Session is not initialized by the time we need to use
the setting in DB::connect(). Cookie values get initialized
automatically for each request.
Tightened name format validation to ensure it can only
be used for temporary databases, rather than switching
the browser session to a different production database.
Encrypting token for secure cookie usage.
Added dev/generatesecuretoken to generate this token.
Not storing in YML config directly because of web access issues.
Fixed issue where convertServiceProperty is called when creating objects
with user-supplied constructor arguments, so that it's only called when
creating objects using injector configuration. This reduces the overhead
of unnecessary calls to convertServiceProperty.
Updated test cases to validate behaviour
Enables more generic use of the fixture facilities
without dependency on the YAML format, for example
when creating fixtures from Behat step definitions.
Note: The YamlFixture class needs to be created via
Injector::inst()->create('YamlFixture') now,
direct instantiation is no longer supported.
This bug will surface when using the ORM and adding an join to DataList
where a DataObject inherits another DataObject.
If you for example want to restrict the number of pages that only have a
related Staff object:
$list = DataList::create('Page')
->InnerJoin('Staff', '"Staff"."ID" = "Page"."StaffID");
This will create a SQL query where the INNER JOIN is before the
LEFT JOIN of Page and SiteTree in the resulting SQL string. In MySQL
and PostgreSQL this will create an invalid query.
This patch solves the problem by sorting the joins.
Resolves an issue where if not using the themes directory (i.e just a single app folder) you cannot override module templates.
Changes the SS_TemplateManifest constructor with a new $project argument.
Avoid PHPUnit throwing "test didn't run any assertions"
notices in PHP. If nothing else, it keeps test output
looking less broken by default, making it more likely
that actual errors do get noticed.
Quoted table / column names to make test cases work in postgres
BUG Fixed issue with SQLQuery::lastRow crashing on empty set. Added test cases for lastRow and firstRow.
Quoted table / column names to make test cases work in postgres
Merge branch '3.0-sqlquery-lastrow-fix' of github.com:tractorcow/sapphire into 3.0-sqlquery-lastrow-fix
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.
This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
The existence of .ss-tabset triggers JS which applies $.tabs(),
and in turn interprets the first available link as the tab navigation.
jQuery UI subsequently tries to ajax-load this link, which is not
desired. Instead, $.tabs() should *only* be applied to a container
DOM element with .cms-tabset applied.
It was setting a NULL empty string when constructing the field,
which shouldn't call setEmptyField() in the first place.
This logical error somehow just surfaced when the HTML output
wasn't run through tidy.
See https://github.com/silverstripe/sapphire/pull/886
When a user renames a file to "__test.txt" (two underscores or more),
then FileNameFilter will only remove the very first underscore from the
filename. This is not sufficient, as any number of underscores in the
filename will be problematic when Filesystem::sync() is called, it will
remove that File record thinking it's an internal file. This fixes it
so any number of underscores are stripped out at the start of the filename.
API Added Convert::nl2os function to normalise end of line characters across systems with tests
BUG Fixed i18n unit tests in non-unix systems constantly failing
BUG Fixed problems with HTMLCleaner tests failing in non-unix systems
The specific situation where this is useful is where populateDefaults on
DataObjects needs to query the database. This will break the dev/build
when it tries to create the object via singleton - the query will not be
able to be executed if the table is not there or its schema has changed.
For an example of such use case see Translatable::populateDefaults.
If formatOutput is set to TRUE, then the regexes in getContent()
will not match the newlines, and the output will include html, body
and meta tags. Introduce a few new tests to ensure the output is
correct, and fix the regex.
Using late static binding makes it possible to override SS_Log to create
logs which are separate to the main Silverstripe log but still use the
built in functionality.
Add test for SS_Log subclassing.
At this stage, the test just checks line-length and line-endings, but previous commits have ensured that framework actually passes those tests. We can add more tests as we actually correct the code to pass those tests, and grow the test suite, as we had for unit tests.
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
These APIs are primarily intended to let developers write custom 404 handlers. They can define an onBeforeHTTPError404() method on an Extension that gets added to Controller or RequestHandler.
The SS_HTTPResponse_Exception object has also been tidied up to override the status info of any SS_HTTPResponse object that might get passed. This is mainly to make it easier for callers (such as ContentController and ModelAsController) to use RequestHandler::httpError() more consistently.
Adds three extra methods to Data/SQLQuery query that allow for starting
a disjunctive subgroup, a conjunctive subgroup and for ending a subgroup.
Database::sqlWhereToString() now builds up the WHERE clause one by one
instead of with a straight implode. Uses a stack to know which conenctive
to use.
This is a fix for ticket #7670. Some hosting situations don't
allow write access to the system temp path. tiny_mce_gzip.php is currently
using sys_get_temp_dir() by default, and not using a local silverstripe-cache
folder that may exist in the SilverStripe project.
This change moves the getTempFolder() function into a common file, and
includes that in core/Core.php, as well as thirdparty/tinymce/tiny_mce_gzip.php
so both locations share the same code to work out the temp path.
The issue was raised in #7628, where an anchor tag was being changed from
<a name="anchor"></a> to <a name="anchor"/> by SS_HTMLValue, when
HtmlEditorField::saveInto() parses the HTML fragments.
This is because SS_HTMLValue uses DOMDocument::saveXML(), which is fine
for saving an XML document, but not suitable for HTML. This fix changes
that to use DOMDocument::saveHTML() instead.
Note that we can't use the parameter to saveHTML() for selecting a single
node only, as that's only supported in PHP 5.3.6+, SilverStripe 3.0 supports
PHP 5.3.2 as a minimum. The workaround for this shortcoming is to replace
unncessary output by DOMDocument with a regular expression.
ADDED: Test cases correctly checking for changes (and no changes) to the data model for both fields and indexes.
FIXED: References to indexes throughough the code that probably should have quoted field names. This prevents a lot of 'spam' during dev build. This includes an updated FulltextSearchable test case.
CMSProfileController currently checks canView() which ensures that a logged in CMS
Member can access the profile controller, but when saving the record on Member_ProfileForm
there is no check for canEdit(), so extended permissions don't get respected.
This adds a check for canEdit() in Member_ProfileForm, and adds some functional tests
to check permissions.
The table name in the join was being escaped, though table
names aren't escaped anywhere else. This breaks
namespaced classes, which rely on unescaped backslashes.
The Travis config will now run tests on the following instances
* 5.3 + SQLite
* 5.3 + MySQL
* 5.3 + PostgreSQL
* 5.4 + MySQL
In other words, with the exception of Windows tech (MSSQL + Win server) this is a wide-coverage build config.
ADDED: HTTP_Request::params() to retrieve all (shifted) params used in the request
FIXED: Issue where route-table level arguments would not be accessible without using non-deprecated API.
ADDED: Test case to test the above items
UPDATED: Extended Director::test to allow for the retrieval of the request object
UPDATED: Deprecated notice on Director::urlParam and Director::urlParams
REMOVED: Unused variable
FIXED: Coding convention conformity
The values in $values aren't returned in any order, so this test can randomly fail. This
changes the check from expected = $values to $values \cap expected = $value. PHP's array_intersect
maintains the keys of the first array, so order is preserved. The intersect also guarentees that the
only accepted values are the expected ones.
This allows arguments to be passed along in an $allowed_actions deceleration of
the form 'action' => '->method' in the same way that arguments can be passed to
extension constructors when adding them using $extensions or
Object::add_extension.
I.e. 'action' => '->checkerMethod(false, 7, 2, "yesterday") would call the
checkerMethod method with the boolean false the numbers 7 and 2 and the string
"yesterday" as its arguments.
The Requirements class currently treats only absolute URLs as URLs, and
tries to interpret anything else as a filesystem path. This prevents
using scheme-relative URLs for requirements.
Example:
<% require javascript(//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js) %>
This forces the unfortunate choice of not using a CDN for common
scripts, always using an https absolute URL, or accepting that some
browsers will throw a security warning when viewing the site in https.
This change allows scheme-relative URLs & updates RequirementsTest.
This changes the behaviour of output to browser to use the standard SilverStripe rendering process rather than an echo statement to enable easier testability.
This is now the default setting for both "sake" and "phpunit"
runs, because of performance reasons (every manifest flush takes
multiple seconds). On the other hand, we want to make errors
like missing classes more obvious to developers.
See discussion in https://github.com/silverstripe/sapphire/pull/620
While well-intentioned, this test keeps causing problems
due to wrong timezone settings in test mode.
It shouldn't completely abort test execution,
since its more of an environment sanity check than a failed test.
Refactored to mark test skipped (regardless of offset, as long as
its greater than 5 seconds). And skipping tests altogether
on SQLite3 with new supportsTimezoneOverride() check.
SapphireTest->setUp() sets the PHP timezone to UTC (see 59547745),
but SQLite doesn't support this for a DB connection.
Since changing it on a global UNIX system level is infeasible,
the tests need to be skipped.
Leave the decision to the phpunit.xml config (via <get> setting),
or to the individual run via "phpunit <folder> '' flush=1".
Flushing takes multiple seconds even on my fast SSD,
which greatly reduces the likelyhood of developers adopting TDD.
Necessary to have the <get name="db" /> directive
working in phpunit.xml definitions, which in turns allows
us to use GET parameters to switch the database connection
for running automated tests.
See http://open.silverstripe.org/ticket/6672. Expanded on initial patch with test coverage. Fixes another one of the commented out cases in the test by picking up URL's which do not include a protocol.
See initial idea at http://open.silverstripe.org/ticket/6441. Added $template property and corresponding getters / setters for customizing the template used. Added relevant unit test.
Taken from http://open.silverstripe.org/ticket/7296. PermissionTest extended to validate that permissions_for_member() includes permissions denied pre applying patch. PermissionTest passes post patch.
If the applyRelation() was passed a relation that went to a class with a parent
class with a database table, applyRelation would return the name of the parent
class, rather than the class the relation was actually too.
Without this bugfix, if you had a Page that used to be a SiteTree, and you tried to use Versiond::get_version() or Versioned::get_latest_version() to return the older SiteTree version, nothing would be returned, because the results were being filtered by ClassName. This caused bugs in the history panel for certain combinbations of page classname alteration.
If the applyRelation() was passed a relation that went to a class with a parent
class with a database table, applyRelation would return the name of the parent
class, rather than the class the relation was actually too.
This bug was caused by the fact that SQLQuery::whereAny() removed existing filters. In line with addWhere() and setWhere(), I split this into addWhereAny() and setWhereAny(). Strictly speaking, this drops the method SQLQuery::whereAny(), but it was really just an internal function for exclude, and so I think that's acceptable.
In some circumstances a custom generated list will already only contain
the items for the current page. The automatic limiting will then limit
the already limited list, breaking pagination. This allows you to disable
automatic limiting so all items are shown regardless of the current page.
The intl extension in PHP 5.4 provides a Transliterator class, which
conflicts with the SilverStripe one. This leads to some really weird
ReflectionExceptions about Transliterator's constructor being
private.
there are actually args passed through to prevent overwriting with null
args if they're passed
MINOR Added __get alias to remove need for explicit ->get() call
MINOR Added the injector instance as an object that can be injected into other classes
BUGFIX Fixed issue described in http://open.silverstripe.org/ticket/7448 whereby using the injector to create an object of a type already registered as a singleton would actually overwrite the stored singleton object
ImageFormAction is deprecated, using the new API results in a submit input rather than an image input being generated. Added hasAttribute helper to FormField as well as test coverage.
API CHANGE: Pass Object::create() calls to Injector::create().
API CHANGE: Add "RequestProcessor" injection point in Director, that Director will call preRequest() and postRequest() on.
---
These are some enhancements + tweaks I made as part of getting the advanced workflow module running in SS3:
* Added a readonly view button and action to GridField.
* Made LeftAndMain::getResponseNegotiator() public so CMS extensions can use it to generate responses.
* Fixed top tab background, made text more readable (http://i.imgur.com/yDmmY.png).
* Allow fields in the CMS to not be change tracked using ".no-change-track".
* Made all icons 16x16 (some were different sizes, being cut off), and allow them without .ui-state-default.
* Fixed ToggleCompositeField and tweaked field styling.
This also removes the $global_mimetypes that was generating weird errors when both HTTP and Mailer classes tried to modify and use it.
Support of finfo should be straightforward since PHP 5.3 includes that module that default
Renamed the Member::mapInGroups() to Member::map_in_groups() since it's a static method and throws deprecation message if using the old variant.
Rewrote the mapInGroups to use a more ORMy way of fetching Members for a set of groups and included a test for.
instead of assertType(), assertEmpty() is available in PHPUnit 3.5+.
PHPUnit 3.4 is no longer supported, so please upgrade your version to
work.
MINOR Removed FullTestSuite which was a workaround for PHPUnit but not
used.
SECURITY More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
---
Dont start the session until its actually necessary, which is to say there is a cookie available with the current PHP session name (or a request variable with the session_name() - typically PHPSESSID.) The latter allows for passing session ID through as an alternative to cookies.
BUGFIX Remove legacy code and template which is never picked-up so that TextareaField becomes 'readonly' when it is transfered to readonly field. Change TextareaFieldTest test cases to address a 'readonly' textarea field displaying the special html characters correctly.
UploadField was relying entirely on the File::get_class_for_file_extension to
select a class, so it could only create File or Image objects. This
would break the relationships based on derived objects. Also make it
respect the FileField::relationAutoSetting.
DataObject::get_one returns false if not found, so better check for
object. Also, the directory would not be cleaned, so on the subsequent
run the files could end up having suffixes.
missed this one
ENHANCEMENT Refactored i18nTextCollector collection logic alongside $priority removal, from regex to (slightly more maintainable) PHP tokenizer. Using var_export() for generating PHP, which auto-escapes strings more robustly.
ENHANCEMENT Refactored i18nTextCollector into pluggable writers (in preparation of new YML output format)
---
In SS-2.4 you can prefix files with an underscore to exclude them from manifest this can be useful for backups of old classes or huge data files.
I think this behaviour should be readded.
(I will add a unit test for this ...)