Maxime Rainville
98926e4e6c
[CVE-2019-19326] Stop honouring X-HTTP-Method-Override header, X-Original-Url header and _method POST variable. Add SS_HTTPRequest::setHttpMethod().
2020-07-14 13:25:55 +12:00
Aaron Carlino
a7d511e739
Merge branch '3.6' into 3.7
2018-11-07 11:36:17 +13:00
Loz Calver
598edd9134
[SS-2018-019] Add confirmation token to dev/build
2018-11-07 11:35:31 +13:00
Daniel Hensby
2b4954035f
NEW Add better HTTP cache-control manipulation ( #8086 )
2018-06-08 11:56:31 +12:00
Nicola Fontana
fe816076fc
BUG Make simplexml_load_file work on shared php-fpm
...
PHP #62577 [1] together with PHP #64938 [2] make simplexml_load_file()
fails when the "disable load external entities" flag is set.
As a workaround, manually enable the entity loader in the bootstrap
code. We are loading internal XML files after all, so no security
implications should arise.
[1] https://bugs.php.net/bug.php?id=62577
[2] https://bugs.php.net/bug.php?id=64938
Fix #6174 .
2016-10-31 06:21:04 +01:00
Patrick Nelson
9d9c572cf8
FIX for #5251 to address minor URL decoding/parsing bug.
2016-04-01 11:44:29 -07:00
Damian Mooyman
7ee444e08a
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
admin/code/LeftAndMain.php
control/injector/SilverStripeServiceConfigurationLocator.php
core/ClassInfo.php
filesystem/File.php
model/DataObject.php
model/DataQuery.php
search/filters/FulltextFilter.php
search/filters/SearchFilter.php
tests/core/ClassInfoTest.php
tests/filesystem/FileTest.php
tests/model/DataListTest.php
2015-07-31 11:38:18 +12:00
Damian Mooyman
71a14c3035
BUG Prevent url= querystring argument override
2015-06-12 15:39:16 +12:00
Damian Mooyman
0b1f297873
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
README.md
admin/code/LeftAndMain.php
admin/css/screen.css
admin/scss/screen.scss
api/RestfulService.php
conf/ConfigureFromEnv.php
control/injector/ServiceConfigurationLocator.php
control/injector/SilverStripeServiceConfigurationLocator.php
core/ClassInfo.php
core/Object.php
css/AssetUploadField.css
css/ComplexTableField_popup.css
dev/CSSContentParser.php
dev/DevelopmentAdmin.php
docs/en/changelogs/index.md
docs/en/misc/contributing/code.md
docs/en/reference/execution-pipeline.md
filesystem/GD.php
filesystem/ImagickBackend.php
filesystem/Upload.php
forms/Form.php
forms/FormField.php
forms/HtmlEditorConfig.php
forms/gridfield/GridFieldDetailForm.php
forms/gridfield/GridFieldSortableHeader.php
lang/en.yml
model/Aggregate.php
model/DataList.php
model/DataObject.php
model/DataQuery.php
model/Image.php
model/MySQLDatabase.php
model/SQLQuery.php
model/fieldtypes/HTMLText.php
model/fieldtypes/Text.php
scss/AssetUploadField.scss
search/filters/SearchFilter.php
security/Authenticator.php
security/LoginForm.php
security/Member.php
security/MemberAuthenticator.php
security/MemberLoginForm.php
security/Security.php
tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
tests/control/HTTPTest.php
tests/control/RequestHandlingTest.php
tests/filesystem/UploadTest.php
tests/forms/FormTest.php
tests/forms/NumericFieldTest.php
tests/model/DataListTest.php
tests/model/DataObjectTest.php
tests/model/TextTest.php
tests/security/MemberAuthenticatorTest.php
tests/security/SecurityDefaultAdminTest.php
tests/view/SSViewerCacheBlockTest.php
tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Damian Mooyman
eb069e605d
Remove all redundant whitespace
2014-08-19 09:17:15 +12:00
Loz Calver
b27cd73cb9
Add HTTP status code for $databaseConfig error ( fixes #3392 )
2014-08-18 09:16:57 +01:00
Simon Welsh
c14d58f585
Merge branch '3.1'
...
Conflicts:
.travis.yml
model/ManyManyList.php
model/fieldtypes/DBField.php
2014-07-16 21:24:02 +10:00
Damian Mooyman
d3c7e41419
BUG using isDev or isTest query string no longer triggers basic auth
2014-07-02 11:51:51 +12:00
Ingo Schommer
4af9143d3b
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
docs/en/misc/contributing/code.md
2014-02-07 16:43:22 +13:00
Hamish Friedlander
050115f431
FIX Dont pop up basic auth dialog when trying to flush and isDev=1, just redirect to Security/login like normal
2013-12-10 10:35:03 +13:00
colymba
f89f203392
Raised minimum PHP Veresion to 5.3.3
2013-10-23 11:10:42 +03:00
Hamish Friedlander
a2026add04
FIX flushing on non-dev when Session::cookie_secure is true
2013-08-21 09:50:07 +12:00
Hamish Friedlander
541436feb0
Merge branch 'origin/3.0' into 3.1
2013-07-24 12:09:44 +12:00
Hamish Friedlander
604d9bf7dc
Split Core.php into Constants.php and Core.php and adjust main.php startup
...
The recent flush filter fix had a problem that you couldnt set a custom
BASE_PATH in _ss_environment because that file didnt get included until
after checking the confirmation token. This patch pulls the part of Core.php
that defines BASE_PATH into a seperate file that can be included earlier
in the startup sequence so that ParameterConfirmationToken can access it.
Core.php includes Constants.php with a require_once call, so for startup
scripts that dont pull in Constants.php themselves (like cli-script.php)
no change is needed.
2013-07-22 13:52:00 +12:00
Hamish Friedlander
d38bd7d5cb
Merge branch 'origin/3.0' into 3.1
2013-07-19 14:18:49 +12:00
Hamish Friedlander
1298d4a5bd
FIX Prevent DOS by checking for env and admin on ?flush=1 ( #1692 )
2013-07-19 12:24:32 +12:00
Ingo Schommer
3334eafcb1
API Marked statics private, use Config API instead ( #8317 )
...
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Will Rossiter
e72114dad7
API: Remove static main and dev/buildcache
...
Files moved to a separate module (silverstripe-static).
2012-09-21 19:56:56 +12:00
Sam Minnee
1005571163
NEW: Added support for PHP 5.4's built-in webserver.
...
PHP 5.4 comes with a built-in webserver. This addition to main.php adds support for it. It is designed to be run like so:
php -S localhost:3000 framework/main.php
The router will pass access of any file back to the built-in webserver, and handle all other URLs.
2012-09-11 11:55:37 +12:00
Ingo Schommer
0fe515e182
API Deprecated Profiler class, removed related debug GET params
...
Use third party tools like XHProf instead.
Removed defunct or unnecessary debug GET parameters:
debug_profile, debug_memory, profile_trace, debug_javascript, debug_behaviour
2012-07-05 12:02:06 +02:00
Sean Harvey
8b607db0a2
BUGFIX Fixing bootstrap.php to work with FakeController properly for
...
running tests using phpunit.xml file.
2012-05-09 23:05:38 +12:00
Sean Harvey
f63d137d49
ENHANCEMENT Session::start() now only called when there is changed
...
session data to be saved, and started on Director::direct() when there
is a cookie (or request var) containing the current PHP session name.
2012-04-27 16:28:46 +12:00
Sean Harvey
c55e0b8b95
MINOR Fixing up PHP versions to be consistent with
...
33ae83640b
2012-04-20 15:08:01 +12:00
Simon Welsh
f07258f3cf
MINOR Update @package values to match renaming sapphire
2012-04-15 10:50:19 +12:00
Simon Welsh
3a6341a251
API-CHANGE sapphire folder can now be renamed.
2012-04-15 10:50:19 +12:00
Robert Curry
8b0dafb30d
ENHANCEMENT: Change PHP version requirements. Part of #7131 .
2012-04-13 13:12:48 +12:00
Sean Harvey
68aaae8cc0
MINOR Update docs and version checking for PHP 5.3+
2012-04-03 09:54:55 +12:00
Ingo Schommer
755663a00a
BUGFIX Set default mbstring encoding in Core.php instead of main.php and cli-script.php so phpunit binary test runs behave consistently (same as running through TestRunner+cli-script.php). Fixes URLSegmentFilterTest
2011-12-04 13:32:03 +01:00
Simon Welsh
75b16f6e1b
Don't try redirecting to install.php if there is no install.php to redirect to.
2011-10-29 10:31:58 +13:00
Ingo Schommer
823cae3f32
BUGFIX Setting mbstring defaults in cli-script.php (same as main.php), and default mb_regex_encoding() to UTF-8 as well (in both files)
2011-10-07 14:12:46 +02:00
Sam Minnee
7fbb919ce8
API CHANGE: Introduce DataModel object, as a representation of the project's entire data model, and tie it to $this->model an all DataObjects, Controllers, and RequestHandlers for easy non-static access.
...
API CHANGE: Add DataList::newObject(), which creates a new object on that DataList.
API CHANGE: RequestHandler::handleRequest() now needs to handle a $model argument, if you override it.
2011-05-01 17:33:02 +12:00
Ingo Schommer
9b29616710
API CHANGE Rearranged files in sapphire to reflect core dependencies more accurately, and have the tests/ folder mirror its folder structure
2011-03-31 09:56:21 +13:00
Sam Minnee
077a119cfb
MINOR Database quoting in TreeDropdownField ( fixes #5484 ) (from r103515)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112146 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 03:56:48 +00:00
Ingo Schommer
0a5321dd10
BUGFIX Installer now opens if mod_rewrite is disabled. Using index.php instead of rewriting the URL didn't quite work with the new BASE_URL, so we need to take this case into account as well (from r98895)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102811 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-14 03:47:37 +00:00
Ingo Schommer
bf01c286b0
BUGFIX Fixed big problem on Windows when redirecting to install.php - because of SCRIPT_NAME backslashes caused a bit of havoc and need special treatment (from r98869)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102808 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-14 03:46:40 +00:00
Ingo Schommer
40466ccb02
BUG FIX: The 5.1 replacement array_fill_keys function now made available to the cron jobs (from r97300)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102441 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 05:00:40 +00:00
Ingo Schommer
04857b811f
BUGFIX: Check for an empty list of keys before attempting to create an array with them (from r96997)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102416 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 03:30:19 +00:00
Ingo Schommer
c29cf7d302
BUGFIX: array_fill_keys function created for version prior to PHP 5.2 (from r96680)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102332 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 01:43:18 +00:00
Sean Harvey
ae083e3c9f
MINOR Update the main.php PHP version numbers at the top doc block (from r93449)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@93751 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-27 01:26:35 +00:00
Sam Minnee
cac8686b3b
MINOR: Use version_compare to test for correct PHP version.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@84142 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-11 03:50:40 +00:00
Ingo Schommer
d2dc9ececc
BUGFIX Disabled ?debug_profile=1 on live environment types
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@80057 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-06-25 09:53:51 +00:00
Sam Minnee
0fbe39262f
BUGFIX: Fix URL parsing for certain IIS configurations.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@76897 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-05-14 23:14:51 +00:00
Ingo Schommer
b12a00c391
MINOR phpdoc documentation
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73509 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-22 22:59:14 +00:00
Ingo Schommer
8960c03376
BUGFIX Removed header('Content-Type... from main.php bootstrapping - was defaulting to text/html - an invalid assumption at such an early stage (see #3685 )
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@72682 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-09 20:31:12 +00:00
Andrew O'Neil
60f75c5ca4
Merged changes from 2.3 branch
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71172 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-02-01 23:49:53 +00:00