `true` (or when debugging is disabled if `null`). Credit to @mjauvin.
This appears to be a typoe. It doesn't make sense to ever log "user errors", only "system errors" Fixes #4569
#4737) Now we can use the `backend.list.overrideHeaderValue` event also in the import/export.
* Add Slovenian language
Similarly named repeater fields being used in viewBag variables were being assigned aliases which succeeded the `strpos` check on line 407. This will more clearly look for a child repeater form and index. Fixes #4808
$widget->secondaryTabs['fields'] may not always be present
This is one step closer to fixing the sorting issues when a scrollbar is present. It still doesn't quite fix the issue, still need to find a way to get the container dimensions to update Refs rainlab/pages-plugin#384 Refs 1d91c22
It is unsure why this was ever needed, but it appears to fix the overflow issues with the sortable plugin Refs rainlab/pages-plugin#384 Refs 11be3fe
|
Deleting this pr and rebasing my fork |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@LukeTowers
This pr fixes issue: #5097
The reason I'm tagging Luke is because he has upgraded jQuery to 3.4.0 (which doesn't contain the security fix) - see here for his commit: 5c7ba9f
This PR adds jQuery 3.5.1 and jQuery Migrate 3.3.0
Any issues tag me and I will sort it out.