mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
Merge branch '5.0' into 5
This commit is contained in:
Steve Boyd
commit
0978a43871
12
README.md
12
README.md
@ -6,21 +6,21 @@
|
||||
PHP framework forming the base for the Silverstripe CMS ([https://silverstripe.org](https://silverstripe.org)).
|
||||
Requires a [`silverstripe-installer`](https://github.com/silverstripe/silverstripe-installer) base project. Typically used alongside the [`cms`](https://github.com/silverstripe/silverstripe-cms) module.
|
||||
|
||||
## Installation ##
|
||||
## Installation
|
||||
|
||||
See [getting started](https://docs.silverstripe.org/en/4/getting_started/),
|
||||
See [getting started](https://docs.silverstripe.org/en/getting_started/)
|
||||
for instructions on how to start the installation process.
|
||||
|
||||
## Bugtracker ##
|
||||
## Bugtracker
|
||||
|
||||
Bugs are tracked on [github.com](https://github.com/silverstripe/silverstripe-framework/issues).
|
||||
Please read our [issue reporting guidelines](https://docs.silverstripe.org/en/contributing/issues_and_bugs/).
|
||||
|
||||
## Development and Contribution ##
|
||||
## Development and Contribution
|
||||
|
||||
If you would like to make changes to the Silverstripe core codebase, we have an extensive [guide to contributing code](https://docs.silverstripe.org/en/contributing/code/).
|
||||
|
||||
## Links ##
|
||||
## Links
|
||||
|
||||
* [Server Requirements](https://docs.silverstripe.org/en/getting_started/server_requirements/)
|
||||
* [Changelogs](https://docs.silverstripe.org/en/changelogs/)
|
||||
@ -31,7 +31,7 @@ If you would like to make changes to the Silverstripe core codebase, we have an
|
||||
* [Developer Mailinglist](https://groups.google.com/forum/#!forum/silverstripe-dev)
|
||||
* [License](./LICENSE)
|
||||
|
||||
## Attribution ##
|
||||
## Attribution
|
||||
|
||||
* Some icons by [Yusuke Kamiyamane](https://p.yusukekamiyamane.com/). All rights reserved. Licensed under a [Creative Commons Attribution 3.0 License](https://creativecommons.org/licenses/by/3.0/).
|
||||
* default_media.png by Thibault Geffroy from [The Noun Project](https://thenounproject.com/). All rights reserved. Licensed under a [Creative Commons Attribution 3.0 License](https://creativecommons.org/licenses/by/3.0/).
|
||||
|
||||
@ -64,7 +64,8 @@
|
||||
},
|
||||
"conflict": {
|
||||
"egulias/email-validator": "^2",
|
||||
"oscarotero/html-parser": "<0.1.7"
|
||||
"oscarotero/html-parser": "<0.1.7",
|
||||
"symfony/process": "<5.3.7"
|
||||
},
|
||||
"provide": {
|
||||
"psr/container-implementation": "1.0.0"
|
||||
@ -111,4 +112,4 @@
|
||||
},
|
||||
"minimum-stability": "dev",
|
||||
"prefer-stable": true
|
||||
}
|
||||
}
|
||||
|
||||
@ -14,6 +14,12 @@ class Cookie
|
||||
{
|
||||
use Configurable;
|
||||
|
||||
public const SAMESITE_LAX = 'Lax';
|
||||
|
||||
public const SAMESITE_STRICT = 'Strict';
|
||||
|
||||
public const SAMESITE_NONE = 'None';
|
||||
|
||||
/**
|
||||
* @config
|
||||
*
|
||||
@ -25,7 +31,7 @@ class Cookie
|
||||
* Must be "Strict", "Lax", or "None"
|
||||
* @config
|
||||
*/
|
||||
private static string $default_samesite = 'Lax';
|
||||
private static string $default_samesite = self::SAMESITE_LAX;
|
||||
|
||||
/**
|
||||
* Fetch the current instance of the cookie backend.
|
||||
@ -110,14 +116,14 @@ class Cookie
|
||||
public static function validateSameSite(string $sameSite): void
|
||||
{
|
||||
$validValues = [
|
||||
'Strict',
|
||||
'Lax',
|
||||
'None',
|
||||
self::SAMESITE_STRICT,
|
||||
self::SAMESITE_LAX,
|
||||
self::SAMESITE_NONE,
|
||||
];
|
||||
if (!in_array($sameSite, $validValues)) {
|
||||
throw new LogicException('Cookie samesite must be "Strict", "Lax", or "None"');
|
||||
}
|
||||
if ($sameSite === 'None' && !Director::is_https(self::getRequest())) {
|
||||
if ($sameSite === self::SAMESITE_NONE && !Director::is_https(self::getRequest())) {
|
||||
Injector::inst()->get(LoggerInterface::class)->warning('Cookie samesite cannot be "None" for non-https requests.');
|
||||
}
|
||||
}
|
||||
|
||||
@ -203,8 +203,8 @@ class CookieJar implements Cookie_Backend
|
||||
private function getSameSite(string $name): string
|
||||
{
|
||||
if ($name === session_name()) {
|
||||
return Session::config()->get('cookie_samesite');
|
||||
return Session::config()->get('cookie_samesite') ?? Cookie::SAMESITE_LAX;
|
||||
}
|
||||
return Cookie::config()->get('default_samesite');
|
||||
return Cookie::config()->get('default_samesite') ?? Cookie::SAMESITE_LAX;
|
||||
}
|
||||
}
|
||||
|
||||
@ -766,10 +766,11 @@ class Director implements TemplateGlobalProvider
|
||||
return (
|
||||
// Base check for existence of a host on a compliant URL
|
||||
parse_url($url ?? '', PHP_URL_HOST)
|
||||
// Check for more than one leading slash without a protocol.
|
||||
// Check for more than one leading slash (forward or backward) without a protocol.
|
||||
// While not a RFC compliant absolute URL, it is completed to a valid URL by some browsers,
|
||||
// and hence a potential security risk. Single leading slashes are not an issue though.
|
||||
|| preg_match('%^\s*/{2,}%', $url ?? '')
|
||||
// Note: Need 4 backslashes to have a single non-escaped backslash for regex.
|
||||
|| preg_match('%^\s*(\\\\|/){2,}%', $url ?? '')
|
||||
|| (
|
||||
// If a colon is found, check if it's part of a valid scheme definition
|
||||
// (meaning its not preceded by a slash).
|
||||
|
||||
@ -138,7 +138,7 @@ class Session
|
||||
* Must be "Strict", "Lax", or "None".
|
||||
* @config
|
||||
*/
|
||||
private static string $cookie_samesite = 'Lax';
|
||||
private static string $cookie_samesite = Cookie::SAMESITE_LAX;
|
||||
|
||||
/**
|
||||
* Name of session cache limiter to use.
|
||||
@ -373,7 +373,7 @@ class Session
|
||||
}
|
||||
}
|
||||
|
||||
$sameSite = static::config()->get('cookie_samesite');
|
||||
$sameSite = static::config()->get('cookie_samesite') ?? Cookie::SAMESITE_LAX;
|
||||
Cookie::validateSameSite($sameSite);
|
||||
$secure = $this->isCookieSecure($sameSite, Director::is_https($request));
|
||||
|
||||
|
||||
@ -15,7 +15,7 @@ class ModuleResourceLoader implements TemplateGlobalProvider
|
||||
use Injectable;
|
||||
|
||||
/**
|
||||
* Convert a file of the form "vendor/package:resource" into a BASE_PATH-relative file
|
||||
* Convert a file of the form "vendor/package:resource" into a BASE_PATH-relative file or folder
|
||||
* For other files, return original value
|
||||
*
|
||||
* @param string $resource
|
||||
@ -91,7 +91,7 @@ class ModuleResourceLoader implements TemplateGlobalProvider
|
||||
* Returns the original resource otherwise.
|
||||
*
|
||||
* @param string $resource
|
||||
* @return ModuleResource|string The resource, or input string if not a module resource
|
||||
* @return ModuleResource|string The resource (or directory), or input string if not a module resource
|
||||
*/
|
||||
public function resolveResource($resource)
|
||||
{
|
||||
|
||||
@ -228,21 +228,23 @@ class GridFieldPrintButton extends AbstractGridFieldComponent implements GridFie
|
||||
|
||||
/** @var DataObject $item */
|
||||
foreach ($items->limit(null) as $item) {
|
||||
$itemRow = new ArrayList();
|
||||
if (!$item->hasMethod('canView') || $item->canView()) {
|
||||
$itemRow = new ArrayList();
|
||||
|
||||
foreach ($printColumns as $field => $label) {
|
||||
$value = $gridFieldColumnsComponent
|
||||
? strip_tags($gridFieldColumnsComponent->getColumnContent($gridField, $item, $field))
|
||||
: $gridField->getDataFieldValue($item, $field);
|
||||
foreach ($printColumns as $field => $label) {
|
||||
$value = $gridFieldColumnsComponent
|
||||
? strip_tags($gridFieldColumnsComponent->getColumnContent($gridField, $item, $field))
|
||||
: $gridField->getDataFieldValue($item, $field);
|
||||
|
||||
$itemRow->push(new ArrayData([
|
||||
"CellString" => $value,
|
||||
$itemRow->push(new ArrayData([
|
||||
"CellString" => $value,
|
||||
]));
|
||||
}
|
||||
|
||||
$itemRows->push(new ArrayData([
|
||||
"ItemRow" => $itemRow
|
||||
]));
|
||||
}
|
||||
|
||||
$itemRows->push(new ArrayData([
|
||||
"ItemRow" => $itemRow
|
||||
]));
|
||||
if ($item->hasMethod('destroy')) {
|
||||
$item->destroy();
|
||||
}
|
||||
|
||||
@ -632,6 +632,11 @@ class Group extends DataObject
|
||||
return true;
|
||||
}
|
||||
|
||||
// if user can grant access for specific groups, they need to be able to see the groups
|
||||
if (Permission::checkMember($member, "SITETREE_GRANT_ACCESS")) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@ -7,12 +7,13 @@ use Psr\SimpleCache\CacheInterface;
|
||||
use SilverStripe\Core\Flushable;
|
||||
use SilverStripe\Core\Injector\Injector;
|
||||
use SilverStripe\Core\Manifest\ModuleLoader;
|
||||
use SilverStripe\Core\Manifest\ModuleResourceLoader;
|
||||
use SilverStripe\Core\Path;
|
||||
|
||||
/**
|
||||
* Handles finding templates from a stack of template manifest objects.
|
||||
*/
|
||||
class ThemeResourceLoader implements Flushable
|
||||
class ThemeResourceLoader implements Flushable, TemplateGlobalProvider
|
||||
{
|
||||
|
||||
/**
|
||||
@ -308,9 +309,9 @@ class ThemeResourceLoader implements Flushable
|
||||
}
|
||||
|
||||
/**
|
||||
* Resolve a themed resource
|
||||
* Resolve a themed resource or directory
|
||||
*
|
||||
* A themed resource and be any file that resides in a theme folder.
|
||||
* A themed resource can be any file that resides in a theme folder.
|
||||
*
|
||||
* @param string $resource A file path relative to the root folder of a theme
|
||||
* @param array $themes An order listed of themes to search, Defaults to {@see SSViewer::get_themes()}
|
||||
@ -336,6 +337,28 @@ class ThemeResourceLoader implements Flushable
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the URL for a given themed resource or directory within the project.
|
||||
*
|
||||
* A themed resource can be any file that resides in a theme folder.
|
||||
*/
|
||||
public static function themedResourceURL(string $resource): ?string
|
||||
{
|
||||
$filePath = static::inst()->findThemedResource($resource);
|
||||
if (!$filePath) {
|
||||
return '';
|
||||
}
|
||||
|
||||
return ModuleResourceLoader::singleton()->resolveURL($filePath);
|
||||
}
|
||||
|
||||
public static function get_template_global_variables()
|
||||
{
|
||||
return [
|
||||
'themedResourceURL',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Resolve all themes to the list of root folders relative to site root
|
||||
*
|
||||
|
||||
@ -242,6 +242,9 @@ class DirectorTest extends SapphireTest
|
||||
public function testIsAbsoluteUrl()
|
||||
{
|
||||
$this->assertTrue(Director::is_absolute_url('http://test.com/testpage'));
|
||||
$this->assertTrue(Director::is_absolute_url('https:/\\test.com'));
|
||||
$this->assertTrue(Director::is_absolute_url('https:\\/test.com'));
|
||||
$this->assertTrue(Director::is_absolute_url('https:\\\\test.com'));
|
||||
$this->assertTrue(Director::is_absolute_url('ftp://test.com'));
|
||||
$this->assertFalse(Director::is_absolute_url('test.com/testpage'));
|
||||
$this->assertFalse(Director::is_absolute_url('/relative'));
|
||||
@ -251,6 +254,11 @@ class DirectorTest extends SapphireTest
|
||||
$this->assertTrue(Director::is_absolute_url("https://test.com/?url=http://foo.com"));
|
||||
$this->assertTrue(Director::is_absolute_url("trickparseurl:http://test.com"));
|
||||
$this->assertTrue(Director::is_absolute_url('//test.com'));
|
||||
$this->assertTrue(Director::is_absolute_url('\\/\\/test.com'));
|
||||
$this->assertTrue(Director::is_absolute_url('\/\/test.com'));
|
||||
$this->assertTrue(Director::is_absolute_url('/\\test.com'));
|
||||
$this->assertTrue(Director::is_absolute_url('\\\\test.com'));
|
||||
$this->assertFalse(Director::is_absolute_url('\\test.com'));
|
||||
$this->assertTrue(Director::is_absolute_url('/////test.com'));
|
||||
$this->assertTrue(Director::is_absolute_url(' ///test.com'));
|
||||
$this->assertTrue(Director::is_absolute_url('http:test.com'));
|
||||
@ -268,8 +276,17 @@ class DirectorTest extends SapphireTest
|
||||
{
|
||||
$this->assertFalse(Director::is_relative_url('http://test.com'));
|
||||
$this->assertFalse(Director::is_relative_url('https://test.com'));
|
||||
$this->assertFalse(Director::is_relative_url('https:/\\test.com'));
|
||||
$this->assertFalse(Director::is_relative_url('https:\\/test.com'));
|
||||
$this->assertFalse(Director::is_relative_url('https:\\\\test.com'));
|
||||
$this->assertFalse(Director::is_relative_url(' https://test.com/testpage '));
|
||||
$this->assertTrue(Director::is_relative_url('test.com/testpage'));
|
||||
$this->assertFalse(Director::is_relative_url('//test.com'));
|
||||
$this->assertFalse(Director::is_relative_url('\\/\\/test.com'));
|
||||
$this->assertFalse(Director::is_relative_url('\/\/test.com'));
|
||||
$this->assertFalse(Director::is_relative_url('/\\test.com'));
|
||||
$this->assertFalse(Director::is_relative_url('\\\\test.com'));
|
||||
$this->assertTrue(Director::is_relative_url('\\test.com'));
|
||||
$this->assertFalse(Director::is_relative_url('ftp://test.com'));
|
||||
$this->assertTrue(Director::is_relative_url('/relative'));
|
||||
$this->assertTrue(Director::is_relative_url('relative'));
|
||||
@ -411,17 +428,34 @@ class DirectorTest extends SapphireTest
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Mostly tested by {@link testIsRelativeUrl()},
|
||||
* just adding the host name matching aspect here.
|
||||
*/
|
||||
public function testIsSiteUrl()
|
||||
{
|
||||
$this->assertFalse(Director::is_site_url("http://test.com"));
|
||||
$this->assertFalse(Director::is_site_url('http://test.com'));
|
||||
$this->assertTrue(Director::is_site_url('/relative-path'));
|
||||
$this->assertTrue(Director::is_site_url('relative-path'));
|
||||
$this->assertTrue(Director::is_site_url(Director::absoluteBaseURL()));
|
||||
$this->assertFalse(Director::is_site_url("http://test.com?url=" . Director::absoluteBaseURL()));
|
||||
$this->assertFalse(Director::is_site_url("http://test.com?url=" . urlencode(Director::absoluteBaseURL() ?? '')));
|
||||
$this->assertFalse(Director::is_site_url("//test.com?url=" . Director::absoluteBaseURL()));
|
||||
$this->assertFalse(Director::is_site_url('http://test.com?url=' . Director::absoluteBaseURL()));
|
||||
$this->assertFalse(Director::is_site_url('http://test.com?url=' . urlencode(Director::absoluteBaseURL() ?? '')));
|
||||
$this->assertFalse(Director::is_site_url('http:\\\\test.com'));
|
||||
$this->assertFalse(Director::is_site_url('http:\\\\test.com?url=' . Director::absoluteBaseURL()));
|
||||
$this->assertFalse(Director::is_site_url('http:\\\\test.com?url=' . urlencode(Director::absoluteBaseURL() ?? '')));
|
||||
$this->assertFalse(Director::is_site_url('http:\\/test.com'));
|
||||
$this->assertFalse(Director::is_site_url('http:\\/test.com?url=' . Director::absoluteBaseURL()));
|
||||
$this->assertFalse(Director::is_site_url('http:\\/test.com?url=' . urlencode(Director::absoluteBaseURL() ?? '')));
|
||||
$this->assertFalse(Director::is_site_url('//test.com'));
|
||||
$this->assertFalse(Director::is_site_url('//test.com?url=' . Director::absoluteBaseURL()));
|
||||
$this->assertFalse(Director::is_site_url('\\/\\/test.com'));
|
||||
$this->assertFalse(Director::is_site_url('\\/\\/test.com?url=' . Director::absoluteBaseURL()));
|
||||
$this->assertFalse(Director::is_site_url('\/\/test.com'));
|
||||
$this->assertFalse(Director::is_site_url('\/\/test.com?url=' . Director::absoluteBaseURL()));
|
||||
$this->assertFalse(Director::is_site_url('\\/test.com'));
|
||||
$this->assertFalse(Director::is_site_url('\\/test.com?url=' . Director::absoluteBaseURL()));
|
||||
$this->assertFalse(Director::is_site_url('/\\test.com'));
|
||||
$this->assertFalse(Director::is_site_url('/\\test.com?url=' . Director::absoluteBaseURL()));
|
||||
$this->assertFalse(Director::is_site_url('\\\\test.com'));
|
||||
$this->assertFalse(Director::is_site_url('\\\\test.com?url=' . Director::absoluteBaseURL()));
|
||||
$this->assertTrue(Director::is_site_url('\\test.com'));
|
||||
$this->assertTrue(Director::is_site_url('\\test.com?url=' . Director::absoluteBaseURL()));
|
||||
$this->assertFalse(Director::is_site_url('http://google.com\@test.com'));
|
||||
$this->assertFalse(Director::is_site_url('http://google.com/@test.com'));
|
||||
$this->assertFalse(Director::is_site_url('http://google.com:pass\@test.com'));
|
||||
|
||||
@ -32,6 +32,19 @@ class GridFieldPrintButtonTest extends SapphireTest
|
||||
}
|
||||
|
||||
public function testLimit()
|
||||
{
|
||||
$this->assertEquals(42, $this->getTestableRows()->count());
|
||||
}
|
||||
|
||||
public function testCanViewIsRespected()
|
||||
{
|
||||
$orig = TestObject::$canView;
|
||||
TestObject::$canView = false;
|
||||
$this->assertEquals(0, $this->getTestableRows()->count());
|
||||
TestObject::$canView = $orig;
|
||||
}
|
||||
|
||||
private function getTestableRows()
|
||||
{
|
||||
$list = TestObject::get();
|
||||
|
||||
@ -47,7 +60,6 @@ class GridFieldPrintButtonTest extends SapphireTest
|
||||
|
||||
// Printed data should ignore pagination limit
|
||||
$printData = $button->generatePrintData($gridField);
|
||||
$rows = $printData->ItemRows;
|
||||
$this->assertEquals(42, $rows->count());
|
||||
return $printData->ItemRows;
|
||||
}
|
||||
}
|
||||
|
||||
@ -12,4 +12,11 @@ class TestObject extends DataObject implements TestOnly
|
||||
private static $db = [
|
||||
'Name' => 'Varchar'
|
||||
];
|
||||
|
||||
public static bool $canView = true;
|
||||
|
||||
public function canView($member = null)
|
||||
{
|
||||
return static::$canView;
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user