From 3094dea5d4b28cb2f8a87639acb4d647e67c5be1 Mon Sep 17 00:00:00 2001
From: Gavin Faux <gavin.faux@reddev.co.uk>
Date: Wed, 13 May 2015 00:59:03 +0100
Subject: [PATCH 1/8] Back office insecure content warning loading Google Web
 Fonts when running over HTTPS

Amend to use https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
---
 src/Umbraco.Web.UI.Client/src/canvasdesigner.loader.js        | 2 +-
 .../src/canvasdesigner/canvasdesigner.controller.js           | 4 ++--
 .../src/canvasdesigner/canvasdesigner.front.js                | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/canvasdesigner.loader.js b/src/Umbraco.Web.UI.Client/src/canvasdesigner.loader.js
index 3e4dfe7f54..db9a5fb23c 100644
--- a/src/Umbraco.Web.UI.Client/src/canvasdesigner.loader.js
+++ b/src/Umbraco.Web.UI.Client/src/canvasdesigner.loader.js
@@ -9,7 +9,7 @@ LazyLoad.js([
       '/Umbraco/js/umbraco.security.js',
       '/Umbraco/ServerVariables',
       '/Umbraco/lib/spectrum/spectrum.js',
-      'http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js',
+      'https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js',
       '/umbraco/js/canvasdesigner.panel.js',
 ], function () {
     jQuery(document).ready(function () {
diff --git a/src/Umbraco.Web.UI.Client/src/canvasdesigner/canvasdesigner.controller.js b/src/Umbraco.Web.UI.Client/src/canvasdesigner/canvasdesigner.controller.js
index 127d5882dc..477d1e5f5b 100644
--- a/src/Umbraco.Web.UI.Client/src/canvasdesigner/canvasdesigner.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/canvasdesigner/canvasdesigner.controller.js
@@ -180,7 +180,7 @@ var app = angular.module("Umbraco.canvasdesigner", ['colorpicker', 'ui.slider',
                         // TODO: special init for font family picker
                         if (item.type == "googlefontpicker" && item.values.fontFamily) {
                             var variant = item.values.fontWeight != "" || item.values.fontStyle != "" ? ":" + item.values.fontWeight + item.values.fontStyle : "";
-                            var gimport = "@import url('http://fonts.googleapis.com/css?family=" + item.values.fontFamily + variant + "');";
+                            var gimport = "@import url('https://fonts.googleapis.com/css?family=" + item.values.fontFamily + variant + "');";
                             if ($.inArray(gimport, parameters) < 0) {
                                 parameters.splice(0, 0, gimport);
                             }
@@ -412,7 +412,7 @@ var app = angular.module("Umbraco.canvasdesigner", ['colorpicker', 'ui.slider',
     var webFontScriptLoaded = false;
     var loadGoogleFont = function (font) {
         if (!webFontScriptLoaded) {
-            $.getScript('http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js')
+            $.getScript('https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js')
             .done(function () {
                 webFontScriptLoaded = true;
                 // Recursively call once webfont script is available.
diff --git a/src/Umbraco.Web.UI.Client/src/canvasdesigner/canvasdesigner.front.js b/src/Umbraco.Web.UI.Client/src/canvasdesigner/canvasdesigner.front.js
index 38a0878ca8..042d3ed89a 100644
--- a/src/Umbraco.Web.UI.Client/src/canvasdesigner/canvasdesigner.front.js
+++ b/src/Umbraco.Web.UI.Client/src/canvasdesigner/canvasdesigner.front.js
@@ -19,7 +19,7 @@ var refreshLayout = function (parameters) {
 var webFontScriptLoaded = false;
 var getFont = function (font) {
     if (!webFontScriptLoaded) {
-        $.getScript('http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js')
+        $.getScript('https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js')
         .done(function () {
             webFontScriptLoaded = true;
             // Recursively call once webfont script is available.

From a1a30240f65ff3ed552ff4e76a4842790b9bd386 Mon Sep 17 00:00:00 2001
From: Warm <wp@manaosoftware.com>
Date: Fri, 29 May 2015 10:40:48 +0700
Subject: [PATCH 2/8] U4-6621 - fix issue AngularJS throws exception that
 locationEvent was not defined when leaved a page without saving

---
 .../directives/validation/valformmanager.directive.js       | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/common/directives/validation/valformmanager.directive.js b/src/Umbraco.Web.UI.Client/src/common/directives/validation/valformmanager.directive.js
index 506bba8990..634f6eb4ec 100644
--- a/src/Umbraco.Web.UI.Client/src/common/directives/validation/valformmanager.directive.js
+++ b/src/Umbraco.Web.UI.Client/src/common/directives/validation/valformmanager.directive.js
@@ -70,7 +70,7 @@ function valFormManager(serverValidationManager, $rootScope, $log, $timeout, not
 
             //This handles the 'unsaved changes' dialog which is triggered when a route is attempting to be changed but
             // the form has pending changes
-            unsubscribe.push($rootScope.$on('$locationChangeStart', function(event, nextLocation, currentLocation) {
+            var locationEvent = $rootScope.$on('$locationChangeStart', function(event, nextLocation, currentLocation) {
                 if (!formCtrl.$dirty || isSavingNewItem) {
                     return;
                 }
@@ -93,7 +93,9 @@ function valFormManager(serverValidationManager, $rootScope, $log, $timeout, not
                     eventsService.emit("valFormManager.pendingChanges", true);
                 }
 
-            }));
+            });
+            unsubscribe.push(locationEvent);
+
             //Ensure to remove the event handler when this instance is destroyted
             scope.$on('$destroy', function() {
                 for (var u in unsubscribe) {

From db824d8daf62bb099a9ae0912cea02d5a03c986c Mon Sep 17 00:00:00 2001
From: Nicholas-Westby <nicholas.westby@rhythmagency.com>
Date: Fri, 29 May 2015 21:02:07 -0700
Subject: [PATCH 3/8] Fixes U4-6665 (Localization Bug)

Fix for localization not working some of the time: http://issues.umbraco.org/issue/U4-6665
---
 src/Umbraco.Web/Editors/BackOfficeController.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Umbraco.Web/Editors/BackOfficeController.cs b/src/Umbraco.Web/Editors/BackOfficeController.cs
index 13afce3f26..21e3145cb8 100644
--- a/src/Umbraco.Web/Editors/BackOfficeController.cs
+++ b/src/Umbraco.Web/Editors/BackOfficeController.cs
@@ -65,7 +65,7 @@ namespace Umbraco.Web.Editors
         [HttpGet]
         public JsonNetResult LocalizedText(string culture = null)
         {
-            var cultureInfo = culture == null 
+            var cultureInfo = string.IsNullOrWhiteSpace(culture)
                 //if the user is logged in, get their culture, otherwise default to 'en'
                 ? User.Identity.IsAuthenticated && User.Identity is UmbracoBackOfficeIdentity
                     ? Security.CurrentUser.GetUserCulture(Services.TextService) 

From a231899052786d6a4ae4ca2b1bf56753177a9fad Mon Sep 17 00:00:00 2001
From: Shannon <sdeminick@gmail.com>
Date: Tue, 2 Jun 2015 20:53:46 +0200
Subject: [PATCH 4/8] Fixes: U4-6635 with label overlaying the folder icon when
 the folder icons are small.

---
 src/Umbraco.Web.UI.Client/src/less/property-editors.less | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/less/property-editors.less b/src/Umbraco.Web.UI.Client/src/less/property-editors.less
index 01430ac2ec..f34d45be63 100644
--- a/src/Umbraco.Web.UI.Client/src/less/property-editors.less
+++ b/src/Umbraco.Web.UI.Client/src/less/property-editors.less
@@ -422,12 +422,11 @@ ul.color-picker li a  {
 }
 
 .umb-photo-folder .umb-non-thumbnail span{
+  position: absolute;
   display: block;
   margin: auto;
-  /*vertically aligns */
-  position: static;
-  top: 50%;
-  transform: translateY(-50%);
+  width: 100%;
+  top: 20px;
 }
 
 .umb-photo-folder .selected{

From ff277cd99ca8bfc2b6a70b5561e7e9c03789e45b Mon Sep 17 00:00:00 2001
From: Shannon <sdeminick@gmail.com>
Date: Tue, 2 Jun 2015 21:13:29 +0200
Subject: [PATCH 5/8] Fixes: U4-6654 NullReferenceException downloading
 translation xml

---
 .../businesslogic/translation/Translation.cs          | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/umbraco.cms/businesslogic/translation/Translation.cs b/src/umbraco.cms/businesslogic/translation/Translation.cs
index 42ca56c574..5b3e27d3b7 100644
--- a/src/umbraco.cms/businesslogic/translation/Translation.cs
+++ b/src/umbraco.cms/businesslogic/translation/Translation.cs
@@ -8,6 +8,7 @@ using umbraco.cms.businesslogic.language;
 using umbraco.cms.businesslogic.property;
 using umbraco.cms.businesslogic.task;
 using umbraco.cms.businesslogic.web;
+using Umbraco.Core;
 using Umbraco.Core.IO;
 
 namespace umbraco.cms.businesslogic.translation
@@ -95,10 +96,14 @@ namespace umbraco.cms.businesslogic.translation
             var props = d.GenericProperties;
             foreach (Property p in props)
             {
-                if (p.Value.GetType() == "".GetType())
+                var asString = p.Value as string;
+                if (asString != null)
                 {
-                    if (p.Value.ToString().Trim() != "")
-                        words += CountWordsInString(p.Value.ToString());
+                    var trimmed = asString.Trim();
+                    if (trimmed.IsNullOrWhiteSpace() == false)
+                    {
+                        words += CountWordsInString(trimmed);
+                    }
                 }
             }
 

From 744ee39904957e52e1227c83781ad91a7ee84911 Mon Sep 17 00:00:00 2001
From: Shannon <sdeminick@gmail.com>
Date: Tue, 2 Jun 2015 22:40:57 +0200
Subject: [PATCH 6/8] Changes the IIS header removal to BeginRequest instead of
 PreSendRequestHeaders since that is not a recommended practice

---
 src/Umbraco.Web/UmbracoModule.cs | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/src/Umbraco.Web/UmbracoModule.cs b/src/Umbraco.Web/UmbracoModule.cs
index bc6037a683..6efe4d4d6a 100644
--- a/src/Umbraco.Web/UmbracoModule.cs
+++ b/src/Umbraco.Web/UmbracoModule.cs
@@ -596,6 +596,19 @@ namespace Umbraco.Web
 					var httpContext = ((HttpApplication)sender).Context;
 				    LogHelper.Debug<UmbracoModule>("Begin request: {0}.", () => httpContext.Request.Url);
                     BeginRequest(new HttpContextWrapper(httpContext));
+
+                    //disable asp.net headers (security)
+                    try
+                    {
+                        httpContext.Response.Headers.Remove("Server");
+                        //this doesn't normally work since IIS sets it but we'll keep it here anyways.
+                        httpContext.Response.Headers.Remove("X-Powered-By");
+                    }
+                    catch (PlatformNotSupportedException ex)
+                    {
+                        // can't remove headers this way on IIS6 or cassini.
+                    }
+
 				};
 
             app.AuthenticateRequest += AuthenticateRequest;
@@ -620,21 +633,6 @@ namespace Umbraco.Web
 					DisposeHttpContextItems(httpContext);
 				};
 
-            //disable asp.net headers (security)
-		    app.PreSendRequestHeaders += (sender, args) =>
-		        {
-                    var httpContext = ((HttpApplication)sender).Context;
-					try
-					{
-						httpContext.Response.Headers.Remove("Server");
-						//this doesn't normally work since IIS sets it but we'll keep it here anyways.
-						httpContext.Response.Headers.Remove("X-Powered-By");
-					}
-					catch (PlatformNotSupportedException ex)
-					{
-						// can't remove headers this way on IIS6 or cassini.
-					}
-		        };
 		}
 
 		public void Dispose()

From 60ce993c09cf1b1e393a524c4b58624ed59ff9dd Mon Sep 17 00:00:00 2001
From: Shannon <sdeminick@gmail.com>
Date: Wed, 3 Jun 2015 12:20:20 +0200
Subject: [PATCH 7/8] Fixes change password dashboard to have autocomplete =
 off and to not show plain text passwords.

---
 .../changepassword/changepassword.html        | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/views/propertyeditors/changepassword/changepassword.html b/src/Umbraco.Web.UI.Client/src/views/propertyeditors/changepassword/changepassword.html
index c224d04fae..c6c9bb115f 100644
--- a/src/Umbraco.Web.UI.Client/src/views/propertyeditors/changepassword/changepassword.html
+++ b/src/Umbraco.Web.UI.Client/src/views/propertyeditors/changepassword/changepassword.html
@@ -20,29 +20,32 @@
 
             <!-- we need to show the old pass field when the provider cannot retrieve the password -->
             <umb-control-group alias="oldPassword" label="Old password" ng-show="$parent.showOldPass()">            
-                <input type="text" name="oldPassword" ng-model="$parent.model.value.oldPassword"
+                <input type="password" name="oldPassword" ng-model="$parent.model.value.oldPassword"
                        class="input-large umb-textstring textstring" 
                        ng-required="$parent.showOldPass()"
-                       val-server="oldPassword" no-dirty-check/>    
+                       val-server="oldPassword" no-dirty-check
+                       autocomplete="off"/>    
                 <span class="help-inline" val-msg-for="oldPassword" val-toggle-msg="required">Required</span>
                 <span class="help-inline" val-msg-for="oldPassword" val-toggle-msg="valServer"></span>
             </umb-control-group>
 
             <umb-control-group alias="password" label="New password" ng-show="$parent.showNewPass()">            
-                <input type="text" name="password" ng-model="$parent.model.value.newPassword"
-                       class="input-large umb-textstring textstring" 
+                <input type="password" name="password" ng-model="$parent.model.value.newPassword"
+                       class="input-large umb-textstring textstring"
                        ng-required="!$parent.model.value.reset"
-                       val-server="value" 
-                       ng-minlength="{{$parent.model.config.minPasswordLength}}" no-dirty-check/>    
+                       val-server="value"
+                       ng-minlength="{{$parent.model.config.minPasswordLength}}" no-dirty-check
+                       autocomplete="off" />    
                 <span class="help-inline" val-msg-for="password" val-toggle-msg="required">Required</span>    
                 <span class="help-inline" val-msg-for="password" val-toggle-msg="minlength">Minimum {{$parent.model.config.minPasswordLength}} characters</span>    
                 <span class="help-inline" val-msg-for="password" val-toggle-msg="valServer"></span>     
             </umb-control-group>
 
             <umb-control-group alias="confirmpassword" label="Confirm password" ng-show="$parent.showConfirmPass()">
-                <input type="text" name="confirmpassword" ng-model="$parent.model.confirm"
+                <input type="password" name="confirmpassword" ng-model="$parent.model.confirm"
                        class="input-large umb-textstring textstring"
-                       val-compare="password" no-dirty-check/>
+                       val-compare="password" no-dirty-check
+                       autocomplete="off" />
 
                 <span class="help-inline" val-msg-for="confirmpassword" val-toggle-msg="valCompare">Passwords must match</span>     
             </umb-control-group> 

From f100d82e2c26ef54744fd11807a3a83fdcc808b4 Mon Sep 17 00:00:00 2001
From: Sebastiaan Janssen <sebastiaan@umbraco.com>
Date: Wed, 3 Jun 2015 14:03:04 +0200
Subject: [PATCH 8/8] Bump version

---
 build/UmbracoVersion.txt                         | 2 +-
 src/SolutionInfo.cs                              | 4 ++--
 src/Umbraco.Core/Configuration/UmbracoVersion.cs | 2 +-
 src/Umbraco.Web.UI/Umbraco.Web.UI.csproj         | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/build/UmbracoVersion.txt b/build/UmbracoVersion.txt
index ecb394c050..9199867efa 100644
--- a/build/UmbracoVersion.txt
+++ b/build/UmbracoVersion.txt
@@ -1,2 +1,2 @@
 # Usage: on line 2 put the release version, on line 3 put the version comment (example: beta)
-7.2.5
\ No newline at end of file
+7.2.6
\ No newline at end of file
diff --git a/src/SolutionInfo.cs b/src/SolutionInfo.cs
index 9fd1385311..0e3d292c0f 100644
--- a/src/SolutionInfo.cs
+++ b/src/SolutionInfo.cs
@@ -11,5 +11,5 @@ using System.Resources;
 
 [assembly: AssemblyVersion("1.0.*")]
 
-[assembly: AssemblyFileVersion("7.2.5")]
-[assembly: AssemblyInformationalVersion("7.2.5")]
\ No newline at end of file
+[assembly: AssemblyFileVersion("7.2.6")]
+[assembly: AssemblyInformationalVersion("7.2.6")]
\ No newline at end of file
diff --git a/src/Umbraco.Core/Configuration/UmbracoVersion.cs b/src/Umbraco.Core/Configuration/UmbracoVersion.cs
index 8f9f84d656..a548f759c7 100644
--- a/src/Umbraco.Core/Configuration/UmbracoVersion.cs
+++ b/src/Umbraco.Core/Configuration/UmbracoVersion.cs
@@ -5,7 +5,7 @@ namespace Umbraco.Core.Configuration
 {
     public class UmbracoVersion
     {
-        private static readonly Version Version = new Version("7.2.5");
+        private static readonly Version Version = new Version("7.2.6");
 
         /// <summary>
         /// Gets the current version of Umbraco.
diff --git a/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj b/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
index d826231dfd..b84764cd0d 100644
--- a/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
+++ b/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
@@ -2540,9 +2540,9 @@ xcopy "$(ProjectDir)"..\packages\SqlServerCE.4.0.0.0\x86\*.* "$(TargetDir)x86\"
         <WebProjectProperties>
           <UseIIS>True</UseIIS>
           <AutoAssignPort>True</AutoAssignPort>
-          <DevelopmentServerPort>7250</DevelopmentServerPort>
+          <DevelopmentServerPort>7260</DevelopmentServerPort>
           <DevelopmentServerVPath>/</DevelopmentServerVPath>
-          <IISUrl>http://localhost:7250</IISUrl>
+          <IISUrl>http://localhost:7260</IISUrl>
           <NTLMAuthentication>False</NTLMAuthentication>
           <UseCustomServer>False</UseCustomServer>
           <CustomServerUrl>