FEATURE: implement getter and setter usage for response

This commit is contained in:
Stevie Mayhew 2015-08-14 12:39:33 +12:00
parent 0e989e409d
commit 1b57e0ca5b
14 changed files with 109 additions and 89 deletions

View File

@ -77,9 +77,8 @@ class AdminRootController extends Controller {
$base = $this->config()->url_base; $base = $this->config()->url_base;
$segment = Config::inst()->get($this->config()->default_panel, 'url_segment'); $segment = Config::inst()->get($this->config()->default_panel, 'url_segment');
$this->response = new SS_HTTPResponse();
$this->redirect(Controller::join_links($base, $segment)); $this->redirect(Controller::join_links($base, $segment));
return $this->response; return $this->getResponse();
} }
// Otherwise // Otherwise

View File

@ -227,7 +227,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
// Allow customisation of the access check by a extension // Allow customisation of the access check by a extension
// Also all the canView() check to execute Controller::redirect() // Also all the canView() check to execute Controller::redirect()
if(!$this->canView() && !$this->response->isFinished()) { if(!$this->canView() && !$this->getResponse()->isFinished()) {
// When access /admin/, we should try a redirect to another part of the admin rather than be locked out // When access /admin/, we should try a redirect to another part of the admin rather than be locked out
$menu = $this->MainMenu(); $menu = $this->MainMenu();
foreach($menu as $candidate) { foreach($menu as $candidate) {
@ -445,8 +445,10 @@ class LeftAndMain extends Controller implements PermissionProvider {
$msgs = _t('LeftAndMain.ValidationError', 'Validation error') . ': ' $msgs = _t('LeftAndMain.ValidationError', 'Validation error') . ': '
. $e->getMessage(); . $e->getMessage();
$e = new SS_HTTPResponse_Exception($msgs, 403); $e = new SS_HTTPResponse_Exception($msgs, 403);
$e->getResponse()->addHeader('Content-Type', 'text/plain'); $errorResponse = $e->getResponse();
$e->getResponse()->addHeader('X-Status', rawurlencode($msgs)); $errorResponse->addHeader('Content-Type', 'text/plain');
$errorResponse->addHeader('X-Status', rawurlencode($msgs));
$e->setResponse($errorResponse);
throw $e; throw $e;
} }
@ -455,9 +457,10 @@ class LeftAndMain extends Controller implements PermissionProvider {
if(!$response->getHeader('X-Title')) $response->addHeader('X-Title', urlencode($title)); if(!$response->getHeader('X-Title')) $response->addHeader('X-Title', urlencode($title));
// Prevent clickjacking, see https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options // Prevent clickjacking, see https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
$this->response->addHeader('X-Frame-Options', 'SAMEORIGIN'); $originalResponse = $this->getResponse();
$this->response->addHeader('Vary', 'X-Requested-With'); $originalResponse->addHeader('X-Frame-Options', 'SAMEORIGIN');
$originalResponse->addHeader('Vary', 'X-Requested-With');
return $response; return $response;
} }
@ -471,21 +474,21 @@ class LeftAndMain extends Controller implements PermissionProvider {
*/ */
public function redirect($url, $code=302) { public function redirect($url, $code=302) {
if($this->getRequest()->isAjax()) { if($this->getRequest()->isAjax()) {
$this->response->addHeader('X-ControllerURL', $url); $response = $this->getResponse();
if($this->getRequest()->getHeader('X-Pjax') && !$this->response->getHeader('X-Pjax')) { $response->addHeader('X-ControllerURL', $url);
$this->response->addHeader('X-Pjax', $this->getRequest()->getHeader('X-Pjax')); if($this->getRequest()->getHeader('X-Pjax') && !$response->getHeader('X-Pjax')) {
$response->addHeader('X-Pjax', $this->getRequest()->getHeader('X-Pjax'));
} }
$oldResponse = $this->response;
$newResponse = new LeftAndMain_HTTPResponse( $newResponse = new LeftAndMain_HTTPResponse(
$oldResponse->getBody(), $response->getBody(),
$oldResponse->getStatusCode(), $response->getStatusCode(),
$oldResponse->getStatusDescription() $response->getStatusDescription()
); );
foreach($oldResponse->getHeaders() as $k => $v) { foreach($response->getHeaders() as $k => $v) {
$newResponse->addHeader($k, $v); $newResponse->addHeader($k, $v);
} }
$newResponse->setIsFinished(true); $newResponse->setIsFinished(true);
$this->response = $newResponse; $this->setResponse($newResponse);
return ''; // Actual response will be re-requested by client return ''; // Actual response will be re-requested by client
} else { } else {
parent::redirect($url, $code); parent::redirect($url, $code);
@ -590,7 +593,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
return $controller->renderWith($controller->getViewer('show')); return $controller->renderWith($controller->getViewer('show'));
} }
), ),
$this->response $this->getResponse()
); );
} }
return $this->responseNegotiator; return $this->responseNegotiator;
@ -789,7 +792,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
if(!$filterInfo->implementsInterface('LeftAndMain_SearchFilter')) { if(!$filterInfo->implementsInterface('LeftAndMain_SearchFilter')) {
throw new InvalidArgumentException(sprintf('Invalid filter class passed: %s', $filterClass)); throw new InvalidArgumentException(sprintf('Invalid filter class passed: %s', $filterClass));
} }
return Injector::inst()->createWithArgs($filterClass, array($params)); return Injector::inst()->createWithArgs($filterClass, array($params));
} }
@ -835,7 +838,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
// causes the Hierarchy::$marked cache to be flushed (@see CMSMain::getRecord) // causes the Hierarchy::$marked cache to be flushed (@see CMSMain::getRecord)
// which means that deleted pages stored in the marked tree would be removed // which means that deleted pages stored in the marked tree would be removed
$currentPage = $this->currentPage(); $currentPage = $this->currentPage();
// Mark the nodes of the tree to return // Mark the nodes of the tree to return
if ($filterFunction) $obj->setMarkingFilterFunction($filterFunction); if ($filterFunction) $obj->setMarkingFilterFunction($filterFunction);
@ -998,7 +1001,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
'PrevID' => $prev ? $prev->ID : null 'PrevID' => $prev ? $prev->ID : null
); );
} }
$this->response->addHeader('Content-Type', 'text/json'); $this->getResponse()->addHeader('Content-Type', 'text/json');
return Convert::raw2json($data); return Convert::raw2json($data);
} }
@ -1025,7 +1028,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
$this->extend('onAfterSave', $record); $this->extend('onAfterSave', $record);
$this->setCurrentPageID($record->ID); $this->setCurrentPageID($record->ID);
$this->response->addHeader('X-Status', rawurlencode(_t('LeftAndMain.SAVEDUP', 'Saved.'))); $this->getResponse()->addHeader('X-Status', rawurlencode(_t('LeftAndMain.SAVEDUP', 'Saved.')));
return $this->getResponseNegotiator()->respond($this->getRequest()); return $this->getResponseNegotiator()->respond($this->getRequest());
} }
@ -1039,7 +1042,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
$record->delete(); $record->delete();
$this->response->addHeader('X-Status', rawurlencode(_t('LeftAndMain.DELETED', 'Deleted.'))); $this->getResponse()->addHeader('X-Status', rawurlencode(_t('LeftAndMain.DELETED', 'Deleted.')));
return $this->getResponseNegotiator()->respond( return $this->getResponseNegotiator()->respond(
$this->getRequest(), $this->getRequest(),
array('currentform' => array($this, 'EmptyForm')) array('currentform' => array($this, 'EmptyForm'))
@ -1060,7 +1063,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
*/ */
public function savetreenode($request) { public function savetreenode($request) {
if (!Permission::check('SITETREE_REORGANISE') && !Permission::check('ADMIN')) { if (!Permission::check('SITETREE_REORGANISE') && !Permission::check('ADMIN')) {
$this->response->setStatusCode( $this->getResponse()->setStatusCode(
403, 403,
_t('LeftAndMain.CANT_REORGANISE', _t('LeftAndMain.CANT_REORGANISE',
"You do not have permission to rearange the site tree. Your change was not saved.") "You do not have permission to rearange the site tree. Your change was not saved.")
@ -1076,7 +1079,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
if($className == 'SiteTree' && $page = DataObject::get_by_id('Page', $id)){ if($className == 'SiteTree' && $page = DataObject::get_by_id('Page', $id)){
$root = $page->getParentType(); $root = $page->getParentType();
if(($parentID == '0' || $root == 'root') && !SiteConfig::current_site_config()->canCreateTopLevel()){ if(($parentID == '0' || $root == 'root') && !SiteConfig::current_site_config()->canCreateTopLevel()){
$this->response->setStatusCode( $this->getResponse()->setStatusCode(
403, 403,
_t('LeftAndMain.CANT_REORGANISE', _t('LeftAndMain.CANT_REORGANISE',
"You do not have permission to alter Top level pages. Your change was not saved.") "You do not have permission to alter Top level pages. Your change was not saved.")
@ -1093,7 +1096,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
if($node && !$node->canEdit()) return Security::permissionFailure($this); if($node && !$node->canEdit()) return Security::permissionFailure($this);
if(!$node) { if(!$node) {
$this->response->setStatusCode( $this->getResponse()->setStatusCode(
500, 500,
_t('LeftAndMain.PLEASESAVE', _t('LeftAndMain.PLEASESAVE',
"Please Save Page: This page could not be updated because it hasn't been saved yet." "Please Save Page: This page could not be updated because it hasn't been saved yet."
@ -1121,7 +1124,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
} }
} }
$this->response->addHeader('X-Status', $this->getResponse()->addHeader('X-Status',
rawurlencode(_t('LeftAndMain.REORGANISATIONSUCCESSFUL', 'Reorganised the site tree successfully.'))); rawurlencode(_t('LeftAndMain.REORGANISATIONSUCCESSFUL', 'Reorganised the site tree successfully.')));
} }
@ -1146,7 +1149,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
} }
} }
$this->response->addHeader('X-Status', $this->getResponse()->addHeader('X-Status',
rawurlencode(_t('LeftAndMain.REORGANISATIONSUCCESSFUL', 'Reorganised the site tree successfully.'))); rawurlencode(_t('LeftAndMain.REORGANISATIONSUCCESSFUL', 'Reorganised the site tree successfully.')));
} }
@ -1626,7 +1629,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
/** /**
* Sets the href for the anchor on the Silverstripe logo in the menu * Sets the href for the anchor on the Silverstripe logo in the menu
* *
* @deprecated since version 4.0 * @deprecated since version 4.0
* *
* @param String $link * @param String $link
@ -1754,7 +1757,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
/** /**
* Register the given javascript file as required in the CMS. * Register the given javascript file as required in the CMS.
* Filenames should be relative to the base, eg, FRAMEWORK_DIR . '/javascript/loader.js' * Filenames should be relative to the base, eg, FRAMEWORK_DIR . '/javascript/loader.js'
* *
* @deprecated since version 4.0 * @deprecated since version 4.0
*/ */
public static function require_javascript($file) { public static function require_javascript($file) {
@ -1779,7 +1782,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
* Register the given "themeable stylesheet" as required. * Register the given "themeable stylesheet" as required.
* Themeable stylesheets have globally unique names, just like templates and PHP files. * Themeable stylesheets have globally unique names, just like templates and PHP files.
* Because of this, they can be replaced by similarly named CSS files in the theme directory. * Because of this, they can be replaced by similarly named CSS files in the theme directory.
* *
* @deprecated since version 4.0 * @deprecated since version 4.0
* *
* @param $name String The identifier of the file. For example, css/MyFile.css would have the identifier "MyFile" * @param $name String The identifier of the file. For example, css/MyFile.css would have the identifier "MyFile"
@ -1920,7 +1923,7 @@ class LeftAndMain_TreeNode extends ViewableData {
/** /**
* Name of method to count the number of children * Name of method to count the number of children
* *
* @var string * @var string
*/ */
protected $numChildrenMethod; protected $numChildrenMethod;

View File

@ -119,7 +119,6 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
$this->pushCurrent(); $this->pushCurrent();
$this->urlParams = $request->allParams(); $this->urlParams = $request->allParams();
$this->setRequest($request); $this->setRequest($request);
$this->response = new SS_HTTPResponse();
$this->setDataModel($model); $this->setDataModel($model);
$this->extend('onBeforeInit'); $this->extend('onBeforeInit');
@ -134,10 +133,11 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
$this->extend('onAfterInit'); $this->extend('onAfterInit');
$response = $this->getResponse();
// If we had a redirection or something, halt processing. // If we had a redirection or something, halt processing.
if($this->response->isFinished()) { if($response->isFinished()) {
$this->popCurrent(); $this->popCurrent();
return $this->response; return $response;
} }
$body = parent::handleRequest($request, $model); $body = parent::handleRequest($request, $model);
@ -146,7 +146,8 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
Debug::message("Request handler returned SS_HTTPResponse object to $this->class controller;" Debug::message("Request handler returned SS_HTTPResponse object to $this->class controller;"
. "returning it without modification."); . "returning it without modification.");
} }
$this->response = $body; $response = $body;
$this->setResponse($response);
} else { } else {
if($body instanceof Object && $body->hasMethod('getViewer')) { if($body instanceof Object && $body->hasMethod('getViewer')) {
@ -157,15 +158,15 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
$body = $body->getViewer($this->getAction())->process($body); $body = $body->getViewer($this->getAction())->process($body);
} }
$this->response->setBody($body); $response->setBody($body);
} }
ContentNegotiator::process($this->response); ContentNegotiator::process($response);
HTTP::add_cache_headers($this->response); HTTP::add_cache_headers($response);
$this->popCurrent(); $this->popCurrent();
return $this->response; return $response;
} }
/** /**
@ -212,9 +213,23 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
* Can be used to set the status code and headers * Can be used to set the status code and headers
*/ */
public function getResponse() { public function getResponse() {
if (!$this->response) {
$this->setResponse(new SS_HTTPResponse());
}
return $this->response; return $this->response;
} }
/**
* Sets the SS_HTTPResponse object that this controller is building up.
*
* @param SS_HTTPResponse $response
* @return Controller
*/
public function setResponse(SS_HTTPResponse $response) {
$this->response = $response;
return $this;
}
protected $baseInitCalled = false; protected $baseInitCalled = false;
/** /**
@ -454,10 +469,9 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
* @return SS_HTTPResponse * @return SS_HTTPResponse
*/ */
public function redirect($url, $code=302) { public function redirect($url, $code=302) {
if(!$this->response) $this->response = new SS_HTTPResponse();
if($this->response->getHeader('Location') && $this->response->getHeader('Location') != $url) { if($this->getResponse()->getHeader('Location') && $this->getResponse()->getHeader('Location') != $url) {
user_error("Already directed to " . $this->response->getHeader('Location') user_error("Already directed to " . $this->getResponse()->getHeader('Location')
. "; now trying to direct to $url", E_USER_WARNING); . "; now trying to direct to $url", E_USER_WARNING);
return; return;
} }
@ -467,7 +481,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
$url = Director::baseURL() . $url; $url = Director::baseURL() . $url;
} }
return $this->response->redirect($url, $code); return $this->getResponse()->redirect($url, $code);
} }
/** /**
@ -515,7 +529,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
* return null; * return null;
*/ */
public function redirectedTo() { public function redirectedTo() {
return $this->response && $this->response->getHeader('Location'); return $this->getResponse() && $this->getResponse()->getHeader('Location');
} }
/** /**

View File

@ -89,20 +89,20 @@ Action methods can return one of four main things:
* We can manually create a response and return that to ignore any previous data. * We can manually create a response and return that to ignore any previous data.
*/ */
public function someaction(SS_HTTPRequest $request) { public function someaction(SS_HTTPRequest $request) {
$this->response = new SS_HTTPResponse(); $this->setResponse(new SS_HTTPResponse());
$this->response->setStatusCode(400); $this->getResponse()->setStatusCode(400);
$this->response->setBody('invalid'); $this->getResponse()->setBody('invalid');
return $this->response; return $this->getResponse();
} }
/** /**
* Or, we can modify the response that is waiting to go out. * Or, we can modify the response that is waiting to go out.
*/ */
public function anotheraction(SS_HTTPRequest $request) { public function anotheraction(SS_HTTPRequest $request) {
$this->response->setStatusCode(400); $this->getResponse()->setStatusCode(400);
return $this->response; return $this->getResponse();
} }
/** /**
@ -118,13 +118,13 @@ Action methods can return one of four main things:
* We can send stuff to the browser which isn't HTML * We can send stuff to the browser which isn't HTML
*/ */
public function ajaxaction() { public function ajaxaction() {
$this->response->setBody(json_encode(array( $this->getResponse()->setBody(json_encode(array(
'json' => true 'json' => true
))); )));
$this->response->addHeader("Content-type", "application/json"); $this->getResponse()->addHeader("Content-type", "application/json");
return $this->response. return $this->getResponse().
} }
For more information on how a URL gets mapped to an action see the [Routing](routing) documentation. For more information on how a URL gets mapped to an action see the [Routing](routing) documentation.

View File

@ -44,7 +44,7 @@ which will be filled when the user makes their request. Request parameters are a
and able to be pulled out from a controller using `$this->getRequest()->param($name)`. and able to be pulled out from a controller using `$this->getRequest()->param($name)`.
<div class="info" markdown="1"> <div class="info" markdown="1">
All Controllers have access to `$this->getRequest()` for the request object and `$this->response` for the response. All Controllers have access to `$this->getRequest()` for the request object and `$this->getResponse()` for the response.
</div> </div>
Here is what those parameters would look like for certain requests Here is what those parameters would look like for certain requests

View File

@ -543,7 +543,7 @@ controller's `init()` method:
class MyController extends Controller { class MyController extends Controller {
public function init() { public function init() {
parent::init(); parent::init();
$this->response->addHeader('X-Frame-Options', 'SAMEORIGIN'); $this->getResponse()->addHeader('X-Frame-Options', 'SAMEORIGIN');
} }
} }

View File

@ -360,7 +360,7 @@ without affecting the response body.
class MyController extends LeftAndMain { class MyController extends LeftAndMain {
class myaction() { class myaction() {
// ... // ...
$this->response->addHeader('X-Controller', 'MyOtherController'); $this->getResponse()->addHeader('X-Controller', 'MyOtherController');
return $html; return $html;
} }
} }

View File

@ -376,7 +376,7 @@ PHP:
if(!$results) return new HTTPResponse("Not found", 404); if(!$results) return new HTTPResponse("Not found", 404);
// Use HTTPResponse to pass custom status messages // Use HTTPResponse to pass custom status messages
$this->response->setStatusCode(200, "Found " . $results->Count() . " elements"); $this->getResponse()->setStatusCode(200, "Found " . $results->Count() . " elements");
// render all results with a custom template // render all results with a custom template
$vd = new ViewableData(); $vd = new ViewableData();
@ -582,4 +582,4 @@ Example: JSpec Shopping cart test (from [visionmedia.github.com](http://visionme
## Related ## Related
* [Unobtrusive Javascript](http://www.onlinetools.org/articles/unobtrusivejavascript/chapter1.html) * [Unobtrusive Javascript](http://www.onlinetools.org/articles/unobtrusivejavascript/chapter1.html)
* [Quirksmode: In-depth Javascript Resources](http://www.quirksmode.org/resources.html) * [Quirksmode: In-depth Javascript Resources](http://www.quirksmode.org/resources.html)

View File

@ -27,7 +27,7 @@ class HtmlEditorField extends TextareaField {
private static $sanitise_server_side = false; private static $sanitise_server_side = false;
protected $rows = 30; protected $rows = 30;
/** /**
* @deprecated since version 4.0 * @deprecated since version 4.0
*/ */
@ -47,7 +47,7 @@ class HtmlEditorField extends TextareaField {
* @param string $title The human-readable field label. * @param string $title The human-readable field label.
* @param mixed $value The value of the field. * @param mixed $value The value of the field.
* @param string $config HTMLEditorConfig identifier to be used. Default to the active one. * @param string $config HTMLEditorConfig identifier to be used. Default to the active one.
*/ */
public function __construct($name, $title = null, $value = '', $config = null) { public function __construct($name, $title = null, $value = '', $config = null) {
parent::__construct($name, $title, $value); parent::__construct($name, $title, $value);
@ -101,7 +101,7 @@ class HtmlEditorField extends TextareaField {
// Add default empty title & alt attributes. // Add default empty title & alt attributes.
if(!$img->getAttribute('alt')) $img->setAttribute('alt', ''); if(!$img->getAttribute('alt')) $img->setAttribute('alt', '');
if(!$img->getAttribute('title')) $img->setAttribute('title', ''); if(!$img->getAttribute('title')) $img->setAttribute('title', '');
// Use this extension point to manipulate images inserted using TinyMCE, e.g. add a CSS class, change default title // Use this extension point to manipulate images inserted using TinyMCE, e.g. add a CSS class, change default title
// $image is the image, $img is the DOM model // $image is the image, $img is the DOM model
$this->extend('processImage', $image, $img); $this->extend('processImage', $image, $img);
@ -893,16 +893,17 @@ class HtmlEditorField_Embed extends HtmlEditorField_File {
$this->oembed = Oembed::get_oembed_from_url($url); $this->oembed = Oembed::get_oembed_from_url($url);
if(!$this->oembed) { if(!$this->oembed) {
$controller = Controller::curr(); $controller = Controller::curr();
$controller->response->addHeader('X-Status', $response = $controller->getResponse();
$response->addHeader('X-Status',
rawurlencode(_t( rawurlencode(_t(
'HtmlEditorField.URLNOTANOEMBEDRESOURCE', 'HtmlEditorField.URLNOTANOEMBEDRESOURCE',
"The URL '{url}' could not be turned into a media resource.", "The URL '{url}' could not be turned into a media resource.",
"The given URL is not a valid Oembed resource; the embed element couldn't be created.", "The given URL is not a valid Oembed resource; the embed element couldn't be created.",
array('url' => $url) array('url' => $url)
))); )));
$controller->response->setStatusCode(404); $response->setStatusCode(404);
throw new SS_HTTPResponse_Exception($controller->response); throw new SS_HTTPResponse_Exception($response);
} }
} }

View File

@ -107,8 +107,9 @@ class CMSSecurity extends Security {
'Message displayed to user if their session cannot be restored', 'Message displayed to user if their session cannot be restored',
array('link' => $loginURLATT) array('link' => $loginURLATT)
); );
$this->response->setStatusCode(200); $response = $this->getResponse();
$this->response->setBody(<<<PHP $response->setStatusCode(200);
$response->setBody(<<<PHP
<!DOCTYPE html> <!DOCTYPE html>
<html><body> <html><body>
$message $message
@ -118,7 +119,8 @@ setTimeout(function(){top.location.href = "$loginURLJS";}, 0);
</body></html> </body></html>
PHP PHP
); );
return $this->response; $this->setResponse($response);
return $response;
} }
protected function preLogin() { protected function preLogin() {
@ -126,7 +128,7 @@ PHP
if(!$this->getTargetMember()) { if(!$this->getTargetMember()) {
return $this->redirectToExternalLogin(); return $this->redirectToExternalLogin();
} }
return parent::preLogin(); return parent::preLogin();
} }
@ -150,7 +152,7 @@ PHP
public static function enabled() { public static function enabled() {
// Disable shortcut // Disable shortcut
if(!static::config()->reauth_enabled) return false; if(!static::config()->reauth_enabled) return false;
// Count all cms-supported methods // Count all cms-supported methods
$authenticators = Authenticator::get_authenticators(); $authenticators = Authenticator::get_authenticators();
foreach($authenticators as $authenticator) { foreach($authenticators as $authenticator) {
@ -205,7 +207,7 @@ PHP
array('link' => $backURL) array('link' => $backURL)
) )
)); ));
return $controller->renderWith($this->getTemplatesFor('success')); return $controller->renderWith($this->getTemplatesFor('success'));
} }
} }

View File

@ -305,7 +305,7 @@ class Security extends Controller implements TemplateGlobalProvider {
parent::init(); parent::init();
// Prevent clickjacking, see https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options // Prevent clickjacking, see https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
$this->response->addHeader('X-Frame-Options', 'SAMEORIGIN'); $this->getResponse()->addHeader('X-Frame-Options', 'SAMEORIGIN');
} }
public function index() { public function index() {
@ -391,7 +391,7 @@ class Security extends Controller implements TemplateGlobalProvider {
$member = Member::currentUser(); $member = Member::currentUser();
if($member) $member->logOut(); if($member) $member->logOut();
if($redirect && (!$this->response || !$this->response->isFinished())) { if($redirect && (!$this->getResponse()->isFinished())) {
$this->redirectBack(); $this->redirectBack();
} }
} }
@ -406,7 +406,7 @@ class Security extends Controller implements TemplateGlobalProvider {
// Event handler for pre-login, with an option to let it break you out of the login form // Event handler for pre-login, with an option to let it break you out of the login form
$eventResults = $this->extend('onBeforeSecurityLogin'); $eventResults = $this->extend('onBeforeSecurityLogin');
// If there was a redirection, return // If there was a redirection, return
if($this->redirectedTo()) return $this->response; if($this->redirectedTo()) return $this->getResponse();
// If there was an SS_HTTPResponse object returned, then return that // If there was an SS_HTTPResponse object returned, then return that
if($eventResults) { if($eventResults) {
foreach($eventResults as $result) { foreach($eventResults as $result) {
@ -528,13 +528,13 @@ class Security extends Controller implements TemplateGlobalProvider {
Session::clear('Security.Message'); Session::clear('Security.Message');
// only display tabs when more than one authenticator is provided // only display tabs when more than one authenticator is provided
// to save bandwidth and reduce the amount of custom styling needed // to save bandwidth and reduce the amount of custom styling needed
if(count($forms) > 1) { if(count($forms) > 1) {
$content = $this->generateLoginFormSet($forms); $content = $this->generateLoginFormSet($forms);
} else { } else {
$content = $forms[0]->forTemplate(); $content = $forms[0]->forTemplate();
} }
// Finally, customise the controller to add any form messages and the form. // Finally, customise the controller to add any form messages and the form.
$customisedController = $controller->customise(array( $customisedController = $controller->customise(array(
"Content" => $message, "Content" => $message,

View File

@ -17,8 +17,8 @@ class FakeController extends Controller {
'/' '/'
); );
$this->setRequest($request); $this->setRequest($request);
$this->response = new SS_HTTPResponse(); $this->setResponse(new SS_HTTPResponse());
$this->init(); $this->init();
} }

View File

@ -365,10 +365,11 @@ class RestfulServiceTest_Controller extends Controller implements TestOnly {
<body>$body</body> <body>$body</body>
</test> </test>
XML; XML;
$this->response->setBody($out); $response = $this->getResponse();
$this->response->addHeader('Content-type', 'text/xml'); $response->setBody($out);
$response->addHeader('Content-type', 'text/xml');
return $this->response; return $response;
} }
public function invalid() { public function invalid() {
@ -390,11 +391,11 @@ XML;
</test> </test>
XML; XML;
$this->response->setBody($out); $this->getResponse()->setBody($out);
$this->response->setStatusCode(400); $this->getResponse()->setStatusCode(400);
$this->response->addHeader('Content-type', 'text/xml'); $this->getResponse()->addHeader('Content-type', 'text/xml');
return $this->response; return $this->getResponse();
} }
/** /**

View File

@ -79,7 +79,7 @@ class SecurityTest extends FunctionalTest {
// Controller that doesn't attempt redirections // Controller that doesn't attempt redirections
$controller = new SecurityTest_NullController(); $controller = new SecurityTest_NullController();
$controller->response = new SS_HTTPResponse(); $controller->setResponse(new SS_HTTPResponse());
Security::permissionFailure($controller, array('default' => 'Oops, not allowed')); Security::permissionFailure($controller, array('default' => 'Oops, not allowed'));
$this->assertEquals('Oops, not allowed', Session::get('Security.Message.message')); $this->assertEquals('Oops, not allowed', Session::get('Security.Message.message'));
@ -104,12 +104,12 @@ class SecurityTest extends FunctionalTest {
Config::inst()->update('Security', 'default_message_set', Config::inst()->update('Security', 'default_message_set',
array('default' => 'default', 'alreadyLoggedIn' => 'You are already logged in!')); array('default' => 'default', 'alreadyLoggedIn' => 'You are already logged in!'));
Security::permissionFailure($controller); Security::permissionFailure($controller);
$this->assertContains('You are already logged in!', $controller->response->getBody(), $this->assertContains('You are already logged in!', $controller->getResponse()->getBody(),
'Custom permission failure message was ignored'); 'Custom permission failure message was ignored');
Security::permissionFailure($controller, Security::permissionFailure($controller,
array('default' => 'default', 'alreadyLoggedIn' => 'One-off failure message')); array('default' => 'default', 'alreadyLoggedIn' => 'One-off failure message'));
$this->assertContains('One-off failure message', $controller->response->getBody(), $this->assertContains('One-off failure message', $controller->getResponse()->getBody(),
"Message set passed to Security::permissionFailure() didn't override Config values"); "Message set passed to Security::permissionFailure() didn't override Config values");
Config::unnest(); Config::unnest();
@ -130,7 +130,7 @@ class SecurityTest extends FunctionalTest {
} }
return $response; return $response;
} }
public function testAutomaticRedirectionOnLogin() { public function testAutomaticRedirectionOnLogin() {
// BackURL with permission error (not authenticated) should not redirect // BackURL with permission error (not authenticated) should not redirect
if($member = Member::currentUser()) $member->logOut(); if($member = Member::currentUser()) $member->logOut();