Commit Graph

72 Commits

Author SHA1 Message Date
Damian Mooyman
1f632a10c9 BUG Replace direct reference to $_REQUEST['url'] with request object getter 2015-09-29 12:10:39 +13:00
Damian Mooyman
acf19b72e2 BUG Fix false values for many_many_ExtraFields not being saved
Fixes #4067
2015-06-09 12:05:25 +12:00
Damian Mooyman
43f49e8434 Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	admin/code/ModelAdmin.php
	control/Director.php
	model/SQLQuery.php
	security/Member.php
	tests/control/HTTPTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
	tests/view/SSViewerTest.php
2015-03-31 19:54:15 +13:00
Daniel Hensby
aba0b70964 FIX GridFieldDetailForm::setItemEditFormCalback broke chaining 2015-03-23 15:16:09 +00:00
Damian Mooyman
319b96b48b Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
	docs/en/05_Contributing/01_Code.md
	forms/TreeDropdownField.php
	model/DataObject.php
	security/Member.php
	tests/model/DataObjectTest.php
2015-03-11 11:40:06 +13:00
Patrick Nelson
f5f41b2f0e FIX: Ensuring custom CMS validator uses Object->hasMethod() to respect extension decorator pattern. 2015-03-09 13:53:08 -04:00
Damian Mooyman
0b1f297873 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
	README.md
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/screen.scss
	api/RestfulService.php
	conf/ConfigureFromEnv.php
	control/injector/ServiceConfigurationLocator.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	core/Object.php
	css/AssetUploadField.css
	css/ComplexTableField_popup.css
	dev/CSSContentParser.php
	dev/DevelopmentAdmin.php
	docs/en/changelogs/index.md
	docs/en/misc/contributing/code.md
	docs/en/reference/execution-pipeline.md
	filesystem/GD.php
	filesystem/ImagickBackend.php
	filesystem/Upload.php
	forms/Form.php
	forms/FormField.php
	forms/HtmlEditorConfig.php
	forms/gridfield/GridFieldDetailForm.php
	forms/gridfield/GridFieldSortableHeader.php
	lang/en.yml
	model/Aggregate.php
	model/DataList.php
	model/DataObject.php
	model/DataQuery.php
	model/Image.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	model/fieldtypes/HTMLText.php
	model/fieldtypes/Text.php
	scss/AssetUploadField.scss
	search/filters/SearchFilter.php
	security/Authenticator.php
	security/LoginForm.php
	security/Member.php
	security/MemberAuthenticator.php
	security/MemberLoginForm.php
	security/Security.php
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
	tests/control/HTTPTest.php
	tests/control/RequestHandlingTest.php
	tests/filesystem/UploadTest.php
	tests/forms/FormTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataListTest.php
	tests/model/DataObjectTest.php
	tests/model/TextTest.php
	tests/security/MemberAuthenticatorTest.php
	tests/security/SecurityDefaultAdminTest.php
	tests/view/SSViewerCacheBlockTest.php
	tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Sean Harvey
0e07f1a7f5 Merge remote-tracking branch 'origin/3.0' into 3.1 2014-08-22 17:50:36 +12:00
Ingo Schommer
1661213e5b FIX Opt-out pf form message escaping (fixes #2796)
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.
2014-08-22 16:59:34 +12:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Damian Mooyman
d8e9af8af8 API New Database abstraction layer. Ticket #7429
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Ingo Schommer
bb03f6ba2f Merge remote-tracking branch 'origin/3.1'
Conflicts:
	forms/HtmlEditorField.php
2014-06-15 22:50:20 +12:00
Mateusz Uzdowski
741ab96418 Fetch the nearest Controller instead of relying on global state.
Controller:curr() in this context are equivalent to calling
getToplevelController() which already solves the issue of nested
GridFields.
2014-06-12 16:47:49 +12:00
Ingo Schommer
802b46bd0a GridFieldDetailForm_ItemRequest->getRecord() 2014-05-07 23:49:04 +12:00
Ingo Schommer
ab070944d5 Merge branch 'pulls/apidocs-package-list' of https://github.com/madmatt/silverstripe-framework into madmatt-pulls/apidocs-package-list
Conflicts:
	view/SSTemplateParser.php
	view/SSTemplateParser.php.inc
2014-01-31 15:15:59 +13:00
Will Rossiter
4ea62b44f9 FIX: Ensure GridFieldDetailForm has the current record validator.
Currently the validator is only set through
ModelAdmin and not through GridField
directly. This will set the validator based on the
record unless a custom validator has been
provided.

http://www.silverstripe.org/data-model-questions/show/34650?start=8#post331958
2014-01-12 16:08:31 +13:00
madmatt
bebe0f6e37 Updating @package and @subpackage doc tags 2013-11-29 17:49:30 +13:00
Andrew Short
fc773c5c22 NEW: Pre-populate and disable foreign key field on has many lists.
This is a common use case, and by default a form field is added which
has no effect. While this coupling is undesirable, it makes the default
behaviour much more sensible.

See #2662, #2651, #2637 for more information.
2013-11-13 16:21:18 +11:00
Sean Harvey
8e36290b56 Merge pull request #2205 from jthomerson/pulls/fix_gridfield_class_name
FIX: wrong class name being returned
2013-10-31 18:19:05 -07:00
Ingo Schommer
2266d77237 Revert "Style destructive actions destructively"
This reverts commit 3851ef9f2c.
Breaks button alignment in CMS.
2013-10-24 11:37:40 +02:00
Will Rossiter
3851ef9f2c Style destructive actions destructively 2013-10-11 20:00:11 +13:00
Ingo Schommer
9709a5cd8c Merge remote-tracking branch 'origin/3.1.0' into 3.1 2013-10-01 01:45:27 +02:00
Ingo Schommer
deadc154ca Don't link record in GridField form message
This is no longer allows through Form->sessionMessage() to avoid XSS.
2013-10-01 00:00:37 +02:00
Ingo Schommer
bda56eb9b0 Don't link record in GridField form message
This is no longer allows through Form->sessionMessage() to avoid XSS.
2013-09-30 23:55:32 +02:00
Ingo Schommer
02cc662aaf More specific entwine rule for delete alert in GridField
The rule didn't apply in Firefox because of how it handles specificity,
so made it a bit more specific (added "button" and ".action")
2013-08-16 16:06:31 +02:00
Jeremy Thomerson
dbb2efcbb3 FIX: wrong class name being returned
This resulted in an error since the returned class name did not exist.
Note that this only happened when someone subclassed GridFieldDetailForm
and did not subclass GridFieldDetailForm_ItemRequest.
2013-07-09 20:59:56 +00:00
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Loz Calver
dcec30f4e3 Fix: Enable delete button for users with canDelete() but no canEdit() permissions
$form->makeReadonly(); iterates over all fields/actions, disabling the 'delete' button even when the user has permission
2013-06-03 12:31:40 +01:00
Will Rossiter
ddcfcf7bed Update @package, @subpackage labels
Cleanup of framework's use of @package and @subpackage labels and additional of labels for classes missing packages.

Moved all GridField related components to the one name.

Countless spelling fixes, grammar for other comments.

Link ClassName references in file headers.
2013-05-21 22:24:41 +12:00
Nik Rolls
5143c8149a Form now loads correctly when ClassName is changed. 2013-04-02 11:03:49 +02:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Simon Welsh
3439e30ac1 Corrects indentation and line length 2013-01-24 19:56:02 +13:00
Ingo Schommer
c11b3918fc Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/css/screen.css
	admin/scss/_style.scss
	core/PaginatedList.php
	email/Mailer.php
2013-01-21 11:14:57 +01:00
uniun
e020c7be57 BUG doSave() and doDelete() should use translated singular name 2013-01-11 15:50:09 +01:00
Nicolaas
a32451f72e adding extension hook in GridFieldDetailForm.php
This hook is useful so that you can add additional fields / actions in a gridfield form that are not available in other settings (e.g. additional actions: previous / next / save and publish / unpublish / etc
2012-12-27 19:22:54 +13:00
Ingo Schommer
8ec3641e60 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/javascript/LeftAndMain.FieldHelp.js
	lang/en.yml
	model/URLSegmentFilter.php
2012-12-21 15:04:17 +01:00
Ingo Schommer
661a4a2492 Removed direct sprintf() usage from _t() calls
Parameterized strings are easier to understand,
and more fail-proof, don't fatal out when not enough sprintf() args
2012-12-21 11:46:38 +01:00
Ingo Schommer
1848d7e90a API Check model permissions in GridField 2012-12-17 00:46:51 +01:00
Ingo Schommer
c8136f5d4c NEW Many-many relation data editing in GridFieldDetailForm
Also adds GridFieldDetailForm->setFields() for customizing
the displayed form fields (required for adding relational fields).
2012-11-27 10:45:43 +01:00
Ingo Schommer
434759cc83 BUGFIX Correct redirection URL on deletion in GridFieldDetailForm 2012-11-16 15:32:17 +13:00
Ingo Schommer
bd0e597ac6 Use button tag for delete button in GridFieldEditForm 2012-11-16 15:32:17 +13:00
Hamish Friedlander
7315be4531 FIX default values from DataObject not showing in GridField details form 2012-11-16 12:36:00 +13:00
Ingo Schommer
bcbf4636fc BUG Remove .ss-tabset class from CMS tabs to prevent rogue ajax load (#7980)
The existence of .ss-tabset triggers JS which applies $.tabs(),
and in turn interprets the first available link as the tab navigation.
jQuery UI subsequently tries to ajax-load this link, which is not
desired. Instead, $.tabs() should *only* be applied to a container
DOM element with .cms-tabset applied.
2012-11-01 00:25:13 +01:00
jean
574c53d5ba FIX 7927 Redirect to the parent controller after deleting an item in a gridfield (edit form) 2012-10-12 18:09:17 +02:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
d504e9e634 Add .cms-tabset on all GridFieldDetailForm instances
This allows us to add cms behaviour consistently
2012-09-28 16:37:35 +02:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Ingo Schommer
f5ff607a0a Localization for "cancel" button in GridFieldDetailForm 2012-09-11 13:47:12 +02:00
Andrew O'Neil
aa52dae464 BUGFIX: Don't add ss-tabset class to GridFieldDetailForms without tabs, as this causes the first <ul> within the form to have tabs applied 2012-09-05 14:16:28 +12:00
Ingo Schommer
52263e6a5f BUG Gridfield fails when save changes filter criteria (fixes #7785) 2012-09-02 16:57:50 +02:00