Commit Graph

1984 Commits

Author SHA1 Message Date
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Tom Densham
3596892001 FIX: GridField button styling
Remove all top/bottom margins from buttons and apply to GridFieldButtonRow component. Ensure that all buttons are added to a suitable GridFieldButtonRow in ModelAdmin, SecurityAdmin and Group.
2013-06-21 14:22:00 +01:00
Ingo Schommer
da0cc25c3b Merge pull request #2129 from tractorcow/3.1-htmleditor-mediaform-fixes
BUG Fixed issue in file upload via the HTML Editor media dialogue
2013-06-20 02:10:16 -07:00
Damian Mooyman
f47383f52e BUG Fixed issue where file upload via the HTML Editor media dialogue would not prompt users to overwrite existing files 2013-06-20 15:21:18 +12:00
Hamish Friedlander
328467f1b5 FIX: ConfirmedPasswordField used to expose existing hash 2013-06-20 14:09:30 +12:00
Sam Minnée
34287895ef Merge pull request #2099 from chillu/pulls/insert-media-tweaks
Various "Insert Media" dialog tweaks
2013-06-18 21:32:00 -07:00
Ingo Schommer
080da1eefc Removed colons from field labels in "Insert Media" detail screen
We don't use them in other field labels either
2013-06-15 10:13:45 +02:00
Ingo Schommer
91f6255fed Full URL on hover in UploadField detail screen
Works around possible truncation of the URL when it gets too long
2013-06-15 10:13:45 +02:00
Ingo Schommer
4bc2f9bc0d Localization-resilient SCSS selector (fixes #1590) 2013-06-15 10:13:45 +02:00
Ingo Schommer
10a558c882 Hide "delete" button in "Insert Media" dialog 2013-06-15 10:13:44 +02:00
Ingo Schommer
3f295adbdd .field.noborder style, use it in "Insert Media" dialog 2013-06-15 10:13:43 +02:00
Ingo Schommer
7ce9677dcb Moved GridField table padding to buttons
Avoid double padding when no bottom buttons exist
2013-06-15 10:13:43 +02:00
Ingo Schommer
63eb9518d2 Consistent Form setters (returning $this on setHTMLID()) 2013-06-13 07:51:08 +02:00
Ingo Schommer
bfff11eb9c API New CMSForm class to allow validation responses in CMS (fixes #1777)
Thanks to @willmorgan for getting this discussion started
(see https://github.com/silverstripe/sapphire/pull/1814).
2013-06-13 07:51:05 +02:00
Ingo Schommer
ab9e0286f0 Merge pull request #2051 from kinglozzer/candelete-gridfield-fix
Fix: Enable delete button for users with canDelete() but no canEdit() permissions
2013-06-12 02:10:41 -07:00
Mateusz Uzdowski
d1482bee15 Add autocomplete=off switch for the password field.
Some clients require disabling of the browser password handling
mechanisms. Add a switch to make it possible without hacking the core.

No change to default behaviour.
2013-06-12 09:41:18 +12:00
Ingo Schommer
a643f95796 Merge pull request #2080 from tractorcow/3.1-mediadialog-overwrite-hack
BUG Temporarily disable overwrite warning on HtmlEditorField "insert media".
2013-06-11 00:11:39 -07:00
Ingo Schommer
1c150ac3a0 Merge pull request #2044 from jonom/patch-3
FIX #527 : Add Thumbnails to 'Choose another file' dialogue
2013-06-10 05:13:08 -07:00
Damian Mooyman
78bd73d40d BUG Temporarily disable overwrite warning on HtmlEditorField "insert media" dialogue until this feature properly supports validation error recovery. 2013-06-10 15:35:28 +12:00
Damian Mooyman
96023079d5 API Removed user_error when setting missing option on UploadField via setConfig. Added documentation to this function as a replacement for the check. 2013-06-07 14:32:30 +12:00
Loz Calver
dcec30f4e3 Fix: Enable delete button for users with canDelete() but no canEdit() permissions
$form->makeReadonly(); iterates over all fields/actions, disabling the 'delete' button even when the user has permission
2013-06-03 12:31:40 +01:00
jonom
34bc067400 NEW: Add Thumbnails to 'Choose another file' dialogue
Very difficult to choose an image based on file name alone. Added thumbnail and reduced rows from 10 to 8 to compensate for increased height of rows with thumbnail included.
2013-05-31 17:42:03 -05:00
Ingo Schommer
5d97f615ce Merge remote-tracking branch 'origin/3.0' into 3.1 2013-05-31 17:52:24 +02:00
Damian Mooyman
7f057ce343 API UploadField functions on new records
Fixed regression from 1e5d40474d (UploadField::canPreviewFolder).
Merged in pull request #2009 - (6018bdd631).
Merged pull request #1259 (34bfc862ee).
2013-05-27 15:22:59 +12:00
Ingo Schommer
6f2ba3fcac Merge pull request #2009 from sminnee/uploadfield-choose-new-file
NEW 'Choose another file' button on upload field AAS-917
2013-05-25 01:55:26 -07:00
Julian Seidenberg
22c7bbfcd4 NEW UploadField displays a warning before overwriting files (only relevant if config.yml: Upload:replaceFile = true). 2013-05-25 19:07:06 +12:00
jean
6018bdd631 NEW 'Choose another file' button on upload field AAS-917 2013-05-25 18:38:02 +12:00
Simon Erkelens
513270ca48 API: Allow array of fields passed to FieldList::removeByName()
Supports passing an array to removeByName(), which is iterate and then removed. Useful for removing fields from a fieldlist that are not on a tab. Similar to removeFieldsFromTab();
This is cleaner than a new function.
2013-05-25 15:31:30 +12:00
uniun
5596442081 FIX: Form::set_current_action() never gets called. 2013-05-24 11:25:36 +03:00
Ingo Schommer
c85c495848 BUG GridFieldFilterHeader works without non-filterable cols
Previously relied on the presence of a last column which wasn't filterable,
commonly a GridFieldEditButton. If this wasn't present, the filter buttons
were never added, leading to the GridField JS reload request being sent
without the required button form action, so GridFieldFilterHeader->handleAction()
was never called.
2013-05-23 17:48:27 +02:00
Will Rossiter
ddcfcf7bed Update @package, @subpackage labels
Cleanup of framework's use of @package and @subpackage labels and additional of labels for classes missing packages.

Moved all GridField related components to the one name.

Countless spelling fixes, grammar for other comments.

Link ClassName references in file headers.
2013-05-21 22:24:41 +12:00
Ingo Schommer
842dc98681 Added "saves into..." label to UploadField template
CMS users shouldn't need to guess where their files will end up.
2013-05-14 10:39:05 +02:00
Justin Martin
644fa29e41 Include Zend_Locale_Format
Fix Zend_Locale_Format not being included.
2013-05-13 10:55:05 -07:00
Will Rossiter
a99dbae012 FIX: NumericField should work with numbers like 54,6
Fixes http://open.silverstripe.org/ticket/5577.

Uses Zend_Locale_Format::isNumber(). Includes unit test for NumericField. Does not include testing work on DBField underlying NumericField to ensure that works consistently.
2013-05-11 22:51:39 +12:00
Will Rossiter
42cf2a95bd FIX: Add support for multi dimensional source arrays in LookupField (open/6132) 2013-05-11 00:01:39 +12:00
Will Rossiter
94d6b1ccff FIX: Disable autocomplete on ConfirmedPasswordField instances. 2013-05-10 20:32:59 +12:00
Will Rossiter
09fcdb8c31 Coding conventions for ConfirmedPasswordField 2013-05-10 20:23:06 +12:00
Sam Minnée
9672a22166 Merge pull request #1851 from chillu/pulls/form-strict-method-check
Form strict method check
2013-05-08 22:31:40 -07:00
Ingo Schommer
a1216b5e32 Merge pull request #1250 from wilr/gridfield-action-fixes
FIX: Do not blindly pass input values to GridField_FormAction URL's
2013-05-08 04:20:40 -07:00
Ingo Schommer
a9edf47189 Merge pull request #1830 from a2nt/media_dialog_add_url_btn_fix
FIX media dialog add url button fix
2013-05-08 01:42:04 -07:00
Ingo Schommer
14c59be85e API Form::setStrictFormMethodCheck() and strict argument to setFormMethod()
Thanks to @sminnee for getting this started
2013-05-08 10:25:13 +02:00
Simon Welsh
8930304dfc Only set GridField state in request if a value is submitted 2013-05-07 08:15:27 +12:00
a2nt
423c737502 FIX media dialog add url button fix
Use HtmlEditorField.BUTTONADDURL for localization
2013-05-04 03:34:02 +07:00
Ingo Schommer
5ca9db5e5e Limit HtmlEditorField HTMLText casting note to existing fields
This prevents it from failing for proxied values
like BlogEntryForm, where the field name doesn't exist,
and rather gets processed and saved into a different field.
2013-04-29 09:32:05 +02:00
Will Rossiter
a6b0807b9f Merge pull request #1800 from willmorgan/patch-1
Define ConfirmedPassword::$children as a public variable
2013-04-24 16:18:44 -07:00
Will Morgan
9732a7fb3b Fixing typo on Validator exception message 2013-04-24 18:50:40 +02:00
Will Morgan
676aa8de05 Defining $children as a public variable
Defining $children as a public variable (it was previously defined on-the-fly)
2013-04-24 16:25:13 +02:00
Ingo Schommer
7f6671628d "UploadFieldFileButtons" casting (regression from casting changes)
Caused the UploadField rows to show "[Object object]" because
it tried to pass through a PHP object to JS without string casting
(the return used to be a string).
2013-04-18 17:09:56 +02:00
uniun
4d70daa9e2 BUG: HiddenFields and VisibleFields should always return extraFields
HiddenFields() and VisibleFields() should always return extraFields, e.g. HiddenFields doesn't return SecurityID if it is called before Fields().
2013-04-17 20:31:17 +02:00
Sean Harvey
2a65f17542 Merge pull request #1757 from tractorcow/3.1-phone-field-fix
BUG Fixed incorrect variable usage in generation of PhoneNumberField form fields
2013-04-14 14:01:09 -07:00
chiujl
cb463449e8 DatetimeField returns wrong year
This is related to how Zend_Date returns year for YYYY & yyyy format. Detailed explanation is here http://framework.zend.com/issues/browse/ZF-5297

Sample code (adapted the Datetimefield setValue() method) to highlight the problem:

include 'framework/thirdparty/Zend/Date.php';

$userValueObj = new Zend_Date(null, null, 'en_US');
$userValueObj->setTimezone('GMT');
$userValueObj->setDate('2012-01-01', 'YYYY-MM-dd');
$userValueObj->setTime('00:00:00', 'HH:mm:ss');
echo $userValueObj->get('YYYY-MM-dd HH:mm:ss', 'en_US'), "\n"; // returns 2011-01-01 00:00:00
echo $userValueObj->get('yyyy-MM-dd HH:mm:ss', 'en_US'), "\n"; // returns 2012-01-01 00:00:00
2013-04-13 06:26:52 +08:00
Damian Mooyman
0dfc6d5eab BUG Fixed incorrect variable usage in generation of PhoneNumberField form fields 2013-04-12 15:13:58 +12:00
Ingo Schommer
59dc0085d8 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	docs/en/reference/urlvariabletools.md
	tests/forms/CheckboxFieldTest.php
2013-04-12 01:13:32 +02:00
Ingo Schommer
933fbf8ea4 l10n key to make "yes" and "no" translatable (see #1749) 2013-04-12 01:11:24 +02:00
Ingo Schommer
9856fcef21 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	javascript/DateField.js
	model/DataQuery.php
	model/Versioned.php
	tests/forms/RequirementsTest.php
	tests/model/DataObjectLazyLoadingTest.php
	view/Requirements.php
2013-04-09 14:45:35 +02:00
Ingo Schommer
01f46d039f NEW Enforce max node counts to avoid excessive resource usage
Rendering potentially 1000s of nodes can exceed the CPU and memory constraints
of a normal PHP process, as well as the rendering capabilities of browsers.
Set a hard maximum for the renderable nodes, deferring to a "show as list" action
in the main CMS tree. For TreeDropdownField, we don't have the list fallback option,
so ask the user to search for the node title instead.

Also makes both the "node_threshold_total" and "node_threshold_leaf" values configurable
2013-04-09 10:24:18 +12:00
Will Rossiter
69722222b4 FIX: Ensure FieldList::push() doesn't eliminate key 2013-04-06 19:16:59 +13:00
Nik Rolls
5143c8149a Form now loads correctly when ClassName is changed. 2013-04-02 11:03:49 +02:00
Stig Lindqvist
3aced1151f BUG: GridFieldFilterHeader only filters on last filter
GridFieldFilterHeader only filters on the last filter argument because it keeps recloning the original datalist
2013-03-29 20:06:57 +13:00
g4b0
c63d840561 BUGFIX: fixed access to asset_preview_width in getFieldsForImage 2013-03-27 17:52:40 +01:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Andrew Short
222e554ce6 Merge pull request #1328 from a2nt/html_tabs_fix
FIX Localized HtmlEditorField Tabs
2013-03-24 04:20:24 -07:00
a2nt
27b0cda054 FIX Localized HtmlEditorField Tabs
Tabs can have only lattin characters in it's name
2013-03-24 15:19:45 +06:00
Ingo Schommer
63c8441410 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/javascript/LeftAndMain.js
2013-03-21 00:11:17 +01:00
Ingo Schommer
2787d360c1 FIX "Insert Link" and other TinyMCE loading bugs (fixes #8327)
Caused by SS loading a URL with html entities (&)
through the Requirements API, which only works when directly
inserted into the HTML template (standard behaviour),
but garbles the URL GET parameters when loaded via the jQuery.ondemand
JavaScript/XHR logic.

It didn't fail the request, just meant that tiny_mce_gzip.php wasn't
getting all the required options from the GET parameters.
And since this newly loaded file contains the same JS globals,
it would override previously loaded (correct) state.
2013-03-20 17:58:17 +01:00
Ingo Schommer
06ff9f72b1 Increased recent deprecation warnings from 3.1 to 3.2
The deprecations are supposed to denote the release where
the functionality will be removed, as opposed to the one where
its deprecated. Having 3.1 as a target for recent changes
in popular methods like Object::add_extension() causes
too many short-term hassles, there's no "grace period".
2013-03-20 10:00:51 +01:00
Ingo Schommer
0a9f3b75a9 Fixed deprecated usage of <% control %> 2013-03-19 12:58:14 +01:00
Ingo Schommer
3abfc7e25c Merge pull request #1300 from patbolo/ticket/8328
FIX #8328 Expose previously selected values of TreeMultiSelectField so t...
2013-03-19 01:27:21 -07:00
Ingo Schommer
2a73b370d0 Merge pull request #1204 from dhensby/unsavedrelationlist-improvements
BUG UnsavedRelationList aren't checked
2013-03-18 13:43:41 -07:00
jean
d9f4a362d7 FIX #8328 Expose previously selected values of TreeMultiSelectField so they are not wipped out when selecting more values at an higher level in hierarchy 2013-03-19 08:48:44 +13:00
Hamish Friedlander
168f071499 API Make HTMLValue replace-able via DI
Extracted common code out to SS_HTMLValue and made abstract, then
put HTML 4 specific code in SS_HTML4Value. Its now possible to
replace HTMLValue with one designed for HTML 5 or XHTML

Requires a code change from new SS_HTMLValue to
Injector::inst()->create(HTMLValue)
2013-03-14 12:49:02 +13:00
Ingo Schommer
07886c3e61 Merge pull request #1262 from ajshort/grid-field-null-list
BUG: Fix grid field rendering when the list is null
2013-03-08 06:12:20 -08:00
ajshort
a965d3b374 BUG: Fix grid field rendering when the list is null 2013-03-09 01:04:51 +11:00
Tom Densham
ed4057f573 Avoid mid-sentence periods in combined field validation messages
See https://github.com/silverstripe/sapphire/pull/1241
2013-03-08 12:16:03 +01:00
Will Rossiter
1ddd1ddc47 Docblock and coding conventions for GridField related classes. 2013-03-05 10:29:27 +13:00
Will Rossiter
36d3303e1b FIX GridField export and print actions should preserve state. 2013-03-05 10:27:15 +13:00
Ingo Schommer
af52de97e9 Merge pull request #1161 from chillu/pulls/uploadfield-replacefile
NEW Upload->replaceFile setting
2013-02-27 01:24:27 -08:00
Ingo Schommer
bea1b9002d Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	control/HTTP.php
2013-02-26 13:28:35 +01:00
Ingo Schommer
25af4adce2 Merge tag '3.0.5' into 3.0 2013-02-20 02:21:41 +01:00
Daniel Hensby
4e36020118 BUG UnsavedRelationList aren't checked
When saveInto is called on ListboxField and CheckboxsetField,
UnsavedRelationList should be an acceptable relationship type. This is
leading to relations not being saved on initial creation of Member
objects
2013-02-19 14:58:31 +00:00
Ingo Schommer
16d0c188ee BUG Find Form actions in CompositeFields for access checks
This bug was introduced with the new nested CMS actions
around December 2012, but wasn't noticed until now
because checkAccessAction() would wrongly return TRUE
before the dataFieldByName() check was reached.
2013-02-19 15:48:29 +01:00
Daniel Hensby
b7e34bd54c Removing redundant function
At the moment form actions (buttons) have the classes 'action action' as default. This is because the extraClass function adds 'action' and then calls the parent method. The parent then includes the $this->Type() ('action') again.

So I've remove this overloading of extraClass
2013-02-18 16:38:15 +00:00
Graeme Smith
a1114b8fcb MINOR: Correct exception message in constructor 2013-02-18 15:01:48 +00:00
Ingo Schommer
14dcc82e76 BUG Find Form actions in CompositeFields for access checks
This bug was introduced with the new nested CMS actions
around December 2012, but wasn't noticed until now
because checkAccessAction() would wrongly return TRUE
before the dataFieldByName() check was reached.
2013-02-18 15:30:36 +01:00
Ingo Schommer
92458d9f43 Fixed line lengths 2013-02-18 14:41:49 +01:00
Hamish Friedlander
4b54383d68 API change request handling to be more orthogonal
RequestHandler#handleAction now exists. It takes the request, and
the action to call on itself. All calls from handleRequest to call an action
will go through this method

Controller#handleAction has had it's signature changed to
match new RequestHandler#handleAction

RequestHandler#findAction has been added, which extracts the
"match URL to rules to find action" portion of RequestHandler#handleRequest
into a separate, overrideable function

GridField#handleAction has beeen renamed to handleAlterAction and
CMSBatchActionHandler#handleAction has been renamed to handleBatchAction to
avoid name clash with new RequestHandler#handleAction

Reason for change: The exact behaviour of request handling depended heavily
on whether you inherited from RequestHandler or Controller, and whether the
rule extracted it's action directly (like "foo/$ID" => 'foo') or dynamically
(like "$Action/$ID" => "handleAction"). This cleans up behaviour so
all calls follow the same path through handleRequest and handleAction, and
the additional behaviour that Controller adds is clear.
2013-02-18 14:56:04 +13:00
Hamish Friedlander
7efae6b95f Merge remote-tracking branch 'origin/3.0' into 3.1 2013-02-18 14:31:57 +13:00
Ingo Schommer
7bb0bbff0e BUGFIX Fixed XSS in admin/security and "My Profile" forms 2013-02-17 23:27:15 +01:00
Ingo Schommer
e21bd49462 BUG TimeField respects user choice (fixes #8260)
Regression from c969e04731.
Also fixes width to accommodate for widest common format:
"11:11:11 AM"
2013-02-17 21:00:02 +01:00
Ingo Schommer
f4068371fc Merge pull request #1159 from chillu/pulls/datetimefield-field-setters
DatetimeField->setDateField()/setTimeField()
2013-02-14 11:31:31 -08:00
Ingo Schommer
14a56c18e9 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	control/Director.php
2013-02-07 21:45:16 +01:00
Ingo Schommer
048f6b19fe Removed DatetimeField->setDescription() proxying
We shouldn't pass it to the child fields since it ends
up showing the description three times in the default
"inline" mode. If the description is required as a hover/focus effect,
it can be set individually on the fields.
2013-02-07 11:41:20 +01:00
Ingo Schommer
083b6b2164 NEW Upload->replaceFile setting 2013-02-05 19:28:24 +01:00
Ingo Schommer
b350ded87c Fixed DatetimeField formatting (single row, smaller field)
Also removed the arbitrary right-floating of fields within a fieldgroup
2013-02-05 12:01:32 +01:00
Ingo Schommer
6c22545639 DatetimeField->setDateField()/setTimeField()
Useful e.g. to override the time field with the
"silverstripe/timefield" dropdown
2013-02-05 11:03:19 +01:00
Ingo Schommer
857d8bb8df FIX Don't escape values on TreeDropdownField readonly views
They typically output TreeTitle() which is assumed to be HTML.
2013-02-04 17:15:32 +01:00
Ingo Schommer
634c91c6ff Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	email/Mailer.php
2013-01-30 12:46:24 +01:00
Sam Minnee
9a2ba483df BUGFIX: Made CSRF-error wording friendlier. 2013-01-29 18:03:49 +01:00
Sam Minnee
47e037e74c FIX: Removed notice-level error after forms w/ required fields are made readonly. 2013-01-29 18:03:47 +01:00
Simon Welsh
3439e30ac1 Corrects indentation and line length 2013-01-24 19:56:02 +13:00