Merge branch '3.2' into 3.3

# Conflicts:
#	admin/code/ModelAdmin.php
#	lang/cs.yml
#	lang/lt.yml
#	lang/sk.yml
This commit is contained in:
Damian Mooyman 2016-02-29 17:03:22 +13:00
commit 24a6c53645
18 changed files with 157 additions and 60 deletions

View File

@ -177,7 +177,7 @@ Note: By default, the CMS only has one tab. Creating new tabs is much like addin
would create a new tab called "New Tab", and a single "Author" textfield inside.
</div>
We have added two fields: A simple [api:TextField]` and a [api:DateField].
We have added two fields: A simple [api:TextField] and a [api:DateField].
There are many more fields available in the default installation, listed in ["form field types"](/developer_guides/forms/field_types/common_subclasses).
:::php

View File

@ -10,7 +10,7 @@ It is most commonly applied to pages in the CMS (the `SiteTree` class). Draft co
from published content shown to your website visitors.
Versioning in SilverStripe is handled through the [api:Versioned] class. As a [api:DataExtension] it is possible to
be applied to any [api:DataObject]` subclass. The extension class will automatically update read and write operations
be applied to any [api:DataObject] subclass. The extension class will automatically update read and write operations
done via the ORM via the `augmentSQL` database hook.
Adding Versioned to your `DataObject` subclass works the same as any other extension. It accepts two or more arguments
@ -95,9 +95,9 @@ a record was published.
The usual call to `DataObject->write()` will write to whatever stage is currently active, as defined by the
`Versioned::current_stage()` global setting. Each call will automatically create a new version in the
`<class>_versions` table. To avoid this, use [writeWithoutVersion()](api:Versioned::writeWithoutVersion()) instead.
`<class>_versions` table. To avoid this, use [api:Versioned::writeWithoutVersion()] instead.
To move a saved version from one stage to another, call [writeToStage(<stage>)](api:Versioned::writeToStage()) on the
To move a saved version from one stage to another, call [writeToStage(<stage>)](api:Versioned->writeToStage()) on the
object. The process of moving a version to a different stage is also called "publishing", so we've created a shortcut
for this: `publish(<from-stage>, <to-stage>)`.

View File

@ -87,7 +87,7 @@ controller action. To grant it access through URLs, we add it to the `$allowed_a
<div class="notice" markdown="1">
Form actions (`doSayHello`), on the other hand, should _not_ be included in `$allowed_actions`; these are handled
separately through [api:Form::httpSubmission].
separately through [api:Form::httpSubmission()].
</div>

View File

@ -125,7 +125,7 @@ To use this backend, you need a memcached daemon and the memcache PECL extension
'timeout' => 5,
'retry_interval' => 15,
'status' => true,
'failure_callback' => ''
'failure_callback' => null
)
)
);

View File

@ -54,7 +54,7 @@ If you go to [your site]/admin *Director.php* maps the 'admin' URL request throu
*CMSMain.init()* calls its parent which, of all things is called [api:LeftAndMain]. It's in [api:LeftAndMain] that the
important security checks are made by calling *Permission::check*.
[api:Security::permissionFailure] is the next utility function you can use to redirect to the login form.
[api:Security::permissionFailure()] is the next utility function you can use to redirect to the login form.
### Customizing Access Checks in CMS Classes

View File

@ -110,12 +110,12 @@ Example:
:::php
class MyForm extends Form {
public function save($RAW_data, $form) {
public function save($RAW_data, $form) {
// Pass true as the second parameter of raw2sql to quote the value safely
$SQL_data = Convert::raw2sql($RAW_data, true); // works recursively on an array
$objs = Player::get()->where("Name = " . $SQL_data['name']);
// ...
}
// ...
}
}
@ -126,13 +126,13 @@ Example:
:::php
class MyController extends Controller {
private static $allowed_actions = array('myurlaction');
public function myurlaction($RAW_urlParams) {
private static $allowed_actions = array('myurlaction');
public function myurlaction($RAW_urlParams) {
// Pass true as the second parameter of raw2sql to quote the value safely
$SQL_urlParams = Convert::raw2sql($RAW_urlParams, true); // works recursively on an array
$objs = Player::get()->where("Name = " . $SQL_data['OtherID']);
// ...
}
// ...
}
}
@ -142,18 +142,18 @@ passing data through, escaping should happen at the end of the chain.
:::php
class MyController extends Controller {
/**
* @param array $RAW_data All names in an indexed array (not SQL-safe)
*/
public function saveAllNames($RAW_data) {
// $SQL_data = Convert::raw2sql($RAW_data); // premature escaping
foreach($RAW_data as $item) $this->saveName($item);
}
public function saveName($RAW_name) {
/**
* @param array $RAW_data All names in an indexed array (not SQL-safe)
*/
public function saveAllNames($RAW_data) {
// $SQL_data = Convert::raw2sql($RAW_data); // premature escaping
foreach($RAW_data as $item) $this->saveName($item);
}
public function saveName($RAW_name) {
$SQL_name = Convert::raw2sql($RAW_name, true);
DB::query("UPDATE Player SET Name = {$SQL_name}");
}
}
}
This might not be applicable in all cases - especially if you are building an API thats likely to be customized. If
@ -220,10 +220,10 @@ PHP:
:::php
class MyObject extends DataObject {
private static $db = array(
'MyEscapedValue' => 'Text', // Example value: <b>not bold</b>
'MyUnescapedValue' => 'HTMLText' // Example value: <b>bold</b>
);
private static $db = array(
'MyEscapedValue' => 'Text', // Example value: <b>not bold</b>
'MyUnescapedValue' => 'HTMLText' // Example value: <b>bold</b>
);
}
@ -231,8 +231,8 @@ Template:
:::php
<ul>
<li>$MyEscapedValue</li> // output: &lt;b&gt;not bold&lt;b&gt;
<li>$MyUnescapedValue</li> // output: <b>bold</b>
<li>$MyEscapedValue</li> // output: &lt;b&gt;not bold&lt;b&gt;
<li>$MyUnescapedValue</li> // output: <b>bold</b>
</ul>
@ -248,11 +248,11 @@ Template (see above):
:::php
<ul>
// output: <a href="#" title="foo &amp; &#quot;bar&quot;">foo &amp; "bar"</a>
<li><a href="#" title="$Title.ATT">$Title</a></li>
<li>$MyEscapedValue</li> // output: &lt;b&gt;not bold&lt;b&gt;
<li>$MyUnescapedValue</li> // output: <b>bold</b>
<li>$MyUnescapedValue.XML</li> // output: &lt;b&gt;bold&lt;b&gt;
// output: <a href="#" title="foo &amp; &#quot;bar&quot;">foo &amp; "bar"</a>
<li><a href="#" title="$Title.ATT">$Title</a></li>
<li>$MyEscapedValue</li> // output: &lt;b&gt;not bold&lt;b&gt;
<li>$MyUnescapedValue</li> // output: <b>bold</b>
<li>$MyUnescapedValue.XML</li> // output: &lt;b&gt;bold&lt;b&gt;
</ul>
@ -266,7 +266,7 @@ PHP:
:::php
class MyObject extends DataObject {
public $Title = '<b>not bold</b>'; // will be escaped due to Text casting
$casting = array(
"Title" => "Text", // forcing a casting
'TitleWithHTMLSuffix' => 'HTMLText' // optional, as HTMLText is the default casting
@ -283,9 +283,9 @@ Template:
:::php
<ul>
<li>$Title</li> // output: &lt;b&gt;not bold&lt;b&gt;
<li>$Title.RAW</li> // output: <b>not bold</b>
<li>$TitleWithHTMLSuffix</li> // output: <b>not bold</b>: <small>(...)</small>
<li>$Title</li> // output: &lt;b&gt;not bold&lt;b&gt;
<li>$Title.RAW</li> // output: <b>not bold</b>
<li>$TitleWithHTMLSuffix</li> // output: <b>not bold</b>: <small>(...)</small>
</ul>
@ -398,17 +398,17 @@ Below is an example with different ways you would use this casting technique:
:::php
public function CaseStudies() {
// cast an ID from URL parameters e.g. (mysite.com/home/action/ID)
$anotherID = (int)Director::urlParam['ID'];
// perform a calculation, the prerequisite being $anotherID must be an integer
$calc = $anotherID + (5 - 2) / 2;
// cast the 'category' GET variable as an integer
$categoryID = (int)$_GET['category'];
// perform a byID(), which ensures the ID is an integer before querying
return CaseStudy::get()->byID($categoryID);
// cast an ID from URL parameters e.g. (mysite.com/home/action/ID)
$anotherID = (int)Director::urlParam['ID'];
// perform a calculation, the prerequisite being $anotherID must be an integer
$calc = $anotherID + (5 - 2) / 2;
// cast the 'category' GET variable as an integer
$categoryID = (int)$_GET['category'];
// perform a byID(), which ensures the ID is an integer before querying
return CaseStudy::get()->byID($categoryID);
}
@ -439,10 +439,10 @@ disallow certain filetypes.
Example configuration for Apache2:
<VirtualHost *:80>
<LocationMatch assets/>
php_flag engine off
Options -ExecCGI -Includes -Indexes
</LocationMatch>
<LocationMatch assets/>
php_flag engine off
Options -ExecCGI -Includes -Indexes
</LocationMatch>
</VirtualHost>

View File

@ -8,4 +8,4 @@ introduction: Upload, manage and manipulate files and images.
* [api:File]
* [api:Image]
* [api:Folder]
* [api:Folder]

View File

@ -0,0 +1,19 @@
# 3.1.17
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2016-02-17 [37059eb](https://github.com/silverstripe/silverstripe-framework/commit/37059eb6b3546f304e9c031abca0f096ddb175c6) Hostname, IP and Protocol Spoofing through HTTP Headers (Ingo Schommer) - See [ss-2016-003](http://www.silverstripe.org/download/security-releases/ss-2016-003)
* 2016-02-17 [5d2fc0d](https://github.com/silverstripe/silverstripe-framework/commit/5d2fc0d7cac4ce686f7ae05c1a7b1ad8c01711a8) Block unauthenticated access to dev/build/defaults (Damian Mooyman) - See [ss-2015-028](http://www.silverstripe.org/download/security-releases/ss-2015-028)
* 2016-02-17 [013524a](https://github.com/silverstripe/silverstripe-framework/commit/013524af5069bb0cf909853f04418d9bef56d18c) Ensure Gridfield actions respect CSRF (Damian Mooyman) - See [ss-2016-002](http://www.silverstripe.org/download/security-releases/ss-2016-002)
### Bugfixes
* 2016-02-16 [644c807](https://github.com/silverstripe/silverstripe-cms/commit/644c8070311e82d35c39c6e1f0d37cc8aba53665) Use correct formaction for doRollback exemption #1378 (Andrew Aitken-Fincham)
* 2016-01-05 [00544ff](https://github.com/silverstripe/silverstripe-framework/commit/00544ff100048afdb7ccb1905304dddf8ab3205a) session_regenerate_id uses config system (Daniel Hensby)
* 2016-01-05 [4335d8e](https://github.com/silverstripe/silverstripe-framework/commit/4335d8ed221a2b402299b32e31f97fc2956ec161) Members with no ID inherit logged in user permission (Daniel Hensby)
* 2015-11-18 [e9b833f](https://github.com/silverstripe/silverstripe-framework/commit/e9b833f5f0f989af8d611f8cfe71f0b0e2cb0159) ConfirmedPassword field correctly reports mismatching passwords (Christopher Darling)
* 2015-11-05 [f577ecb](https://github.com/silverstripe/silverstripe-framework/commit/f577ecb81149d0d09dc846204f17b2153a244b5a) prevent use cache on browser back button (Igor Nadj)

View File

@ -0,0 +1,11 @@
# 3.1.18
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Bugfixes
* 2016-02-26 [bd48d89](https://github.com/silverstripe/silverstripe-framework/commit/bd48d89642a259e0a4c93ab2a686bc45b2ac3bc4) undeclared constant issue (Daniel Hensby)
* 2016-02-26 [cc95703](https://github.com/silverstripe/silverstripe-framework/commit/cc95703b18187b3940f02380f8e5667d61345660) Fix regressions in missing CSRF on print button (Damian Mooyman)
* 2016-02-25 [3dc0d0e](https://github.com/silverstripe/silverstripe-framework/commit/3dc0d0ee89cba6b780c8770a94490c60a5b52745) Fix regression in gridfield get actions (Damian Mooyman)

View File

@ -0,0 +1,13 @@
# 3.1.17-rc1
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Bugfixes
* 2016-02-16 [644c807](https://github.com/silverstripe/silverstripe-cms/commit/644c8070311e82d35c39c6e1f0d37cc8aba53665) Use correct formaction for doRollback exemption #1378 (Andrew Aitken-Fincham)
* 2016-01-05 [00544ff](https://github.com/silverstripe/silverstripe-framework/commit/00544ff100048afdb7ccb1905304dddf8ab3205a) session_regenerate_id uses config system (Daniel Hensby)
* 2016-01-05 [4335d8e](https://github.com/silverstripe/silverstripe-framework/commit/4335d8ed221a2b402299b32e31f97fc2956ec161) Members with no ID inherit logged in user permission (Daniel Hensby)
* 2015-11-18 [e9b833f](https://github.com/silverstripe/silverstripe-framework/commit/e9b833f5f0f989af8d611f8cfe71f0b0e2cb0159) ConfirmedPassword field correctly reports mismatching passwords (Christopher Darling)
* 2015-11-05 [f577ecb](https://github.com/silverstripe/silverstripe-framework/commit/f577ecb81149d0d09dc846204f17b2153a244b5a) prevent use cache on browser back button (Igor Nadj)

View File

@ -0,0 +1,11 @@
# 3.1.17-rc2
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2016-02-17 [37059eb](https://github.com/silverstripe/silverstripe-framework/commit/37059eb6b3546f304e9c031abca0f096ddb175c6) Hostname, IP and Protocol Spoofing through HTTP Headers (Ingo Schommer) - See [ss-2016-003](http://www.silverstripe.org/download/security-releases/ss-2016-003)
* 2016-02-17 [5d2fc0d](https://github.com/silverstripe/silverstripe-framework/commit/5d2fc0d7cac4ce686f7ae05c1a7b1ad8c01711a8) Block unauthenticated access to dev/build/defaults (Damian Mooyman) - See [ss-2015-028](http://www.silverstripe.org/download/security-releases/ss-2015-028)
* 2016-02-17 [013524a](https://github.com/silverstripe/silverstripe-framework/commit/013524af5069bb0cf909853f04418d9bef56d18c) Ensure Gridfield actions respect CSRF (Damian Mooyman) - See [ss-2016-002](http://www.silverstripe.org/download/security-releases/ss-2016-002)

View File

@ -0,0 +1,10 @@
# 3.1.18-rc1
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Bugfixes
* 2016-02-26 [cc95703](https://github.com/silverstripe/silverstripe-framework/commit/cc95703b18187b3940f02380f8e5667d61345660) Fix regressions in missing CSRF on print button (Damian Mooyman)
* 2016-02-25 [3dc0d0e](https://github.com/silverstripe/silverstripe-framework/commit/3dc0d0ee89cba6b780c8770a94490c60a5b52745) Fix regression in gridfield get actions (Damian Mooyman)

View File

@ -0,0 +1,9 @@
# 3.1.18-rc2
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Bugfixes
* 2016-02-26 [bd48d89](https://github.com/silverstripe/silverstripe-framework/commit/bd48d89642a259e0a4c93ab2a686bc45b2ac3bc4) undeclared constant issue (Daniel Hensby)

View File

@ -0,0 +1,10 @@
# 3.2.3-rc1
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Bugfixes
* 2016-02-26 [320c833](https://github.com/silverstripe/silverstripe-framework/commit/320c833fa1573b35a0a48ff0052bd7f63844c54f) Fix regressions in missing CSRF on print button (Damian Mooyman)
* 2016-02-25 [b0ad86b](https://github.com/silverstripe/silverstripe-framework/commit/b0ad86bf8f34115173e03bfc657c5bbb52e6a7c0) Fix regression in gridfield get actions (Damian Mooyman)

View File

@ -0,0 +1,9 @@
# 3.2.3-rc2
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Bugfixes
* 2016-02-26 [c2a0e89](https://github.com/silverstripe/silverstripe-framework/commit/c2a0e8945f6f2bc2ff8bd4013c16195cf6d7b940) undeclared constant issue (Daniel Hensby)

View File

@ -181,7 +181,7 @@ fi:
NOVALIDUPLOAD: 'Tiedosto ei ole kelvollinen ladattavaksi'
Name: Nimi
PLURALNAME: Tiedostot
PdfType: 'Adobe Acrobat PDF-tiedosto'
PdfType: 'Adobe Acrobat PDF -tiedosto'
PngType: 'PNG-kuva - hyvä yleinen muoto'
SINGULARNAME: Tiedosto
TOOLARGE: 'Tiedostokoko on liian suuri: maks. sallittu koko on {size}'
@ -257,7 +257,7 @@ fi:
DefaultGroupTitleContentAuthors: 'Sisällöntuottajat'
Description: Kuvaus
GroupReminder: 'Valitessasi isäntäryhmän roolit periytyvät tähän ryhmään'
HierarchyPermsError: 'Isäntäryhmään ei voitu asettaa "%s" annettuja oikeuksia (vaaditaan JÄRJESTELMÄNVALVOJAN oikeudet)'
HierarchyPermsError: 'Isäntä ryhmään ei voitu asettaa "%s" annettuja oikeuksia (vaaditaan JÄRJESTELMÄNVALVOJAN oikeudet)'
Locked: 'Lukittu?'
NoRoles: 'Rooleja ei löytynyt'
PLURALNAME: Ryhmät
@ -301,6 +301,8 @@ fi:
FROMWEB: 'Webistä'
FindInFolder: 'Etsi kansiosta'
IMAGEALT: 'Vaihtoehtoinen teksti (alt)'
IMAGEALTTEXT: 'Vaihtoehtoinen teksti (alt) - näytetään jos kuvaa ei voida näyttää'
IMAGEALTTEXTDESC: 'Näytetään ruudunlukuohjelmille tai jos kuvia ei voi näyttää'
IMAGEDIMENSIONS: Mitat
IMAGEHEIGHTPX: Korkeus
IMAGETITLE: 'Otsikko (tooltip) - kuvan lisätietoja varten'
@ -334,10 +336,13 @@ fi:
LeftAndMain:
CANT_REORGANISE: 'Sinulla ei ole oikeuksia mennä ylemmän tason sivuille. Muutoksiasi ei tallennettu.'
DELETED: Poistettu.
DropdownBatchActionsDefault: 'Valitse toiminto...'
HELP: Ohje
PAGETYPE: 'Sivutyyppi'
PERMAGAIN: 'Olet kirjautunut ulos CMS:stä. Jos haluat kirjautua uudelleen sisään, syötä käyttäjätunnuksesi ja salasanasi alla.'
PERMALREADY: 'Pahoittelut, mutta et pääse tähän osaan CMS:ää. Jos haluat kirjautua jonain muuna, voit tehdä sen alta.'
PERMDEFAULT: 'Sinun tulee olla kirjautuneena ylläpito-osioon; syötä tunnuksesi kenttiin.'
PLEASESAVE: 'Tallenna sivu: tätä sivua ei voitu päivittää, koska sitä ei ole vielä tallennettu.'
PreviewButton: Esikatselu
REORGANISATIONSUCCESSFUL: 'Hakemistopuu uudelleenjärjestettiin onnistuneesti.'
SAVEDUP: Tallennettu.

View File

@ -301,8 +301,8 @@ sk:
FROMWEB: 'Z webu'
FindInFolder: 'Vyhľadať v priečinku'
IMAGEALT: 'Atlernatívny text (alt)'
IMAGEALTTEXT: 'Atlernatívny text (alt) - sa zobrazí, ak nemôže byť zobrazený obrázok'
IMAGEALTTEXTDESC: 'Zobrazí sa na obrazovke, k obrázok nemôže byť zobrazený'
IMAGEALTTEXT: 'Atlernatívny text (alt) - sa zobrazí, ak nemôže byť obrázok zobrazený'
IMAGEALTTEXTDESC: 'Zobrazí sa na obrazovke, alebo ak obrázok nemôže byť zobrazený'
IMAGEDIMENSIONS: Rozmery
IMAGEHEIGHTPX: Výška
IMAGETITLE: 'Text titulky (tooltip) - pre doplňujúce informácie o obrázku'
@ -341,7 +341,7 @@ sk:
PERMAGAIN: 'Boli ste odhlásený'
PERMALREADY: 'Je nám ľúto, ale k tejto časti CMS nemáte prístup . Ak sa chcete prihlásiť ako niekto iný, urobte tak nižšie.'
PERMDEFAULT: 'Musíte byť prihlásený/á k prístupu do oblasti administrácie, zadajte vaše prihlasovacie údaje dole, prosím.'
PLEASESAVE: 'Prosím uložte stránku: Táto stránka nemôže byť aktualizovaná, ešte nebola uložená.'
PLEASESAVE: 'Prosím uložte stránku: Táto stránka nemôže byť aktualizovaná, lebo ešte nebola uložená.'
PreviewButton: Náhľad
REORGANISATIONSUCCESSFUL: 'Strom webu bol reorganizovaný úspešne.'
SAVEDUP: Uložené.