Merge branch '4.0' into 4.1

This commit is contained in:
Robbie Averill 2019-02-19 08:36:41 +07:00
commit cb7f15a681
10 changed files with 225 additions and 22 deletions

View File

@ -1367,3 +1367,130 @@ warnings:
'THIRDPARTY_DIR': 'THIRDPARTY_DIR':
message: 'Path constants have been deprecated. Use the Requirements and ModuleResourceLoader APIs' message: 'Path constants have been deprecated. Use the Requirements and ModuleResourceLoader APIs'
url: 'https://docs.silverstripe.org/en/4/changelogs/4.0.0#module-paths' url: 'https://docs.silverstripe.org/en/4/changelogs/4.0.0#module-paths'
visibilities:
'SilverStripe\ORM\DataObject::db':
visibility: private
'SilverStripe\ORM\DataObject::singular_name':
visibility: private
'SilverStripe\ORM\DataObject::plural_name':
visibility: private
'SilverStripe\ORM\DataObject::api_access':
visibility: private
'SilverStripe\ORM\DataObject::default_classname':
visibility: private
'SilverStripe\ORM\DataObject->destroyed':
visibility: public
'SilverStripe\ORM\DataObject->record':
visibility: protected
'SilverStripe\ORM\DataObject->joinRecord':
visibility: protected
'SilverStripe\ORM\DataObject->changed':
visibility: private
'SilverStripe\ORM\DataObject->changeForced':
visibility: private
'SilverStripe\ORM\DataObject->original':
visibility: protected
'SilverStripe\ORM\DataObject->brokenOnDelete':
visibility: protected
'SilverStripe\ORM\DataObject->brokenOnWrite':
visibility: protected
'SilverStripe\ORM\DataObject::validation_enabled':
visibility: private
'SilverStripe\ORM\DataObject::_cache_get_one':
visibility: protected
'SilverStripe\ORM\DataObject::_cache_field_labels':
visibility: protected
'SilverStripe\ORM\DataObject::fixed_fields':
visibility: private
'SilverStripe\ORM\DataObject::table_name':
visibility: private
'SilverStripe\ORM\DataObject->components':
visibility: protected
'SilverStripe\ORM\DataObject->unsavedRelations':
visibility: protected
'SilverStripe\ORM\DataObject::cascade_deletes':
visibility: private
'SilverStripe\ORM\DataObject::cascade_duplicates':
visibility: private
'SilverStripe\ORM\DataObject::sourceQueryParams':
visibility: private
'SilverStripe\ORM\DataObject::subclass_access':
visibility: private
'SilverStripe\ORM\DataObject::casting':
visibility: private
'SilverStripe\ORM\DataObject::create_table_options':
visibility: private
'SilverStripe\ORM\DataObject::indexes':
visibility: private
'SilverStripe\ORM\DataObject::defaults':
visibility: private
'SilverStripe\ORM\DataObject::default_records':
visibility: private
'SilverStripe\ORM\DataObject::has_one':
visibility: private
'SilverStripe\ORM\DataObject::belongs_to':
visibility: private
'SilverStripe\ORM\DataObject::has_many':
visibility: private
'SilverStripe\ORM\DataObject::many_many':
visibility: private
'SilverStripe\ORM\DataObject::many_many_extraFields':
visibility: private
'SilverStripe\ORM\DataObject::belongs_many_many':
visibility: private
'SilverStripe\ORM\DataObject::default_sort':
visibility: private
'SilverStripe\ORM\DataObject::searchable_fields':
visibility: private
'SilverStripe\ORM\DataObject::field_labels':
visibility: private
'SilverStripe\ORM\DataObject::summary_fields':
visibility: private
'SilverStripe\Control\Director::rules':
visibility: private
'SilverStripe\Control\Director::current_page':
visibility: private
'SilverStripe\Control\Director::alternate_base_folder':
visibility: private
'SilverStripe\Control\Director::alternate_public_dir':
visibility: private
'SilverStripe\Control\Director::default_base_url':
visibility: private
'SilverStripe\Forms\GridField\GridFieldPaginator::default_items_per_page':
visibility: private
'SilverStripe\View\SSViewer::themes':
visibility: private
'SilverStripe\View\SSViewer::current_themes':
visibility: protected
'SilverStripe\View\SSViewer::theme':
visibility: private
'SilverStripe\View\SSViewer::theme_enabled':
visibility: private
'SilverStripe\View\SSViewer::global_key':
visibility: private
'SilverStripe\View\SSViewer::source_file_comments':
visibility: private
'SilverStripe\View\SSViewer::rewrite_hash_links':
visibility: private
'SilverStripe\View\SSViewer::current_rewrite_hash_links':
visibility: protected
'SilverStripe\View\SSViewer::rewriteHashlinks':
visibility: protected
'SilverStripe\View\SSViewer::template_cache_flushed':
visibility: private
'SilverStripe\View\SSViewer::cacheblock_cache_flushed':
visibility: private
'SilverStripe\View\SSViewer::topLevel':
visibility: protected
'SilverStripe\View\SSViewer::templates':
visibility: protected
'SilverStripe\View\SSViewer::chosen':
visibility: protected
'SilverStripe\View\SSViewer::subTemplates':
visibility: protected
'SilverStripe\View\SSViewer::includeRequirements':
visibility: protected
'SilverStripe\View\SSViewer::parser':
visibility: protected
'SilverStripe\View\SSViewer::partialCacheStore':
visibility: protected

View File

@ -2,24 +2,27 @@ title: Lessons
introduction: The lessons take a step by step look at how to build a SilverStripe application. introduction: The lessons take a step by step look at how to build a SilverStripe application.
* [How to set up a local development environment in SilverStripe](https://vimeo.com/108861537) * [How to set up a local development environment in SilverStripe](https://vimeo.com/108861537)
* [Lesson 1: Creating your first theme](http://www.silverstripe.org/learn/lessons/creating-your-first-theme) * [Lesson 1: Creating your first project](https://www.silverstripe.org/learn/lessons/v4/creating-your-first-project)
* [Lesson 2: Migrating static templates into your theme](http://www.silverstripe.org/learn/lessons/migrating-static-templates-into-your-theme) * [Lesson 2: Migrating static templates into your theme](https://www.silverstripe.org/learn/lessons/v4/migrating-static-templates-into-your-theme-1)
* [Lesson 3: Adding dynamic content](http://www.silverstripe.org/learn/lessons/adding-dynamic-content) * [Lesson 3: Adding dynamic content](https://www.silverstripe.org/learn/lessons/v4/adding-dynamic-content-1)
* [Lesson 4: Working with multiple templates](http://www.silverstripe.org/learn/lessons/working-with-multiple-templates) * [Lesson 4: Working with multiple templates](https://www.silverstripe.org/learn/lessons/v4/working-with-multiple-templates-1)
* [Lesson 5: The holder/page pattern](http://www.silverstripe.org/learn/lessons/the-holderpage-pattern) * [Lesson 5: The holder/page pattern](https://www.silverstripe.org/learn/lessons/v4/the-holderpage-pattern-1)
* [Lesson 6: Adding Custom Fields to a Page](http://www.silverstripe.org/learn/lessons/adding-custom-fields-to-a-page) * [Lesson 6: Adding Custom Fields to a Page](https://www.silverstripe.org/learn/lessons/v4/adding-custom-fields-to-a-page-1)
* [Lesson 7: Working with Files and Images](http://www.silverstripe.org/learn/lessons/working-with-files-and-images) * [Lesson 7: Working with Files and Images](https://www.silverstripe.org/learn/lessons/v4/working-with-files-and-images-1)
* [Lesson 8: Introduction to the ORM](http://www.silverstripe.org/learn/lessons/introduction-to-the-orm) * [Lesson 8: Introduction to the ORM](https://www.silverstripe.org/learn/lessons/v4/introduction-to-the-orm-1)
* [Lesson 9: Data Relationships - $has_many](http://www.silverstripe.org/learn/lessons/working-with-data-relationships-has-many) * [Lesson 9: Data Relationships - $has_many](https://www.silverstripe.org/learn/lessons/v4/working-with-data-relationships-has-many-1)
* [Lesson 10: Introduction to the ORM](http://www.silverstripe.org/learn/lessons/working-with-data-relationships-many-many) * [Lesson 10: Data Relationships - $many_many](https://www.silverstripe.org/learn/lessons/v4/working-with-data-relationships-many-many-1)
* [Lesson 11: Introduction to frontend forms](http://www.silverstripe.org/learn/lessons/introduction-to-frontend-forms) * [Lesson 11: Introduction to frontend forms](https://www.silverstripe.org/learn/lessons/v4/introduction-to-frontend-forms-1)
* [Lesson 12: Data Extensions and SiteConfig](http://www.silverstripe.org/learn/lessons/data-extensions-and-siteconfig) * [Lesson 12: Data Extensions and SiteConfig](https://www.silverstripe.org/learn/lessons/v4/data-extensions-and-siteconfig-1)
* [Lesson 13: Introduction to ModelAdmin](http://www.silverstripe.org/learn/lessons/introduction-to-modeladmin) * [Lesson 13: Introduction to ModelAdmin](https://www.silverstripe.org/learn/lessons/v4/introduction-to-modeladmin-1)
* [Lesson 14: Controller Actions/DataObjects as Pages](http://www.silverstripe.org/learn/lessons/controller-actions-dataobjects-as-pages) * [Lesson 14: Controller Actions/DataObjects as Pages](https://www.silverstripe.org/learn/lessons/v4/controller-actions-dataobjects-as-pages-1)
* [Lesson 15: Building a Search Form](http://www.silverstripe.org/learn/lessons/building-a-search-form) * [Lesson 15: Building a Search Form](https://www.silverstripe.org/learn/lessons/v4/building-a-search-form-1)
* [Lesson 16: Lists and Pagination](http://www.silverstripe.org/learn/lessons/lists-and-pagination) * [Lesson 16: Lists and Pagination](https://www.silverstripe.org/learn/lessons/v4/lists-and-pagination-1)
* [Lesson 17: Ajax Behaviour and Viewable Data](http://www.silverstripe.org/learn/lessons/ajax-behaviour-and-viewabledata) * [Lesson 17: Ajax Behaviour and Viewable Data](https://www.silverstripe.org/learn/lessons/v4/ajax-behaviour-and-viewabledata-1)
* [Lesson 18: Dealing with Arbitrary Template Data](http://www.silverstripe.org/learn/lessons/dealing-with-arbitrary-template-data) * [Lesson 18: Dealing with Arbitrary Template Data](https://www.silverstripe.org/learn/lessons/v4/dealing-with-arbitrary-template-data-1)
* [Lesson 19: Creating Filtered Views](https://www.silverstripe.org/learn/lessons/v4/creating-filtered-views-1)
* [Lesson 20: Beyond the ORM: Building Custom SQL](https://www.silverstripe.org/learn/lessons/v4/beyond-the-orm-building-custom-sql-1)
* [Lesson 21: Advanced Environment Configuration](https://www.silverstripe.org/learn/lessons/v4/advanced-environment-configuration-1)
## Help: If you get stuck ## Help: If you get stuck

View File

@ -0,0 +1,21 @@
# 3.6.7
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2019-01-10 [c44f06cdf](https://github.com/silverstripe/silverstripe-framework/commit/c44f06cdf10387a987e4efb096ff06b3bb4495ef) Patch SQL Injection vulnerability when arrays are assigned to DataObject Fields (Aaron Carlino) - See [ss-2018-021](https://www.silverstripe.org/download/security-releases/ss-2018-021)
* 2018-09-26 [598edd913](https://github.com/silverstripe/silverstripe-framework/commit/598edd91341f389d7b919ec1201e03d2aba4d284) Add confirmation token to dev/build (Loz Calver) - See [ss-2018-019](https://www.silverstripe.org/download/security-releases/ss-2018-019)
### Bugfixes
* 2019-01-23 [746c0679a](https://github.com/silverstripe/silverstripe-framework/commit/746c0679ad1d6ceac03d2adf167367f0ca2259cd) Injector may instantiate prototypes as if they're singletons (fixes #8567) (Loz Calver)
* 2018-11-15 [86701b8cd](https://github.com/silverstripe/silverstripe-framework/commit/86701b8cd0cd5f8de813a7c9347e7c8055d878f4) Redirect loop with multiple URL tokens (fixes #8607) (Loz Calver)
* 2018-06-04 [41e601a03](https://github.com/silverstripe/silverstripe-framework/commit/41e601a036307065d9ea2ba8862f67be738d402f) Regression from #8009 (Daniel Hensby)
* 2018-05-29 [1cbf27e0f](https://github.com/silverstripe/silverstripe-framework/commit/1cbf27e0f47c3547914b03193d0f5f77c87ff8d5) PHP 5.3 compat for referencing $this in closure, and make method public for same reason (Robbie Averill)
* 2018-04-17 [af3a9f3ec](https://github.com/silverstripe/silverstripe-framework/commit/af3a9f3ec8a5465f841c5aa8ee1faf40c1b76bf4) Duplicating many_many relationships looses the extra fields (fixes #7973) (UndefinedOffset)
* 2018-03-15 [d17d93f7](https://github.com/silverstripe/silverstripe-cms/commit/d17d93f784a6e01f3d396c55adc623d69a90261a) Remove SearchForm results() function from allowed_actions (Steve Dixon)
* 2018-02-16 [86addea1d](https://github.com/silverstripe/silverstripe-framework/commit/86addea1d2a7b2e28ae8115279ae358bcb46648a) Split HTML manipulation to onadd, so elements are not accidentally duplicated (Christopher Joe)
* 2018-02-13 [c767e472d](https://github.com/silverstripe/silverstripe-framework/commit/c767e472dc494408460ef47c27b8d34475da4ac6) DataObject singleton creation (Jonathon Menz)

View File

@ -0,0 +1,16 @@
# 3.7.3
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2019-01-10 [6bf9542d6](https://github.com/silverstripe/silverstripe-framework/commit/6bf9542d664ac7935691c8055505b7ad8ea26e9a) Patch SQL Injection vulnerability when arrays are assigned to DataObject Fields (Maxime Rainville) - See [ss-2018-021](https://www.silverstripe.org/download/security-releases/ss-2018-021)
### Bugfixes
* 2019-01-30 [8e6e70335](https://github.com/silverstripe/silverstripe-framework/commit/8e6e70335895063c6e6cfd99cfcfb50c6f9c2ad9) Block Manifest of the compatibility class Object and lean on model/fieldtypes/compat/autoload.php (UndefinedOffset)
* 2019-01-23 [746c0679a](https://github.com/silverstripe/silverstripe-framework/commit/746c0679ad1d6ceac03d2adf167367f0ca2259cd) Injector may instantiate prototypes as if they're singletons (fixes #8567) (Loz Calver)
* 2019-01-11 [16a837d6a](https://github.com/silverstripe/silverstripe-framework/commit/16a837d6a093115755cd821c63be1e3be088645b) fix [Warning] on count() with PHP &gt;= 7.2 (lerni)
* 2018-11-15 [86701b8cd](https://github.com/silverstripe/silverstripe-framework/commit/86701b8cd0cd5f8de813a7c9347e7c8055d878f4) Redirect loop with multiple URL tokens (fixes #8607) (Loz Calver)

View File

@ -0,0 +1,24 @@
# 4.0.7
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2018-12-18 [95505db7d](https://github.com/silverstripe/silverstripe-framework/commit/95505db7d666a75f249f65cb1af74dca01d39add) Fix potential SQL vulnerability in non-scalar value hyrdation (Maxime Rainville) - See [ss-2018-021](https://www.silverstripe.org/download/security-releases/ss-2018-021)
### Features and Enhancements
* 2018-11-27 [a8f4f23c6](https://github.com/silverstripe/silverstripe-framework/commit/a8f4f23c660474e965b510ba1bb04bf7a145d5b0) Add visibility updates to `upgrade.yml`. (bergice)
### Bugfixes
* 2019-01-31 [cda9eef](https://github.com/silverstripe/silverstripe-assets/commit/cda9eef992b70fd46377be6d4459260d31ea2215) Fix for issue #212 (Joe Madden)
* 2019-01-29 [f918dcd36](https://github.com/silverstripe/silverstripe-framework/commit/f918dcd36a177adb8abee751d27a809f25a0afab) Escape wildcard characters when matching database name in databaseExists (Guy Marriott)
* 2019-01-28 [dc9d1b9cc](https://github.com/silverstripe/silverstripe-framework/commit/dc9d1b9cc0d3b14929fe2675282980a2750fb4cf) GridFieldPrintButton no longer assumes that children of GridField would implement their own print template (Robbie Averill)
* 2019-01-25 [0797ab7](https://github.com/silverstripe/silverstripe-asset-admin/commit/0797ab7762a4a64f2dc89c754a6bb04216b96fe1) Fix GraphQL FolderTypeCreator::resolveChildrenConnection on PostgreSQL (#901) (Serge Latyntcev)
* 2019-01-24 [d530bc2fb](https://github.com/silverstripe/silverstripe-framework/commit/d530bc2fb6c8c290f1f75f39bc4ec898cc326cf1) fix user feedback when jquery could not be loaded (Benedikt Seidl)
* 2019-01-13 [5c3b95ac](https://github.com/silverstripe/silverstripe-cms/commit/5c3b95ac8977f77e7d95d4da6333ca12b5ef465f) Multibyte URL routing (Ingo Schommer)
* 2019-01-11 [2cb49ea](https://github.com/silverstripe/silverstripe-versioned/commit/2cb49ea79d6babb80289f170dc6102c82f5b0d69) [Warning] on count() with PHP &gt;= 7.2 (Lukas)
* 2018-12-12 [0491ca03c](https://github.com/silverstripe/silverstripe-framework/commit/0491ca03cfcbd81690c54cc00f6234675978ef39) prevent death on urls with querystrings & anchors (mikeyc7m)

View File

@ -566,7 +566,7 @@ TEXT;
<li id="ModRewriteResult">Testing...</li> <li id="ModRewriteResult">Testing...</li>
<script> <script>
if (typeof $ == 'undefined') { if (typeof $ == 'undefined') {
document.getElemenyById('ModeRewriteResult').innerHTML = "I can't run jQuery ajax to set rewriting; I will redirect you to the homepage to see if everything is working."; document.getElementById('ModeRewriteResult').innerHTML = "I can't run jQuery ajax to set rewriting; I will redirect you to the homepage to see if everything is working.";
setTimeout(function() { setTimeout(function() {
window.location = "$destinationURL"; window.location = "$destinationURL";
}, 10000); }, 10000);

View File

@ -133,7 +133,10 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
$this->extend('updatePrintData', $data); $this->extend('updatePrintData', $data);
if ($data) { if ($data) {
return $data->renderWith(get_class($gridField) . "_print"); return $data->renderWith([
get_class($gridField) . '_print',
GridField::class . '_print',
]);
} }
return null; return null;

View File

@ -207,7 +207,7 @@ class MySQLSchemaManager extends DBSchemaManager
public function databaseExists($name) public function databaseExists($name)
{ {
// MySQLi doesn't like parameterised queries for some queries // MySQLi doesn't like parameterised queries for some queries
$sqlName = $this->database->quoteString($name); $sqlName = addcslashes($this->database->quoteString($name), '%_');
return !!($this->query("SHOW DATABASES LIKE $sqlName")->value()); return !!($this->query("SHOW DATABASES LIKE $sqlName")->value());
} }

View File

@ -476,7 +476,7 @@ class ShortcodeParser
if ($tags) { if ($tags) {
$node->nodeValue = $this->replaceTagsWithText( $node->nodeValue = $this->replaceTagsWithText(
$node->nodeValue, htmlspecialchars($node->nodeValue),
$tags, $tags,
function ($idx, $tag) use ($parser, $extra) { function ($idx, $tag) use ($parser, $extra) {
return $parser->getShortcodeReplacementText($tag, $extra, false); return $parser->getShortcodeReplacementText($tag, $extra, false);

View File

@ -311,6 +311,15 @@ class ShortcodeParserTest extends SapphireTest
$this->assertEquals($this->extra['element']->tagName, 'a'); $this->assertEquals($this->extra['element']->tagName, 'a');
} }
public function testShortcodeWithAnchorAndQuerystring()
{
$result = $this->parser->parse('<a href="[test_shortcode]?my-string=this&thing=2#my-anchor">Link</a>');
$this->assertContains('my-string=this', $result);
$this->assertContains('thing=2', $result);
$this->assertContains('my-anchor', $result);
}
public function testNoParseAttemptIfNoCode() public function testNoParseAttemptIfNoCode()
{ {
$stub = $this->getMockBuilder(ShortcodeParser::class)->setMethods(array('replaceElementTagsWithMarkers')) $stub = $this->getMockBuilder(ShortcodeParser::class)->setMethods(array('replaceElementTagsWithMarkers'))