Merge remote-tracking branch 'origin/3.0' into 3.1

Conflicts: admin/code/SecurityAdmin.php css/AssetUploadField.css docs/en/topics/configuration.md security/PermissionRole.php
2024-10-22 14:05:37 +02:00 · 2013-09-12 17:26:52 +02:00 · 2013-09-12 17:26:52 +02:00 · 03d1d58148
commit 03d1d58148
parent c2b312d76f a6b402f491
8 changed files with 63 additions and 40 deletions
--- a/css/AssetUploadField.css
+++ b/css/AssetUploadField.css
@ -42,7 +42,7 @@ body.cms.ss-uploadfield-edit-iframe .fieldholder-small label, .composite.ss-asse
 .ss-assetuploadfield .ss-uploadfield-files .ui-state-error .ss-uploadfield-item-info { background-color: #c11f1d; padding-right: 130px; background-image: -webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(0%, #c11f1d), color-stop(4%, #bf1d1b), color-stop(8%, #b71b1c), color-stop(15%, #b61e1d), color-stop(27%, #b11d1d), color-stop(31%, #ab1d1c), color-stop(42%, #a51b1b), color-stop(46%, #9f1b19), color-stop(50%, #9f1b19), color-stop(54%, #991c1a), color-stop(58%, #971a18), color-stop(62%, #911b1b), color-stop(65%, #911b1b), color-stop(88%, #7e1816), color-stop(92%, #771919), color-stop(100%, #731817)); background-image: -webkit-linear-gradient(top, #c11f1d 0%, #bf1d1b 4%, #b71b1c 8%, #b61e1d 15%, #b11d1d 27%, #ab1d1c 31%, #a51b1b 42%, #9f1b19 46%, #9f1b19 50%, #991c1a 54%, #971a18 58%, #911b1b 62%, #911b1b 65%, #7e1816 88%, #771919 92%, #731817 100%); background-image: -moz-linear-gradient(top, #c11f1d 0%, #bf1d1b 4%, #b71b1c 8%, #b61e1d 15%, #b11d1d 27%, #ab1d1c 31%, #a51b1b 42%, #9f1b19 46%, #9f1b19 50%, #991c1a 54%, #971a18 58%, #911b1b 62%, #911b1b 65%, #7e1816 88%, #771919 92%, #731817 100%); background-image: -o-linear-gradient(top, #c11f1d 0%, #bf1d1b 4%, #b71b1c 8%, #b61e1d 15%, #b11d1d 27%, #ab1d1c 31%, #a51b1b 42%, #9f1b19 46%, #9f1b19 50%, #991c1a 54%, #971a18 58%, #911b1b 62%, #911b1b 65%, #7e1816 88%, #771919 92%, #731817 100%); background-image: linear-gradient(top, #c11f1d 0%, #bf1d1b 4%, #b71b1c 8%, #b61e1d 15%, #b11d1d 27%, #ab1d1c 31%, #a51b1b 42%, #9f1b19 46%, #9f1b19 50%, #991c1a 54%, #971a18 58%, #911b1b 62%, #911b1b 65%, #7e1816 88%, #771919 92%, #731817 100%); }
 .ss-assetuploadfield .ss-uploadfield-files .ui-state-error .ss-uploadfield-item-info .ss-uploadfield-item-name { width: 100%; cursor: default; background: #bcb9b9; background: rgba(201, 198, 198, 0.9); }
 .ss-assetuploadfield .ss-uploadfield-files .ui-state-error .ss-uploadfield-item-info .ss-uploadfield-item-name .name { text-shadow: 0px 1px 0px rgba(255, 255, 255, 0.7); }
-.ss-assetuploadfield .ss-uploadfield-files .ui-state-warning .ss-uploadfield-item-info { background-color: #e9d104; background-image: -webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(0%, #e5d33b), color-stop(8%, #e2ce24), color-stop(50%, #d1be1c), color-stop(54%, #d1bc1b), color-stop(96%, #d09a1a), color-stop(100%, #ce8719)); background-image: -webkit-linear-gradient(top, #e5d33b 0%, #e2ce24 8%, #d1be1c 50%, #d1bc1b 54%, #d09a1a 96%, #ce8719 100%); background-image: -moz-linear-gradient(top, #e5d33b 0%, #e2ce24 8%, #d1be1c 50%, #d1bc1b 54%, #d09a1a 96%, #ce8719 100%); background-image: -o-linear-gradient(top, #e5d33b 0%, #e2ce24 8%, #d1be1c 50%, #d1bc1b 54%, #d09a1a 96%, #ce8719 100%); background-image: linear-gradient(top, #e5d33b 0%, #e2ce24 8%, #d1be1c 50%, #d1bc1b 54%, #d09a1a 96%, #ce8719 100%); }
+.ss-assetuploadfield .ss-uploadfield-files .ui-state-warning .ss-uploadfield-item-info { background-color: #ff9300; background-image: -webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(0%, #eba547), color-stop(8%, #e89a30), color-stop(50%, #e68f19), color-stop(54%, #e68e19), color-stop(96%, #e17519), color-stop(100%, #dc6718)); background-image: -webkit-linear-gradient(top, #eba547 0%, #e89a30 8%, #e68f19 50%, #e68e19 54%, #e17519 96%, #dc6718 100%); background-image: -moz-linear-gradient(top, #eba547 0%, #e89a30 8%, #e68f19 50%, #e68e19 54%, #e17519 96%, #dc6718 100%); background-image: -o-linear-gradient(top, #eba547 0%, #e89a30 8%, #e68f19 50%, #e68e19 54%, #e17519 96%, #dc6718 100%); background-image: linear-gradient(top, #eba547 0%, #e89a30 8%, #e68f19 50%, #e68e19 54%, #e17519 96%, #dc6718 100%); }
 .ss-assetuploadfield .ss-uploadfield-files .ss-uploadfield-item-name { position: relative; z-index: 1; margin: 3px 0 3px 50px; width: 50%; color: #5e5e5e; background: #eeeded; background: rgba(255, 255, 255, 0.8); -webkit-border-radius: 3px; -moz-border-radius: 3px; -ms-border-radius: 3px; -o-border-radius: 3px; border-radius: 3px; line-height: 24px; height: 22px; padding: 0 5px; text-align: left; cursor: pointer; display: table; table-layout: fixed; }
 .ss-assetuploadfield .ss-uploadfield-files .ss-uploadfield-item-name .name { text-shadow: 0px 1px 0px rgba(255, 255, 255, 0.5); display: inline; float: left; max-width: 50%; font-weight: normal; padding: 0 5px 0 0; overflow: hidden; white-space: nowrap; text-overflow: ellipsis; -o-text-overflow: ellipsis; }
 .ss-assetuploadfield .ss-uploadfield-files .ss-uploadfield-item-name .ss-uploadfield-item-status { position: relative; float: right; padding: 0 0 0 5px; max-width: 30%; overflow: hidden; white-space: nowrap; text-overflow: ellipsis; -o-text-overflow: ellipsis; text-shadow: 0px 1px 0px rgba(255, 255, 255, 0.5); }
--- a/docs/en/changelogs/3.0.6.md
+++ b/docs/en/changelogs/3.0.6.md
@ -9,19 +9,19 @@

 ### Security: Require ADMIN for ?flush=1 (SS-2013-001)

-Flushing the various manifests (class, template, config) is performed through a GET
-parameter (`flush=1`). Since this action requires more server resources than normal requests,
-it can facilitate [denial-of-service attacks](https://en.wikipedia.org/wiki/Denial-of-service_attack).
+See [announcement](http://www.silverstripe.org/ss-2013-001-require-admin-for-flush1/)

-To prevent this, main.php now checks and only allows the flush parameter in the following cases:
+### Security: Privilege escalation through Group hierarchy setting (SS-2013-003)

- * The [environment](/topics/environment-management) is in "dev mode"
- * A user is logged in with ADMIN permissions
- * An error occurs during startup
+See [announcement](http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/)

-This applies to both `flush=1` and `flush=all` (technically we only check for the existence of any parameter value)
-but only through web requests made through main.php - CLI requests, or any other request that goes through
-a custom start up script will still process all flush requests as normal.
+### Security: Privilege escalation through Group and Member CSV upload (SS-2013-004)
+
+See [announcement](http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/)
+
+### Security: Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
+
+See [announcement](http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/)

 ### Security: Privilege escalation through Group hierarchy setting (SS-2013-003)

--- a/docs/en/changelogs/rc/3.0.6-rc2.md
+++ b/docs/en/changelogs/rc/3.0.6-rc2.md
@ -0,0 +1,17 @@
+# 3.0.6-rc2
+
+# Overview
+
+TODO
+
+
+### Bugfixes
+
+ * 2013-08-30 [f803704](https://github.com/silverstripe/sapphire/commit/f803704) Disallow permissions assign for APPLY_ROLES (SS-2013-005) (Ingo Schommer)
+ * 2013-08-30 [05757ef](https://github.com/silverstripe/sapphire/commit/05757ef) Privilege escalation through APPLY_ROLES assignment (SS-2013-005) (Ingo Schommer)
+ * 2013-08-30 [6cff967](https://github.com/silverstripe/sapphire/commit/6cff967) Privilege escalation through Group and Member CSV upload (SS-2013-004) (Ingo Schommer)
+ * 2013-08-30 [720c149](https://github.com/silverstripe/sapphire/commit/720c149) Privilege escalation through Group hierarchy setting (SS-2013-003) (Ingo Schommer)
+ * 2013-08-26 [65ad510](https://github.com/silverstripe/sapphire/commit/65ad510) fixed grammatical errors and formatting issues (jbridson)
+ * 2013-08-19 [4a7aef0](https://github.com/silverstripe/sapphire/commit/4a7aef0) Double slashes in ParameterConfirmationToken (Hamish Friedlander)
+ * 2013-08-09 [b1664f8](https://github.com/silverstripe/silverstripe-cms/commit/b1664f8) Check for stage and drafts in SiteTree::canView() (Simon Welsh)
+ * 2013-08-08 [2fae928](https://github.com/silverstripe/silverstripe-cms/commit/2fae928) ArchiveDate enforcement (Hamish Friedlander)
--- a/docs/en/reference/templates.md
+++ b/docs/en/reference/templates.md
@ -417,7 +417,7 @@ have to repeat it on each reference of a property.
 properties of the collection itself, instead of iterating over it. For example:

 	:::ss
-	$Children.Length
+	$Children.Count

 returns the number of items in the $Children collection.

--- a/docs/en/topics/configuration.md
+++ b/docs/en/topics/configuration.md
@ -38,7 +38,7 @@ a description of the configuration setting.
 Each named class configuration property can contain either an array or a non-array value.
 If the value is an array, each value in the array may also be one of those three types

-As mentioned, this value of any specific class configuration property comes from several sources. These sources do not
+As mentioned, the value of any specific class configuration property comes from several sources. These sources do not
 override each other (except in one specific circumstance) - instead the values from each source are merged together
 to give the final configuration value, using these rules:

@ -49,10 +49,10 @@ to give the final configuration value, using these rules:
 - If the value is not an array, the highest priority value is used without any attempt to merge

 It is an error to have mixed types of the same named property in different locations (but an error will not necessarily
-be raised due to optimisations in the lookup code)
+be raised due to optimisations in the lookup code).

 The exception to this is "false-ish" values - empty arrays, empty strings, etc. When merging a non-false-ish value with a
-false-ish value, the result will be the non-false-ish value regardless of priority. When merging two false-sh values
+false-ish value, the result will be the non-false-ish value regardless of priority. When merging two false-ish values
 the result will be the higher priority false-ish value.

 The locations that configuration values are taken from in highest -> lowest priority order are:
@ -85,7 +85,7 @@ done by calling the static method `[api:Config::inst()]`, like so:

 	$config = Config::inst();

-There are then three public methods available on the instance so obtained
+There are then three public methods available on the instance so obtained:

  - Config#get() returns the value of a specified classes' property
  - Config#remove() removes information from the value of a specified classes' property.
@ -136,7 +136,7 @@ is only one set of values the header can be omitted.

 ### The header

-Each value section of a YAML file has
+Each value section of a YAML file has:

  - A reference path, made up of the module name, the config file name, and a fragment identifier
  - A set of rules for the value section's priority relative to other value sections
@ -150,13 +150,13 @@ value section in the header section that immediately preceeds the value section.
 Each value section has a reference path. Each path looks a little like a URL, 
 and is of this form: `module/file#fragment`.

- - "module" is the name of the module this YAML file is in
- - "file" is the name of this YAML file, stripped of the extension (so for routes.yml, it would be routes)
- - "fragment" is a specified identifier. It is specified by putting a `Name: {fragment}` key / value pair into the header
+ - "module" is the name of the module this YAML file is in.
+ - "file" is the name of this YAML file, stripped of the extension (so for routes.yml, it would be routes).
+ - "fragment" is a specified identifier. It is specified by putting a `Name: {fragment}` key / value pair into the header.
 section. If you don't specify a name, a random one will be assigned.

 This reference path has no affect on the value section itself, but is how other header sections refer to this value
-section in their priority chain rules
+section in their priority chain rules.

 #### Priorities

@ -190,7 +190,7 @@ one value section can not be both before _and_ after another. However when you h
 was a difference in how many wildcards were used, the one with the least wildcards will be kept and the other one
 ignored.

-A more complex example, taken from framework/_config/routes.yml
+A more complex example, taken from framework/_config/routes.yml:

 	:::yml
 	---
@ -212,8 +212,8 @@ The value section above has two rules:

 In this case there would appear to be a problem - adminroutes can not be both before all other value sections _and_
 after value sections with a name of `rootroutes`. However because `\*` has three wildcards
-(it is the equivalent of `\*/\*#\*`) but `#rootroutes` only has two (it is the equivalent of `\*/\*#rootroutes`),
-`\*` in this case means "every value section _except_ ones that have a fragment name of rootroutes"
+(it is the equivalent of `\*/\*#\*`) but `#rootroutes` only has two (it is the equivalent of `\*/\*#rootroutes`). 
+In this case `\*` means "every value section _except_ ones that have a fragment name of rootroutes".

 One important thing to note: it is possible to create chains that are unsolvable. For instance, A must be before B,
 B must be before C, C must be before A. In this case you will get an error when accessing your site.
@ -221,7 +221,7 @@ B must be before C, C must be before A. In this case you will get an error when
 #### Exclusionary rules

 Some value sections might only make sense under certain environmental conditions - a class exists, a module is installed,
-an environment variable or constant is set, or SilverStripe is running in a certain environment mode (live, dev, etc)
+an environment variable or constant is set, or SilverStripe is running in a certain environment mode (live, dev, etc).

 To accommodate this, value sections can be filtered to only be used when either a rule matches or doesn't match the
 current environment.
@ -267,12 +267,12 @@ will result in only the latter coming through.

 ### The values

-The values section of YAML configuration files is quite simple - it is simply a nested key / value pair structure
+The values section of a YAML configuration file is quite simple - it is simply a nested key / value pair structure
 where the top level key is the class name to set the property on, and the sub key / value pairs are the properties
-and values themselves (where values of course can themselves be nested hashes).
+and values themselves (where values, of course, can themselves be nested hashes).

 A simple example setting a property called "foo" to the scalar "bar" on class "MyClass", and a property called "baz"
-to a nested array on class "MyOtherClass".
+to a nested array on class "MyOtherClass":

 	:::yml
 	MyClass:
@ -319,8 +319,9 @@ classes (see [common-problems](/installation/common-problems)).

 ## Configuration through the CMS

-SilverStripe framework does not provide a method to set most system-level configuration via a web panel.
-This lack of a configuration GUI is on purpose, as we'd like to keep developer-level options where they belong (into
+SilverStripe framework does not provide a method to set configuration via a web panel.
+
+This lack of a configuration-GUI is on purpose, as we'd like to keep developer-level options where they belong (into
 code), without cluttering up the interface. See this core forum discussion ["The role of the
 CMS"](http://www.silverstripe.org/archive/show/532) for further reasoning.

--- a/docs/en/tutorials/2-extending-a-basic-site.md
+++ b/docs/en/tutorials/2-extending-a-basic-site.md
@ -3,7 +3,7 @@
 ## Overview


-In the [first tutorial](1-building-a-basic-site) we learnt how to create a basic site using SilverStripe. This tutorial will build on that, and explore extending SilverStripe by creating our own page types. After doing this we should have a better understanding of how SilverStripe works.
+In the [first tutorial (Building a basic site)](1-building-a-basic-site) we learnt how to create a basic site using SilverStripe. This tutorial will build on that, and explore extending SilverStripe by creating our own page types. After doing this we should have a better understanding of how SilverStripe works.

 ## What are we working towards?

@ -54,7 +54,7 @@ A more in-depth introduction of Model-View-Controller can be found

 ## Creating the news section page types

-To create a news section we'll need two new page types. The first one is obvious: we need an *ArticlePage* page type. The second is a little less obvious: we need an *ArticleHolder* page type to contain our article pages.
+To create a News section we'll need two new page types. The first one is obvious: we need an *ArticlePage* page type. The second is a little less obvious: we need an *ArticleHolder* page type to contain our article pages.

 We'll start with the *ArticlePage* page type. First we create the model, a class called "ArticlePage". We put the *ArticlePage* class into a file called "ArticlePage.php" inside *mysite/code*. All other classes relating to *ArticlePage* should be placed within "ArticlePage.php", this includes our controller (*ArticlePage_Controller*). 

@ -69,7 +69,7 @@ We'll start with the *ArticlePage* page type. First we create the model, a class
 	 


-Here we've created our data object/controller pair, but we haven't extended them at all. Don't worry about the *$db* and *$has_one* arrays just yet, we'll explain them shortly. SilverStripe will use the template for the *Page* page type as explained in the first tutorial, so we don't need
+Here we've created our data object/controller pair, but we haven't extended them at all. SilverStripe will use the template for the *Page* page type as explained in the first tutorial, so we don't need
 to specifically create the view for this page type.

 Let's create the *ArticleHolder* page type.
@ -100,8 +100,8 @@ page type "News", it would conflict with the page name also called "News".

 ## Adding date and author fields

-Now that we have an *ArticlePage* page type, let's make it a little more useful. Remember the *$db* array? We can use
-this array to add extra fields to the database. It would be nice to know when each article was posted, and who posted
+Now that we have an *ArticlePage* page type, let's make it a little more useful. We can use
+the $db array to add extra fields to the database. It would be nice to know when each article was posted, and who posted
 it. Add a *$db* property definition in the *ArticlePage* class:

 	:::php
@ -188,7 +188,7 @@ Now that we have created our page types, let's add some content. Go into the CMS
 At the moment, your date field will look just like a text field. 
 This makes it confusing and doesn't give the user much help when adding a date. 

-To make the date field a bit more user friendly, you can add a dropdown calendar, set the date format and add better title. By default,
+To make the date field a bit more user friendly, you can add a dropdown calendar, set the date format and add a better title. By default,
 the date field will have the date format defined by your locale.

 	:::php
@ -213,7 +213,7 @@ Let's walk through these changes.
 	:::php
 	$fields->addFieldToTab('Root.Main', $dateField = new DateField('Date','Article Date (for example: 20/12/2010)'), 'Content');

-*$dateField* is declared only to in order to change the configuration of the DateField.
+*$dateField* is declared in order to change the configuration of the DateField.

 	:::php
 	$dateField->setConfig('showcalendar', true);
@ -303,7 +303,7 @@ Here we use the page control *Children*. As the name suggests, this control allo

 ### Using include files in templates

-We can make our templates more modular and easier to maintain by separating commonly-used components in to *include files*.  We are already familiar with the `<% include Sidebar %>` line from looking at the menu in the [first tutorial](1-building-a-basic-site).
+We can make our templates more modular and easier to maintain by separating commonly-used components in to *include files*.  We are already familiar with the `<% include Sidebar %>` line from looking at the menu in the [first tutorial (Building a basic site)](1-building-a-basic-site).

 We'll separate the display of linked articles as we want to reuse this code later on.

@ -331,7 +331,7 @@ Paste the code that was in ArticleHolder into a new include file called ArticleT
 		
 ### Changing the icons of pages in the CMS

-Let's now make a purely cosmetic change that nevertheless helps to make the information presented in the CMS clearer.
+Now let's make a purely cosmetic change that nevertheless helps to make the information presented in the CMS clearer.
 Add the following field to the *ArticleHolder* and *ArticlePage* classes:

 	:::php
--- a/model/DataObject.php
+++ b/model/DataObject.php
@ -190,6 +190,11 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity
 	
 	/**
 	 * Set whether DataObjects should be validated before they are written.
+	 * 
+	 * Caution: Validation can contain safeguards against invalid/malicious data,
+	 * and check permission levels (e.g. on {@link Group}). Therefore it is recommended
+	 * to only disable validation for very specific use cases.
+	 * 
 	 * @param $enable bool
 	 * @see DataObject::validate()
 	 * @deprecated 3.2 Use the "DataObject.validation_enabled" config setting instead
--- a/security/Permission.php
+++ b/security/Permission.php
@ -91,7 +91,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 	 * privilege escalation on group assignments and inheritance.
 	 * @var array
 	 */
-	private static $privileged_permissions = array(
+	static $privileged_permissions = array(
 		'ADMIN', 
 		'APPLY_ROLES',
 		'EDIT_PERMISSIONS'