Commit Graph

568 Commits

Author SHA1 Message Date
Robbie Averill
9a57c3802c Remove redundant phpcs rules, reduce some line lengths and use injector to create checkbox fields 2018-09-24 18:09:25 +02:00
Robbie Averill
9f9dc67950
Merge pull request #264 from caffeineinc/bugfix-3.1/xss-session-cookies
Prevent storing formdata to cookies.
2018-09-24 18:07:07 +02:00
Robbie Averill
94950ee79c Tidy up phpcs violations, use short array syntax, optimise class imports 2018-09-24 17:57:31 +02:00
Simon Gow
747d4f4402 Prevent storing formdata to cookies.
- XSS an be stored in a cookie and potentially abused in other ways, so
to prevent this we need to use session instead. This requires the user
to have a session with silverstripe, but this is better than saving
potentially malicious content in cookies. (Also some cookies have
limited length).

@see https://github.com/silverstripe/silverstripe-comments/issues/263
2018-09-20 14:53:35 +12:00
Robbie Averill
cf86b2bb21
Merge pull request #262 from lukereative/pulls/3.1/fix-admin-height
FIX Comment admin form should fill height
2018-08-27 14:59:30 +12:00
Luke Edwards
75d63209aa FIX Comment admin form should fill height 2018-08-27 14:36:44 +12:00
Robbie Averill
04a5257e40 Merge branch '3.1' 2018-07-26 14:56:38 +12:00
Robbie Averill
19619b083e
Merge pull request #261 from micmania1/bugfix/canpostcomment-not-passed-to-include
BUGFIX canPostComment was being called out of scope
2018-07-03 11:43:34 +12:00
micmania1
c0a01dbc91 BUGFIX created way of knowing whether user has permission to post 2018-07-03 11:00:40 +12:00
Robbie Averill
6d7b14367a
Merge pull request #259 from quantum-dragons/bugfix/reply-form-js-fix
Added JS fix for reply forms
2018-06-25 14:08:08 +12:00
pjayme
77f47af5cb Added JS fix for reply forms - fixes issue where the submit button breaks due to incorrect use of the jQuery validate function 2018-06-25 13:25:08 +12:00
Dylan Wagstaff
a1a42009cc
Merge pull request #258 from creative-commoners/pulls/3.1/travis-recipes
Add various recipe versions to Travis build matrix
2018-06-22 20:10:14 +12:00
Robbie Averill
c7235e1c5d FIX Comments GridField tests now use their own test stubs 2018-06-20 16:53:14 +12:00
Robbie Averill
4e23771d79 Add Team stub class to extra_dataobjects 2018-06-20 16:48:26 +12:00
Robbie Averill
52b8ea9104 Add various recipe versions to Travis build matrix 2018-06-20 16:39:46 +12:00
Robbie Averill
8bd79eac1f Merge branch '3.1' 2018-06-20 16:28:40 +12:00
Robbie Averill
f357ca6b7f
Merge pull request #257 from creative-commoners/pulls/3.1/reply-bug
FIX Bug with requiring login when posting a comment, pass correct controller in
2018-06-20 14:28:22 +12:00
Robbie Averill
886c5be21a FIX Bug with requiring login when posting a comment, pass correct controller in 2018-06-20 14:20:50 +12:00
Robbie Averill
9dab444f33
Merge pull request #255 from creative-commoners/pulls/master/add-supported-module-badge
Add supported module badge to readme
2018-06-18 10:49:55 +12:00
Dylan Wagstaff
2c00421cd2
Merge pull request #254 from creative-commoners/pulls/3.1/akismet-test-error
FIX Mock akismet spam protector if installed, fixes broken integration tests
2018-06-18 09:59:05 +12:00
Robbie Averill
32ec3bde50
FIX Add getDate method to return created date for comments, tidy up translations
RSS feeds are looking for $Date, so this method maps to the created field in these cases
2018-06-15 16:40:44 +01:00
Dylan Wagstaff
be71d19d9e Add supported module badge to readme 2018-06-15 17:32:42 +12:00
Robbie Averill
788cb6e6d1 FIX Mock akismet spam protector if installed, fixes broken integration tests 2018-06-15 16:50:14 +12:00
Robbie Averill
eca3ac0e94
FIX Allow tests to handle extra field labels being added in global state 2018-06-13 09:59:23 +12:00
Robbie Averill
01cc198a2d Merge branch '3.1' 2018-06-11 12:15:31 +12:00
Robbie Averill
06acad661f Remove obsolete branch alias 2018-06-11 12:15:09 +12:00
Robbie Averill
42a15f7241
Merge pull request #253 from creative-commoners/pulls/3.1/fix-tests
Fix Tests
2018-05-30 14:36:27 +12:00
Guy
c22daa2ee0 FIX Removing ID from match in tests 2018-05-30 12:25:49 +12:00
Robbie Averill
614b525c04
FIX Loosen assertions in case extension provide extra columns in global state 2018-05-29 18:56:32 +12:00
Dylan Wagstaff
02db1cc86e [SS-2018-015] Update jQuery version, remove entwine from frontend use
jQuery version was extremely old, and was probably stuck at that as a way
of enabling the frivilous use of entwine on the front end for somewhat
trivial ajax submisions. A mild refactor has taken place to leverage newer
jQuery features, and remove outdated dependencies.

Also accompanying this commit are alterations to the markup to make it
more semantically correct (probably not entirely though), and help with
testing the JS functionality of reply forms (when enabled).
2018-05-29 11:40:18 +12:00
Daniel Hensby
aa46291adf
Merge pull request #249 from Dennisprins93/master 2018-05-11 14:14:58 +01:00
Dennisprins93
386f8602f0
Omit http because of potential https conflicts 2018-05-11 14:11:22 +02:00
Robbie Averill
eb0415a938
Merge pull request #245 from creative-commoners/pulls/2.0/reallow-commentform-alterations
FIX reintroduce extension hook for comment form rendering
2018-04-04 16:36:51 +12:00
Raissa North
a886f68c58 FIX reintroduce extension hook for comment form rendering
In CWP 1.x there was an extension hook to allow alterations to the commenting form.
Since the upgrade of this module for CWP 2.x this was no longer there, meaning functionality
that relied upon it no longer worked. This commit reintroduces this functionality to keep
other modules that apply extensions to that hook, happy.
2018-04-04 15:45:45 +12:00
Dylan
276ddb0c86 Update translations 2018-04-04 10:17:01 +12:00
Dylan Wagstaff
cc46ccf89e
Merge pull request #244 from creative-commoners/pulls/3.1/revert-and-deprecate
API Reintroduce abstract handler (previously removed in 192ddbb) and deprecate for future removal
2018-04-04 08:34:08 +12:00
Robbie Averill
3e0cae0cc9 API Reintroduce abstract handler (previously removed in 192ddbb) and deprecate for future removal 2018-04-03 12:22:15 +12:00
Robbie Averill
4385299f1f
Merge pull request #240 from sasky/master
Tiny bug fixes to work with SS4.
2018-03-14 13:18:55 +13:00
Cameron Grant
abb45aa733 Setting the http error to come from the request handler, and the session coming form the Request objects. Just small bugs fix's so the comment form works with ss4. 2018-03-14 11:18:30 +13:00
Robbie Averill
532b49c537
Merge pull request #235 from creative-commoners/pulls/3.0/run-test-independent-from-template
Use FunctionalTest instead of SapphireTest to disable themes.
2018-03-09 17:02:47 +13:00
Raissa North
8d5edc7821 Use FunctionalTest instead of SapphireTest to disable themes. 2018-03-09 16:45:38 +13:00
Robbie Averill
90c42ff027
Merge pull request #232 from creative-commoners/pulls/3.0/bulk-editing-compat
API Use concrete Handler implementations for Spam and Approve bulk editing
2018-02-27 09:29:26 +13:00
Daniel Hensby
909066c0a8
Move comment handles to shared parent class 2018-02-26 11:40:49 +00:00
Robbie Averill
192ddbb4b5 API Use concrete Handler implementations for Spam and Approve bulk editing 2018-02-26 23:24:34 +13:00
Daniel Hensby
b90ec7715e
Merge pull request #228 from benwrighton/master 2018-02-02 10:45:48 +00:00
Unknown
ae59e82021 Improve A11y of comment reply.
Currently this is a link. Users will expect this link to take them to another part of the page or another page altogether. 

There is no indication that it opens or closes an associated form on the same page, nor does it indicate the current state of the “reply to” form.

So, instead of a link, use a button. Add to that button an aria-controls attribute that references the id of the associated form’s container, and an aria-expanded attribute that indicates (true or false) the state of the associated form.
2018-02-01 16:27:30 +13:00
Robbie Averill
17714f221a
Merge pull request #227 from creative-commoners/pulls/3.0/tx-me-js
FIX: update javascript requirements so user JS doesn't error
2018-01-29 16:06:27 +13:00
Dylan Wagstaff
a25668eba0 Remove SS 2.x upgrade code that runs every build 2018-01-29 15:26:16 +13:00
Dylan Wagstaff
7b38707fde FIX: update javascript requirements so user JS doesn't error 2018-01-29 13:04:34 +13:00
Robbie Averill
4bf0a83ad3 FIX Update CommentAdmin test to create a mock session and not assert missing translation 2017-12-19 09:32:56 +13:00