Merge remote-tracking branch 'origin/3.2' into 3.3

This commit is contained in:
Damian Mooyman 2016-01-19 15:08:24 +13:00
commit 5d240feaec
54 changed files with 521 additions and 158 deletions

View File

@ -7,7 +7,7 @@ It is also a bit harder to install additional PHP modules required by SilverStri
[MAMP](http://www.mamp.info/en/) is a simple way to get a complete webserver [MAMP](http://www.mamp.info/en/) is a simple way to get a complete webserver
environment going on your OSX machine, without removing or altering any system-level configuration. environment going on your OSX machine, without removing or altering any system-level configuration.
Check out the [MAC OSX with Homebrew](other_installation_options/Mac_OSX_Homebrew) Check out the [MAC OSX with Homebrew](/getting_started/installation/other_installation_options/mac_osx_homebrew)
for an alternative, more configurable installation process. for an alternative, more configurable installation process.
## Requirements ## Requirements
@ -46,4 +46,4 @@ Finally, we're ready to install SilverStripe through composer:
After finishing, the installation wizard should be available at `http://localhost:8888/silverstripe`. After finishing, the installation wizard should be available at `http://localhost:8888/silverstripe`.
The MAMP default database credentials are user `root` and password `root`. The MAMP default database credentials are user `root` and password `root`.
We have a separate in-depth tutorial for [Composer Installation and Usage](composer). We have a separate in-depth tutorial for [Composer Installation and Usage](/getting_started/composer).

View File

@ -6,7 +6,7 @@ OSX comes bundled with PHP, but you're stuck with the version and modules it shi
If you run projects on different PHP versions, or care about additional PHP module support If you run projects on different PHP versions, or care about additional PHP module support
and other dependencies such as MariaDB, we recommend an installation through [Homebrew](http://brew.sh/). and other dependencies such as MariaDB, we recommend an installation through [Homebrew](http://brew.sh/).
Check out the [MAC OSX with MAMP](../Mac_OSX) for an alternative installation process Check out the [MAC OSX with MAMP](/getting_started/installation/mac_osx) for an alternative installation process
which packages up the whole environment into a convenient application. which packages up the whole environment into a convenient application.
## Requirements ## Requirements
@ -115,4 +115,4 @@ Finally, we're ready to install SilverStripe through composer:
After finishing, the installation wizard should be available at `http://localhost/silverstripe`. After finishing, the installation wizard should be available at `http://localhost/silverstripe`.
The Homebrew MariaDB default database credentials are user `root` and password `root`. The Homebrew MariaDB default database credentials are user `root` and password `root`.
We have a separate in-depth tutorial for [Composer Installation and Usage](composer). We have a separate in-depth tutorial for [Composer Installation and Usage](/getting_started/composer).

View File

@ -0,0 +1,221 @@
# Install SilverStripe using Vagrant
This guide steps through installing a virtual machine on your chosen virtual platform.
This guide will work for:
- Virtualbox
- Parallels
This guide may work for:
- VMWare
Vagrant has all server settings stored in a Vagrantfile which is a text file containing the commands and settings needed to setup a webserver. This is ideal for version control, which helps distribution and sharing between team members.
## Requirements
This can be used with many modern computers, this can be done on Windows, Mac or Linux operating systems. We recommend a relatively strong computer that can handle a virtual machine in the background.
- Minimum memory would be 4GB of RAM
- Roughly 20GB Harddrive space (depends on which box you choose to use)
- Software to install beforehand:
- [Vagrant](http://www.vagrantup.com/downloads)
- [Virtualbox](https://www.virtualbox.org/wiki/Downloads)
- Installing SilverStripe by [Composer](https://getcomposer.org/download/) or download the [ZIP file](https://www.silverstripe.org/download/).
*Important*: It is strongly advised to have a fast and wired internet connection when running initial the setup, as there is a lot of downloading required.
Vagrant downloads and sets up an entire operating system.
## Setting it up
Most of this requires using only the command line and text editor or IDE.
Create a folder where your vagrant will be in and browse to the folder in the command line:
```bash
mkdir virtuallythere
cd virtuallythere
```
### Creating the Vagrantfile
Create/Browse to the folder youll be developing in:
```bash
vagrant init
```
In its current state, you could start the vagrant machine and it will run, but you won't be able to do much with it yet.
### Setting the box
Open the `Vagrantfile` that was created in your vagrant folder with your preferred text editor.
Look for the line which describes the box you are going to use:
```ruby
config.vm.box = "base"
```
This defines what pre-built Operating System the vagrant machine will be using. We'll be changing `base` to something closer to what wed like, perhaps similar to your production server, you can find a range of boxes [listed here](https://atlas.hashicorp.com/search)
We've chosen to use `RHEL7.0`, but you can easily change it to suit your needs.
```ruby
config.vm.box = "box-cutter/centos70"
```
*Important*: Because this is redhat, the shell commands used later on will be using `yum install` instead of `apt-get install` for Debian based boxes.
### The private network and hostname
Now well add the vagrant machine to our computers private network, this will mean no one outside this computer will be able to access it without some special setup.
So this will be your own development environment!
To do that, look for this line:
```ruby
# config.vm.network "private_network", ip: "192.168.33.10"
```
First well need to uncomment it, so delete only the `#` at the start of the line, then add a hostname IP address of your choice to use.
```ruby
config.vm.hostname = "virtuallythere.dev"
config.vm.network "privatenetwork", ip: "10.1.2.50"
```
### Syncing files
Next well sync our website folder to the virtual machine, so it has the files needed to run SilverStripe. There are many different ways to do this, depending on your own preferences and possibly different boxes.
To keep things simple, were going to sync our vagrant folder to the virtual machine, so everything in your vagrant folder will be visible to the virtual machine.
Find this line:
```ruby
config.vm.synced_folder "../data", "/vagrant_data"
```
Then change to match this:
```ruby
config.vm.synced_folder ".", "/vagrant"
```
### Setting resources
This step is optional, but it is recommended to configure the virtual machine resources allocated to it, so it doesnt take more resources than it should, something like this should be enough to start with:
```ruby
config.vm.provider "virtualbox" do |vb|
vb.memory = "1024"
vb.name = "virtuallythere"
end
```
*Important*: This is for Virtualbox again, change “virtualbox” to the virtual platform that you are using, you might need to make sure the setting `vb.memory` is supported by the platform youre using because it may be different.
### Script to setup server
Now we need to setup our environment using shell scripts, this will install software that you need for your server to be working and usable. You could even customise the setup to be closer like your production server.
For now find these lines:
```ruby
# config.vm.provision "shell", inline: <<-SHELL
# sudo apt-get update
# sudo apt-get install -y apache2
# SHELL
```
And modify it to call a shell script in your vagrant folder:
```ruby
config.vm.provision "shell", path: "setup.sh"
```
*Important*: Were using shell script because were using a Linux server, please use the scripting language that your server environment supports.
Now to create the `setup.sh` file. This script will setup `php+modules`, `mariadb/mysql` and `apache`, the ones I had listed is the minimal required to get SilverStripe started and working out of the box.
```bash
yum update -y --disableplugin=fastestmirror
systemctl restart sshd
yum install -y httpd httpd-devel mod_ssl
yum -y install php php-common php-mysql php-pdo php-mcrypt* php-gd php-xml php-mbstring
echo "Include /vagrant/apache/*.conf" >> /etc/httpd/conf/httpd.conf
echo "date.timezone = Pacific/Auckland" >> /etc/php.ini
systemctl start httpd.service
systemctl enable httpd.service
yum install -y mariadb-server mariadb
systemctl start mariadb.service
systemctl enable mariadb.service
```
*Important*: Again, as noted above, this uses RHEL so `yum install` is used, please remember to change to `apt-get install` or other packaging tool as necessary.
Save `setup.sh` in the same folder as your Vagrantfile.
### Setting up Apache
If you inspect the script Ive included above, youll notice this line:
```bash
echo "Include /vagrant/apache/*.conf" >> /etc/httpd/conf/httpd.conf
```
This will allow us to customise our apache, particularly the VirtualHost part
Earlier in the post, I had defined a hostname:
```ruby
config.vm.hostname = "virtuallythere.dev"
```
Well need to create a conf file for this hostname in a apache folder, create the folder first:
```bash
mkdir apache
```
We'll save a `vagrant.conf` file in the newly created apache folder, and inside well define the VirtualHost:
```apache
ServerRoot "/etc/httpd"
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/vagrant/public"
<Directory "/vagrant/public">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<VirtualHost *:80>
ServerName virtuallythere.dev
ServerAlias www.virtuallythere.dev
DocumentRoot /vagrant/public
LogLevel warn
ServerSignature Off
<Directory /vagrant/public>
Options +FollowSymLinks
Options -ExecCGI -Includes -Indexes
AllowOverride all
Require all granted
</Directory>
# SilverStripe specific
<LocationMatch assets/>
php_flag engine off
</LocationMatch>
</VirtualHost>
```
### Download SilverStripe
Last step is to download SilverStripe for the virtual machine to use, if you have an existing SilverStripe installation you could also move everything to this folder instead of downloading a new installation to the public folder.
As mentioned above, you could install SilverStripe by [Composer](https://getcomposer.org/download/) or download the [ZIP file](https://www.silverstripe.org/download/).
### Were ready for launch
Thats all! When thats done, run:
```bash
vagrant up
```
If you've been following this guide, you can browse to http://virtuallythere.dev/install if you are using a new installation, or go to http://virtuallythere.dev if you are using an existing SilverStripe installation. If you've modified the hostname, follow the new hostname you've chosen.
### Last step
Version control this and share it with your teammates!
All they need is listed in the Requirements at the top, and the files youve just created:
- Vagrantfile
- setup.sh
- apache/virtuallythere.conf
- public/ _(with SilverStripe files here)_
## Advanced tasks
Once you get started with Vagrant, its very easy to improve and tweak things further if you needed. With version control, if you've made a mistake, you can easily rollback to the last working version.
Some examples of things you could do:
- You could have multiple hostnames for the same virtual machine by using the plugin [vagrant-hostsupdater](https://github.com/cogitatio/vagrant-hostsupdater).
- Have [multiple machines](https://docs.vagrantup.com/v2/multi-machine/) running, if you wanted to test communications between two servers
- Perhaps you have access to API server code you could host locally for development.
- [Vagrant Push](https://docs.vagrantup.com/v2/push/index.html) could be used to deploy to a Testing server.

View File

@ -51,7 +51,7 @@ IIS 7.x comes with Windows. However, it needs to be installed. Follow these step
**NOTE**: These instructions are slightly different for Windows Vista and Windows 7. Instead of a Server Manager popup, you'll just get a list of features to enable. Do the same as above except click the **Internet Information Services** checkbox when the Windows Features popup appears and then expand this node and select **CGI** under World Wide Web Services > Application Development Features. **NOTE**: These instructions are slightly different for Windows Vista and Windows 7. Instead of a Server Manager popup, you'll just get a list of features to enable. Do the same as above except click the **Internet Information Services** checkbox when the Windows Features popup appears and then expand this node and select **CGI** under World Wide Web Services > Application Development Features.
Once the installation is finished, browse to http://localhost in your browser. If an image pops up, then IIS has been installed correctly. Once the installation is finished, browse to `http://localhost` in your browser. If an image pops up, then IIS has been installed correctly.
## IIS URL Rewrite Module ## IIS URL Rewrite Module
@ -191,7 +191,7 @@ After gettng the code installed, make sure you set the folder permissions proper
## Start SilverStripe installer ## Start SilverStripe installer
Open a browser and point it to http://localhost/ss Open a browser and point it to `http://localhost/ss`
If an installation screen shows up, congratulations! We're very close now. If an installation screen shows up, congratulations! We're very close now.
@ -260,7 +260,7 @@ To find out who the current user is, try echoing the result of get_current_user(
**Q: When I try to access my SilverStripe site for the first time, I get a 404 error** **Q: When I try to access my SilverStripe site for the first time, I get a 404 error**
**A:** Try accessing dev/build?username=admin&password=password at the end of the URL you requested. For example, http://localhost/ss/dev/build?username=admin&password=password. This will ensure the database is built properly **A:** Try accessing dev/build?username=admin&password=password at the end of the URL you requested. For example, `http://localhost/ss/dev/build?username=admin&password=password`. This will ensure the database is built properly
**Q: How do I make IIS expose errors instead of giving a generic 500 or 404 page?** **Q: How do I make IIS expose errors instead of giving a generic 500 or 404 page?**
@ -268,7 +268,7 @@ To find out who the current user is, try echoing the result of get_current_user(
Also, make sure that display_errors, display_startup_errors and html_errors in are set to On in php.ini. Also, make sure that display_errors, display_startup_errors and html_errors in are set to On in php.ini.
**Q: I get a 500 server error when trying to access the SilverStripe site. e.g. http://localhost/ss** **Q: I get a 500 server error when trying to access the SilverStripe site. e.g. `http://localhost/ss`**
**A:** One of the reasons why this could be happening is the web.config file inside the ss directory has XML that is not well formed. Make sure there are NO spaces before the starting <?xml> tag, and make sure that everything is tabbed out correctly. **A:** One of the reasons why this could be happening is the web.config file inside the ss directory has XML that is not well formed. Make sure there are NO spaces before the starting <?xml> tag, and make sure that everything is tabbed out correctly.

View File

@ -73,7 +73,7 @@ every page on the site, if that's easier.
Please make sure all code inside `*.php` files is wrapped in classes. Due to the way `[api:ManifestBuilder]` Please make sure all code inside `*.php` files is wrapped in classes. Due to the way `[api:ManifestBuilder]`
includes all files with this extension, any **procedural code will be executed on every call**. The most common error here includes all files with this extension, any **procedural code will be executed on every call**. The most common error here
is putting a test.php/phpinfo.php file in the document root. See [datamodel](/developer_guides/data_model_and_orm) and [controllers](/developer_guides/controllers) is putting a test.php/phpinfo.php file in the document root. See [datamodel](/developer_guides/model/data_model_and_orm) and [controllers](/developer_guides/controllers)
for ways how to structure your code. for ways how to structure your code.
Also, please check that you have PHP enabled on the webserver, and you're running PHP 5.1 or later. Also, please check that you have PHP enabled on the webserver, and you're running PHP 5.1 or later.

View File

@ -7,7 +7,7 @@ Check out our operating system specific guides for [Linux](linux_unix),
## Installation Steps ## Installation Steps
* Make sure the webserver has MySQL and PHP support (check our [server requirements](../server_requirements)). * Make sure the webserver has MySQL and PHP support (check our [server requirements](../server_requirements)).
* Either [download the installer package](http://silverstripe.org/download), or [install through Composer](../composer). * Either [download the installer package](http://silverstripe.org/download), or [install through Composer](/getting_started/composer).
* If using with the installer download, extract it into your webroot. * If using with the installer download, extract it into your webroot.
* Visit your domain or IP address in your web browser. * Visit your domain or IP address in your web browser.
* You will be presented with an installation wizard asking for database and login credentials. * You will be presented with an installation wizard asking for database and login credentials.
@ -20,5 +20,5 @@ If the above steps don't work for any reason have a read of the [Common Problems
<div class="notice" markdown="1"> <div class="notice" markdown="1">
SilverStripe ships with default rewriting rules specific to your web server. Apart from SilverStripe ships with default rewriting rules specific to your web server. Apart from
routing requests to the framework, they also prevent access to sensitive files in the webroot, routing requests to the framework, they also prevent access to sensitive files in the webroot,
for example YAML configuration files. Please refer to the [security](/topics/security) documentation for details. for example YAML configuration files. Please refer to the [secure coding](/developer_guides/security/secure_coding/#filesystem) documentation for details.
</div> </div>

View File

@ -449,7 +449,7 @@ Use [ANSI SQL](http://en.wikipedia.org/wiki/SQL#Standardization) format where po
### Secure Development ### Secure Development
See [security](/topics/security) for conventions related to handing security permissions. See [security](/developer_guides/security) for conventions related to handing security permissions.
## License ## License

View File

@ -51,7 +51,7 @@ When designing your site you should only need to modify the *mysite*, *themes* a
![](../_images/tutorial1_cms-basic.jpg) ![](../_images/tutorial1_cms-basic.jpg)
The CMS is the area in which you can manage your site content. You can access the cms at http://localhost/your_site_name/admin (or http://yourdomain.com/admin if you are using your own domain name). You The CMS is the area in which you can manage your site content. You can access the cms at `http://localhost/your_site_name/admin` (or `http://yourdomain.com/admin` if you are using your own domain name). You
will be presented with a login screen. Login using the details you provided at installation. After logging in you will be presented with a login screen. Login using the details you provided at installation. After logging in you
should see the CMS interface with a list of the pages currently on your website (the site tree). Here you can add, delete and reorganize pages. If you need to delete, publish, or unpublish a page, first check "multi-selection" at the top. You will then be able to perform actions on any checked files using the "Actions" dropdown. Clicking on a page will open it in the page editing interface pictured below (we've entered some test content). should see the CMS interface with a list of the pages currently on your website (the site tree). Here you can add, delete and reorganize pages. If you need to delete, publish, or unpublish a page, first check "multi-selection" at the top. You will then be able to perform actions on any checked files using the "Actions" dropdown. Clicking on a page will open it in the page editing interface pictured below (we've entered some test content).
@ -85,7 +85,7 @@ The page type specifies the templates used to render the page, the fields that a
**SilverStripe's friendly URLs** **SilverStripe's friendly URLs**
While you are on the draft or live SilverStripe site, you may notice the URLs point to files that don't exist, e.g. While you are on the draft or live SilverStripe site, you may notice the URLs point to files that don't exist, e.g.
http://localhost/contact or http://yourdomainname.com/about-us etc. SilverStripe uses the URL field on the Meta-Data tab of the Edit Page -> Content section to look up the appropriate `http://localhost/contact` or `http://yourdomainname.com/about-us` etc. SilverStripe uses the URL field on the Meta-Data tab of the Edit Page -> Content section to look up the appropriate
page in the database. page in the database.
Note that if you have sub-pages, changing the Top level URL field for a page will affect the URL for all sub-pages. For example, if we changed the URL field "/about-us/" to "/about-silverstripe/" then the sub-pages URLs would now be "/about-silverstripe/URL-of-subpage/" rather than "/about-us/URL-of-subpage/". Note that if you have sub-pages, changing the Top level URL field for a page will affect the URL for all sub-pages. For example, if we changed the URL field "/about-us/" to "/about-silverstripe/" then the sub-pages URLs would now be "/about-silverstripe/URL-of-subpage/" rather than "/about-us/URL-of-subpage/".
@ -151,7 +151,7 @@ or placed between SilverStripe template tags:
**Flushing the cache** **Flushing the cache**
Whenever we edit a template file, we need to append *?flush=1* onto the end of the URL, e.g. Whenever we edit a template file, we need to append *?flush=1* onto the end of the URL, e.g.
http://localhost/your_site_name/?flush=1. SilverStripe stores template files in a cache for quicker load times. Whenever there are `http://localhost/your_site_name/?flush=1`. SilverStripe stores template files in a cache for quicker load times. Whenever there are
changes to the template, we must flush the cache in order for the changes to take effect. changes to the template, we must flush the cache in order for the changes to take effect.
## The Navigation System ## The Navigation System
@ -344,7 +344,7 @@ Create a new file *HomePage.php* in *mysite/code*. Copy the following code into
Every page type also has a database table corresponding to it. Every time we modify the database, we need to rebuild it. Every page type also has a database table corresponding to it. Every time we modify the database, we need to rebuild it.
We can do this by going to [http://localhost/your_site_name/dev/build](http://localhost/your_site_name/dev/build) (replace *localhost/your_site_name* with your own domain name if applicable). We can do this by going to `http://localhost/your_site_name/dev/build`.
It may take a moment, so be patient. This adds tables and fields needed by your site, and modifies any structures that have changed. It It may take a moment, so be patient. This adds tables and fields needed by your site, and modifies any structures that have changed. It
does this non-destructively - it will never delete your data. does this non-destructively - it will never delete your data.

View File

@ -12,7 +12,7 @@ information.
All data tables in SilverStripe are defined as subclasses of [api:DataObject]. The [api:DataObject] class represents a All data tables in SilverStripe are defined as subclasses of [api:DataObject]. The [api:DataObject] class represents a
single row in a database table, following the ["Active Record"](http://en.wikipedia.org/wiki/Active_record_pattern) single row in a database table, following the ["Active Record"](http://en.wikipedia.org/wiki/Active_record_pattern)
design pattern. Database Columns are defined as [Data Types](data_types_and_casting) in the static `$db` variable design pattern. Database Columns are defined as [Data Types](/developer_guides/model/data_types_and_casting) in the static `$db` variable
along with any [relationships](relations) defined as `$has_one`, `$has_many`, `$many_many` properties on the class. along with any [relationships](relations) defined as `$has_one`, `$has_many`, `$many_many` properties on the class.
Let's look at a simple example: Let's look at a simple example:
@ -512,7 +512,7 @@ whenever a new object is created.
<div class="notice" markdown='1'> <div class="notice" markdown='1'>
Note: Alternatively you can set defaults directly in the database-schema (rather than the object-model). See Note: Alternatively you can set defaults directly in the database-schema (rather than the object-model). See
[Data Types and Casting](data_types_and_casting) for details. [Data Types and Casting](/developer_guides/model/data_types_and_casting) for details.
</div> </div>
## Subclasses ## Subclasses
@ -579,7 +579,7 @@ To retrieve a news article, SilverStripe joins the [api:SiteTree], [api:Page] an
## Related Documentation ## Related Documentation
* [Data Types and Casting](../data_types_and_casting) * [Data Types and Casting](/developer_guides/model/data_types_and_casting)
## API Documentation ## API Documentation

View File

@ -2,7 +2,7 @@
The [api:SS_List] class is designed to return a flat list of records. The [api:SS_List] class is designed to return a flat list of records.
These lists can get quite long, and hard to present on a single list. These lists can get quite long, and hard to present on a single list.
[Pagination](/templates/how_tos/pagination) is one way to solve this problem, [Pagination](/developer_guides/templates/how_tos/pagination) is one way to solve this problem,
by splitting up the list into multiple pages. by splitting up the list into multiple pages.
In this howto, we present an alternative to pagination: In this howto, we present an alternative to pagination:
@ -144,5 +144,5 @@ The final step is the render this into the template using the [api:GroupedList->
## Related ## Related
* [Howto: "Pagination"](/templates/how_tos/pagination) * [Howto: "Pagination"](/developer_guides/templates/how_tos/pagination)

View File

@ -7,7 +7,7 @@ Editing and formatting content is the bread and butter of every content manageme
has a tight integration with our preferred editor library, [TinyMCE](http://tinymce.com). has a tight integration with our preferred editor library, [TinyMCE](http://tinymce.com).
On top of the base functionality, we use our own insertion dialogs to ensure you can effectively select and upload On top of the base functionality, we use our own insertion dialogs to ensure you can effectively select and upload
files. In addition to the markup managed by TinyMCE, we use [shortcodes](../../extending/shortcodes) to store files. In addition to the markup managed by TinyMCE, we use [shortcodes](/developer_guides/extending/shortcodes) to store
information about inserted images or media elements. information about inserted images or media elements.
The framework comes with a `[api:HTMLEditorField]` form field class which encapsulates most of the required The framework comes with a `[api:HTMLEditorField]` form field class which encapsulates most of the required
@ -197,7 +197,7 @@ The `[api:HtmlEditorField]` API also handles inserting images and media files in
used both for referencing files on the webserver filesystem (through the `[api:File]` and `[api:Image]` APIs), as well used both for referencing files on the webserver filesystem (through the `[api:File]` and `[api:Image]` APIs), as well
as hotlinking files from the web. as hotlinking files from the web.
We use [shortcodes](../../configuration/shortcodes) to store information about inserted images or media elements. The We use [shortcodes](/developer_guides/extending/shortcodes) to store information about inserted images or media elements. The
[api:ShortcodeParser] API post-processes the HTML content on rendering, and replaces the shortcodes accordingly. It also [api:ShortcodeParser] API post-processes the HTML content on rendering, and replaces the shortcodes accordingly. It also
takes care of care of placing the shortcode replacements relative to its surrounding markup (e.g. left/right alignment). takes care of care of placing the shortcode replacements relative to its surrounding markup (e.g. left/right alignment).

View File

@ -17,7 +17,7 @@ GridField can only be used with `$list` data sets that are of the type `SS_List`
<div class="notice" markdown="1"> <div class="notice" markdown="1">
[api:GridField] powers the automated data UI of [api:ModelAdmin]. For more information about `ModelAdmin` see the [api:GridField] powers the automated data UI of [api:ModelAdmin]. For more information about `ModelAdmin` see the
[Customizing the CMS](../../customizing_the_cms) guide. [Customizing the CMS](/developer_guides/customising_the_admin_interface) guide.
</div> </div>
Each `GridField` is built from a number of components grouped into the [api:GridFieldConfig]. Without any components, Each `GridField` is built from a number of components grouped into the [api:GridFieldConfig]. Without any components,

View File

@ -1,6 +1,6 @@
# How to add a custom action to a GridField row # How to add a custom action to a GridField row
In a [GridField](../field_types/gridfield) instance each table row can have a In a [GridField](/developer_guides/forms/field_types/gridfield) instance each table row can have a
number of actions located the end of the row such as edit or delete actions. number of actions located the end of the row such as edit or delete actions.
Each action is represented as a instance of a specific class Each action is represented as a instance of a specific class
(e.g [api:GridFieldEditButton]) which has been added to the `GridFieldConfig` (e.g [api:GridFieldEditButton]) which has been added to the `GridFieldConfig`
@ -79,7 +79,7 @@ below:
While we're working on the code, to add this new action to the `GridField`, add While we're working on the code, to add this new action to the `GridField`, add
a new instance of the class to the [api:GridFieldConfig] object. The `GridField` a new instance of the class to the [api:GridFieldConfig] object. The `GridField`
[Reference](../field_types/gridfield) documentation has more information about [Reference](/developer_guides/forms/field_types/gridfield) documentation has more information about
manipulating the `GridFieldConfig` instance if required. manipulating the `GridFieldConfig` instance if required.
:::php :::php
@ -93,7 +93,7 @@ manipulating the `GridFieldConfig` instance if required.
$gridField->getConfig()->addComponent(new GridFieldCustomAction()); $gridField->getConfig()->addComponent(new GridFieldCustomAction());
For documentation on adding a Component to a `GridField` created by `ModelAdmin` For documentation on adding a Component to a `GridField` created by `ModelAdmin`
please view the [ModelAdmin Reference](/reference/modeladmin#gridfield-customization) section `GridField Customization` please view the [GridField Customization](/developer_guides/forms/how_tos/create_a_gridfield_actionprovider) section.
Now let's go back and dive through the `GridFieldCustomAction` class in more Now let's go back and dive through the `GridFieldCustomAction` class in more
detail. detail.

View File

@ -116,6 +116,46 @@ limited than using `phpunit` directly, particularly around formatting test outpu
sake dev/tests/all SkipTests=MySkippedTest sake dev/tests/all SkipTests=MySkippedTest
# Skip some tests # Skip some tests
## Making Tests Run Fast
A major impedement to testing is that by default tests are extremely slow to run. There are two things that can be done to speed them up:
### Disable xDebug
Unless executing a coverage report there is no need to have xDebug enabled.
:::bash
# Disable xdebug
sudo php5dismod xdebug
# Run tests
phpunit framework/tests/
# Enable xdebug
sudo php5enmod xdebug
### Use SQLite In Memory
SQLIte can be configured to fun in memory as opposed to disk and this makes testing an order of magnitude faster. To effect this change add the following to mysite/_config.php - this enables an optional flag to switch between MySQL and SQLite. Note also that the package silverstripe/sqlite3 will need installed, version will vary depending on which version of SilverStripe is being tested.
:::php
if(Director::isDev()) {
if(isset($_GET['db']) && ($db = $_GET['db'])) {
global $databaseConfig;
if($db == 'sqlite3') {
$databaseConfig['type'] = 'SQLite3Database';
$databaseConfig['path'] = ':memory:';
}
}
}
To use SQLite append '' db=sqlite3 after the phpunit command.
:::bash
phpunit framework/tests '' db=sqlite3
### Speed Comparison
Testing against a medium sized module with 93 tests:
* SQLite - 16.15s
* MySQL - 314s
This means using SQLite will run tests over 20 times faster.
## Test Databases and Fixtures ## Test Databases and Fixtures

View File

@ -45,8 +45,8 @@ Append the option and corresponding value to your URL in your browser's address
## Security Redirects ## Security Redirects
You can set an URL to redirect back to after a [Security](/topics/security) action. See the section on [URL You can set an URL to redirect back to after a [Security](/developer_guides/security) action. See the section on [URL
Redirections](security#redirect_back_to_another_page_after_login) for more information and examples. Redirections](/developer_guides/controllers/redirection) for more information and examples.
| URL Variable | | Values | | Description | | URL Variable | | Values | | Description |
| ------------ | | ------ | | ----------- | | ------------ | | ------ | | ----------- |

View File

@ -17,7 +17,7 @@ Flushing the various manifests is performed through a GET
parameter (`flush=1`). Since this action requires more server resources than normal requests, parameter (`flush=1`). Since this action requires more server resources than normal requests,
executing the action is limited to the following cases when performed via a web request: executing the action is limited to the following cases when performed via a web request:
* The [environment](../getting_started/environment_management) is in "dev mode" * The [environment](/getting_started/environment_management) is in "dev mode"
* A user is logged in with ADMIN permissions * A user is logged in with ADMIN permissions
* An error occurs during startup * An error occurs during startup

View File

@ -6,7 +6,7 @@ site you have to figure this stuff out, and it's not entirely obvious.
## Ways to restrict access ## Ways to restrict access
There are a number of ways to restrict access in SilverStripe. In the security tab in the CMS you can create groups There are a number of ways to restrict access in SilverStripe. In the security tab in the CMS you can create groups
that have access to certain parts. The options can be found on the [permissions](/reference/permission) documentation. that have access to certain parts. The options can be found on the [permissions](/developer_guides/security/permissions) documentation.
Once you have groups, you can set access for each page for a particular group. This can be: Once you have groups, you can set access for each page for a particular group. This can be:
* anyone; * anyone;

View File

@ -63,7 +63,7 @@ Making this work well is a subtle business and should be discussed with a few de
* On an individual data record, $page->can("View", $member = null) and be called. If a member isn't passed, the * On an individual data record, $page->can("View", $member = null) and be called. If a member isn't passed, the
currently logged in member is assumed. currently logged in member is assumed.
* On a request, $request->hasPermission("View", $member = null) can be called. See [datamodel](/topics/datamodel) for * On a request, $request->hasPermission("View", $member = null) can be called. See [datamodel](/developer_guides/model/permissions) for
information on request objects. information on request objects.
## Special cases ## Special cases

View File

@ -3,7 +3,7 @@
## Introduction ## Introduction
This page details notes on how to ensure that we develop secure SilverStripe applications. This page details notes on how to ensure that we develop secure SilverStripe applications.
See our "[Release Process](/misc/release-process#security-releases) on how to report security issues. See our "[Release Process](/contributing/release_process#security-releases) on how to report security issues.
## SQL Injection ## SQL Injection
@ -186,7 +186,7 @@ XSS attack against an admin to perform any administrative action.
If you can't trust your editors, SilverStripe must be configured to filter the content so that any javascript is If you can't trust your editors, SilverStripe must be configured to filter the content so that any javascript is
stripped out stripped out
To enable filtering, set the HtmlEditorField::$sanitise_server_side [configuration](/topics/configuration) property to To enable filtering, set the HtmlEditorField::$sanitise_server_side [configuration](/developer_guides/configuration/configuration) property to
true, e.g. true, e.g.
HtmlEditorField::config()->sanitise_server_side = true HtmlEditorField::config()->sanitise_server_side = true
@ -209,12 +209,12 @@ The `SiteTree.ExtraMeta` property uses this to limit allowed input.
It is not currently possible to allow editors to provide javascript content and yet still protect other users It is not currently possible to allow editors to provide javascript content and yet still protect other users
from any malicious code within that javascript. from any malicious code within that javascript.
We recommend configuring [shortcodes](/reference/shortcodes) that can be used by editors in place of using javascript directly. We recommend configuring [shortcodes](/developer_guides/extending/shortcodes) that can be used by editors in place of using javascript directly.
### Escaping model properties ### Escaping model properties
`[api:SSViewer]` (the SilverStripe template engine) automatically takes care of escaping HTML tags from specific `[api:SSViewer]` (the SilverStripe template engine) automatically takes care of escaping HTML tags from specific
object-properties by [casting](/topics/datamodel#casting) its string value into a `[api:DBField]` object. object-properties by [casting](/developer_guides/model/data_types_and_casting) its string value into a `[api:DBField]` object.
PHP: PHP:
@ -241,7 +241,7 @@ outputting through SSViewer.
### Overriding default escaping in templates ### Overriding default escaping in templates
You can force escaping on a casted value/object by using an [escape type](/topics/datamodel) method in your template, e.g. You can force escaping on a casted value/object by using an [escape type](/developer_guides/model/data_types_and_casting) method in your template, e.g.
"XML" or "ATT". "XML" or "ATT".
Template (see above): Template (see above):
@ -323,7 +323,7 @@ Template:
Whenever you insert a variable into an HTML attribute within a template, use $VarName.ATT, no not $VarName. Whenever you insert a variable into an HTML attribute within a template, use $VarName.ATT, no not $VarName.
You can also use the built-in casting in PHP by using the *obj()* wrapper, see [datamodel](/topics/datamodel) . You can also use the built-in casting in PHP by using the *obj()* wrapper, see [datamodel](/developer_guides/model/data_types_and_casting).
### Escaping URLs ### Escaping URLs
@ -423,7 +423,7 @@ cast types can be found here:
* `(object)` - cast to object * `(object)` - cast to object
Note that there is also a 'SilverStripe' way of casting fields on a class, this is a different type of casting to the Note that there is also a 'SilverStripe' way of casting fields on a class, this is a different type of casting to the
standard PHP way. See [casting](/topics/datamodel#casting). standard PHP way. See [casting](/developer_guides/model/data_types_and_casting).

View File

@ -11,7 +11,7 @@ The default output of a [api:SearchContext] is either a [api:SQLQuery] object fo
[api:DataObject] instance. [api:DataObject] instance.
<div class="notice" markdown="1"> <div class="notice" markdown="1">
[api:SearchContext] is mainly used by [ModelAdmin](../customising_the_admin_interface/modeladmin). [api:SearchContext] is mainly used by [ModelAdmin](/developer_guides/customising_the_admin_interface/modeladmin).
</div> </div>
## Usage ## Usage
@ -209,8 +209,8 @@ See `[api:SearchFilter]` API Documentation
## Related Documentation ## Related Documentation
* [ModelAdmin](../customising_the_cms/modeladmin) * [ModelAdmin](/developer_guides/customising_the_admin_interface/modeladmin)
* [Tutorial: Site Search](/tutorials/site_search) * [Site Search](/tutorials/site_search)
## API Documentation ## API Documentation

View File

@ -232,7 +232,7 @@ If you want to run the text collector for just one module you can use the 'modul
`http://localhost/dev/tasks/i18nTextCollectorTask/?module=cms` `http://localhost/dev/tasks/i18nTextCollectorTask/?module=cms`
<div class="hint" markdown='1'> <div class="hint" markdown='1'>
You'll need to install PHPUnit to run the text collector (see [testing-guide](/topics/testing)). You'll need to install PHPUnit to run the text collector (see [testing-guide](/developer_guides/testing)).
</div> </div>
## Module Priority ## Module Priority

View File

@ -13,7 +13,7 @@ feel familiar to you. This is just a quick run down to get you started
with some special conventions. with some special conventions.
For a more practical-oriented approach to CMS customizations, refer to the For a more practical-oriented approach to CMS customizations, refer to the
[Howto: Extend the CMS Interface](how_tos/extend_cms_interface) which builds [Howto: Extend the CMS Interface](/developer_guides/customising_the_admin_interface/how_tos/extend_cms_interface) which builds
## Markup and Style Conventions ## Markup and Style Conventions
@ -89,7 +89,7 @@ The various panels and UI components within them are loosely coupled to the layo
attribute. The layout is triggered on the top element and cascades into children, with a `redraw` method defined on attribute. The layout is triggered on the top element and cascades into children, with a `redraw` method defined on
each panel and UI component that needs to update itself as a result of layouting. each panel and UI component that needs to update itself as a result of layouting.
Refer to [Layout reference](cms_layout) for further information. Refer to [Layout reference](/developer_guides/customising_the_admin_interface/cms_layout) for further information.
## Forms ## Forms
@ -148,7 +148,7 @@ correctly configured form.
[jQuery.entwine](https://github.com/hafriedlander/jquery.entwine) is a thirdparty library [jQuery.entwine](https://github.com/hafriedlander/jquery.entwine) is a thirdparty library
which allows us to attach behaviour to DOM elements in a flexible and structured mannger. which allows us to attach behaviour to DOM elements in a flexible and structured mannger.
It replaces the `behaviour.js` library used in previous versions of the CMS interface. It replaces the `behaviour.js` library used in previous versions of the CMS interface.
See [JavaScript Development](javascript_development) for more information on how to use it. See [JavaScript Development](/developer_guides/customising_the_admin_interface/javascript_development) for more information on how to use it.
In the CMS interface, all entwine rules should be placed in the "ss" entwine namespace. In the CMS interface, all entwine rules should be placed in the "ss" entwine namespace.
If you want to call methods defined within these rules outside of entwine logic, If you want to call methods defined within these rules outside of entwine logic,
you have to use this namespace, e.g. `$('.cms-menu').entwine('ss').collapse()`. you have to use this namespace, e.g. `$('.cms-menu').entwine('ss').collapse()`.
@ -380,7 +380,7 @@ To avoid repetition, we've written some helpers for various use cases:
* Load into a PJAX panel: `<a href="..." class="cms-panel-link" data-pjax-target="Content">` * Load into a PJAX panel: `<a href="..." class="cms-panel-link" data-pjax-target="Content">`
* Load URL as an iframe into a popup/dialog: `<a href="..." class="ss-ui-dialog-link">` * Load URL as an iframe into a popup/dialog: `<a href="..." class="ss-ui-dialog-link">`
* GridField click to redirect to external link: `<a href="..." class="cms-panel-link action external-link"> * GridField click to redirect to external link: `<a href="..." class="cms-panel-link action external-link">`
## Buttons ## Buttons
@ -433,7 +433,7 @@ The CMS tree for viewing hierarchical structures (mostly pages) is powered
by the [jstree](http://jstree.com) library. It is configured through by the [jstree](http://jstree.com) library. It is configured through
`framework/admin/javascript/LeftAndMain.Tree.js`, as well as some `framework/admin/javascript/LeftAndMain.Tree.js`, as well as some
HTML5 metadata generated on its container (see the `data-hints` attribute). HTML5 metadata generated on its container (see the `data-hints` attribute).
For more information, see the [Howto: Customize the CMS tree](../how_tos/customize_cms_tree). For more information, see the [Howto: Customise the CMS tree](/developer_guides/customising_the_admin_interface/how_tos/customise_cms_tree).
Note that a similar tree logic is also used for the Note that a similar tree logic is also used for the
form fields to select one or more entries from those hierarchies form fields to select one or more entries from those hierarchies
@ -441,7 +441,7 @@ form fields to select one or more entries from those hierarchies
## Tabs ## Tabs
We're using [jQuery UI tabs](http://jqueryui.com/), but in a customized fashion. We're using [jQuery UI tabs](http://jqueryui.com/), but in a customised fashion.
HTML with tabs can be created either directly through HTML templates in the CMS, HTML with tabs can be created either directly through HTML templates in the CMS,
or indirectly through a `[api:TabSet]` form field. Since tabsets are useable or indirectly through a `[api:TabSet]` form field. Since tabsets are useable
outside of the CMS as well, the baseline application of tabs happens via outside of the CMS as well, the baseline application of tabs happens via
@ -538,8 +538,8 @@ through the `PjaxResponseNegotiator` class (see above).
## Related ## Related
* [Howto: Extend the CMS Interface](how_tos/extend_cms_interface) * [Howto: Extend the CMS Interface](/developer_guides/customising_the_admin_interface/how_tos/extend_cms_interface)
* [Howto: Customize the CMS tree](how_tos/customize_cms_tree) * [Howto: Customise the CMS tree](/developer_guides/customising_the_admin_interface/how_tos/customise_cms_tree)
* [ModelAdmin API](api:ModelAdmin) * [ModelAdmin API](api:ModelAdmin)
* [Reference: Layout](cms_layout) * [Reference: Layout](/developer_guides/customising_the_admin_interface/cms_layout)
* [Rich Text Editing](/developer_guides/forms/field_types/htmleditorfield) * [Rich Text Editing](/developer_guides/forms/field_types/htmleditorfield)

View File

@ -49,4 +49,4 @@ by setting an additional `RightTitle`.
->setRightTitle('<a class="cms-description-trigger">My custom icon</a>'); ->setRightTitle('<a class="cms-description-trigger">My custom icon</a>');
Note: For more advanced help text we recommend using Note: For more advanced help text we recommend using
[Custom form field templates](../form_templates); [Custom form field templates](/developer_guides/forms/form_templates);

View File

@ -43,7 +43,7 @@ In order to localize the menu title in different languages, use the
the i18n text collection. the i18n text collection.
For more information on language and translations, please refer to the For more information on language and translations, please refer to the
[i18n](../../ii8n) docs. [i18n](/developer_guides/i18n) docs.
## Adding an external link to the menu ## Adding an external link to the menu
@ -85,7 +85,7 @@ button configuration.
To have the link appear, make sure you add the extension to the `LeftAndMain` To have the link appear, make sure you add the extension to the `LeftAndMain`
class. For more information about configuring extensions see the class. For more information about configuring extensions see the
[extensions reference](../extending/extensions). [extensions reference](/developer_guides/extending/extensions).
:::php :::php
LeftAndMain::add_extension('CustomLeftAndMain') LeftAndMain::add_extension('CustomLeftAndMain')

View File

@ -11,7 +11,7 @@ into the main CMS menu. A page can be bookmarked by a CMS author through a
simple checkbox. simple checkbox.
For a deeper introduction to the inner workings of the CMS, please refer to our For a deeper introduction to the inner workings of the CMS, please refer to our
guide on [CMS Architecture](../reference/cms-architecture). guide on [CMS Architecture](/developer_guides/customising_the_admin_interface/cms_architecture).
## Overload a CMS template ## ## Overload a CMS template ##

View File

@ -63,6 +63,17 @@ including form and page comment information. None of this is vital but `clear_al
:::php :::php
Session::clear_all(); Session::clear_all();
## Secure Session Cookie
In certain circumstances, you may want to use a different `session_name` cookie when using the `https` protocol for security purposes. To do this, you may set the `cookie_secure` parameter to `true` on your `config.yml`
:::yml
Session:
cookie_secure: true
This uses the session_name `SECSESSID` for `https` connections instead of the default `PHPSESSID`. Doing so adds an extra layer of security to your session cookie since you no longer share `http` and `https` sessions.
## API Documentation ## API Documentation
* [api:Session] * [api:Session]

View File

@ -44,7 +44,7 @@ Never update a website on the live server without trying it on a development cop
How easy will it be to update my project? It's a fair question, and sometimes a difficult one to answer. How easy will it be to update my project? It's a fair question, and sometimes a difficult one to answer.
* "Micro" releases (x.y.z) are explicitly backwards compatible, "minor" and "major" releases can deprecate features and change APIs (see our [/misc/release-process](../contributing/release_process) for details) * "Micro" releases (x.y.z) are explicitly backwards compatible, "minor" and "major" releases can deprecate features and change APIs (see our [release process](/contributing/release_process) for details)
* If you've made custom branches of SilverStripe core, or any thirdparty module, it's going to be harder to upgrade. * If you've made custom branches of SilverStripe core, or any thirdparty module, it's going to be harder to upgrade.
* The more custom features you have, the harder it will be to upgrade. You will have to re-test all of those features, and adapt to API changes in core. * The more custom features you have, the harder it will be to upgrade. You will have to re-test all of those features, and adapt to API changes in core.
* Customizations of a well defined type - such as custom page types or custom blog widgets - are going to be easier to upgrade than customisations that modify deep system internals like rewriting SQL queries. * Customizations of a well defined type - such as custom page types or custom blog widgets - are going to be easier to upgrade than customisations that modify deep system internals like rewriting SQL queries.

View File

@ -7,7 +7,7 @@
**Don't use Translatable for multilingual database content. Don't upgrade to 2.3.0 if you're already using **Don't use Translatable for multilingual database content. Don't upgrade to 2.3.0 if you're already using
Translatable.** Translatable.**
The [Translatable extension](/topics/translation) is currently marked as The [Translatable extension](/developer_guides/i18n) is currently marked as
unstable for the initial 2.3 release. **If your site uses more than one language for page content, don't upgrade to this unstable for the initial 2.3 release. **If your site uses more than one language for page content, don't upgrade to this
release.** We're working on bugfixes which will be contained in a minor 2.3.x release soon. Check our [releaseannouncements](http://groups.google.com/group/silverstripe-announce) for updates on Translatable bugfixes. release.** We're working on bugfixes which will be contained in a minor 2.3.x release soon. Check our [releaseannouncements](http://groups.google.com/group/silverstripe-announce) for updates on Translatable bugfixes.
@ -33,7 +33,7 @@ calling `dev/build`. See [#2847](http://open.silverstripe.com/ticket/2847)
### Newsletter moved into new module ### Newsletter moved into new module
Newsletter functionality has been moved into its own module called **[newsletter](modules/newsletter)**. If you were Newsletter functionality has been moved into its own module called **[newsletter](http://addons.silverstripe.org/add-ons/silverstripe/newsletter)**. If you were
previously using this as a feature out of the box with SilverStripe, then you will need to download the userforms module previously using this as a feature out of the box with SilverStripe, then you will need to download the userforms module
to continue using it. to continue using it.
@ -51,14 +51,12 @@ The auth_openid module has been removed from default installation. Please insta
### GenericDataAdmin and RelatedDataEditor moved into new module ### GenericDataAdmin and RelatedDataEditor moved into new module
GenericDataAdmin functionality has been moved into its own module called GenericDataAdmin functionality has been moved into its own module. If you were previously using this as a feature out of the box with
**[genericdataadmin](modules/genericdataadmin)**. If you were previously using this as a feature out of the box with
SilverStripe, then you will need to download this module to continue using it. SilverStripe, then you will need to download this module to continue using it.
### User Defined Form moved into new module ### User Defined Form moved into new module
User Defined Form has been moved into its own module called **[userforms](modules/userforms)**. If you were previously User Defined Form has been moved into its own module called **[userforms](http://addons.silverstripe.org/add-ons/silverstripe/userforms)**. If you were previously
using this as a feature out of the box with SilverStripe, then you will need to download the userforms module to using this as a feature out of the box with SilverStripe, then you will need to download the userforms module to
continue using it. continue using it.
@ -196,8 +194,8 @@ also that the DOCTYPE altering, which was a frequent cause of pain, only execute
* Removed deprecated File::loadallcontent(), use Upload class * Removed deprecated File::loadallcontent(), use Upload class
* Image->URL returns relative instead of absolute URL. Use Image->AbsoluteURL instead. * Image->URL returns relative instead of absolute URL. Use Image->AbsoluteURL instead.
* Moved DataReport and SQLReport into the ecommerce module. If you're using these classes, please download the * Moved DataReport and SQLReport into the ecommerce module. If you're using these classes, please see the
[ecommerce module](modules/ecommerce). [ecommerce modules](http://addons.silverstripe.org/add-ons?search=ecommerce&type=&compatibility%5B%5D=3.1).
### Default mysite/_config.php ### Default mysite/_config.php

View File

@ -31,9 +31,9 @@ Here's an example of how the default Blackcandy theme was changed:
The datamodel for the Translatable extension was changed from multiple language tables to multiple rows for each The datamodel for the Translatable extension was changed from multiple language tables to multiple rows for each
translated record in the original table. We've also introduced the concept of "Translation groups", which means not translated record in the original table. We've also introduced the concept of "Translation groups", which means not
every translated record has to exist in a "master language". Please review our updated documentation on how to [enable Translatable](/topics/translation). every translated record has to exist in a "master language". Please review our updated documentation on how to [enable Translatable](/developer_guides/i18n).
If you are upgrading an existing database with existing translations, you'll need to run our [Migration Script](/topics/translation#migrating_from_2.1_datamodel) before using the If you are upgrading an existing database with existing translations, you'll need migrate these before using the
database. database.
For in-depth discussion of the schema changes and translation groups, please refer to our developer mailinglist: For in-depth discussion of the schema changes and translation groups, please refer to our developer mailinglist:

View File

@ -243,7 +243,7 @@ No conversion of existing database schemas or content should be necessary.
### MySQL 5.0+ or newer required ### MySQL 5.0+ or newer required
See [server-requirements](/installation/server-requirements). See [server-requirements](/getting_started/server_requirements).
### BASE_PATH constant ### BASE_PATH constant

View File

@ -28,7 +28,7 @@ TRUE.
### Security: Installation in "live mode" by default ### Security: Installation in "live mode" by default
SilverStripe used to allow setting the [environment type](/topics/environment-management) ("dev mode", "test mode" or "live SilverStripe used to allow setting the [environment type](/getting_started/environment_management) ("dev mode", "test mode" or "live
mode") from within the installer, through *Director::set_dev_servers()*, *Director::set_test_servers()* and mode") from within the installer, through *Director::set_dev_servers()*, *Director::set_test_servers()* and
*Director::set_live_servers()*. *Director::set_live_servers()*.
@ -37,7 +37,7 @@ domain information in HTTP requests. This can lead to "live" environments being
administrative actions like *dev/build* without access control. administrative actions like *dev/build* without access control.
Note: The CMS is still secured through login in "dev mode". Note: The CMS is still secured through login in "dev mode".
We recommend setting environment types through a [_ss_environment.php](/topics/environment-management) file instead: We recommend setting environment types through a [_ss_environment.php](/getting_started/environment_management) file instead:
:::php :::php
<?php <?php
@ -88,7 +88,7 @@ this task:
### Date/Time format handling in CMS ### Date/Time format handling in CMS
Classes like DateField, TimeField and DatetimeField are now aware of member-specific formats which can be set in Classes like DateField, TimeField and DatetimeField are now aware of member-specific formats which can be set in
*admin/myprofile* (linked on the lower right footer in the CMS interface). See [i18n](/topics/i18n) for more details. *admin/myprofile* (linked on the lower right footer in the CMS interface). See [i18n](/developer_guides/i18n) for more details.
Example: Setting German date formats in *mysite/_config.php*: Example: Setting German date formats in *mysite/_config.php*:

View File

@ -253,7 +253,7 @@ actions accessible through URL routing. Methods that need automatic CSRF
protection (most form actions) should NOT be included in $allowed_actions, protection (most form actions) should NOT be included in $allowed_actions,
their protection is handled through request handling in the form class itself. their protection is handled through request handling in the form class itself.
See [security](/topics/security#limiting_url-access_to_controller_methods) documentation for more details. See [security](/developer_guides/controllers/access_control/#allowed-actions) documentation for more details.
#### Impact #### Impact

View File

@ -34,7 +34,7 @@ on those fields, this wasn't correctly applied. The following methods are affect
If you have used any of these transformations with untrusted values If you have used any of these transformations with untrusted values
(e.g. from a user-submitted form), please consider updating. (e.g. from a user-submitted form), please consider updating.
More info about SilverStripe's casting logic is available in the "[security](../topics/security)" documentation. More info about SilverStripe's casting logic is available in the "[security](/developer_guides/security)" documentation.
### Security: Cross-site scripting (XSS) related to page titles in the CMS ### Security: Cross-site scripting (XSS) related to page titles in the CMS

View File

@ -41,7 +41,7 @@ The detailed change logs are broken down by pre-release:
### Common Upgrade Tasks ### Common Upgrade Tasks
* Rename foder from `sapphire/`to `framework/`, replace own paths with `FRAMEWORK_DIR` (in PHP) or `$ModulePath(framework)` (in templates). Update paths in `.htaccess` or `web.config` ([more](/changelogs/3.0.0#sapphire-rename)) * Rename foder from `sapphire/`to `framework/`, replace own paths with `FRAMEWORK_DIR` (in PHP) or `$ModulePath(framework)` (in templates). Update paths in `.htaccess` or `web.config` ([more](/changelogs/3.0.0#sapphire-rename))
* Replace `<% control %>` in your templates with `<% loop %>` and `<% with %>` ([more](/reference/templates-upgrading-guide#control)) * Replace `<% control %>` in your templates with `<% loop %>` and `<% with %>` ([more](/developer_guides/templates))
* Replace `DataObjectSet` with `DataList` or `ArrayList` ([more](/changelogs/3.0.0#deprecated-classes)) * Replace `DataObjectSet` with `DataList` or `ArrayList` ([more](/changelogs/3.0.0#deprecated-classes))
* Rewrite `ComplexTableField` and `DataObjectManager` instances to `GridField` ([more](/changelogs/3.0.0#gridfield-replacement-for-tablelistfield-and-complextablefield-gridfield)) * Rewrite `ComplexTableField` and `DataObjectManager` instances to `GridField` ([more](/changelogs/3.0.0#gridfield-replacement-for-tablelistfield-and-complextablefield-gridfield))
* Rewrite `Director::redirect()` and `Director::redirectBack()` calls ([more](/changelogs/3.0.0#director-static-functions-deprecated-e-g-redirect-and-redirectback) * Rewrite `Director::redirect()` and `Director::redirectBack()` calls ([more](/changelogs/3.0.0#director-static-functions-deprecated-e-g-redirect-and-redirectback)
@ -61,7 +61,7 @@ which points to the framework directory, and in the templates you can use `$Modu
### GridField: Replacement for TableListField and ComplexTableField [gridfield]### ### GridField: Replacement for TableListField and ComplexTableField [gridfield]###
We have a new component for managing lists of objects: The `[GridField](/reference/grid-field)`. We have a new component for managing lists of objects: The `[GridField](/developer_guides/forms/field_types/gridfield)`.
It's a substantial rewrite of the features previously captured by `TableListField`, It's a substantial rewrite of the features previously captured by `TableListField`,
`ComplexTableField`, `HasManyComplexTableField` and `ManyManyComplexTableField`. `ComplexTableField`, `HasManyComplexTableField` and `ManyManyComplexTableField`.
@ -97,7 +97,7 @@ Upgrade example: Relationship editing
// after // after
$field = new GridField('MyRelation', null, $myRecord->MyRelation(), GridFieldConfig_RelationEditor::create()); $field = new GridField('MyRelation', null, $myRecord->MyRelation(), GridFieldConfig_RelationEditor::create());
More information is available in the [GridField documentation](/reference/grid-field). More information is available in the [GridField documentation](/developer_guides/forms/field_types/gridfield).
### Object static functions replaced with new Config class {#new-config} ### Object static functions replaced with new Config class {#new-config}
Static functions for getting a static variable on the `Object` class have been deprecated, Static functions for getting a static variable on the `Object` class have been deprecated,
@ -215,7 +215,7 @@ for the presence of records, please call the count() method on the `DataList`:
if(!DataObject::get('SiteTree', '"ParentID" = 5')->count()) echo "Page 5 has no children"; if(!DataObject::get('SiteTree', '"ParentID" = 5')->count()) echo "Page 5 has no children";
Beware that `DataList->remove()` will delete an entry from the database. Beware that `DataList->remove()` will delete an entry from the database.
See the ["datamodel" documentation](../topics/datamodel) for more details. See the ["datamodel" documentation](/developer_guides/model/data_model_and_orm) for more details.
### New ORM: Changes to manipulation of SQL queries {#new-orm-sql-queries} ### New ORM: Changes to manipulation of SQL queries {#new-orm-sql-queries}
@ -334,8 +334,7 @@ Now in SilverStripe 3.x, nested structures are arrays:
### New template engine [templates]### ### New template engine [templates]###
The template engine has been completely rewritten, and although it is generally backward compatible, there are new features The template engine has been completely rewritten, and although it is generally backward compatible, there are new features
and some features have been deprecated. See the [template upgrading guide](/reference/templates-upgrading-guide) and the and some features have been deprecated. See the [template reference](/developer_guides/templates) for more information.
[template reference](/reference/templates) for more information.
### Removed view-specific accessors from ViewableData #### ### Removed view-specific accessors from ViewableData ####
@ -343,7 +342,7 @@ Several methods in ViewableData that were originally added to expose values to t
in order to stop polluting the namespace. These were sometimes called by project-specific PHP code too, and that code in order to stop polluting the namespace. These were sometimes called by project-specific PHP code too, and that code
will need re-working. will need re-working.
See the [template upgrading guide](/reference/templates-upgrading-guide) for a list of methods and their replacements. See the [template reference](/developer_guides/templates) for a list of method replacements.
### New user interface for CMS [ui]### ### New user interface for CMS [ui]###
@ -354,9 +353,9 @@ the detailed changelog for this release. Many interface components have changed
unfortunately there is no clear upgrade path for every interface detail. unfortunately there is no clear upgrade path for every interface detail.
As a starting point, have a look at the new templates in `cms/templates` As a starting point, have a look at the new templates in `cms/templates`
and `framework/admin/templates`, as well as the new [jQuery.entwine](https://github.com/hafriedlander/jquery.entwine) and `framework/admin/templates`, as well as the new [jQuery.entwine](https://github.com/hafriedlander/jquery.entwine)
based JavaScript logic. Have a look at the new ["Extending the CMS" guide](../howto/extend-cms-interface), based JavaScript logic. Have a look at the new ["Extending the CMS" guide](/developer_guides/customising_the_admin_interface/how_tos/extend_cms_interface),
["CSS" guide](../topics/css), ["JavaScript" guide](../topics/javascript) and ["CSS" guide](/developer_guides/customising_the_admin_interface/typography), ["JavaScript" guide](/developer_guides/customising_the_admin_interface/javascript_development) and
["CMS Architecture" guide](/reference/cms-architecture) to get you started. ["CMS Architecture" guide](/developer_guides/customising_the_admin_interface/cms_architecture) to get you started.
### New tree library [tree]### ### New tree library [tree]###
@ -436,9 +435,9 @@ ModelAdmin has been substanially rewritten to natively support the `[api:GridFie
for more flexible data presentation (replacing `[api:ComplexTableField]`), for more flexible data presentation (replacing `[api:ComplexTableField]`),
and the `[api:DataList]` API for more expressive querying. and the `[api:DataList]` API for more expressive querying.
If you have overwritten any methods in the class, customized templates, If you have overwritten any methods in the class, customised templates,
or implemented your own `$collection_controller_class`/`$record_controller_class` controllers, or implemented your own `$collection_controller_class`/`$record_controller_class` controllers,
please refer to the new [ModelAdmin documentation](/reference/modeladmin) please refer to the new [ModelAdmin documentation](/developer_guides/customising_the_admin_interface/modeladmin)
on details for how to achieve the same goals in the new class. on details for how to achieve the same goals in the new class.
### Stylesheet preprocessing via SCSS and the "compass" module [scss]### ### Stylesheet preprocessing via SCSS and the "compass" module [scss]###

View File

@ -30,7 +30,7 @@ state of a database record.
Fix: Apply 3.0.4 update. In addition, we strongly recommend to define `$allowed_actions` Fix: Apply 3.0.4 update. In addition, we strongly recommend to define `$allowed_actions`
on all controller classes to ensure the intentions are clearly communicated. on all controller classes to ensure the intentions are clearly communicated.
Read more about `$allowed_actions` in our "[controller](/topics/controller/#access-control)" Read more about `$allowed_actions` in our "[controller](/developer_guides/controllers/access_control)"
docs. docs.
Reporter: Zann St Pierre Reporter: Zann St Pierre
@ -47,8 +47,8 @@ configuration values added in your own project, or a third party module.
Resolution: Update your `.htaccess` file (for Apache), or your `web.config` file (for IIS) Resolution: Update your `.htaccess` file (for Apache), or your `web.config` file (for IIS)
with the new files from the project root, and reapply any customizations you've made. with the new files from the project root, and reapply any customizations you've made.
Follow the [general upgrade instructions](/installation/upgrading). Follow the [general upgrade instructions](/upgrading).
The [nginx installation instructions](/installation/nginx) The [nginx installation instructions](/getting_started/installation/how_to/configure_nginx)
have also been updated to reflect those changes. have also been updated to reflect those changes.
### Security: Information exposure through web access on composer files ### Security: Information exposure through web access on composer files
@ -64,8 +64,8 @@ versions of SilverStripe.
Resolution: Update your `.htaccess` file (for Apache), or your `web.config` file (for IIS) Resolution: Update your `.htaccess` file (for Apache), or your `web.config` file (for IIS)
with the new files from the project root, and reapply any customizations you've made. with the new files from the project root, and reapply any customizations you've made.
Follow the [general upgrade instructions](/installation/upgrading). Follow the [general upgrade instructions](/upgrading).
The [nginx installation instructions](/installation/nginx) The [nginx installation instructions](/getting_started/installation/how_to/configure_nginx)
have also been updated to reflect those changes. have also been updated to reflect those changes.

View File

@ -34,7 +34,7 @@
* Optional integration with ImageMagick as a new image manipulation backend * Optional integration with ImageMagick as a new image manipulation backend
* Support for PHP 5.4's built-in webserver * Support for PHP 5.4's built-in webserver
* Support for [Composer](http://getcomposer.org) dependency manager (also works with 3.0) * Support for [Composer](http://getcomposer.org) dependency manager (also works with 3.0)
* Added support for filtering incoming HTML from TinyMCE (disabled by default, see [security](/topics/security)) * Added support for filtering incoming HTML from TinyMCE (disabled by default, see [security](/developer_guides/security))
* Behaviour testing support through [Behat](http://behat.org), with CMS test coverage * Behaviour testing support through [Behat](http://behat.org), with CMS test coverage
(see the [SilverStripe Behat Extension]() for details) (see the [SilverStripe Behat Extension]() for details)
@ -48,7 +48,7 @@ it can facilitate [denial-of-service attacks](https://en.wikipedia.org/wiki/Deni
To prevent this, main.php now checks and only allows the flush parameter in the following cases: To prevent this, main.php now checks and only allows the flush parameter in the following cases:
* The [environment](/topics/environment-management) is in "dev mode" * The [environment](/getting_started/environment_management) is in "dev mode"
* A user is logged in with ADMIN permissions * A user is logged in with ADMIN permissions
* An error occurs during startup * An error occurs during startup
@ -233,7 +233,7 @@ needs to be explicitly denied through these configuration files (see the [3.0.5
for details. for details.
</div> </div>
For more information about how to use the config system, see the ["Configuration" topic](/topic/configuration). For more information about how to use the config system, see the ["Configuration" topic](/developer_guides/configuration).
### Deny URL access if `Controller::$allowed_actions` is undefined or empty array ### Deny URL access if `Controller::$allowed_actions` is undefined or empty array
@ -253,7 +253,7 @@ by setting the `RequestHandler.require_allowed_actions` config value to `false`
This applies to anything extending `RequestHandler`, so please check your `Form` and `FormField` This applies to anything extending `RequestHandler`, so please check your `Form` and `FormField`
subclasses as well. Keep in mind, action methods as denoted through `FormAction` names should NOT subclasses as well. Keep in mind, action methods as denoted through `FormAction` names should NOT
be mentioned in `$allowed_actions` to avoid CSRF issues. be mentioned in `$allowed_actions` to avoid CSRF issues.
Please review all rules governing allowed actions in the ["controller" topic](/topics/controller). Please review all rules governing allowed actions in the ["controller" topic](/developer_guides/controllers/access_control/#allowed-actions).
### Removed support for "*" rules in `Controller::$allowed_actions` ### Removed support for "*" rules in `Controller::$allowed_actions`
@ -272,7 +272,7 @@ you'll need to specificy each accessible action individually.
} }
Please review all rules governing allowed actions in the Please review all rules governing allowed actions in the
["controller" topic](/topics/controller). ["controller" topic](/developer_guides/controllers/access_control/#allowed-actions).
### Removed support for overriding rules on parent classes through `Controller::$allowed_actions` ### Removed support for overriding rules on parent classes through `Controller::$allowed_actions`
@ -295,7 +295,7 @@ which now have to be listed in the `$allowed_actions` specifically.
It also restricts `Extension` classes applied to controllers, which now It also restricts `Extension` classes applied to controllers, which now
can only grant or deny access or methods they define themselves. can only grant or deny access or methods they define themselves.
New approach with the [Config API](/topics/configuration) New approach with the [Config API](/developer_guides/configuration/configuration)
:::php :::php
class MySubController extends MyController { class MySubController extends MyController {
@ -309,7 +309,7 @@ New approach with the [Config API](/topics/configuration)
} }
Please review all rules governing allowed actions in the Please review all rules governing allowed actions in the
["controller" topic](/topics/controller). ["controller" topic](/developer_guides/controllers/access_control/#allowed-actions).
### Grouped CMS Buttons ### Grouped CMS Buttons
@ -377,7 +377,7 @@ Since `GridField` is used in `ModelAdmin`, this change will affect both classes.
return Permission::check('CMS_ACCESS_CMSMain', 'any', $member); return Permission::check('CMS_ACCESS_CMSMain', 'any', $member);
} }
You can also implement [custom permission codes](/topics/permissions). You can also implement [custom permission codes](/developer_guides/security/permissions).
For 3.1.0 stable, we aim to further simplify the permission definitions, For 3.1.0 stable, we aim to further simplify the permission definitions,
in order to reduce the boilerplate code required to get a model editable in the CMS. in order to reduce the boilerplate code required to get a model editable in the CMS.
@ -493,7 +493,7 @@ you can enable those warnings and future-proof your code already.
Hierarchy.node_threshold_leaf`. Set to `0` to show tree unrestricted. Hierarchy.node_threshold_leaf`. Set to `0` to show tree unrestricted.
* `Object` now has `beforeExtending` and `afterExtending` to inject behaviour around method extension. * `Object` now has `beforeExtending` and `afterExtending` to inject behaviour around method extension.
`DataObject` also has `beforeUpdateCMSFields` to insert fields between automatic scaffolding and extension `DataObject` also has `beforeUpdateCMSFields` to insert fields between automatic scaffolding and extension
by `updateCMSFields`. See the [DataExtension Reference](/reference/dataextension) for more information. by `updateCMSFields`. See the [DataExtension Reference](/developer_guides/model/extending_dataobjects) for more information.
* Magic quotes is now deprecated. Will trigger user_error on live sites, as well as an error on new installs * Magic quotes is now deprecated. Will trigger user_error on live sites, as well as an error on new installs
* Support for Apache 1.x is removed. * Support for Apache 1.x is removed.
* Forms created in the CMS should now be instances of a new `CMSForm` class, * Forms created in the CMS should now be instances of a new `CMSForm` class,

View File

@ -6,7 +6,7 @@ This release includes several security fixes to prevent HTTP Hostname injection,
as well as a fix for flush or isDev querystring parameters as well as a fix for flush or isDev querystring parameters
to be set via unauthenticated requests. to be set via unauthenticated requests.
Users upgrading from 3.1.12 or below should read the [security documentation](/security/secure_coding) Users upgrading from 3.1.12 or below should read the [security documentation](/developer_guides/security/secure_coding)
on securing their site. on securing their site.
### Security ### Security

View File

@ -14,7 +14,7 @@ will be disabled. If multiple authenticators are used, only supported ones will
In order to create a CMS supported version the `Authenticator::supports_cms` and `Authenticator::get_cms_login_form` In order to create a CMS supported version the `Authenticator::supports_cms` and `Authenticator::get_cms_login_form`
methods should be overridden. See `[api:MemberAuthenticator]` for an example implementation. methods should be overridden. See `[api:MemberAuthenticator]` for an example implementation.
Check the documentation at the [Authentication](/topics/authentication) topic. Check the documentation at the [Authentication](/developer_guides/security/authentication) topic.
### Default Admin ### Default Admin

View File

@ -597,8 +597,8 @@ After:
$things = MyObject::get()->where(array('"MyObject"."Name" = ?' => $name)); $things = MyObject::get()->where(array('"MyObject"."Name" = ?' => $name));
$list = DataList::create('Banner')->where(array( $list = DataList::create('Banner')->where(array(
'"ParentID" IS NOT NULL', '"ParentID" IS NOT NULL',
'"Title" = ?', $title '"Title" = ?' => $title,
); ));
#### 3. Interaction with `DataList::sql()`, `DataQuery::sql()`, `SQLQuery::sql()`, or `SQLQuery::getJoins()` methods #### 3. Interaction with `DataList::sql()`, `DataQuery::sql()`, `SQLQuery::sql()`, or `SQLQuery::getJoins()` methods

View File

@ -27,14 +27,14 @@ DataList handles filtering in a more fluent way than using raw where calls. The
When this query is executed it will contain all members with firstname of Sam but not with lastname Magnusson sorted by age ascending When this query is executed it will contain all members with firstname of Sam but not with lastname Magnusson sorted by age ascending
For more information see documentation at [/topics/datamodel](../../topics/datamodel). For more information see documentation at [datamodel](/developer_guides/model/searchfilters).
### Grid Field ### Grid Field
GridField has changed since 3.0.0-alpha1 to be more flexible. Any previous implementation are broken GridField has changed since 3.0.0-alpha1 to be more flexible. Any previous implementation are broken
and need to be changed according to the new API. and need to be changed according to the new API.
For implementation details see documentation at [/reference/grid-field](../../reference/grid-field). For implementation details see documentation at [grid-field](/developer_guides/forms/field_types/gridfield).
## Upgrading ## ## Upgrading ##

View File

@ -15,7 +15,7 @@ it can facilitate [denial-of-service attacks](https://en.wikipedia.org/wiki/Deni
To prevent this, main.php now checks and only allows the flush parameter in the following cases: To prevent this, main.php now checks and only allows the flush parameter in the following cases:
* The [environment](/topics/environment-management) is in "dev mode" * The [environment](/getting_started/environment_management) is in "dev mode"
* A user is logged in with ADMIN permissions * A user is logged in with ADMIN permissions
* An error occurs during startup * An error occurs during startup

View File

@ -14,7 +14,7 @@ will be disabled. If multiple authenticators are used, only supported ones will
In order to create a CMS supported version the `Authenticator::supports_cms` and `Authenticator::get_cms_login_form` In order to create a CMS supported version the `Authenticator::supports_cms` and `Authenticator::get_cms_login_form`
methods should be overridden. See `[api:MemberAuthenticator]` for an example implementation. methods should be overridden. See `[api:MemberAuthenticator]` for an example implementation.
Check the documentation at the [Authentication](/topics/authentication) topic. Check the documentation at the [Authentication](/developer_guides/security/authentication) topic.
### Default Admin ### Default Admin

View File

@ -152,7 +152,7 @@ After you have edited the file, GitHub will offer to create a pull request for y
* Check and update documentation on [docs.silverstripe.org](http://docs.silverstripe.org). Check for any references to functionality deprecated or extended through your patch. Documentation changes should be included in the patch. * Check and update documentation on [docs.silverstripe.org](http://docs.silverstripe.org). Check for any references to functionality deprecated or extended through your patch. Documentation changes should be included in the patch.
* When introducing something "noteworthy" (new feature, API change), [update the release changelog](/changelogs) for the next release this commit will be included in. * When introducing something "noteworthy" (new feature, API change), [update the release changelog](/changelogs) for the next release this commit will be included in.
* If you get stuck, please post to the [forum](http://silverstripe.org/forum) or for deeper core problems, to the [core mailinglist](https://groups.google.com/forum/#!forum/silverstripe-dev) * If you get stuck, please post to the [forum](http://silverstripe.org/forum) or for deeper core problems, to the [core mailinglist](https://groups.google.com/forum/#!forum/silverstripe-dev)
* When working with the CMS, please read the ["CMS Architecture Guide"](/developer_guides/customising_the_admin_interface/cms_architecture/) first * When working with the CMS, please read the ["CMS Architecture Guide"](/developer_guides/customising_the_admin_interface/cms_architecture) first
## Commit Messages ## Commit Messages

View File

@ -35,6 +35,7 @@ As a core contributor it is necessary to have installed the following set of too
- `pip install transifex-client` - `pip install transifex-client`
* [AWS CLI tools](https://aws.amazon.com/cli/): * [AWS CLI tools](https://aws.amazon.com/cli/):
- `pip install awscli` - `pip install awscli`
* The `tar` and `zip` commands
* A good _ss_environment.php setup in your localhost webroot. * A good _ss_environment.php setup in your localhost webroot.
Example `_ss_environment.php`: Example `_ss_environment.php`:
@ -72,6 +73,7 @@ the [core committers](core_committers), who will assist with setting up your cre
* Admin permissions on [transifex](https://www.transifex.com/silverstripe/). * Admin permissions on [transifex](https://www.transifex.com/silverstripe/).
* AWS write permissions on the `silverstripe-ssorg-releases` s3 bucket. * AWS write permissions on the `silverstripe-ssorg-releases` s3 bucket.
* Permission on [silverstripe release announcement](https://groups.google.com/forum/#!forum/silverstripe-announce). * Permission on [silverstripe release announcement](https://groups.google.com/forum/#!forum/silverstripe-announce).
* Moderator permissions in the #silverstripe [IRC channel]((http://www.silverstripe.org/community/contributing-to-silverstripe/irc-channel/))
### First time setup: Security releases ### First time setup: Security releases
@ -90,7 +92,7 @@ When doing a security release, typically one or more (or sometimes all) of the b
steps will need to be performed manually. As such, this guide should not be followed steps will need to be performed manually. As such, this guide should not be followed
exactly the same for these. exactly the same for these.
Standard practice is to produce an RC for any patched modules on the security Standard practice is to produce a pre-release for any patched modules on the security
forks for cms and framework (see [silverstripe-security](https://github.com/silverstripe-security)). forks for cms and framework (see [silverstripe-security](https://github.com/silverstripe-security)).
<div class="warning" markdown="1"> <div class="warning" markdown="1">
@ -116,28 +118,50 @@ Producing a security fix follows this general process:
* Push the current upstream target branches (e.g. 3.2) to the corresponding security fork * Push the current upstream target branches (e.g. 3.2) to the corresponding security fork
to a new branch named for the target release (e.g. 3.2.4). Security fixes should be to a new branch named for the target release (e.g. 3.2.4). Security fixes should be
applied to this branch only. Once a fix (or fixes) have been applied to this branch, then applied to this branch only. Once a fix (or fixes) have been applied to this branch, then
an RC tag can be applied, and a private release can then be developed in order a tag can be applied, and a private release can then be developed in order
to test this RC. to test this release.
* Once RC testing is completed and the release is ready for stabilisation, then these fixes * Once release testing is completed and the release is ready for stabilisation, then these fixes
can then be pushed to the upstream module fork, and the release completed and published can then be pushed to the upstream module fork, and the release completed as per normal.
as per normal. Make sure to publish any draft security pages at the same time as the release is published (same day).
* After the final release has been published, close related JIRA issues
at [open source security jira](https://silverstripe.atlassian.net/secure/RapidBoard.jspa?rapidView=198&view=detail)
<div class="warning" markdown="1">
Note: It's not considered acceptable to disclose any security vulnerability until a fix exists in
a public stable, not an RC or dev-branch. Security warnings that do not require a stable release
can be published as soon as a workaround or usable resolution exists.
</div>
## Standard release process ## Standard release process
The release process, at a high level, involves creating an RC, publishing it, and The release process, at a high level, involves creating a release, publishing it, and
reviewing the need for either another RC or a final stable tag within a short period reviewing the need for either another pre-release or a final stable tag within a short period
(normally within 3-5 business days). (normally within 3-5 business days).
During the RC cycle a temporary RC branch is created, and should only receive During the pre-release cycle a temporary branch is created, and should only receive
absolutely critical fixes during the RC cycle. Any changes to this branch should absolutely critical fixes during the cycle. Any changes to this branch should
result in the requirement for a new RC, thus a higher level of scrutiny is typically result in the requirement for a new release, thus a higher level of scrutiny is typically
placed on any pull request to these branches. placed on any pull request to these branches.
When creating a new RC or stable, the following process is broken down into two When creating a new pre-release or stable, the following process is broken down into two
main sets of commands: main sets of commands:
### Stage 1: Release preparation: ### Stage 1: Release preparation:
If you are managing a release, it's best to first make sure that SilverStripe marketing
are aware of any impending release. This is so that they can ensure that a relevant blog
post will appear on [www.silverstripe.org/blog](http://www.silverstripe.org/blog/), and
cross-posted to other relevant channels such as Twitter and Facebook.
Sending an email to [marketing@silverstripe.com](mailto:marketing@silverstripe.com)
with an overview of the release and a rough release timeline.
Check all tickets ([framework](https://github.com/silverstripe/silverstripe-framework/milestones),
[cms](https://github.com/silverstripe/silverstripe-cms/milestones),
[installer](https://github.com/silverstripe/silverstripe-installer/milestones)) assigned to that milestone are
either closed or reassigned to another milestone.
Merge up from other older supported release branches (e.g. merge `3.1`->`3.2`, `3.2`->`3.3`, `3.3`->`3`, `3`->`master`).
This is the part of the release that prepares and tests everything locally, but This is the part of the release that prepares and tests everything locally, but
doe not make any upstream changes (so it's safe to run without worrying about doe not make any upstream changes (so it's safe to run without worrying about
any mistakes migrating their way into the public sphere). any mistakes migrating their way into the public sphere).
@ -154,7 +178,7 @@ This command has the following parameters:
newest 3.2.x version). You can normally leave this out for patch releases, newest 3.2.x version). You can normally leave this out for patch releases,
and the code will normally be able to guess the right version, but you may and the code will normally be able to guess the right version, but you may
as well declare it every time. as well declare it every time.
* `--branch-auto` Will automatically create a new RC branch (e.g. 3.2.4) if * `--branch-auto` Will automatically create a new temporary release branch (e.g. 3.2.4) if
one does not exist. one does not exist.
This can take between 5-15 minutes, and will invoke the following steps, This can take between 5-15 minutes, and will invoke the following steps,
@ -166,10 +190,10 @@ and needs to be manually advanced):
will look at the available versions and branch-aliases of silverstripe/installer will look at the available versions and branch-aliases of silverstripe/installer
to determine the best version to install from. E.g. installing 4.0.0 will to determine the best version to install from. E.g. installing 4.0.0 will
know to install dev-master, and installing 3.3.0 will install from 3.x-dev. know to install dev-master, and installing 3.3.0 will install from 3.x-dev.
If installing RC versions for stabilisation, it will use the correct RC If installing pre-release versions for stabilisation, it will use the correct
branch. temporary release branch.
* `release:branch` If release:create installed from a non-rc branch, it will * `release:branch` If release:create installed from a non-rc branch, it will
create the new RC branch (via `--branch-auto`). You can also customise this branch create the new temporary release branch (via `--branch-auto`). You can also customise this branch
with `--branch=<branchname>`, but it's best to use the standard. with `--branch=<branchname>`, but it's best to use the standard.
* `release:translate` All upstream transifex strings will be pulled into the * `release:translate` All upstream transifex strings will be pulled into the
local master strings, and then the [api:i18nTextCollector] task will be invoked local master strings, and then the [api:i18nTextCollector] task will be invoked
@ -193,10 +217,23 @@ Once the release task has completed, it may be ideal to manually test the site o
by running it locally (e.g. `http://localhost/release-3.3.4`) to do some smoke-testing by running it locally (e.g. `http://localhost/release-3.3.4`) to do some smoke-testing
and make sure that there are no obvious issues missed. and make sure that there are no obvious issues missed.
Since `cow` will only run the unit test suite, you'll need to check
the build status of Behat end-to-end tests manually on travis-ci.org
for the various modules (e.g. [framework](https://travis-ci.org/silverstripe/silverstripe-framework))
and [cms](https://travis-ci.org/silverstripe/silverstripe-cms)).
It's also ideal to eyeball the git changes generated by the release tool, making sure It's also ideal to eyeball the git changes generated by the release tool, making sure
that no translation strings were unintentionally lost, or that the changelog that no translation strings were unintentionally lost, no malicious changes were
introduced in the (community contributed) translations, and that the changelog
was generated correctly. was generated correctly.
In particular, double check that all necessary information is included in the release notes,
including:
* Upgrading notes
* Security fixes included
* Major changes
Once this has been done, then the release is ready to be published live. Once this has been done, then the release is ready to be published live.
### Stage 2: Release publication ### Stage 2: Release publication
@ -214,7 +251,7 @@ As with the `cow release` command, this step is broken down into the following
subtasks which are invoked in sequence: subtasks which are invoked in sequence:
* `release:tag` Each module will have the appropriate tag applied (except the theme). * `release:tag` Each module will have the appropriate tag applied (except the theme).
* `release:push` The RC branches and all tags are pushed up to origin on github. * `release:push` The temporary release branches and all tags are pushed up to origin on github.
* `release:archive` This will generate a new tar.gz and zip archive, each for * `release:archive` This will generate a new tar.gz and zip archive, each for
cms and framework-only installations. These will be copied to the root folder cms and framework-only installations. These will be copied to the root folder
of the release directory, although the actual build will be created in temporary of the release directory, although the actual build will be created in temporary
@ -231,11 +268,11 @@ Once all of these commands have completed there are a couple of final tasks left
aren't strictly able to be automated: aren't strictly able to be automated:
* If this is a stable release, it will be necessary to perform a post-release merge * If this is a stable release, it will be necessary to perform a post-release merge
on open source. This normally will require you to merge the RC branch into the on open source. This normally will require you to merge the temporary release branch into the
source branch (e.g. merge 3.2.4 into 3.2), or sometimes create new branches if source branch (e.g. merge 3.2.4 into 3.2), or sometimes create new branches if
releasing a new minor version, and bumping up the branch-alias in composer.json. releasing a new minor version, and bumping up the branch-alias in composer.json.
E.g. branching 3.3 from 3, and aliasing 3 as 3.4.x-dev. You can then delete E.g. branching 3.3 from 3, and aliasing 3 as 3.4.x-dev. You can then delete
the temporary RC branches. This will need to be done before updating the the temporary release branches. This will need to be done before updating the
release documentation in stage 3. release documentation in stage 3.
* Merging up the changes in this release to newer branches, following the * Merging up the changes in this release to newer branches, following the
SemVer pattern (e.g. 3.2.4 > 3.2 > 3.3 > 3 > master). The more often this is SemVer pattern (e.g. 3.2.4 > 3.2 > 3.3 > 3 > master). The more often this is
@ -251,6 +288,25 @@ aren't strictly able to be automated:
* Make sure that the [releases page](https://github.com/silverstripe/silverstripe-installer/releases) * Make sure that the [releases page](https://github.com/silverstripe/silverstripe-installer/releases)
on github shows the new tag. on github shows the new tag.
*Updating non-patch versions*
If releasing a new major or minor version it may be necessary to update various SilverStripe portals. Normally a new
minor version will require a new branch option to be made available on each site menu. These sites include:
* [docs.silverstripe.org](https://docs.silverstripe.org): Update on [github](https://github.com/silverstripe/doc.silverstripe.org)
and deployed internally.
* [api.silverstripe.org](https://api.silverstripe.org): Update on [github](https://github.com/silverstripe/api.silverstripe.org)
and deployed internally.
* [userhelp.silverstripe.org](https://userhelp.silverstripe.org/en/3.2): Update on
[github](https://github.com/silverstripe/userhelp.silverstripe.org) and deployed internally.
The content for this site is pulled from [silverstripe-userhelp-content](https://github.com/silverstripe/silverstripe-userhelp-content)
* [demo.silverstripe.org](http://demo.silverstripe.org/): Update on
[github](https://github.com/silverstripe/demo.silverstripe.org/) and deployed internally.
It's also a good idea to check that `Deprecation::notification_version('4.0.0');` in framework/_config.php points to
the right major version. This should match the major version of the current release. E.g. all versions of 4.x
should be set to `4.0.0`.
### Stage 3: Let the world know ### Stage 3: Let the world know
Once a release has been published there are a few places where user documentation Once a release has been published there are a few places where user documentation
@ -258,7 +314,7 @@ will need to be regularly updated.
* Make sure that the [download page](http://www.silverstripe.org/download) on * Make sure that the [download page](http://www.silverstripe.org/download) on
silverstripe.org has the release available. If it's a stable, it will appear silverstripe.org has the release available. If it's a stable, it will appear
at the top of the page. If an RC pre-release, it will be available under the at the top of the page. If it's a pre-release, it will be available under the
[development builds](http://www.silverstripe.org/download#download-releases) [development builds](http://www.silverstripe.org/download#download-releases)
section. If it's not available, you might need to check that the release was section. If it's not available, you might need to check that the release was
properly uploaded to aws s3, or that you aren't viewing a cached version of properly uploaded to aws s3, or that you aren't viewing a cached version of
@ -277,7 +333,7 @@ will need to be regularly updated.
* Create a release announcement forum sticky on the * Create a release announcement forum sticky on the
[releases and announcements](http://www.silverstripe.org/community/forums/releases-and-announcements/) [releases and announcements](http://www.silverstripe.org/community/forums/releases-and-announcements/)
forum category. Make this a global read-only sticky, and un-sticky any older release. forum category. Make this a global read-only sticky, and un-sticky any older release.
* Update the IRC topic to include the new release version. * Update the #silverstripe [IRC](http://www.silverstripe.org/community/contributing-to-silverstripe/irc-channel/) topic to include the new release version.
### Stage 4: Web platform installer release ### Stage 4: Web platform installer release

View File

@ -272,6 +272,7 @@ class ConfirmedPasswordField extends FormField {
} else { } else {
if($value || (!$value && $this->canBeEmpty)) { if($value || (!$value && $this->canBeEmpty)) {
$this->value = $value; $this->value = $value;
$this->confirmValue = $value;
} }
} }
@ -281,7 +282,7 @@ class ConfirmedPasswordField extends FormField {
->setValue($this->value); ->setValue($this->value);
$this->children->fieldByName($this->getName() . '[_ConfirmPassword]') $this->children->fieldByName($this->getName() . '[_ConfirmPassword]')
->setValue($this->value); ->setValue($this->confirmValue);
} }
return $this; return $this;

View File

@ -103,6 +103,7 @@ class TreeMultiselectField extends TreeDropdownField {
$titleArray = array(); $titleArray = array();
$idArray = array(); $idArray = array();
$items = $this->getItems(); $items = $this->getItems();
$emptyTitle = _t('DropdownField.CHOOSE', '(Choose)', 'start value of a dropdown');
if($items && count($items)) { if($items && count($items)) {
foreach($items as $item) { foreach($items as $item) {
@ -115,7 +116,7 @@ class TreeMultiselectField extends TreeDropdownField {
$title = implode(", ", $titleArray); $title = implode(", ", $titleArray);
$value = implode(",", $idArray); $value = implode(",", $idArray);
} else { } else {
$title = _t('DropdownField.CHOOSE', '(Choose)', 'start value of a dropdown'); $title = $emptyTitle;
} }
$dataUrlTree = ''; $dataUrlTree = '';
@ -129,6 +130,7 @@ class TreeMultiselectField extends TreeDropdownField {
$properties, $properties,
array( array(
'Title' => $title, 'Title' => $title,
'EmptyTitle' => $emptyTitle,
'Link' => $dataUrlTree, 'Link' => $dataUrlTree,
'Value' => $value 'Value' => $value
) )

View File

@ -667,12 +667,13 @@ ss.editorWrappers['default'] = ss.editorWrappers.tinyMCE;
resetFileField: function() { resetFileField: function() {
// If there's an attached item, remove it // If there's an attached item, remove it
var fileField = this.find('#file'), var fileField = this.find('.ss-uploadfield[id$="file_Holder"]'),
fileUpload = fileField.data('fileupload'), fileUpload = fileField.data('fileupload'),
currentItem = fileField.find('.ss-uploadfield-item[data-fileid]'); currentItem = fileField.find('.ss-uploadfield-item[data-fileid]');
if(currentItem.length) { if(currentItem.length) {
fileUpload._trigger('destroy', null, {content: currentItem}); fileUpload._trigger('destroy', null, {context: currentItem});
fileField.find('.ss-uploadfield-addfile').removeClass('borderTop');
} }
}, },

View File

@ -138,7 +138,7 @@
this[this.getPanel().is(':visible') ? 'closePanel' : 'openPanel'](); this[this.getPanel().is(':visible') ? 'closePanel' : 'openPanel']();
}, },
setTitle: function(title) { setTitle: function(title) {
title = title || this.data('title') || strings.fieldTitle; title = title || this.data('empty-title') || strings.fieldTitle;
this.find('.treedropdownfield-title').html(title); this.find('.treedropdownfield-title').html(title);
this.data('title', title); // separate view from storage (important for search cancellation) this.data('title', title); // separate view from storage (important for search cancellation)

View File

@ -183,7 +183,7 @@ class Group extends DataObject {
// Add roles (and disable all checkboxes for inherited roles) // Add roles (and disable all checkboxes for inherited roles)
$allRoles = PermissionRole::get(); $allRoles = PermissionRole::get();
if(Permission::check('ADMIN')) { if(!Permission::check('ADMIN')) {
$allRoles = $allRoles->filter("OnlyAdminCanApply", 0); $allRoles = $allRoles->filter("OnlyAdminCanApply", 0);
} }
if($this->ID) { if($this->ID) {

View File

@ -378,7 +378,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
* quirky problems (such as using the Windmill 0.3.6 proxy). * quirky problems (such as using the Windmill 0.3.6 proxy).
*/ */
public static function session_regenerate_id() { public static function session_regenerate_id() {
if(!self::$session_regenerate_id) return; if(!self::config()->session_regenerate_id) return;
// This can be called via CLI during testing. // This can be called via CLI during testing.
if(Director::is_cli()) return; if(Director::is_cli()) return;

View File

@ -163,6 +163,10 @@ class Permission extends DataObject implements TemplateGlobalProvider {
$memberID = (is_object($member)) ? $member->ID : $member; $memberID = (is_object($member)) ? $member->ID : $member;
} }
if (!$memberID) {
return false;
}
// Turn the code into an array as we may need to add other permsissions to the set we check // Turn the code into an array as we may need to add other permsissions to the set we check
if(!is_array($code)) $code = array($code); if(!is_array($code)) $code = array($code);

View File

@ -81,4 +81,24 @@ class ConfirmedPasswordFieldTest extends SapphireTest {
); );
} }
public function testFormValidation() {
$form = new Form(
new Controller(),
'Form',
new FieldList($field = new ConfirmedPasswordField('Password')),
new FieldList()
);
$form->loadDataFrom(array(
'Password' => array(
'_Password' => '123',
'_ConfirmPassword' => '999',
)
));
$this->assertEquals('123', $field->children->first()->Value());
$this->assertEquals('999', $field->children->last()->Value());
$this->assertNotEquals($field->children->first()->Value(), $field->children->last()->Value());
}
} }

View File

@ -124,4 +124,14 @@ class PermissionTest extends SapphireTest {
Config::inst()->remove('Permission', 'hidden_permissions'); Config::inst()->remove('Permission', 'hidden_permissions');
$this->assertContains('CMS_ACCESS_LeftAndMain', $permissionCheckboxSet->Field()); $this->assertContains('CMS_ACCESS_LeftAndMain', $permissionCheckboxSet->Field());
} }
public function testEmptyMemberFails() {
$member = new Member();
$this->assertFalse($member->exists());
$this->logInWithPermission('ADMIN');
$this->assertFalse(Permission::checkMember($member, 'ADMIN'));
$this->assertFalse(Permission::checkMember($member, 'CMS_ACCESS_LeftAndMain'));
}
} }