Ingo Schommer
d5b3dbc6fb
SECURITY Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)
...
SECURITY More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
2012-05-04 12:10:59 +02:00
Ingo Schommer
68051fdb96
Merge pull request #371 from halkyon/sapphire
...
---
Dont start the session until its actually necessary, which is to say there is a cookie available with the current PHP session name (or a request variable with the session_name() - typically PHPSESSID.) The latter allows for passing session ID through as an alternative to cookies.
2012-05-03 14:58:09 +02:00
Sean Harvey
0882741f54
API CHANGE Renamed setModel for DataModel instances to setDataModel for
...
semantics, and also to allow a field name called "Model"
2012-05-01 14:45:44 +12:00
Sean Harvey
f63d137d49
ENHANCEMENT Session::start() now only called when there is changed
...
session data to be saved, and started on Director::direct() when there
is a cookie (or request var) containing the current PHP session name.
2012-04-27 16:28:46 +12:00
Sean Harvey
bd6ca59558
ENHANCEMENT Adding list-style in addition to list-style-image for URL rewrites
2012-04-27 11:20:05 +12:00
Fred Condo
4756b97daa
BUGFIX: absoluteURLs() rewrites URLs in list-style-image elements
...
This applies the patch from and resolves #6798
2012-04-26 14:53:09 -07:00
Will Rossiter
8e8c1302a2
Merge pull request #360 from joaosantos81/master
...
MINOR: clear_all returns void (and not the result of inst_clearAll() invocation)
2012-04-22 01:49:53 -07:00
joaosantos81
611cd53be8
inst_clearAll() does not return anything so clear_all() method should not expect any return value from inst_clearAll invocation
2012-04-20 18:36:11 +02:00
Sean Harvey
4c6be2931b
BUGFIX Removing use of deprecated Object static functions like
...
get_static(), set_static(), uninherited() etc. Replace with equivalent
Config system get(), update()
2012-04-18 23:10:57 +12:00
Sean Harvey
effc654009
MINOR Moved ModulePath to GenericTemplateGlobalProvider
2012-04-15 10:50:21 +12:00
Sean Harvey
8949dfa691
ENHANCEMENT Replaced locations of sapphire with $ModulePath(framework) in templates, based off Controller which implements TemplateGlobalProvider
2012-04-15 10:50:20 +12:00
Simon Welsh
f07258f3cf
MINOR Update @package values to match renaming sapphire
2012-04-15 10:50:19 +12:00
Simon Welsh
3a6341a251
API-CHANGE sapphire folder can now be renamed.
2012-04-15 10:50:19 +12:00
Simon Welsh
f8082e4814
MINOR Add newline to end of files without one
2012-04-15 10:50:19 +12:00
Andrew O'Neil
d368f3605b
MINOR: Remove default paramenter from handleRequest() so it complies with the interface correctly. Fixes E_STRICT warning.
2012-04-11 17:20:49 +12:00
Sam Minnee
e01b0aa3d0
ENHANCEMENT PjaxResponseNegotiator for more structured partial ajax refreshes, applied in CMS and GridField. Also fixes issues with history.pushState() and pseudo-redirects on form submissions (e.g. from page/add to page/edit/show/<new-record-id>)
2012-04-05 23:00:22 +02:00
Ingo Schommer
a44b67bae2
API CHANGE Moved RequestHandler->isAjax() to SS_HTTPRequest->isAjax()
2012-04-05 23:00:22 +02:00
Sean Harvey
58e912d4d7
MINOR Removed check for PHP versions less than 5.2 in Cookie
2012-04-03 09:54:55 +12:00
Gareth Foster
21d52d3852
BUGFIX #7018 This stops an infinite loop when Depreciation::notice is called from set_dev_servers(). This doesn't stop people from setting $dev_servers directly (not that it is used in the core code anywhere).
2012-03-24 15:57:49 +13:00
Sam Minnee
a2c1858892
BUGFIX: Return a 404, not a 500, if an invalid action is asked for on a RequestHandler.
2012-03-19 13:10:48 +13:00
Ingo Schommer
e6be56e3b4
API CHANGE Removed FormResponse class, use custom HTTP status codes to communicate state on text/html responses, or use text/json for more structured data responses
2012-03-09 23:27:39 +01:00
Ingo Schommer
27fd3e5633
API CHANGE Removed Session::load_config() (no longer supported)
2012-03-09 21:17:18 +01:00
Hamish Friedlander
5ff095e561
BUGFIX: RequestHandler needs some tricks to make sure it knows when allowed_actions hasnt been provided on a class when it has been provided on an extension, now that statics from extensions isnt a feature specific hack
2012-03-09 18:16:45 +13:00
Hamish Friedlander
4315e51358
BUGFIX: Fix deprecated and removed static accessor calls
2012-03-09 18:16:44 +13:00
Mark Stephens
627708e3a8
BUGFIX: add Director::isDev parameter so we can test if we know we're dev mode already without touching the database. Used in showqueries on MySQL, so that errors are avoided when showing queries on initial switch to dev move ( #6856 )
2012-03-09 14:20:22 +13:00
Ingo Schommer
f9323b398c
BUGFIX Type-safe checks for Controller::join_links(), allowing arguments with a value of "0"
2012-03-08 22:20:37 +01:00
Hamish Friedlander
374ed19406
API CHANGE: Change variable expose method in TemplateGlobalProvider and TemplateIteratorProvider to (a) not clash with each other and, (b) be less generic
2012-03-06 09:31:57 +13:00
Hamish Friedlander
fb246bdd08
APICHANGE: Rename getExposedVariables to match coding conventions
2012-03-06 09:31:56 +13:00
Hamish Friedlander
927dbbe717
API-CHANGE: Global template variables can now be called directly using SSViewer_DataPresenter instead of needing to inherit off ViewableData
2012-03-06 09:11:46 +13:00
Sam Minnee
adfdd068e2
Merge branch 'ereg-to-preg' of https://github.com/AngryPHPNerd/sapphire
...
Conflicts:
model/fieldtypes/Date.php
2012-03-05 13:54:20 +13:00
Ingo Schommer
bcc73de85e
Merge branch '106-add-edit-records-rc'
...
Conflicts:
admin/code/LeftAndMain.php
admin/css/screen.css
admin/scss/_style.scss
admin/templates/Includes/LeftAndMain_EditForm.ss
css/GridField.css
filesystem/Folder.php
forms/gridfield/GridField.php
forms/gridfield/GridFieldDefaultColumns.php
forms/gridfield/GridFieldPopupForms.php
2012-02-27 23:58:10 +01:00
Julian Seidenberg
3936909980
ENHANCEMENT: working delete button
2012-02-27 23:52:48 +01:00
AngryPHPNerd
0e2cbb0b88
Replace ereg with preg_*
2012-02-27 22:14:02 +01:00
Sean Harvey
07f4cd4a78
BUGFIX Fixed undefined method suser_error() in Cookie::set()
2012-02-16 14:59:56 +13:00
Ingo Schommer
5ab007db21
MINOR Removed apache_request_headers() usage in Director::direct(), it causes inconsistencies in capitalisation over the default method (inspecting $_SERVER)
2012-02-14 13:53:35 +01:00
Fred Condo
d370423825
Clean up trailing ?> per coding standard
...
All sapphire but the lang directory
2012-02-12 12:40:16 -08:00
Sam Minnee
2648411829
ENHANCEMENT: Ensure that forceSSL and protocol detection respects the X-Forwarded-Protocol header.
2012-02-03 09:49:37 +13:00
Sam Minnee
06605ffadc
ENHANCEMENT: Provide a default Controller::Link() method, meaning that Controller objects can be constructed to help with testing forms.
2012-01-10 16:39:12 +13:00
Sam Minnée
d9fcbf9167
Merge pull request #115 from joaosantos81/patch-1
...
Fix for bug when destroying a session with a domain cookie. See http://w ...
2012-01-09 19:10:49 -08:00
simonwelsh
7179f04682
API CHANGE: Deprecate Director::set_dev_servers() and Director::set_test_servers() in favour of Director::set_environment_type() or an _ss_environment.php file.
2012-01-01 22:09:41 +13:00
Simon Welsh
dd546a9888
BUGFIX Merge request arrays recursively
2011-12-23 17:48:49 +13:00
Sam Minnee
8e58529f39
BUGFIX: Don't throw errors if older modules aren't aware of the DataModel argument.
2011-12-17 15:25:15 +13:00
Will Rossiter
075cb5d7b9
ENHANCEMENT: keep Cookie::forceExpiry() consistent with Cookie::set() for preventing cookies from not being deleted. Fixes #56
2011-12-17 14:21:09 +13:00
joaosantos81
77f5ea733b
Fix for bug when destroying a session with a domain cookie. See http://www.silverstripe.org/general-questions/show/18539 for more details
2011-11-14 09:44:46 +00:00
Sam Minnee
e5afa25522
MINOR: Use Deprecation class to indicate deprecated methods in core.
2011-10-29 17:34:31 +13:00
Simon Welsh
58bbb3687a
Change Controller::can() to allow an array of perms, as CMSMain can pass an array in (singleton($class)->stat('need_permission') can be an array).
2011-10-29 12:09:22 +13:00
Ingo Schommer
e66255cfb3
API CHANGE Using 'BackURL' GET parameter in Controller->redirectBack() instead of the unused '_REDIRECT_BACK_URL', which e.g. makes the Security/logout behaviour consistent with Security/login ( fixes #6729 , thanks rixnix)
2011-10-10 10:10:20 +02:00
Will Rossiter
1732a17114
Merged new-orm into datagrid
2011-09-26 16:47:54 +13:00
Ingo Schommer
2651a1ba81
MINOR Marking Director::extract_request_headers() public because we can't unit test protected methods in PHP 5.2
2011-09-19 16:01:33 +02:00
ajshort
a60f03f28e
ENHANCEMENT Sapphire Doesn't Read HTTP Headers ( fixes #6311 )
2011-09-19 14:49:55 +02:00