diff --git a/.travis.yml b/.travis.yml index 4ebaeafaf..4124bdb7d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -37,6 +37,7 @@ matrix: - DB=PGSQL - PHPUNIT_TEST=framework - php: 7.1 + if: type IN (cron) env: - DB=MYSQL - PDO=1 diff --git a/README.md b/README.md index 9b5d4834e..3ee61ab8e 100644 --- a/README.md +++ b/README.md @@ -8,29 +8,28 @@ [![License](https://poser.pugx.org/silverstripe/framework/license.svg)](https://github.com/silverstripe/silverstripe-framework#license) [![Dependency Status](https://www.versioneye.com/php/silverstripe:framework/badge.svg)](https://www.versioneye.com/php/silverstripe:framework) [![Reference Status](https://www.versioneye.com/php/silverstripe:framework/reference_badge.svg?style=flat)](https://www.versioneye.com/php/silverstripe:framework/references) -![helpfulrobot](https://helpfulrobot.io/silverstripe/framework/badge) -PHP5 framework forming the base for the SilverStripe CMS ([http://silverstripe.org](http://silverstripe.org)). -Requires a [`silverstripe-installer`](http://github.com/silverstripe/silverstripe-installer) base project. Typically used alongside the [`cms`](http://github.com/silverstripe/silverstripe-cms) module. +PHP framework forming the base for the SilverStripe CMS ([https://silverstripe.org](https://silverstripe.org)). +Requires a [`silverstripe-installer`](https://github.com/silverstripe/silverstripe-installer) base project. Typically used alongside the [`cms`](https://github.com/silverstripe/silverstripe-cms) module. ## Installation ## -See [installation on different platforms](http://doc.silverstripe.org/framework/en/installation/), -and [installation from source](http://doc.silverstripe.org/framework/en/installation/from-source). +See [installation on different platforms](https://doc.silverstripe.org/framework/en/installation/), +and [installation from source](https://doc.silverstripe.org/framework/en/installation/from-source). ## Bugtracker ## -Bugs are tracked on [github.com](https://github.com/silverstripe/silverstripe-framework/issues). -Please read our [issue reporting guidelines](http://doc.silverstripe.org/framework/en/misc/contributing/issues). +Bugs are tracked on [github.com](https://github.com/silverstripe/silverstripe-framework/issues). +Please read our [issue reporting guidelines](https://doc.silverstripe.org/framework/en/misc/contributing/issues). ## Development and Contribution ## -If you would like to make changes to the SilverStripe core codebase, we have an extensive [guide to contributing code](http://doc.silverstripe.org/framework/en/misc/contributing/code). +If you would like to make changes to the SilverStripe core codebase, we have an extensive [guide to contributing code](https://docs.silverstripe.org/en/contributing/code/). ## Links ## - * [Server Requirements](http://doc.silverstripe.org/framework/en/installation/server-requirements) - * [Changelogs](http://doc.silverstripe.org/framework/en/changelogs/) + * [Server Requirements](https://doc.silverstripe.org/framework/en/installation/server-requirements) + * [Changelogs](https://doc.silverstripe.org/framework/en/changelogs/) * [Bugtracker: Framework](https://github.com/silverstripe/silverstripe-framework/issues) * [Bugtracker: CMS](https://github.com/silverstripe/silverstripe-cms/issues) * [Bugtracker: Installer](https://github.com/silverstripe/silverstripe-installer/issues) diff --git a/docs/en/02_Developer_Guides/01_Templates/06_Themes.md b/docs/en/02_Developer_Guides/01_Templates/06_Themes.md index c60a33ca9..c4d68caf3 100644 --- a/docs/en/02_Developer_Guides/01_Templates/06_Themes.md +++ b/docs/en/02_Developer_Guides/01_Templates/06_Themes.md @@ -32,8 +32,7 @@ As you've added new files to your SilverStripe installation, make sure you clear ### Configuring themes After installing the files through either method, update the current theme in SilverStripe. This can be done by -either altering the `SSViewer.themes` setting in a [config.yml](../configuration) or by changing the current theme in -the Site Configuration panel (http://yoursite.com/admin/settings) +altering the `SSViewer.themes` setting in a [config.yml](../configuration) **mysite/_config/app.yml** @@ -105,4 +104,4 @@ The final step is to [submit your theme to Packagist](https://packagist.org/abou ## Related Lessons * [Creating your first theme](https://www.silverstripe.org/learn/lessons/v4/creating-your-first-theme-1) -* [Migrating static templates into your theme](https://www.silverstripe.org/learn/lessons/v4/migrating-static-templates-into-your-theme-1) \ No newline at end of file +* [Migrating static templates into your theme](https://www.silverstripe.org/learn/lessons/v4/migrating-static-templates-into-your-theme-1) diff --git a/docs/en/04_Changelogs/3.5.8.md b/docs/en/04_Changelogs/3.5.8.md new file mode 100644 index 000000000..39c54a5d5 --- /dev/null +++ b/docs/en/04_Changelogs/3.5.8.md @@ -0,0 +1,9 @@ +# 3.5.8 + + + +## Change Log + +### Security + + * 2018-04-11 [577138882](https://github.com/silverstripe/silverstripe-framework/commit/577138882) Restrict non-admins from being assigned to admin groups (Damian Mooyman) - See [ss-2018-001](http://www.silverstripe.org/download/security-releases/ss-2018-001) diff --git a/docs/en/04_Changelogs/3.6.6.md b/docs/en/04_Changelogs/3.6.6.md new file mode 100644 index 000000000..d85ed86cc --- /dev/null +++ b/docs/en/04_Changelogs/3.6.6.md @@ -0,0 +1,17 @@ +# 3.6.6 + +This security release removes the following file extensions from the default whitelist of accepted types for +uploaded files: `dotm`, `potm`, `jar`, `css`, `js` and `xltm`. + +If you require the ability to upload these file types in your projects, you will need to add them back in again. +For more information, see ["Limit the allowed file types"](https://docs.silverstripe.org/en/3/developer_guides/forms/field_types/uploadfield/#limit-the-allowed-filetypes). + + + +## Change Log + +### Security + + * 2018-05-08 [19fdebfa2](https://github.com/silverstripe/silverstripe-framework/commit/19fdebfa2) Remove dotm, potm, jar, css, js, xltm from default File.allowed_extensions (Robbie Averill) - See [ss-2018-014](http://www.silverstripe.org/download/security-releases/ss-2018-014) + * 2018-04-11 [577138882](https://github.com/silverstripe/silverstripe-framework/commit/577138882) Restrict non-admins from being assigned to admin groups (Damian Mooyman) - See [ss-2018-001](http://www.silverstripe.org/download/security-releases/ss-2018-001) + diff --git a/docs/en/04_Changelogs/rc/3.5.8-rc1.md b/docs/en/04_Changelogs/rc/3.5.8-rc1.md new file mode 100644 index 000000000..c19407a63 --- /dev/null +++ b/docs/en/04_Changelogs/rc/3.5.8-rc1.md @@ -0,0 +1,9 @@ +# 3.5.8-rc1 + + + +## Change Log + +### Security + + * 2018-04-11 [577138882]() Restrict non-admins from being assigned to admin groups (Damian Mooyman) - See [ss-2018-001](http://www.silverstripe.org/download/security-releases/ss-2018-001) diff --git a/docs/en/04_Changelogs/rc/3.6.6-rc1.md b/docs/en/04_Changelogs/rc/3.6.6-rc1.md new file mode 100644 index 000000000..2d4bf0b66 --- /dev/null +++ b/docs/en/04_Changelogs/rc/3.6.6-rc1.md @@ -0,0 +1,16 @@ +# 3.6.6-rc1 + +This security release removes the following file extensions from the default whitelist of accepted types for +uploaded files: `dotm`, `potm`, `jar`, `css`, `js` and `xltm`. + +If you require the ability to upload these file types in your projects, you will need to add them back in again. +For more information, see ["Limit the allowed file types"](https://docs.silverstripe.org/en/3/developer_guides/forms/field_types/uploadfield/#limit-the-allowed-filetypes). + + + +## Change Log + +### Security + + * 2018-05-08 [19fdebfa2]() Remove dotm, potm, jar, css, js, xltm from default File.allowed_extensions (Robbie Averill) - See [ss-2018-014](http://www.silverstripe.org/download/security-releases/ss-2018-014) + * 2018-04-11 [577138882]() Restrict non-admins from being assigned to admin groups (Damian Mooyman) - See [ss-2018-001](http://www.silverstripe.org/download/security-releases/ss-2018-001) diff --git a/src/Dev/DevelopmentAdmin.php b/src/Dev/DevelopmentAdmin.php index 267d3386a..734e980ce 100644 --- a/src/Dev/DevelopmentAdmin.php +++ b/src/Dev/DevelopmentAdmin.php @@ -132,7 +132,7 @@ class DevelopmentAdmin extends Controller // in CLI we cant use httpError because of a bug with stuff being in the output already, see DevAdminControllerTest throw new Exception($msg); } else { - $this->httpError(500, $msg); + $this->httpError(404, $msg); } } diff --git a/src/Forms/FieldList.php b/src/Forms/FieldList.php index 2072a5dca..df09f5995 100644 --- a/src/Forms/FieldList.php +++ b/src/Forms/FieldList.php @@ -257,8 +257,7 @@ class FieldList extends ArrayList * This is most commonly used when overloading getCMSFields() * * @param string $tabName The name of the tab or tabset. Subtabs can be referred to as TabSet.Tab - * or TabSet.Tab.Subtab. - * This function will create any missing tabs. + * or TabSet.Tab.Subtab. This function will create any missing tabs. * @param array $fields An array of {@link FormField} objects. * @param string $insertBefore Name of field to insert before * diff --git a/src/Forms/GridField/GridFieldFooter.php b/src/Forms/GridField/GridFieldFooter.php index a49180068..1dcc8767a 100644 --- a/src/Forms/GridField/GridFieldFooter.php +++ b/src/Forms/GridField/GridFieldFooter.php @@ -38,7 +38,7 @@ class GridFieldFooter implements GridField_HTMLProvider /** * * @param string $message A message to display in the footer - * @param bool $showrecordcount + * @param boolt $showrecordcount */ public function __construct($message = null, $showrecordcount = true) { diff --git a/src/Forms/GridField/GridState.php b/src/Forms/GridField/GridState.php index b6d30d019..17368d22a 100644 --- a/src/Forms/GridField/GridState.php +++ b/src/Forms/GridField/GridState.php @@ -29,7 +29,7 @@ class GridState extends HiddenField /** * @param GridField $grid - * @param string $value json encoded string + * @param string $value JSON encoded string */ public function __construct($grid, $value = null) { diff --git a/src/Forms/HTMLEditor/HTMLEditorSanitiser.php b/src/Forms/HTMLEditor/HTMLEditorSanitiser.php index 4aee787f3..ca4e5f407 100644 --- a/src/Forms/HTMLEditor/HTMLEditorSanitiser.php +++ b/src/Forms/HTMLEditor/HTMLEditorSanitiser.php @@ -190,7 +190,7 @@ class HTMLEditorSanitiser /** * Given an attribute name, return the rule structure for that attribute * - * @param stdClass $elementRule + * @param object $elementRule * @param string $name The attribute name * @return stdClass The attribute rule */ @@ -211,7 +211,7 @@ class HTMLEditorSanitiser * Given a DOMElement and an element rule, check if that element passes the rule * @param DOMElement $element The element to check * @param stdClass $rule The rule to check against - * @return bool true if the element passes (and so can be kept), false if it fails (and so needs stripping) + * @return bool True if the element passes (and so can be kept), false if it fails (and so needs stripping) */ protected function elementMatchesRule($element, $rule = null) { diff --git a/src/Forms/TreeDropdownField.php b/src/Forms/TreeDropdownField.php index 02c5f1f88..f96379c75 100644 --- a/src/Forms/TreeDropdownField.php +++ b/src/Forms/TreeDropdownField.php @@ -654,7 +654,7 @@ class TreeDropdownField extends FormField } /** - * @return String + * @return string */ public function getKeyField() { diff --git a/src/Forms/UploadReceiver.php b/src/Forms/UploadReceiver.php index 8f1e9d209..1270819ce 100644 --- a/src/Forms/UploadReceiver.php +++ b/src/Forms/UploadReceiver.php @@ -131,7 +131,7 @@ trait UploadReceiver * Set custom validator for this field * * @param Upload_Validator $validator - * @return $this Self reference + * @return $this */ public function setValidator(Upload_Validator $validator) { @@ -143,7 +143,7 @@ trait UploadReceiver * Sets the upload folder name * * @param string $folderName - * @return $this Self reference + * @return $this */ public function setFolderName($folderName) { diff --git a/src/ORM/ArrayLib.php b/src/ORM/ArrayLib.php index d47bc073b..5f83be629 100644 --- a/src/ORM/ArrayLib.php +++ b/src/ORM/ArrayLib.php @@ -247,6 +247,7 @@ class ArrayLib * @param array $array * @param boolean $preserveKeys * @param array $out + * * @return array */ public static function flatten($array, $preserveKeys = true, &$out = array()) diff --git a/src/ORM/DataObject.php b/src/ORM/DataObject.php index 8a8069bf1..c6356fe43 100644 --- a/src/ORM/DataObject.php +++ b/src/ORM/DataObject.php @@ -531,7 +531,13 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity // Copy all components from source to destination $source = $sourceObject->getManyManyComponents($relation); $dest = $destinationObject->getManyManyComponents($relation); - $extraFieldNames = $source->getExtraFields(); + + if ($source instanceof ManyManyList) { + $extraFieldNames = $source->getExtraFields(); + } else { + $extraFieldNames = []; + } + foreach ($source as $item) { // Merge extra fields $extraFields = []; diff --git a/src/Security/Member.php b/src/Security/Member.php index 29cc3bc44..164f995ee 100644 --- a/src/Security/Member.php +++ b/src/Security/Member.php @@ -1360,6 +1360,11 @@ class Member extends DataObject */ public static function mapInCMSGroups($groups = null) { + // non-countable $groups will issue a warning when using count() in PHP 7.2+ + if (!$groups) { + $groups = []; + } + // Check CMS module exists if (!class_exists(LeftAndMain::class)) { return ArrayList::create()->map(); diff --git a/tests/php/ORM/DataObjectDuplicationTest.php b/tests/php/ORM/DataObjectDuplicationTest.php index 48b3fbf38..8ef741805 100644 --- a/tests/php/ORM/DataObjectDuplicationTest.php +++ b/tests/php/ORM/DataObjectDuplicationTest.php @@ -38,6 +38,7 @@ class DataObjectDuplicationTest extends SapphireTest // Check 'bobcats' relation duplicated $twoOne = $this->objFromFixture(DataObjectDuplicationTest\Bobcat::class, 'one'); $twoTwo = $this->objFromFixture(DataObjectDuplicationTest\Bobcat::class, 'two'); + $this->assertListEquals( [ ['Title' => 'Bobcat two'],