Merge remote-tracking branch 'origin/3.1' into 3.2

# Conflicts:
#	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
#	docs/en/02_Developer_Guides/14_Files/01_Image.md
#	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md
#	docs/en/03_Upgrading/index.md
#	docs/en/05_Contributing/01_Code.md
#	forms/TreeMultiselectField.php
#	security/Permission.php
This commit is contained in:
Damian Mooyman 2016-01-19 14:00:19 +13:00
commit 46cbe809ac
48 changed files with 176 additions and 131 deletions

View File

@ -7,7 +7,7 @@ It is also a bit harder to install additional PHP modules required by SilverStri
[MAMP](http://www.mamp.info/en/) is a simple way to get a complete webserver
environment going on your OSX machine, without removing or altering any system-level configuration.
Check out the [MAC OSX with Homebrew](other_installation_options/Mac_OSX_Homebrew)
Check out the [MAC OSX with Homebrew](/getting_started/installation/other_installation_options/mac_osx_homebrew)
for an alternative, more configurable installation process.
## Requirements
@ -46,4 +46,4 @@ Finally, we're ready to install SilverStripe through composer:
After finishing, the installation wizard should be available at `http://localhost:8888/silverstripe`.
The MAMP default database credentials are user `root` and password `root`.
We have a separate in-depth tutorial for [Composer Installation and Usage](composer).
We have a separate in-depth tutorial for [Composer Installation and Usage](/getting_started/composer).

View File

@ -6,7 +6,7 @@ OSX comes bundled with PHP, but you're stuck with the version and modules it shi
If you run projects on different PHP versions, or care about additional PHP module support
and other dependencies such as MariaDB, we recommend an installation through [Homebrew](http://brew.sh/).
Check out the [MAC OSX with MAMP](../Mac_OSX) for an alternative installation process
Check out the [MAC OSX with MAMP](/getting_started/installation/mac_osx) for an alternative installation process
which packages up the whole environment into a convenient application.
## Requirements
@ -115,4 +115,4 @@ Finally, we're ready to install SilverStripe through composer:
After finishing, the installation wizard should be available at `http://localhost/silverstripe`.
The Homebrew MariaDB default database credentials are user `root` and password `root`.
We have a separate in-depth tutorial for [Composer Installation and Usage](composer).
We have a separate in-depth tutorial for [Composer Installation and Usage](/getting_started/composer).

View File

@ -51,7 +51,7 @@ IIS 7.x comes with Windows. However, it needs to be installed. Follow these step
**NOTE**: These instructions are slightly different for Windows Vista and Windows 7. Instead of a Server Manager popup, you'll just get a list of features to enable. Do the same as above except click the **Internet Information Services** checkbox when the Windows Features popup appears and then expand this node and select **CGI** under World Wide Web Services > Application Development Features.
Once the installation is finished, browse to http://localhost in your browser. If an image pops up, then IIS has been installed correctly.
Once the installation is finished, browse to `http://localhost` in your browser. If an image pops up, then IIS has been installed correctly.
## IIS URL Rewrite Module
@ -191,7 +191,7 @@ After gettng the code installed, make sure you set the folder permissions proper
## Start SilverStripe installer
Open a browser and point it to http://localhost/ss
Open a browser and point it to `http://localhost/ss`
If an installation screen shows up, congratulations! We're very close now.
@ -260,7 +260,7 @@ To find out who the current user is, try echoing the result of get_current_user(
**Q: When I try to access my SilverStripe site for the first time, I get a 404 error**
**A:** Try accessing dev/build?username=admin&password=password at the end of the URL you requested. For example, http://localhost/ss/dev/build?username=admin&password=password. This will ensure the database is built properly
**A:** Try accessing dev/build?username=admin&password=password at the end of the URL you requested. For example, `http://localhost/ss/dev/build?username=admin&password=password`. This will ensure the database is built properly
**Q: How do I make IIS expose errors instead of giving a generic 500 or 404 page?**
@ -268,7 +268,7 @@ To find out who the current user is, try echoing the result of get_current_user(
Also, make sure that display_errors, display_startup_errors and html_errors in are set to On in php.ini.
**Q: I get a 500 server error when trying to access the SilverStripe site. e.g. http://localhost/ss**
**Q: I get a 500 server error when trying to access the SilverStripe site. e.g. `http://localhost/ss`**
**A:** One of the reasons why this could be happening is the web.config file inside the ss directory has XML that is not well formed. Make sure there are NO spaces before the starting <?xml> tag, and make sure that everything is tabbed out correctly.

View File

@ -73,7 +73,7 @@ every page on the site, if that's easier.
Please make sure all code inside `*.php` files is wrapped in classes. Due to the way `[api:ManifestBuilder]`
includes all files with this extension, any **procedural code will be executed on every call**. The most common error here
is putting a test.php/phpinfo.php file in the document root. See [datamodel](/developer_guides/data_model_and_orm) and [controllers](/developer_guides/controllers)
is putting a test.php/phpinfo.php file in the document root. See [datamodel](/developer_guides/model/data_model_and_orm) and [controllers](/developer_guides/controllers)
for ways how to structure your code.
Also, please check that you have PHP enabled on the webserver, and you're running PHP 5.1 or later.

View File

@ -7,7 +7,7 @@ Check out our operating system specific guides for [Linux](linux_unix),
## Installation Steps
* Make sure the webserver has MySQL and PHP support (check our [server requirements](../server_requirements)).
* Either [download the installer package](http://silverstripe.org/download), or [install through Composer](../composer).
* Either [download the installer package](http://silverstripe.org/download), or [install through Composer](/getting_started/composer).
* If using with the installer download, extract it into your webroot.
* Visit your domain or IP address in your web browser.
* You will be presented with an installation wizard asking for database and login credentials.
@ -20,5 +20,5 @@ If the above steps don't work for any reason have a read of the [Common Problems
<div class="notice" markdown="1">
SilverStripe ships with default rewriting rules specific to your web server. Apart from
routing requests to the framework, they also prevent access to sensitive files in the webroot,
for example YAML configuration files. Please refer to the [security](/topics/security) documentation for details.
for example YAML configuration files. Please refer to the [secure coding](/developer_guides/security/secure_coding/#filesystem) documentation for details.
</div>

View File

@ -449,7 +449,7 @@ Use [ANSI SQL](http://en.wikipedia.org/wiki/SQL#Standardization) format where po
### Secure Development
See [security](/topics/security) for conventions related to handing security permissions.
See [security](/developer_guides/security) for conventions related to handing security permissions.
## License

View File

@ -51,7 +51,7 @@ When designing your site you should only need to modify the *mysite*, *themes* a
![](../_images/tutorial1_cms-basic.jpg)
The CMS is the area in which you can manage your site content. You can access the cms at http://localhost/your_site_name/admin (or http://yourdomain.com/admin if you are using your own domain name). You
The CMS is the area in which you can manage your site content. You can access the cms at `http://localhost/your_site_name/admin` (or `http://yourdomain.com/admin` if you are using your own domain name). You
will be presented with a login screen. Login using the details you provided at installation. After logging in you
should see the CMS interface with a list of the pages currently on your website (the site tree). Here you can add, delete and reorganize pages. If you need to delete, publish, or unpublish a page, first check "multi-selection" at the top. You will then be able to perform actions on any checked files using the "Actions" dropdown. Clicking on a page will open it in the page editing interface pictured below (we've entered some test content).
@ -85,7 +85,7 @@ The page type specifies the templates used to render the page, the fields that a
**SilverStripe's friendly URLs**
While you are on the draft or live SilverStripe site, you may notice the URLs point to files that don't exist, e.g.
http://localhost/contact or http://yourdomainname.com/about-us etc. SilverStripe uses the URL field on the Meta-Data tab of the Edit Page -> Content section to look up the appropriate
`http://localhost/contact` or `http://yourdomainname.com/about-us` etc. SilverStripe uses the URL field on the Meta-Data tab of the Edit Page -> Content section to look up the appropriate
page in the database.
Note that if you have sub-pages, changing the Top level URL field for a page will affect the URL for all sub-pages. For example, if we changed the URL field "/about-us/" to "/about-silverstripe/" then the sub-pages URLs would now be "/about-silverstripe/URL-of-subpage/" rather than "/about-us/URL-of-subpage/".
@ -151,7 +151,7 @@ or placed between SilverStripe template tags:
**Flushing the cache**
Whenever we edit a template file, we need to append *?flush=1* onto the end of the URL, e.g.
http://localhost/your_site_name/?flush=1. SilverStripe stores template files in a cache for quicker load times. Whenever there are
`http://localhost/your_site_name/?flush=1`. SilverStripe stores template files in a cache for quicker load times. Whenever there are
changes to the template, we must flush the cache in order for the changes to take effect.
## The Navigation System
@ -348,7 +348,7 @@ Create a new file *HomePage.php* in *mysite/code*. Copy the following code into
Every page type also has a database table corresponding to it. Every time we modify the database, we need to rebuild it.
We can do this by going to [http://localhost/your_site_name/dev/build](http://localhost/your_site_name/dev/build) (replace *localhost/your_site_name* with your own domain name if applicable).
We can do this by going to `http://localhost/your_site_name/dev/build`.
It may take a moment, so be patient. This adds tables and fields needed by your site, and modifies any structures that have changed. It
does this non-destructively - it will never delete your data.

View File

@ -12,7 +12,7 @@ information.
All data tables in SilverStripe are defined as subclasses of [api:DataObject]. The [api:DataObject] class represents a
single row in a database table, following the ["Active Record"](http://en.wikipedia.org/wiki/Active_record_pattern)
design pattern. Database Columns are defined as [Data Types](data_types_and_casting) in the static `$db` variable
design pattern. Database Columns are defined as [Data Types](/developer_guides/model/data_types_and_casting) in the static `$db` variable
along with any [relationships](relations) defined as `$has_one`, `$has_many`, `$many_many` properties on the class.
Let's look at a simple example:
@ -512,7 +512,7 @@ whenever a new object is created.
<div class="notice" markdown='1'>
Note: Alternatively you can set defaults directly in the database-schema (rather than the object-model). See
[Data Types and Casting](data_types_and_casting) for details.
[Data Types and Casting](/developer_guides/model/data_types_and_casting) for details.
</div>
## Subclasses
@ -579,7 +579,7 @@ To retrieve a news article, SilverStripe joins the [api:SiteTree], [api:Page] an
## Related Documentation
* [Data Types and Casting](../data_types_and_casting)
* [Data Types and Casting](/developer_guides/model/data_types_and_casting)
## API Documentation

View File

@ -2,7 +2,7 @@
The [api:SS_List] class is designed to return a flat list of records.
These lists can get quite long, and hard to present on a single list.
[Pagination](/templates/how_tos/pagination) is one way to solve this problem,
[Pagination](/developer_guides/templates/how_tos/pagination) is one way to solve this problem,
by splitting up the list into multiple pages.
In this howto, we present an alternative to pagination:
@ -144,5 +144,5 @@ The final step is the render this into the template using the [api:GroupedList->
## Related
* [Howto: "Pagination"](/templates/how_tos/pagination)
* [Howto: "Pagination"](/developer_guides/templates/how_tos/pagination)

View File

@ -7,7 +7,7 @@ Editing and formatting content is the bread and butter of every content manageme
has a tight integration with our preferred editor library, [TinyMCE](http://tinymce.com).
On top of the base functionality, we use our own insertion dialogs to ensure you can effectively select and upload
files. In addition to the markup managed by TinyMCE, we use [shortcodes](../../extending/shortcodes) to store
files. In addition to the markup managed by TinyMCE, we use [shortcodes](/developer_guides/extending/shortcodes) to store
information about inserted images or media elements.
The framework comes with a `[api:HTMLEditorField]` form field class which encapsulates most of the required
@ -197,7 +197,7 @@ The `[api:HtmlEditorField]` API also handles inserting images and media files in
used both for referencing files on the webserver filesystem (through the `[api:File]` and `[api:Image]` APIs), as well
as hotlinking files from the web.
We use [shortcodes](../../configuration/shortcodes) to store information about inserted images or media elements. The
We use [shortcodes](/developer_guides/extending/shortcodes) to store information about inserted images or media elements. The
[api:ShortcodeParser] API post-processes the HTML content on rendering, and replaces the shortcodes accordingly. It also
takes care of care of placing the shortcode replacements relative to its surrounding markup (e.g. left/right alignment).

View File

@ -17,7 +17,7 @@ GridField can only be used with `$list` data sets that are of the type `SS_List`
<div class="notice" markdown="1">
[api:GridField] powers the automated data UI of [api:ModelAdmin]. For more information about `ModelAdmin` see the
[Customizing the CMS](../../customizing_the_cms) guide.
[Customizing the CMS](/developer_guides/customising_the_admin_interface) guide.
</div>
Each `GridField` is built from a number of components grouped into the [api:GridFieldConfig]. Without any components,

View File

@ -1,6 +1,6 @@
# How to add a custom action to a GridField row
In a [GridField](../field_types/gridfield) instance each table row can have a
In a [GridField](/developer_guides/forms/field_types/gridfield) instance each table row can have a
number of actions located the end of the row such as edit or delete actions.
Each action is represented as a instance of a specific class
(e.g [api:GridFieldEditButton]) which has been added to the `GridFieldConfig`
@ -79,7 +79,7 @@ below:
While we're working on the code, to add this new action to the `GridField`, add
a new instance of the class to the [api:GridFieldConfig] object. The `GridField`
[Reference](../field_types/gridfield) documentation has more information about
[Reference](/developer_guides/forms/field_types/gridfield) documentation has more information about
manipulating the `GridFieldConfig` instance if required.
:::php
@ -93,7 +93,7 @@ manipulating the `GridFieldConfig` instance if required.
$gridField->getConfig()->addComponent(new GridFieldCustomAction());
For documentation on adding a Component to a `GridField` created by `ModelAdmin`
please view the [ModelAdmin Reference](/reference/modeladmin#gridfield-customization) section `GridField Customization`
please view the [GridField Customization](/developer_guides/forms/how_tos/create_a_gridfield_actionprovider) section.
Now let's go back and dive through the `GridFieldCustomAction` class in more
detail.

View File

@ -45,8 +45,8 @@ Append the option and corresponding value to your URL in your browser's address
## Security Redirects
You can set an URL to redirect back to after a [Security](/topics/security) action. See the section on [URL
Redirections](security#redirect_back_to_another_page_after_login) for more information and examples.
You can set an URL to redirect back to after a [Security](/developer_guides/security) action. See the section on [URL
Redirections](/developer_guides/controllers/redirection) for more information and examples.
| URL Variable | | Values | | Description |
| ------------ | | ------ | | ----------- |

View File

@ -17,7 +17,7 @@ Flushing the various manifests is performed through a GET
parameter (`flush=1`). Since this action requires more server resources than normal requests,
executing the action is limited to the following cases when performed via a web request:
* The [environment](../getting_started/environment_management) is in "dev mode"
* The [environment](/getting_started/environment_management) is in "dev mode"
* A user is logged in with ADMIN permissions
* An error occurs during startup

View File

@ -6,7 +6,7 @@ site you have to figure this stuff out, and it's not entirely obvious.
## Ways to restrict access
There are a number of ways to restrict access in SilverStripe. In the security tab in the CMS you can create groups
that have access to certain parts. The options can be found on the [permissions](/reference/permission) documentation.
that have access to certain parts. The options can be found on the [permissions](/developer_guides/security/permissions) documentation.
Once you have groups, you can set access for each page for a particular group. This can be:
* anyone;

View File

@ -63,7 +63,7 @@ Making this work well is a subtle business and should be discussed with a few de
* On an individual data record, $page->can("View", $member = null) and be called. If a member isn't passed, the
currently logged in member is assumed.
* On a request, $request->hasPermission("View", $member = null) can be called. See [datamodel](/topics/datamodel) for
* On a request, $request->hasPermission("View", $member = null) can be called. See [datamodel](/developer_guides/model/permissions) for
information on request objects.
## Special cases

View File

@ -3,7 +3,7 @@
## Introduction
This page details notes on how to ensure that we develop secure SilverStripe applications.
See our "[Release Process](/misc/release-process#security-releases) on how to report security issues.
See our "[Release Process](/contributing/release_process#security-releases) on how to report security issues.
## SQL Injection
@ -186,7 +186,7 @@ XSS attack against an admin to perform any administrative action.
If you can't trust your editors, SilverStripe must be configured to filter the content so that any javascript is
stripped out
To enable filtering, set the HtmlEditorField::$sanitise_server_side [configuration](/topics/configuration) property to
To enable filtering, set the HtmlEditorField::$sanitise_server_side [configuration](/developer_guides/configuration/configuration) property to
true, e.g.
HtmlEditorField::config()->sanitise_server_side = true
@ -209,12 +209,12 @@ The `SiteTree.ExtraMeta` property uses this to limit allowed input.
It is not currently possible to allow editors to provide javascript content and yet still protect other users
from any malicious code within that javascript.
We recommend configuring [shortcodes](/reference/shortcodes) that can be used by editors in place of using javascript directly.
We recommend configuring [shortcodes](/developer_guides/extending/shortcodes) that can be used by editors in place of using javascript directly.
### Escaping model properties
`[api:SSViewer]` (the SilverStripe template engine) automatically takes care of escaping HTML tags from specific
object-properties by [casting](/topics/datamodel#casting) its string value into a `[api:DBField]` object.
object-properties by [casting](/developer_guides/model/data_types_and_casting) its string value into a `[api:DBField]` object.
PHP:
@ -241,7 +241,7 @@ outputting through SSViewer.
### Overriding default escaping in templates
You can force escaping on a casted value/object by using an [escape type](/topics/datamodel) method in your template, e.g.
You can force escaping on a casted value/object by using an [escape type](/developer_guides/model/data_types_and_casting) method in your template, e.g.
"XML" or "ATT".
Template (see above):
@ -323,7 +323,7 @@ Template:
Whenever you insert a variable into an HTML attribute within a template, use $VarName.ATT, no not $VarName.
You can also use the built-in casting in PHP by using the *obj()* wrapper, see [datamodel](/topics/datamodel) .
You can also use the built-in casting in PHP by using the *obj()* wrapper, see [datamodel](/developer_guides/model/data_types_and_casting).
### Escaping URLs
@ -423,7 +423,7 @@ cast types can be found here:
* `(object)` - cast to object
Note that there is also a 'SilverStripe' way of casting fields on a class, this is a different type of casting to the
standard PHP way. See [casting](/topics/datamodel#casting).
standard PHP way. See [casting](/developer_guides/model/data_types_and_casting).

View File

@ -11,7 +11,7 @@ The default output of a [api:SearchContext] is either a [api:SQLQuery] object fo
[api:DataObject] instance.
<div class="notice" markdown="1">
[api:SearchContext] is mainly used by [ModelAdmin](../customising_the_admin_interface/modeladmin).
[api:SearchContext] is mainly used by [ModelAdmin](/developer_guides/customising_the_admin_interface/modeladmin).
</div>
## Usage
@ -209,8 +209,8 @@ See `[api:SearchFilter]` API Documentation
## Related Documentation
* [ModelAdmin](../customising_the_cms/modeladmin)
* [Tutorial: Site Search](/tutorials/site_search)
* [ModelAdmin](/developer_guides/customising_the_admin_interface/modeladmin)
* [Site Search](/tutorials/site_search)
## API Documentation

View File

@ -232,7 +232,7 @@ If you want to run the text collector for just one module you can use the 'modul
`http://localhost/dev/tasks/i18nTextCollectorTask/?module=cms`
<div class="hint" markdown='1'>
You'll need to install PHPUnit to run the text collector (see [testing-guide](/topics/testing)).
You'll need to install PHPUnit to run the text collector (see [testing-guide](/developer_guides/testing)).
</div>
## Module Priority

View File

@ -13,7 +13,7 @@ feel familiar to you. This is just a quick run down to get you started
with some special conventions.
For a more practical-oriented approach to CMS customizations, refer to the
[Howto: Extend the CMS Interface](how_tos/extend_cms_interface) which builds
[Howto: Extend the CMS Interface](/developer_guides/customising_the_admin_interface/how_tos/extend_cms_interface) which builds
## Markup and Style Conventions
@ -89,7 +89,7 @@ The various panels and UI components within them are loosely coupled to the layo
attribute. The layout is triggered on the top element and cascades into children, with a `redraw` method defined on
each panel and UI component that needs to update itself as a result of layouting.
Refer to [Layout reference](cms_layout) for further information.
Refer to [Layout reference](/developer_guides/customising_the_admin_interface/cms_layout) for further information.
## Forms
@ -148,7 +148,7 @@ correctly configured form.
[jQuery.entwine](https://github.com/hafriedlander/jquery.entwine) is a thirdparty library
which allows us to attach behaviour to DOM elements in a flexible and structured mannger.
It replaces the `behaviour.js` library used in previous versions of the CMS interface.
See [JavaScript Development](javascript_development) for more information on how to use it.
See [JavaScript Development](/developer_guides/customising_the_admin_interface/javascript_development) for more information on how to use it.
In the CMS interface, all entwine rules should be placed in the "ss" entwine namespace.
If you want to call methods defined within these rules outside of entwine logic,
you have to use this namespace, e.g. `$('.cms-menu').entwine('ss').collapse()`.
@ -380,7 +380,7 @@ To avoid repetition, we've written some helpers for various use cases:
* Load into a PJAX panel: `<a href="..." class="cms-panel-link" data-pjax-target="Content">`
* Load URL as an iframe into a popup/dialog: `<a href="..." class="ss-ui-dialog-link">`
* GridField click to redirect to external link: `<a href="..." class="cms-panel-link action external-link">
* GridField click to redirect to external link: `<a href="..." class="cms-panel-link action external-link">`
## Buttons
@ -433,7 +433,7 @@ The CMS tree for viewing hierarchical structures (mostly pages) is powered
by the [jstree](http://jstree.com) library. It is configured through
`framework/admin/javascript/LeftAndMain.Tree.js`, as well as some
HTML5 metadata generated on its container (see the `data-hints` attribute).
For more information, see the [Howto: Customize the CMS tree](../how_tos/customize_cms_tree).
For more information, see the [Howto: Customise the CMS tree](/developer_guides/customising_the_admin_interface/how_tos/customise_cms_tree).
Note that a similar tree logic is also used for the
form fields to select one or more entries from those hierarchies
@ -441,7 +441,7 @@ form fields to select one or more entries from those hierarchies
## Tabs
We're using [jQuery UI tabs](http://jqueryui.com/), but in a customized fashion.
We're using [jQuery UI tabs](http://jqueryui.com/), but in a customised fashion.
HTML with tabs can be created either directly through HTML templates in the CMS,
or indirectly through a `[api:TabSet]` form field. Since tabsets are useable
outside of the CMS as well, the baseline application of tabs happens via
@ -538,8 +538,8 @@ through the `PjaxResponseNegotiator` class (see above).
## Related
* [Howto: Extend the CMS Interface](how_tos/extend_cms_interface)
* [Howto: Customize the CMS tree](how_tos/customize_cms_tree)
* [Howto: Extend the CMS Interface](/developer_guides/customising_the_admin_interface/how_tos/extend_cms_interface)
* [Howto: Customise the CMS tree](/developer_guides/customising_the_admin_interface/how_tos/customise_cms_tree)
* [ModelAdmin API](api:ModelAdmin)
* [Reference: Layout](cms_layout)
* [Reference: Layout](/developer_guides/customising_the_admin_interface/cms_layout)
* [Rich Text Editing](/developer_guides/forms/field_types/htmleditorfield)

View File

@ -49,4 +49,4 @@ by setting an additional `RightTitle`.
->setRightTitle('<a class="cms-description-trigger">My custom icon</a>');
Note: For more advanced help text we recommend using
[Custom form field templates](../form_templates);
[Custom form field templates](/developer_guides/forms/form_templates);

View File

@ -43,7 +43,7 @@ In order to localize the menu title in different languages, use the
the i18n text collection.
For more information on language and translations, please refer to the
[i18n](../../i18n) docs.
[i18n](/developer_guides/i18n) docs.
## Adding an external link to the menu
@ -85,7 +85,7 @@ button configuration.
To have the link appear, make sure you add the extension to the `LeftAndMain`
class. For more information about configuring extensions see the
[extensions reference](../extending/extensions).
[extensions reference](/developer_guides/extending/extensions).
:::php
LeftAndMain::add_extension('CustomLeftAndMain')

View File

@ -11,7 +11,7 @@ into the main CMS menu. A page can be bookmarked by a CMS author through a
simple checkbox.
For a deeper introduction to the inner workings of the CMS, please refer to our
guide on [CMS Architecture](../reference/cms-architecture).
guide on [CMS Architecture](/developer_guides/customising_the_admin_interface/cms_architecture).
## Overload a CMS template ##

View File

@ -63,6 +63,17 @@ including form and page comment information. None of this is vital but `clear_al
:::php
Session::clear_all();
## Secure Session Cookie
In certain circumstances, you may want to use a different `session_name` cookie when using the `https` protocol for security purposes. To do this, you may set the `cookie_secure` parameter to `true` on your `config.yml`
:::yml
Session:
cookie_secure: true
This uses the session_name `SECSESSID` for `https` connections instead of the default `PHPSESSID`. Doing so adds an extra layer of security to your session cookie since you no longer share `http` and `https` sessions.
## API Documentation
* [api:Session]

View File

@ -44,7 +44,7 @@ Never update a website on the live server without trying it on a development cop
How easy will it be to update my project? It's a fair question, and sometimes a difficult one to answer.
* "Micro" releases (x.y.z) are explicitly backwards compatible, "minor" and "major" releases can deprecate features and change APIs (see our [/misc/release-process](../contributing/release_process) for details)
* "Micro" releases (x.y.z) are explicitly backwards compatible, "minor" and "major" releases can deprecate features and change APIs (see our [release process](/contributing/release_process) for details)
* If you've made custom branches of SilverStripe core, or any thirdparty module, it's going to be harder to upgrade.
* The more custom features you have, the harder it will be to upgrade. You will have to re-test all of those features, and adapt to API changes in core.
* Customizations of a well defined type - such as custom page types or custom blog widgets - are going to be easier to upgrade than customisations that modify deep system internals like rewriting SQL queries.

View File

@ -7,7 +7,7 @@
**Don't use Translatable for multilingual database content. Don't upgrade to 2.3.0 if you're already using
Translatable.**
The [Translatable extension](/topics/translation) is currently marked as
The [Translatable extension](/developer_guides/i18n) is currently marked as
unstable for the initial 2.3 release. **If your site uses more than one language for page content, don't upgrade to this
release.** We're working on bugfixes which will be contained in a minor 2.3.x release soon. Check our [releaseannouncements](http://groups.google.com/group/silverstripe-announce) for updates on Translatable bugfixes.
@ -33,7 +33,7 @@ calling `dev/build`. See [#2847](http://open.silverstripe.com/ticket/2847)
### Newsletter moved into new module
Newsletter functionality has been moved into its own module called **[newsletter](modules/newsletter)**. If you were
Newsletter functionality has been moved into its own module called **[newsletter](http://addons.silverstripe.org/add-ons/silverstripe/newsletter)**. If you were
previously using this as a feature out of the box with SilverStripe, then you will need to download the userforms module
to continue using it.
@ -51,14 +51,12 @@ The auth_openid module has been removed from default installation. Please insta
### GenericDataAdmin and RelatedDataEditor moved into new module
GenericDataAdmin functionality has been moved into its own module called
**[genericdataadmin](modules/genericdataadmin)**. If you were previously using this as a feature out of the box with
GenericDataAdmin functionality has been moved into its own module. If you were previously using this as a feature out of the box with
SilverStripe, then you will need to download this module to continue using it.
### User Defined Form moved into new module
User Defined Form has been moved into its own module called **[userforms](modules/userforms)**. If you were previously
User Defined Form has been moved into its own module called **[userforms](http://addons.silverstripe.org/add-ons/silverstripe/userforms)**. If you were previously
using this as a feature out of the box with SilverStripe, then you will need to download the userforms module to
continue using it.
@ -196,8 +194,8 @@ also that the DOCTYPE altering, which was a frequent cause of pain, only execute
* Removed deprecated File::loadallcontent(), use Upload class
* Image->URL returns relative instead of absolute URL. Use Image->AbsoluteURL instead.
* Moved DataReport and SQLReport into the ecommerce module. If you're using these classes, please download the
[ecommerce module](modules/ecommerce).
* Moved DataReport and SQLReport into the ecommerce module. If you're using these classes, please see the
[ecommerce modules](http://addons.silverstripe.org/add-ons?search=ecommerce&type=&compatibility%5B%5D=3.1).
### Default mysite/_config.php

View File

@ -31,9 +31,9 @@ Here's an example of how the default Blackcandy theme was changed:
The datamodel for the Translatable extension was changed from multiple language tables to multiple rows for each
translated record in the original table. We've also introduced the concept of "Translation groups", which means not
every translated record has to exist in a "master language". Please review our updated documentation on how to [enable Translatable](/topics/translation).
every translated record has to exist in a "master language". Please review our updated documentation on how to [enable Translatable](/developer_guides/i18n).
If you are upgrading an existing database with existing translations, you'll need to run our [Migration Script](/topics/translation#migrating_from_2.1_datamodel) before using the
If you are upgrading an existing database with existing translations, you'll need migrate these before using the
database.
For in-depth discussion of the schema changes and translation groups, please refer to our developer mailinglist:

View File

@ -243,7 +243,7 @@ No conversion of existing database schemas or content should be necessary.
### MySQL 5.0+ or newer required
See [server-requirements](/installation/server-requirements).
See [server-requirements](/getting_started/server_requirements).
### BASE_PATH constant

View File

@ -28,7 +28,7 @@ TRUE.
### Security: Installation in "live mode" by default
SilverStripe used to allow setting the [environment type](/topics/environment-management) ("dev mode", "test mode" or "live
SilverStripe used to allow setting the [environment type](/getting_started/environment_management) ("dev mode", "test mode" or "live
mode") from within the installer, through *Director::set_dev_servers()*, *Director::set_test_servers()* and
*Director::set_live_servers()*.
@ -37,7 +37,7 @@ domain information in HTTP requests. This can lead to "live" environments being
administrative actions like *dev/build* without access control.
Note: The CMS is still secured through login in "dev mode".
We recommend setting environment types through a [_ss_environment.php](/topics/environment-management) file instead:
We recommend setting environment types through a [_ss_environment.php](/getting_started/environment_management) file instead:
:::php
<?php
@ -88,7 +88,7 @@ this task:
### Date/Time format handling in CMS
Classes like DateField, TimeField and DatetimeField are now aware of member-specific formats which can be set in
*admin/myprofile* (linked on the lower right footer in the CMS interface). See [i18n](/topics/i18n) for more details.
*admin/myprofile* (linked on the lower right footer in the CMS interface). See [i18n](/developer_guides/i18n) for more details.
Example: Setting German date formats in *mysite/_config.php*:

View File

@ -253,7 +253,7 @@ actions accessible through URL routing. Methods that need automatic CSRF
protection (most form actions) should NOT be included in $allowed_actions,
their protection is handled through request handling in the form class itself.
See [security](/topics/security#limiting_url-access_to_controller_methods) documentation for more details.
See [security](/developer_guides/controllers/access_control/#allowed-actions) documentation for more details.
#### Impact

View File

@ -34,7 +34,7 @@ on those fields, this wasn't correctly applied. The following methods are affect
If you have used any of these transformations with untrusted values
(e.g. from a user-submitted form), please consider updating.
More info about SilverStripe's casting logic is available in the "[security](../topics/security)" documentation.
More info about SilverStripe's casting logic is available in the "[security](/developer_guides/security)" documentation.
### Security: Cross-site scripting (XSS) related to page titles in the CMS

View File

@ -41,7 +41,7 @@ The detailed change logs are broken down by pre-release:
### Common Upgrade Tasks
* Rename foder from `sapphire/`to `framework/`, replace own paths with `FRAMEWORK_DIR` (in PHP) or `$ModulePath(framework)` (in templates). Update paths in `.htaccess` or `web.config` ([more](/changelogs/3.0.0#sapphire-rename))
* Replace `<% control %>` in your templates with `<% loop %>` and `<% with %>` ([more](/reference/templates-upgrading-guide#control))
* Replace `<% control %>` in your templates with `<% loop %>` and `<% with %>` ([more](/developer_guides/templates))
* Replace `DataObjectSet` with `DataList` or `ArrayList` ([more](/changelogs/3.0.0#deprecated-classes))
* Rewrite `ComplexTableField` and `DataObjectManager` instances to `GridField` ([more](/changelogs/3.0.0#gridfield-replacement-for-tablelistfield-and-complextablefield-gridfield))
* Rewrite `Director::redirect()` and `Director::redirectBack()` calls ([more](/changelogs/3.0.0#director-static-functions-deprecated-e-g-redirect-and-redirectback)
@ -61,7 +61,7 @@ which points to the framework directory, and in the templates you can use `$Modu
### GridField: Replacement for TableListField and ComplexTableField [gridfield]###
We have a new component for managing lists of objects: The `[GridField](/reference/grid-field)`.
We have a new component for managing lists of objects: The `[GridField](/developer_guides/forms/field_types/gridfield)`.
It's a substantial rewrite of the features previously captured by `TableListField`,
`ComplexTableField`, `HasManyComplexTableField` and `ManyManyComplexTableField`.
@ -97,7 +97,7 @@ Upgrade example: Relationship editing
// after
$field = new GridField('MyRelation', null, $myRecord->MyRelation(), GridFieldConfig_RelationEditor::create());
More information is available in the [GridField documentation](/reference/grid-field).
More information is available in the [GridField documentation](/developer_guides/forms/field_types/gridfield).
### Object static functions replaced with new Config class {#new-config}
Static functions for getting a static variable on the `Object` class have been deprecated,
@ -215,7 +215,7 @@ for the presence of records, please call the count() method on the `DataList`:
if(!DataObject::get('SiteTree', '"ParentID" = 5')->count()) echo "Page 5 has no children";
Beware that `DataList->remove()` will delete an entry from the database.
See the ["datamodel" documentation](../topics/datamodel) for more details.
See the ["datamodel" documentation](/developer_guides/model/data_model_and_orm) for more details.
### New ORM: Changes to manipulation of SQL queries {#new-orm-sql-queries}
@ -334,8 +334,7 @@ Now in SilverStripe 3.x, nested structures are arrays:
### New template engine [templates]###
The template engine has been completely rewritten, and although it is generally backward compatible, there are new features
and some features have been deprecated. See the [template upgrading guide](/reference/templates-upgrading-guide) and the
[template reference](/reference/templates) for more information.
and some features have been deprecated. See the [template reference](/developer_guides/templates) for more information.
### Removed view-specific accessors from ViewableData ####
@ -343,7 +342,7 @@ Several methods in ViewableData that were originally added to expose values to t
in order to stop polluting the namespace. These were sometimes called by project-specific PHP code too, and that code
will need re-working.
See the [template upgrading guide](/reference/templates-upgrading-guide) for a list of methods and their replacements.
See the [template reference](/developer_guides/templates) for a list of method replacements.
### New user interface for CMS [ui]###
@ -354,9 +353,9 @@ the detailed changelog for this release. Many interface components have changed
unfortunately there is no clear upgrade path for every interface detail.
As a starting point, have a look at the new templates in `cms/templates`
and `framework/admin/templates`, as well as the new [jQuery.entwine](https://github.com/hafriedlander/jquery.entwine)
based JavaScript logic. Have a look at the new ["Extending the CMS" guide](../howto/extend-cms-interface),
["CSS" guide](../topics/css), ["JavaScript" guide](../topics/javascript) and
["CMS Architecture" guide](/reference/cms-architecture) to get you started.
based JavaScript logic. Have a look at the new ["Extending the CMS" guide](/developer_guides/customising_the_admin_interface/how_tos/extend_cms_interface),
["CSS" guide](/developer_guides/customising_the_admin_interface/typography), ["JavaScript" guide](/developer_guides/customising_the_admin_interface/javascript_development) and
["CMS Architecture" guide](/developer_guides/customising_the_admin_interface/cms_architecture) to get you started.
### New tree library [tree]###
@ -436,9 +435,9 @@ ModelAdmin has been substanially rewritten to natively support the `[api:GridFie
for more flexible data presentation (replacing `[api:ComplexTableField]`),
and the `[api:DataList]` API for more expressive querying.
If you have overwritten any methods in the class, customized templates,
If you have overwritten any methods in the class, customised templates,
or implemented your own `$collection_controller_class`/`$record_controller_class` controllers,
please refer to the new [ModelAdmin documentation](/reference/modeladmin)
please refer to the new [ModelAdmin documentation](/developer_guides/customising_the_admin_interface/modeladmin)
on details for how to achieve the same goals in the new class.
### Stylesheet preprocessing via SCSS and the "compass" module [scss]###

View File

@ -30,7 +30,7 @@ state of a database record.
Fix: Apply 3.0.4 update. In addition, we strongly recommend to define `$allowed_actions`
on all controller classes to ensure the intentions are clearly communicated.
Read more about `$allowed_actions` in our "[controller](/topics/controller/#access-control)"
Read more about `$allowed_actions` in our "[controller](/developer_guides/controllers/access_control)"
docs.
Reporter: Zann St Pierre
@ -47,8 +47,8 @@ configuration values added in your own project, or a third party module.
Resolution: Update your `.htaccess` file (for Apache), or your `web.config` file (for IIS)
with the new files from the project root, and reapply any customizations you've made.
Follow the [general upgrade instructions](/installation/upgrading).
The [nginx installation instructions](/installation/nginx)
Follow the [general upgrade instructions](/upgrading).
The [nginx installation instructions](/getting_started/installation/how_to/configure_nginx)
have also been updated to reflect those changes.
### Security: Information exposure through web access on composer files
@ -64,8 +64,8 @@ versions of SilverStripe.
Resolution: Update your `.htaccess` file (for Apache), or your `web.config` file (for IIS)
with the new files from the project root, and reapply any customizations you've made.
Follow the [general upgrade instructions](/installation/upgrading).
The [nginx installation instructions](/installation/nginx)
Follow the [general upgrade instructions](/upgrading).
The [nginx installation instructions](/getting_started/installation/how_to/configure_nginx)
have also been updated to reflect those changes.

View File

@ -34,7 +34,7 @@
* Optional integration with ImageMagick as a new image manipulation backend
* Support for PHP 5.4's built-in webserver
* Support for [Composer](http://getcomposer.org) dependency manager (also works with 3.0)
* Added support for filtering incoming HTML from TinyMCE (disabled by default, see [security](/topics/security))
* Added support for filtering incoming HTML from TinyMCE (disabled by default, see [security](/developer_guides/security))
* Behaviour testing support through [Behat](http://behat.org), with CMS test coverage
(see the [SilverStripe Behat Extension]() for details)
@ -48,7 +48,7 @@ it can facilitate [denial-of-service attacks](https://en.wikipedia.org/wiki/Deni
To prevent this, main.php now checks and only allows the flush parameter in the following cases:
* The [environment](/topics/environment-management) is in "dev mode"
* The [environment](/getting_started/environment_management) is in "dev mode"
* A user is logged in with ADMIN permissions
* An error occurs during startup
@ -233,7 +233,7 @@ needs to be explicitly denied through these configuration files (see the [3.0.5
for details.
</div>
For more information about how to use the config system, see the ["Configuration" topic](/topic/configuration).
For more information about how to use the config system, see the ["Configuration" topic](/developer_guides/configuration).
### Deny URL access if `Controller::$allowed_actions` is undefined or empty array
@ -253,7 +253,7 @@ by setting the `RequestHandler.require_allowed_actions` config value to `false`
This applies to anything extending `RequestHandler`, so please check your `Form` and `FormField`
subclasses as well. Keep in mind, action methods as denoted through `FormAction` names should NOT
be mentioned in `$allowed_actions` to avoid CSRF issues.
Please review all rules governing allowed actions in the ["controller" topic](/topics/controller).
Please review all rules governing allowed actions in the ["controller" topic](/developer_guides/controllers/access_control/#allowed-actions).
### Removed support for "*" rules in `Controller::$allowed_actions`
@ -272,7 +272,7 @@ you'll need to specificy each accessible action individually.
}
Please review all rules governing allowed actions in the
["controller" topic](/topics/controller).
["controller" topic](/developer_guides/controllers/access_control/#allowed-actions).
### Removed support for overriding rules on parent classes through `Controller::$allowed_actions`
@ -295,7 +295,7 @@ which now have to be listed in the `$allowed_actions` specifically.
It also restricts `Extension` classes applied to controllers, which now
can only grant or deny access or methods they define themselves.
New approach with the [Config API](/topics/configuration)
New approach with the [Config API](/developer_guides/configuration/configuration)
:::php
class MySubController extends MyController {
@ -309,7 +309,7 @@ New approach with the [Config API](/topics/configuration)
}
Please review all rules governing allowed actions in the
["controller" topic](/topics/controller).
["controller" topic](/developer_guides/controllers/access_control/#allowed-actions).
### Grouped CMS Buttons
@ -377,7 +377,7 @@ Since `GridField` is used in `ModelAdmin`, this change will affect both classes.
return Permission::check('CMS_ACCESS_CMSMain', 'any', $member);
}
You can also implement [custom permission codes](/topics/permissions).
You can also implement [custom permission codes](/developer_guides/security/permissions).
For 3.1.0 stable, we aim to further simplify the permission definitions,
in order to reduce the boilerplate code required to get a model editable in the CMS.
@ -493,7 +493,7 @@ you can enable those warnings and future-proof your code already.
Hierarchy.node_threshold_leaf`. Set to `0` to show tree unrestricted.
* `Object` now has `beforeExtending` and `afterExtending` to inject behaviour around method extension.
`DataObject` also has `beforeUpdateCMSFields` to insert fields between automatic scaffolding and extension
by `updateCMSFields`. See the [DataExtension Reference](/reference/dataextension) for more information.
by `updateCMSFields`. See the [DataExtension Reference](/developer_guides/model/extending_dataobjects) for more information.
* Magic quotes is now deprecated. Will trigger user_error on live sites, as well as an error on new installs
* Support for Apache 1.x is removed.
* Forms created in the CMS should now be instances of a new `CMSForm` class,

View File

@ -6,7 +6,7 @@ This release includes several security fixes to prevent HTTP Hostname injection,
as well as a fix for flush or isDev querystring parameters
to be set via unauthenticated requests.
Users upgrading from 3.1.12 or below should read the [security documentation](/security/secure_coding)
Users upgrading from 3.1.12 or below should read the [security documentation](/developer_guides/security/secure_coding)
on securing their site.
### Security

View File

@ -14,7 +14,7 @@ will be disabled. If multiple authenticators are used, only supported ones will
In order to create a CMS supported version the `Authenticator::supports_cms` and `Authenticator::get_cms_login_form`
methods should be overridden. See `[api:MemberAuthenticator]` for an example implementation.
Check the documentation at the [Authentication](/topics/authentication) topic.
Check the documentation at the [Authentication](/developer_guides/security/authentication) topic.
### Default Admin

View File

@ -27,14 +27,14 @@ DataList handles filtering in a more fluent way than using raw where calls. The
When this query is executed it will contain all members with firstname of Sam but not with lastname Magnusson sorted by age ascending
For more information see documentation at [/topics/datamodel](../../topics/datamodel).
For more information see documentation at [datamodel](/developer_guides/model/searchfilters).
### Grid Field
GridField has changed since 3.0.0-alpha1 to be more flexible. Any previous implementation are broken
and need to be changed according to the new API.
For implementation details see documentation at [/reference/grid-field](../../reference/grid-field).
For implementation details see documentation at [grid-field](/developer_guides/forms/field_types/gridfield).
## Upgrading ##

View File

@ -15,7 +15,7 @@ it can facilitate [denial-of-service attacks](https://en.wikipedia.org/wiki/Deni
To prevent this, main.php now checks and only allows the flush parameter in the following cases:
* The [environment](/topics/environment-management) is in "dev mode"
* The [environment](/getting_started/environment_management) is in "dev mode"
* A user is logged in with ADMIN permissions
* An error occurs during startup

View File

@ -14,7 +14,7 @@ will be disabled. If multiple authenticators are used, only supported ones will
In order to create a CMS supported version the `Authenticator::supports_cms` and `Authenticator::get_cms_login_form`
methods should be overridden. See `[api:MemberAuthenticator]` for an example implementation.
Check the documentation at the [Authentication](/topics/authentication) topic.
Check the documentation at the [Authentication](/developer_guides/security/authentication) topic.
### Default Admin

View File

@ -152,7 +152,7 @@ After you have edited the file, GitHub will offer to create a pull request for y
* Check and update documentation on [docs.silverstripe.org](http://docs.silverstripe.org). Check for any references to functionality deprecated or extended through your patch. Documentation changes should be included in the patch.
* When introducing something "noteworthy" (new feature, API change), [update the release changelog](/changelogs) for the next release this commit will be included in.
* If you get stuck, please post to the [forum](http://silverstripe.org/forum) or for deeper core problems, to the [core mailinglist](https://groups.google.com/forum/#!forum/silverstripe-dev)
* When working with the CMS, please read the ["CMS Architecture Guide"](/developer_guides/customising_the_admin_interface/cms_architecture/) first
* When working with the CMS, please read the ["CMS Architecture Guide"](/developer_guides/customising_the_admin_interface/cms_architecture) first
## Commit Messages

View File

@ -272,6 +272,7 @@ class ConfirmedPasswordField extends FormField {
} else {
if($value || (!$value && $this->canBeEmpty)) {
$this->value = $value;
$this->confirmValue = $value;
}
}
@ -281,7 +282,7 @@ class ConfirmedPasswordField extends FormField {
->setValue($this->value);
$this->children->fieldByName($this->getName() . '[_ConfirmPassword]')
->setValue($this->value);
->setValue($this->confirmValue);
}
return $this;

View File

@ -103,6 +103,7 @@ class TreeMultiselectField extends TreeDropdownField {
$titleArray = array();
$idArray = array();
$items = $this->getItems();
$emptyTitle = _t('DropdownField.CHOOSE', '(Choose)', 'start value of a dropdown');
if($items && count($items)) {
foreach($items as $item) {
@ -115,7 +116,7 @@ class TreeMultiselectField extends TreeDropdownField {
$title = implode(", ", $titleArray);
$value = implode(",", $idArray);
} else {
$title = _t('DropdownField.CHOOSE', '(Choose)', 'start value of a dropdown');
$title = $emptyTitle;
}
$dataUrlTree = '';
@ -129,6 +130,7 @@ class TreeMultiselectField extends TreeDropdownField {
$properties,
array(
'Title' => $title,
'EmptyTitle' => $emptyTitle,
'Link' => $dataUrlTree,
'Value' => $value
)

View File

@ -138,7 +138,7 @@
this[this.getPanel().is(':visible') ? 'closePanel' : 'openPanel']();
},
setTitle: function(title) {
title = title || this.data('title') || strings.fieldTitle;
title = title || this.data('empty-title') || strings.fieldTitle;
this.find('.treedropdownfield-title').html(title);
this.data('title', title); // separate view from storage (important for search cancellation)

View File

@ -378,7 +378,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
* quirky problems (such as using the Windmill 0.3.6 proxy).
*/
public static function session_regenerate_id() {
if(!self::$session_regenerate_id) return;
if(!self::config()->session_regenerate_id) return;
// This can be called via CLI during testing.
if(Director::is_cli()) return;

View File

@ -163,6 +163,10 @@ class Permission extends DataObject implements TemplateGlobalProvider {
$memberID = (is_object($member)) ? $member->ID : $member;
}
if (!$memberID) {
return false;
}
// Turn the code into an array as we may need to add other permsissions to the set we check
if(!is_array($code)) $code = array($code);

View File

@ -81,4 +81,24 @@ class ConfirmedPasswordFieldTest extends SapphireTest {
);
}
public function testFormValidation() {
$form = new Form(
new Controller(),
'Form',
new FieldList($field = new ConfirmedPasswordField('Password')),
new FieldList()
);
$form->loadDataFrom(array(
'Password' => array(
'_Password' => '123',
'_ConfirmPassword' => '999',
)
));
$this->assertEquals('123', $field->children->first()->Value());
$this->assertEquals('999', $field->children->last()->Value());
$this->assertNotEquals($field->children->first()->Value(), $field->children->last()->Value());
}
}

View File

@ -124,4 +124,14 @@ class PermissionTest extends SapphireTest {
Config::inst()->remove('Permission', 'hidden_permissions');
$this->assertContains('CMS_ACCESS_LeftAndMain', $permissionCheckboxSet->Field());
}
public function testEmptyMemberFails() {
$member = new Member();
$this->assertFalse($member->exists());
$this->logInWithPermission('ADMIN');
$this->assertFalse(Permission::checkMember($member, 'ADMIN'));
$this->assertFalse(Permission::checkMember($member, 'CMS_ACCESS_LeftAndMain'));
}
}