Commit Graph

2865 Commits

Author SHA1 Message Date
Damian Mooyman
738e1db756 Update Nginx rules
Prevent disclosure of secure assets
2016-01-13 18:18:22 +13:00
Damian Mooyman
037467beae API Asset Access Control implementation 2016-01-13 18:18:22 +13:00
Daniel Hensby
2dd8d5e518 Fixing anchor selection 2016-01-12 17:35:06 +00:00
Sam Minnee
4aa50534d5 FIX: Fixes needed to adapt to whitespace changes.
API: Whitespace trimmed from custom form field templates

The introduction of trailing newlines on all template files introduced
some changes that needed to be made.

Notably, whitespace has been trimmed from rendered form field templates.
This is the minimal impact to SilverStripe developers, as it preserves
the behaviour of the default field types, but I’ve still noted as a
change.
2016-01-07 14:17:57 +13:00
Sam Minnee
3ee8f505b7 MINORE: Remove training whitespace.
The main benefit of this is so that authors who make use of
.editorconfig don't end up with whitespace changes in their PRs.

Spaces vs. tabs has been left alone, although that could do with a
tidy-up in SS4 after the switch to PSR-1/2.

The command used was this:

for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//'
done
2016-01-07 10:15:54 +13:00
Loz Calver
c9ba0e48fc NEW: Add ViewableData::setFailover() to refresh detected methods when changing failover 2016-01-06 15:19:33 +00:00
Daniel Hensby
4335d8ed22 FIX Members with no ID inherit logged in user permission 2016-01-05 08:16:18 +00:00
Damian Mooyman
bb09340605 Merge pull request #4876 from SilbinaryWolf/remove-validation-from-lookupfield
Added unit test to ensure LookupField can't save into a DataObject
2016-01-05 10:18:36 +13:00
Jake Ben
c07dcaa3af Added unit test to ensure LookupField can't save into a DataObject 2015-12-24 14:30:50 +11:00
Damian Mooyman
fce82519bd BUG Workaround for issues in testing version 2015-12-22 17:47:53 +13:00
Damian Mooyman
19b10044ec Merge remote-tracking branch 'origin/3.2' into 3 2015-12-22 17:05:07 +13:00
Damian Mooyman
66b3a6a2c5 Merge pull request #4840 from mateusz/guard
BUG Guard against users being added to all groups on unsaved Group.
2015-12-22 16:29:09 +13:00
Damian Mooyman
48a30909f3 Merge remote-tracking branch 'origin/3.2' into 3
# Conflicts:
#	admin/javascript/LeftAndMain.BatchActions.js
#	css/UploadField.css
#	forms/HtmlEditorField.php
2015-12-22 14:07:52 +13:00
Loz Calver
d265c9b733 FIX: Allow omitting a value for OptionsetField submissions (fixes #4824) 2015-12-14 16:50:22 +00:00
Loz Calver
9467ab9a7e NEW: Implement unshift() in field list classes (closes #4834) 2015-12-14 16:18:57 +00:00
Damian Mooyman
62f183d037 API before/afterExtend now support parameters passed by reference
Closes #4810
2015-12-14 10:10:45 +13:00
Mateusz Uzdowski
5a21b2fb15 BUG Guard against users being added to all groups on unsaved Group.
If ->Members()->add() is called on an unsaved group (with ID 0), the
collateFamilyIDs() will errorneously return all root Groups thinking
it's looking for Groups with ParentID=0. As a result, the Member will be
added to all root groups, instead of just the selected group and all its
children.
2015-12-11 14:51:51 +13:00
Ingo Schommer
0175167761 Merge pull request #4830 from open-sausages/pulls/3/fix-querystring-stage
API Disable unauthenticated get parameter access to site stage mode
2015-12-10 10:44:43 +13:00
Damian Mooyman
fa0160a874 BUG Fix regression in canViewStage 2015-12-09 14:53:21 +13:00
Hamish Friedlander
1eda9151a4 Merge pull request #4831 from open-sausages/pulls/3/fix-versioned-canview
API Create default security permission model for versioned data objects
2015-12-09 14:17:27 +13:00
Damian Mooyman
6089a7c5bd API Create default security permission model for versioned data objects 2015-12-09 11:33:53 +13:00
Marcus Nyeholt
fc5e584201 Format for SS3 using tabs instead of spaces 2015-12-08 15:19:24 +11:00
Damian Mooyman
38e154af0a API Disable get parameter access to site stage mode
BUG Fix missing and undocumented response from Security::permissionFailure()
2015-12-07 17:39:18 +13:00
Marcus Nyeholt
f7c270a3ba NEW Use Config for determining Vary header
Existing implementation hardcodes the Vary header; swap to using Config layer
instead

Added test for changing the variable from config
2015-12-02 10:28:24 +11:00
Daniel Hensby
b694829084 Merge pull request #4812 from tractorcow/pulls/4.0/api-composite-sort
API Enable DataList::sort to support composite field names
2015-11-30 23:54:45 +00:00
Damian Mooyman
c13b5d989f API Enable advanced configuration options for requirements combined files
API Enable relative root paths for the default Flysystem AssetAdapter
2015-12-01 11:07:13 +13:00
Damian Mooyman
641c26299c API Enable linear-only restriction for DataList::applyRelation
API Remove DataList::getRelation
2015-12-01 09:58:27 +13:00
Damian Mooyman
2b1e5ee071 API Enable DataList::sort to support composite field names (similar to filter) 2015-12-01 09:35:33 +13:00
Damian Mooyman
ce28259c5f API Replace CacheGeneratedAssetHandler with FlysystemGeneratedAssetHandler
API Reduce GeneratedAssetHandler API
API Re-introduce Requirements::delete_all_combined_files();
API Re-introduce Requirements::flush()
API Combined files now uses new filenames distinguished by sha1 of sources
2015-11-26 16:12:05 +13:00
Christopher Darling
e9b833f5f0 FIX: ConfirmedPassword field correctly reports mismatching passwords
added testFormValidation to prove #4780
2015-11-20 15:56:27 +00:00
Loz Calver
68d99be24b FIX: Hidden errors for composite fields nested inside FieldGroups (fixes #4773) 2015-11-17 16:34:17 +00:00
Damian Mooyman
fd6ae72e1d Merge remote-tracking branch 'origin/3.2.1' into 3.2 2015-11-16 16:39:15 +13:00
Hamish Friedlander
b61d6dcd57 [ss-2015-027]: FIX HtmlEditorField_Toolbar#viewfile not whitelisting URLs 2015-11-13 15:20:09 +13:00
Damian Mooyman
fea1158d19 BUG Fix print button only displaying first page 2015-11-12 14:59:08 +13:00
Damian Mooyman
245e0aae2f [ss-2015-026]: BUG Fix FormField error messages not being encoded safely 2015-11-11 17:50:02 +13:00
Ingo Schommer
ac4342d81d [ss-2015-022]: XML escape RSSFeed $link parameter 2015-11-11 17:46:39 +13:00
Damian Mooyman
97f21fddb3 [ss-2015-021] Fix rewrite hash links XSS 2015-11-11 17:46:27 +13:00
Damian Mooyman
bc1b2893ac [ss-2015-026]: BUG Fix FormField error messages not being encoded safely 2015-11-11 16:56:19 +13:00
Ingo Schommer
4f55b6a115 [ss-2015-022]: XML escape RSSFeed $link parameter 2015-11-11 16:54:04 +13:00
Damian Mooyman
132e9b3e2f [ss-2015-021] Fix rewrite hash links XSS 2015-11-11 16:52:53 +13:00
Damian Mooyman
0272e443f4 BUG Prevent dev/build continually regenerating Number field type 2015-11-11 09:21:50 +13:00
Daniel Hensby
d380252488 Merge pull request #4760 from tractorcow/pulls/3.2/fix-empty-filter
BUG Correct behaviour for empty filter array (as per 3.1)
2015-11-10 01:48:47 +00:00
muskie9
603caccb90 ENHANCEMENT CurrencyField to use Currency.currency_symbol
fixes #4035

I have limited experience with regex, so I hope I did it correctly. I was able to save/save & publish with the curent regex and the values look good.
2015-11-09 19:38:51 -06:00
Damian Mooyman
732e705bbf BUG Correct behaviour for empty filter array (as per 3.1) 2015-11-10 14:24:45 +13:00
Will Morgan
6d85d618b6 Merge pull request #4751 from dhensby/pulls/plural-fix
Fixing issue where words ending ay/ey/iy/oy/uy are not pluralised correctly
2015-11-06 16:55:25 +00:00
Daniel Hensby
dad3784621 Fixing issue where words ending ay/ey/iy/oy/uy are not pluralised correctly 2015-11-06 16:23:45 +00:00
Daniel Hensby
ef35c2bb6b Merge pull request #4457 from tractorcow/pulls/4.0/no-query
API Remove SQLQuery
2015-11-03 16:41:07 +00:00
Garion Herman
6a1a3bf182 Corrected TotalItems() method to use Count(). Added test coverage. (fixes #4646) 2015-11-04 00:20:45 +13:00
Damian Mooyman
1e1a7a345c Merge remote-tracking branch 'origin/3'
Conflicts:
	control/Director.php
	filesystem/File.php
	filesystem/GD.php
	filesystem/ImagickBackend.php
	forms/HtmlEditorField.php
	javascript/UploadField_uploadtemplate.js
	model/Image.php
	model/Image_Backend.php
	model/fieldtypes/Enum.php
	templates/AssetUploadField.ss
	tests/model/ImageTest.php
	tests/search/FulltextFilterTest.php
2015-11-03 14:23:16 +13:00
Damian Mooyman
c4dc10b255 Merge remote-tracking branch 'origin/3.2' into 3
Conflicts:
	forms/DropdownField.php
	tests/model/ImageTest.php
2015-11-03 13:06:39 +13:00
Damian Mooyman
2813f94124 BUG Ensure that filters on any fixed field are scoped to the base data table
Fixes #4700
2015-10-30 16:26:14 +13:00
Damian Mooyman
db16248b9a BUG Fix broken InlineFormAction 2015-10-29 10:48:49 +13:00
Damian Mooyman
d1ea74e40d API Implement AssetField to edit DBFile fields 2015-10-23 16:57:44 +13:00
Damian Mooyman
3e7eecf978 API Remove SQLQuery 2015-10-23 16:26:04 +13:00
Damian Mooyman
e17a49f8a5 API Restore JS Minification
BUG Fix incorrect cache on CacheGeneratedAssetHandler
2015-10-23 14:14:38 +13:00
Ingo Schommer
f252cfad20 Merge pull request #4680 from open-sausages/features/dbfile-generated-files
API Generated files API
2015-10-23 13:19:56 +13:00
Damian Mooyman
fe3d23f0d4 BUG Fix GeneratedAssetHandler crashing on expired resources 2015-10-23 11:46:58 +13:00
Damian Mooyman
f9892c628c API Generated files API
API Refactor Requirements_Backend to use new APL
2015-10-23 10:07:48 +13:00
Loz Calver
977642daa9 Remove Spyc YAML library
Also had to fix some fixture files - none of the YAML spec versions actually support tabs anyway
2015-10-19 17:07:34 +01:00
Daniel Hensby
1974e79d71 Allow multi-line enum declarations 2015-10-15 16:23:19 +01:00
Damian Mooyman
d884c859d1 BUG Fix file link tracking for new asset abstraction 2015-10-15 12:15:00 +13:00
Damian Mooyman
be239896d3 API Refactor of File / Folder to use DBFile
API Remove filesystem sync
API to handle file manipulations
2015-10-13 11:57:39 +13:00
Patrick Nelson
f192a6ecaf FIX #4392: Ensure headers are checked first before being clobbered by globally maintained state. Also ensuring tests utilize separate responses for isolation. 2015-10-09 13:50:33 -04:00
Daniel Hensby
95ae107c4c Merge pull request #4486 from uniun/patch-2
BUGFIX. FulltextFilter requires table identifiers in match query
2015-10-07 10:28:15 +01:00
Elvinas L.
630062c0e0 Removed whitespaces 2015-10-07 09:33:02 +03:00
Elvinas L.
19c754bf9a Fixed tests 2015-10-06 18:59:39 +03:00
Damian Mooyman
df805af67b BUG Imagick tests compare image dimensions rather than image hashes 2015-10-06 16:35:44 +13:00
Damian Mooyman
b8335793d6 Merge pull request #4620 from kinglozzer/pulls/manymanyextrafields-compat
FIX: GridFieldDetailForm failing to save many_many relations
2015-10-06 11:49:56 +13:00
Loz Calver
1aa1d65932 Merge pull request #4610 from tractorcow/pulls/3/suppress-custom-theme
Minor: Suppress custom themes in Formtest
2015-09-24 16:17:11 +01:00
Sam Minnée
9fdd8f43db Merge pull request #4627 from tractorcow/pulls/4.0/trait-autoloading
API Support trait loading
2015-09-24 15:02:14 +12:00
Damian Mooyman
ac27836d2b API Implementation of RFC-1 Asset Abstraction 2015-09-24 12:57:28 +12:00
Damian Mooyman
f26c220d86 API Support trait loading 2015-09-24 11:57:45 +12:00
Nicola Fontana
c39cf2d55f Do not hang on nested parameters in search context 2015-09-23 09:12:02 +02:00
Loz Calver
0d89a13c2d FIX: GridFieldDetailForm failing to save many_many relations 2015-09-22 14:46:57 +01:00
Damian Mooyman
10dece653f API Consolidate DataObject db methods
BUG Fix namespace and getField on composite fields
2015-09-22 10:38:12 +12:00
Damian Mooyman
9872fbef4d API Refactor CompositeDBField into an abstract class
API Refactor ClassName into DBClassName
API Update PolymorphicForeignKey to use new CompositeDBField and DBClassName

CompositeDBField is now an interface to nested fields on an underlying dataobject, allowing field manipulation to be performed at the field and dataobject level without having to synchronise them manually.
2015-09-22 10:28:07 +12:00
Damian Mooyman
e97b14ea65 Minor: Suppress custom themes in Formtest 2015-09-17 14:23:52 +12:00
Damian Mooyman
34b71cf6c8 Merge remote-tracking branch 'origin/3' 2015-09-15 13:42:17 +12:00
Damian Mooyman
71b8aec306 Merge remote-tracking branch 'origin/3.2' into 3 2015-09-15 13:35:51 +12:00
Damian Mooyman
c4710b2272 Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	admin/code/GroupImportForm.php
	admin/code/MemberImportForm.php
	tests/model/DataListTest.php
2015-09-15 13:18:47 +12:00
Damian Mooyman
8c99659e3f Merge pull request #4563 from assertchris/split-bulk-loader-imports-to-reduce-memory-consumption
Splitting BulkLoader imports to reduce memory consumption
2015-09-15 10:22:45 +12:00
Christopher Pitt
1c5089f7fc Splitting BulkLoader imports to reduce memory consumption 2015-09-15 10:06:06 +12:00
Damian Mooyman
7367cf54c4 [ss-2015-020]: Prevent possible Privilege escalation 2015-09-10 13:01:24 +12:00
Damian Mooyman
812b5ecb62 Fix merge regressions 2015-09-09 16:18:39 +12:00
Damian Mooyman
b552a7370f Merge remote-tracking branch 'origin/3'
Conflicts:
	tests/model/ImageTest.php
2015-09-09 15:44:47 +12:00
Damian Mooyman
f10785350e Merge remote-tracking branch 'origin/3.2' into 3
Conflicts:
	docs/en/02_Developer_Guides/02_Controllers/01_Introduction.md
2015-09-09 14:50:47 +12:00
Damian Mooyman
309ac0d196 Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	.travis.yml
	admin/code/CMSProfileController.php
	admin/tests/LeftAndMainTest.php
	control/HTTP.php
	security/Permission.php
	tests/forms/FormTest.php
	tests/model/ArrayListTest.php
	tests/security/PermissionTest.php
2015-09-09 14:35:29 +12:00
micmania1
9f91b47825 NEW Update SS_ConfigStaticManifest to use Reflection 2015-09-03 22:25:42 +00:00
Jonathon Menz
2ae5d83f08 FIX Resampled images inherit source properties
Ensure Image_Cached objects can access all the properties of the source image (fixes #4569)
2015-09-02 10:38:02 -07:00
Will Morgan
17e97babf1 Merge pull request #4549 from kinglozzer/pulls/recursion-arraylist-sort
FIX: Recursion errors when sorting objects with circular dependencies (fixes #4464)
2015-09-01 16:42:17 +01:00
Loz Calver
0943b3b1a0 FIX: Recursion errors when sorting objects with circular dependencies (fixes #4464) 2015-09-01 09:37:06 +01:00
Damian Mooyman
e86b45bf5d BUG Remove html5 number field due to insufficient localisation support 2015-09-01 12:23:35 +12:00
Damian Mooyman
dc4c40f642 Merge pull request #4507 from JorisDebonnet/resampled-images-in-folders
Save resampled images into a folder structure indicating transformations
2015-09-01 11:16:23 +12:00
JorisDebonnet
ea05526e9d Save resampled images into a folder structure indicating transformations 2015-09-01 00:40:27 +02:00
Sam Minnée
f4b7cd3f68 Merge pull request #4500 from stevie-mayhew/pulls/get-response
FEATURE: implement getter and setter usage for response
2015-08-29 15:35:55 +12:00
Stevie Mayhew
1b57e0ca5b FEATURE: implement getter and setter usage for response 2015-08-29 10:24:06 +12:00
Sam Minnee
1b8d295767 API CHANGE: Shift to Monolog for error reporting and logging
API CHANGE: Debug::showError(), Debug::showLines(), Debug::log(), and Debug::header() removed
NEW: Logging provided

ZendLog has been removed and monolog introduced instead as a dependency.
The “ErrorLogger” injection point is now the used as the logger that
errors are fed into, and implements PSR-3’s Psr\Log\LoggerInterface.

The SS_ERROR_LOG setting expect a Monolog Logger to be provided as the
ErrorLogger.
2015-08-28 16:06:41 +12:00
Ingo Schommer
28554dbe94 Merge pull request #4504 from dhensby/pulls/fields-fix
When loading data into a form, make sure its using ALL fields
2015-08-28 08:38:49 +12:00
Daniel Hensby
cffb11e568 TEST Ensure data is loaded into complete FieldList 2015-08-27 17:56:22 +01:00
Loz Calver
4ec6210c98 Merge pull request #4537 from chillu/pulls/urlsegment-forward-slashes
Remove forward slash in URLs in multibyte mode
2015-08-26 16:18:53 +01:00