Commit Graph

53 Commits

Author SHA1 Message Date
Damian Mooyman
d3c7e41419 BUG using isDev or isTest query string no longer triggers basic auth 2014-07-02 11:51:51 +12:00
Ingo Schommer
ec325a3c7f API Fix HTTPS proxy header detection
Didn't use the de facto standard HTTP_X_FORWARDED_PROTO or the less standard HTTP_FRONT_END_HTTPS.
Removed the 'X-Forwarded-Proto', since PHP should prefix/underscore all HTTP headers before it hits $_SERVER.

References:
- https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
- https://drupal.org/node/1859252
- https://drupal.org/node/313145
- http://scottwb.com/blog/2013/02/06/always-on-https-with-rails-behind-an-elb/
2014-05-22 18:34:15 +12:00
Damian Mooyman
d06d5c113b API Injector supports nesting
BUG Resolve issue with DirectorTest breaking RequestProcessor
Injector::nest and Injector::unnest are introduced to better support sandboxing of testings.
Injector and Config ::nest and ::unnest support chaining
Test cases for both Injector::nest and Config::nest
2014-04-29 08:59:33 +12:00
Damian Mooyman
d8836fd488 Merge remote-tracking branch 'origin/3.0' into 3.1 2014-04-08 17:10:07 +12:00
Marcus Nyeholt
7bcb180f27 BUG Director::test now calls RequestProcessor
This fixes https://github.com/silverstripe/silverstripe-framework/issues/2517
and provides some testing around the use of RequestProcessor in general.
2013-10-15 07:53:34 +11:00
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Ingo Schommer
1d402dd513 Unset test state in DirectorTest
This broke RSSFeedTest when running through 'sake'
2013-06-18 23:24:22 +02:00
Will Rossiter
1325d736a0 API: Add Director::is_https() 2013-05-10 22:31:38 +12:00
Ingo Schommer
9856fcef21 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	javascript/DateField.js
	model/DataQuery.php
	model/Versioned.php
	tests/forms/RequirementsTest.php
	tests/model/DataObjectLazyLoadingTest.php
	view/Requirements.php
2013-04-09 14:45:35 +02:00
Andrew Short
1fc780ce2b API: Return a 404 error when no director rule is matched 2013-04-06 18:19:03 +11:00
Sean Harvey
6eda25a090 NEW Allow specifying the secure domain to Director::forceSSL() 2013-04-03 17:47:36 +13:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
634c91c6ff Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	email/Mailer.php
2013-01-30 12:46:24 +01:00
Sam Minnee
d8bfc0bb48 API CHANGE: Added Security::set_login_url() so that you can define an alternative log-in page if you have made one yourself. 2013-01-29 18:03:47 +01:00
Sean Harvey
d038cd7a65 Removing deprecated tests 2012-11-15 14:43:15 +13:00
Ingo Schommer
56f7ce1dcf Merge remote-tracking branch 'origin/3.0'
Conflicts:
	control/Cookie.php
	control/Director.php
	control/HTTPResponse.php
	model/Database.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	view/Requirements.php
	view/SSViewer.php
2012-10-03 16:16:19 +02:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Simon Welsh
1e629f4585 Merge branch '3.0'
Conflicts:
	control/Cookie.php
	control/Director.php
	dev/Profiler.php
	view/Requirements.php
2012-09-21 14:56:56 +12:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Ingo Schommer
1088d044c5 Merge remote-tracking branch 'origin/3.0'
Conflicts:
	.travis.yml
2012-09-07 17:21:41 +02:00
Damian Mooyman
9b6216d967 FIXED: Error in test case deprecation 2012-08-27 11:04:16 +12:00
Damian Mooyman
c2a8eec43c APICHANGE: Changed behaviour of HTTP_Request::params to include route table params (as per 2.4 behaviour, see FIX: below).
ADDED: HTTP_Request::params() to retrieve all (shifted) params used in the request
FIXED: Issue where route-table level arguments would not be accessible without using non-deprecated API.
ADDED: Test case to test the above items
UPDATED: Extended Director::test to allow for the retrieval of the request object
UPDATED: Deprecated notice on Director::urlParam and Director::urlParams
REMOVED: Unused variable
FIXED: Coding convention conformity
2012-08-27 10:56:59 +12:00
Ingo Schommer
5a2247a440 Merge pull request #589 from simonwelsh/absolute_url
FIX Director::is_absolute_url() now ignores query string
2012-08-16 11:50:29 -07:00
Tim Klein
a67b964267 FIX: improve Director::makeRelative() to ignore SSL changes.
See http://open.silverstripe.org/ticket/6672. Expanded on initial patch with test coverage. Fixes another one of the commented out cases in the test by picking up URL's which do not include a protocol.
2012-07-01 22:08:09 +12:00
Simon Welsh
e0505406a7 FIX Director::is_absolute_url() now ignores query and fragment strings
Director::is_absolute_url() checks for //. It used to include the
entire URI, now it ignores the query and fragment strings.
2012-06-30 23:48:43 +12:00
Sean Harvey
f446547cd7 MINOR Using Config system instead of Director::addRules() in tests 2012-05-22 17:13:05 +12:00
Sean Harvey
b1e17578c7 API CHANGE Removed assertType() and assertEmpty() workarounds. Use assertInstanceOf()
instead of assertType(), assertEmpty() is available in PHPUnit 3.5+.
PHPUnit 3.4 is no longer supported, so please upgrade your version to
work.

MINOR Removed FullTestSuite which was a workaround for PHPUnit but not
used.
2012-05-09 23:05:39 +12:00
Ingo Schommer
d5b3dbc6fb SECURITY Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)
SECURITY More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
2012-05-04 12:10:59 +02:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Simon Welsh
3a6341a251 API-CHANGE sapphire folder can now be renamed. 2012-04-15 10:50:19 +12:00
Sam Minnee
3e3188f81a MINOR: Update tests for deprecated functions to explicitly disable deprecation errors. 2011-10-29 17:34:32 +13:00
Ingo Schommer
2651a1ba81 MINOR Marking Director::extract_request_headers() public because we can't unit test protected methods in PHP 5.2 2011-09-19 16:01:33 +02:00
ajshort
a60f03f28e ENHANCEMENT Sapphire Doesn't Read HTTP Headers (fixes #6311) 2011-09-19 14:49:55 +02:00
Ingo Schommer
2184acf17d Revert "MINOR Replaced assertType() calls with assertInstanceOf(), deprecated in PHPUnit 3.6 (throws warnings as of 3.5.10)" - cased too many problems with mixed build environments that require PHP 3.4
This reverts commit 65f6104cd6.
2011-03-11 15:06:09 +13:00
Ingo Schommer
65f6104cd6 MINOR Replaced assertType() calls with assertInstanceOf(), deprecated in PHPUnit 3.6 (throws warnings as of 3.5.10) 2011-02-21 18:49:09 +13:00
Sam Minnee
83e31e1f8a MINOR Fixed DirectorTest to restore it's REQUEST_URI state to the original one after each test method is run (from r108665)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112764 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:50:15 +00:00
Sam Minnee
6a83da1455 MINOR Fixed Director::forceSSL() breaking unit tests because headers were already sent (from r108435)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112749 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:36:06 +00:00
Sam Minnee
8d5c684453 MINOR Reverted r108433 (from r108434)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112748 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:33:52 +00:00
Sam Minnee
07329cc45c MINOR DirectorTest should not extend from FunctionalTest (regression from r108428) (from r108433)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112747 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:33:30 +00:00
Sam Minnee
63e425b418 ENHANCEMENT #2856 Limiting of relative URLs for Director::forceSSL() using a map of PCRE regular expressions (from r108428)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112745 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:32:42 +00:00
Ingo Schommer
ecb758de10 MINOR Added DirectorTest->testURLParam() and DirectorTest->testURLParams() (from r104711)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112376 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 01:10:43 +00:00
Sean Harvey
d8b67c4a2e MINOR Removed whitespace from DirectorTest
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95881 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-18 03:58:36 +00:00
Sean Harvey
5be077cd83 BUGFIX: fixed typing error (from r94721)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95623 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-16 05:43:02 +00:00
Sean Harvey
439ca0e466 MINOR: test support for superglobals in testrequest (from r94711)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95622 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-16 05:42:56 +00:00
Sean Harvey
775945d197 MINOR: test support for superglobals in testrequest (from r94710)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95621 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-16 05:42:50 +00:00
Sam Minnee
72bda196e1 MINOR disable realtime publishing for unit tests
MINOR fix a test that makes no sense
MINOR a couple bugs around embargo/expiry have been fixed (from r85505)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89159 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-15 21:47:28 +00:00
Ingo Schommer
47f2deee7f BUGFIX Fixed Director::makeRelative() to accept https:// protocol
BUGFIX Fixed GET-parameter replacement in Director::is_absolute_url()
ENHANCEMENT Added Director::is_relative_url() and Director::is_site_url()
BUGFIX Validating $_FILES array in Director::direct()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73250 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-17 22:22:55 +00:00
Ingo Schommer
74ab33f23b ENHANCEMENT Added Director::is_absolute_url()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71707 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-02-11 21:07:58 +00:00
Ingo Schommer
97fed5ae57 BUGFIX Director::fileExists() fails on windows with absolute paths (#2935) - thanks to ajshort!
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64098 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-12 16:16:25 +00:00
Sam Minnee
2af039785c ENHANCEMENT: Updated cli-script handling to be more in line with web calls, and improved Director::setBaseURL() calls.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@63321 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-09-29 23:41:50 +00:00