Steve Boyd
2991901660
ENH Update deprecation messages
2022-10-13 14:05:49 +13:00
Loz Calver
9b45342a06
FIX: Add missing casting for Form::getAttributesHTML ( fixes #10386 )
2022-07-04 12:24:58 +01:00
Steve Boyd
511b3bb060
ENH PHP 8.1 compatibility
2022-04-14 13:12:59 +12:00
Lukas
552cf5944d
MNT Fix various typos with codespell ( #10177 )
2021-12-13 21:05:33 +13:00
Maxime Rainville
b43d68f9b4
API Add an AttributesHTML trait
2021-11-18 15:31:01 +13:00
GuySartorelli
fc349db511
API Add a way to check if a form or form field has an extra css class ( #10112 )
...
Required for silverstripe/silverstripe-admin#1252
2021-11-01 17:01:17 +13:00
Ingo Schommer
8806b3befc
Fixes required for dot notation support in fields
...
See #9163
2021-05-20 20:32:25 +12:00
Dan Hensby
23ffd2bbd6
Linting fix
2021-05-20 20:32:25 +12:00
Sam Minnee
5dcf5197da
FIX: Make the ./_ substitution optional.
2021-05-20 20:32:25 +12:00
Sam Minnee
02fb7c3b17
NEW: Support dot syntax in form field names
...
This change adds support for these in a few places.
- Form::saveInto($record)
- Form::loadDataForm($record)
- Form::loadDataForm($_POST)
Fixes https://github.com/silverstripe/silverstripe-framework/issues/9163
2021-05-20 20:32:24 +12:00
William Desportes
c932d7e7fb
Fix the phpdoc blocks
2020-12-21 22:23:23 +01:00
Robbie Averill
84b4057a9a
Merge pull request #9406 from chrispenny/feature/standardise-get-cms-validator
...
v4 improvement: Standardise getCMSValidator for DataObjects/Forms
2020-07-16 15:58:33 -07:00
Christopher Darling
4303917ac5
DOCS Form::loadDataFrom constants in docblock
...
... missing MERGE_ prefix as defined in this class
2020-05-28 16:40:12 +01:00
cpenny
b45a3561df
Implemented PR feedback. Added some initial test cov
2020-05-28 11:18:46 +12:00
cpenny
d7dd93f7a7
Standardise getCMSValidator for DataObjects/Forms
2020-05-28 11:18:46 +12:00
Andre Kiste
3a424747df
Merge pull request #9332 from shoosah/feature/add-error-message-into-field
...
Allow to add error message into a specific field
2020-05-01 15:46:29 +12:00
Daniel Hensby
237b2d5f74
Convert array delcarations to short array syntax
2020-04-20 18:58:09 +01:00
Maxime Rainville
acd7d94167
Merge branch '4.4' into 4.5
2020-02-17 13:07:26 +13:00
Serge Latyntcev
ad1b00ec7d
[CVE-2019-19325] XSS through non-scalar FormField attributes
...
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
shoosah
2724d93111
Allow to add error message into a specific field
2019-11-22 11:03:27 +13:00
aNickzz
28be2b2263
Swap argument order for implode
...
I noticed this squiggly red line while perusing the code.
The PHP doc says
`implode ( string $glue , array $pieces ) : string`
> implode() can, for historical reasons, accept its parameters in either order. For consistency with explode(), however, it may be less confusing to use the documented order of arguments.
2019-05-11 00:32:23 +09:30
Russell Michell
0397c54b5a
FIX: Fixes #8459
...
- Missing conditionals for optional constructor args
- Missing calls to FieldList::setForm()
- Missing guards around naive calls to Form::Fields()->foo()
2018-12-19 13:28:19 +13:00
Damian Mooyman
cfc3b851e7
Merge remote-tracking branch 'origin/4.1' into 4.2
...
# Conflicts:
# lang/sv.yml
2018-06-19 17:20:25 +12:00
Maxime Rainville
3f80e2dc67
FIX Don't reload form session data using FormField::setSubmittedValue… ( #8184 )
2018-06-19 11:27:09 +12:00
Damian Mooyman
6b8f63c4d5
Refactor redirect cache busting into middleware
2018-06-14 14:11:31 +12:00
Damian Mooyman
e93289326e
Add Form::canBeCached() method
2018-06-14 11:17:21 +12:00
Daniel Hensby
befd81d0c2
FIX Bug with forms being cached
2018-06-13 11:33:46 +12:00
Damian Mooyman
c8b3593090
API Form::makeReadonly() returns self
...
Fixes #8006
2018-04-16 14:01:49 +12:00
Daniel Hensby
9ed3cd4042
Merge branch '4.0' into 4.1
2018-03-16 14:57:05 +00:00
Thomas Portelange
2e1c70b56c
Ensure tmpData exists
...
Otherwise you might get illegal string offset
2018-03-15 20:40:05 +01:00
Damian Mooyman
a3c52f901a
Merge remote-tracking branch 'origin/4.0' into 4
...
# Conflicts:
# src/Core/TempFolder.php
# src/ORM/DataObject.php
# src/View/ThemeResourceLoader.php
# src/includes/constants.php
# tests/php/Control/SimpleResourceURLGeneratorTest.php
# tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php
# tests/php/View/RequirementsTest.php
2018-01-22 14:57:05 +13:00
Daniel Hensby
db610aaf3b
Fixing string concat CS issues
2018-01-16 18:39:30 +00:00
Damian Mooyman
a50fd009ca
Update PHPDoc
2017-12-14 15:08:32 +13:00
Robbie Averill
823e49526f
NEW Allow SSViewer and SSViewer_FromString to be injectable
2017-07-13 20:48:58 +12:00
Saophalkun Ponlu
288de2eb14
BUG Add flag on form whether to notify user when there's unsaved changes
2017-06-28 11:14:12 +12:00
Sam Minnee
10866c0809
API: Replace Director::direct() with Director::handleRequest().
...
There was no longer any code in direct() and so I opted to expose the
handleRequest() method instead.
2017-06-27 13:32:39 +12:00
Damian Mooyman
3873e4ba00
API Refactor bootstrap, request handling
...
See https://github.com/silverstripe/silverstripe-framework/pull/7037
and https://github.com/silverstripe/silverstripe-framework/issues/6681
Squashed commit of the following:
commit 8f65e56532
Author: Ingo Schommer <me@chillu.com>
Date: Thu Jun 22 22:25:50 2017 +1200
Fixed upgrade guide spelling
commit 76f95944fa
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 16:38:34 2017 +1200
BUG Fix non-test class manifest including sapphiretest / functionaltest
commit 9379834cb4
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 15:50:47 2017 +1200
BUG Fix nesting bug in Kernel
commit 188ce35d82
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 15:14:51 2017 +1200
BUG fix db bootstrapping issues
commit 7ed4660e7a
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 14:49:07 2017 +1200
BUG Fix issue in DetailedErrorFormatter
commit 738f50c497
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 11:49:19 2017 +1200
Upgrading notes on mysite/_config.php
commit 6279d28e5e
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 11:43:28 2017 +1200
Update developer documentation
commit 5c90d53a84
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 10:48:44 2017 +1200
Update installer to not use global databaseConfig
commit f9b2ba4755
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 21 21:04:39 2017 +1200
Fix behat issues
commit 5b59a912b6
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 21 17:07:11 2017 +1200
Move HTTPApplication to SilverStripe\Control namespace
commit e2c4a18f63
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 21 16:29:03 2017 +1200
More documentation
Fix up remaining tests
Refactor temp DB into TempDatabase class so it’s available outside of unit tests.
commit 5d235e64f3
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 21 12:13:15 2017 +1200
API HTTPRequestBuilder::createFromEnvironment() now cleans up live globals
BUG Fix issue with SSViewer
Fix Security / View tests
commit d88d4ed4e4
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 20 16:39:43 2017 +1200
API Refactor AppKernel into CoreKernel
commit f7946aec33
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 20 16:00:40 2017 +1200
Docs and minor cleanup
commit 12bd31f936
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 20 15:34:34 2017 +1200
API Remove OutputMiddleware
API Move environment / global / ini management into Environment class
API Move getTempFolder into TempFolder class
API Implement HTTPRequestBuilder / CLIRequestBuilder
BUG Restore SS_ALLOWED_HOSTS check in original location
API CoreKernel now requires $basePath to be passed in
API Refactor installer.php to use application to bootstrap
API move memstring conversion globals to Convert
BUG Fix error in CoreKernel nesting not un-nesting itself properly.
commit bba9791146
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 18:07:53 2017 +1200
API Create HTTPMiddleware and standardise middleware for request handling
commit 2a10c2397b
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 17:42:42 2017 +1200
Fixed ORM tests
commit d75a8d1d93
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 17:15:07 2017 +1200
FIx i18n tests
commit 06364af3c3
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 16:59:34 2017 +1200
Fix controller namespace
Move states to sub namespace
commit 2a278e2953
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 12:49:45 2017 +1200
Fix forms namespace
commit b65c21241b
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 15 18:56:48 2017 +1200
Update API usages
commit d1d4375c95
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 15 18:41:44 2017 +1200
API Refactor $flush into HTPPApplication
API Enforce health check in Controller::pushCurrent()
API Better global backup / restore
Updated Director::test() to use new API
commit b220534f06
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 22:05:57 2017 +1200
Move app nesting to a test state helper
commit 603704165c
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 21:46:04 2017 +1200
Restore kernel stack to fix multi-level nesting
commit 2f6336a15b
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 17:23:21 2017 +1200
API Implement kernel nesting
commit fc7188da7d
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 15:43:13 2017 +1200
Fix core tests
commit a0ae723514
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 15:23:52 2017 +1200
Fix manifest tests
commit ca03395251
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 15:00:00 2017 +1200
API Move extension management into test state
commit c66d433977
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 14:10:59 2017 +1200
API Refactor SapphireTest state management into SapphireTestState
API Remove Injector::unregisterAllObjects()
API Remove FakeController
commit f26ae75c6e
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 12 18:04:34 2017 +1200
Implement basic CLI application object
commit 001d559662
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 12 17:39:38 2017 +1200
Remove references to SapphireTest::is_running_test()
Upgrade various code
commit de079c041d
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 7 18:07:33 2017 +1200
API Implement APP object
API Refactor of Session
2017-06-22 22:50:45 +12:00
Antony Thorpe
6348f2e3e8
Updated Form.php & 04_Form_Security.md
...
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting. In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf ) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]." The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)
).
Why not make this the default behaviour? Is there a scenario where this would cause a problem? Have manually tested in the CMS (alpha7) and is working fine.
Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8
.
2017-06-06 21:10:49 +12:00
Damian Mooyman
fba8e2c245
API Remove Object class
...
API DataObjectSchema::manyManyComponent() return array is now associative array
2017-05-23 13:50:35 +12:00
Robbie Averill
f2cbe86f03
Remove CustomMethods::createMethod and create_function implementations, replace with closures
2017-05-19 15:56:44 +12:00
Aaron Carlino
c99ed2d262
Reorganise i18n keys
2017-05-08 23:34:39 +12:00
Damian Mooyman
0c41a97a8b
API Refactor Form request handling into FormRequestHandler
...
API Add HasRequestHandler interface
API Refactor Link() and url handling behaviour from Controller into RequestHandler
API RequestHandler classes now must define url_segment to have a default Link()
API Clean up redirectBack()
2017-03-10 15:04:33 +13:00
Damian Mooyman
029a8b9586
API Substitute Zend_Currency with NumberFormatter based solution
...
API Substitute Zend_Locale with Locale / NumberFormatter
API Substitute Zend_Date with IntlDateFormatter
API Added DBTIme::Nice12, FormatFromSettings
API Added Short() method to DBDate / DBTime / DBDatetime
API Add Date::getTimestamp()
API Added setSubmittedValue api for FormField
API Add second arg to base FormField::setValue()
API Major refactor of i18n into component data parts
API Implement Resettable interface to reset objects between tests
ENHANCEMENT Changed DBField::create_field return type to `static` to support better type hinting
ENHANCEMENT i18nTextCollector supports __CLASS__
2017-02-09 15:28:59 +13:00
Daniel Hensby
664c0eafbe
Merge branch '3'
2016-12-28 14:30:54 +00:00
Damian Mooyman
6e589aac75
API Updates to Form, ValidationResponse, ValidationException
...
API Implement form schema "errors" handling
2016-12-09 14:24:11 +13:00
Sam Minnee
6650561dac
Don't use session and FormSchema to manage server-side React validation responses
2016-12-09 10:27:23 +13:00
Daniel Hensby
c6d43b477e
Merge branch '3'
2016-11-29 13:27:49 +00:00
Damian Mooyman
1b1e921e3d
PSR2: Whitespace-only changes
2016-11-29 12:31:16 +13:00
Sam Minnee
7a10c194bd
NEW: Move code files into src/ folder.
...
This updates framework to be more in keeping with PHP conventions.
2016-11-01 13:37:24 +13:00