Merge branch '3.0' into 3.1

Conflicts:
	control/Director.php
	dev/Backtrace.php
	docs/en/installation/nginx.md
	model/HTMLValue.php
	tests/model/SQLQueryTest.php
This commit is contained in:
Simon Welsh 2014-03-10 22:56:27 +13:00
commit 0e0597f8cd
6 changed files with 89 additions and 173 deletions

View File

@ -2,34 +2,11 @@
## Overview
### Default current Versioned "stage" to "Live" rather than "Stage"
* Security: Require ADMIN for ?flush=1&isDev=1 ([SS-2014-001](http://www.silverstripe.org/ss-2014-001-require-admin-for-flush1-and-isdev1))
* Security: XSS in third party library (SWFUpload) ([SS-2014-002](http://www.silverstripe.org/ss-2014-002-xss-in-third-party-library-swfupload/))
Previously only the controllers responsible for page and CMS display
(`LeftAndMain` and `ContentController`) explicitly set a stage through
`Versioned::choose_site_stage()`. Unless this method is called,
the default stage will be "Stage", showing draft content.
Any direct subclasses of `Controller` interacting with "versioned" objects
are vulnerable to exposing unpublished content, unless `choose_site_stage()`
is called explicitly in their own logic.
## Changelog
In order to provide more secure default behaviour, we have changed
`choose_site_stage()` to be called on all requests, defaulting to the "Live" stage.
If your logic relies on querying draft content, use `Versioned::reading_stage('Stage')`.
Important: The `choose_site_stage()` call only deals with setting the default stage,
and doesn't check if the user is authenticated to view it. As with any other controller logic,
please use `DataObject->canView()` to determine permissions.
:::php
class MyController extends Controller {
private static $allowed_actions = array('showpage');
public function showpage($request) {
$page = Page::get()->byID($request->param('ID'));
if(!$page->canView()) return $this->httpError(401);
// continue with authenticated logic...
}
}
### API Changes
* 2013-08-03 [0e7231f](https://github.com/silverstripe/sapphire/commit/0e7231f) Disable discontinued Google Spellcheck in TinyMCE (Ingo Schommer)
* [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.9)
* [cms](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.9)
* [installer](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.9)

View File

@ -0,0 +1,12 @@
# 3.0.9-rc1 (2014-02-19)
## Overview
* Security: Require ADMIN for ?flush=1&isDev=1 ([SS-2014-001](http://www.silverstripe.org/ss-2014-001-require-admin-for-flush1-and-isdev1))
* Security: XSS in third party library (SWFUpload) ([SS-2014-002](http://www.silverstripe.org/ss-2014-002-xss-in-third-party-library-swfupload/))
## Changelog
* [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.9-rc1)
* [cms](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.9-rc1)
* [installer](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.9-rc1)

View File

@ -115,7 +115,7 @@ So you want to contribute to SilverStripe? Fantastic! You can do this with compo
You have to tell composer three things in order to be able to do this:
- Keep the full git repository information
- Include dependancies marked as "developer" requirements
- Include dependencies marked as "developer" requirements
- Use the development version, not the latest stable version
The first two steps are done as part of the initial create project using additional arguments.
@ -232,7 +232,7 @@ For more information, read the ["Repositories" chapter of the Composer documenta
### Forks and branch names
Generally, you should keep using the same pattern of branch names as the main repositories does. If your version is a fork of 3.0, then call the branch `3.0`, not `3.0-myproj` or `myproj`. Otherwise, the depenency resolution gets confused.
Generally, you should keep using the same pattern of branch names as the main repositories does. If your version is a fork of 3.0, then call the branch `3.0`, not `3.0-myproj` or `myproj`. Otherwise, the dependency resolution gets confused.
Sometimes, however, this isn't feasible. For example, you might have a number of project forks stored in a single repository, such as your personal github fork of a project. Or you might be testing/developing a feature branch. Or it might just be confusing to other team members to call the branch of your modified version `3.0`.

View File

@ -1,6 +1,6 @@
# Nginx
These instructions are also covered in less detail on the
These instructions are also covered on the
[Nginx Wiki](http://wiki.nginx.org/SilverStripe).
The prerequisite is that you have already installed Nginx and you are
@ -18,150 +18,79 @@ But enough of the disclaimer, on to the actual configuration — typically in `n
server {
listen 80;
server_name example.com;
root /var/www/example.com;
# SSL configuration (optional, but recommended for security)
# (remember to actually force logins to use ssl)
include ssl
include silverstripe3.conf;
include htaccess.conf;
# rest of the server section is optional, but helpful
# maintenance page if it exists
error_page 503 @maintenance;
if (-f $document_root/maintenance.html ) {
return 503;
root /path/to/ss/folder;
server_name site.com www.site.com;
location / {
try_files $uri /framework/main.php?url=$uri&$query_string;
}
location @maintenance {
try_files /maintenance.html =503;
}
# always show SilverStripe's version of 500 error page
error_page 404 /assets/error-404.html;
error_page 500 /assets/error-500.html;
# let the user's browser cache static files (e.g. 2 weeks)
expires 2w;
# in case your machine is slow, increase the timeout
# (also remembers php's own timeout settings)
#fastcgi_read_timeout 300s;
}
Here is the include file `silverstripe3.conf`:
location / {
try_files $uri @silverstripe;
}
# only needed for installation - disable this location (and remove the
# index.php and install.php files) after you installed SilverStripe
# (you did read the blogentry linked above, didn't you)
location ~ ^/(index|install).php {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
include fastcgi.conf;
fastcgi_pass unix:/run/php-fpm/php-fpm-silverstripe.sock;
}
location ^~ /assets/ {
sendfile on;
try_files $uri =404;
}
# whitelist php files that are called directly and need to be interpreted
location = /framework/thirdparty/tinymce/tiny_mce_gzip.php {
include fastcgi.conf;
fastcgi_pass unix:/run/php-fpm/php-fpm-silverstripe.sock;
}
location = /framework/thirdparty/tinymce-spellchecker/rpc.php {
include fastcgi.conf;
fastcgi_pass unix:/run/php-fpm/php-fpm-silverstripe.sock;
}
location ~ /framework/.*(main|rpc|tiny_mce_gzip)\.php$ {
fastcgi_keep_conn on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location @silverstripe {
expires off;
include fastcgi.conf;
fastcgi_pass unix:/run/php-fpm/php-fpm-silverstripe.sock;
# note that specifying a fixed script already protects against execution
# of arbitrary files, but remember the advice above for any other rules
# you add yourself (monitoring, etc,....)
fastcgi_param SCRIPT_FILENAME $document_root/framework/main.php;
fastcgi_param SCRIPT_NAME /framework/main.php;
fastcgi_param QUERY_STRING url=$uri&$args;
# tuning is up to your expertise, but buffer_size needs to be >= 8k,
# otherwise you'll get "upstream sent too big header while reading
# response header from upstream" errors.
fastcgi_buffer_size 8k;
#fastcgi_buffers 4 32k;
#fastcgi_busy_buffers_size 64k;
location ~ /(mysite|framework|cms)/.*\.(php|php3|php4|php5|phtml|inc)$ {
deny all;
}
location ~ /\.. {
deny all;
}
location ~ \.ss$ {
satisfy any;
allow 127.0.0.1;
deny all;
}
location ~ web\.config$ {
deny all;
}
location ~ \.ya?ml$ {
deny all;
}
location ^~ /vendor/ {
deny all;
}
location ~* /silverstripe-cache/ {
deny all;
}
location ~* composer\.(json|lock)$ {
deny all;
}
location ~* /(cms|framework)/silverstripe_version$ {
deny all;
}
location ~ \.php$ {
fastcgi_keep_conn on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
<div class="warning" markdown='1'>
With only the above configuration, nginx would hand out any existing file
uninterpreted, so it would happily serve your precious configuration files,
including all your private api-keys and whatnot to any random visitor. So you
**must** restrict access further.
</div>
You don't need to use separate files, but it is easier to have the permissive
rules distinct from the restricting ones.
Here is the include file `htaccess.conf`:
# Don't try to find nonexisting stuff in assets (esp. don't pass through php)
location ^~ /assets/ {
try_files $uri =404;
}
# Deny access to silverstripe-cache, vendor or composer.json/.lock
location ^~ /silverstripe-cache/ {
deny all;
}
location ^~ /vendor/ {
deny all;
}
location ~ /composer\.(json|lock) {
deny all;
}
# Don't serve up any "hidden" files or directories
# (starting with dot, like .htaccess or .git)
# also don't serve web.config files
location ~ /(\.|web\.config) {
deny all;
}
# Block access to yaml files (and don't forget about backup
# files that editors tend to leave behind)
location ~ \.(yml|bak|swp)$ {
deny all;
}
location ~ ~$ {
deny all;
}
# generally don't serve any php-like files
# (as they exist, they would be served as regular files, and not interpreted.
# But as those can contain configuration data, this is bad nevertheless)
# If needed, you can always whitelist entries.
location ~ \.(php|php[345]|phtml|inc)$ {
deny all;
}
location ~ ^/(cms|framework)/silverstripe_version$ {
deny all;
}
Here is the optional include file `ssl`:
listen 443 ssl;
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
The above configuration sets up a virtual host `example.com` with
rewrite rules suited for SilverStripe. The location block named
`@silverstripe` passes all requests that aren't matched by one of the other
location rules (and cannot be satisfied by serving an existing file) to
SilverStripe framework's main.php script, that is run by the FastCGI-wrapper,
that in turn is accessed via a Unix socket.
The above configuration sets up a virtual host `site.com` with
rewrite rules suited for SilverStripe. The location block for php files
passes all php scripts to the FastCGI-wrapper via a TCP socket.
Now you can proceed with the SilverStripe installation normally.

View File

@ -100,6 +100,7 @@ CMS users still need to remember the specific syntax, but these shortcodes can f
for more advanced editing interfaces (with visual placeholders). See the built-in `embed` shortcode as an example
for coupling shortcodes with a form to create and edit placeholders.
## Built-in Shortcodes
SilverStripe comes with several shortcode parsers already.

View File

@ -342,7 +342,6 @@ class SQLQueryTest extends SapphireTest {
);
}
public function testSetWhereAny() {
$query = new SQLQuery();
$query->setFrom('MyTable');
@ -352,7 +351,6 @@ class SQLQueryTest extends SapphireTest {
}
public function testSelectFirst() {
// Test first from sequence
$query = new SQLQuery();
$query->setFrom('"SQLQueryTest_DO"');
@ -398,7 +396,6 @@ class SQLQueryTest extends SapphireTest {
}
public function testSelectLast() {
// Test last in sequence
$query = new SQLQuery();
$query->setFrom('"SQLQueryTest_DO"');