Commit Graph

1238 Commits

Author SHA1 Message Date
Guy Sartorelli
1a5bb4cbec
[CVE-2023-22729] Escaped double slash is absolute URL 2023-04-26 09:49:59 +12:00
Guy Sartorelli
fd5d8217e8
[CVE-2023-22728] Check canView before printing from GridField 2023-04-26 09:45:34 +12:00
Florian Thoma
1dbb2bc5ba remove manually added config values in test 2023-04-12 14:11:08 +10:00
Florian Thoma
c0722308af add loading of automatic ORM field labels to i18nTextCollector 2023-04-12 11:11:26 +10:00
elliot sawyer
0d9724c708
Update tests/php/Forms/TreeDropdownFieldTest.php
Co-authored-by: Guy Sartorelli <36352093+GuySartorelli@users.noreply.github.com>
2023-04-11 10:43:47 +12:00
Guy Sartorelli
2c874a1e94
ENH Exclude a list of models for checking and repairs (#10746) 2023-04-04 14:22:00 +12:00
Steve Boyd
63c2460f72 Merge branch '4' into 5.0 2023-03-30 13:20:03 +13:00
elliot sawyer
280354df08 NEW: Allow different search filters on TreeDropdownField 2023-03-27 18:50:54 +13:00
Steve Boyd
0f40cc38ec FIX Respect searchable_fields 2023-03-23 10:57:03 +13:00
Steve Boyd
41bb35f3f3 FIX Reduce array method calls 2023-03-22 11:06:23 +13:00
Steve Boyd
b4f330d734 API Remove configurability of attributes 2023-03-21 16:38:05 +13:00
Steve Boyd
9f250cf772 MNT Remove references to PDO 2023-03-16 10:59:34 +13:00
Guy Sartorelli
046befc4ba
ENH Improve deprecation logging 2023-03-06 13:25:44 +13:00
Guy Sartorelli
128b327c6d
API Add method to check if env var is set 2023-03-06 11:49:22 +13:00
Steve Boyd
f6d8d27c89 Merge branch '4' into 5.0 2023-03-02 16:02:34 +13:00
Guy Sartorelli
e3a94b9d10
FIX Ensure getters and setters are respected (#10708) 2023-03-01 15:19:07 +13:00
Guy Sartorelli
652281507f
FIX Correctly identify deprecated API in withNoReplacement (#10706) 2023-02-27 15:25:27 +13:00
Guy Sartorelli
e962608918
Merge pull request #10569 from kinglozzer/formfield-validation-extensions
NEW: Add extension hook for field-specific validation
2023-02-23 09:47:40 +13:00
Loz Calver
0633f2ed0d Add kitchensink fields to formfield validation test 2023-02-22 16:09:35 +00:00
Steve Boyd
0075bf6e49 NEW Access dynamic data inside ViewableData 2023-02-22 09:40:27 +13:00
Loz Calver
97f7be502f NEW: Add extension hook for field-specific validation 2023-02-20 10:24:41 +00:00
Maxime Rainville
8c396eb1f6 MNT Remove bad PHPDoc comments on test 2023-02-17 18:53:42 +13:00
Maxime Rainville
7bc4c9dbc3 MNT Tweak some test to account for slightly different sorting logic in PostgreSQL 2023-02-17 18:47:20 +13:00
Guy Sartorelli
ab566b0a15
API Add new deprecation notices. (#10691)
These are removed in CMS 5.
2023-02-15 13:26:36 +13:00
Guy Sartorelli
7930fb87ae
MNT small indentation change 2023-02-08 16:20:25 +13:00
Guy Sartorelli
9a5ccdba51
ENH Protect against possible unexpected values 2023-02-08 16:18:13 +13:00
Guy Sartorelli
557421a245
MNT Fix linting issue 2023-02-08 16:18:00 +13:00
Guy Sartorelli
603723e8f3
API Rename Diff to HtmlDiff
This class doesn't diff anything other than HTML, really. For anything
else, SebastianBergmann\Diff\Differ should be used directly.
2023-02-08 14:59:34 +13:00
Guy Sartorelli
99dc6df38a
API Replace thirdparty difflib with maintained lib 2023-02-08 14:59:33 +13:00
Guy Sartorelli
0ff7623230
Merge pull request #10643 from creative-commoners/pulls/5/replace-simpletest
DEP Replace thirdparty simpletest with symfony domcrawler
2023-02-08 12:15:57 +13:00
Guy Sartorelli
3a14aafc7f
API Deprecate Diff in favour of CMS5's HtmlDiff 2023-02-08 11:15:28 +13:00
Sabina Talipova
9d13f35040 MNT Update strong typization, tests cases
Co-authored-by: Guy Sartorelli <36352093+GuySartorelli@users.noreply.github.com>
2023-02-08 10:59:27 +13:00
Sabina Talipova
5236b0a9df
Merge pull request #10666 from creative-commoners/pulls/5/security-extensions
NEW migrate functionality from security-extensions module
2023-02-07 13:50:56 +13:00
Guy Sartorelli
fecb7ba4d8
NEW Add sudo mode service 2023-02-07 13:36:42 +13:00
Guy Sartorelli
8ddedb038e
NEW Allow admins to require password reset for members
This came from silverstripe/silverstripe-security-extensions
2023-02-07 13:36:21 +13:00
Guy Sartorelli
7c20ade548 DEP Replace thirdparty simpletest with symfony domcrawler 2023-02-02 13:31:45 +13:00
Guy Sartorelli
738ca487ac
FIX Allow public extension getter methods to work (#10676)
Accidentally broke this in #10670
2023-02-01 16:05:54 +13:00
Guy Sartorelli
826028082b
FIX Sort without specifying a table name (#10675)
Using a table name in sort() is not allowed in CMS 5. We could use
orderBy() here but member is the table it will sort on by default anyway
so there's no need.

Also added unit tests, which should have caught this ages ago.
2023-02-01 13:52:13 +13:00
Guy Sartorelli
14a449feaa
FIX Don't try to access private properties/methods 2023-01-31 14:59:17 +13:00
Maxime Rainville
fc6c45df57 MNT Add test to SQLSelect for Zero limit 2023-01-27 10:00:56 +13:00
Maxime Rainville
5090f49ecc MNT Add more test coverage to DataList::limit() 2023-01-27 10:00:56 +13:00
Maxime Rainville
d1e0e1e305 ENH Make limit method return no results when zero is provided 2023-01-27 10:00:41 +13:00
Maxime Rainville
944722f34f API Removed #[\ReturnTypeWillChange] annotations 2023-01-26 18:10:05 +13:00
Steve Boyd
ec4a8b88e5 API Allow array style email addresses 2023-01-26 14:40:13 +13:00
Steve Boyd
77301408d8 MNT Remove legacy upgrader config 2023-01-20 17:05:41 +13:00
Guy Sartorelli
b784e243de
Merge pull request #10538 from xini/feature-5-trailing-slash-config-and-redirect
SS5: add trailing slash config and redirect
2023-01-20 15:24:45 +13:00
Florian Thoma
fbcf7dc3e7
API Normalise trailing slashes for all paths
NOTE: There will be additional related PRs required for at least
silverstripe/cms and silverstripe/admin.

Co-authored-by: Guy Sartorelli <guy.sartorelli@silverstripe.com>
2023-01-20 10:31:14 +13:00
Maxime Rainville
b6b0bcea9f Merge branch '4' into 5 2023-01-18 22:16:45 +13:00
Steve Boyd
d7ddb00254 ENH Use masterminds/html5 for HTMLValue 2023-01-18 10:58:53 +13:00
Steve Boyd
b973c88648 API Deprecate HTML4Value 2023-01-16 15:28:23 +13:00
Sabina Talipova
6d4542561b
BUG Check is_callable parent methods before invoke (#10637) 2023-01-12 09:37:48 +13:00
Guy Sartorelli
5bf6835b3e
Merge pull request #10614 from creative-commoners/pulls/5/php82
ENH PHP 8.2 support
2022-12-21 15:39:32 +13:00
Steve Boyd
c1a773310d ENH PHP 8.2 support 2022-12-21 14:44:47 +13:00
Guy Sartorelli
0d662ba95f
Merge branch '4.12' into 4 2022-12-19 01:38:09 +00:00
Steve Boyd
b4bd0ea073 MNT Import Deprecation class 2022-12-14 16:10:01 +13:00
Guy Sartorelli
b14de847a5
API Make the public directory mandatory (#10617) 2022-12-14 16:08:47 +13:00
Guy Sartorelli
fa75a36267
Merge branch '4' into 5 2022-12-14 15:34:44 +13:00
Steve Boyd
700288d5ca FIX Cast absoluteUrl() argument to string 2022-12-14 11:24:42 +13:00
Sabina Talipova
53c0147f11
API Remove deprecated code (#10594) 2022-12-08 10:44:47 +13:00
Steve Boyd
ae4d7fa090 API Create orderBy() method to handle raw SQL 2022-12-07 12:25:58 +13:00
Sabina Talipova
4e1b99b8c7
Merge pull request #10588 from creative-commoners/pulls/4/stop-using-depr
API Stop using deprecated API
2022-12-05 16:35:09 +13:00
Guy Sartorelli
8bb712a461
Merge branch '4.11' into 4.12-release 2022-11-30 10:54:02 +13:00
Michal Kleiner
b107622400
FIX Improve rounding logic for storing of long decimal numbers (#10593)
Co-authored-by: Michal Kleiner <michal.kleiner@cub3.com>
2022-11-29 15:07:56 +13:00
Steve Boyd
b5533e4680 API Stop using deprecated API 2022-11-28 19:16:31 +13:00
Michal Kleiner
da06a2d0cf
Merge pull request #10577 from creative-commoners/pulls/4/textcollector-class-notation 2022-11-25 10:27:59 +13:00
Steve Boyd
20582936d8 Merge branch '4.12' into 4 2022-11-23 16:42:25 +13:00
Sabina Talipova
a52c7795c7 Merge branch '4' into 5 2022-11-22 11:41:53 +13:00
Guy Sartorelli
8e16b57646
Merge branch '4' into 5 2022-11-21 18:13:01 +13:00
Steve Boyd
cb76f312a4 Merge branch '4.11' into 4.12-release 2022-11-21 13:44:23 +13:00
Steve Boyd
dc98cad48a Merge branch '4.10' into 4.11 2022-11-21 13:43:59 +13:00
Steve Boyd
fe13856769 [CVE-2022-37429] Sanitise XSS 2022-11-21 13:06:40 +13:00
Guy Sartorelli
17f1c7ceed
Merge pull request #10585 from creative-commoners/pulls/4.11/cve-2022-37430
Sanitise mixed case javascript
2022-11-21 13:03:30 +13:00
Guy Sartorelli
e5b81109de
Merge pull request #10584 from creative-commoners/pulls/4.11/cve-2022-38462
Don't allow CRLF in header values
2022-11-21 13:02:25 +13:00
Steve Boyd
4308a93cc8 [CVE-2022-38148] Validate SortColumn exists 2022-11-21 13:01:32 +13:00
Guy Sartorelli
b17b29eea1
Merge pull request #10583 from creative-commoners/pulls/4.11/cve-2022-38724-embed-shortcode
Restrict embed shortcode attributes
2022-11-21 13:01:23 +13:00
Sabina Talipova
ad116c63e6
Merge pull request #10565 from creative-commoners/pulls/4/stop-depr
API Stop using deprecated API
2022-11-16 14:26:18 +13:00
Steve Boyd
137ebcebec API Stop using deprecated API 2022-11-15 18:20:54 +13:00
Daniel Hensby
c49abf0fcc
Merge remote-tracking branch 'upstream/4.11' into 4.12 2022-11-11 13:25:54 +00:00
Guy Sartorelli
521c8179b1
ENH Correctly parse SomeClass::class syntax in textcollection 2022-11-11 11:37:53 +13:00
Steve Boyd
49e637d244 MNT Explicitly test with blowfish 2022-11-10 11:36:56 +13:00
Guy Sartorelli
ed63beeeee
Merge branch '4.11' into 4 2022-11-09 10:53:09 +13:00
Steve Boyd
7cfd827776 MNT Use restore_error_handler() 2022-11-03 16:19:17 +13:00
Steve Boyd
128f78c1cf FIX Filter out E_USER_DEPRECATED unrelated to unit test 2022-11-02 11:40:34 +13:00
Steve Boyd
b1dc861aac NEW Record deprecated config 2022-10-31 19:00:59 +13:00
Steve Boyd
a3c1cb0ddf
ENH Set PasswordEncryption on default admin 2022-10-27 13:57:27 +13:00
Guy Sartorelli
168ca00555
[CVE-2022-38724] Restrict embed shortcode attributes 2022-10-26 09:31:12 +13:00
Steve Boyd
6e9d3ab632 Merge branch '4' into 5 2022-10-21 12:00:39 +13:00
Steve Boyd
59b980edd7 Merge branch '4.11' into 4 2022-10-21 11:46:39 +13:00
Steve Boyd
bd2eb15c72 FIX Ensure Deprecation works with 1.x branches 2022-10-20 13:14:58 +13:00
Steve Boyd
e3a6cad8a8 FIX Allow passing objects to InjectionCreator::create()
Co-authored-by: Nate Devereux <nate@daveclark.co.nz>
2022-10-19 18:04:48 +13:00
Guy Sartorelli
919cfcf435
Merge pull request #10494 from creative-commoners/pulls/5/symfony-mailer
NEW Migrate from swiftmailer/swiftmailer to symfony/mailer
2022-10-19 15:52:31 +13:00
Steve Boyd
2e85674ccc NEW Migrate from swiftmailer/swiftmailer to symfony/mailer 2022-10-19 15:16:14 +13:00
Steve Boyd
a57c7315a2 API Strongly-type action method signatures 2022-10-17 17:58:20 +13:00
Sabina Talipova
721b3cb597
Merge pull request #10508 from creative-commoners/pulls/5/tinymce6
FIX Update config to support tinymce6
Nice job!
2022-09-30 11:05:48 +13:00
Guy Sartorelli
ef8a02dfdc
FIX Update config to support tinymce6 2022-09-30 10:40:52 +13:00
Christian Bünte
e24fb3f86c
Fix i18nTextCollector produces corrupt output / namespaces when running under PHP8.0 (#10228)
* FIX i18nTextCollector produces corrupt output / namespaces when running under PHP8.0
2022-09-29 13:40:40 +13:00
Guy Sartorelli
5e16b29699
Merge branch '4' into 5 2022-09-29 09:43:31 +13:00
Guy Sartorelli
421864d111
Merge branch '4.11' into 4 2022-09-29 09:41:06 +13:00
Guy Sartorelli
4a598ded51
FIX Allow removing named extensions in yaml config 2022-09-27 13:15:28 +13:00
Steve Boyd
fc78763d20
Merge pull request #10497 from creative-commoners/pulls/5/rescue-master-template-enhancements
Rescue master branch PRs: Template enhancements
2022-09-15 16:55:18 +12:00
Guy Sartorelli
e140c3786c
FIX Ensure consistent behaviour with repeat iterations 2022-09-15 16:22:48 +12:00
Guy Sartorelli
d9be52579d
MNT Fix test 2022-09-15 13:29:29 +12:00
Loz Calver
8e0e797b40
Fix code style 2022-09-15 13:29:27 +12:00
Loz Calver
749405170c
Update MySQLDatabaseTest to work with new query iterators 2022-09-15 13:29:10 +12:00
Sam Minnee
77c7552c3f
NEW: ORM’ Query is a generator-based IteratorAggregate
API: Query no longer has iterator methods current(), first(), rewind(), next()

Using generators reduces the amount of boilerplate needed for this
code.

Turning it into an IteratorAggregate means that the iterator can be
re-created for each subsequent foreach call. This means that the
rewind() and seek() functionality can be discarded.
2022-09-15 13:28:56 +12:00
Sam Minnee
d8735633a7
FIX: Don’t call PaginatedList::getIterator() directly.
It’s best for foreach() to call this for us.
2022-09-15 13:28:20 +12:00
Guy Sartorelli
03b929dd33
API Remove support for PDO (#10499) 2022-09-15 13:13:48 +12:00
Guy Sartorelli
1385712ffd
MNT Make sure to test strings of boolean/null values 2022-09-09 13:42:06 +12:00
Guy Sartorelli
5b2820e8ac
MNT Fix unit tests 2022-09-09 13:38:55 +12:00
Loz Calver
47337782a2
API: <% loop %> and <% with %> only ever create one new scope level 2022-09-09 11:23:38 +12:00
Loz Calver
3a6c48cddb
FIX: template parser erroring on strings partially matching true/false/null 2022-09-09 11:16:58 +12:00
Loz Calver
d6e8229352
FIX: Fix type preservation in <% include %> arguments 2022-09-09 11:16:55 +12:00
Loz Calver
4339e4d02c
NEW: Add support for native nulls as template lookup arguments 2022-09-09 11:15:09 +12:00
Loz Calver
4cda967eae
API: Preserve variable types in template lookup args 2022-09-09 11:11:30 +12:00
Steve Boyd
c9bc01473c API Update caching to use symfony 6 2022-09-07 16:08:54 +12:00
Guy Sartorelli
d3c28579b7
[CVE-2022-38462] Don't allow CRLF in header values 2022-09-07 11:22:07 +12:00
Guy Sartorelli
06b13e0fa6
Revert "Merge pull request #10450 from creative-commoners/pulls/5/rescue-master-generators" (#10483)
This reverts commit 9edf3a5ca6, reversing
changes made to 934fafd29d.
2022-09-02 10:58:37 +12:00
Guy Sartorelli
1bf86cf39f
API Revert shorten auto-generated table names (#10482)
* Revert "BUG Fix table name test"

This reverts commit b36a01a8fd.

* Revert "ENH shorten auto-generated table names"

This reverts commit 156f63bce3.
2022-09-02 10:55:45 +12:00
Steve Boyd
37ff4ee46a
Merge pull request #10454 from creative-commoners/pulls/5/rescue-master-table-name
API rescue master-branch PR: Shorten auto-generated table names #7621
2022-09-01 09:12:11 +12:00
Guy Sartorelli
715415d5c8
Merge branch '4' into 5 2022-08-31 13:37:25 +12:00
Steve Boyd
9edf3a5ca6
Merge pull request #10450 from creative-commoners/pulls/5/rescue-master-generators
API rescue master-branch PR: Use Generators for ORM
2022-08-29 19:03:47 +12:00
Steve Boyd
b37921d0b1
Merge pull request #10462 from creative-commoners/pulls/5/rescue-master-join-aliases
Rescue Master Branch PR: Fix SQLConditionalExpression::getJoins so it always adds explicit aliases
2022-08-24 15:33:41 +12:00
Steve Boyd
f5d72e998c
Merge pull request #10460 from creative-commoners/pulls/5/rescue-master-dataobject-get-any-one
API Rescue Master Branch PR: Allow dataobject get_one without passing a class
2022-08-24 15:25:13 +12:00
Serge Latyntcev
e07671a890
Fix SQLConditionalExpression::getJoins so it always adds explicit aliases
This is a revert of https://github.com/silverstripe/silverstripe-framework/pull/8956
2022-08-24 11:27:02 +12:00
Andrew Aitken-Fincham
f2de39162d
API Allow dataobject get_one without passing a class
add class validation early in get_one()
2022-08-23 16:25:23 +12:00
Steve Boyd
2b5420ee7d [CVE-2022-37430] Sanitise mixed case javascript 2022-08-23 15:36:48 +12:00
Christopher Joe
b36a01a8fd
BUG Fix table name test 2022-08-22 17:47:14 +12:00
Guy Sartorelli
3284c06703
API Remove PHPUnit 5.7 compatability hacks 2022-08-12 10:52:56 +12:00
Guy Sartorelli
4cb36d4d14
MNT Fix test 2022-08-11 16:29:39 +12:00
Daniel Hensby
595835bb15
Merge pull request #6518 from sminnee/generators
Use Generators for ORM Query, Map, ArrayList
2022-08-11 16:29:32 +12:00
Sergey Shevchenko
ebb1601d5d fix: misc suggested changes
* disable resolve_relative_css_refs by default
* variable naming
* using proper path joiner
* test comment typo
2022-08-05 15:35:26 +12:00
Sergey Shevchenko
bc9a323418 fix: more tests, improved paths detection, readability 2022-08-05 15:35:26 +12:00
Sergey Shevchenko
a2906cd02c ENH Requirements_Backend::resolveCSSReferences(): Tests, config, doc, safety.
* Changed to ignore absolute paths altogether
* Improve tests
* Added config flag
* Changed docs
2022-08-05 15:35:26 +12:00
Sergey Shevchenko
8370ffc2a0 ENH Test for Requirements_Backend::resolveCSSReferences() 2022-08-05 15:35:26 +12:00
Guy Sartorelli
a57eeb614b MNT Fix broken unit test 2022-08-03 15:47:14 +12:00
Steve Boyd
c466ca5ca5
Merge pull request #9341 from unclecheese/pulls/4/come-on-baby-make-it-search-so-good
NEW: Allow search field customisation
2022-08-02 11:59:55 +12:00
Guy Sartorelli
11595952f4
NEW Search across multiple searchable fields by default (#10382)
* NEW Search across multiple searchable fields by default

* ENH Split search query and search each term separately.
2022-08-01 12:19:02 +12:00
Guy Sartorelli
c7504aa337
Merge pull request #10331 from creative-commoners/pulls/4/gridfield-keep-state
ENH Restore gridfield state from get vars (POC)
2022-07-29 11:33:19 +12:00
Loz Calver
d79564751f
Merge pull request #10406 from creative-commoners/pulls/4/manymany-extra-fields
NEW Set many_many_extraFields data via the ORM
2022-07-28 09:02:13 +01:00
Steve Boyd
bd2ba1e18a Merge branch '4.11' into 4 2022-07-28 14:05:28 +12:00
Steve Boyd
b24c289892 Merge branch '4.10' into 4.11 2022-07-28 14:05:07 +12:00
Steve Boyd
bdf7d09144 MNT Update Utf8TestHelper for MySQL 8.0.30 2022-07-28 13:21:23 +12:00
Sabina Talipova
7a9bc7f577 ENH Keep Request in URL 2022-07-28 10:14:43 +12:00
Guy Sartorelli
af3c50c9da NEW Set many_many_extraFields data via the ORM 2022-07-28 09:29:36 +12:00
Guy Sartorelli
1253ab82af
Merge pull request #10415 from kinglozzer/10413-php81-enums
NEW: Add support for autoloading PHP 8.1 enums
2022-07-27 11:38:51 +12:00
Steve Boyd
3547a5600d Merge branch '4.11' into 4 2022-07-26 16:34:37 +12:00
Steve Boyd
ce46e2da47 MNT No longer mark tests as skipped if running mysql 8 2022-07-26 13:54:10 +12:00
Aaron Carlino
07a6c1191a NEW: Allow search field customisation in GridFieldFilterHeader 2022-07-25 17:33:09 +12:00
Steve Boyd
24daf3ae83 MNT Skip test if Page class missing 2022-07-25 16:35:28 +12:00
Loz Calver
d3f104382d NEW: Add support for autoloading PHP 8.1 enums 2022-07-22 15:59:55 +01:00