Commit Graph

3004 Commits

Author SHA1 Message Date
Hamish Friedlander
5f9387c42c FIX Constants magic_quotes handling needs function from Core 2013-08-05 14:58:44 +12:00
Hamish Friedlander
041466fe02 FIX Token redirect where in IIS a / needs adding between host & url 2013-08-05 09:15:11 +12:00
Hamish Friedlander
342058742c FIX Flush on memory exhaustion and headers sent 2013-08-02 09:41:16 +12:00
Hamish Friedlander
541436feb0 Merge branch 'origin/3.0' into 3.1 2013-07-24 12:09:44 +12:00
Hamish Friedlander
a1ea905ca8 FIX Nice errors and allows flush on module removal 2013-07-24 09:57:01 +12:00
Hamish Friedlander
84011aa736 FIX Only suppress fatal errors 2013-07-22 14:48:16 +12:00
Hamish Friedlander
604d9bf7dc Split Core.php into Constants.php and Core.php and adjust main.php startup
The recent flush filter fix had a problem that you couldnt set a custom
BASE_PATH in _ss_environment because that file didnt get included until
after checking the confirmation token. This patch pulls the part of Core.php
that defines BASE_PATH into a seperate file that can be included earlier
in the startup sequence so that ParameterConfirmationToken can access it.

Core.php includes Constants.php with a require_once call, so for startup
scripts that dont pull in Constants.php themselves (like cli-script.php)
no change is needed.
2013-07-22 13:52:00 +12:00
Hamish Friedlander
bed25a7a79 Merge branch 'origin/3.0' into 3.1 2013-07-19 15:51:54 +12:00
Hamish Friedlander
a312cd08e1 FIX: Ignore invalid tokens instead of throwing 403 2013-07-19 14:47:05 +12:00
Hamish Friedlander
036c36a7dd FIX: Have ParameterConfirmationToken work regardless of include path 2013-07-19 14:33:56 +12:00
Hamish Friedlander
d38bd7d5cb Merge branch 'origin/3.0' into 3.1 2013-07-19 14:18:49 +12:00
Hamish Friedlander
1298d4a5bd FIX Prevent DOS by checking for env and admin on ?flush=1 (#1692) 2013-07-19 12:24:32 +12:00
Cam Spiers
b44641336b FIX ConfigManifest regenerating every request if variantKeySpec is an empty array() 2013-07-10 11:53:44 +12:00
Cam Spiers
2d30592f72 Improve memory performance when generating config static and class caches 2013-07-08 21:24:14 +12:00
Cam Spiers
0aeb2293bb Allow module directories to be named with more valid characters ensuring that module names in fragment meta-data are correct.
Unit tests for ConfigManifest reference path parsing
2013-07-06 14:16:59 +12:00
Simon Welsh
9deb11f9a0 Use preg_replace_callback over preg_replace with e modifier 2013-07-05 09:08:58 +12:00
Hamish Friedlander
5484283a25 FIX changing environment in config.php changes matched yaml rules 2013-07-02 13:21:27 +12:00
Hamish Friedlander
e74c002647 FIX Only and Except rules in Configs not working 2013-07-01 15:47:37 +12:00
Hamish Friedlander
03aa9e4b41 FIX ConfigManifest caching to not use existing cache from wrong $base 2013-06-28 11:25:14 +12:00
Simon Welsh
e55be50783 FIX: ConfigStaticManifest not handling multipart namespaces
Fixes #2126
2013-06-26 16:01:55 +12:00
micmania1
49835c3bb1 Updated calls to methods instead of firect properties in PaginatedList 2013-06-23 13:20:38 +01:00
Ingo Schommer
690f1c1570 BUG Manually require SS_DAG in Core.php
Avoids errors when manifest needs to be built,
e.g. after faulty test runs. SS_DAG is depended on by ConfigManifest.
2013-06-18 23:00:32 +02:00
Jeremy Thomerson
071d5b6fa0 FIX: error message doesn't always include class name
When a method was not found on UnsavedRelationList I was getting the following error:
Object->__call(): the method 'nameOfMethod' does not exist on ''
(nameOfMethod has been replaced here since it was a method I added via an extension)
2013-05-25 14:43:40 +12:00
Stephen Shkardoon
aa3699ff0a Deprecate magic_quotes and fix bad install opts
Change the in_array call to not do bad things with strict casting off
Add a deprecated message if you run with magic_quotes on
Change the requirement for magic_quotes to an error
2013-05-25 12:42:52 +12:00
Daniel Hensby
bc9567c9ef FIX Environment file finder logic
Fixing the logic that searches for environment files so that warnings
due to open_basedir are suppressed and both the 'realdir' and the server
path are spidered for the environment file.
2013-05-22 14:35:33 +01:00
Will Rossiter
ddcfcf7bed Update @package, @subpackage labels
Cleanup of framework's use of @package and @subpackage labels and additional of labels for classes missing packages.

Moved all GridField related components to the one name.

Countless spelling fixes, grammar for other comments.

Link ClassName references in file headers.
2013-05-21 22:24:41 +12:00
Damian Mooyman
6e0e3564e1 NEW Added beforeExtending, afterExtending, and beforeUpdateCMSFields to allow user code better control over interaction with extending methods 2013-05-16 10:34:45 +12:00
Sam Minnee
b401d39aec NEW: Move temp data into a user-specific subfolder, to stop temp-permission bugs from occurring.
Anyone who has run "sudo -u www-data ./framework/sake dev/build" knows that SilverStripe's temp
folder permissions can be very brittle.  This patch resolves this by making the temp folder
user-specific.

To minimise directory pollution it first creates a chmod 777 parent folder with the same name
as the current folder.  It then creates a subfolder of this with the same name as the current
user.

The positive impact of this change is that sake can be used without fear of messing up file
permissions.  This means, among other things, that we can put a Composer post-update-cmd into
the installer to run dev/build.  Progress!

The negative impact is that you will get two caches if you run sake as a different user.  However,
that is much better than the current situation - which is a bunch of bugs - and if you're concerned
about that, you still have the option of running sake as www-data.
2013-05-15 12:54:55 +02:00
Daniel Hensby
9a6a6ec75d Arbitrary placement of _ss_environment.php in parent folders
Removes hardcoding to three levels
2013-05-14 13:39:43 +02:00
Will Rossiter
718108969b API: Add ArrayLib::flatten($array, $preserveKeys) 2013-05-11 00:00:31 +12:00
Will Rossiter
7a9f142c97 FIX: ensure config variables exist 2013-05-08 21:36:49 +12:00
Loz Calver
429ac17a0f NEW Allow setting of ASSETS_DIR in _ss_environment.php 2013-05-07 10:06:34 +02:00
Simon Welsh
835aefbe83 FIX Handle PHP 5.4's short array notation everywhere arrays are parsed. 2013-05-05 13:27:42 +12:00
Ingo Schommer
5efae23cb2 FIX Template discovery on themed Layout templates
Was failing when 'main' template only exists in theme,
but 'Layout' template only exists in module.
2013-04-30 15:41:26 +02:00
Loz Calver
0384369acb FIX: _config/ directories are now correctly detected as modules (fixes #1762)
DO NOT MERGE: to be reviewed. Only i18n & Deprecation classes use
->getModules() as far as I can see. Given that the method still simply
returns an array of modulename => modulepath, I don't think it's really
an API change
2013-04-18 14:08:03 +01:00
Ingo Schommer
ae09301c8c Revert deprecation of Object::add_extension() usage
This reverts commit 14b997eea3.
Its just not practical to use the Config API as it stands,
the add_extension() wrapper does more than just a Config->update().

Most use cases can be covered via YML, but any conditional
additions (e.g. in unit tests) can still benefit from the
add_extensions() shorthand.
2013-04-11 11:40:53 +02:00
Ingo Schommer
14b997eea3 API Deprecated Object::add_extension() usage (as of 3.2) 2013-04-09 15:00:34 +02:00
Ingo Schommer
1cfc159f1a Un-deprecated Object::add_extension() non-LSB usage (fixes #1710)
Its usage is too common to force-remove it just for a shortcut.
We still recommend adding extensions through YAML of course.
2013-04-09 14:56:26 +02:00
Will Rossiter
1427a0637b FIX: remove_extension should work on parameterized extensions 2013-04-06 19:29:03 +13:00
Ingo Schommer
ebca1a64ed Merge pull request #1299 from silverstripe/user-specific-temp-folder
NEW: Move temp data into a user-specific subfolder, to stop temp-permission bugs from occurring.
2013-04-02 02:44:53 -07:00
Ingo Schommer
a415db91d4 FIX Clone Config_LRU incl. objects in array
Caused key confusions when using Config::nest()/unnest()
2013-03-26 12:47:52 +01:00
Hamish Friedlander
600d9cff53 API Make Object::config use late static binding
Can now be used in instance scope, like:
  $this->config()->db
and in static scope, like:
  Page::config()->db
2013-03-26 00:37:47 +01:00
Ingo Schommer
4ea98ae440 Removed Object::*_extension() non-LSB deprecation
Its just a simplication, and unnecessarily complicates
module compatibilities.
2013-03-26 00:31:25 +01:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
69ae1f338f FIX Clean cache on Config->remove() 2013-03-24 17:20:36 +01:00
Ingo Schommer
bb52f2a214 FIX Allow FALSE in Config API, call remove() will NULL key on update() 2013-03-24 17:20:36 +01:00
Sam Minnee
5779097939 NEW: Move temp data into a user-specific subfolder, to stop temp-permission bugs from occurring.
Anyone who has run "sudo -u www-data ./framework/sake dev/build" knows that SilverStripe's temp
folder permissions can be very brittle.  This patch resolves this by making the temp folder
user-specific.

To minimise directory pollution it first creates a chmod 777 parent folder with the same name
as the current folder.  It then creates a subfolder of this with the same name as the current
user.

The positive impact of this change is that sake can be used without fear of messing up file
permissions.  This means, among other things, that we can put a Composer post-update-cmd into
the installer to run dev/build.  Progress!

The negative impact is that you will get two caches if you run sake as a different user.  However,
that is much better than the current situation - which is a bunch of bugs - and if you're concerned
about that, you still have the option of running sake as www-data.
2013-03-24 18:39:50 +13:00
Ingo Schommer
bfab74ac6e Merge pull request #1321 from silverstripe-rebelalliance/feature/config
FIX ConfigStaticManifest persisting access level after parsing a static
2013-03-22 02:25:54 -07:00
Sean Harvey
9f35b13b48 Merge pull request #1322 from ajshort/pulls/class-spec-parsing
FIX Incorrect parsing of T_STRING values in class spec parsing
2013-03-21 21:20:35 -07:00
Andrew Short
d3e4863f52 FIX Incorrect parsing of T_STRING values in class spec parsing
* Due to missing break, the T_STRING case would fall through to array.
* The values were being added to the wrong variable.
* Added missing support for missing null values.
2013-03-22 14:37:55 +11:00
Hamish Friedlander
47edbfe8fc FIX ConfigStaticManifest persisting access level after parsing a static 2013-03-22 14:26:48 +13:00
Ingo Schommer
81a51331d6 IX Load _config.php's after static config manifest
This allows more sophisticated handling of config alterations
in _config.php. One example is additions to DataObject::$db
based on configuration which requires some processing.

See https://github.com/unclecheese/TranslatableDataObject/blob/master/TranslatableDataObject.php
2013-03-21 00:16:36 +01:00
Ingo Schommer
eb9a8d6e6e Require Config.php in core to avoid fatal errors when building manifest 2013-03-20 14:45:43 +01:00
Ingo Schommer
06ff9f72b1 Increased recent deprecation warnings from 3.1 to 3.2
The deprecations are supposed to denote the release where
the functionality will be removed, as opposed to the one where
its deprecated. Having 3.1 as a target for recent changes
in popular methods like Object::add_extension() causes
too many short-term hassles, there's no "grace period".
2013-03-20 10:00:51 +01:00
Andrew Short
b8a51c3792 Merge branch '3.0' into 3.1 2013-03-19 22:27:09 +11:00
Ingo Schommer
8629985115 Mark private static deprecation notice for 3.2
Its too intrusive for 3.1 at the moment
2013-03-19 10:39:11 +01:00
Stephen Shkardoon
9ac104b8c7 BUG $_COOKIES is not un-magic_quotes'd
Added stripslashes_recursively to $_COOKIE (fixes #6309)
2013-03-19 22:13:07 +13:00
Hamish Friedlander
3543a93623 FIX SplFixedArray causes segfaults in old versions of PHP 2013-03-18 10:22:11 +13:00
Ingo Schommer
e0be520fef Require config manifests in Core.php to avoid upgrading issues
They need to be present for the autoloader to rebuild
the manifest in the first place.
2013-03-14 11:40:00 +01:00
Ingo Schommer
321f2e43bd Merge pull request #1287 from silverstripe-rebelalliance/feature/config
Don't use Zend_Cache in manifests
2013-03-14 11:37:01 +01:00
Hamish Friedlander
252e6bce28 FIX Make multiple TemplateManifests not corrupt each other 2013-03-14 12:49:03 +13:00
Hamish Friedlander
168f071499 API Make HTMLValue replace-able via DI
Extracted common code out to SS_HTMLValue and made abstract, then
put HTML 4 specific code in SS_HTML4Value. Its now possible to
replace HTMLValue with one designed for HTML 5 or XHTML

Requires a code change from new SS_HTMLValue to
Injector::inst()->create(HTMLValue)
2013-03-14 12:49:02 +13:00
Hamish Friedlander
beafcf38db Don't use Zend_Cache in manifests
The overhead of Zend_Cache in manifests is too high - we don't
need LRU or tags, just somewhere to dump a bunch of data that
persists

You can replace the class used by defining SS_MANIFESTCACHE
to be a class that implements the ManifestCache interface
(we can't use the Config system to set this, as it isn't
initialised yet).
2013-03-14 12:07:07 +13:00
Hamish Friedlander
d8a1df4312 Further secure eval call in ConfigStaticManifest
It shouldnt be possible to get ConfigStaticManifest to parse
a user uploaded file, and if you could it shouldnt be possible
to form PHP that token_get_all could parse which would end
up executing any code.

However just in case it is, this changes the eval to assign to a
static, so the eval will give a syntax error if an attacker
manages to make $value look like `ls` or some other expression
2013-03-13 12:42:48 +13:00
Hamish Friedlander
53595dc930 FIX Parsing docblock comments in ConfigStaticManifest 2013-03-13 11:59:49 +13:00
Hamish Friedlander
60b72edfba FIX Parsing heredoc, nowdoc & comments in ConfigStaticManifest 2013-03-13 11:26:49 +13:00
Hamish Friedlander
e6352dffbb FIX Static polution with informational fields 2013-03-12 17:14:12 +13:00
Hamish Friedlander
7f58730904 FIX Avoid get_parent_class in ConfigStaticManifest (was loading all classes) 2013-03-12 16:52:11 +13:00
Hamish Friedlander
943b5cf3a4 Remove debug message, any still unexpected token is an error 2013-03-12 15:40:12 +13:00
Hamish Friedlander
a6f1a200b6 Some micro-optimisations for Config 2013-03-04 09:25:23 +13:00
Hamish Friedlander
024a0b90a9 Add ability to create temporary Config copies 2013-02-28 09:43:33 +13:00
Hamish Friedlander
6b986cb17d Extract statics via code analysis rather than introspection 2013-02-28 09:43:33 +13:00
Hamish Friedlander
c98621977c Cache the merged version of any Config value in an in-mem LRU cache 2013-02-28 09:43:33 +13:00
Hamish Friedlander
904fd2d5dc API Make Object::config use late static binding
Can now be used in instance scope, like:
  $this->config()->db
and in static scope, like:
  Page::config()->db
2013-02-27 15:13:59 +13:00
Robert Curry
cc1a5824f2 Fix deprecated use of has_extension 2013-02-07 14:30:46 +13:00
Daniel Hensby
be78098065 Arbitrary placement of _ss_environment.php in parent folders
Removes hardcoding to three levels
2013-01-21 22:33:54 +01:00
Ingo Schommer
c11b3918fc Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/css/screen.css
	admin/scss/_style.scss
	core/PaginatedList.php
	email/Mailer.php
2013-01-21 11:14:57 +01:00
Jeremy Thomerson
a70df3e472 BUG PaginatedList deprecated method was calling non-existent method 2013-01-15 13:25:16 -06:00
Simon Welsh
c56a80d6ce Use preg_replace_callback over preg_replace with e modifier 2012-12-20 13:40:42 +13:00
Simon Welsh
94be5c6d87 FIX Handle namespaced classes in Object::parse_class_spec() 2012-12-18 15:00:45 +13:00
Simon Welsh
b0121b541c Add codesniffer that ensures indentation is with tabs. 2012-12-12 17:33:31 +13:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Will Rossiter
683db8dc1d API Explicitly load project template files after modules
Resolves an issue where if not using the themes directory (i.e just a single app folder) you cannot override module templates.
Changes the SS_TemplateManifest constructor with a new $project argument.
2012-12-04 10:47:37 +01:00
Ingo Schommer
c55c7c33f8 Merge branch '3.0'
Conflicts:
	admin/code/CMSProfileController.php
	composer.json
	tests/model/DataObjectTest.php
2012-11-22 23:51:28 +01:00
Sean Harvey
7042d87fd1 Remove deprecated Object::set_uninherited() 2012-11-16 14:34:20 +13:00
Ingo Schommer
e4d71c2a20 Add Composer autoloader
Mainly to get PHPUnit going as a composer requirement
rather than through PEAR (which is easier to set up).
2012-11-15 13:40:09 +01:00
Sean Harvey
b6870add90 Removing deprecated Core.php functions 2012-11-15 14:43:13 +13:00
Sean Harvey
b5ee9f9cbe Removing ClassInfo::is_subclass_of(), use is_subclass_of() instead 2012-11-15 14:43:13 +13:00
Sean Harvey
78311c9ca6 Remove deprecated PaginatedList::getPageLimits() and setPageLimits()
Use the individual getters on PaginatedList instead.
2012-11-15 14:43:13 +13:00
Andrew O'Neil
0c8de0a1de APICHANGE: Use late static binding for Object::has_extension() 2012-11-07 11:07:55 +13:00
Andrew O'Neil
6dd6a5c188 APICHANGE: Use late static binding for Object::remove_extension() 2012-11-07 11:07:55 +13:00
Andrew O'Neil
fdea5321c7 APICHANGE: add_extension() is now called directly on the class, instead of on Object 2012-11-07 11:07:55 +13:00
Ingo Schommer
a5fd3cf985 BUG Inspect current directory for include_path
This fixes problems where require/include calls rely
on the relative file path, e.g. in i18n.php.

Followup from https://github.com/silverstripe/sapphire/pull/904
2012-11-01 10:10:06 +01:00
Damian Mooyman
0d7816b55d BUG Fixed issue with Deprecation failing to extract the module from a stacktrace, especially on non-unix systems
API Added Convert::nl2os function to normalise end of line characters across systems with tests
BUG Fixed i18n unit tests in non-unix systems constantly failing
BUG Fixed problems with HTMLCleaner tests failing in non-unix systems
2012-10-17 11:57:16 +13:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Sean Harvey
b075fa29c5 Have tiny_mce_gzip.php use local silverstripe-cache folder if available
This is a fix for ticket #7670. Some hosting situations don't
allow write access to the system temp path. tiny_mce_gzip.php is currently
using sys_get_temp_dir() by default, and not using a local silverstripe-cache
folder that may exist in the SilverStripe project.

This change moves the getTempFolder() function into a common file, and
includes that in core/Core.php, as well as thirdparty/tinymce/tiny_mce_gzip.php
so both locations share the same code to work out the temp path.
2012-09-19 16:43:17 +12:00
Sean Harvey
e0beca198b Added missing $tempPath argument (regression from last commit) 2012-09-19 13:30:05 +12:00
Sean Harvey
aa4fa75091 Consistently use the $base argument to getTempFolder() 2012-09-19 13:27:43 +12:00
Sam Minnée
57ad36e11d Merge pull request #750 from silverstripe-rebelalliance/open/5971
FIX If ClassName read from DB doesnt exist, dont break
2012-08-29 22:48:31 -07:00