tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
2,873 Commits 31 Branches 527 Tags 162 MiB
2.3
Commit Graph

1217 Commits

Author SHA1 Message Date
Ingo Schommer
15e9e059e5 BUGFIX Casting return values on text helper methods in StringField, Text, Varchar 2012-01-31 16:32:25 +01:00
Sam Minnee
acf9e01f61 BUGFIX: Don't break CMS tree if HTML gets into MenuTitle 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@77826 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2012-01-31 16:10:27 +01:00
Ingo Schommer
475e0772a2 SECURITY Sanitize messages passed to generated JS calls in FormResponse::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages 2012-01-31 15:16:28 +01:00
Ingo Schommer
bdd63913bc BUGFIX Respecting SSViewer::$options["rewriteHashlinks"] in SSViewer::process() 2011-10-18 11:27:32 +02:00
Ingo Schommer
fbe8b7bec3 MINO Switching 'rewriteHashlinks' sanitization from Convert::raw2att() to strip_tags() to make the resulting PHP more portable when mode is set to 'php' 2011-10-18 11:27:32 +02:00
Ingo Schommer
8113e9ce84 ENHANCEMENT Added SSViewer::getOption() as a logical counterpart to SSViewer::setOption() 2011-10-18 11:27:32 +02:00
Ingo Schommer
52a895fbb2 BUGFIX Escaping base URLs for anchor links rewritten by SSViewer::process() with the 'rewriteHashlinks' option enabled (which is a framework default, and necessary because of the use of a <base> tag). Also added escaping for base URLs rendered through the 'php' variation of 'rewriteHashlinks' 2011-10-18 11:27:28 +02:00
Ingo Schommer
6d6c294ae3 BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping 2011-09-15 14:40:21 +02:00
Ingo Schommer
ca7878453f SECURITY Backporting MySQLDatabase->addslashes() to use mysql_real_escape_string() instead of the non-multibyte-safe addslashes() PHP function, and using it in Convert::raw2sql() 2011-09-15 14:39:52 +02:00
Sean Harvey
a96e5a7dd5 BUGFIX #6291 Remove rollback action from CMSMain allowed_actions and rely on form action_rollback instead which is safer (from r115440) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@115919 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:38 +13:00
Ingo Schommer
e1742760c0 BUGFIX Checking for existence of FormAction in Form->httpSubmission() to avoid bypassing $allowed_actions definitions in controllers containing this form 
BUGFIX Checking for $allowed_actions in Form class, through Form->httpSubmission() (from r115182)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@115191 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:38 +13:00
Ingo Schommer
bed7d8cee6 BUGFIX Escaping $locale values in Translatable->augmentSQL() in addition to the i18n::validate_locale() input validation (from r114515) (from r114516) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114517 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:38 +13:00
Ingo Schommer
09d25b0d70 BUGFIX: Fixed Controller::join_links() handling of fragment identifiers (merged from r104580) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113319 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:37 +13:00
Ingo Schommer
452a8f8839 MINOR Using SecurityToken in ViewableData->getSecurityID() (from r113274) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113312 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:37 +13:00
Ingo Schommer
75bd92de3c BUGFIX Clear static marking caches on Hierarchy->flushCache() (from r113277) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113302 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:37 +13:00
Ingo Schommer
a5dfb6257d ENHACENEMENT: Change behaviour of the MenufestBuilder to use spl_autoload_register instead of traditional __autoload. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@111831 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:36 +13:00
Sean Harvey
8e5239ff57 MINOR Fixed missing closing <div> in ContentController->successfullyinstalled() (from r101254) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@101258 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:35 +13:00
Ingo Schommer
b83797de10 BUGFIX Don't delete index.php after successful installation - in ContentController->deleteinstallfiles(). URL routing might rely on it without mod_rewrite. 
BUGFIX Require ADMIN permissions for ContentController->deleteinstallfiles() - together with retaining index.php this removed a vulnerability where unauthenticated users can disrupt mod_rewrite-less URL routing. (from r101227)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@101229 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:35 +13:00
Ingo Schommer
8698e94ae0 MINOR Added test case for Hierarchy::getDescendantIDList() which also tests Hierarchy::loadDescendantIDListInto() (merged from r98369) 
MINOR Testing of grand-children items in HierarchyTest::testLoadDescendantIDListIntoArray() and HierarchyTest::testNumChildren() (merged from r98376)
BUGFIX #5044 Hierarchy::loadDescendantIDListInto() now uses Object::getExtensionInstance('Hierarchy') instead of going through call(), as PHP 5.3 has issues converting references to values
BUGFIX Fixed Hierarchy->loadDescendantIdList() to call setOwner() on the extension instance. This was necessary due to underlying Object/Extension changes in 2.4. (merged from r98403)
MINOR Fixed HierarchyTest assertions around including grand children counts (merged from r98403)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@98405 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:35 +13:00
Ingo Schommer
b3931cc707 API CHANGE HTTP::setGetVar() always returns absolute URLs. Use Director::makeRelative() to make them relative again. (merged from r98373) 
API CHANGE HTTP::setGetVar() combines any GET parameters in PHP array notation (e.g. "foo[bar]=val") instead of replacing the whole array (merged from r98373)
BUGFIX HTTP::setGetVar() uses parse_url() and http_build_query() to add query parameters to an existing URL, instead of doing its own regex-based parsing. This means existing GET parameters are correctly url encoded. (merged from r98373)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@98375 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:35 +13:00
Andrew O'Neil
8906391495 BUGFIX: Don't force SSL when running from CLI 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@98273 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:35 +13:00
Ingo Schommer
0c684b8061 BUGFIX Limiting ?debug_memory parameter to development environments through using Debug::message() instead of a straight echo() (merged from r74067) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@98229 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:34 +13:00
Will Rossiter
cd64c943f7 MINOR: fixed notice level error when ImageSource isnt set 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@97004 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:34 +13:00
Sean Harvey
24cead4d33 MINOR Merged in Versioned::get_all_versions() fix from r76223 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@92161 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:34 +13:00
Sam Minnee
a2fc20de22 API CHANGE: Replaced BasicAuth::enable() with BasicAuth::protect_entire_site() 
API CHANGE: BasicAuth::requireLogin() no longer has an option to automatically log you in.  You can call logIn() on the object returned, instead. (from r91603)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@91610 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:33 +13:00
Sam Minnee
15f1905889 BUGFIX: Added rewriteHashlinks = 'php' option to SSViewer so that static publisher can handle internal hashlinks properly. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@89611 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:33 +13:00
Andrew O'Neil
ad7c4eca89 reverted 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@88282 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:33 +13:00
Andrew O'Neil
e21297ecc0 BUGFIX: Ensure ASSETS_PATH is respected 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@88281 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:33 +13:00
Sam Minnee
98dda12a9d API CHANGE: Added increase_time_limit_to(), which respects safe_mode. 
API CHANGE: Added no-arg option to increase_memory_limit_to() (from r80241)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@88176 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:33 +13:00
Sam Minnee
cb21b2947d BUGFIX #4579: Translatable's call to new LanguageDropdownField() broked (from r87456) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@87458 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:33 +13:00
Jeremy Warne
11283a8f51 BUGFIX: findByTagAndAttribute is unintentionally expanding any php found in the href/src components its regex extracts. Changed double quotes to single quotes to fix this. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@85632 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:32 +13:00
Sam Minnee
427cce498d API CHANGE: Make Object::uninherited_static() have a separate execution path to Object::get_static(), for more reliable operation. The intention is that for any given static, you either use Object::get_static() or you use Object::uninherited_static() - not both. (from r84151, r84155, r84156) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@84157 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:32 +13:00
Sam Minnee
047d17d512 MINOR: Reverted r83936 because it was inappropriate - only page-relative hashlinks should be rewritten 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@84060 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:32 +13:00
Tom Rix
cd73e27fe1 MINOR fix rewrite of anchors 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@83936 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:32 +13:00
Sean Harvey
d838529953 BUGFIX Object subclasses with a constructor that didn't already will now call parent to respect inheritance 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@83587 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:31 +13:00
Sean Harvey
008acc99a0 MINOR If the instance class property can't be found in DataObject::defineMethods(), throw an error because parent::__construct() hasn't been called which will break DataObjectDecorator 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@83580 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:31 +13:00
Sean Harvey
99038acbf1 MINOR Fixed PHP notice in DataObjectSet::groupBy() by defining $result before returning it 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@83450 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:31 +13:00
Will Rossiter
5329e9bfc5 MINOR: merged patch from #4421. Fixed syntax error with Requirements::combine_files() and css files 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@83048 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:31 +13:00
Will Rossiter
34681d114f MINOR: merged patch for #4416. Refactored the method exists switch for extraStatics 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@83038 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:31 +13:00
Ingo Schommer
f18136c130 MINOR Removed debug code 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@82202 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:31 +13:00
Sean Harvey
5ffd79cb79 BUGFIX Fixed double up of <span> highlight tags around keywords in Text::ContextSummary() 
MINOR Added test for Text::ContextSummary()



git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@82035 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:31 +13:00
Will Rossiter
6b35a34f91 e: 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@81993 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:31 +13:00
Will Rossiter
5fd91c426d MINOR: merged r81467 from trunk 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@81971 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:31 +13:00
Will Rossiter
261c976435 ENHANCEMENT: Updated Versioned::compareVersions() to use DataDifferencer. Merged from trunk r77660 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@81933 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:31 +13:00
Ingo Schommer
004ff37700 MINOR PHP notice in MySQLDatabase (partial merge from r77160) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@81897 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:31 +13:00
Sean Harvey
092108115d BUGFIX Convert::recursiveXMLToArray() did not always check if the passed in XML is an object before calling get_class() on it 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@81894 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:30 +13:00
Sean Harvey
b2374aabe6 BUGFIX Merged in PHP 5.3 bugfixes from trunk 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@81883 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:30 +13:00
Sam Minnee
6394679b29 BUGFIX #4285: Fixed static application bug that appeared in 2.3.2 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@81698 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:30 +13:00
Sam Minnee
1d31b59b24 ENHANCEMENT: Improvements to DataDifferencer for cmsworkflow. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@81475 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:30 +13:00
Sam Minnee
762351263e BUGFIX: Relax type checking in RequestHandler::checkAccessAction() 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@81262 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:27:30 +13:00