Commit Graph

330 Commits

Author SHA1 Message Date
Steve Boyd
9463aaf571 Merge branch '4.8' into 4 2021-06-08 11:49:01 +12:00
Steve Boyd
7f97734a20 [CVE-2020-25817] Prevent loading of xml entities 2021-06-02 16:24:17 +12:00
Ingo Schommer
8c0efd3980 Extension hooks for CsvBulkLoader
Required for versioned-snapshots integration
2021-05-21 11:17:46 +12:00
Ingo Schommer
5e2ca7f0a3 FIX Tidy extension and cli fix for tests
Wrap doesn't actually wrap in the tidy extension.
This causes tests to be flakey, for example some of `FormTest` fails
if you happen to have `ext-tidy` installed (which is the default on most systems).
This happened to me on PHP 7.4.19 with tidy 5.6.0 (OSX Homebrew).
Note that the tests aren't failing in Travis right now.

You'd expect `wrap => 0` to be honoured. It's documented as an integer
in the tidy docs: https://api.html-tidy.org/tidy/quickref_5.6.0.html#wrap.

Even tracked this down to the PHP source which appears to be doing the right thing:
https://github.com/php/php-src/blob/master/ext/tidy/tidy.c#L300

There's a bug from 2018 against PHP 7.2.8 which was closed as "not a bug" without comment:
https://bugs.php.net/bug.php?id=76683

You can see the behaviour in action in the following test.

```
<?php
$html = '<p>a really long string which should not be wrapped</p>';

echo "## With tidy extension" . PHP_EOL;
$tidy = new tidy();
$tidy->parseString(
    $html,
    [
        'output-xhtml' => true,
        'numeric-entities' => true,
        'wrap' => 0,
    ],
    'utf8'
);
$tidy->cleanRepair();
echo $tidy . PHP_EOL;

echo "## With tidy cli" . PHP_EOL;
$cmd = sprintf("echo " . escapeshellarg($html) . " | tidy --force-output 1 -n -q -utf8 -asxhtml -w 0 2> /dev/null");
echo shell_exec($cmd);
```

Long story short, setting it to 99999 fixes the issue.
2021-05-20 20:09:42 +12:00
Maxime Rainville
0da15f0f27 Merge branch '4.7' into 4 2021-01-19 15:33:56 +13:00
William Desportes
c932d7e7fb
Fix the phpdoc blocks 2020-12-21 22:23:23 +01:00
Ingo Schommer
b271d9dd89 FIX Don't swallow app init errors in test setup 2020-11-12 13:51:22 +13:00
Aaron Carlino
544b137328 Merge branch '4.6' into 4 2020-10-05 14:03:05 +13:00
Aaron Carlino
8053bc7a72 Merge branch '4.5' into 4.6 2020-10-05 13:49:06 +13:00
Aaron Carlino
2042d1c6b0
MINOR: Allow DevelopmentAdmin to have subclasses (#9702) 2020-09-26 21:21:16 +12:00
Robbie Averill
27bd5d12e3 ENH Replace E_USER_ERROR errors with exceptions 2020-09-24 23:51:21 -07:00
Dan Hensby
ae0ece2b02
Merge pull request #9665 from creative-commoners/pulls/4/php8-fqcn-token 2020-09-18 20:44:22 +01:00
Maxime Rainville
acce4c4ce7 BUG Remove old boostrap 3 CSS class 2020-09-16 11:03:27 +12:00
Sam Minnee
b3dd27953b NEW: Allow league/csv ^9
Hopefully this has better PHP 8 support.
2020-09-15 17:40:42 +12:00
Sam Minnee
2143660c3f FIX: Add class_exists() guards to SapphireTest
This test helper has a number of hooks to other parts of the
and required many class_exists() guards to operate without them

This has come out of PoC development work as part of:
https://github.com/silverstripe/silverstripe-framework/issues/9679

But can stand-alone as a mergeable PR.
2020-09-14 13:49:21 +12:00
Jackson Darlow
699913406b
NEW Added a dev view to output the current config from dev/config (#9542)
* #3236 Added dev/config view

* Refactored use of echo to

* Added config/audit for matching missing property definitions in the current config

* Minor enhancements to dev/config implementation
2020-08-28 07:19:03 +12:00
Mojmir Fendek
7c84171d5b
NEW: Improved task runner UI. (#9540)
Co-authored-by: Sacha Judd <sjudd@silverstripe.com>
2020-08-26 11:11:13 +12:00
Steve Boyd
65c3295917 Merge branch '4.6' into 4 2020-08-05 10:52:49 +12:00
Steve Boyd
b59f75dd50 FIX Handle DatabaseAdapterRegistry cache exception
Co-authored-by: Loz Calver <lozcalver@bigfork.co.uk>
2020-08-03 10:57:27 +12:00
Garion Herman
d408a4e714 Merge branch '4.6' into 4 2020-07-13 12:28:14 +12:00
Garion Herman
2b9ef6be16 Merge tag '4.6.0' into 4.6
Release 4.6.0
2020-07-13 12:26:06 +12:00
Ingo Schommer
8d6a248431 Merge remote-tracking branch 'origin/4.6' into 4 2020-07-11 09:07:39 +12:00
Maxime Rainville
cce2b16309 [CVE-2020-6164] Remove/deprecate unused controllers that can potentially give away some information about the underlying project. 2020-07-10 17:57:06 +12:00
Maxime Rainville
996c1b5719 [CVE-2020-6164] Remove/deprecate unused controllers that can potentially give away some information about the underlying project. 2020-07-10 15:03:18 +12:00
Maxime Rainville
c3f0ac7718 Merge branch '4.5' into 4.6 2020-07-09 14:33:57 +12:00
Maxime Rainville
f8360356e0 Merge branch '4.4' into 4.5 2020-07-09 14:28:28 +12:00
Maxime Rainville
ec83959f2c API Remove UpgradeBootstrap (not part of our official API) 2020-06-30 21:35:51 +12:00
Aaron Carlino
658ca4deb1 MINOR: Add noindex metatag to debugview 2020-06-25 12:09:28 +12:00
Jackson Darlow
1edd8fd754
Added array declaration to DevelopmentAdmin::$registered_controllers
Co-authored-by: Robbie Averill <robbie@averill.co.nz>
2020-06-15 11:45:10 +12:00
Jackson Darlow
84235c6518 Adjusted missing definitions to only include definitions referenced by framework 2020-06-11 14:28:47 +12:00
Michal Kleiner
21129b1624
Use short array syntax across the framework's codebase 2020-05-16 10:34:45 +01:00
Daniel Hensby
237b2d5f74
Convert array delcarations to short array syntax 2020-04-20 18:58:09 +01:00
Loz Calver
e08bf1cdd9
Merge pull request #9461 from creative-commoners/pulls/4/remove-db-config-glob
Cache results of _configure_database.php glob
2020-04-20 08:45:48 +01:00
Maxime Rainville
7da77be5ce Merge branch '4.5' into 4 2020-04-15 08:22:27 +12:00
Maxime Rainville
14bbaac1cb Merge tag '4.5.3' into 4.5
Release 4.5.3
2020-04-14 14:23:57 +12:00
Maxime Rainville
de8fd82c55 Merge branch '4.4' into 4.5 2020-04-14 14:18:18 +12:00
Serge Latyntcev
9779e42963 BUG Register new sub tasks to fix files affected by CVE-2020-9280 and CVE-2019-12245 2020-04-13 19:43:53 +12:00
Serge Latyntcev
b269d87490 BUG Register new sub tasks to fix files affected by CVE-2020-9280 and CVE-2019-12245 2020-04-13 17:16:57 +12:00
Steve Boyd
75d31c2cd3 Cache glob results for _configure_database.php 2020-04-10 23:15:12 +12:00
Dan Hensby
5bf2ac83ee
Merge branch '4.5' into 4 2020-04-01 19:23:47 +01:00
Steve Boyd
6d6cc65927 Update description 2020-03-06 09:57:31 +13:00
Garion Herman
29943f9049
API TestSession request methods now use the correct HTTP method (#8987)
* API TestSession request methods now use the correct HTTP method

* DOCS Update requests section in Functional Testing to reflect API change
2020-02-14 16:01:06 +13:00
Loz Calver
a42249b6fc Minor performance improvement in DatabaseAdapterRegistry::autoconfigure() 2019-12-19 14:39:46 +00:00
Serge Latyntcev
7873efde9c Merge branch '4.4' into 4 2019-10-18 10:58:19 +13:00
Damian Mooyman
d7752b7945
Run PSR2 Lint cleaner 2019-10-04 13:26:31 +13:00
Aaron Carlino
da6582f593 NEW: Remove web installer, move to separate package (#9231)
* Remove installer

* Remove exposed install files

* Replace Dev/Install classes still in use

* Update changelog

* FIX make the grid field actions consistent to what they look like on pages

Resolves https://github.com/silverstripe/silverstripe-admin/issues/904

* Docs changes
2019-09-11 13:10:25 +12:00
Maxime Rainville
dd40d53e6b Merge branch '4.4' into 4 2019-09-04 09:46:33 +12:00
Maxime Rainville
24015c7767 Merge branch '4.3' into 4.4 2019-09-04 09:42:09 +12:00
Robbie Averill
77ba8391c4 FIX Byte Order Marks (BOM) are now stripped when importing CSV files 2019-08-29 14:54:57 +12:00
Robbie Averill
89eb6c88b2 FIX Do not try and load fixtures from directories, fixes PHP 7.4 build errors 2019-07-26 10:13:47 +02:00
Robbie Averill
79fa61edf8 FIX Type safety on nullable argument, fixes PHP 7.4 test 2019-07-19 12:05:27 +02:00
Robbie Averill
2a1394bed7 Merge branch '4.4' into 4 2019-07-19 10:46:00 +02:00
Robbie Averill
40f06fafa9 Merge branch '4.3' into 4.4 2019-07-19 10:45:44 +02:00
Robbie Averill
c7b15eaef5 Merge branch '4.2' into 4.3 2019-07-19 10:45:29 +02:00
Mario Sommereder
260c89fd54 Fix of delimiter not used bug
See issue https://github.com/silverstripe/silverstripe-framework/issues/8881
2019-06-20 11:11:27 +12:00
Sam Minnee
27ace03273 NEW: Deprecated PDO in favour of native drivers
https://github.com/silverstripe/silverstripe-framework/issues/8598
2019-06-11 16:17:30 +12:00
Aaron Carlino
d04e54c1be Merge branch '4.4' into 4 2019-06-10 17:33:30 +12:00
Aaron Carlino
c747b1f8d3 Merge branch '4.3' into 4.4 2019-06-10 17:32:07 +12:00
Aaron Carlino
f766555d61 Merge branch '4.2' into 4.3 2019-06-10 17:27:05 +12:00
Serge Latyntcev
ca56e8d78e [CVE-2019-12246] Denial of Service on flush and development URL tools 2019-06-10 17:23:56 +12:00
Aaron Carlino
e2da7b0dc4 Merge branch '4.4' into 4 2019-06-10 16:37:16 +12:00
Ingo Schommer
f4cdfb06c8 Update environment timeouts
See https://github.com/silverstripe/silverstripe-framework/issues/9029
2019-06-06 15:18:12 +12:00
Ingo Schommer
b21e5d9e57 Moved time limit increases from individual job
Should apply to all file migration subtasks, not just the first one (see silverstripe/assets)
2019-06-05 15:10:46 +12:00
Ingo Schommer
2d4711de01 Fixed logging
Broke loggers attached by queuedjobs because it wasn't using the global service.
Since the stderr handler was set to bubble=false, those messages weren't picked up by queuedjobs.
Removed preformatted handler since there's no longer an ability to run this stuff via web
2019-06-05 15:09:58 +12:00
Ingo Schommer
7301b375b8 NEW Clearer file migration output with colours 2019-06-05 11:41:06 +12:00
Robbie Averill
6678f92681
Merge pull request #9025 from taoceanz/4
Removed unused use BadMethodCallException statement.
2019-05-30 09:38:47 +12:00
Robbie Averill
00fd74a0a1 Merge branch '4.4' into 4
# Conflicts:
 #	src/Dev/Tasks/MigrateFileTask.php
2019-05-30 09:36:42 +12:00
Robbie Averill
3e2fc6aa0b Automated phpcbf linting 2019-05-30 09:34:34 +12:00
Thomas Ocean
e30483a7dc Removed unused use BadMethodCallException statement. 2019-05-30 09:08:33 +12:00
Andre Kiste
2c8c643ce3 MigrateFileTask now outputs "Done" when it has finished running (#8995) 2019-05-28 09:45:13 +12:00
Maxime Rainville
4f39e59aff BUG Enable file hash caching when running the file migration task (#8993) 2019-05-28 09:37:45 +12:00
Maxime Rainville
5b6d0946f4 API Add extension points to MigrateFileTask (#8994)
* API Add extension points to MigrateFileTask

* Apply suggestions from code review

Co-Authored-By: Guy Marriott <guy@scopey.co.nz>
2019-05-28 09:24:01 +12:00
Maxime Rainville
7ef604807c BUG Enable file hash caching when running the file migration task (#8993) 2019-05-28 09:21:11 +12:00
Maxime Rainville
9bfce8c1a4 API Add extension points to MigrateFileTask (#8994)
* API Add extension points to MigrateFileTask

* Apply suggestions from code review

Co-Authored-By: Guy Marriott <guy@scopey.co.nz>
2019-05-28 09:19:05 +12:00
Ingo Schommer
1f78e8ae80 NEW Clean up secureassets module artefacts (#8948)
See https://github.com/silverstripe/silverstripe-assets/issues/231
2019-05-02 21:05:19 +12:00
Andre Kiste
48db515fbd NEW Fix folder permissions (#8950)
* Add `FixFilePermissionsHelper` subtask
* Changed name to folder permissions, added more loggin
2019-05-02 16:28:57 +12:00
Ingo Schommer
0696045e59 NEW Legacy thumbnail migration task (#8924)
* NEW Legacy thumbnail migration task

See https://github.com/silverstripe/silverstripe-assets/issues/235
Makes a start at https://github.com/silverstripe/silverstripe-assets/issues/219 as well

* API Removed migrate_legacy_file support

For the vast majority of sites, you really don't want to run your file migration as part of dev build.
The step is involved enough to warrant it's own task.
I don't think this is an API change, since the setting won't have affect
for anyone who has already enabled it - they would've already done the one-off migration.

See https://github.com/silverstripeltd/open-sourcerers/issues/91
and https://github.com/silverstripe/silverstripe-assets/issues/235
2019-05-02 09:33:53 +12:00
Andre Kiste
2bcf8b5ff3 More verbose file migration logging
See https://github.com/silverstripeltd/open-sourcerers/issues/91

* Add `PreformattedEchoHandler`

cherry-picked from 4c3f3e6bea99b46b689e5b23d1bd1498a4ac696c

* Batch log messages for every 100 file.
Also make logger work for stdout

* Update src/Logging/PreformattedEchoHandler.php

Co-Authored-By: bergice <bergice@users.noreply.github.com>
2019-04-30 08:54:48 +12:00
Robbie Averill
8a06682e31 Merge branch '4.3' into 4
# Conflicts:
 #	src/ORM/Connect/DBSchemaManager.php
2019-04-11 11:24:17 +12:00
Robbie Averill
55cbacca86 Merge branch '4.2' into 4.3
# Conflicts:
 #	src/Forms/GridField/GridFieldLevelup.php
 #	src/includes/constants.php
2019-04-11 11:21:42 +12:00
Ingo Schommer
afb3c825c9
Merge pull request #8890 from open-sausages/pulls/4/get-installer-to-self-create-assets-folder
BUG Update installer to create the assets folder if its missing
2019-04-05 14:41:01 +13:00
Ian Patel
759968bbe2 Fix Undefined variable: result when catch Exception 2019-04-05 11:33:01 +13:00
Guy Marriott
a9d57f5bfb
Merge pull request #8241 from creative-commoners/pulls/4.3/separate-logging
Separate core error logging from standard LoggerInterface
2019-04-05 08:49:09 +13:00
Maxime Rainville
c84ad4278f BUG Update installer to create the assets folder if its missing 2019-03-29 17:56:39 +13:00
Robbie Averill
7ab55a4948 Add LoggerState to disble user-configured logging during PHPUnit tests 2019-02-22 11:43:01 +07:00
Robbie Averill
3e90fdf42f Merge branch '4.3' into 4 2019-02-19 08:41:05 +07:00
Robbie Averill
ed74549c4f Merge branch '4.2' into 4.3 2019-02-19 08:39:59 +07:00
Robbie Averill
79e44b42fa Merge branch '4.1' into 4.2 2019-02-19 08:37:07 +07:00
Robbie Averill
cb7f15a681 Merge branch '4.0' into 4.1 2019-02-19 08:36:41 +07:00
Damian Mooyman
b8122f88c5
Merge pull request #8174 from creative-commoners/pulls/4.2/deprecated-fixture-state
MINOR Replace use of deprecated getFixtureFactory() with FixtureTestState
2019-02-11 14:16:37 +13:00
Benedikt Seidl
d530bc2fb6 fix user feedback when jquery could not be loaded 2019-01-24 20:51:48 +01:00
Maxime Rainville
39297b8640 MINOR Add message to inform user that the task can be run again without issue 2019-01-23 18:40:15 +13:00
Damian Mooyman
34ac228029
BUG Fix issue with assertListEquals() ignoring field getters 2019-01-11 11:35:11 +13:00
Maxime Rainville
1e01deea39 NEW Make resources dir configurable (#8519)
* NEW Make resources dir configurable.

* Removing reference to old `resources` and updating doc #8519

* Rrtarget to 4.4 release.

* DOC Reference SS_RESOURCES_DIR in Environment doc.

* API Add a Resources method to SilverStripe\Core\Manifest\Module to read the resources-dir from composer.json

* Clean up reference to SS_RESOURCES_DIR env var

* Set default resources-dir

* Update test to use RESOURCES_DIR const in expected resource url method

* Correcting typos

Co-Authored-By: maxime-rainville <maxime@rainville.me>

* MINOR Correctubg minor typos

* DOCS Document the intricacies of exposing static assets.
2019-01-09 15:35:45 +13:00
Robbie Averill
41dc9229bf FIX Reverting ExtensionTestState and Extensible extra methods modifications to prevent PHP 5.6 segfault (#8581)
* API Revert addition of Extensible::flush_extra_methods_cache() and change to ExtensionTestState

This reverts the changes from #8465 and #8505 that relate to ExtensionTestState and the
tracking of extra methods between unit tests. The existing test from #8465 testing
overloaded Extensions after extra_methods are populated has been updated to show that you
must re-add the extension to flush the extra_methods cache if you need this behaviour.

* Revert change to InjectorTest::testExtendedExtensions

* Revert "Add failing test to show that overloaded extensions are broken in Extensible"

This reverts commit 55e79ffdfd.

* DOCS Add docs for extending extensions, and upgrade guide note to 4.3 to avoid using PHP config to do so
2018-11-26 12:00:02 +13:00
Robbie Averill
9aabe0a0f7 [SS-2018-018] Ignore arguments in mysqli::real_connect backtrace calls 2018-11-07 11:33:24 +13:00
Robbie Averill
5425195238 [SS-2018-018] Ignore arguments in mysqli::real_connect backtrace calls 2018-11-07 11:32:55 +13:00
Robbie Averill
214e28127f [SS-2018-018] Ignore arguments in mysqli::real_connect backtrace calls 2018-11-07 11:31:33 +13:00
Robbie Averill
637b4225c6 [SS-2018-018] Ignore arguments in mysqli::real_connect backtrace calls 2018-11-07 11:24:51 +13:00
Robbie Averill
7f6f5c9ec9 FIX Flush extra methods cache on DataObjects after each unit test class has finished 2018-10-20 13:59:03 +02:00