d8cd085190
Merge branch '4.3' into 4
2019-01-24 17:14:09 +02:00
c28670ebed
#8724 - Session timeout regression
...
Only emit the session refresh cookie if the session timeout is set.
2019-01-18 10:07:53 +13:00
af08328e8e
Existing sessions need to set a new cookie on each request, if the
...
session exists, otherwise our expiry is never updated and sessions
can't roll on every request.
2019-01-17 17:37:35 +13:00
1e01deea39
NEW Make resources dir configurable ( #8519 )
...
* NEW Make resources dir configurable.
* Removing reference to old `resources` and updating doc #8519
* Rrtarget to 4.4 release.
* DOC Reference SS_RESOURCES_DIR in Environment doc.
* API Add a Resources method to SilverStripe\Core\Manifest\Module to read the resources-dir from composer.json
* Clean up reference to SS_RESOURCES_DIR env var
* Set default resources-dir
* Update test to use RESOURCES_DIR const in expected resource url method
* Correcting typos
Co-Authored-By: maxime-rainville <maxime@rainville.me>
* MINOR Correctubg minor typos
* DOCS Document the intricacies of exposing static assets.
2019-01-09 15:35:45 +13:00
7c96feef37
Merge branch '4.3' into 4
2019-01-08 12:27:48 +01:00
d01585cc98
#8543 Resolve Duplicate Headers
...
- fix linting
2018-12-19 12:39:32 +13:00
1edfa4d956
#8543 Resolve Duplicate Headers
...
- Replace session name lookup with function to also check secure cookies
- Added timeout which defaults to 0 (same as PHP)
- Removed php7 style of session_start from PR
- moved session_start into headers sent block to prevent warnings.
2018-12-19 12:39:32 +13:00
4eb6669c08
#8543 Resolve Duplicate Headers
...
Put cookie_lifetime back into the session parameters.
2018-12-19 12:39:32 +13:00
2deb8f4176
Resolve Duplicate Headers
...
Ensure only a single Set-Cookie header is returned from Session once
we have data to save. Include backwards compatibility for PHP56
2018-12-19 12:39:32 +13:00
7f6b80f87d
Correct session doc typo
2018-12-14 13:01:22 +13:00
87b74b9cc1
Correcting Max's eggrigious typos
...
Co-Authored-By: maxime-rainville <maxime@rainville.me>
2018-12-13 13:50:35 +13:00
6e214e2e8b
DOCS Updating Session doc to reflect that you need to operation on an instance.
2018-12-13 11:05:49 +13:00
b2dd22fb50
Merge pull request #8506 from creative-commoners/pulls/4.3/all-the-unit-tests
...
NEW Adding a stack more unit tests for logging and some form fields
2018-11-11 10:31:24 +13:00
76936d863d
Merge branch '4.3' into 4
2018-11-07 23:20:44 +13:00
8d7c2dafab
[SS-2018-019] Add confirmation token to dev/build
2018-11-07 11:33:24 +13:00
af000bea9b
[SS-2018-019] Add confirmation token to dev/build
2018-11-07 11:32:55 +13:00
0610f76da0
[SS-2018-019] Add confirmation token to dev/build
2018-11-07 11:31:33 +13:00
3dbb10625c
[SS-2018-019] Add confirmation token to dev/build
2018-11-07 11:24:51 +13:00
b02a6fa02d
FIX Replace usage of Convert JSON methods with json_encode
2018-10-28 21:15:29 +00:00
e211e27470
Add more unit tests for DebugViewFriendlyErrorFormatter, tidy up Director::is_ajax() return
2018-10-20 14:27:57 +02:00
ee24413c30
Merge branch '4.2' into 4
2018-10-03 15:28:05 +02:00
4d14e9b6b1
Merge pull request #8421 from creative-commoners/pulls/4.3/psr-5-deprecations
...
Update deprecation PHPDocs to be PSR-5 compliant
2018-09-28 14:18:54 +02:00
f842ee2eec
Update deprecation PHPDocs to be PSR-5 compliant
...
See: https://github.com/php-fig/fig-standards/blob/master/proposed/phpdoc-tags.md#55-deprecated
2018-09-28 10:49:14 +02:00
b98c87a6c5
FIX: Ensure existing session can be accessed if headers_sent()
...
If a session already exists, and Session::start() isn’t called until
after a large enough block of content is output, then headers_sent()
will be false. The previous code prevented the session from being
started in this case. That might makes sense for the creation of a new
session, but it prevent legitimate access to an existing session.
This mostly manifested when running debugging tools such as showqueries,
which may output content before the session is started.
2018-09-28 13:25:13 +12:00
d11911d4dd
Merge pull request #8394 from littlegiant/pulls/4.2/http-status-codes
...
BUG Prevent error on valid response status codes
2018-09-21 13:19:29 +02:00
1d5ecd342e
BUG Prevent error on valid response status codes
2018-09-21 14:54:26 +12:00
373a8afeb5
Merge branch '4.2' into 4
2018-09-06 13:26:46 +02:00
270aba4007
Merge branch '4.1' into 4.2
2018-09-06 13:26:31 +02:00
b6ff21f72a
Merge branch '4.0' into 4.1
2018-09-06 13:26:13 +02:00
b922c0d732
FIX Check scheme is truthy before setting it to the request
2018-09-03 08:59:37 +02:00
83e461abbf
Merge branch '4.2' into 4
2018-08-27 16:15:57 +12:00
37a266f2f0
Merge branch '4.1' into 4.2
2018-08-27 16:14:24 +12:00
4da5569232
FIX ensure createFromVariables takes correct params on CLIRequestBuilder
2018-08-27 16:12:52 +12:00
66c09afc9c
Merge branch '4.0' into 4.1
2018-08-27 16:12:04 +12:00
3178fbf3bb
Merge pull request #8028 from andrewandante/pulls/4.0/unset_http_scheme_on_cli
...
unset http scheme on CLIRequestBuilder
2018-08-27 16:11:42 +12:00
27ac001d5b
FIX email rendering should not include requirements
...
If no body is defined, the email is rendered according to a template. Clearing requirements prevent unnecessary styles/scripts to be included in the html (and that needs to be processed/stripped down the line).
2018-08-23 14:01:27 +12:00
735c87b709
Merge pull request #8327 from dhensby/pulls/4/application-json
...
FIX text/json is not a valid mimetype
2018-08-19 13:42:27 +12:00
160d595e22
fix trailing whitespace
2018-08-17 18:16:17 +02:00
16217f3655
fix accidentaly deleted comma
2018-08-17 15:13:13 +02:00
aa1e576a3f
convert to php 5.4+ array syntax
2018-08-17 15:03:46 +02:00
d9154bffbf
FIX text/json is not a valid mimetype
2018-08-15 12:10:39 +01:00
ae00147de1
Merge pull request #8280 from open-sausages/pulls/4/simpler-vary-header
...
FIX: Remove X-Requested-With from default Vary header
2018-07-24 01:45:07 +01:00
d12c2fe631
Properly deprecate HTTP.cache_control
2018-07-23 19:09:11 +01:00
d426ecbb89
Add $maxAge arg for caching API
...
See https://github.com/silverstripe/silverstripe-framework/issues/8272
2018-07-23 19:09:10 +01:00
bde3121a33
FIX: Remove X-Requested-With from default Vary header
...
3.x forward port of https://github.com/silverstripe/silverstripe-framework/pull/8242
2018-07-23 14:18:05 +01:00
74b655d3fc
Fix tests on unset session data
...
Thanks Robbie!
2018-07-23 14:09:42 +01:00
76ac8465de
BUG Lazy session state ( fixes #8267 )
...
Fixes regression from 3.x, where sessions where lazy started as required:
Either because an existing session identifier was sent through with the request,
or because new session data needed to be persisted as part of the request execution.
Without this lazy starting, *every* request will get a session,
which makes all those responses uncacheable by HTTP layers.
Note that 4.x also changed the $data vs. $changedData payloads:
In 3.x, they both contained key/value pairs.
In 4.x, $data contains key/value, while $changedData contains key/boolean to declare isChanged.
While this reduces duplication in the class, it also surfaced a bug which was latent in 3.x:
When an existing session is lazily resumed via start(), $data is set back to an empty array.
In 3.x, any changed data before this point was *also* retained in $changedData,
ensuring it gets merged into existing $_SESSION data.
In 4.x, this clears out data - hence the need for a more complex merge logic.
Since isset($this->data) is no longer an accurate indicator of a started session,
we introduce a separate $this->started flag.
Note that I've chosen not to make lazy an opt-in (e.g. via start($request, $lazy=false)).
We already have a distinction between lazy starting via init(), and force starting via start().
2018-07-23 14:09:42 +01:00
a3687147fe
State default should be state enabled (no-cache is an enabled state)
2018-07-23 14:07:10 +01:00
9f1471332d
Make augmentState method more efficient
2018-07-23 14:07:10 +01:00
cebed776ab
FIX If theres a max-age set remove no-cache and no-store
2018-07-23 14:07:09 +01:00
2b1c55bc4e
FIX Allow setNoCache(false) to remove no-cache directive
2018-07-23 14:07:09 +01:00
842b39e988
FIX Add must-revalidate to default state so its common on all our core states
2018-07-23 14:07:09 +01:00
997730aa7f
FIX Allow cache control changes to affect default state
2018-07-23 14:07:08 +01:00
c52be7fe09
Consolidate disabling cache logic
2018-07-23 14:05:12 +01:00
f7f567a12e
Make config private (notation isnt working)
2018-07-23 14:05:12 +01:00
b78a89a76c
FIX Default cache state should be `no-cache`
2018-07-23 14:05:12 +01:00
b686b86c34
Session now prevents cache headers being sent unintentionally
2018-06-14 15:59:51 +12:00
513e0891d3
Clarify function of registerModificationDate()
2018-06-14 14:13:28 +12:00
6b8f63c4d5
Refactor redirect cache busting into middleware
2018-06-14 14:11:31 +12:00
3ce8ab3adc
Improve handling of deprecated apis
2018-06-14 13:01:27 +12:00
163f1523e9
Add upgrade rule for HTTPCacheControl
2018-06-14 11:55:05 +12:00
9274692415
Fix core tests
2018-06-14 11:46:47 +12:00
59ba208df0
Fix HTTPTest
2018-06-14 11:46:28 +12:00
6b68495c0d
Rename ETagMiddleware to ChangeDetectionMiddleware
2018-06-14 11:16:52 +12:00
b7e54bad24
Adjust HTTPResponse::getVersion() to match PSR-7 Method signature
2018-06-14 11:04:07 +12:00
a88257efac
NEW Add version to HTTPRequest and create raw string representation
2018-06-13 15:29:04 +01:00
1b425570cf
Remove IE edge case handling
2018-06-13 15:29:04 +01:00
17ad985925
Cleanup ETag middleware
2018-06-13 15:29:03 +01:00
0b308c871d
DOCS Update doc errors
2018-06-13 15:29:03 +01:00
687d0a6af1
Refactor everything out of HTTP and into separate middlewares
2018-06-13 17:56:47 +12:00
6f32762268
Fix unit tests
2018-06-13 14:09:31 +12:00
aa1ba0ef90
Fix inverted condition
...
Remove unnecessary yml block
Deprecate HTTP::set_cache_age()
2018-06-13 13:56:47 +12:00
7c875918c7
FIX make sure we create ETags from the body, not the request
2018-06-13 11:33:46 +12:00
6bb69d1ae5
Throw caught exceptions in HTTPCacheControlMiddleware::process
2018-06-13 11:33:46 +12:00
37343cf0e2
Use veradic argument for HTTP::combineVary
2018-06-13 11:33:45 +12:00
bf90af4845
Linting fixes
2018-06-13 11:33:45 +12:00
442db3050c
Manual merge up of 3.x changes to HTTP class
2018-06-13 11:33:45 +12:00
76bf2ab21a
WIP of cache middlware
2018-06-13 11:33:45 +12:00
6c985c4e5f
Merge remote-tracking branch 'origin/4.1' into 4
2018-06-13 11:25:20 +12:00
c2123f772f
Merge remote-tracking branch 'origin/4.0' into 4.1
2018-06-13 11:24:12 +12:00
2a51f34c3e
BUG Prevent canonical URL causing a redirect on CLI unless explicitly enabled
...
Replaces #8157
2018-06-11 13:54:27 +12:00
bf07ba30f4
FIX: Make error messages available to extensions
2018-06-05 14:12:28 -07:00
c3e5ab2258
Merge pull request #65 from silverstripe-security/pulls/4.2/ss-2018-009
...
[SS-2018-009] Allow forced redirects to HTTPS for responses with basic authentication
2018-05-28 18:57:38 +12:00
ea16e28aa7
Merge branch '4.1' into 4
2018-05-28 18:33:56 +12:00
722202fef4
Merge remote-tracking branch 'origin/4.0.4' into 4.1.1
...
# Conflicts:
# src/Control/Director.php
2018-05-24 15:41:11 +12:00
5bff64b47b
BUG Fix Director::test() not persisting removed session keys on teardown
2018-05-24 13:10:03 +12:00
9053014a7e
[ss-2018-008] Validate against malformed urls
2018-05-14 17:06:47 +12:00
64964f7402
unset http scheme on CLIRequestBuilder
2018-05-02 11:43:51 +01:00
30e2d9c4df
[SS-2018-009] Allow forced redirects to HTTPS for responses with basic authentication
2018-04-24 14:44:29 +12:00
26402f3bb5
ENHANCEMENT Enable request handlers to be extended
2018-03-21 15:50:31 +13:00
0fe56732af
RequestHandler updateLink() extension point
2018-03-20 15:08:29 +13:00
6b38031a1e
BUG Fix Director::test() not persisting removed session keys on teardown
2018-02-13 11:35:16 +13:00
2225cf4c95
BUG Fix Director::test() not persisting removed session keys on teardown
2018-02-07 11:03:32 +13:00
e359948eb3
Merge remote-tracking branch 'origin/4.0' into 4
...
# Conflicts:
# src/Core/CoreKernel.php
2018-02-05 17:52:38 +13:00
740c3326e9
BUG Fix critical issue with incorrectly saved session data
2018-02-02 15:08:52 +13:00
bca47029c4
Merge remote-tracking branch 'origin/4.0' into 4
...
# Conflicts:
# src/Control/SimpleResourceURLGenerator.php
# tests/php/Control/SimpleResourceURLGeneratorTest.php
2018-01-25 12:53:15 +13:00
e1a4b89912
Code lint fix
...
change `else if` to `elseif`
2018-01-24 09:04:22 +13:00
9c3feb4ab4
FIX: Allow absolute URLs be use as resources
...
At current certain interfaces exist that assume only local assets will be loaded (e.g. `SilverStripe\Forms\HTMLEditor\TinyMCEConfig::getConfig()`), where as someone may wish to load an off site resource via the use of an absolute URL (e.g. for fontawesome css provided via a CDN). Because asset path parsing is filtered through a `SilverStripe\Core\Manifest\ResourceURLGenerator`, one must either know in advance if they want an internal or external resource (loading different generators), or the API must allow for this (i.e. an inclusion function for each type of asset). So we can either double the API on the implementing class, or simply make an exception for an absolute URL as high as possible; inside the filter - for which the `vendor/module : path/to/file.asset` shorthand syntax was specifically designed not to conflict with.
2018-01-23 17:31:43 +13:00
04050b2753
API Director::host() now formally includes port in host
...
API Add Director::hostName() and Director::port()
Fixes #7685
2018-01-23 12:19:09 +13:00
a3c52f901a
Merge remote-tracking branch 'origin/4.0' into 4
...
# Conflicts:
# src/Core/TempFolder.php
# src/ORM/DataObject.php
# src/View/ThemeResourceLoader.php
# src/includes/constants.php
# tests/php/Control/SimpleResourceURLGeneratorTest.php
# tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php
# tests/php/View/RequirementsTest.php
2018-01-22 14:57:05 +13:00
db610aaf3b
Fixing string concat CS issues
2018-01-16 18:39:30 +00:00
cc90cb0125
FIX HTTPResponse::removeHeader incorrectly converts header name to lowercase
2018-01-16 23:20:52 +13:00
e4b936c7c7
Merge branch '4.0' into 4
2018-01-12 14:40:33 +00:00
8d077203d4
API Implement support for public/ webroot folder ( #7741 )
...
* API Implement support for public/ webroot folder
* Bugfixes and refactor based on feedback
2018-01-12 16:25:02 +13:00
f885101a1b
BUG Fix basic auth in PHP-CGI
...
Fixes #7717
2017-12-21 14:58:19 +13:00
c4ff8443bb
API Shift basic auth checking into middleware
...
Fixes #7554
2017-12-20 11:39:04 +13:00
c5bd9bb424
BUG Fix incorrect BASE_DIR inferred in CLI
...
BUG Fix Director::mockRequest() mocking incorrect $url
Fixes #7689
2017-12-15 17:20:48 +13:00
6d5cbe0a0e
Merge branch '4.0' into 4
2017-11-25 17:19:31 +00:00
07a0f75426
Merge branch '3.6' into 4.0
2017-11-25 16:56:50 +00:00
eae3d0cfaa
Merge remote-tracking branch 'origin/4.0' into 4
2017-11-16 10:16:44 +13:00
c9921447b3
Merge pull request #7539 from colintucker/fix-broken-paginated-list
...
Fixed array/object mismatch bug in PaginatedList
2017-11-15 15:17:15 +13:00
cf321895ba
Merge branch '4.0' into 4
2017-11-14 13:24:15 +00:00
6139de8680
FIX Make sure plain parts are rendered when re-rendering emails
2017-11-08 15:32:51 +00:00
f952ef747b
Fixed array/object mismatch bug in PaginatedList
2017-11-06 11:23:41 +00:00
420041f2b6
Merge remote-tracking branch 'origin/4.0' into 4
2017-11-03 17:04:44 +13:00
6a73466b41
BUG Fix basicauth
2017-11-03 12:08:38 +13:00
0b3ed7ff15
Merge 4.0 -> 4
2017-11-02 16:52:05 +13:00
9d3277f3d3
BUG Fix forceWWW and forceSSL not working in _config.php
...
API Introduce CanonicalURLMiddleware
BUG Fix Director::makeRelative() failing on multi-domain sites
2017-10-30 14:42:36 +13:00
4bec62ba51
Merge branch '4.0' into 4
2017-10-20 18:45:16 +13:00
b9cb1e69e6
BUG Replace phpdotenv with thread-safe replacement
2017-10-20 18:43:11 +13:00
d0ca9bd17a
Merge pull request #7490 from open-sausages/pulls/4.0/my-email-children-deserve-the-best
...
BUG Fix enable email subclasses to use their respective templates
2017-10-19 16:30:37 +13:00
dabdc905ce
BUG Fix enable email subclasses to use their respective templates
2017-10-19 14:44:04 +13:00
bcc2cc6a0b
Adding 308 HTTP Response as an redirect code
...
https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
Often times, 308 are preferred over 301 redirects, as they tell the requester to, for example, re-POST a form submission on the final URL.
2017-10-18 12:27:00 -07:00
cafa3fc29a
BUG switch to `trigger_error()` when a resource is not found ( #7468 )
...
* BUG switch to `trigger_error()` when a resource is not found rather than throw an exception
* Add unit test for module url failing
2017-10-16 16:11:42 +13:00
3e6984d5a8
Shift REQUEST_URI mangling into HTTPRequestBuilder::createFromVariables()
2017-10-09 17:35:33 +13:00
199d607a2c
Tiny revert
2017-10-09 17:21:43 +13:00
1e913bb938
Remove rewrite-less routing through index.php
...
It's currently broken (doesn't rewrite subsequent links),
and is of questionable use. It was introduced during a time
when PHP didn't have a built-in webserver (I think).
Virtually ever webserver will have rewriting capabilities these days (even IIS!),
and if you struggle with the setup as a new user, you can just fall back to PHP's built-in webserver.
This doesn't affect installation capabilities, since these are triggered via install.php.
2017-10-09 17:21:43 +13:00
1e051386c6
Simplified request building
2017-10-09 17:21:43 +13:00
bd11bc16c7
Avoid double slash in Director mock URLs
...
They get faulty results when run through parse_url($url, PHP_URL_PATH)
which we started using in HTTPRequestBuilder
2017-10-09 17:21:43 +13:00
4a94dfe55b
Remove "url" query param reliance, use index.php
...
See https://github.com/silverstripe/silverstripe-framework/issues/7430
2017-10-09 17:21:43 +13:00
fa57deeba4
ENHANCEMENT Allow vendor modules with url rewriting
...
API Introduce ModuleResource feature
2017-09-29 10:28:38 +13:00
f574f6d1b2
Reset test state for modified config options
2017-09-28 17:24:32 +13:00
90d0361a6c
Enhancement update set_themes to not update config
2017-09-28 16:47:13 +13:00
7e92b053f4
Enhancement Add setter and getter for certain classes, so that LeftAndMain no longer updates config during init
2017-09-28 16:47:13 +13:00
da27948777
Merge pull request #7373 from dhensby/pulls/4/rate-limit-security
...
NEW RateLimiter for Security controller
2017-09-28 11:01:37 +13:00
e4fd9b4ff7
Code style fixes
2017-09-28 09:54:29 +13:00
5f739c111e
added ratelimiter tests
2017-09-27 16:42:04 +01:00
51ac297c59
Fixes to ratelimiter and new features
2017-09-27 14:44:38 +01:00
261302a121
ENHANCEMENT Don't force all class names to lowercase
...
Speeds up autoloading because composer psr-4 works properly now
2017-09-20 15:14:55 +12:00
04b1bb816e
NEW RateLimiter for Security controller
2017-09-14 14:23:36 +01:00
9198313658
FIX HTTP Headers are case insensitive
2017-09-13 16:02:12 +01:00
64af679c35
DOCS Corrected env type docs ( fixes #7290 )
2017-08-30 08:35:41 +12:00
9b4d689bb2
Lazy-load custom methods and extensions on CustomMethods and Extensible traits
...
No longer need constructExtensions()
2017-08-22 15:47:24 +12:00
249c7048d9
Fix trim accept header parts
2017-08-21 15:31:13 +12:00
392cda15f6
NEW Add updateRules extension point to Director::handleRequest
2017-07-23 22:10:46 +12:00
ea4181166f
FIX Ensure phpdbg calls are registered by SilverStripe core as a CLI call
2017-07-17 16:56:01 +12:00
823e49526f
NEW Allow SSViewer and SSViewer_FromString to be injectable
2017-07-13 20:48:58 +12:00
ed26b251c8
ENHANCEMENT: Better output type detection for debugging
2017-07-04 17:33:49 +12:00
f65e3627dc
BUG Implement or exclude all pending upgrader deltas
2017-07-03 12:21:47 +12:00
061393a098
Fix enable ?flush rather than just ?flush=1
2017-06-29 16:13:38 +12:00
Robbie Averill
Simon Gow
Maxime Rainville
Maxime Rainville
Guy Marriott
Aaron Carlino
Loz Calver
Robbie Averill
Sam Minnee
Damian Mooyman
Scott Hutchinson
Thomas Portelange
maks
Daniel Hensby
Daniel Hensby
Ingo Schommer
Daniel Hensby
Damian Mooyman
Jonathon Menz
Andrew Aitken-Fincham
Dylan Wagstaff
Colin Tucker
Christopher Joe
Nathan J. Brauer
Chris Joe
Christopher Joe