It shouldnt be possible to get ConfigStaticManifest to parse
a user uploaded file, and if you could it shouldnt be possible
to form PHP that token_get_all could parse which would end
up executing any code.
However just in case it is, this changes the eval to assign to a
static, so the eval will give a syntax error if an attacker
manages to make $value look like `ls` or some other expression
Resolves an issue where if not using the themes directory (i.e just a single app folder) you cannot override module templates.
Changes the SS_TemplateManifest constructor with a new $project argument.
API Added Convert::nl2os function to normalise end of line characters across systems with tests
BUG Fixed i18n unit tests in non-unix systems constantly failing
BUG Fixed problems with HTMLCleaner tests failing in non-unix systems
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
This is a fix for ticket #7670. Some hosting situations don't
allow write access to the system temp path. tiny_mce_gzip.php is currently
using sys_get_temp_dir() by default, and not using a local silverstripe-cache
folder that may exist in the SilverStripe project.
This change moves the getTempFolder() function into a common file, and
includes that in core/Core.php, as well as thirdparty/tinymce/tiny_mce_gzip.php
so both locations share the same code to work out the temp path.
We know the subclass of a record by its ClassName value, but code changes
might have meant that class no longer exists. We used to just break,
but this patch overrides the apparent value of ClassName to be
one that exists in that situation
The _config/route rules explicitly mentioned framework by module name,
so if you installed framework in the older sapphire directory youd
always end up with cyclic config requirement errors
It is possible to specify before and after rules on config fragments
that conflict - A before B and B before A isnt possible to solve.
This used to just throw an error with no way to debug. Now if you
specify debug as a GET parameter and the site is not in live mode
youll get a basic dump of the remaining DAG graph
When specifying a specific before rule and a wildcard after rule (or
vice versa), the config system was filtering out any fragment
from the list of fragments that matched the wildcard if it matched
_any_ componenet of the specific rule, not all of them.
Fixed, and added handling of two semi wild-card rules, where a
rule with less wildcards wins over a rule with more.
See http://open.silverstripe.org/ticket/7765 for more
You should be able to specify multiple before and after rules in
a config fragment. This was intended to be a comma seperated string
but that wasnt being split properly
Now if you provide a comma seperated string it is split properly,
but you can also provide an array, which is actually cleaner
Config system used to provide an add_static_source method, which was intended for
use by Extensions to add statics. But extensions for a class arent initialised
until at least one instance of that class is created, so before that the
Config system didnt include values from extensions
This patch reverses the control flow, so that the Config system explictly asks
each Object for its additional config sources via the new method
get_extra_config_sources. This method returns an array that can contain
string names of classes and also raw associative arrays.
The developer visible change is that Extension#add_to_class has been
deprecated. Instead there is a new method, get_extra_config, which has
the same method signature but needs to guarantee that it doesnt
cause side effects. Additionally there is no need to call
parent::get_extra_config - this is handled automatically.