tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Update main.php path to support framework in vendor

Browse Source
This commit is contained in:
Ingo Schommer 2017-10-03 00:30:24 +13:00
parent 31b213be7b
commit 85a951584e
14 changed files with 136 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/en/00_Getting_Started/01_Installation/03_Windows.md
View File

@ -62,7 +62,7 @@ control.
3. Apache rewrite (mod_rewrite) isn't working and it's installed (prior to SilverStripe 3.1.11) 3. Apache rewrite (mod_rewrite) isn't working and it's installed (prior to SilverStripe 3.1.11)
Due to some changes to `mod_dir` in [Apache 2.4](http://httpd.apache.org/docs/current/mod/mod_dir.html#DirectoryCheckHandler) (precedence of handlers), index.php gets added to the URLs as soon as you navigate to the homepage of your site. Further requests are then handled by index.php rather than `mod_rewrite` (framework/main.php). To fix this place the following within the `mod_rewrite` section of your .htaccess file: Due to some changes to `mod_dir` in [Apache 2.4](http://httpd.apache.org/docs/current/mod/mod_dir.html#DirectoryCheckHandler) (precedence of handlers), index.php gets added to the URLs as soon as you navigate to the homepage of your site. Further requests are then handled by index.php rather than `mod_rewrite` (`main.php`). To fix this place the following within the `mod_rewrite` section of your .htaccess file:
``` ```
<IfModule mod_rewrite.c> <IfModule mod_rewrite.c>

5
docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md
View File

@ -22,7 +22,10 @@ On "live" environments, the `?isDev=1` solution is preferred, as it means that y
## mod_rewrite isn't working but it's installed (prior to SilverStripe 3.1.11) ## mod_rewrite isn't working but it's installed (prior to SilverStripe 3.1.11)
Due to some changes to `mod_dir` in [Apache 2.4](http://httpd.apache.org/docs/current/mod/mod_dir.html#DirectoryCheckHandler) (precedence of handlers), index.php gets added to the URLs as soon as you navigate to the homepage of your site. Further requests are then handled by index.php rather than `mod_rewrite` (framework/main.php). To fix this place the following within the `mod_rewrite` section of your .htaccess file: Due to some changes to `mod_dir` in [Apache 2.4](http://httpd.apache.org/docs/current/mod/mod_dir.html#DirectoryCheckHandler)
(precedence of handlers), index.php gets added to the URLs as soon as you navigate to the homepage of your site.
Further requests are then handled by index.php rather than `mod_rewrite` (`main.php`).
To fix this place the following within the `mod_rewrite` section of your .htaccess file:
``` ```
<IfModule mod_rewrite.c> <IfModule mod_rewrite.c>

14
docs/en/00_Getting_Started/01_Installation/How_To/Configure_Lighttpd.md
View File

@ -15,7 +15,7 @@ Silverstripe. Replace "yoursite.com" and "/home/yoursite/public_html/" below.
static-file.exclude-extensions += ( ".ss" ) static-file.exclude-extensions += ( ".ss" )
# Deny access to SilverStripe command-line interface # Deny access to SilverStripe command-line interface
$HTTP["url"] =~ "^/framework/cli-script.php" { $HTTP["url"] =~ "^/vendor/silverstripe/framework/cli-script.php" {
url.access-deny = ( "" ) url.access-deny = ( "" )
} }
@ -27,11 +27,11 @@ Silverstripe. Replace "yoursite.com" and "/home/yoursite/public_html/" below.
# Rewrite URLs so they are nicer # Rewrite URLs so they are nicer
url.rewrite-once = ( url.rewrite-once = (
"^/.*\.[A-Za-z0-9]+.*?$" => "$0", "^/.*\.[A-Za-z0-9]+.*?$" => "$0",
"^/(.*?)(\?|$)(.*)" => "/framework/main.php?url=$1&$3" "^/(.*?)(\?|$)(.*)" => "/vendor/silverstripe/framework/main.php?url=$1&$3"
) )
# Show SilverStripe error page # Show SilverStripe error page
server.error-handler-404 = "/framework/main.php" server.error-handler-404 = "/vendor/silverstripe/framework/main.php"
} }
@ -53,14 +53,14 @@ of Silverstripe on the same host, you can use something like this (be warned, it
url.rewrite-once = ( url.rewrite-once = (
"(?i)(/copy1/.*\.([A-Za-z0-9]+))(.*?)$" => "$0", "(?i)(/copy1/.*\.([A-Za-z0-9]+))(.*?)$" => "$0",
"(?i)(/copy2/.*\.([A-Za-z0-9]+))(.*?)$" => "$0", "(?i)(/copy2/.*\.([A-Za-z0-9]+))(.*?)$" => "$0",
"^/copy1/(.*?)(\?|$)(.*)" => "/copy1/framework/main.php?url=$1&$3", "^/copy1/(.*?)(\?|$)(.*)" => "/copy1/vendor/silverstripe/framework/main.php?url=$1&$3",
"^/copy2/(.*?)(\?|$)(.*)" => "/copy2/framework/main.php?url=$1&$3" "^/copy2/(.*?)(\?|$)(.*)" => "/copy2/vendor/silverstripe/framework/main.php?url=$1&$3"
) )
$HTTP["url"] =~ "^/copy1/" { $HTTP["url"] =~ "^/copy1/" {
server.error-handler-404 = "/copy1/framework/main.php" server.error-handler-404 = "/copy1/vendor/silverstripe/framework/main.php"
} }
$HTTP["url"] =~ "^/copy2/" { $HTTP["url"] =~ "^/copy2/" {
server.error-handler-404 = "/copy2/framework/main.php" server.error-handler-404 = "/copy2/vendor/silverstripe/framework/main.php"
} }
} }

4
docs/en/00_Getting_Started/01_Installation/How_To/Configure_Nginx.md
View File

@ -30,7 +30,7 @@ But enough of the disclaimer, on to the actual configuration — typically in `n
} }
location / { location / {
try_files $uri /framework/main.php?url=$uri&$query_string; try_files $uri vendor/silverstripe/framework/main.php?url=$uri&$query_string;
} }
error_page 404 /assets/error-404.html; error_page 404 /assets/error-404.html;
@ -41,7 +41,7 @@ But enough of the disclaimer, on to the actual configuration — typically in `n
deny all; deny all;
} }
sendfile on; sendfile on;
try_files $uri /framework/main.php?url=$uri&$query_string; try_files $uri vendor/silverstripe/framework/main.php?url=$uri&$query_string;
} }
location ~ /framework/.*(main|rpc|tiny_mce_gzip)\.php$ { location ~ /framework/.*(main|rpc|tiny_mce_gzip)\.php$ {

2
docs/en/00_Getting_Started/01_Installation/How_To/Setup_Nginx_and_HHVM.md
View File

@ -48,7 +48,7 @@ Create `/etc/nginx/silverstripe.conf` and add this configuration:
fastcgi_buffers 4 32k; fastcgi_buffers 4 32k;
location / { location / {
try_files $uri /framework/main.php?url=$uri&$query_string; try_files $uri /vendor/silverstripe/framework/main.php?url=$uri&$query_string;
} }
error_page 404 /assets/error-404.html; error_page 404 /assets/error-404.html;

38
docs/en/00_Getting_Started/04_Directory_Structure.md
View File

@ -9,9 +9,9 @@ directories is meaningful to its logic.
Directory | Description Directory | Description
--------- | ----------- --------- | -----------
`assets/` | Contains images and other files uploaded via the SilverStripe CMS. You can also place your own content inside it, and link to it from within the content area of the CMS. `assets/` | Images and other files uploaded via the SilverStripe CMS. You can also place your own content inside it, and link to it from within the content area of the CMS.
`cms/` | Contains all the files that form the CMS area of your site. Its structure is similar to the mysite/ directory, so if you find something interesting, it should be easy enough to look inside and see how it was built. `resources/`| Public files from modules (added automatically)
`framework/` | The framework that builds both your own site and as the CMS that powers it. Youll be utilising files in this directory often, both directly and indirectly. `vendor/` | SilverStripe modules and other supporting libraries (the framework is in `vendor/silverstripe/framework`)
## Custom Code Structure ## Custom Code Structure
@ -46,20 +46,22 @@ on folder and file naming in SilverStripe core modules.
See [themes](/developer_guides/templates/themes) See [themes](/developer_guides/templates/themes)
## Module Structure {#module_structure} ## Module Structure {#module_structure}
Modules are currently top-level folders that have a `_config.php` file or a `_config/` directory present. Modules are commonly stored as composer packages in the `vendor/` folder.
They should follow the same conventions as posed in "Custom Site Structure" They need to have a `_config.php` file or a `_config/` directory present,
and should follow the same conventions as posed in "Custom Site Structure".
Example Forum: Example Forum:
| Directory | Description | | Directory | Description |
| --------- | ----------- | | --------- | ----------- |
| `forum/` | This directory contains all of your code that defines your website. | | `vendor/silverstripe/blog/`| This directory contains all of your code that defines your website. |
| `forum/code` | PHP code for model and controller (subdirectories are optional) | | `vendor/silverstripe/blog/code` | PHP code for model and controller (subdirectories are optional) |
| ... | ... | | ... | ... |
![](../_images/modules_folder.jpg) Note: Before SilverStripe 4.x, modules were living as top-level folders in the webroot itself.
Some modules might not have been upgraded to support placement in `vendor/`
### Module documentation ### Module documentation
@ -68,7 +70,7 @@ plain text files inside a 'docs' folder located in the module folder. These file
can be written with the Markdown syntax (See [Contributing Documentation](/contributing/documentation)) can be written with the Markdown syntax (See [Contributing Documentation](/contributing/documentation))
and include media such as images or videos. and include media such as images or videos.
Inside the docs folder, developers should organise the markdown files into each Inside the `docs/` folder, developers should organise the markdown files into each
separate language they wish to write documentation for (usually just `en`). Inside separate language they wish to write documentation for (usually just `en`). Inside
each languages' subfolder, developers then have freedom to create whatever structure each languages' subfolder, developers then have freedom to create whatever structure
they wish for organising the documentation they wish. they wish for organising the documentation they wish.
@ -77,14 +79,14 @@ Example Forum Documentation:
| Directory | Description | | Directory | Description |
| --------- | ----------- | | --------- | ----------- |
| `forum/docs` | The docs folder will be picked up by the documentation viewer. | | `blog/docs` | |
| `forum/docs/_manifest_exclude` | Empty file to signify that SilverStripe does not need to load classes from this folder | | `blog/docs/_manifest_exclude` | Empty file to signify that SilverStripe does not need to load classes from this folder |
| `forum/docs/en/` | English documentation | | `blog/docs/en/` | English documentation |
| `forum/docs/en/index.md` | Documentation homepage. Should provide an introduction and links to remaining docs | | `blog/docs/en/index.md` | Documentation homepage. Should provide an introduction and links to remaining docs |
| `forum/docs/en/Getting_Started.md` | Documentation page. Naming convention is Uppercase and underscores. | | `blog/docs/en/Getting_Started.md` | Documentation page. Naming convention is Uppercase and underscores. |
| `forum/docs/en/_images/` | Folder to store any images or media | | `blog/docs/en/_images/` | Folder to store any images or media |
| `forum/docs/en/Some_Topic/` | You can organise documentation into nested folders. Naming convention is Uppercase and underscores. | | `blog/docs/en/Some_Topic/` | You can organise documentation into nested folders. Naming convention is Uppercase and underscores. |
|`forum/docs/en/04_Some_Topic/00_Getting_Started.md`|Structure is created by use of numbered prefixes. This applies to nested folders and documentations pages, index.md should not have a prefix.| | `blog/docs/en/04_Some_Topic/00_Getting_Started.md`|Structure is created by use of numbered prefixes. This applies to nested folders and documentations pages, index.md should not have a prefix.|
## Autoloading ## Autoloading

39
docs/en/02_Developer_Guides/14_Files/03_File_Security.md
View File

@ -344,25 +344,25 @@ The extension can also be globally disabled by removing it at the root level:
If the default server configuration is not appropriate for your specific environment, then you can If the default server configuration is not appropriate for your specific environment, then you can
further customise the .htaccess or web.config by editing one or more of the below: further customise the .htaccess or web.config by editing one or more of the below:
* `Assets_HTAccess.ss`: Template for public permissions on the Apache server. * `PublicAssetAdapter_HTAccess.ss`: Template for public permissions on the Apache server.
* `Assets_WebConfig.ss`: Template for public permissions on the IIS server. * `PublicAssetAdapter_WebConfig.ss`: Template for public permissions on the IIS server.
* `Protected_HTAccess.ss`: Template for the protected store on the Apache server (should deny all requests). * `ProtectedAssetAdapter_HTAccess.ss`: Template for the protected store on the Apache server (should deny all requests).
* `Protected_WebConfig.ss`: Template for the protected store on the IIS server (should deny all requests). * `ProtectedAssetAdapter_WebConfig.ss`: Template for the protected store on the IIS server (should deny all requests).
Each of these files will be regenerated on ?flush, so it is important to ensure that these files are Each of these files will be regenerated on ?flush, so it is important to ensure that these files are
overridden at the template level, not via manually generated configuration files. overridden at the template level, not via manually generated configuration files.
#### Configuring Web Server: Apache server #### Configuring Web Server: Apache server
In order to ensure that public files are served correctly, you should check that your ./assets In order to ensure that public files are served correctly, you should check that your `assets/.htaccess`
.htaccess bypasses PHP requests for files that do exist. The default template bypasses PHP requests for files that do exist. The default template
(declared by `Assets_HTAccess.ss`) has the following section, which may be customised in your project: (declared by `PublicAssetAdapter_HTAccess.ss`) has the following section, which may be customised in your project:
``` ```
# Non existant files passed to requesthandler # Non existant files passed to requesthandler
RewriteCond %{REQUEST_URI} ^(.*)$ RewriteCond %{REQUEST_URI} ^(.*)$
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* ../framework/main.php?url=%1 [QSA] RewriteRule .* ../vendor/silverstripe/framework/main.php?url=%1 [QSA]
``` ```
You will need to ensure that your core apache configuration has the necessary `AllowOverride` You will need to ensure that your core apache configuration has the necessary `AllowOverride`
@ -377,13 +377,14 @@ while ensuring non-existent files are processed via the Framework.
The default rule for IIS is as below (only partial configuration displayed): The default rule for IIS is as below (only partial configuration displayed):
``` ```
<rule name="Protected and 404 File rewrite" stopProcessing="true"> <rule name="Secure and 404 File rewrite" stopProcessing="true">
<match url="^(.*)$" /> <match url="^(.*)$" />
<conditions> <conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" /> <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
</conditions> <add input="../vendor/silverstripe/framework/main.php" matchType="IsFile" />
<action type="Rewrite" url="../framework/main.php?url={R:1}" appendQueryString="true" /> </conditions>
</rule> <action type="Rewrite" url="../vendor/silverstripe/framework/main.php?url={R:1}" appendQueryString="true" />
</rule>
``` ```
You will need to make sure that the `allowOverride` property of your root web.config is not set You will need to make sure that the `allowOverride` property of your root web.config is not set
@ -401,6 +402,6 @@ dynamic requests are processed via the Framework:
``` ```
location ^~ /assets/ { location ^~ /assets/ {
sendfile on; sendfile on;
try_files $uri /framework/main.php?url=$uri&$query_string; try_files $uri vendor/silverstripe/framework/main.php?url=$uri&$query_string;
} }
``` ```

10
docs/en/02_Developer_Guides/16_Execution_Pipeline/index.md
View File

@ -54,12 +54,12 @@ If no file can be directly matched, control is handed off to `framework/main.php
RewriteRule silverstripe-cache(/|$) - [F,L,NC] RewriteRule silverstripe-cache(/|$) - [F,L,NC]
RewriteRule composer\.(json|lock) - [F,L,NC] RewriteRule composer\.(json|lock) - [F,L,NC]
# Process through SilverStripe if no file with the requested name exists. # Non existant files passed to requesthandler
# Pass through the original path as a query parameter, and retain the existing parameters. # Try finding the module in the vendor folder first
RewriteCond %{REQUEST_URI} ^(.*)$ RewriteCond %{REQUEST_URI} ^(.*)$
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* framework/main.php?url=%1 [QSA] RewriteRule .* ../vendor/silverstripe/framework/main.php?url=%1 [QSA]
# If requesting the main script directly, rewrite to the installer # If requesting the main script directly, rewrite to the installer
RewriteCond %{REQUEST_URI} ^(.*)/framework/main.php$ RewriteCond %{REQUEST_URI} ^(.*)/framework/main.php$
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-f
@ -86,7 +86,7 @@ tasks silently in the background.
[configuration file](/getting_started/environment_management) in the webroot. [configuration file](/getting_started/environment_management) in the webroot.
* Sets constants based on the filesystem structure (e.g. `BASE_URL`, `BASE_PATH` and `TEMP_FOLDER`) * Sets constants based on the filesystem structure (e.g. `BASE_URL`, `BASE_PATH` and `TEMP_FOLDER`)
All requests go through `framework/main.php`, which sets up the core [Kernel](api:SilverStripe\Core\Kernel) and [HTTPApplication](api:SilverStripe\Control\HTTPApplication) All requests go through `main.php`, which sets up the core [Kernel](api:SilverStripe\Core\Kernel) and [HTTPApplication](api:SilverStripe\Control\HTTPApplication)
objects. See [/developer_guides/execution_pipeline/app_object_and_kernel] for details on this. objects. See [/developer_guides/execution_pipeline/app_object_and_kernel] for details on this.
The main process follows: The main process follows:

8
docs/en/02_Developer_Guides/17_CLI/index.md
View File

@ -6,12 +6,12 @@ SilverStripe can call [Controllers](../controllers) through a command line inter
web browser. This functionality can be used to automate tasks with cron jobs, run unit tests, or anything else that web browser. This functionality can be used to automate tasks with cron jobs, run unit tests, or anything else that
needs to interface over the command line. needs to interface over the command line.
The main entry point for any command line execution is `framework/cli-script.php`. For example, to run a database The main entry point for any command line execution is `cli-script.php` in the framework module.
rebuild from the command line, use this command: For example, to run a database rebuild from the command line, use this command:
```bash ```bash
cd your-webroot/ cd your-webroot/
php framework/cli-script.php dev/build php vendor/bin/framework/cli-script.php dev/build
``` ```
<div class="notice"> <div class="notice">
@ -159,4 +159,4 @@ The following will run `MyTask` every minute.
```bash ```bash
* * * * * /your/site/folder/sake dev/tasks/MyTask * * * * * /your/site/folder/sake dev/tasks/MyTask
``` ```

37
docs/en/04_Changelogs/4.0.0.md
View File

@ -64,8 +64,7 @@ guide developers in preparing existing 3.x code for compatibility with 4.0
[intervention/image](https://github.com/intervention/image) library to power manipualations. [intervention/image](https://github.com/intervention/image) library to power manipualations.
* Dependencies can managed via [recipe-plugin](https://github.com/silverstripe/recipe-plugin). See [recipe-core](https://github.com/silverstripe/recipe-core) and [recipe-cms](https://github.com/silverstripe/recipe-cms) as examples. * Dependencies can managed via [recipe-plugin](https://github.com/silverstripe/recipe-plugin). See [recipe-core](https://github.com/silverstripe/recipe-core) and [recipe-cms](https://github.com/silverstripe/recipe-cms) as examples.
* Authentication has been upgraded to a modular approach using re-usable interfaces and easier to hook in to LoginHandlers. * Authentication has been upgraded to a modular approach using re-usable interfaces and easier to hook in to LoginHandlers.
* Support for modules installed in vendor folder. See [/developer_guides/extending/how_tos/publish_a_module](the * Core modules are installed in the `vendor/` folder by default (other modules can opt-in, see [guide](/developer_guides/extending/how_tos/publish_a_module))
module publishing guide) for more information.
## <a name="upgrading"></a>Upgrading ## <a name="upgrading"></a>Upgrading
@ -78,6 +77,14 @@ some automated processes that users can run to
This section describes the processes which every project upgrading to 4.0 should follow. This should be followed This section describes the processes which every project upgrading to 4.0 should follow. This should be followed
as a standard first point of upgrade. as a standard first point of upgrade.
#### Upgrade your rewrite rules
The location of SilverStripe's "entry file" has changed. Your project and server environment will need
to adjust the path to this file from `framework/main.php` to `vendor/silverstripe/framework/main.php`.
If you are running Apache, adjust your `.htaccess` file. For other webservers,
please consult the [installation guides](getting_started/installation/).
#### Upgrade references to renamed and namespaced classes #### Upgrade references to renamed and namespaced classes
Nearly all core PHP classes have been namespaced. For example, `DataObject` is now called `SilverStripe\ORM\DataObject`. Nearly all core PHP classes have been namespaced. For example, `DataObject` is now called `SilverStripe\ORM\DataObject`.
@ -285,6 +292,32 @@ To ensure consistency, we've also deprecated support for path constants:
* `THIRDPARTY_DIR` and `THIRDPARTY_PATH` * `THIRDPARTY_DIR` and `THIRDPARTY_PATH`
* `CMS_DIR` and `CMS_PATH` * `CMS_DIR` and `CMS_PATH`
* `THEMES_DIR` and `THEMES_PATH` * `THEMES_DIR` and `THEMES_PATH`
#### Adapt tooling to modules in vendor folder
SilverStripe modules can now be installed like any other composer package: In the `vendor/` folder
instead of the webroot. Modules need to opt in to this behaviour after they've ensured
that no hardcoded path references exist (see "Upgrade module paths in file references").
All core modules have been moved over already:
```diff
-framework/
-cms/
...
+vendor/silverstripe/framework
+vendor/silverstripe/cms
```
Since the `vendor/` folder isn't publicly accessible, modules need to declare
which files need to be exposed via the new [vendor-plugin](https://github.com/silverstripe/vendor-plugin)
(e.g. images or CSS/JS files). These files will be either symlinked or copied into a new `resources/`
folder automatically on `composer install`.
If your deployment process relies on `composer install` on the production environment,
and this environment supports symlinks, you don't need to change anything.
If you deploy release archives, either ensure those archives can correctly extract symlinks,
or explicitly switch to the "copy" mode to avoid symlinks.
### <a name="upgrading-specifics"></a>API Specific Upgrades ### <a name="upgrading-specifics"></a>API Specific Upgrades

BIN
docs/en/_images/modules_folder.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

26
src/Dev/Install/DatabaseAdapterRegistry.php
View File

@ -110,26 +110,36 @@ class DatabaseAdapterRegistry
} }
/** /**
* Detects all _register_database.php files and invokes them * Detects all _register_database.php files and invokes them.
* Searches through vendor/ folder only,
* does not support "legacy" folder location in webroot
*/ */
public static function autodiscover() public static function autodiscover()
{ {
foreach (glob(__DIR__ . '/../../../../*', GLOB_ONLYDIR) as $directory) { // Search through all composer packages in vendor
if (file_exists($directory . '/_register_database.php')) { foreach (glob(BASE_PATH . '/vendor/*', GLOB_ONLYDIR) as $vendor) {
include_once($directory . '/_register_database.php'); foreach (glob($vendor . '/*', GLOB_ONLYDIR) as $directory) {
if (file_exists($directory . '/_register_database.php')) {
include_once($directory . '/_register_database.php');
}
} }
} }
} }
/** /**
* Detects all _configure_database.php files and invokes them * Detects all _configure_database.php files and invokes them
* Called by ConfigureFromEnv.php * Called by ConfigureFromEnv.php.
* Searches through vendor/ folder only,
* does not support "legacy" folder location in webroot
*/ */
public static function autoconfigure() public static function autoconfigure()
{ {
foreach (glob(__DIR__ . '/../../../../*', GLOB_ONLYDIR) as $directory) { // Search through all composer packages in vendor
if (file_exists($directory . '/_configure_database.php')) { foreach (glob(BASE_PATH . '/vendor/*', GLOB_ONLYDIR) as $vendor) {
include_once($directory . '/_configure_database.php'); foreach (glob($vendor . '/*', GLOB_ONLYDIR) as $directory) {
if (file_exists($directory . '/_configure_database.php')) {
include_once($directory . '/_configure_database.php');
}
} }
} }
} }

23
src/Dev/Install/Installer.php
View File

@ -438,16 +438,26 @@ ErrorDocument 500 /assets/error-500.html
$baseClause $baseClause
$cgiClause $cgiClause
# Deny access to vendor, unless you're requesting main.php
RewriteCond %{REQUEST_URI} !^/vendor/silverstripe/framework/main\.php
RewriteRule ^vendor(/|$) - [F,L,NC]s
# Deny access to potentially sensitive files and folders
RewriteRule ^\.env - [F,L,NC]
RewriteRule silverstripe-cache(/|$) - [F,L,NC]
RewriteRule composer\.(json|lock) - [F,L,NC]
RewriteRule (error|silverstripe|debug)\.log - [F,L,NC]
# Deny access to potentially sensitive files and folders # Deny access to potentially sensitive files and folders
RewriteRule ^vendor(/|$) - [F,L,NC]
RewriteRule silverstripe-cache(/|$) - [F,L,NC] RewriteRule silverstripe-cache(/|$) - [F,L,NC]
RewriteRule composer\.(json|lock) - [F,L,NC] RewriteRule composer\.(json|lock) - [F,L,NC]
# Process through SilverStripe if no file with the requested name exists. # Process through SilverStripe if no file with the requested name exists.
# Pass through the original path as a query parameter, and retain the existing parameters. # Pass through the original path as a query parameter, and retain the existing parameters.
RewriteCond %{REQUEST_URI} ^(.*)$ # Try finding framework in the vendor folder first
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_URI} ^(.*)$
RewriteRule .* framework/main.php?url=%1 [QSA] RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* vendor/silverstripe/framework/main.php?url=%1 [QSA]
</IfModule> </IfModule>
TEXT; TEXT;
@ -502,8 +512,9 @@ TEXT;
<match url="^(.*)$" /> <match url="^(.*)$" />
<conditions> <conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" /> <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="vendor/silverstripe/framework/main.php" matchType="IsFile" />
</conditions> </conditions>
<action type="Rewrite" url="framework/main.php?url={R:1}" appendQueryString="true" /> <action type="Rewrite" url="vendor/silverstripe/framework/main.php?url={R:1}" appendQueryString="true" />
</rule> </rule>
</rules> </rules>
</rewrite> </rewrite>

6
src/includes/autoload.php
View File

@ -5,11 +5,9 @@ call_user_func(function () {
$candidates = [ $candidates = [
// module in vendor // module in vendor
__DIR__ . '/../../../../autoload.php', __DIR__ . '/../../../../autoload.php',
// module in webroot // module itself is webroot (usually during CI installs)
__DIR__ . '/../../vendor/autoload.php', __DIR__ . '/../../vendor/autoload.php',
// module in webroot // fallback
__DIR__ . '/../../../vendor/autoload.php',
// module is webroot (usually during CI installs)
getcwd() . '/vendor/autoload.php', getcwd() . '/vendor/autoload.php',
]; ];
foreach ($candidates as $candidate) { foreach ($candidates as $candidate) {