tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
23,436 Commits 29 Branches 510 Tags 146 MiB
Commit Graph

4450 Commits

Author SHA1 Message Date
Matt Peel f99ba5d716 NEW Add extension point to DataObject->hydrate() 2021-08-25 16:07:02 +12:00
Steve Boyd 805004fd31 MNT Update unit tests to use logInAs() 2021-08-23 09:04:31 +12:00
Steve Boyd 92f47da08b
API Update SwiftMailer from v5 to v6 (#10048) 
* Update SwiftMailer from v5 to v6

- Fixes #9834
- Update default Swift_Transport to use Swift_SendmailTransport
- Update version restraint for Swiftmailer
- Address new parameter type for Swift_Message::setDate()
- Update class references in docblocks

Co-authored-by: Danaë Miller-Clendon <danae.millerclendon@silverstripe.com>
 2021-08-18 12:16:45 +12:00
Steve Boyd 733282307e MNT Update tests to use logInAs() 2021-08-12 10:56:29 +12:00
Steve Boyd a90d46dbc4 NEW Title tips for form fields 2021-07-31 14:45:24 +12:00
Andre Kiste ae61be3a49
Merge pull request #10011 from creative-commoners/pulls/4/htmleditor-readonly-lazy-load 
MNT Update unit test to expect loading attribute
 2021-07-09 11:00:26 +12:00
Steve Boyd f6e8d6e591 Merge branch '4.8' into 4 2021-07-07 14:03:02 +12:00
Steve Boyd 22f809840a MNT Update unit test to expect loading attribute 2021-07-06 17:27:54 +12:00
Steve Boyd 87d076faa6 FIX Cast DBInt value to int 2021-07-06 16:43:54 +12:00
Ingo Schommer e8c14a9d5b
Merge pull request #10005 from creative-commoners/pulls/4.8/10k 
FIX Parse Enums with dots in their values
 2021-07-02 09:33:29 +12:00
Steve Boyd 8e803bbcfc FIX Parse Enums with dots in their values 2021-07-01 16:00:08 +12:00
Steve Boyd 0b979dc345 FIX Cache duplicate embeds separately 2021-06-29 12:17:07 +12:00
Steve Boyd 325021c2f8 Merge branch '4.8' into 4 2021-06-21 14:59:01 +12:00
Steve Boyd 7ed7ad0254 FIX Ensure changing a password to blank is validated 2021-06-17 12:05:20 +12:00
Loz Calver 5bb5ef80ed FIX: Form::defaultAction() didn't work if actions were in CompositeFields (fixes #9975) 2021-06-09 17:26:43 +01:00
Steve Boyd 9463aaf571 Merge branch '4.8' into 4 2021-06-08 11:49:01 +12:00
Steve Boyd fb0d769049
Merge pull request #9969 from creative-commoners/480-tag 
Security fixes from 4.8.0
 2021-06-08 11:47:35 +12:00
Michal Kleiner 0bd5b98d62 MNT Fix typos in test comments 2021-06-03 13:49:24 +12:00
Michal Kleiner 9dd69c40e3 NEW Add DBText->Summary tests 2021-06-03 13:49:24 +12:00
Steve Boyd 8024551376 [CVE-2020-26138] Validate custom multi-file uploads 2021-06-02 16:24:23 +12:00
Steve Boyd 7f97734a20 [CVE-2020-25817] Prevent loading of xml entities 2021-06-02 16:24:17 +12:00
Steve Boyd a3df66860f Merge branch '4.8' into 4 2021-05-31 17:05:11 +12:00
Steve Boyd 9ccdb8efb2 Merge branch '4.7' into 4.8 2021-05-31 17:04:54 +12:00
Maxime Rainville 472fc4ebb4
BUG Update DataQuery::exists to return false when limit causes no result to be returned (#9946) 
* BUG Update DataQuery::exists to return false when limit causes no result to be returned

* Update comment

* Fixing linting issue
 2021-05-31 16:50:58 +12:00
Ingo Schommer 196752566f
Merge pull request #9655 from sminnee/pulls/9647-find-lost-records 
NEW: Add GridFieldDetailForm::setRedirectMissingRecords()
 2021-05-21 13:53:18 +12:00
Sam Minnee 8883413ba7 NEW: Add GridFieldDetailForm::setRedirectMissingRecords() 
This new opt-in setting will let grid field detail forms redirect to the
“Correct” URL of a GridField if it’s not found in the current list.

This works by:
 * Looking for the item in the database
 * If it exists, check for a CMSEditLink() method that returns a value
 * If so, redirect to that

This is useful if you have a number of grid fields that each show a
partial list of records, and it’s possible for the user to make changes
such the item no longer appears in the list, but does appear in another
list.

It’s an opt-in feature as I think all changes like this should be
opt-in, based on previous experiences improving GridField and in turn
breaking SecurityAdmin and slowing versioned-data-browsing down. ;-)
 2021-05-21 13:16:00 +12:00
Ingo Schommer ad4e488dcf
Merge pull request #9192 from sminnee/fix-9163 
NEW: Support dot syntax in form field names
 2021-05-21 10:34:15 +12:00
Guy Marriott 766df06f23
Merge pull request #9631 from open-sausages/pulls/4/custom-sort-gridfield-autocompleter 2021-05-20 14:02:44 -07:00
Ingo Schommer 7a0d354529 Linter fixes 2021-05-21 08:30:43 +12:00
Ingo Schommer 8806b3befc Fixes required for dot notation support in fields 
See #9163
 2021-05-20 20:32:25 +12:00
Steve Boyd a6ccc86f94 Merge branch '4.7' into 4.8 2021-05-03 14:21:37 +12:00
Steve Boyd e6aeff6468 Merge branch '4.6' into 4.7 2021-05-03 14:21:20 +12:00
Garion Herman debf1ae9fb
Merge pull request #9887 from lekoala/patch-18 2021-04-24 21:05:29 +12:00
Maxime Rainville 440c7cad35 MNT Add test to cover TreeDropdownField::TreeBaseId 2021-04-23 17:53:54 +12:00
Steve Boyd bcccc63d33 API Methods to override logout_accross_devices 2021-04-19 13:13:35 +12:00
Maxime Rainville 6fc25e4e96
RFC Add chunk method to DataList to iterate over large dataset (#8940) 2021-04-14 07:49:44 +12:00
Maxime Rainville 66fa597b3b
FIX Better handling of remember me token when login across devices is disabled (#9895) 
* BUG Make sure remember me tokens are not invalidated when logging out without the logout_across_devices flag

* Remove unneeded comment
 2021-03-31 11:31:52 +13:00
Brett Tasker 600f8e5b86 Move hasEmptySchem and emptyString to DataSchema on SingleSelectField 2021-03-23 21:53:30 +13:00
Thomas Portelange fc40e0b98a
Test that email is trimmed 2021-03-22 09:03:43 +01:00
Maxime Rainville 7a04090bdf Merge branch '4.7' into 4 2021-03-15 14:27:47 +13:00
Nik d2fa64b489
BUG Allow Email to re-render when data changes (#9876) 
* Fix: Allow Email to re-render when data changes

* Add invalidateBody function

* Make the linter happy
 2021-03-04 11:18:46 +13:00
Maxime Rainville 2c54a3fd2f Merge branch '4.7' into 4 2021-03-01 20:37:04 +13:00
Maxime Rainville 028c4fdaa1 BUG Tweak shortcode parser so it properly parse empty attributes 2021-02-25 15:18:16 +13:00
Maxime Rainville 9ca33950a2
API Add a CREATE_MEMORY_HYDRATED option to DataObject constructor (#9767) 2021-01-21 14:07:06 +13:00
Maxime Rainville 0dd59a1e7b
BUG Reset GridFieldFilterHeader grid state when search is cleared (#9829) 2021-01-21 13:47:40 +13:00
Maxime Rainville 54bdabd203 Merge branch '4.7' into 4 2021-01-20 12:57:01 +13:00
Maxime Rainville d13d3a1134
Merge pull request #9818 from creative-commoners/pulls/4.7/check-object-for-key 
FIX Type checking in objectForKey() to fix postgres bug
 2021-01-20 12:41:49 +13:00
Maxime Rainville 17c6f98ba2 BUG Fix PostgreSQL issue in TreeMultiselectField where field would try to filter list by a blank ID 2021-01-20 12:23:09 +13:00
Maxime Rainville 0da15f0f27 Merge branch '4.7' into 4 2021-01-19 15:33:56 +13:00
Maxime Rainville 92af6b3dd5 FIX Update behat toast logic so it works with quotes 2021-01-19 15:16:26 +13:00
Steve Boyd 76ae5bc38a FIX Type checking in objectForKey() to fix postgres bug 2021-01-08 15:25:38 +13:00
William Desportes c932d7e7fb
Fix the phpdoc blocks 2020-12-21 22:23:23 +01:00
Sam Minnée a8d121d23f
Merge pull request #9800 from creative-commoners/pulls/4.7/arraylist-value-set 
FIX Bug when specifying 0 in ArrayList::offsetSet
 2020-12-16 15:40:20 +13:00
Steve Boyd 5be045f9a2 FIX Bug when specifying 0 in ArrayList::offsetSet 2020-12-15 14:50:10 +13:00
Andre Kiste 460715197d
Merge pull request #9190 from open-sausages/pulls/4/test-state 
Don't include default value in url grid state
 2020-11-18 12:31:50 +13:00
Steve Boyd 6e77d5eada NEW DataObject related objects service 2020-10-29 09:29:26 +13:00
Garion Herman e89ae93ac9 FIX Harden hasMethod() against invalid values 
This method should typehint the incoming value once union types are
available, but for now this ensures that method_exists() is not called
on scalar values, which is unsupported in PHP 8.
 2020-10-28 09:34:33 +13:00
wernerkrauss 941df19e88
ENH Improve YamlReader exception message (#9731) 
Fixes #9690
 2020-10-12 22:38:13 +13:00
Sam Minnée c5d676fa4e
FIX Avoid test failure on use of narrow-NBSP (#9725) 
For whatever reason (different locale version) my local dev env uses
narrow-NBSPs (Unicode 8239) rather than regular NBSP in its localised
strings. This patch makes the tests robust against this difference.

Note that this occurred running the tests in Lando.

Co-authored-by: Robbie Averill <robbie@averill.co.nz>
 2020-10-09 10:33:51 +13:00
Garion Herman 198b25c900 FIX Hardcode PasswordValidator config in VersionedMemberAuthenticatorTest 2020-10-06 16:07:24 +13:00
Aaron Carlino 544b137328 Merge branch '4.6' into 4 2020-10-05 14:03:05 +13:00
Guy Marriott 478d487f0e
Merge pull request #9707 from robbieaverill/pulls/4.7/exceptions 2020-10-01 17:16:43 -07:00
Daniel Hensby fe45655a2b
Merge pull request #9698 from sminnee/pulls/symfony4 
Symfony 4 support
 2020-09-30 23:22:51 +01:00
Garion Herman 8ad4c4e024 FIX Fix namespace parsing under PHP 8, tweak readability of parser 
$hadNamespace was ambiguously named, so the original PHP 8 support
update marked it true when it was strictly meant to indicate that a
namespace separator token had been encountered, resulting in bungled
parsing of complex class specs like Class(["arg" => true]).
 2020-09-30 16:16:30 +13:00
Robbie Averill ae1e17edec Update exception assertions in tests and remove deprecated annotations 2020-09-25 10:06:49 -07:00
Sam Minnee 9247bc8b79 NEW: Add Symfony 4 support alongside Symfony 3 
- Remove duplicate key in YML file
 - Remove deprecated yaml dump indentation set (the constructor arg works in both ^3 and ^4)

Fixes #9274
 2020-09-21 19:09:08 +12:00
Dan Hensby ae0ece2b02
Merge pull request #9665 from creative-commoners/pulls/4/php8-fqcn-token 2020-09-18 20:44:22 +01:00
Sam Minnee 0d7c5a9ece NEW Add/remove callbacks on RelationList 
This provides a mechanism for adjusting the behaviour of these
relations when building more complex data models.

For example the following example has a status field incorporates a
Status field into the relationship:

```php
function MyRelation() {
  $rel = $this->getManyManyComponents(‘MyRelation’);
  $rel = $rel->filter(‘Status’, ‘Active’);

  $rel->addCallbacks()->add(function ($relation, $item, $extra) {
    $item->Status = ‘Active’;
    $item->write();
  });
}
```

Introduces a new library dependency: http://github.com/sminnee/callbacklist
 2020-09-18 13:33:42 +12:00
Maxime Rainville ff18dec2e5
API Add new behat method for interacting with toasts (#9695) 2020-09-17 17:12:35 +12:00
Loz Calver bca0f28b62
FIX: Make template parser error on mismatched brackets (fixes #8845) 2020-09-15 16:54:24 +01:00
Loz Calver bfc3b4b468
FIX: Stop empty comments breaking the template parser (fixes #8742) 2020-09-15 16:54:22 +01:00
Garion Herman 099ee2deb7 FIX Remove extraneous @depends annotations 2020-09-15 17:40:42 +12:00
Garion Herman f1c94e6d54 FIX Allow quotes in expected ReflectionExceptions within tests 2020-09-15 17:40:42 +12:00
Sam Minnee 57bdef3b2e FIX: Fix test mistakenly labelling content as name arguments in data provider 2020-09-15 17:40:42 +12:00
Sam Minnee b3dd27953b NEW: Allow league/csv ^9 
Hopefully this has better PHP 8 support.
 2020-09-15 17:40:42 +12:00
Steve Boyd 015ea8cfc8 Merge branch '4.6' into 4 2020-09-11 11:54:23 +12:00
Damian Mooyman ac6f34846e
BUG Resolve issue where TreeMultiSelectField would error loading its value (#9604) 
* BUG Resolve issue with TreeMultiSelectField not retaining value in some situations
E.g. in an elemental form
 2020-09-11 11:52:36 +12:00
Robbie Averill de61681dec
Merge pull request #9634 from open-sausages/pulls/4/ellipsis 
BUG Use proper ellipsis character in the various summary method.
 2020-09-10 14:48:33 -07:00
Maxime Rainville acdebcdba7 Fix unit test 2020-09-10 17:08:13 +12:00
Steve Boyd 4c3a5441b2 Merge branch '4.6' into 4 2020-09-09 13:58:35 +12:00
Nicolaas 27c1c72912
FIX ModuleManifest::getModuleByPath fix to ensure right module is returned (#9569) 
* FIX: ModuleManifest::getModuleByPath returns the wrong module #9561
Co-authored-by: Nicolaas Thiemen <nt@sunnysideup.co.nz>
 2020-09-09 13:47:36 +12:00
Maxime Rainville adaf793ddb
BUG Always validate Member credentials against DRAFT stage (#9671) 2020-09-08 11:47:04 +12:00
Guy Marriott 3575070b9d FIX Removing selected column detail only if having is empty (MySQL "feature") 2020-09-01 16:21:43 +12:00
Garion Herman 6b78428fbb
Merge pull request #9651 from open-sausages/pulls/4/test-mysql-connection-collation 
ENH Test coverage for MySQL connection collation
 2020-08-30 22:44:28 +12:00
Serge Latyntcev f57d5cc807 ENH Test coverage for MySQL connection collation 2020-08-30 13:21:38 +12:00
Garion Herman 9aa2642d03
Merge pull request #9639 from creative-commoners/pulls/4/embed-performance 
NEW Cache embed shortcodes
 2020-08-27 12:15:24 +12:00
Garion Herman c143941e44
Merge pull request #9628 from creative-commoners/pulls/4/version-provider 
NEW Additional logic for VersionProvider
 2020-08-21 14:25:23 +12:00
Sam Minnée b810b7d5c9
API: Allow for user-created objects to have values passed in the constructor (#8591) 2020-08-20 12:28:31 +12:00
Steve Boyd 00a60432f6 Backport fix to GroupedDropdownFieldTest 2020-08-19 11:21:46 +12:00
Maxime Rainville 5226d961e8 Fix unit test 2020-08-18 10:29:57 +12:00
Maxime Rainville a43414dedb Make sure GridState always outputs a JSON Object string 2020-08-17 23:23:42 +12:00
Maxime Rainville 70ffb3297a API Only include gridfield state value that differ from the expected default 2020-08-17 12:11:56 +12:00
Steve Boyd 7304acb171 NEW Cache embed shortcodes 2020-08-12 12:14:05 +12:00
Steve Boyd e19ef240f7 NEW VersionProvider now supports recipes as well as modules 2020-08-11 13:04:48 +12:00
Sam Minnée 8195bb480d
Merge pull request #9630 from silverstripe-terraformers/feature/with-time 
NEW: WithMockTime callback.
 2020-08-07 10:16:30 +12:00
Maxime Rainville 26b8b7964e Rename DefaultEllipsis to defaultEllipsis 2020-08-07 09:48:42 +12:00
Maxime Rainville e31565cb71 BUG Fix GroupedDropdownFieldTest::testReadonlyValue 2020-08-06 22:50:40 +12:00
Maxime Rainville 896c0e4388 BUG Use proper ellipsis character in the various summary method. 2020-08-06 19:37:03 +12:00
Mojmir Fendek c2ed6a4cd6 NEW: WithMockTime callback. 2020-08-06 11:18:39 +12:00
Ingo Schommer 9d03a6856c FIX Retain custom sort on custom lists in GridFieldAddExistingAutoCompleter 
Forcing sort by the first search field isn't always appropriate.
When a custom search list is used, we can set the expectation that custom sorting is intended as well.
As an example, this can be used to autocomplete based on FULLTEXT indexes,
and sort based on relevancy.
 2020-08-04 22:02:20 +12:00
Steve Boyd 8287fad24d Merge branch '4.6' into 4 2020-07-29 11:38:49 +12:00
Steve Boyd 52d38a8b4a
Merge pull request #9615 from creative-commoners/pulls/4.6/embed-iframe-dimensions 
FIX Set iframe dimension attributes specified in shortcode
 2020-07-28 11:04:24 +12:00
Steve Boyd f0936d4c1e FIX Set iframe dimension attributes specified in shortcode 2020-07-27 18:04:03 +12:00
Martin Heise 404f450ac3 BUG Readonly version of GroupedDropdownField 
GroupedDropdownField was showing empty values in Readonly mode due to not correctly handling the hierarchical source array.
Uses flattened source now in GroupedDropdownField->performReadonlyTransformation()
 2020-07-21 09:23:30 +02:00
Robbie Averill 84b4057a9a
Merge pull request #9406 from chrispenny/feature/standardise-get-cms-validator 
v4 improvement: Standardise getCMSValidator for DataObjects/Forms
 2020-07-16 15:58:33 -07:00
Garion Herman d408a4e714 Merge branch '4.6' into 4 2020-07-13 12:28:14 +12:00
Garion Herman fbe0f5a981 Merge branch '4.5' into 4.6 2020-07-13 12:27:02 +12:00
Maxime Rainville 8518987cbd [CVE-2019-19326] Stop honouring X-HTTP-Method-Override header, X-Original-Url header and _method POST variable. Add SS_HTTPRequest::setHttpMethod() 2020-07-10 17:56:15 +12:00
Maxime Rainville 71db45b18b [CVE-2019-19326] Stop honouring X-HTTP-Method-Override header, X-Original-Url header and _method POST variable. Add SS_HTTPRequest::setHttpMethod() 2020-07-10 14:57:26 +12:00
Maxime Rainville b780c4f504 BUG Tweak DBHTMLText::Plain to avoid treating some chinese characters as line breaks. 2020-07-09 13:33:43 +12:00
Sam Minnee 01d3b4fd96 FIX: Set many-many-through joinRecord on newly added records. 
When many-many-through relations are queried, a joinRecord is set on
each DataObject in the list to provide the extra fields defined on
the connector object. This didn’t previously happen when the record
was first add()ed to a list. This fixes that bug.
 2020-07-02 15:18:12 +12:00
cpenny f72491f7f4 Linting fix 2020-06-08 09:35:00 +12:00
cpenny d4165db690 Update getter name to getCMSCompositeValidator 2020-05-28 12:23:35 +12:00
cpenny 2765b65f42 Use ReflectionClass for CompositeValidator tests 2020-05-28 11:18:46 +12:00
cpenny bca4be77ed Update name to CompositeValidator. Add docblocks 2020-05-28 11:18:46 +12:00
cpenny b45a3561df Implemented PR feedback. Added some initial test cov 2020-05-28 11:18:46 +12:00
Maxime Rainville acccdd8a1c Merge branch '4.5' into 4 2020-05-26 14:31:06 +12:00
Maxime Rainville 42bb28965c Merge branch '4.4' into 4.5 2020-05-26 14:30:27 +12:00
Maxime Rainville 395893b559 Merge branch '4.3' into 4.4 2020-05-26 14:30:02 +12:00
Maxime Rainville 86fcb9e29c Merge branch '4.2' into 4.3 2020-05-26 14:29:16 +12:00
Daniel Hensby 080ce157ce
Fix various typos in comments 2020-05-16 10:34:53 +01:00
Michal Kleiner 21129b1624
Use short array syntax across the framework's codebase 2020-05-16 10:34:45 +01:00
Steve Boyd b1b61f866e FIX Set nonce style on unit tests 2020-05-13 16:07:31 +12:00
Brett Tasker 1d19051c10 Add sha1 and md5 hashing options in resource URL 2020-05-12 18:14:03 +12:00
Mojmir Fendek 7dc6b36c16
Unique key for DataObject (#9400) 
NEW Unique key for DataObject
 2020-05-04 09:10:51 +12:00
Dan Hensby 33b0b6985a
Update file paths for autoloading compatibility 2020-04-25 10:28:28 +01:00
Daniel Hensby 237b2d5f74
Convert array delcarations to short array syntax 2020-04-20 18:58:09 +01:00
Garion Herman f94078d963
Merge pull request #9408 from chrometoasters/pulls/classes-with-extension 
Add ClassInfo method to get all classes with a given extension applied
 2020-04-20 20:11:01 +12:00
Serge Latyntcev cb36aab80c Merge branch '4.5' into 4 2020-04-15 14:49:19 +12:00
mattclegg e968f5cb86
DOCS: Remove outdated TODO 2020-04-14 15:00:08 +05:45
Ingo Schommer 2c5deceeb4 FIX Filter out all FULLTEXT BOOLEAN chars 
The query might still work depending on where these chars are placed,
but it seems weird to only remove *some* of the valid chars here.
See https://dev.mysql.com/doc/refman/5.6/en/fulltext-boolean.html

Note that the query runs both the actual boolean query with chars,
and then a separate relevance search without them.
 2020-04-09 10:32:45 +12:00
Ingo Schommer c6b698cb02 NEW Allow InnoDB for FULLTEXT indexes 
MyISAM used to be the only one to support it, now InnoDB has caught up.
Unless an engine is set specifically in create_table_options,
this will auto-convert existing MyISAM tables to InnoDb.

Fixes #9242
 2020-04-09 10:32:45 +12:00
Dan Hensby 5bf2ac83ee
Merge branch '4.5' into 4 2020-04-01 19:23:47 +01:00
Daniel Hensby 1fb574a5bd
NEW: Variadic URL parameter matches for url_handlers (#9438) 
* Add wildcard URL parameter matches for url_handlers

* Extra tests for wildcard parameters

* Add a PHP warning if more params appear after wildcard param
 2020-03-25 09:16:13 +13:00
Michal Kleiner 30c3b127c1 NEW Add ClassInfo method to get all classes with a given extension applied 2020-03-24 10:48:35 +13:00
Aaron Carlino 37e8720fe5 Linting 2020-03-17 16:21:46 +13:00
Aaron Carlino 7ad5f1bb14 BUGFIX: Ensure diff arrays are one-dimensional 2020-03-17 15:57:28 +13:00
Steve Boyd 667495eaf9 Merge branch '4.5' into 4 2020-03-06 10:53:28 +13:00
Steve Boyd 687435a2f1 Merge branch '4.4' into 4.5 2020-03-06 10:52:22 +13:00
UndefinedOffset bba0f2f72f
BUGFIX: Fixed issue where TimeField_Readonly would only show "(not set)" instead of the value 2020-02-24 09:59:00 -04:00
Maxime Rainville affd43052a Merge branch '4.5' into 4 2020-02-17 18:11:23 +13:00
Maxime Rainville acd7d94167 Merge branch '4.4' into 4.5 2020-02-17 13:07:26 +13:00
Maxime Rainville 49fda52b12
Merge pull request #94 from silverstripe-security/fix/cve-2019-19325 
CVE-2019-1935
 2020-02-17 12:54:40 +13:00
Serge Latyntcev ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes 
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
 2020-02-17 09:58:29 +13:00
Guy Marriott c31de772ab
Merge pull request #8838 from creative-commoners/pulls/4/slash-means-root 
Use '/' as an alternative designation for root in routing
 2020-02-14 11:29:32 -08:00
Garion Herman 9d1d59d8d1 NEW Accept / as designation for root URL controller 2020-02-14 14:41:10 +13:00
Steve Boyd 9d5c3ef20e Merge branch '4.4' into 4.5 2020-02-11 16:45:15 +13:00
Mojmir Fendek 99786dda22 ORM Column now supports related table lookup 2020-01-28 15:46:30 +13:00
Andre Kiste 6650d81324 BUG Fix extra blank Group being created when creating a new Group (#9325) 
* Fix extra blank Group being created when creating a new Group

* Update tests to reflect expected behavior

* Improved tests
 2019-11-27 09:32:33 +13:00
Serge Latyntcev 91e4aa90f1 Merge branch '4.4' into 4.5 2019-11-20 11:09:23 +13:00
Serge Latyntcev 8219491705 Merge branch '4.3' into 4.4 2019-11-20 11:08:35 +13:00
Garion Herman ea2a2b4786 FIX Adjust HTMLEditorField tests to support alt attr changes in assets 
The default behaviour of the alt attribute has changed from using the
filename to applying an empty value.
 2019-11-14 12:04:37 +13:00
Mojmir Fendek e2bea6b41f API Add `withConfig` method (#9011) 
* With config functionality added.
* Update docs/en/02_Developer_Guides/04_Configuration/00_Configuration.md
 2019-10-31 16:12:04 +13:00
Damian Mooyman e76601e5c8
BUG FormAction title property cannot be set if useButtonTag is false 2019-10-29 17:21:45 +13:00
Garion Herman 17f4cc6e30
Merge pull request #9281 from creative-commoners/pulls/4/textfield-tip-ui 
NEW: Add support for Tip UI in TextField
 2019-10-23 16:50:43 +13:00
Garion Herman bed3f2b3c6 NEW Add type declarations to Tip API, add TippableFieldInterface 2019-10-23 10:46:22 +13:00
Garion Herman 195417b061 NEW Extract Tip from TextField, add test coverage 2019-10-22 17:04:58 +13:00
Maxime Rainville e59625fe5a
NEW Add ability to define image size preset for the TinyMCE editor. (#9276) 
* NEW Add ability to define image size preset for the TinyMCE editor.
* DOC Explain how to define image size pre-sets
 2019-10-22 11:50:28 +13:00
Serge Latyntcev 33a28394d6 Merge branch '4.4' into 4 2019-10-18 15:59:28 +13:00
Serge Latyntcev 0cf5d4cbe2 Merge branch '4.3' into 4.4 2019-10-18 15:58:13 +13:00
Serge Latyntcev 46b9530d88 PSR2 linting fixes 2019-10-18 15:31:39 +13:00
Serge Latyntcev 7873efde9c Merge branch '4.4' into 4 2019-10-18 10:58:19 +13:00
Serge Latyntcev dcbe6d0310 Merge branch '4.3' into 4.4 2019-10-18 10:57:35 +13:00
Damian Mooyman d7752b7945
Run PSR2 Lint cleaner 2019-10-04 13:26:31 +13:00
Serge Latyntcev 7db524bd90 FIX DebugViewFrendlyErrorFormatter handle of admin_email 2019-10-04 10:26:54 +13:00
Dylan Wagstaff 047ac060c4
Merge pull request #9265 from emteknetnz/feature/noopener 
Add noopener attribute to links with a target
 2019-10-03 14:42:50 +13:00
Steve Boyd 887f198b07 Add rel attribute to link elements with a target attribute 2019-10-03 14:03:12 +13:00
Sam Minnée af6644f762
Merge pull request #9240 from chrometoasters/pulls/db-readonly-transactions-support 
NEW Introduce supported database transaction mode check
 2019-09-25 10:02:53 +12:00
Aaron Carlino b002ef1171 Merge branch '4.4' into 4 2019-09-24 17:26:50 +12:00
Garion Herman 0d27f32cc9 FIX Add 'legal empty attributes' to allow empty alt values on imgs 
In some situations, a caption is used in place of a value in the alt
attribute, and in others an image may be cosmetic and not in need of an
alt attribute value (though the alt attribute must still be rendered in
this case).
 2019-09-24 11:44:12 +12:00
Robbie Averill 3cfc21c405
Merge pull request #9241 from open-sausages/pulls/4.4.3/fix-file-permission 
Fix administrators not being able to see files that are restricted to groups
 2019-09-23 11:13:26 -07:00
bergice 6a1c6ecec6 Fix administrators not being able to see files that are restricted to groups 
Resolves https://github.com/silverstripe/silverstripe-asset-admin/issues/777
 2019-09-23 16:44:28 +12:00
Michal Kleiner bcbf90a837 NEW Introduce supported database transaction mode check 2019-09-16 14:44:15 +12:00
Robbie Averill aa6b244db9 Merge branch '4.4' into 4 2019-09-13 18:11:46 -07:00
Robbie Averill 592ab6abc1 Merge branch '4.3' into 4.4 2019-09-13 18:11:34 -07:00
Robbie Averill 9a76d4adb4
Merge pull request #9181 from kinglozzer/8762-shortcode-templates 
NEW: Use templates to render embed shortcodes (closes #8762)
 2019-09-13 17:58:32 -07:00
Serge Latyntsev 233e0e7aa0 ENH PasswordExpirationMiddleware implementation (#9207) 2019-09-12 14:34:06 +12:00
Aaron Carlino da6582f593 NEW: Remove web installer, move to separate package (#9231) 
* Remove installer

* Remove exposed install files

* Replace Dev/Install classes still in use

* Update changelog

* FIX make the grid field actions consistent to what they look like on pages

Resolves https://github.com/silverstripe/silverstripe-admin/issues/904

* Docs changes
 2019-09-11 13:10:25 +12:00
Maxime Rainville 591b88a9bc BUG Allow infinite loop when calling DataObject::writeComponent() recursively 2019-09-10 14:15:28 +12:00
Robbie Averill e8c2f963fd FIX Member::getLastName() now correctly returns the Member surname 2019-09-06 12:12:27 -07:00
Maxime Rainville dd40d53e6b Merge branch '4.4' into 4 2019-09-04 09:46:33 +12:00
Maxime Rainville 24015c7767 Merge branch '4.3' into 4.4 2019-09-04 09:42:09 +12:00
Robbie Averill 77ba8391c4 FIX Byte Order Marks (BOM) are now stripped when importing CSV files 2019-08-29 14:54:57 +12:00
Loz Calver 759601741d NEW: Use templates to render embed shortcodes (closes #8762) 2019-08-21 09:32:16 +01:00
Robbie Averill a5d6b998fc Merge branch '4.4' into 4 2019-08-16 16:40:39 +12:00
Robbie Averill 11a7d6ccb4
Rename test to be clearer about its intent 
Co-Authored-By: Guy Marriott <guy@scopey.co.nz>
 2019-08-16 09:49:36 +12:00
Robbie Averill bae7e32680 FIX Member::changePassword() no longer applies password validation rules to the hashed value 2019-08-16 09:06:07 +12:00
Robbie Averill f354e2018d FIX Set minimum test scores and password length for Members while running fixtured DataObject tests 2019-08-15 15:23:11 +12:00
Robbie Averill 45f86658ca Merge branch '4.4' into 4 2019-08-14 09:31:05 +12:00
Robbie Averill 4b44272367 Merge branch '4.3' into 4.4 2019-08-14 09:30:53 +12:00
Robbie Averill d63e4b520c Merge branch '4.2' into 4.3 2019-08-14 09:30:41 +12:00
Guy Marriott f3132c89d7
Merge pull request #9170 from open-sausages/pulls/4/add-option-to-disable-user-agent-session-check 
API Add option to disable user-agent header session validation
 2019-08-08 11:47:07 +12:00
Aaron Carlino b3093b7a1a BUGFIX: Allow state to be shared across nested GridFields 2019-08-07 23:09:51 +12:00
Maxime Rainville 4380d7d155 API Add option to disable user-agent header session validation 2019-08-06 22:00:01 +12:00
Robbie Averill 0672f8b76b NEW HTTPRequest now has hasSession() to determine whether a session exists for it 2019-08-02 11:29:23 +12:00
UndefinedOffset c1ffc4edfb Added unit tests for multiple relationship sorting 2019-07-29 10:45:10 -03:00
Chee Wai cb91f5fa06 NEW Added SRI support for Requirements::css, Requirements::javascript (#9139) 2019-07-21 09:51:22 +02:00
Simon Gow 22b514c421 #9114 - DBText::ContextSummary() cuts line breaks 
ContextSummary() was cutting the HTML which was added by nl2br because
it expected plain text elements as it's stripping and replacing text.
Instead this fix changes the behaviour to apply the nl2br after the text
changes have been made. That way we can't cut anything in the middle of
a HTML tag, but new lines, or paragraphs are replaced by BRs after,
should they exist.

- Added tests to ensure text is not cut in the middle of a sentence.
- Added test to ensure that <br>'s are added in the correct place should
the summary span between new lines.
 2019-07-19 12:43:20 +12:00
Serge Latyntcev 29a663c65d Merge branch '4.4' into 4 2019-07-15 09:24:49 +12:00
Serge Latyntcev d667d64f13 Merge branch '4.3' into 4.4 2019-07-15 09:18:17 +12:00
Serge Latyntcev fcd7a1e63e FIX core memory limit test 2019-07-12 16:30:25 +12:00
Serge Latyntsev 7ef13e7ef6 FIX Confirmation components to respect SS_BASE_URL (#9074) 2019-07-05 16:05:41 +12:00
Robbie Averill 844d2ef134 NEW DBDate and DBDatetime now support modify() with a strtotime() style adjustment string (#9105) 2019-07-05 15:57:23 +12:00
UndefinedOffset e3aa0ff63a Added unit tests for config condition if PHP extension is loaded 2019-07-03 10:32:41 -03:00
Sam Minnee 96e7914f23 FIX: Fix MySQLQuery::seek() and Query::rewind() to fix repeated iteration 
API: Query::seek() and Query::rewind() no longer return a value.

Although breaking an API inside a patch release may seem odd, this in
fact is correcting a long-standing bug in our implementation of 
Iterator::rewind(), so I think it’s appropriate.

https://github.com/silverstripe/silverstripe-framework/issues/9097
 2019-07-03 09:20:05 +12:00
Saophalkun Ponlu 6a8c6703d1 Remove `use_gzip` from HTMLEditorField since it's been removed by TinyMCE codebase (#7261) 
* Remove `use_gzip` from HTMLEditorField

* DOCS Mention remove use_gzip in changelog
 2019-06-21 09:27:48 +12:00
Aaron Carlino d04e54c1be Merge branch '4.4' into 4 2019-06-10 17:33:30 +12:00
Aaron Carlino c747b1f8d3 Merge branch '4.3' into 4.4 2019-06-10 17:32:07 +12:00
Aaron Carlino f766555d61 Merge branch '4.2' into 4.3 2019-06-10 17:27:05 +12:00
Serge Latyntcev ca56e8d78e [CVE-2019-12246] Denial of Service on flush and development URL tools 2019-06-10 17:23:56 +12:00
Sam Minnée 654156d46d FIX: Fix bug when confirmed password is changed but not the password. (#9012) 
In this case the confirmed password field is not reflected. It’s 
unclear how often this situation would arise outside of test scenarios,
but may come up if $form->loadDataFrom() is called more than once.

Fixes #2496 (it’s a minor issue but I think this is why Dan flagged it
as a regression). Originally introduced as part of Dan’s initial fix
at 2a6f1f1949.
 2019-06-10 15:48:29 +12:00
Jarkko Linnanvirta 9184056b5e URLSegmentFilter: Remove : characters from url segments when multibyte characters are allowed. 2019-06-02 11:43:51 +03:00
Robbie Averill 00fd74a0a1 Merge branch '4.4' into 4 
# Conflicts:
 #	src/Dev/Tasks/MigrateFileTask.php
 2019-05-30 09:36:42 +12:00
Robbie Averill 14673ffd0a Merge branch '4.3' into 4.4 2019-05-30 09:35:26 +12:00
Robbie Averill 188698dcee Merge branch '4.2' into 4.3 2019-05-30 09:35:17 +12:00
Robbie Averill 3e2fc6aa0b Automated phpcbf linting 2019-05-30 09:34:34 +12:00
Guy Marriott f97ca26e76
Merge pull request #9014 from sminnee/fix-4142 
FIX: List default items in the readonly view of ListboxField
 2019-05-27 20:13:20 +12:00
Sam Minnee 7407096e99 FIX: List default items in the readonly view of ListboxField 
Adds tests for non-readonly default items too.

Fixes #4142
 2019-05-27 17:47:09 +12:00
Sam Minnee 2c71daacfe MINOR: Add tests for GroupedDropdownField empty strings 
These bugs were never present in SS4 as the relevant code had a
substantial rewrite at the same time they were introduced in SS3.
In SS3, test C still fails.

Fixes #4705
Fixes #4987
Fixes #4793
 2019-05-27 17:46:03 +12:00
Guy Marriott 350888bf50 NEW Adding a shuffle method to ArrayList (#8984) 
* NEW Adding a shuffle method to ArrayList

* API Add shuffle to DataList for ArrayList parity
 2019-05-16 09:26:11 +12:00
Aaron Carlino 3f1479edbb
BUGFIX: DataQuery overwriting _SortColumn selects (#8974) 
* BUGFIX: DataQuery overwriting _SortColumn selects

* FIX DataQuery _SortColumn handling
 2019-05-15 11:42:10 +12:00
Maxime Rainville 8ee50d2ba7 API Remove DataObjectSchema::getFieldMap() (#8960) 
Introduced as a less public API in https://github.com/silverstripe/silverstripe-assets/pull/227
 2019-05-06 12:33:23 +12:00
Guy Marriott 82c8225502
Merge branch '4.3' into 4.4 2019-05-03 09:45:25 +12:00
Serge Latyntcev 3d777cfb8a Backward compatible behaviour for SQLConditionalExpression::getJoins 2019-05-02 15:39:36 +12:00
Andre Kiste 0c6c57f1ef Add `getFieldMap` method to retrieve a list of all fields for any giv… (#8892) 
* Add `getFieldMap` method to retrieve a list of all fields for any given class

* Add `TagsToShortcodeTask` to upgrading guide

Adding after the file migration part as this is where it makes the most sense to run it.

* `getFieldMap` accepts an array

* Move to `DataObjectSchema`

* Add `HTMLVarchar` to documentation
Minor refactoring

* Add test for checking that `subclassesfor` works without the base class
Add test `DataObjectSchema::getFieldMap` returns the correct array

* Remove cms dependency
 2019-04-30 10:43:14 +12:00
Aaron Carlino c63eecc3e1 Merge branch '4.3' into 4 2019-04-18 11:57:36 +12:00
Sam Minnée 155a9bb1f9
Merge pull request #8934 from creative-commoners/pulls/4.4/pdostgresql-boolean-consistency 
FIX Postgres booleans should return as int for consistency
 2019-04-17 15:43:35 +12:00
Guy Marriott da1af3d8b0
FIX Postgres booleans should return as int for consistency 2019-04-17 15:15:17 +12:00
Guy Marriott cc1fdf603b
Resolve incorrect empty string assertion in tests 2019-04-17 13:29:54 +12:00
Guy Marriott 9d6b5048a6 FIX Table aliases are retained on base tables in queries built using SQLConditionalExpression (#8918) 
* Adding failing test for base table aliases using SQLSelect

* FIX Retain table aliases applied to the base table on queries

* FIX Move the trimmed alias outside of the condition so we can use it within the condition
 2019-04-16 15:40:09 +12:00
Ralph Slooten 66c372ce28 Include baseURL with relative setGetVar() links (#8834) 
* Return baseURL with setGetVar

* Adjust testSetGetVar tests for base url
 2019-04-15 14:50:46 +12:00
Robbie Averill 8a06682e31 Merge branch '4.3' into 4 
# Conflicts:
 #	src/ORM/Connect/DBSchemaManager.php
 2019-04-11 11:24:17 +12:00
Sam Minnee d295888838 MINOR: Improve type testing 2019-04-05 15:11:21 +13:00
Sam Minnee 2625cea5e3 MINOR: Add a test that 0 is falser on int, decimal, currency 
Validates that https://github.com/silverstripe/silverstripe-framework/issues/3473 has been fixed

The bug was fixed in #8448
 2019-04-05 15:11:21 +13:00
Sam Minnee 4f4153c834 MINOR: Test test to validate that multiple GreaterThan filters in a filterAny work. 
Confirms https://github.com/silverstripe/silverstripe-framework/issues/3995 isn’t a bug.
 2019-04-05 15:05:42 +13:00
Robbie Averill 123d483213 MemberTest and SecurityTest now set the default authenticator to use 2019-04-05 11:26:29 +13:00
Guy Marriott a9d57f5bfb
Merge pull request #8241 from creative-commoners/pulls/4.3/separate-logging 
Separate core error logging from standard LoggerInterface
 2019-04-05 08:49:09 +13:00
Aaron Carlino fc6213c293 Merge branch '4.3' into 4 2019-03-27 13:25:57 +13:00
Johannes Hammersen e1190e33d2 Fix PDOConnector GeneratedID return type 2019-03-21 09:26:14 +01:00
Aaron Carlino 388baa01b4 Fix linting 2019-03-20 13:19:10 +13:00
Aaron Carlino aa491d9294 Fix tests 2019-03-20 12:33:00 +13:00
Damian Mooyman 6b450395ce API Allow empty arraylists to be typed (#8866) 
* API Allow empty arraylists to be typed

* PHPCBF fixes
 2019-03-20 11:46:35 +13:00
Dan Hensby 765d1568ab
Merge branch '4.3' into 4 2019-03-06 11:04:50 +00:00
Dan Hensby a8605b04e0
Merge branch '4.2' into 4.3 2019-03-06 11:04:14 +00:00
Damian Mooyman d1396b7dfe
BUG Fix writeBaseRecord with unique indexes 
Fixes #6819
 2019-02-27 16:40:12 +13:00
Maxime Rainville 11b9429c34 Merge branch '4.3' into 4 2019-02-27 12:14:51 +13:00
Maxime Rainville 651d537196 Merge branch '4.2' into 4.3 2019-02-27 12:13:24 +13:00
Maxime Rainville ed013fcfbb Merge branch '4.1' into 4.2 2019-02-27 12:12:39 +13:00
Maxime Rainville ac53f77115 Merge branch '4.0' into 4.1 2019-02-27 12:11:47 +13:00
Maxime Rainville 6ff319a0e1 BUG Implement peer review feedback, 2019-02-27 11:14:47 +13:00