mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-29 12:49:06 +02:00
Merge branch '3.4' into 3.5.0
This commit is contained in:
commit
8e5f786b8d
@ -66,12 +66,12 @@ class SS_HTTPResponse {
|
|||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var Int
|
* @var int
|
||||||
*/
|
*/
|
||||||
protected $statusCode = 200;
|
protected $statusCode = 200;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var String
|
* @var string
|
||||||
*/
|
*/
|
||||||
protected $statusDescription = "OK";
|
protected $statusDescription = "OK";
|
||||||
|
|
||||||
@ -93,9 +93,9 @@ class SS_HTTPResponse {
|
|||||||
/**
|
/**
|
||||||
* Create a new HTTP response
|
* Create a new HTTP response
|
||||||
*
|
*
|
||||||
* @param $body The body of the response
|
* @param string $body The body of the response
|
||||||
* @param $statusCode The numeric status code - 200, 404, etc
|
* @param int $statusCode The numeric status code - 200, 404, etc
|
||||||
* @param $statusDescription The text to be given alongside the status code.
|
* @param string $statusDescription The text to be given alongside the status code.
|
||||||
* See {@link setStatusCode()} for more information.
|
* See {@link setStatusCode()} for more information.
|
||||||
*/
|
*/
|
||||||
public function __construct($body = null, $statusCode = null, $statusDescription = null) {
|
public function __construct($body = null, $statusCode = null, $statusDescription = null) {
|
||||||
@ -104,12 +104,12 @@ class SS_HTTPResponse {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param String $code
|
* @param int $code
|
||||||
* @param String $description Optional. See {@link setStatusDescription()}.
|
* @param string $description Optional. See {@link setStatusDescription()}.
|
||||||
* No newlines are allowed in the description.
|
* No newlines are allowed in the description.
|
||||||
* If omitted, will default to the standard HTTP description
|
* If omitted, will default to the standard HTTP description
|
||||||
* for the given $code value (see {@link $status_codes}).
|
* for the given $code value (see {@link $status_codes}).
|
||||||
* @return SS_HTTPRequest $this
|
* @return $this
|
||||||
*/
|
*/
|
||||||
public function setStatusCode($code, $description = null) {
|
public function setStatusCode($code, $description = null) {
|
||||||
if(isset(self::$status_codes[$code])) $this->statusCode = $code;
|
if(isset(self::$status_codes[$code])) $this->statusCode = $code;
|
||||||
@ -124,8 +124,8 @@ class SS_HTTPResponse {
|
|||||||
* The text to be given alongside the status code ("reason phrase").
|
* The text to be given alongside the status code ("reason phrase").
|
||||||
* Caution: Will be overwritten by {@link setStatusCode()}.
|
* Caution: Will be overwritten by {@link setStatusCode()}.
|
||||||
*
|
*
|
||||||
* @param String $description
|
* @param string $description
|
||||||
* @return SS_HTTPRequest $this
|
* @return $this
|
||||||
*/
|
*/
|
||||||
public function setStatusDescription($description) {
|
public function setStatusDescription($description) {
|
||||||
$this->statusDescription = $description;
|
$this->statusDescription = $description;
|
||||||
@ -133,7 +133,7 @@ class SS_HTTPResponse {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return Int
|
* @return int
|
||||||
*/
|
*/
|
||||||
public function getStatusCode() {
|
public function getStatusCode() {
|
||||||
return $this->statusCode;
|
return $this->statusCode;
|
||||||
@ -157,7 +157,7 @@ class SS_HTTPResponse {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $body
|
* @param string $body
|
||||||
* @return SS_HTTPRequest $this
|
* @return $this
|
||||||
*/
|
*/
|
||||||
public function setBody($body) {
|
public function setBody($body) {
|
||||||
$this->body = $body ? (string) $body : $body; // Don't type-cast false-ish values, eg null is null not ''
|
$this->body = $body ? (string) $body : $body; // Don't type-cast false-ish values, eg null is null not ''
|
||||||
@ -176,7 +176,7 @@ class SS_HTTPResponse {
|
|||||||
*
|
*
|
||||||
* @param string $header Example: "Content-Type"
|
* @param string $header Example: "Content-Type"
|
||||||
* @param string $value Example: "text/xml"
|
* @param string $value Example: "text/xml"
|
||||||
* @return SS_HTTPRequest $this
|
* @return $this
|
||||||
*/
|
*/
|
||||||
public function addHeader($header, $value) {
|
public function addHeader($header, $value) {
|
||||||
$this->headers[$header] = $value;
|
$this->headers[$header] = $value;
|
||||||
@ -206,7 +206,7 @@ class SS_HTTPResponse {
|
|||||||
* e.g. "Content-Type".
|
* e.g. "Content-Type".
|
||||||
*
|
*
|
||||||
* @param string $header
|
* @param string $header
|
||||||
* @return SS_HTTPRequest $this
|
* @return $this
|
||||||
*/
|
*/
|
||||||
public function removeHeader($header) {
|
public function removeHeader($header) {
|
||||||
if(isset($this->headers[$header])) unset($this->headers[$header]);
|
if(isset($this->headers[$header])) unset($this->headers[$header]);
|
||||||
@ -216,7 +216,7 @@ class SS_HTTPResponse {
|
|||||||
/**
|
/**
|
||||||
* @param string $dest
|
* @param string $dest
|
||||||
* @param int $code
|
* @param int $code
|
||||||
* @return SS_HTTPRequest $this
|
* @return $this
|
||||||
*/
|
*/
|
||||||
public function redirect($dest, $code=302) {
|
public function redirect($dest, $code=302) {
|
||||||
if(!in_array($code, self::$redirect_codes)) $code = 302;
|
if(!in_array($code, self::$redirect_codes)) $code = 302;
|
||||||
@ -310,12 +310,17 @@ EOT
|
|||||||
*/
|
*/
|
||||||
class SS_HTTPResponse_Exception extends Exception {
|
class SS_HTTPResponse_Exception extends Exception {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var SS_HTTPResponse
|
||||||
|
*/
|
||||||
protected $response;
|
protected $response;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string|SS_HTTPResponse body Either the plaintext content of the error message, or an SS_HTTPResponse
|
* @param string|SS_HTTPResponse body Either the plaintext content of the error message, or an SS_HTTPResponse
|
||||||
* object representing it. In either case, the $statusCode and
|
* object representing it. In either case, the $statusCode and
|
||||||
* $statusDescription will be the HTTP status of the resulting response.
|
* $statusDescription will be the HTTP status of the resulting response.
|
||||||
|
* @param int $statusCode
|
||||||
|
* @param string $statusDescription
|
||||||
* @see SS_HTTPResponse::__construct();
|
* @see SS_HTTPResponse::__construct();
|
||||||
*/
|
*/
|
||||||
public function __construct($body = null, $statusCode = null, $statusDescription = null) {
|
public function __construct($body = null, $statusCode = null, $statusDescription = null) {
|
||||||
|
@ -355,8 +355,21 @@ class Form extends RequestHandler {
|
|||||||
$vars = $request->requestVars();
|
$vars = $request->requestVars();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// construct an array of allowed fields that can be populated from request data.
|
||||||
|
// readonly or disabled fields should not be loading data from requests
|
||||||
|
$allowedFields = array();
|
||||||
|
$dataFields = $this->Fields()->dataFields();
|
||||||
|
if ($dataFields) {
|
||||||
|
/** @var FormField $field */
|
||||||
|
foreach ($this->Fields()->dataFields() as $name => $field) {
|
||||||
|
if (!$field->isReadonly() && !$field->isDisabled()) {
|
||||||
|
$allowedFields[] = $name;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Populate the form
|
// Populate the form
|
||||||
$this->loadDataFrom($vars, true);
|
$this->loadDataFrom($vars, true, $allowedFields);
|
||||||
|
|
||||||
// Protection against CSRF attacks
|
// Protection against CSRF attacks
|
||||||
$token = $this->getSecurityToken();
|
$token = $this->getSecurityToken();
|
||||||
|
@ -164,6 +164,14 @@ class FormField extends RequestHandler {
|
|||||||
*/
|
*/
|
||||||
protected $attributes = array();
|
protected $attributes = array();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @config
|
||||||
|
* @var array
|
||||||
|
*/
|
||||||
|
private static $casting = array(
|
||||||
|
'Value' => 'Text',
|
||||||
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Takes a field name and converts camelcase to spaced words. Also resolves combined field
|
* Takes a field name and converts camelcase to spaced words. Also resolves combined field
|
||||||
* names with dot syntax to spaced words.
|
* names with dot syntax to spaced words.
|
||||||
|
@ -26,6 +26,14 @@ class HtmlEditorField extends TextareaField {
|
|||||||
*/
|
*/
|
||||||
private static $sanitise_server_side = false;
|
private static $sanitise_server_side = false;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @config
|
||||||
|
* @var array
|
||||||
|
*/
|
||||||
|
private static $casting = array(
|
||||||
|
'Value' => 'HTMLText',
|
||||||
|
);
|
||||||
|
|
||||||
protected $rows = 30;
|
protected $rows = 30;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -53,10 +53,28 @@ class ReadonlyField extends FormField {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function Value() {
|
public function Value() {
|
||||||
if($this->value) return $this->dontEscape ? $this->value : Convert::raw2xml($this->value);
|
if($this->value) return $this->value;
|
||||||
else return '<i>(' . _t('FormField.NONE', 'none') . ')</i>';
|
else return '<i>(' . _t('FormField.NONE', 'none') . ')</i>';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This is a legacy fix to ensure that the `dontEscape` flag has an impact on readonly fields
|
||||||
|
* now that we've moved to casting template values more rigidly
|
||||||
|
*
|
||||||
|
* @param string $field
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function castingHelper($field) {
|
||||||
|
if (
|
||||||
|
(strcasecmp($field, 'Value') === 0)
|
||||||
|
&& ($this->dontEscape || empty($this->value))
|
||||||
|
) {
|
||||||
|
// Value is either empty, or unescaped
|
||||||
|
return 'HTMLText';
|
||||||
|
}
|
||||||
|
return parent::castingHelper($field);
|
||||||
|
}
|
||||||
|
|
||||||
public function getAttributes() {
|
public function getAttributes() {
|
||||||
return array_merge(
|
return array_merge(
|
||||||
parent::getAttributes(),
|
parent::getAttributes(),
|
||||||
|
@ -18,6 +18,11 @@
|
|||||||
* @subpackage fields-basic
|
* @subpackage fields-basic
|
||||||
*/
|
*/
|
||||||
class TextareaField extends FormField {
|
class TextareaField extends FormField {
|
||||||
|
|
||||||
|
private static $casting = array(
|
||||||
|
'Value' => 'HTMLText',
|
||||||
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Visible number of text lines.
|
* Visible number of text lines.
|
||||||
*
|
*
|
||||||
|
@ -213,7 +213,7 @@ PHP
|
|||||||
'<p>Login success. If you are not automatically redirected '.
|
'<p>Login success. If you are not automatically redirected '.
|
||||||
'<a target="_top" href="{link}">click here</a></p>',
|
'<a target="_top" href="{link}">click here</a></p>',
|
||||||
'Login message displayed in the cms popup once a user has re-authenticated themselves',
|
'Login message displayed in the cms popup once a user has re-authenticated themselves',
|
||||||
array('link' => $backURL)
|
array('link' => Convert::raw2att($backURL))
|
||||||
)
|
)
|
||||||
));
|
));
|
||||||
|
|
||||||
|
@ -64,6 +64,33 @@ class FormTest extends FunctionalTest {
|
|||||||
$this->assertEquals($fields->fieldByName('othernamespace[key5][key6][key7]')->Value(), 'val7');
|
$this->assertEquals($fields->fieldByName('othernamespace[key5][key6][key7]')->Value(), 'val7');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testSubmitReadonlyFields() {
|
||||||
|
$this->get('FormTest_Controller');
|
||||||
|
|
||||||
|
// Submitting a value for a readonly field should be ignored
|
||||||
|
$response = $this->post(
|
||||||
|
'FormTest_Controller/Form',
|
||||||
|
array(
|
||||||
|
'Email' => 'invalid',
|
||||||
|
'Number' => '888',
|
||||||
|
'ReadonlyField' => '<script>alert("hacxzored")</script>'
|
||||||
|
// leaving out "Required" field
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
// Number field updates its value
|
||||||
|
$this->assertContains('<input type="text" name="Number" value="888"', $response->getBody());
|
||||||
|
|
||||||
|
|
||||||
|
// Readonly field remains
|
||||||
|
$this->assertContains(
|
||||||
|
'<input type="text" name="ReadonlyField" value="This value is readonly"',
|
||||||
|
$response->getBody()
|
||||||
|
);
|
||||||
|
|
||||||
|
$this->assertNotContains('hacxzored', $response->getBody());
|
||||||
|
}
|
||||||
|
|
||||||
public function testLoadDataFromUnchangedHandling() {
|
public function testLoadDataFromUnchangedHandling() {
|
||||||
$form = new Form(
|
$form = new Form(
|
||||||
new Controller(),
|
new Controller(),
|
||||||
@ -783,7 +810,10 @@ class FormTest_Controller extends Controller implements TestOnly {
|
|||||||
new EmailField('Email'),
|
new EmailField('Email'),
|
||||||
new TextField('SomeRequiredField'),
|
new TextField('SomeRequiredField'),
|
||||||
new CheckboxSetField('Boxes', null, array('1'=>'one','2'=>'two')),
|
new CheckboxSetField('Boxes', null, array('1'=>'one','2'=>'two')),
|
||||||
new NumericField('Number')
|
new NumericField('Number'),
|
||||||
|
TextField::create('ReadonlyField')
|
||||||
|
->setReadonly(true)
|
||||||
|
->setValue('This value is readonly')
|
||||||
),
|
),
|
||||||
new FieldList(
|
new FieldList(
|
||||||
new FormAction('doSubmit')
|
new FormAction('doSubmit')
|
||||||
|
@ -2,16 +2,6 @@
|
|||||||
|
|
||||||
class TextareaFieldTest extends SapphireTest {
|
class TextareaFieldTest extends SapphireTest {
|
||||||
|
|
||||||
/**
|
|
||||||
* Quick smoke test to ensure that text is being encoded properly.
|
|
||||||
*/
|
|
||||||
public function testTextEncoding() {
|
|
||||||
$inputText = "These are some unicodes: äöü";
|
|
||||||
$field = new TextareaField("Test", "Test");
|
|
||||||
$field->setValue($inputText);
|
|
||||||
$this->assertContains('These are some unicodes: äöü', $field->Field());
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Quick smoke test to ensure that text with unicodes is being displayed properly in readonly fields.
|
* Quick smoke test to ensure that text with unicodes is being displayed properly in readonly fields.
|
||||||
*/
|
*/
|
||||||
|
Loading…
Reference in New Issue
Block a user