Commit Graph

120 Commits

Author SHA1 Message Date
Damian Mooyman
c7387ff45f API Upgrade to SilverStripe\CMS namespace 2016-08-11 11:50:18 +12:00
Daniel Hensby
ac17e12464
Merge pull request #3274 from colymba/custom-admin-url 2016-07-19 14:42:25 +01:00
Hamish Friedlander
80d4af6b6e
API Apply Framework\ORM Namespace to model 2016-06-29 10:02:32 +12:00
Damian Mooyman
5e8ae41d47 API Refactor dataobject schema management into separate service
API Allow table_name to be configured via Config
2016-06-08 13:22:56 +12:00
Patrick Nelson
0aec89d0c8 FIX for #5279 Addressing only a few PSR-2 items in one file, but primarily targeting Director::is_https() and invalid URL's. 2016-04-06 18:26:47 -07:00
Damian Mooyman
0848aca462 API Massive refactor of Versioned
API Implemented recursive versioned actions (publish, etc)
API Un-deprecate delete batch action
API Changed Versioned getters and setters for stages
BUG Inject query parameters during DataObject construction to prevent incorrect lazy loading
2016-03-17 13:43:53 +13:00
Damian Mooyman
3b0a9f4ba2 Merge remote-tracking branch 'origin/3'
# Conflicts:
#	admin/javascript/LeftAndMain.Menu.js
#	control/HTTPRequest.php
#	css/GridField.css
#	css/GridField.css.map
#	docs/en/02_Developer_Guides/03_Forms/Field_types/01_Common_Subclasses.md
#	docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md
#	docs/en/02_Developer_Guides/06_Testing/index.md
#	docs/en/02_Developer_Guides/14_Files/01_File_Management.md
#	docs/en/02_Developer_Guides/14_Files/02_Images.md
#	filesystem/Upload.php
#	javascript/HtmlEditorField.js
#	model/Image.php
#	model/connect/MySQLDatabase.php
#	model/fieldtypes/Enum.php
#	model/versioning/Versioned.php
#	scss/GridField.scss
2016-02-25 14:51:59 +13:00
Ingo Schommer
893e49703d [ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers 2016-02-18 17:28:54 +13:00
Damian Mooyman
c13b5d989f API Enable advanced configuration options for requirements combined files
API Enable relative root paths for the default Flysystem AssetAdapter
2015-12-01 11:07:13 +13:00
Christopher Pitt
da852ceea1 Improved PHPDoc comments 2015-11-14 12:55:30 +13:00
Damian Mooyman
d6f3115276 Merge pull request #4656 from spekulatius/fixing-phpdoc-blocks
fixing phpdoc blocks to refering to Objects to built-in types of PHP
2015-10-07 16:00:24 +13:00
Peter Thaleikis
7d5b4dedd1 adding a space before casting into a different type 2015-10-06 18:28:08 +13:00
Peter Thaleikis
c13dfc2fa0 fixing phpdoc blocks to refering to Objects to built-in types of PHP 2015-10-06 18:28:04 +13:00
Will Morgan
85654a495f Merge pull request #4635 from spekulatius/adding-space-before-casting
adding a space before casting into a different type
2015-09-28 11:17:08 +01:00
Peter Thaleikis
21216b47ab remove trailing spaces in the codebase 2015-09-28 22:21:08 +13:00
Peter Thaleikis
e6084b7ad2 adding a space before casting into a different type 2015-09-28 22:21:02 +13:00
Damian Mooyman
09210efbc0 Merge remote-tracking branch 'origin/3'
Conflicts:
	composer.json
	control/Session.php
	docs/en/05_Contributing/01_Code.md
	docs/en/05_Contributing/02_Release_Process.md
	forms/FormField.php
	model/DataQuery.php
	model/Image.php
	model/queries/SQLConditionalExpression.php
	view/SSViewer.php
	view/ViewableData.php
2015-07-31 15:49:35 +12:00
Damian Mooyman
e14f743bf0 Set deprecation level for all changes in 3.x to 4.0 2015-06-19 13:07:41 +12:00
Damian Mooyman
513f0191fb API New default behaviour for Director::getAbsoluteUrl 2015-06-12 16:12:38 +12:00
Damian Mooyman
8331171f2c Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	.scrutinizer.yml
	admin/javascript/LeftAndMain.Panel.js
	core/startup/ParameterConfirmationToken.php
	dev/Debug.php
	dev/FixtureBlueprint.php
	docs/en/00_Getting_Started/05_Coding_Conventions.md
	docs/en/00_Getting_Started/index.md
	docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
	filesystem/File.php
	filesystem/Folder.php
	forms/FieldList.php
	forms/LabelField.php
	forms/MoneyField.php
	forms/TextField.php
	forms/TreeDropdownField.php
	forms/Validator.php
	forms/gridfield/GridField.php
	forms/gridfield/GridFieldExportButton.php
	lang/de.yml
	lang/fi.yml
	model/DataObject.php
	model/SQLQuery.php
	parsers/ShortcodeParser.php
	security/ChangePasswordForm.php
	security/Security.php
	tests/control/DirectorTest.php
	tests/core/startup/ParameterConfirmationTokenTest.php
	tests/dev/FixtureBlueprintTest.php
	tests/forms/FieldListTest.php
	tests/forms/MoneyFieldTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
2015-06-02 19:13:38 +12:00
Thierry François
533d5dbd4b NEW Admin url can now be customized
The default 'admin/' base URL can now be changed with Director rules
2015-05-31 16:54:00 +03:00
Damian Mooyman
75137dbab2 Ensure only trusted proxy servers have control over certain HTTP headers 2015-05-28 10:12:46 +12:00
Damian Mooyman
43f49e8434 Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	admin/code/ModelAdmin.php
	control/Director.php
	model/SQLQuery.php
	security/Member.php
	tests/control/HTTPTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
	tests/view/SSViewerTest.php
2015-03-31 19:54:15 +13:00
Damian Mooyman
ee9bddb808 BUG Fix SS-2015-010 2015-03-20 17:30:37 +13:00
Daniel Hensby
f568052044 Testing empty absolute urls and more thorough tests 2015-03-13 13:56:14 +00:00
Damian Mooyman
0b1f297873 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
	README.md
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/screen.scss
	api/RestfulService.php
	conf/ConfigureFromEnv.php
	control/injector/ServiceConfigurationLocator.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	core/Object.php
	css/AssetUploadField.css
	css/ComplexTableField_popup.css
	dev/CSSContentParser.php
	dev/DevelopmentAdmin.php
	docs/en/changelogs/index.md
	docs/en/misc/contributing/code.md
	docs/en/reference/execution-pipeline.md
	filesystem/GD.php
	filesystem/ImagickBackend.php
	filesystem/Upload.php
	forms/Form.php
	forms/FormField.php
	forms/HtmlEditorConfig.php
	forms/gridfield/GridFieldDetailForm.php
	forms/gridfield/GridFieldSortableHeader.php
	lang/en.yml
	model/Aggregate.php
	model/DataList.php
	model/DataObject.php
	model/DataQuery.php
	model/Image.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	model/fieldtypes/HTMLText.php
	model/fieldtypes/Text.php
	scss/AssetUploadField.scss
	search/filters/SearchFilter.php
	security/Authenticator.php
	security/LoginForm.php
	security/Member.php
	security/MemberAuthenticator.php
	security/MemberLoginForm.php
	security/Security.php
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
	tests/control/HTTPTest.php
	tests/control/RequestHandlingTest.php
	tests/filesystem/UploadTest.php
	tests/forms/FormTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataListTest.php
	tests/model/DataObjectTest.php
	tests/model/TextTest.php
	tests/security/MemberAuthenticatorTest.php
	tests/security/SecurityDefaultAdminTest.php
	tests/view/SSViewerCacheBlockTest.php
	tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Damian Mooyman
1e612607aa Suggested improvements / test case fixes 2014-10-10 09:28:11 +13:00
Daniel Hensby
3b9056fc01 NEW Cookie_Backend for managing cookie state
I've decoupled `Cookie` from the actual act of setting and getting
cookies. Currently there are a few limitations to how Cookie works that
this change mitigates:

0. `Cookie` currently changes the super global `$_COOKIE` when setting
to make the state of an application a bit more managable, but this is
bad because we shouldn't be modifying super globals
0. One can't actually change the `$cookie_class` once the
`Cookie::$inst` has been instantiated
0. One can't test cookies as there is no class that holds the state of
the cookies (it's just held in the super global which is reset as part
of `Director::test()`
0. One can't tell the origin of a cookie (eg: did the application set it
and it needs to be sent, or did we receive it from the browser?)
0. `time()` was used, so testing was made difficult
0. There was no way to get all the cookies at once (without accessing
the super global)

Todos are on the phpdoc and I'd like to write some tests for the backend
as well as update the docs (if there are any) around cookies.
DOCS Adding `Cookie` docs

Explains basic usage of `Cookie` as well as how the `Cookie_Backend`
controls the setting and getting of cookies and manages state of sent vs
received cookies
Fixing `Cookie` usage

`Cookie` is being used inconsistently with the API throughout framework.
Either by not using `force_expiry` to expire cookies or setting them to
null and then expiring them (which is redundant).
NEW `Director::test()` takes `Cookie_Backend` rather than `array` for `$cookies` param
2014-10-06 17:44:51 +13:00
Sean Harvey
07eef2ece2 Removing deprecated class/functions marked for deprecation in 3.0/3.1 2014-08-25 12:06:05 +12:00
Sean Harvey
8063b349c8 BUG Fixing Director::test() failing on BASE_URL prefixed URLs
Example: you have a site in a sub-directory off the webroot, you call
->Link() on a SiteTree record, which returns "/[sitedir]/my-page", and
you pass this URL to Director::test(). It's a valid URL, but
Director::test() will throw a 404.

Director::test() should be ensuring that all URLs passed to it are
properly made relative, not just in the case where it thinks the URL
is absolute.
2014-08-22 15:21:53 +12:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Damian Mooyman
a89dbd29e1 Revert #3345 #3323 2014-07-31 17:05:57 +12:00
Daniel Hensby
419f308544 FIX Handle empty URLs that are made absolute
When the email sender makes the links absolute, it can't handle empty `href` or `src` attributes as there's no expectation that the string length could be 0
2014-07-25 13:09:47 +01:00
Simon Welsh
c14d58f585 Merge branch '3.1'
Conflicts:
	.travis.yml
	model/ManyManyList.php
	model/fieldtypes/DBField.php
2014-07-16 21:24:02 +10:00
Damian Mooyman
d3c7e41419 BUG using isDev or isTest query string no longer triggers basic auth 2014-07-02 11:51:51 +12:00
Sean Harvey
0ee3a683a5 Better support for overloading start and destroy methods in Session
Move functionality from static start and destroy functions into instance
methods, allowing these to be overloaded. This works the same way as
calling Session::set() which then in turn calls inst_set()

Additionally use Injector to create the default Session instance to
allow the class to be swapped out.
2014-06-20 10:35:53 +12:00
Ingo Schommer
bb03f6ba2f Merge remote-tracking branch 'origin/3.1'
Conflicts:
	forms/HtmlEditorField.php
2014-06-15 22:50:20 +12:00
Ingo Schommer
ec325a3c7f API Fix HTTPS proxy header detection
Didn't use the de facto standard HTTP_X_FORWARDED_PROTO or the less standard HTTP_FRONT_END_HTTPS.
Removed the 'X-Forwarded-Proto', since PHP should prefix/underscore all HTTP headers before it hits $_SERVER.

References:
- https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
- https://drupal.org/node/1859252
- https://drupal.org/node/313145
- http://scottwb.com/blog/2013/02/06/always-on-https-with-rails-behind-an-elb/
2014-05-22 18:34:15 +12:00
Damian Mooyman
ec578e5c8a Merge remote-tracking branch 'origin/3.1' 2014-05-12 11:32:22 +12:00
Damian Mooyman
ae573f829f BUG Fix Versioned stage not persisting in Session. Fixes #962
BUG Disabled disruptive test case in DirectorTest
API RequestProcessor and VersionedRequestFilter now both correctly implement RequestFilter
Better PHPDoc on RequestFilter and implementations
2014-05-06 14:11:44 +12:00
Damian Mooyman
982ad569b9 Merge remote-tracking branch 'origin/3.1' 2014-04-22 12:09:51 +12:00
Damian Mooyman
d8836fd488 Merge remote-tracking branch 'origin/3.0' into 3.1 2014-04-08 17:10:07 +12:00
Simon Welsh
d1befdd37c Merge pull request #2901 from dhensby/director-test
Making Director::test() ignore URL Anchors
2014-03-15 00:09:06 +13:00
Damian Mooyman
0cbad41d3b Rewrote usages of error suppression operator 2014-03-05 15:48:55 +13:00
Daniel Hensby
5e6c1b902b Making Director::test() ignore URL Anchors
Anchors should never make it to the server when they are in the browser URL bar, however tests are slightly different and some `Link()` functions may return a URL anchor. Instead of every test checking a link and stripping the anchor, I feel the Director::test() function should strip them off.
2014-02-26 12:04:47 +00:00
Stig Lindqvist
0077e25352 BUG: Director::test() don't respect port settings in $_FILE_TO_URL_MAPPING
Director::test() don't set the HTTP_HOST with the port number if that has been set.
Later call to Director::makeRelative() will return wrong value because of the strict string matching
(http://localhost/ != http://localhost:8000)

This bug affects all modules that are using Director::test in CLI where the $_FILE_TO_URL_MAPPING
have been set to use a domain with a port in it, i.e. static publishers.
2014-02-17 11:54:10 +13:00
Will Rossiter
c61f6540fb BUG Add support for X-Forwarded-Proto checking SSL (Fixes #1416)
De-facto standard for identifying the originating protocol of an HTTP request through a reverse proxy or load balancer.

http://www.geekisp.com/faq/6_65_en.html
2014-01-12 18:05:09 +13:00
Ingo Schommer
9d550f8938 Fixed merge error 2013-11-06 09:46:30 +01:00
Ingo Schommer
91f6039eed Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	control/Director.php
2013-11-05 10:15:40 +01:00
Hamish Friedlander
8801a50704 FIX oembed to avoid mixed media issues 2013-10-17 17:06:40 +13:00