From 6bce88b6bab6c8a6678b8c83e43ae03d3fe7d8b2 Mon Sep 17 00:00:00 2001 From: Lukas Date: Tue, 10 Apr 2018 17:54:44 +0200 Subject: [PATCH 01/20] README fix contributing-link, add httpS --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index b88c23076..9936f93d1 100644 --- a/README.md +++ b/README.md @@ -8,27 +8,27 @@ [![Dependency Status](https://www.versioneye.com/php/silverstripe:framework/badge.svg)](https://www.versioneye.com/php/silverstripe:framework) [![Reference Status](https://www.versioneye.com/php/silverstripe:framework/reference_badge.svg?style=flat)](https://www.versioneye.com/php/silverstripe:framework/references) -PHP5 framework forming the base for the SilverStripe CMS ([http://silverstripe.org](http://silverstripe.org)). -Requires a [`silverstripe-installer`](http://github.com/silverstripe/silverstripe-installer) base project. Typically used alongside the [`cms`](http://github.com/silverstripe/silverstripe-cms) module. +PHP5 framework forming the base for the SilverStripe CMS ([https://silverstripe.org](https://silverstripe.org)). +Requires a [`silverstripe-installer`](https://github.com/silverstripe/silverstripe-installer) base project. Typically used alongside the [`cms`](https://github.com/silverstripe/silverstripe-cms) module. ## Installation ## -See [installation on different platforms](http://doc.silverstripe.org/framework/en/installation/), -and [installation from source](http://doc.silverstripe.org/framework/en/installation/from-source). +See [installation on different platforms](https://doc.silverstripe.org/framework/en/installation/), +and [installation from source](https://doc.silverstripe.org/framework/en/installation/from-source). ## Bugtracker ## Bugs are tracked on [github.com](https://github.com/silverstripe/silverstripe-framework/issues). -Please read our [issue reporting guidelines](http://doc.silverstripe.org/framework/en/misc/contributing/issues). +Please read our [issue reporting guidelines](https://doc.silverstripe.org/framework/en/misc/contributing/issues). ## Development and Contribution ## -If you would like to make changes to the SilverStripe core codebase, we have an extensive [guide to contributing code](http://doc.silverstripe.org/framework/en/misc/contributing/code). +If you would like to make changes to the SilverStripe core codebase, we have an extensive [guide to contributing code](https://docs.silverstripe.org/en/contributing/code/). ## Links ## - * [Server Requirements](http://doc.silverstripe.org/framework/en/installation/server-requirements) - * [Changelogs](http://doc.silverstripe.org/framework/en/changelogs/) + * [Server Requirements](https://doc.silverstripe.org/framework/en/installation/server-requirements) + * [Changelogs](https://doc.silverstripe.org/framework/en/changelogs/) * [Bugtracker: Framework](https://github.com/silverstripe/silverstripe-framework/issues) * [Bugtracker: CMS](https://github.com/silverstripe/silverstripe-cms/issues) * [Bugtracker: Installer](https://github.com/silverstripe/silverstripe-installer/issues) From 51d4d2c11eb2c821eec9baf558667dc23d07116b Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Wed, 11 Apr 2018 20:12:38 +1200 Subject: [PATCH 02/20] Update some phpdocs that had typos, missing parts or incorrect formats --- admin/code/CMSBatchAction.php | 41 +++++++++++-------- admin/code/CMSMenu.php | 2 + admin/code/LeftAndMain.php | 8 ++-- core/ArrayLib.php | 1 + core/Config.php | 13 ++---- core/Extension.php | 4 +- core/Object.php | 10 ++++- core/manifest/ConfigManifest.php | 2 + filesystem/Upload.php | 2 +- forms/DropdownField.php | 1 + forms/FieldList.php | 8 ++-- forms/FileField.php | 6 +-- forms/FormField.php | 1 - forms/FormScaffolder.php | 1 - forms/HtmlEditorConfig.php | 24 +++++------ forms/HtmlEditorSanitiser.php | 17 ++++---- forms/SelectionGroup.php | 24 ++++++++--- forms/TreeDropdownField.php | 19 +++++---- forms/UploadField.php | 9 ++-- .../GridFieldAddExistingAutocompleter.php | 2 +- forms/gridfield/GridFieldComponent.php | 5 +-- forms/gridfield/GridFieldDataColumns.php | 4 +- forms/gridfield/GridFieldFooter.php | 4 +- forms/gridfield/GridFieldPageCount.php | 2 +- forms/gridfield/GridFieldSortableHeader.php | 5 ++- forms/gridfield/GridState.php | 4 +- parsers/ShortcodeParser.php | 12 +++--- security/BasicAuth.php | 3 +- security/Group.php | 3 ++ security/MemberLoginForm.php | 1 - security/PasswordEncryptor.php | 5 ++- 31 files changed, 142 insertions(+), 101 deletions(-) diff --git a/admin/code/CMSBatchAction.php b/admin/code/CMSBatchAction.php index 512503a62..0dd8b2c1b 100644 --- a/admin/code/CMSBatchAction.php +++ b/admin/code/CMSBatchAction.php @@ -25,18 +25,22 @@ abstract class CMSBatchAction extends Object { /** * Run this action for the given set of pages. * Return a set of status-updated JavaScript to return to the CMS. + * + * @param SS_List $objs */ abstract public function run(SS_List $objs); /** * Helper method for responding to a back action request - * @param $successMessage string - The message to return as a notification. - * Can have up to two %d's in it. The first will be replaced by the number of successful - * changes, the second by the number of failures - * @param $status array - A status array like batchactions builds. Should be - * key => value pairs, the key can be any string: "error" indicates errors, anything - * else indicates a type of success. The value is an array. We don't care what's in it, - * we just use count($value) to find the number of items that succeeded or failed + * + * @param string $successMessage The message to return as a notification. + * Can have up to two %d's in it. The first will be replaced by the number of + * successful changes, the second by the number of failures + * @param array $status A status array like batchactions builds. Should be + * key => value pairs, the key can be any string: "error" indicates errors, anything + * else indicates a type of success. The value is an array. We don't care what's in it, + * we just use count($value) to find the number of items that succeeded or failed + * @return string JSON response */ public function response($successMessage, $status) { $count = 0; @@ -69,10 +73,9 @@ abstract class CMSBatchAction extends Object { * Helper method for processing batch actions. * Returns a set of status-updating JavaScript to return to the CMS. * - * @param $objs The SS_List of objects to perform this batch action - * on. - * @param $helperMethod The method to call on each of those objects. - * @return JSON encoded map in the following format: + * @param SS_List $objs The SS_List of objects to perform this batch action on. + * @param string $helperMethod The method to call on each of those objects. + * @return string JSON encoded map in the following format: * { * 'modified': { * 3: {'TreeTitle': 'Page3'}, @@ -117,10 +120,10 @@ abstract class CMSBatchAction extends Object { /** * Helper method for applicablePages() methods. Acts as a skeleton implementation. * - * @param $ids The IDs passed to applicablePages - * @param $methodName The canXXX() method to call on each page to check if the action is applicable - * @param $checkStagePages Set to true if you want to check stage pages - * @param $checkLivePages Set to true if you want to check live pages (e.g, for deleted-from-draft) + * @param array $ids The IDs passed to applicablePages + * @param string $methodName The canXXX() method to call on each page to check if the action is applicable + * @param boolean $checkStagePages Set to true if you want to check stage pages + * @param boolean $checkLivePages Set to true if you want to check live pages (e.g, for deleted-from-draft) */ public function applicablePagesHelper($ids, $methodName, $checkStagePages = true, $checkLivePages = true) { if(!is_array($ids)) user_error("Bad \$ids passed to applicablePagesHelper()", E_USER_WARNING); @@ -153,13 +156,19 @@ abstract class CMSBatchAction extends Object { } - // if your batchaction has parameters, return a FieldList here + /** + * If your batchaction has parameters, return a FieldList here + * + * @return FieldList|boolean + */ public function getParameterFields() { return false; } /** * If you wish to restrict the batch action to some users, overload this function. + * + * @return boolean */ public function canView() { return true; diff --git a/admin/code/CMSMenu.php b/admin/code/CMSMenu.php index a019575c7..b0cf15d35 100644 --- a/admin/code/CMSMenu.php +++ b/admin/code/CMSMenu.php @@ -104,6 +104,7 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider { * @param string $controllerClass The controller class for this menu, used to check permisssions. * If blank, it's assumed that this is public, and always shown to users who * have the rights to access some other part of the admin area. + * @param int $priority * @param array $attributes an array of attributes to include on the link. * * @return boolean Success @@ -235,6 +236,7 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider { * @param string $controllerClass The controller class for this menu, used to check permisssions. * If blank, it's assumed that this is public, and always shown to users who * have the rights to access some other part of the admin area. + * @param int $priority * @param array $attributes an array of attributes to include on the link. * * @return boolean Success diff --git a/admin/code/LeftAndMain.php b/admin/code/LeftAndMain.php index 7a2e961a2..1a41e29ae 100644 --- a/admin/code/LeftAndMain.php +++ b/admin/code/LeftAndMain.php @@ -821,12 +821,12 @@ class LeftAndMain extends Controller implements PermissionProvider { /** * Get a site tree HTML listing which displays the nodes under the given criteria. * - * @param $className The class of the root object - * @param $rootID The ID of the root object. If this is null then a complete tree will be + * @param string $className The class of the root object + * @param int $rootID The ID of the root object. If this is null then a complete tree will be * shown - * @param $childrenMethod The method to call to get the children of the tree. For example, + * @param string $childrenMethod The method to call to get the children of the tree. For example, * Children, AllChildrenIncludingDeleted, or AllHistoricalChildren - * @return String Nested unordered list with links to each page + * @return string Nested unordered list with links to each page */ public function getSiteTreeFor($className, $rootID = null, $childrenMethod = null, $numChildrenMethod = null, $filterFunction = null, $nodeCountThreshold = 30) { diff --git a/core/ArrayLib.php b/core/ArrayLib.php index e582be118..a99761b17 100644 --- a/core/ArrayLib.php +++ b/core/ArrayLib.php @@ -229,6 +229,7 @@ class ArrayLib { * * @param array $array * @param boolean $preserveKeys + * @param array $out * * @return array */ diff --git a/core/Config.php b/core/Config.php index 5a553741b..c7215746d 100644 --- a/core/Config.php +++ b/core/Config.php @@ -602,9 +602,9 @@ class Config { * Configuration is modify only. The value passed is merged into the existing configuration. If you want to * replace the current array value, you'll need to call remove first. * - * @param $class string - The class to update a configuration value for - * @param $name string - The configuration property name to update - * @param $value any - The value to update with + * @param string $class The class to update a configuration value for + * @param string $name The configuration property name to update + * @param mixed $value The value to update with * * Arrays are recursively merged into current configuration as "latest" - for associative arrays the passed value * replaces any item with the same key, for sequential arrays the items are placed at the end of the array, for @@ -648,13 +648,6 @@ class Config { * * @param string $class The class to remove a configuration value from * @param string $name The configuration name - * @param mixed $key An optional key to filter against. - * If referenced config value is an array, only members of that array that match this key will be removed - * Must also match value if provided to be removed - * @param mixed $value And optional value to filter against. - * If referenced config value is an array, only members of that array that match this value will be removed - * If referenced config value is not an array, value will be removed only if it matches this argument - * Must also match key if provided and referenced config value is an array to be removed * * Matching is always by "==", not by "===" */ diff --git a/core/Extension.php b/core/Extension.php index 57e1ca3b4..511803fd6 100644 --- a/core/Extension.php +++ b/core/Extension.php @@ -47,7 +47,9 @@ abstract class Extension { * Called when this extension is added to a particular class * * @static - * @param $class + * @param string $class + * @param string $extensionClass + * @param mixed $args */ public static function add_to_class($class, $extensionClass, $args = null) { // NOP diff --git a/core/Object.php b/core/Object.php index a17f461b2..9e0e4a99b 100755 --- a/core/Object.php +++ b/core/Object.php @@ -278,7 +278,7 @@ abstract class Object { case 'null': $result = null; $forceResult = true; break; default: throw new Exception("Bad T_STRING arg '{$token[1]}'"); } - + break; case T_ARRAY: @@ -1045,7 +1045,13 @@ abstract class Object { * The extension methods are defined during {@link __construct()} in {@link defineMethods()}. * * @param string $method the name of the method to call on each extension - * @param mixed $a1,... up to 7 arguments to be passed to the method + * @param mixed $a1 + * @param mixed $a2 + * @param mixed $a3 + * @param mixed $a4 + * @param mixed $a5 + * @param mixed $a6 + * @param mixed $a7 * @return array */ public function extend($method, &$a1=null, &$a2=null, &$a3=null, &$a4=null, &$a5=null, &$a6=null, &$a7=null) { diff --git a/core/manifest/ConfigManifest.php b/core/manifest/ConfigManifest.php index 8944cd386..6bb5485b3 100644 --- a/core/manifest/ConfigManifest.php +++ b/core/manifest/ConfigManifest.php @@ -80,6 +80,7 @@ class SS_ConfigManifest { * from the cache or re-scanning for classes. * * @param string $base The project base path. + * @param bool $includeTests * @param bool $forceRegen Force the manifest to be regenerated. */ public function __construct($base, $includeTests = false, $forceRegen = false ) { @@ -192,6 +193,7 @@ class SS_ConfigManifest { * * Does _not_ build the actual variant * + * @param bool $includeTests * @param bool $cache Cache the result. */ public function regenerate($includeTests = false, $cache = true) { diff --git a/filesystem/Upload.php b/filesystem/Upload.php index 9ef532e20..d4d7c9fa9 100644 --- a/filesystem/Upload.php +++ b/filesystem/Upload.php @@ -92,7 +92,7 @@ class Upload extends Controller { /** * Get current validator * - * @return Upload_Validator $validator + * @return Upload_Validator */ public function getValidator() { return $this->validator; diff --git a/forms/DropdownField.php b/forms/DropdownField.php index 1aa6c28f5..592992780 100644 --- a/forms/DropdownField.php +++ b/forms/DropdownField.php @@ -122,6 +122,7 @@ class DropdownField extends FormField { * @param array|ArrayAccess $source A map of the dropdown items * @param string $value The current value * @param Form $form The parent form + * @param string $emptyString Empty string value, e.g. "please choose" */ public function __construct($name, $title=null, $source=array(), $value='', $form=null, $emptyString=null) { $this->setSource($source); diff --git a/forms/FieldList.php b/forms/FieldList.php index 8af71a384..e5247fd0f 100644 --- a/forms/FieldList.php +++ b/forms/FieldList.php @@ -131,9 +131,9 @@ class FieldList extends ArrayList { * This is most commonly used when overloading getCMSFields() * * @param string $tabName The name of the tab or tabset. Subtabs can be referred to as TabSet.Tab - * or TabSet.Tab.Subtab. - * This function will create any missing tabs. + * or TabSet.Tab.Subtab. This function will create any missing tabs. * @param array $fields An array of {@link FormField} objects. + * @param string $name Name of the field to insert before (optional) */ public function addFieldsToTab($tabName, $fields, $insertBefore = null) { $this->flushFieldsCache(); @@ -663,8 +663,8 @@ class FieldList extends ArrayList { * Support function for backwards compatibility purposes. * Caution: Volatile API, might be removed in 3.1 or later. * - * @param String $tabname Path to a tab, e.g. "Root.Content.Main" - * @return String Rewritten path, based on {@link tabPathRewrites} + * @param string $name Path to a tab, e.g. "Root.Content.Main" + * @return string Rewritten path, based on {@link tabPathRewrites} */ protected function rewriteTabPath($name) { $isRunningTest = (class_exists('SapphireTest', false) && SapphireTest::is_running_test()); diff --git a/forms/FileField.php b/forms/FileField.php index 2728539b9..6730c06fd 100644 --- a/forms/FileField.php +++ b/forms/FileField.php @@ -148,7 +148,7 @@ class FileField extends FormField { /** * Get custom validator for this field * - * @param Upload_Validator $validator + * @return Upload_Validator */ public function getValidator() { return $this->upload->getValidator(); @@ -158,7 +158,7 @@ class FileField extends FormField { * Set custom validator for this field * * @param Upload_Validator $validator - * @return FileField Self reference + * @return $this */ public function setValidator($validator) { $this->upload->setValidator($validator); @@ -169,7 +169,7 @@ class FileField extends FormField { * Sets the upload folder name * * @param string $folderName - * @return FileField Self reference + * @return $this */ public function setFolderName($folderName) { $this->folderName = $folderName; diff --git a/forms/FormField.php b/forms/FormField.php index d04991e02..0585c0ed7 100644 --- a/forms/FormField.php +++ b/forms/FormField.php @@ -651,7 +651,6 @@ class FormField extends RequestHandler { * Set the field value. * * @param mixed $value - * @param null|array|DataObject $data {@see Form::loadDataFrom} * * @return $this */ diff --git a/forms/FormScaffolder.php b/forms/FormScaffolder.php index 1fa632315..d7bd93e0f 100644 --- a/forms/FormScaffolder.php +++ b/forms/FormScaffolder.php @@ -49,7 +49,6 @@ class FormScaffolder extends Object { /** * @param DataObject $obj - * @param array $params */ public function __construct($obj) { $this->obj = $obj; diff --git a/forms/HtmlEditorConfig.php b/forms/HtmlEditorConfig.php index d53aefd11..384a8838e 100644 --- a/forms/HtmlEditorConfig.php +++ b/forms/HtmlEditorConfig.php @@ -160,7 +160,7 @@ class HtmlEditorConfig { * * @see http://wiki.moxiecode.com/index.php/TinyMCE:API/tinymce.PluginManager/load * - * @param String [0..] a string, or several strings, or a single array of strings - The plugins to enable + * @param string [0..] a string, or several strings, or a single array of strings - The plugins to enable * @return HtmlEditorConfig */ public function enablePlugins() { @@ -179,7 +179,7 @@ class HtmlEditorConfig { /** * Enable one or several plugins. Will properly handle being passed a plugin that is already disabled - * @param String [0..] a string, or several strings, or a single array of strings - The plugins to disable + * @param string [0..] a string, or several strings, or a single array of strings - The plugins to disable * @return HtmlEditorConfig */ public function disablePlugins() { @@ -241,13 +241,13 @@ class HtmlEditorConfig { /** * Internal function for adding and removing buttons related to another button - * @param $name string - the name of the button to modify - * @param $offset integer - the offset relative to that button to perform an array_splice at - 0 for before $name, + * @param $name string The name of the button to modify + * @param $offset integer The offset relative to that button to perform an array_splice at - 0 for before $name, * 1 for after - * @param $del integer - the number of buttons to remove at the position given by index(string) + offset - * @param $add mixed - an array or single item to insert at the position given by index(string) + offset, + * @param $del integer The number of buttons to remove at the position given by index(string) + offset + * @param $add mixed An array or single item to insert at the position given by index(string) + offset, * or null for no insertion - * @return boolean - true if $name matched a button, false otherwise + * @return boolean True if $name matched a button, false otherwise */ protected function modifyButtons($name, $offset, $del=0, $add=null) { foreach ($this->buttons as &$buttons) { @@ -262,8 +262,8 @@ class HtmlEditorConfig { /** * Insert buttons before the first occurance of another button - * @param string - the name of the button to insert other buttons before - * @param string a string, or several strings, or a single array of strings - the button names to insert before + * @param string The name of the button to insert other buttons before + * @param string A string, or several strings, or a single array of strings - the button names to insert before * that button * @return boolean - true if insertion occured, false if it did not (because the given button name was not found) */ @@ -275,10 +275,10 @@ class HtmlEditorConfig { /** * Insert buttons after the first occurance of another button - * @param string - the name of the button to insert other buttons after - * @param string a string, or several strings, or a single array of strings - the button names to insert after + * @param string The name of the button to insert other buttons after + * @param string A string, or several strings, or a single array of strings - the button names to insert after * that button - * @return boolean - true if insertion occured, false if it did not (because the given button name was not found) + * @return boolean True if insertion occured, false if it did not (because the given button name was not found) */ public function insertButtonsAfter() { $inserts = func_get_args(); diff --git a/forms/HtmlEditorSanitiser.php b/forms/HtmlEditorSanitiser.php index 920a750c8..462f122e0 100644 --- a/forms/HtmlEditorSanitiser.php +++ b/forms/HtmlEditorSanitiser.php @@ -165,8 +165,9 @@ class HtmlEditorSanitiser { /** * Given an element tag, return the rule structure for that element - * @param string $tag - The element tag - * @return stdClass - The element rule + * + * @param string $tag The element tag + * @return stdClass The element rule */ protected function getRuleForElement($tag) { if(isset($this->elements[$tag])) { @@ -179,8 +180,10 @@ class HtmlEditorSanitiser { /** * Given an attribute name, return the rule structure for that attribute - * @param string $name - The attribute name - * @return stdClass - The attribute rule + * + * @param object $elementRule + * @param string $name The attribute name + * @return stdClass The attribute rule */ protected function getRuleForAttribute($elementRule, $name) { if(isset($elementRule->attributes[$name])) { @@ -193,9 +196,9 @@ class HtmlEditorSanitiser { /** * Given a DOMElement and an element rule, check if that element passes the rule - * @param DOMElement $element - the element to check - * @param stdClass $rule - the rule to check against - * @return bool - true if the element passes (and so can be kept), false if it fails (and so needs stripping) + * @param DOMElement $element The element to check + * @param stdClass $rule The rule to check against + * @return bool True if the element passes (and so can be kept), false if it fails (and so needs stripping) */ protected function elementMatchesRule($element, $rule = null) { // If the rule doesn't exist at all, the element isn't allowed diff --git a/forms/SelectionGroup.php b/forms/SelectionGroup.php index c2eea9afe..f3d41da95 100644 --- a/forms/SelectionGroup.php +++ b/forms/SelectionGroup.php @@ -123,19 +123,19 @@ class SelectionGroup extends CompositeField { class SelectionGroup_Item extends CompositeField { /** - * @var String + * @var string */ protected $value; /** - * @var String + * @var string */ protected $title; /** - * @param String $value Form field identifier - * @param FormField $field Contents of the option - * @param String $title Title to show for the radio button option + * @param string $value Form field identifier + * @param FormField[] $fields Contents of the option + * @param string $title Title to show for the radio button option */ function __construct($value, $fields = null, $title = null) { $this->value = $value; @@ -145,19 +145,33 @@ class SelectionGroup_Item extends CompositeField { parent::__construct($fields); } + /** + * @return string + */ function getTitle() { return $this->title; } + /** + * @param string $title + * @return $this + */ function setTitle($title) { $this->title = $title; return $this; } + /** + * @return string + */ function getValue() { return $this->value; } + /** + * @param mixed $Value + * @return $this + */ function setValue($Value) { $this->value = $Value; return $this; diff --git a/forms/TreeDropdownField.php b/forms/TreeDropdownField.php index 91200a27a..5f4fc6ea7 100644 --- a/forms/TreeDropdownField.php +++ b/forms/TreeDropdownField.php @@ -392,8 +392,8 @@ class TreeDropdownField extends FormField { * Marking public function for the tree, which combines different filters sensibly. * If a filter function has been set, that will be called. And if search text is set, * filter on that too. Return true if all applicable conditions are true, false otherwise. - * @param $node - * @return unknown_type + * @param DataObject $node + * @return boolean */ public function filterMarking($node) { if ($this->filterCallback && !call_user_func($this->filterCallback, $node)) return false; @@ -414,7 +414,8 @@ class TreeDropdownField extends FormField { } /** - * @param String $field + * @param string $field + * @return $this */ public function setLabelField($field) { $this->labelField = $field; @@ -422,14 +423,15 @@ class TreeDropdownField extends FormField { } /** - * @return String + * @return string */ public function getLabelField() { return $this->labelField; } /** - * @param String $field + * @param string $field + * @return $this */ public function setKeyField($field) { $this->keyField = $field; @@ -437,14 +439,15 @@ class TreeDropdownField extends FormField { } /** - * @return String + * @return string */ public function getKeyField() { return $this->keyField; } /** - * @param String $field + * @param string $field + * @return $this */ public function setSourceObject($class) { $this->sourceObject = $class; @@ -452,7 +455,7 @@ class TreeDropdownField extends FormField { } /** - * @return String + * @return string */ public function getSourceObject() { return $this->sourceObject; diff --git a/forms/UploadField.php b/forms/UploadField.php index 164a24ac1..a246003b6 100644 --- a/forms/UploadField.php +++ b/forms/UploadField.php @@ -202,7 +202,6 @@ class UploadField extends FileField { * @param string $title The field label. * @param SS_List $items If no items are defined, the field will try to auto-detect an existing relation on * @link $record}, with the same name as the field name. - * @param Form $form Reference to the container form */ public function __construct($name, $title = null, SS_List $items = null) { @@ -1335,8 +1334,8 @@ class UploadField_ItemHandler extends RequestHandler { ); /** - * @param UploadFIeld $parent - * @param int $item + * @param UploadField $parent + * @param int $itemID */ public function __construct($parent, $itemID) { $this->parent = $parent; @@ -1499,7 +1498,7 @@ class UploadField_SelectHandler extends RequestHandler { * @config * @var int */ - private static $page_size = 11; + private static $page_size = 11; private static $url_handlers = array( '$Action!' => '$Action', @@ -1584,7 +1583,7 @@ class UploadField_SelectHandler extends RequestHandler { 'Created' => 'SS_Datetime->Nice' )); - // Set configurable pagination for file list field + // Set configurable pagination for file list field $pageSize = Config::inst()->get(get_class($this), 'page_size'); $config->addComponent(new GridFieldPaginator($pageSize)); diff --git a/forms/gridfield/GridFieldAddExistingAutocompleter.php b/forms/gridfield/GridFieldAddExistingAutocompleter.php index 937f5218f..af012fba4 100644 --- a/forms/gridfield/GridFieldAddExistingAutocompleter.php +++ b/forms/gridfield/GridFieldAddExistingAutocompleter.php @@ -79,7 +79,7 @@ class GridFieldAddExistingAutocompleter protected $resultsLimit = 20; /** - * + * @param string $targetFragment * @param array $searchFields Which fields on the object in the list should be searched */ public function __construct($targetFragment = 'before', $searchFields = null) { diff --git a/forms/gridfield/GridFieldComponent.php b/forms/gridfield/GridFieldComponent.php index 146e20db1..1809cb80a 100644 --- a/forms/gridfield/GridFieldComponent.php +++ b/forms/gridfield/GridFieldComponent.php @@ -55,8 +55,7 @@ interface GridField_ColumnProvider extends GridFieldComponent { * @see {@link GridFieldDataColumns}. * * @param GridField $gridField - * @param arary $columns List of columns - * @param array - List reference of all column names. + * @param array $columns List of columns */ public function augmentColumns($gridField, &$columns); @@ -205,7 +204,7 @@ interface GridField_SaveHandler extends GridFieldComponent { /** * Called when a grid field is saved - i.e. the form is submitted. * - * @param GridField $field + * @param GridField $grid * @param DataObjectInterface $record */ public function handleSave(GridField $grid, DataObjectInterface $record); diff --git a/forms/gridfield/GridFieldDataColumns.php b/forms/gridfield/GridFieldDataColumns.php index af9d438e5..6e1d90f2f 100644 --- a/forms/gridfield/GridFieldDataColumns.php +++ b/forms/gridfield/GridFieldDataColumns.php @@ -174,8 +174,8 @@ class GridFieldDataColumns implements GridField_ColumnProvider { * e.g. to set a title for a search column header. * * @param GridField $gridField - * @param string $columnName - * @return array - Map of arbitrary metadata identifiers to their values. + * @param string $column + * @return array Map of arbitrary metadata identifiers to their values. */ public function getColumnMetadata($gridField, $column) { $columns = $this->getDisplayFields($gridField); diff --git a/forms/gridfield/GridFieldFooter.php b/forms/gridfield/GridFieldFooter.php index 1fba1c2a6..8cb266f54 100644 --- a/forms/gridfield/GridFieldFooter.php +++ b/forms/gridfield/GridFieldFooter.php @@ -24,8 +24,8 @@ class GridFieldFooter implements GridField_HTMLProvider { protected $showrecordcount; /** - * - * @param string $message - a message to display in the footer + * @param string $message A message to display in the footer + * @param boolean $showrecordcount */ public function __construct($message = null, $showrecordcount = true) { if($message) { diff --git a/forms/gridfield/GridFieldPageCount.php b/forms/gridfield/GridFieldPageCount.php index e7175a71a..310f4fa5c 100755 --- a/forms/gridfield/GridFieldPageCount.php +++ b/forms/gridfield/GridFieldPageCount.php @@ -23,7 +23,7 @@ class GridFieldPageCount implements GridField_HTMLProvider { protected $itemClass = 'GridFieldPageCount'; /** - * @param string $targetFrament The fragment indicating the placement of this page count + * @param string $targetFragment The fragment indicating the placement of this page count */ public function __construct($targetFragment = 'before') { $this->targetFragment = $targetFragment; diff --git a/forms/gridfield/GridFieldSortableHeader.php b/forms/gridfield/GridFieldSortableHeader.php index c0a9c1449..96626ec38 100644 --- a/forms/gridfield/GridFieldSortableHeader.php +++ b/forms/gridfield/GridFieldSortableHeader.php @@ -61,7 +61,8 @@ class GridFieldSortableHeader implements GridField_HTMLProvider, GridField_DataM * Specify sortings with fieldname as the key, and actual fieldname to sort as value. * Example: array("MyCustomTitle"=>"Title", "MyCustomBooleanField" => "ActualBooleanField") * - * @param array $casting + * @param array $sorting + * @return $this */ public function setFieldSorting($sorting) { $this->fieldSorting = $sorting; @@ -77,6 +78,8 @@ class GridFieldSortableHeader implements GridField_HTMLProvider, GridField_DataM /** * Returns the header row providing titles with sort buttons + * + * @param GridField $gridField */ public function getHTMLFragments($gridField) { if(!$this->checkDataType($gridField->getList())) return; diff --git a/forms/gridfield/GridState.php b/forms/gridfield/GridState.php index 8f159a0f4..2ed1ba462 100644 --- a/forms/gridfield/GridState.php +++ b/forms/gridfield/GridState.php @@ -24,8 +24,8 @@ class GridState extends HiddenField { /** * - * @param GridField $name - * @param string $data - json encoded string + * @param GridField $grid + * @param string $value JSON encoded string */ public function __construct($grid, $value = null) { $this->grid = $grid; diff --git a/parsers/ShortcodeParser.php b/parsers/ShortcodeParser.php index ef0633756..f118e8dec 100644 --- a/parsers/ShortcodeParser.php +++ b/parsers/ShortcodeParser.php @@ -364,9 +364,10 @@ class ShortcodeParser extends Object { * Replaces the shortcode tags extracted by extractTags with HTML element "markers", so that * we can parse the resulting string as HTML and easily mutate the shortcodes in the DOM * - * @param string $content - The HTML string with [tag] style shortcodes embedded - * @param array $tags - The tags extracted by extractTags - * @return string - The HTML string with [tag] style shortcodes replaced by markers + * @param string $content The HTML string with [tag] style shortcodes embedded + * @param array $tags The tags extracted by extractTags + * @param callable $generator Callback for performing the replacements + * @return string The HTML string with [tag] style shortcodes replaced by markers */ protected function replaceTagsWithText($content, $tags, $generator) { // The string with tags replaced with markers @@ -398,7 +399,7 @@ class ShortcodeParser extends Object { * We don't use markers with attributes because there's no point, it's easier to do all the matching * in-DOM after the XML parse * - * @param DOMDocument $doc + * @param DOMDocument $htmlvalue */ protected function replaceAttributeTagsWithContent($htmlvalue) { $attributes = $htmlvalue->query('//@*[contains(.,"[")][contains(.,"]")]'); @@ -485,7 +486,8 @@ class ShortcodeParser extends Object { * generate only inline blocks) * * @param DOMElement $node - * @param int $location - ShortcodeParser::BEFORE, ShortcodeParser::SPLIT or ShortcodeParser::INLINE + * @param DOMElement $parent + * @param string $location ShortcodeParser::BEFORE, ShortcodeParser::SPLIT or ShortcodeParser::INLINE */ protected function moveMarkerToCompliantHome($node, $parent, $location) { // Move before block parent diff --git a/security/BasicAuth.php b/security/BasicAuth.php index bab9ffdb6..c322b1ecd 100644 --- a/security/BasicAuth.php +++ b/security/BasicAuth.php @@ -125,9 +125,10 @@ class BasicAuth { * define('SS_USE_BASIC_AUTH', true); * * @param boolean $protect Set this to false to disable protection. - * @param String $code {@link Permission} code that is required from the user. + * @param string $code {@link Permission} code that is required from the user. * Defaults to "ADMIN". Set to NULL to just require a valid login, regardless * of the permission codes a user has. + * @param string $message */ public static function protect_entire_site($protect = true, $code = 'ADMIN', $message = null) { Config::inst()->update('BasicAuth', 'entire_site_protected', $protect); diff --git a/security/Group.php b/security/Group.php index f9c661efd..e143db524 100755 --- a/security/Group.php +++ b/security/Group.php @@ -246,6 +246,9 @@ class Group extends DataObject { * See {@link DirectMembers()} for retrieving members without any inheritance. * * @param string $filter + * @param string $sort + * @param string $join + * @param string $limit * @return ManyManyList */ public function Members($filter = "", $sort = "", $join = "", $limit = "") { diff --git a/security/MemberLoginForm.php b/security/MemberLoginForm.php index a9146f7f9..ded8cfc9b 100644 --- a/security/MemberLoginForm.php +++ b/security/MemberLoginForm.php @@ -47,7 +47,6 @@ class MemberLoginForm extends LoginForm { * @param bool $checkCurrentUser If set to TRUE, it will be checked if a * the user is currently logged in, and if * so, only a logout button will be rendered - * @param string $authenticatorClassName Name of the authenticator class that this form uses. */ public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) { diff --git a/security/PasswordEncryptor.php b/security/PasswordEncryptor.php index 5e3b13526..5a08231fc 100644 --- a/security/PasswordEncryptor.php +++ b/security/PasswordEncryptor.php @@ -108,6 +108,8 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor { * The two digit cost parameter is the base-2 logarithm of the iteration * count for the underlying Blowfish-based hashing algorithmeter and must * be in range 04-31, values outside this range will cause crypt() to fail. + * + * @var int */ protected static $cost = 10; @@ -127,8 +129,7 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor { /** * Gets the cost that is set for the blowfish algorithm * - * @param int $cost - * @return null + * @return int */ public static function get_cost() { return self::$cost; From 67fbaf342354e8049a9947de7d27b5c246b2ea42 Mon Sep 17 00:00:00 2001 From: DorsetDigital Date: Fri, 13 Apr 2018 09:24:16 +0100 Subject: [PATCH 03/20] Update 06_Themes.md Remove reference to theme picker in settings page which was removed in SS4 --- docs/en/02_Developer_Guides/01_Templates/06_Themes.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/en/02_Developer_Guides/01_Templates/06_Themes.md b/docs/en/02_Developer_Guides/01_Templates/06_Themes.md index e2850e74e..ca5deea7b 100644 --- a/docs/en/02_Developer_Guides/01_Templates/06_Themes.md +++ b/docs/en/02_Developer_Guides/01_Templates/06_Themes.md @@ -32,8 +32,7 @@ As you've added new files to your SilverStripe installation, make sure you clear ### Configuring themes After installing the files through either method, update the current theme in SilverStripe. This can be done by -either altering the `SSViewer.themes` setting in a [config.yml](../configuration) or by changing the current theme in -the Site Configuration panel (http://yoursite.com/admin/settings) +altering the `SSViewer.themes` setting in a [config.yml](../configuration) **mysite/_config/app.yml** @@ -106,4 +105,4 @@ The final step is to [submit your theme to Packagist](https://packagist.org/abou ## Related Lessons * [Creating your first theme](https://www.silverstripe.org/learn/lessons/v4/creating-your-first-theme-1) -* [Migrating static templates into your theme](https://www.silverstripe.org/learn/lessons/v4/migrating-static-templates-into-your-theme-1) \ No newline at end of file +* [Migrating static templates into your theme](https://www.silverstripe.org/learn/lessons/v4/migrating-static-templates-into-your-theme-1) From f83691e7f7e7a75657df1211673b72d9cf4c4b4f Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Wed, 18 Apr 2018 11:37:31 +1200 Subject: [PATCH 04/20] BUG Make invalid dev actions 404 not 500 error Fixes #8012 --- src/Dev/DevelopmentAdmin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Dev/DevelopmentAdmin.php b/src/Dev/DevelopmentAdmin.php index 267d3386a..734e980ce 100644 --- a/src/Dev/DevelopmentAdmin.php +++ b/src/Dev/DevelopmentAdmin.php @@ -132,7 +132,7 @@ class DevelopmentAdmin extends Controller // in CLI we cant use httpError because of a bug with stuff being in the output already, see DevAdminControllerTest throw new Exception($msg); } else { - $this->httpError(500, $msg); + $this->httpError(404, $msg); } } From af3a9f3ec8a5465f841c5aa8ee1faf40c1b76bf4 Mon Sep 17 00:00:00 2001 From: UndefinedOffset Date: Tue, 17 Apr 2018 13:37:02 -0300 Subject: [PATCH 05/20] FIX: Duplicating many_many relationships looses the extra fields (fixes #7973) --- model/DataObject.php | 16 +++++++++++++++- tests/model/DataObjectDuplicationTest.php | 11 ++++++++++- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/model/DataObject.php b/model/DataObject.php index 84d6f5dac..43a9aa34c 100644 --- a/model/DataObject.php +++ b/model/DataObject.php @@ -585,7 +585,21 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity private function duplicateRelations($sourceObject, $destinationObject, $name) { $relations = $sourceObject->$name(); if ($relations) { - if ($relations instanceOf RelationList) { //many-to-something relation + if ($relations instanceOf ManyManyList) { //many-to-many relation + $source = $sourceObject->getManyManyComponents($name); + $extraFieldNames = $source->getExtraFields(); + + if ($relations->Count() > 0) { //with more than one thing it is related to + foreach($relations as $relation) { + // Merge extra fields + $extraFields = array(); + foreach ($extraFieldNames as $fieldName => $fieldType) { + $extraFields[$fieldName] = $relation->getField($fieldName); + } + $destinationObject->$name()->add($relation, $extraFields); + } + } + } else if ($relations instanceOf RelationList) { //many-to-something relation if ($relations->Count() > 0) { //with more than one thing it is related to foreach($relations as $relation) { $destinationObject->$name()->add($relation); diff --git a/tests/model/DataObjectDuplicationTest.php b/tests/model/DataObjectDuplicationTest.php index e3b24fece..2fcab1c4d 100644 --- a/tests/model/DataObjectDuplicationTest.php +++ b/tests/model/DataObjectDuplicationTest.php @@ -77,7 +77,7 @@ class DataObjectDuplicationTest extends SapphireTest { //create relations $one->twos()->add($two); - $one->threes()->add($three); + $one->threes()->add($three, array('TestExtra'=>'three')); $one = DataObject::get_by_id("DataObjectDuplicateTestClass1", $one->ID); $two = DataObject::get_by_id("DataObjectDuplicateTestClass2", $two->ID); @@ -115,6 +115,9 @@ class DataObjectDuplicationTest extends SapphireTest { "Match between relation of copy and the original"); $this->assertEquals($one->ID, $threeCopy->ones()->First()->ID, "Match between relation of copy and the original"); + + $this->assertEquals('three', $oneCopy->threes()->First()->TestExtra, + "Match between extra field of copy and the original"); } } @@ -133,6 +136,12 @@ class DataObjectDuplicateTestClass1 extends DataObject implements TestOnly { private static $many_many = array( 'threes' => 'DataObjectDuplicateTestClass3' ); + + private static $many_many_extraFields = array( + 'threes' => array( + 'TestExtra' => 'Varchar' + ) + ); } class DataObjectDuplicateTestClass2 extends DataObject implements TestOnly { From 36198c482e9e36638db59881a54915ef54b8a222 Mon Sep 17 00:00:00 2001 From: UndefinedOffset Date: Tue, 17 Apr 2018 13:46:12 -0300 Subject: [PATCH 06/20] Removed extra lookup of the list --- model/DataObject.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/model/DataObject.php b/model/DataObject.php index 43a9aa34c..3ed7318e5 100644 --- a/model/DataObject.php +++ b/model/DataObject.php @@ -586,8 +586,7 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity $relations = $sourceObject->$name(); if ($relations) { if ($relations instanceOf ManyManyList) { //many-to-many relation - $source = $sourceObject->getManyManyComponents($name); - $extraFieldNames = $source->getExtraFields(); + $extraFieldNames = $relations->getExtraFields(); if ($relations->Count() > 0) { //with more than one thing it is related to foreach($relations as $relation) { From fe4b90edc0ead9c6c77d606101bfbf568a963fb4 Mon Sep 17 00:00:00 2001 From: UndefinedOffset Date: Wed, 18 Apr 2018 10:45:51 -0300 Subject: [PATCH 07/20] FIX: Duplicating many_many relationships looses the extra fields in 4.0 --- src/ORM/DataObject.php | 14 +++++++++++++- tests/php/ORM/DataObjectDuplicationTest.php | 8 +++++++- tests/php/ORM/DataObjectDuplicationTest/Class1.php | 6 ++++++ 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/src/ORM/DataObject.php b/src/ORM/DataObject.php index f8ad2560c..c6099fd7d 100644 --- a/src/ORM/DataObject.php +++ b/src/ORM/DataObject.php @@ -459,8 +459,20 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity // Copy all components from source to destination $source = $sourceObject->getManyManyComponents($manyManyName); $dest = $destinationObject->getManyManyComponents($manyManyName); + + if ($source instanceof UnsavedRelationList) { + $extraFieldNames = array(); + } else { + $extraFieldNames = $source->getExtraFields(); + } + foreach ($source as $item) { - $dest->add($item); + // Merge extra fields + $extraFields = array(); + foreach ($extraFieldNames as $fieldName => $fieldType) { + $extraFields[$fieldName] = $item->getField($fieldName); + } + $dest->add($item, $extraFields); } } diff --git a/tests/php/ORM/DataObjectDuplicationTest.php b/tests/php/ORM/DataObjectDuplicationTest.php index b3186d53f..09c88d821 100644 --- a/tests/php/ORM/DataObjectDuplicationTest.php +++ b/tests/php/ORM/DataObjectDuplicationTest.php @@ -102,7 +102,7 @@ class DataObjectDuplicationTest extends SapphireTest //create relations $one->twos()->add($two); - $one->threes()->add($three); + $one->threes()->add($three, array('TestExtra'=>'three')); $one = DataObject::get_by_id(DataObjectDuplicationTest\Class1::class, $one->ID); $two = DataObject::get_by_id(DataObjectDuplicationTest\Class2::class, $two->ID); @@ -161,6 +161,12 @@ class DataObjectDuplicationTest extends SapphireTest $threeCopy->ones()->First()->ID, "Match between relation of copy and the original" ); + + $this->assertEquals( + 'three', + $oneCopy->threes()->byID($three->ID)->TestExtra, + "Match between extra field of copy and the original" + ); } public function testDuplicateManyManyFiltered() diff --git a/tests/php/ORM/DataObjectDuplicationTest/Class1.php b/tests/php/ORM/DataObjectDuplicationTest/Class1.php index 57a6c8302..b3a5fd3ef 100644 --- a/tests/php/ORM/DataObjectDuplicationTest/Class1.php +++ b/tests/php/ORM/DataObjectDuplicationTest/Class1.php @@ -20,4 +20,10 @@ class Class1 extends DataObject implements TestOnly private static $many_many = array( 'threes' => Class3::class ); + + private static $many_many_extraFields = array( + 'threes' => array( + 'TestExtra' => 'Varchar' + ) + ); } From d17f424541a54874ddf181f73970b255c29ce033 Mon Sep 17 00:00:00 2001 From: UndefinedOffset Date: Wed, 18 Apr 2018 12:15:16 -0300 Subject: [PATCH 08/20] Changed checked for UnsavedRelationList to ManyManyList --- src/ORM/DataObject.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ORM/DataObject.php b/src/ORM/DataObject.php index c6099fd7d..881add45c 100644 --- a/src/ORM/DataObject.php +++ b/src/ORM/DataObject.php @@ -460,10 +460,10 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity $source = $sourceObject->getManyManyComponents($manyManyName); $dest = $destinationObject->getManyManyComponents($manyManyName); - if ($source instanceof UnsavedRelationList) { - $extraFieldNames = array(); - } else { + if ($source instanceof ManyManyList) { $extraFieldNames = $source->getExtraFields(); + } else { + $extraFieldNames = array(); } foreach ($source as $item) { From 1509a12fdf0fe8cbd300271fd5c60c3d76647d84 Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Thu, 19 Apr 2018 12:56:54 +1200 Subject: [PATCH 09/20] ENHANCEMENT Only run coverage test as a cron Fixes #8014 --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 8b8ed821e..27769de35 100644 --- a/.travis.yml +++ b/.travis.yml @@ -37,6 +37,7 @@ matrix: - DB=PGSQL - PHPUNIT_TEST=framework - php: 7.1 + if: type IN (cron) env: - DB=MYSQL - PDO=1 From 6b39b25e209d5f0d5c8e123a6bb2e6aec0d621bf Mon Sep 17 00:00:00 2001 From: azt3k Date: Fri, 27 Apr 2018 17:14:57 +1200 Subject: [PATCH 10/20] Fixes a count() php warning without an api change Warning: count(): Parameter must be an array or an object that implements Countable in /path/to/vendor/silverstripe/framework/src/Security/Member.php on line 1355 --- src/Security/Member.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/Security/Member.php b/src/Security/Member.php index 38be3f716..7712a692c 100644 --- a/src/Security/Member.php +++ b/src/Security/Member.php @@ -1347,6 +1347,12 @@ class Member extends DataObject */ public static function mapInCMSGroups($groups = null) { + + // non-countable $groups will issue a warning when using count() in PHP 7.2+ + if (!$groups) { + $groups = []; + } + // Check CMS module exists if (!class_exists(LeftAndMain::class)) { return ArrayList::create()->map(); From 766b2a4947ceff0217b6f70a848e720016bb59cc Mon Sep 17 00:00:00 2001 From: Matthew Walker Date: Fri, 27 Apr 2018 15:10:59 +1200 Subject: [PATCH 11/20] Address issue #8038 Within TinyMCE, adding a link to "page on the site" generates an error "Target page not found" under the Anchor field. --- forms/HtmlEditorField.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/forms/HtmlEditorField.php b/forms/HtmlEditorField.php index 19fd81c73..f86a2ac4c 100644 --- a/forms/HtmlEditorField.php +++ b/forms/HtmlEditorField.php @@ -570,7 +570,7 @@ class HtmlEditorField_Toolbar extends RequestHandler { $id = (int)$this->getRequest()->getVar('PageID'); $anchors = array(); - if (($page = Page::get()->byID($id)) && !empty($page)) { + if (($page = SiteTree::get()->byID($id)) && !empty($page)) { if (!$page->canView()) { throw new SS_HTTPResponse_Exception( _t( From 80bf0fc48774b2a25f95feb24ffcc9df8e5ad77c Mon Sep 17 00:00:00 2001 From: Daniel Hensby Date: Wed, 2 May 2018 11:43:12 +0100 Subject: [PATCH 12/20] FIX bad syntax --- tests/php/Core/Manifest/ConfigManifestTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/php/Core/Manifest/ConfigManifestTest.php b/tests/php/Core/Manifest/ConfigManifestTest.php index e39ff3d4c..d12e54883 100644 --- a/tests/php/Core/Manifest/ConfigManifestTest.php +++ b/tests/php/Core/Manifest/ConfigManifestTest.php @@ -19,7 +19,7 @@ class ConfigManifestTest extends SapphireTest $moduleManifest = new ModuleManifest(dirname(__FILE__) . '/fixtures/configmanifest'); $moduleManifest->init(); - ModuleLo ader::inst()->pushManifest($moduleManifest); + ModuleLoader::inst()->pushManifest($moduleManifest); } protected function tearDown() From 577138882163e4b8782ea043487944d30d88e753 Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Wed, 11 Apr 2018 13:23:09 +1200 Subject: [PATCH 13/20] [ss-2018-001] Restrict non-admins from being assigned to admin groups --- security/Member.php | 39 ++++++++++++++++++++++++----------- tests/security/MemberTest.php | 30 +++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 12 deletions(-) diff --git a/security/Member.php b/security/Member.php index 927ae14c0..cd1d22518 100644 --- a/security/Member.php +++ b/security/Member.php @@ -1042,15 +1042,24 @@ class Member extends DataObject implements TemplateGlobalProvider { * @return boolean True if the change can be accepted */ public function onChangeGroups($ids) { + // Ensure none of these match disallowed list + $disallowedGroupIDs = $this->disallowedGroups(); + return count(array_intersect($ids, $disallowedGroupIDs)) == 0; + } + + /** + * List of group IDs this user is disallowed from + * + * @return int[] List of group IDs + */ + protected function disallowedGroups() { // unless the current user is an admin already OR the logged in user is an admin - if(Permission::check('ADMIN') || Permission::checkMember($this, 'ADMIN')) { - return true; + if (Permission::check('ADMIN') || Permission::checkMember($this, 'ADMIN')) { + return array(); } - // If there are no admin groups in this set then it's ok - $adminGroups = Permission::get_groups_by_permission('ADMIN'); - $adminGroupIDs = ($adminGroups) ? $adminGroups->column('ID') : array(); - return count(array_intersect($ids, $adminGroupIDs)) == 0; + // Non-admins may not belong to admin groups + return Permission::get_groups_by_permission('ADMIN')->column('ID'); } @@ -1465,12 +1474,18 @@ class Member extends DataObject implements TemplateGlobalProvider { $fields->removeByName('LoggedPasswords'); if(Permission::check('EDIT_PERMISSIONS')) { - $groupsMap = array(); - foreach(Group::get() as $group) { - // Listboxfield values are escaped, use ASCII char instead of » - $groupsMap[$group->ID] = $group->getBreadcrumbs(' > '); - } - asort($groupsMap); + // Filter allowed groups + $groups = Group::get(); + $disallowedGroupIDs = $this->disallowedGroups(); + if ($disallowedGroupIDs) { + $groups = $groups->exclude('ID', $disallowedGroupIDs); + } + $groupsMap = array(); + foreach ($groups as $group) { + // Listboxfield values are escaped, use ASCII char instead of » + $groupsMap[$group->ID] = $group->getBreadcrumbs(' > '); + } + asort($groupsMap); $fields->addFieldToTab('Root.Main', ListboxField::create('DirectGroups', singleton('Group')->i18n_plural_name()) ->setMultiple(true) diff --git a/tests/security/MemberTest.php b/tests/security/MemberTest.php index 22753c4e1..46ac2c17e 100644 --- a/tests/security/MemberTest.php +++ b/tests/security/MemberTest.php @@ -665,6 +665,36 @@ class MemberTest extends FunctionalTest { ); } + /** + * Ensure DirectGroups listbox disallows admin-promotion + */ + public function testAllowedGroupsListbox() { + /** @var Group $adminGroup */ + $adminGroup = $this->objFromFixture('Group', 'admingroup'); + /** @var Member $staffMember */ + $staffMember = $this->objFromFixture('Member', 'staffmember'); + /** @var Member $adminMember */ + $adminMember = $this->objFromFixture('Member', 'admin'); + + // Ensure you can see the DirectGroups box + $this->logInWithPermission('EDIT_PERMISSIONS'); + + // Non-admin member field contains non-admin groups + /** @var ListboxField $staffListbox */ + $staffListbox = $staffMember->getCMSFields()->dataFieldByName('DirectGroups'); + $this->assertArrayNotHasKey($adminGroup->ID, $staffListbox->getSource()); + + // admin member field contains admin group + /** @var ListboxField $adminListbox */ + $adminListbox = $adminMember->getCMSFields()->dataFieldByName('DirectGroups'); + $this->assertArrayHasKey($adminGroup->ID, $adminListbox->getSource()); + + // If logged in as admin, staff listbox has admin group + $this->logInWithPermission('ADMIN'); + $staffListbox = $staffMember->getCMSFields()->dataFieldByName('DirectGroups'); + $this->assertArrayHasKey($adminGroup->ID, $staffListbox->getSource()); + } + /** * Test Member_GroupSet::add */ From 9d055dd94658012d3f3d94d4c3a4a2f28d37d744 Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Thu, 10 May 2018 09:38:08 +1200 Subject: [PATCH 14/20] Added 3.5.8-rc1 changelog --- docs/en/04_Changelogs/rc/3.5.8-rc1.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 docs/en/04_Changelogs/rc/3.5.8-rc1.md diff --git a/docs/en/04_Changelogs/rc/3.5.8-rc1.md b/docs/en/04_Changelogs/rc/3.5.8-rc1.md new file mode 100644 index 000000000..c19407a63 --- /dev/null +++ b/docs/en/04_Changelogs/rc/3.5.8-rc1.md @@ -0,0 +1,9 @@ +# 3.5.8-rc1 + + + +## Change Log + +### Security + + * 2018-04-11 [577138882]() Restrict non-admins from being assigned to admin groups (Damian Mooyman) - See [ss-2018-001](http://www.silverstripe.org/download/security-releases/ss-2018-001) From 89dcc93a4f155b81fa58b89a9bda34e810cf8eda Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Thu, 10 May 2018 11:59:58 +1200 Subject: [PATCH 15/20] Added 3.5.8 changelog --- docs/en/04_Changelogs/3.5.8.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 docs/en/04_Changelogs/3.5.8.md diff --git a/docs/en/04_Changelogs/3.5.8.md b/docs/en/04_Changelogs/3.5.8.md new file mode 100644 index 000000000..7edcdd87a --- /dev/null +++ b/docs/en/04_Changelogs/3.5.8.md @@ -0,0 +1,9 @@ +# 3.5.8 + + + +## Change Log + +### Security + + * 2018-04-11 [577138882]() Restrict non-admins from being assigned to admin groups (Damian Mooyman) - See [ss-2018-001](http://www.silverstripe.org/download/security-releases/ss-2018-001) From 19fdebfa245506626561bc9626d9ac325acb14da Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Tue, 8 May 2018 16:43:00 +1200 Subject: [PATCH 16/20] [SS-2018-014] Remove dotm, potm, jar, css, js, xltm from default File.allowed_extensions --- filesystem/File.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/filesystem/File.php b/filesystem/File.php index f451ad7df..0aeca85d5 100644 --- a/filesystem/File.php +++ b/filesystem/File.php @@ -126,11 +126,11 @@ class File extends DataObject { * Instructions for the change you need to make are included in a comment in the config file. */ private static $allowed_extensions = array( - '','ace','arc','arj','asf','au','avi','bmp','bz2','cab','cda','css','csv','dmg','doc','docx','dotx','dotm', - 'flv','gif','gpx','gz','hqx','ico','jar','jpeg','jpg','js','kml', 'm4a','m4v', + '','ace','arc','arj','asf','au','avi','bmp','bz2','cab','cda','csv','dmg','doc','docx','dotx', + 'flv','gif','gpx','gz','hqx','ico','jpeg','jpg','kml', 'm4a','m4v', 'mid','midi','mkv','mov','mp3','mp4','mpa','mpeg','mpg','ogg','ogv','pages','pcx','pdf','pkg', - 'png','pps','ppt','pptx','potx','potm','ra','ram','rm','rtf','sit','sitx', 'tar','tgz','tif','tiff', - 'txt','wav','webm','wma','wmv','xls','xlsx','xltx','xltm','zip','zipx', + 'png','pps','ppt','pptx','potx','ra','ram','rm','rtf','sit','sitx', 'tar','tgz','tif','tiff', + 'txt','wav','webm','wma','wmv','xls','xlsx','xltx','zip','zipx', ); /** From 097f16282d492b27973bc25b0bde6b2d20904343 Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Thu, 10 May 2018 15:57:07 +1200 Subject: [PATCH 17/20] Added 3.6.6-rc1 changelog --- docs/en/04_Changelogs/rc/3.6.6-rc1.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 docs/en/04_Changelogs/rc/3.6.6-rc1.md diff --git a/docs/en/04_Changelogs/rc/3.6.6-rc1.md b/docs/en/04_Changelogs/rc/3.6.6-rc1.md new file mode 100644 index 000000000..2d4bf0b66 --- /dev/null +++ b/docs/en/04_Changelogs/rc/3.6.6-rc1.md @@ -0,0 +1,16 @@ +# 3.6.6-rc1 + +This security release removes the following file extensions from the default whitelist of accepted types for +uploaded files: `dotm`, `potm`, `jar`, `css`, `js` and `xltm`. + +If you require the ability to upload these file types in your projects, you will need to add them back in again. +For more information, see ["Limit the allowed file types"](https://docs.silverstripe.org/en/3/developer_guides/forms/field_types/uploadfield/#limit-the-allowed-filetypes). + + + +## Change Log + +### Security + + * 2018-05-08 [19fdebfa2]() Remove dotm, potm, jar, css, js, xltm from default File.allowed_extensions (Robbie Averill) - See [ss-2018-014](http://www.silverstripe.org/download/security-releases/ss-2018-014) + * 2018-04-11 [577138882]() Restrict non-admins from being assigned to admin groups (Damian Mooyman) - See [ss-2018-001](http://www.silverstripe.org/download/security-releases/ss-2018-001) From 91327ab63e8c0361ce9e3af007b4a047314cd4c2 Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Mon, 14 May 2018 10:54:50 +1200 Subject: [PATCH 18/20] Added 3.6.6 changelog --- docs/en/04_Changelogs/3.6.6.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 docs/en/04_Changelogs/3.6.6.md diff --git a/docs/en/04_Changelogs/3.6.6.md b/docs/en/04_Changelogs/3.6.6.md new file mode 100644 index 000000000..d85ed86cc --- /dev/null +++ b/docs/en/04_Changelogs/3.6.6.md @@ -0,0 +1,17 @@ +# 3.6.6 + +This security release removes the following file extensions from the default whitelist of accepted types for +uploaded files: `dotm`, `potm`, `jar`, `css`, `js` and `xltm`. + +If you require the ability to upload these file types in your projects, you will need to add them back in again. +For more information, see ["Limit the allowed file types"](https://docs.silverstripe.org/en/3/developer_guides/forms/field_types/uploadfield/#limit-the-allowed-filetypes). + + + +## Change Log + +### Security + + * 2018-05-08 [19fdebfa2](https://github.com/silverstripe/silverstripe-framework/commit/19fdebfa2) Remove dotm, potm, jar, css, js, xltm from default File.allowed_extensions (Robbie Averill) - See [ss-2018-014](http://www.silverstripe.org/download/security-releases/ss-2018-014) + * 2018-04-11 [577138882](https://github.com/silverstripe/silverstripe-framework/commit/577138882) Restrict non-admins from being assigned to admin groups (Damian Mooyman) - See [ss-2018-001](http://www.silverstripe.org/download/security-releases/ss-2018-001) + From 912dc60cf369c559e090ee33433f84fd5f7a7b6c Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Thu, 10 May 2018 11:59:58 +1200 Subject: [PATCH 19/20] Added 3.5.8 changelog --- docs/en/04_Changelogs/3.5.8.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 docs/en/04_Changelogs/3.5.8.md diff --git a/docs/en/04_Changelogs/3.5.8.md b/docs/en/04_Changelogs/3.5.8.md new file mode 100644 index 000000000..39c54a5d5 --- /dev/null +++ b/docs/en/04_Changelogs/3.5.8.md @@ -0,0 +1,9 @@ +# 3.5.8 + + + +## Change Log + +### Security + + * 2018-04-11 [577138882](https://github.com/silverstripe/silverstripe-framework/commit/577138882) Restrict non-admins from being assigned to admin groups (Damian Mooyman) - See [ss-2018-001](http://www.silverstripe.org/download/security-releases/ss-2018-001) From 624a5326a765546ab1f0adc12b5b7c4529258ec5 Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Wed, 30 May 2018 14:51:09 +1200 Subject: [PATCH 20/20] Typo in PHPDoc type --- src/Forms/GridField/GridFieldFooter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Forms/GridField/GridFieldFooter.php b/src/Forms/GridField/GridFieldFooter.php index 1dcc8767a..a49180068 100644 --- a/src/Forms/GridField/GridFieldFooter.php +++ b/src/Forms/GridField/GridFieldFooter.php @@ -38,7 +38,7 @@ class GridFieldFooter implements GridField_HTMLProvider /** * * @param string $message A message to display in the footer - * @param boolt $showrecordcount + * @param bool $showrecordcount */ public function __construct($message = null, $showrecordcount = true) {