Commit Graph

223 Commits

Author SHA1 Message Date
Ingo Schommer
03d1d58148 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/code/SecurityAdmin.php
	css/AssetUploadField.css
	docs/en/topics/configuration.md
	security/PermissionRole.php
2013-09-12 17:33:36 +02:00
Ingo Schommer
9872a52a8d SecurityToken docs 2013-09-05 12:54:31 +02:00
Damian Mooyman
55a7cf6040 Documentation for belongs_to 2013-08-30 10:47:11 +12:00
jbridson
65ad51024d BUGFIX: fixed grammatical errors and formatting issues 2013-08-26 12:18:35 +12:00
Will Rossiter
0ac9eff829 Fix typo in form method name. 2013-08-25 10:59:26 +12:00
Peter Evjan
76cf3c3ed9 Corrected parameters in model relations example
An identifier needs to be specified when creating an object with relations, but the example had omitted that.
2013-08-18 13:24:54 +10:00
Ingo Schommer
31e8ec3795 Docs: Consistent arg quoting in <% require %> (#1614) 2013-08-03 18:44:32 +02:00
Will Rossiter
58a2eb0155 Versioned documentation typo (Thanks aragonne) 2013-07-19 18:14:53 +12:00
Hamish Friedlander
d38bd7d5cb Merge branch 'origin/3.0' into 3.1 2013-07-19 14:18:49 +12:00
Hamish Friedlander
1298d4a5bd FIX Prevent DOS by checking for env and admin on ?flush=1 (#1692) 2013-07-19 12:24:32 +12:00
Ingo Schommer
d4a1e6d294 BUG Prevent clickjacking in CMS and Security controllers (fixes #2215) 2013-07-14 22:44:09 +02:00
Ingo Schommer
b58e2dbe3a Member.lock_out_delay_mins configurable, password security docs 2013-07-11 09:47:28 +02:00
Hamish Friedlander
7b7982969b Add some docs about admin-side HTML sanitisation 2013-07-10 16:44:51 +12:00
Hamish Friedlander
dacb2aa638 FIX HtmlEditorField not re-checking sanitisation server side 2013-07-04 08:53:23 +12:00
Mateusz Uzdowski
f9ede95e5b Add configuration system tests for Only and Except combinations. 2013-07-02 15:51:53 +12:00
Hamish Friedlander
df218d76da Clarify how Only and Except rules combine 2013-07-02 14:09:11 +12:00
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Ingo Schommer
2160fb8000 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/javascript/LeftAndMain.js
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsUiContext.php
	tests/control/ControllerTest.php
2013-06-19 14:03:43 +02:00
CheeseSucker
671b7a0cc7 Consolidated command line examples
Examples were broken into several <pre> blocks.
2013-06-18 15:50:32 +03:00
CheeseSucker
476df739a2 A few minor improvements to the "Module development" documentation 2013-06-16 12:55:39 +03:00
Will Rossiter
8fca3799c3 Update module development, remove outdated release steps 2013-06-15 12:06:25 +12:00
Will Rossiter
6d792adab2 Update documentation static declarations to private
Also spelling, grammar and line length clean up.
2013-06-08 15:16:59 +12:00
Sam Minnée
00e09f1493 Update commandline.md 2013-05-25 19:07:17 +12:00
Sam Minnée
99275ea783 Merge pull request #1760 from jedateach/patch-3
CommandLine: Info about running regular tasks with cron
2013-05-24 23:53:45 -07:00
Ingo Schommer
306d3b0c7e Merged existing shortcode docs with new topics docs from 3.0 2013-05-17 14:01:42 +02:00
Ingo Schommer
4c7c40e8b9 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	parsers/ShortcodeParser.php
2013-05-17 13:51:54 +02:00
Ingo Schommer
146b5a81cb Improved shortcode docs 2013-05-17 13:49:46 +02:00
Ingo Schommer
3b02d22989 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	dev/CsvBulkLoader.php
2013-05-09 10:34:20 +02:00
Sam Minnée
9672a22166 Merge pull request #1851 from chillu/pulls/form-strict-method-check
Form strict method check
2013-05-08 22:31:40 -07:00
Fred Condo
677dc9822e Edit forms documentation
Correct spelling and word choices.
2013-05-08 17:00:43 -07:00
Ingo Schommer
14c59be85e API Form::setStrictFormMethodCheck() and strict argument to setFormMethod()
Thanks to @sminnee for getting this started
2013-05-08 10:25:13 +02:00
Sam Minnee
b5a83878dd Added docs for i81n.moduole_priority. 2013-05-06 12:51:46 +12:00
Simon Welsh
a5d69f2bf5 Update page-type-templates.md 2013-05-03 15:04:30 +12:00
Ingo Schommer
5f91c3724d Consistently used dollar notation in template docs (see #1794) 2013-04-26 11:48:59 +02:00
Ingo Schommer
faa3e58468 Allow SS_DATABASE_NAME in _ss_environment.php configuration
Makes setups which are completely driven by that file a bit easier
to automate, particularly if the same codebase is deployed
multiple times (e.g. to a staging and live instance)
2013-04-22 14:11:37 +02:00
Ingo Schommer
67ce9e08cc Extended docs for shortcode handling and doctypes (fixes #1700) 2013-04-16 14:01:04 +02:00
Jeremy Shipman
4db5f75298 Info about running regular tasks with cron
What commands to use, and good approach to testing
2013-04-15 10:47:59 +12:00
Ryan Wachtl
46831f56fb Update configuration.md
Link to ssbits.com config cheatsheet no longer relevant.
2013-04-09 10:09:25 -05:00
Ingo Schommer
9856fcef21 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	javascript/DateField.js
	model/DataQuery.php
	model/Versioned.php
	tests/forms/RequirementsTest.php
	tests/model/DataObjectLazyLoadingTest.php
	view/Requirements.php
2013-04-09 14:45:35 +02:00
Stephen Shkardoon
1a95be7e60 Update form-validation.md
Minor typo, missing a '
2013-04-09 18:44:47 +12:00
Will Rossiter
05d4dd863d Update controller.md 2013-04-05 22:17:11 +13:00
Jeremy Shipman
a57e4e8abe Update environment-management.md
Fixed "Available Constants" table at the bottom
2013-04-03 15:29:27 +13:00
Ingo Schommer
0b54b284bc Updated i18n docs 2013-04-02 11:43:36 +02:00
Ingo Schommer
c08ab18c03 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	.travis.yml
	admin/javascript/LeftAndMain.AddForm.js
	docs/en/reference/requirements.md
2013-04-02 02:00:50 +02:00
Ingo Schommer
f5754c11aa Contribution guidelines, new bugtracker links 2013-04-02 01:51:40 +02:00
Ingo Schommer
ccb0155b8f Config docs improvement: @config and LSB mentions
Also moved some less important "notes" further down the page.
The doc is still written too much like a technical spec, we need
something that's more accessible to beginners.
2013-03-27 12:08:12 +01:00
Ingo Schommer
315c03872a Fixed _config.php references and usage in docs 2013-03-27 12:06:57 +01:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
00fb8cf679 Formatting and docs changes to configuration.md 2013-03-24 17:20:36 +01:00
Ingo Schommer
81a51331d6 IX Load _config.php's after static config manifest
This allows more sophisticated handling of config alterations
in _config.php. One example is additions to DataObject::$db
based on configuration which requires some processing.

See https://github.com/unclecheese/TranslatableDataObject/blob/master/TranslatableDataObject.php
2013-03-21 00:16:36 +01:00