302 Commits

Author SHA1 Message Date
Ingo Schommer
1661213e5b FIX Opt-out pf form message escaping (fixes #2796)
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.
2014-08-22 16:59:34 +12:00
Hamish Friedlander
f2c4a629a7 FIX: ConfirmedPasswordField used to expose existing hash 2014-04-17 11:57:57 +12:00
Ingo Schommer
920edf88e7 Test allowedExtensions in UploadField, return correct HTTP status 2013-07-12 13:16:34 +02:00
Ingo Schommer
933fbf8ea4 l10n key to make "yes" and "no" translatable (see #1749) 2013-04-12 01:11:24 +02:00
Ingo Schommer
0242686a7a Requirements acces to files with query strings (fixes #7735)
Originally authored by florian.thoma, tests added
by Ingo Schommer. Also removed query params from
file paths before calling mtime() on it.

See https://github.com/silverstripe/sapphire/pull/1023
2013-04-03 16:39:59 +02:00
Ingo Schommer
212c4f1e51 Fixed UploadField regression from 4da1af9c3 2013-01-11 09:30:21 +01:00
Sam Minnee
cc7318fde4 NEW: Added canAttachExisting config option for UploadField.
This is the companion setting to canUpload, letting you control whether existing files from the asset store can be referenced.  It's particularly useful when using UploadField on the front-end.
2013-01-11 09:29:02 +01:00
Ingo Schommer
2dfd42795e NEW Restrict upload abilities in UploadField
Conflicts:
	css/UploadField.css
	templates/UploadField.ss
2013-01-11 09:07:42 +01:00
Ingo Schommer
8f239d6373 SimpleXML string casting in tests for older PHPUnit 2012-12-17 15:52:01 +01:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Ingo Schommer
aa72425e84 Fixed PHPUnit assertions for incomplete tests in core
Avoid PHPUnit throwing "test didn't run any assertions"
notices in PHP. If nothing else, it keeps test output
looking less broken by default, making it more likely
that actual errors do get noticed.
2012-11-23 15:16:39 +01:00
Hamish Friedlander
0dd97a38f6 API: Form#loadDataFrom 2nd arg now sets how existing field data is merged with new data 2012-11-16 12:36:00 +13:00
Ingo Schommer
bcbf4636fc BUG Remove .ss-tabset class from CMS tabs to prevent rogue ajax load (#7980)
The existence of .ss-tabset triggers JS which applies $.tabs(),
and in turn interprets the first available link as the tab navigation.
jQuery UI subsequently tries to ajax-load this link, which is not
desired. Instead, $.tabs() should *only* be applied to a container
DOM element with .cms-tabset applied.
2012-11-01 00:25:13 +01:00
Ingo Schommer
2d04de0377 BUG FormField->removeExtraClass() works on indexed arrays
Was assuming an associative map, which isn't the case
in the current implementations.
2012-10-31 15:44:57 +01:00
Ingo Schommer
da4534bda8 Removed duplicate assertion comments in DropdownFieldTest 2012-10-30 22:46:33 +01:00
Ingo Schommer
666a20fde9 Fixed DropdownFieldTest assertions when tidy is not available
It was setting a NULL empty string when constructing the field,
which shouldn't call setEmptyField() in the first place.
This logical error somehow just surfaced when the HTML output
wasn't run through tidy.

See https://github.com/silverstripe/sapphire/pull/886
2012-10-30 22:46:33 +01:00
Damian Mooyman
f265595c1e NEW: GridFieldPageCount control for displaying the current page count/total in the gridview header. Designed to complement a functional pager in the grid footer.
NEW: GridFieldPageCount widget to default config settings
FIX: @extend .col_buttons in GridField.scss which was raising a warning
2012-10-03 14:54:37 +13:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Frank Mullenger
a602ba5941 BUGFIX: Old version of SimpleTest does not recognise input fields of
type 'email'.
2012-09-28 12:07:54 +12:00
Ingo Schommer
e44a3558dd Merge pull request #793 from halkyon/htmlvalue_parsing_fixes
BUG HtmlEditorField doesn't save HTML fragments in HTMLValue correctly
2012-09-20 02:09:36 -07:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Sean Harvey
26d70d6fca BUG HtmlEditorField doesn't save HTML fragments in HTMLValue correctly
The issue was raised in #7628, where an anchor tag was being changed from
<a name="anchor"></a> to <a name="anchor"/> by SS_HTMLValue, when
HtmlEditorField::saveInto() parses the HTML fragments.

This is because SS_HTMLValue uses DOMDocument::saveXML(), which is fine
for saving an XML document, but not suitable for HTML. This fix changes
that to use DOMDocument::saveHTML() instead.
Note that we can't use the parameter to saveHTML() for selecting a single
node only, as that's only supported in PHP 5.3.6+, SilverStripe 3.0 supports
PHP 5.3.2 as a minimum. The workaround for this shortcoming is to replace
unncessary output by DOMDocument with a regular expression.
2012-09-19 11:39:01 +12:00
Simon Welsh
4ead89a4d0 API Adds getManipulatedList() method to GridField to get the SS_List after applying Manipulators 2012-09-06 23:42:48 +12:00
Fred Condo
3e0782267c Allow scheme-relative URLs in requirements
The Requirements class currently treats only absolute URLs as URLs, and
tries to interpret anything else as a filesystem path. This prevents
using scheme-relative URLs for requirements.

Example:
<% require javascript(//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js) %>

This forces the unfortunate choice of not using a CDN for common
scripts, always using an https absolute URL, or accepting that some
browsers will throw a security warning when viewing the site in https.

This change allows scheme-relative URLs & updates RequirementsTest.
2012-08-22 16:49:55 -07:00
Ingo Schommer
1a91431d39 Query param searches for GridFieldAddExistingAutocompleter
Fixes issues with query construction in JS when the search URL
already contains GET paramters (e.g. when using the 'translatable'
module).
2012-07-17 13:26:33 +02:00
Ingo Schommer
bc1c7f766a Add sorting to GridFieldDetailFormTest fixtures
Broke SQLite3 tests in some cases due to random ordering of results.
2012-07-06 12:42:42 +02:00
Ingo Schommer
eff93bdd5b ENHANCEMENT Disable UploadField when handling unsaved relations (fixes #7187) 2012-06-15 17:44:34 +02:00
Sean Harvey
b04c199064 MINOR Fixing additional cases where DataList needs to be returned correctly when filtering 2012-06-15 16:09:40 +12:00
Will Rossiter
78c15ea882 BUGFIX: Fix correct input type for ImageFormAction replaces.
ImageFormAction is deprecated, using the new API results in a submit input rather than an image input being generated. Added hasAttribute helper to FormField as well as test coverage.
2012-06-13 09:57:54 +02:00
Sam Minnee
c41ff29d70 MINOR: Don't rely on singleton() inappropriately in FormScaffolderTest 2012-06-11 22:46:42 +12:00
Sean Harvey
5462cdaab2 MINOR Removing "." from the end of validation messages 2012-06-01 13:13:06 +12:00
Sean Harvey
c3eabffcb9 MINOR Use shorthand {class}::get() syntax instead of DataList::create()
in core code.
2012-05-28 21:13:42 +12:00
Sean Harvey
60c72c40d9 API CHANGE Use of the DropdownField $emptyString argument is now
properly deprecated (has been marked as deprecated since 2.3). Please
use setEmptyString() on the DropdownField instance instead.
2012-05-23 22:59:40 +12:00
Sean Harvey
f446547cd7 MINOR Using Config system instead of Director::addRules() in tests 2012-05-22 17:13:05 +12:00
Yuki Awano
c04b01fc2a BUGFIX Changed Date.php and DateTime.php to use DateTime->Format instead of strtotime to handle extended dates on 32bit environment(fixes #7311) 2012-05-18 16:09:38 +09:00
Normann Lou
5290b81c55 ENHANCEMENT: don't show the paginating elements in the paginator when only one page, and keep 'view 1 - 5 of 5' there 2012-05-18 11:31:33 +12:00
Ingo Schommer
0a6ec3d9c9 Merge pull request #443 from halkyon/sapphire
---
2012-05-14 15:33:48 +02:00
Ingo Schommer
45ae2465e8 Merge pull request #438 from ajshort/sapphire
---

These are some enhancements + tweaks I made as part of getting the advanced workflow module running in SS3:

* Added a readonly view button and action to GridField.
* Made LeftAndMain::getResponseNegotiator() public so CMS extensions can use it to generate responses.
* Fixed top tab background, made text more readable (http://i.imgur.com/yDmmY.png).
* Allow fields in the CMS to not be change tracked using ".no-change-track".
* Made all icons 16x16 (some were different sizes, being cut off), and allow them without .ui-state-default.
* Fixed ToggleCompositeField and tweaked field styling.
2012-05-14 14:25:16 +02:00
Sean Harvey
9da92e04cf API CHANGE Renamed setContainerFieldSet() to setContainerFieldList() to match the FieldList API.
API CHANGE Renamed rootFieldSet() to rootFieldList() to match the FieldList API.
2012-05-14 15:16:44 +12:00
Andrew Short
05cde92508 FEATURE: Implemented a view action for GridField, and a record viewing GridFieldConfig. 2012-05-12 18:49:56 +10:00
Ingo Schommer
368081f63c MINOR Supressing deprecation warnings in FieldListTest for new FieldList->rewriteTabPath() invocations 2012-05-12 09:58:37 +02:00
Ingo Schommer
ffbcf634bb Merge pull request #420 from chillu/sapphire
---

See http://open.silverstripe.org/ticket/7261
2012-05-11 13:42:47 +02:00
Ingo Schommer
8c9560d288 ENHANCEMENT FieldList->setTabPathRewrites() for better backwards compatibility (see #7261) 2012-05-09 17:18:16 +02:00
Sean Harvey
b1e17578c7 API CHANGE Removed assertType() and assertEmpty() workarounds. Use assertInstanceOf()
instead of assertType(), assertEmpty() is available in PHPUnit 3.5+.
PHPUnit 3.4 is no longer supported, so please upgrade your version to
work.

MINOR Removed FullTestSuite which was a workaround for PHPUnit but not
used.
2012-05-09 23:05:39 +12:00
Normann Lou
3b3b515571 API CHANGE Read-only fields no longer include companion hidden fields (see pull request #399)
BUGFIX Remove legacy code and template which is never picked-up so that TextareaField becomes 'readonly' when it is transfered to readonly field. Change TextareaFieldTest test cases to address a 'readonly' textarea field displaying the special html characters correctly.
2012-05-03 14:24:03 +02:00
Sean Harvey
521d436b45 MINOR Fixing broken test in pgsql 2012-05-03 11:22:54 +12:00
Ingo Schommer
72eadef113 ENHANCEMENT GridFieldDetailForm->setItemEditFormCallback() 2012-04-30 13:46:51 +02:00
Ingo Schommer
fed2785173 ENHANCEMENT Per-instance customisation of GridFieldDetailForm_ItemRequest 2012-04-30 12:31:17 +02:00
Sean Harvey
bb20587f01 ENHANCEMENT GridFieldExportButton allows an anon function to return the
value of a related object. Useful for handling has_many/many_many data
in a single CSV column.
2012-04-23 20:26:41 +12:00
Sean Harvey
007ed25c0b MINOR Fixing broken tests 2012-04-20 15:05:18 +12:00