tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
4,732 Commits 31 Branches 527 Tags 162 MiB
143317cc86
Commit Graph

828 Commits

Author SHA1 Message Date
Ingo Schommer
eecd34868f BUGFIX Keep Member.PasswordEncryption setting on empty passwords 
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
 2013-02-17 23:16:25 +01:00
Ingo Schommer
50995fbecb BUG Undefined $allowed_actions overrides parent definitions, stricter handling of $allowed_actions on Extension 
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.

Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
 2013-02-17 23:16:22 +01:00
Ingo Schommer
44c41085b9 Copying request params before Core.php exec in PHPUnit bootstrap 
Same behaviour as with 3.0 bootstrap.php and the
2.4 cli-script.php (which it is based on).
This allows to use GET switches which are evaluated in _config.php
files, e.g. db=<db-alias> settings for running tests
with various DBs without changing the underlying PHP config.
 2013-01-06 22:34:29 +01:00
Ingo Schommer
f86bd977a4 Fixed DateTest timezone settings 
Backport from 3.x, see d1a9e2b3 and 0aeda5c9
 2012-12-04 12:36:43 +01:00
Ingo Schommer
326036a501 Excluded or removed tests relying on actual webserver routing 
The "sanitychecks" group excludes through phpunit.xml.dist.
Removed RestfulService->testHttpErrorWithoutCache()
since its not sufficiently isolated in terms of testing.
Has been refactored in 3.x, but too intrusive to backport.

Changes mainly necessary to get Travis builds passing,
since we don't want to start mucking around with
dynamically generated file-to-url mappings just to
get *unit* tests passing - as opposed to integration-testing
the whole environment incl. webserver.
 2012-11-28 15:35:09 +01:00
Ingo Schommer
7db928ba17 Added cms to travis requirements 2012-11-09 13:31:22 +01:00
Ingo Schommer
21791e4114 Added travis support 2012-11-09 13:07:04 +01:00
Mateusz Uzdowski
22095dae6c API Hash autologin tokens before storing in the database. 
Backported from 3.0, cc423c38fb.
 2012-11-09 12:03:55 +01:00
Ingo Schommer
46064f8f88 SECURITY More solid relative/site URL checks (related to "BackURL" redirection) 
Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)

More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
 2012-10-16 10:17:07 +02:00
Ingo Schommer
b211c38010 MINOR Manually testing exceptions in SSViewerCacheBlockTest to avoid PHPUnit 3.6 warnings 2012-05-14 17:25:10 +02:00
Ingo Schommer
44b9d0560b MINOR Backported bootstrap.php changes from master and cstom TeamCity configuration (required to run tests through phpunit binary) 2012-03-14 14:17:28 +01:00
Ingo Schommer
0085876495 BUGFIX Casting return values on text helper methods in StringField, Text, Varchar 2012-01-31 16:28:47 +01:00
Ingo Schommer
96bee47ab8 MINO Switching 'rewriteHashlinks' sanitization from Convert::raw2att() to strip_tags() to make the resulting PHP more portable when mode is set to 'php' 2011-10-18 10:54:30 +02:00
Ingo Schommer
16c32359c6 BUGFIX Escaping base URLs for anchor links rewritten by SSViewer::process() with the 'rewriteHashlinks' option enabled (which is a framework default, and necessary because of the use of a <base> tag). Also added escaping for base URLs rendered through the 'php' variation of 'rewriteHashlinks' 2011-10-18 10:18:29 +02:00
Ingo Schommer
83ad8d48a9 ENHANCEMENT Added File.ShowInSearch flag to mirror the existing SiteTree.ShowInSearch flag - e.g. useful to limit visibility of user-uploaded files. Enforced in MySQLDatabase->searchEngine(). 2011-09-15 16:13:02 +02:00
Ingo Schommer
9d344a07d3 ENHANCEMENT Allowing filtered arguments on specific functions like mysql_connect() in SS_Backtrace 2011-05-30 18:06:41 +12:00
Ingo Schommer
de1f07045b BUGFIX Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN through TreeMultiselectField (in Member->getCMSFields()) by checking for admin groups in Member->onChangeGroups() 2011-03-09 15:54:05 +13:00
Sean Harvey
ff63ba97fb MINOR Fixed broken i18nTest on Windows because of newline character differences 2011-02-25 15:15:27 +13:00
Sean Harvey
b559b9ba53 MINOR Fixed broken CSVParserTest on Windows because of newline character differences 2011-02-25 13:56:09 +13:00
Sean Harvey
a569567acf MINOR #6397 CoreTest should use test specific paths, otherwise conflicts can occur in certain environments 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115854 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:07 +13:00
Carlos Barberis
8aa6ae92d9 Reverted to revision 101592 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115723 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:07 +13:00
Geoff Munn
05f1fe2316 BUGFIX: transaction function names fixed 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115720 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:07 +13:00
Sean Harvey
3e8cc481f0 BUGFIX #6291 Remove rollback action from CMSMain allowed_actions and rely on form action_rollback instead which is safer 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115440 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:06 +13:00
Sean Harvey
cc12a7baf0 BUGFIX #6299 TableListField::Link() includes $action value twice (thanks ajshort!) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115379 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:06 +13:00
Ingo Schommer
2962fb8d13 BUGFIX Checking for existence of FormAction in Form->httpSubmission() to avoid bypassing $allowed_actions definitions in controllers containing this form 
BUGFIX Checking for $allowed_actions in Form class, through Form->httpSubmission() (from r115182)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115188 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:06 +13:00
Ingo Schommer
397bbe7bb5 BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter (from r114758) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114760 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:05 +13:00
Ingo Schommer
3d2552a453 MINOR Partially reverted r114744 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114745 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:05 +13:00
Ingo Schommer
7280a64d6b MINOR Reduced VARCHAR length from 1024 to 40 bytes, which fits the sha1 hashes created by RandomGenerator. 1024 bytes caused problems with index lengths on MySQL (from r114743) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114744 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:05 +13:00
Jean-Fabien Barrios
6d76f9040c BUGFIX Populates the page with fake data in order to pass subsequent unit tests 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114683 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:05 +13:00
Jean-Fabien Barrios
e87ba9f24b BUGFIX Test if form is the right class (if a class decorates the content controller, this test would break ie sphinx) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114654 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:04 +13:00
Ingo Schommer
f8c970ec0c ENHANCEMENT Added RandomGenerator for more secure CRSF tokens etc. (from r114497) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114499 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:03 +13:00
Ingo Schommer
1670dab5e1 API CHANGE Using i18n::validate_locale() in various Translatable methods to ensure the locale exists (as defined through i18n::$allowed_locales) (from r114470) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114474 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:03 +13:00
Ingo Schommer
924f0feb5d BUGFIX Check for valid locale in i18n::set_locale()/set_default_locale()/include_locale_file()/include_by_locale() (as defined in i18n::$allowed_locales). Implicitly sanitizes the data for usage in controllers. (from r114469) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114473 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:03 +13:00
Ingo Schommer
43c85e3c9a ENHANCEMENT Added SS_HTTPResponse->setStatusDescription() as equivalent to setStatusCode(). Added documentation. 
BUGFIX Strip newlines and carriage returns from SS_HTTPResponse->getStatusDescription() (fixes #6222, thanks mattclegg) (from r114082)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114083 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:02 +13:00
Sean Harvey
1544d55890 MINOR Fixed php tag in SecurityTokenTest, should be "<?php" not "<?" 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114016 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:02 +13:00
Andreas Piening
d01db84336 MINOR: don't trigger notice but Debug::show it 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113937 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:01 +13:00
Andreas Piening
fdebd72e97 MINOR: don't trigger notice but Debug::show it 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113936 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:01 +13:00
Andreas Piening
1fb51c6c5d MINOR: test doesn't fail anymore due to time differences between db and php. The test now issues notices, warnings and errors depending on the severity of the offset 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113933 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:01 +13:00
Ingo Schommer
a9e611d721 ENHANCEMENT Allowing i18nTextCollector to discover entities in templates stored in themes/ directory (thanks nlou) (from r113918) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113919 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:01 +13:00
Sean Harvey
9bae66760a MINOR Fixed RSSFeedTest which should put test configuration code into setUp() and tearDown() methods. If the test fails halfway through, these will get called to clean up the state 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113430 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:59 +13:00
Jean-Fabien Barrios
1050c7ee4e ENHANCEMENT Validation for uploaded files 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113420 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:59 +13:00
Ingo Schommer
294f99d767 ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken() 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113284 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:59 +13:00
Ingo Schommer
e4d3584805 ENHANCEMENT Added SecurityToken to wrap CSRF protection via "SecurityID" request parameter 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113272 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:58 +13:00
Ingo Schommer
ac21b75449 BUGFIX Fixed month conversion in DateField_View_JQuery::convert_iso_to_jquery_format() (fixes #6124, thanks mbren and natmchugh) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113247 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:58 +13:00
Sean Harvey
1a9b527053 BUGFIX Ensure that \r carriage return characters get stripped out before setting content in HTMLValue::setContent(). DOMDocument will transform these into &#13 entities, which is apparently XML spec, but not necessary for us as we're using HTML 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@111949 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:57 +13:00
Sean Harvey
f410e092d4 MINOR #6083 FileTest doesn't remove test folders and files created during test 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@111903 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:57 +13:00
Ingo Schommer
d45b8cce8b BUGFIX Ensure that windows-style newlines ("\r\n") don't get converted to their XML entity representation through DOMDocument in SS_HTMLValue->setContent() 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@111878 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:55 +13:00
Ingo Schommer
dfb9c71342 MINOR Fixed regression from r111843 (i18nText, MemberDatetimeFieldTest, MemberTest) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@111844 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:55 +13:00
Sean Harvey
0b2e932e10 MINOR Change matchesRoughly threshold slightly in DbDatetimeTest to allow for slower database server connections 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@111821 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:55 +13:00
Ingo Schommer
feefb11dae MINOR Added FulltextSearchable::get_searchable_classes() in order to introspect currently searchable classes, added FulltextSearchableTest, added documentation 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@111789 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:54 +13:00