tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
23,241 Commits 29 Branches 513 Tags 147 MiB
Commit Graph

53 Commits

Author SHA1 Message Date
Mojmir Fendek 2c105cffc9
ENH: saveInto() new extension points. (#10636) 
* ENH: saveInto() new extension points.
 2023-01-13 09:43:22 +13:00
Loz Calver 7f8f5afc91 Ensure forms/fields overridden by onBeforeRender() can override templates 2022-11-02 11:57:57 +00:00
Loz Calver c925fae180 NEW: Add onBeforeRender extension hook to Form 2022-11-02 10:05:02 +00:00
Steve Boyd 9c453abf89 API Update deprecations 2022-10-13 14:49:15 +13:00
Steve Boyd 2991901660 ENH Update deprecation messages 2022-10-13 14:05:49 +13:00
Loz Calver 9b45342a06 FIX: Add missing casting for Form::getAttributesHTML (fixes #10386) 2022-07-04 12:24:58 +01:00
Steve Boyd 511b3bb060 ENH PHP 8.1 compatibility 2022-04-14 13:12:59 +12:00
Lukas 552cf5944d
MNT Fix various typos with codespell (#10177) 2021-12-13 21:05:33 +13:00
Maxime Rainville b43d68f9b4 API Add an AttributesHTML trait 2021-11-18 15:31:01 +13:00
GuySartorelli fc349db511
API Add a way to check if a form or form field has an extra css class (#10112) 
Required for silverstripe/silverstripe-admin#1252
 2021-11-01 17:01:17 +13:00
Ingo Schommer 8806b3befc Fixes required for dot notation support in fields 
See #9163
 2021-05-20 20:32:25 +12:00
Dan Hensby 23ffd2bbd6 Linting fix 2021-05-20 20:32:25 +12:00
Sam Minnee 5dcf5197da FIX: Make the ./_ substitution optional. 2021-05-20 20:32:25 +12:00
Sam Minnee 02fb7c3b17 NEW: Support dot syntax in form field names 
This change adds support for these in a few places.

 - Form::saveInto($record)
 - Form::loadDataForm($record)
 - Form::loadDataForm($_POST)

Fixes https://github.com/silverstripe/silverstripe-framework/issues/9163
 2021-05-20 20:32:24 +12:00
William Desportes c932d7e7fb
Fix the phpdoc blocks 2020-12-21 22:23:23 +01:00
Robbie Averill 84b4057a9a
Merge pull request #9406 from chrispenny/feature/standardise-get-cms-validator 
v4 improvement: Standardise getCMSValidator for DataObjects/Forms
 2020-07-16 15:58:33 -07:00
Christopher Darling 4303917ac5
DOCS Form::loadDataFrom constants in docblock 
... missing MERGE_ prefix as defined in this class
 2020-05-28 16:40:12 +01:00
cpenny b45a3561df Implemented PR feedback. Added some initial test cov 2020-05-28 11:18:46 +12:00
cpenny d7dd93f7a7 Standardise getCMSValidator for DataObjects/Forms 2020-05-28 11:18:46 +12:00
Andre Kiste 3a424747df
Merge pull request #9332 from shoosah/feature/add-error-message-into-field 
Allow to add error message into a specific field
 2020-05-01 15:46:29 +12:00
Daniel Hensby 237b2d5f74
Convert array delcarations to short array syntax 2020-04-20 18:58:09 +01:00
Maxime Rainville acd7d94167 Merge branch '4.4' into 4.5 2020-02-17 13:07:26 +13:00
Serge Latyntcev ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes 
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
 2020-02-17 09:58:29 +13:00
shoosah 2724d93111 Allow to add error message into a specific field 2019-11-22 11:03:27 +13:00
aNickzz 28be2b2263
Swap argument order for implode 
I noticed this squiggly red line while perusing the code.

The PHP doc says
`implode ( string $glue , array $pieces ) : string`
> implode() can, for historical reasons, accept its parameters in either order. For consistency with explode(), however, it may be less confusing to use the documented order of arguments.
 2019-05-11 00:32:23 +09:30
Russell Michell 0397c54b5a FIX: Fixes #8459 
- Missing conditionals for optional constructor args
- Missing calls to FieldList::setForm()
- Missing guards around naive calls to Form::Fields()->foo()
 2018-12-19 13:28:19 +13:00
Damian Mooyman cfc3b851e7
Merge remote-tracking branch 'origin/4.1' into 4.2 
# Conflicts:
#	lang/sv.yml
 2018-06-19 17:20:25 +12:00
Maxime Rainville 3f80e2dc67 FIX Don't reload form session data using FormField::setSubmittedValue… (#8184) 2018-06-19 11:27:09 +12:00
Damian Mooyman 6b8f63c4d5
Refactor redirect cache busting into middleware 2018-06-14 14:11:31 +12:00
Damian Mooyman e93289326e
Add Form::canBeCached() method 2018-06-14 11:17:21 +12:00
Daniel Hensby befd81d0c2 FIX Bug with forms being cached 2018-06-13 11:33:46 +12:00
Damian Mooyman c8b3593090
API Form::makeReadonly() returns self 
Fixes #8006
 2018-04-16 14:01:49 +12:00
Daniel Hensby 9ed3cd4042
Merge branch '4.0' into 4.1 2018-03-16 14:57:05 +00:00
Thomas Portelange 2e1c70b56c
Ensure tmpData exists 
Otherwise you might get illegal string offset
 2018-03-15 20:40:05 +01:00
Damian Mooyman a3c52f901a
Merge remote-tracking branch 'origin/4.0' into 4 
# Conflicts:
#	src/Core/TempFolder.php
#	src/ORM/DataObject.php
#	src/View/ThemeResourceLoader.php
#	src/includes/constants.php
#	tests/php/Control/SimpleResourceURLGeneratorTest.php
#	tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php
#	tests/php/View/RequirementsTest.php
 2018-01-22 14:57:05 +13:00
Daniel Hensby db610aaf3b
Fixing string concat CS issues 2018-01-16 18:39:30 +00:00
Damian Mooyman a50fd009ca Update PHPDoc 2017-12-14 15:08:32 +13:00
Robbie Averill 823e49526f NEW Allow SSViewer and SSViewer_FromString to be injectable 2017-07-13 20:48:58 +12:00
Saophalkun Ponlu 288de2eb14 BUG Add flag on form whether to notify user when there's unsaved changes 2017-06-28 11:14:12 +12:00
Sam Minnee 10866c0809 API: Replace Director::direct() with Director::handleRequest(). 
There was no longer any code in direct() and so I opted to expose the
handleRequest() method instead.
 2017-06-27 13:32:39 +12:00
Damian Mooyman 3873e4ba00 API Refactor bootstrap, request handling 
See https://github.com/silverstripe/silverstripe-framework/pull/7037
and https://github.com/silverstripe/silverstripe-framework/issues/6681

Squashed commit of the following:

commit 8f65e56532
Author: Ingo Schommer <me@chillu.com>
Date:   Thu Jun 22 22:25:50 2017 +1200

    Fixed upgrade guide spelling

commit 76f95944fa
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 16:38:34 2017 +1200

    BUG Fix non-test class manifest including sapphiretest / functionaltest

commit 9379834cb4
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 15:50:47 2017 +1200

    BUG Fix nesting bug in Kernel

commit 188ce35d82
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 15:14:51 2017 +1200

    BUG fix db bootstrapping issues

commit 7ed4660e7a
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 14:49:07 2017 +1200

    BUG Fix issue in DetailedErrorFormatter

commit 738f50c497
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 11:49:19 2017 +1200

    Upgrading notes on mysite/_config.php

commit 6279d28e5e
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 11:43:28 2017 +1200

    Update developer documentation

commit 5c90d53a84
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 10:48:44 2017 +1200

    Update installer to not use global databaseConfig

commit f9b2ba4755
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 21:04:39 2017 +1200

    Fix behat issues

commit 5b59a912b6
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 17:07:11 2017 +1200

    Move HTTPApplication to SilverStripe\Control namespace

commit e2c4a18f63
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 16:29:03 2017 +1200

    More documentation
    Fix up remaining tests
    Refactor temp DB into TempDatabase class so it’s available outside of unit tests.

commit 5d235e64f3
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 12:13:15 2017 +1200

    API HTTPRequestBuilder::createFromEnvironment() now cleans up live globals
    BUG Fix issue with SSViewer
    Fix Security / View tests

commit d88d4ed4e4
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 16:39:43 2017 +1200

    API Refactor AppKernel into CoreKernel

commit f7946aec33
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 16:00:40 2017 +1200

    Docs and minor cleanup

commit 12bd31f936
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 15:34:34 2017 +1200

    API Remove OutputMiddleware
    API Move environment / global / ini management into Environment class
    API Move getTempFolder into TempFolder class
    API Implement HTTPRequestBuilder / CLIRequestBuilder
    BUG Restore SS_ALLOWED_HOSTS check in original location
    API CoreKernel now requires $basePath to be passed in
    API Refactor installer.php to use application to bootstrap
    API move memstring conversion globals to Convert
    BUG Fix error in CoreKernel nesting not un-nesting itself properly.

commit bba9791146
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 18:07:53 2017 +1200

    API Create HTTPMiddleware and standardise middleware for request handling

commit 2a10c2397b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 17:42:42 2017 +1200

    Fixed ORM tests

commit d75a8d1d93
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 17:15:07 2017 +1200

    FIx i18n tests

commit 06364af3c3
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 16:59:34 2017 +1200

    Fix controller namespace
    Move states to sub namespace

commit 2a278e2953
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 12:49:45 2017 +1200

    Fix forms namespace

commit b65c21241b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 15 18:56:48 2017 +1200

    Update API usages

commit d1d4375c95
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 15 18:41:44 2017 +1200

    API Refactor $flush into HTPPApplication
    API Enforce health check in Controller::pushCurrent()
    API Better global backup / restore
    Updated Director::test() to use new API

commit b220534f06
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 22:05:57 2017 +1200

    Move app nesting to a test state helper

commit 603704165c
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 21:46:04 2017 +1200

    Restore kernel stack to fix multi-level nesting

commit 2f6336a15b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 17:23:21 2017 +1200

    API Implement kernel nesting

commit fc7188da7d
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:43:13 2017 +1200

    Fix core tests

commit a0ae723514
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:23:52 2017 +1200

    Fix manifest tests

commit ca03395251
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:00:00 2017 +1200

    API Move extension management into test state

commit c66d433977
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 14:10:59 2017 +1200

    API Refactor SapphireTest state management into SapphireTestState
    API Remove Injector::unregisterAllObjects()
    API Remove FakeController

commit f26ae75c6e
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 12 18:04:34 2017 +1200

    Implement basic CLI application object

commit 001d559662
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 12 17:39:38 2017 +1200

    Remove references to SapphireTest::is_running_test()
    Upgrade various code

commit de079c041d
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 7 18:07:33 2017 +1200

    API Implement APP object
    API Refactor of Session
 2017-06-22 22:50:45 +12:00
Antony Thorpe 6348f2e3e8 Updated Form.php & 04_Form_Security.md 
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
 2017-06-06 21:10:49 +12:00
Damian Mooyman fba8e2c245 API Remove Object class 
API DataObjectSchema::manyManyComponent() return array is now associative array
 2017-05-23 13:50:35 +12:00
Robbie Averill f2cbe86f03 Remove CustomMethods::createMethod and create_function implementations, replace with closures 2017-05-19 15:56:44 +12:00
Aaron Carlino c99ed2d262 Reorganise i18n keys 2017-05-08 23:34:39 +12:00
Damian Mooyman 0c41a97a8b API Refactor Form request handling into FormRequestHandler 
API Add HasRequestHandler interface
API Refactor Link() and url handling behaviour from Controller into RequestHandler
API RequestHandler classes now must define url_segment to have a default Link()
API Clean up redirectBack()
 2017-03-10 15:04:33 +13:00
Damian Mooyman 029a8b9586
API Substitute Zend_Currency with NumberFormatter based solution 
API Substitute Zend_Locale with Locale / NumberFormatter
API Substitute Zend_Date with IntlDateFormatter
API Added DBTIme::Nice12, FormatFromSettings
API Added Short() method to DBDate / DBTime / DBDatetime
API Add Date::getTimestamp()
API Added setSubmittedValue api for FormField
API Add second arg to base FormField::setValue()
API Major refactor of i18n into component data parts
API Implement Resettable interface to reset objects between tests
ENHANCEMENT Changed DBField::create_field return type to `static` to support better type hinting
ENHANCEMENT i18nTextCollector supports __CLASS__
 2017-02-09 15:28:59 +13:00
Daniel Hensby 664c0eafbe
Merge branch '3' 2016-12-28 14:30:54 +00:00
Damian Mooyman 6e589aac75
API Updates to Form, ValidationResponse, ValidationException 
API Implement form schema "errors" handling
 2016-12-09 14:24:11 +13:00
Sam Minnee 6650561dac Don't use session and FormSchema to manage server-side React validation responses 2016-12-09 10:27:23 +13:00