tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
19,619 Commits 31 Branches 527 Tags
Commit Graph

221 Commits

Author SHA1 Message Date
Sam Minnee
e226b67d06 Refactoring of authenticators 
Further down the line, I'm only returning the `Member` on the doLogin, so it's possible for the Handler or Extending Handler to move to a second step.
Also cleaned up some minor typos I ran in to. Nothing major.

This solution works and is manually tested for now. Supports multiple login forms that end up in the correct handler. I haven't gotten past the handler yet, as I've yet to refactor my Yubiauth implementation.

FIX: Corrections to the multi-login-form support.

Importantly, the system provide a URL-space for each handler, e.g.
“Security/login/default” and “Security/login/other”. This is much
cleaner than identifying the active authenticator by a get parameter,
and means that the tabbed interface is only needed on the very first view.

Note that you can test this without a module simply by loading the
default authenticator twice:

SilverStripe\Security\Security:
  authenticators:
    default: SilverStripe\Security\MemberAuthenticator\Authenticator
    other: SilverStripe\Security\MemberAuthenticator\Authenticator

FIX: Refactor delegateToHandler / delegateToHandlers to have less
duplicated code.
 2017-06-07 21:11:52 +12:00
Damian Mooyman
8c0ced311f Merge pull request #6998 from AntonyThorpe/StrictFormMethodCheck 
Updated Form.php & 04_Form_Security.md  - strictFormMethodCheck to true
 2017-06-06 23:06:11 +12:00
Antony Thorpe
6348f2e3e8 Updated Form.php & 04_Form_Security.md 
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
 2017-06-06 21:10:49 +12:00
Christopher Joe
d12c986dd5
Fixes printing from crashing 2017-06-06 13:31:37 +12:00
Damian Mooyman
e7d87add9f API Remove legacy HTMLEditor classes 2017-05-30 11:01:28 +12:00
Damian Mooyman
0cd40ca6e5
BUG Fix minor accessors of legacy ->class property 2017-05-25 11:55:12 +12:00
Damian Mooyman
d15b9ee0b0 Response to feedback 2017-05-23 13:50:35 +12:00
Damian Mooyman
fba8e2c245 API Remove Object class 
API DataObjectSchema::manyManyComponent() return array is now associative array
 2017-05-23 13:50:35 +12:00
Damian Mooyman
7bc8172bc1 Merge pull request #6937 from caffeineinc/2930-checkboxfield-invalid-html 
CheckboxField creates invalid HTML when required #2939
 2017-05-22 13:44:58 +12:00
Simon Gow
cdc03602ed CheckboxField creates invalid HTML when required #2939 
- Updated CheckboxField, CheckboxSetField, DropdownField, OptionsetField
 to validate with HTML5 attributes & aria-required.

https://www.w3.org/TR/wai-aria/states_and_properties#aria-required
 2017-05-22 12:15:28 +12:00
Damian Mooyman
2aa3b5d5fa Merge pull request #6934 from robbieaverill/pulls/4.0/consistent-instance-method 
API Consistent use of inst() naming across framework
 2017-05-22 11:57:20 +12:00
Damian Mooyman
80bff0d099 Merge pull request #6932 from mikenz/pulls/4.0/treedropdownfield-orphaned 
Bugfix: Parent treedropdownfield for an orphaned page is broken
 2017-05-22 10:53:33 +12:00
Robbie Averill
f2cbe86f03 Remove CustomMethods::createMethod and create_function implementations, replace with closures 2017-05-19 15:56:44 +12:00
Robbie Averill
ad43a82923 API Consistent use of inst() naming across framework 2017-05-19 14:38:06 +12:00
Mike Cochrane
31578d4771 Bugfix: Parent treedropdownfield for an orphaned page is broken 2017-05-19 12:15:36 +12:00
Ingo Schommer
adbf9d9f71 Process actions on Form subclasses 
Regression introduced through https://github.com/silverstripe/silverstripe-framework/issues/6362.

Quote from the RFC:

```
Thus the order of action precedence becomes

action callback
action on the Form
action on the FormRequestHandler
action on any parent controller (if given)
```
 2017-05-18 22:47:39 +12:00
Damian Mooyman
8ed675d29b Merge pull request #4542 from patricknelson/issue-4417-validator-remove-validation-master 
FIX for #4417: Ensuring ->removeValidation() is defined on instances of Validator. Setup new API for enabling/disabling validation. Documentation and better type handling.
 2017-05-18 09:27:48 +12:00
Christopher Joe
0534a5ec0c Fix TreeDowndropField copying 2017-05-17 16:52:21 +12:00
Christopher Joe
287ad35f0d Fix change API to hasEmptyDefault() to be inline with SingleSelectField 2017-05-17 10:13:54 +12:00
Christopher Joe
3927e7e248 Fix added cache key for TreeDropdownField cache 2017-05-17 10:13:54 +12:00
Christopher Joe
6869e450a0 Enhancement added customisable emptyTitle and a showRootOption property in TreeDropdownField 2017-05-17 10:13:54 +12:00
Patrick Nelson
5fa3c85280
FIX for #4417: Ensuring ->removeValidation() is defined on instances of Validator. Setup new API for enabling/disabling validation. Documentation and better type handling. 2017-05-16 12:58:00 +01:00
Saophalkun Ponlu
1ec7c4e523 Fix lint error 2017-05-16 11:53:23 +12:00
Saophalkun Ponlu
a975b88661 Pass autofocus flag to front-end 2017-05-16 11:53:23 +12:00
Daniel Hensby
e741af9127
Merge branch 'pull/6905' 2017-05-12 12:21:02 +01:00
Ralph Slooten
43a122cc36 Fix for meta closing tags 
Prevent html errors when FormField::create_tag('meta') is called from $MetaTags() so
```
<meta name="generator" content="SilverStripe - http://silverstripe.org"></meta>
```
becomes
```
<meta name="generator" content="SilverStripe - http://silverstripe.org" />
```

Add all void elements to list
 2017-05-12 08:49:15 +12:00
Christopher Joe
edcb220e4a Enhancement add EmailLink form factory server-side 2017-05-11 09:57:55 +12:00
Christopher Joe
c58dc97d39 Fix optional $id param because of how methodSchema passes a parameter 2017-05-11 09:57:55 +12:00
Christopher Joe
2ee0d99806 Enhancement switch FormFactories to use RequestHandler instead of Controller 2017-05-11 09:57:55 +12:00
Christopher Joe
403f4db14d Fix change titles to return schema values in schema 
Enhancement Add EditorExternalLink call for toolbar
 2017-05-11 09:57:55 +12:00
Aaron Carlino
4af71b9ed7 Pulls/4/remove reliance on admin dir (#6876) 
* Stop relying on external constants

* Revise getTinyMCEPath method to throw exception when no path can be computed

* Throw exception on no gzip, better admin module check
 2017-05-10 13:18:44 +12:00
Saophalkun Ponlu
fd51f35bc2 Update tests 2017-05-09 16:52:32 +12:00
Saophalkun Ponlu
97dac7028c De-couple schema type and type attribute 2017-05-09 16:50:33 +12:00
Sam Minnée
33119a1f36 Merge branch 'master' into pulls/4.0/remove-deprecated-methods 2017-05-09 15:31:53 +12:00
Ingo Schommer
1d438d3fb5 API Remove deprecated FormAction::createTag() 2017-05-09 11:38:35 +12:00
Ingo Schommer
bbf15ab9f1 Allow type override in FormAction 2017-05-09 11:16:41 +12:00
Ingo Schommer
0d9b383631 API Removed legacy form fields (fixes #6099) 2017-05-09 11:16:41 +12:00
Aaron Carlino
afd1575267 ENHANCEMENT GridField passes in context for canCreate 2017-05-09 09:15:09 +12:00
Aaron Carlino
c99ed2d262 Reorganise i18n keys 2017-05-08 23:34:39 +12:00
Uncle Cheese
d51c4891e2 New namespaced i18n keys 2017-04-28 14:59:42 +12:00
Uncle Cheese
494cbd1875 Ran upgrader for lang files 2017-04-28 14:59:42 +12:00
Ingo Schommer
22f232ed4d Mark up <time> in validation errors 
Allow better localisation of values in JS
 2017-04-27 21:44:52 +12:00
Ingo Schommer
cbe534c675 Fixed component capitalisation 2017-04-27 15:36:18 +12:00
Ingo Schommer
94b49e3e28 Removed unused field 2017-04-27 15:36:11 +12:00
Ingo Schommer
60706c8efd Store $value in ISO and server timezone consistently, fix min/max timezone handling 2017-04-27 14:59:11 +12:00
Ingo Schommer
628fd216ad PHPDoc fixes 2017-04-27 11:56:23 +12:00
Ingo Schommer
f01a20d5c4 Only used normalised ISO on HTML5 2017-04-27 11:56:18 +12:00
Ingo Schommer
de8abe1167 API rename 2017-04-27 11:53:43 +12:00
Ingo Schommer
b852a76334 Consistent schema keys 2017-04-27 11:47:04 +12:00
Ingo Schommer
14b3468eee Removed setting format in getter 
That’s already handled in getFormatter()
 2017-04-27 11:09:59 +12:00