Commit Graph

2925 Commits

Author SHA1 Message Date
Ingo Schommer
3f751a2cb8 BUGFIX Don't lowercase permission codes contained in $allowed_actions in RequestHandler->checkAccessAction(). Permission checks are case sensitive.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86085 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 07:02:54 +00:00
Ingo Schommer
e9df16ba5a MINOR Formatting and documentation in Permission
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86084 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 07:01:52 +00:00
Ingo Schommer
2b711fe45f MINOR Added ControllerTest for $allowed_actions with permission codes, switched this class to extend FunctionalTest and use get() instead of Director:;test() for this purpose (better login/session mocking capabilities)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86083 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 06:34:40 +00:00
Ingo Schommer
f4c70d434e MINOR Updated master language tables
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86032 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 03:57:31 +00:00
Ingo Schommer
2700d73e97 ENHANCEMENT Limiting "alc_enc" cookie (remember login token) to httpOnly to reduce risk of information exposure through XSS
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86027 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 03:23:31 +00:00
Ingo Schommer
8fbf530bf6 ENHANCEMENT Added full parameter signature of PHP's set_cookie() to Cookie::set(), including the new $httpOnly flag
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86026 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 03:22:50 +00:00
Ingo Schommer
d386db0bc3 ENHANCEMENT Avoid information disclosure in Security/lostpassword form by returning the same message regardless wether a matching email address was found in the database.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86021 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 03:01:46 +00:00
Ingo Schommer
ed5475bbae ENHANCEMENT Added Member->FailedLoginCount property to allow Member->registerFailedLogin() to persist across sessions by writing them to the database, and be less vulnerable to brute force attacks. This means failed logins will persist longer than before, but are still reset after a valid login.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86017 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 02:42:26 +00:00
Ingo Schommer
5708f79312 BUGFIX Consistently returning from a Security::permissionFailure() to avoid ambiguous situations when controllers are in ajax mode
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86008 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 02:00:42 +00:00
Ingo Schommer
6b6c2a8bfa API CHANGE Removed Permission->listcodes(), use custom code
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86006 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 01:54:15 +00:00
Ingo Schommer
0cf75cfc65 MINOR Unified permission control for i18nTextCollectorTask, TaskRunner, TestRunner, ModelViewer, DevelopmentAdmin, TestViewer, MigrateTranslatableTask
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86005 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 01:49:56 +00:00
Ingo Schommer
fc03a8608a API CHANGE Don't exempt 'index' controller actions from $allowed_actions check - they might still contain sensitive information (for example ImageEditor). This action has to explicitly allowed on controllers with $allowed_actions defined now.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86002 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 01:37:44 +00:00
Ingo Schommer
7a27726d00 MINOR Removed alpha stage ModuleManager into new "modulemanager" module. Was never released, and won't be suitable for 2.4.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86000 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 01:34:20 +00:00
Ingo Schommer
6b51ccebf3 ENHANCEMENT Allowing Widget->Content() to render with any templates found in ancestry instead of requiring a template for the specific subclass
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85823 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-07 06:26:49 +00:00
Ingo Schommer
0cc95bec5f BUGFIX Fixed WidgetControllerTest by adding missing url routing to ContentController (see r85789)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85817 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-07 05:39:43 +00:00
Ingo Schommer
2cc0d016f4 API CHANGE Removed unnecessary WidgetFormProxy class and Widget->FormObjectLink(), broken functionality since the RequestHandler restructuring in 2.3. Use Widget_Controller instead.
FEATURE Added Widget_Controller class to enable nested forms within Wiget class.
ENHANCEMENT Changed WidgetArea.ss to iterate over $WidgetControllers instead of $Widgets, to allow forms rendered within to retain their controller context (through Widget_Controller and $failover mechanisms).
ENHANCEMENT Added handleWidgets() to ContentController to support new Widget_Controller class

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85789 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-07 03:28:23 +00:00
Ingo Schommer
e9d25ca2ce MINOR Moved documentation about Controller and RequestHandler to the right places
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85775 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-07 00:14:11 +00:00
Ingo Schommer
47db2ab55e BUGFIX Detecting DataObjectSet for readonly transformations in CheckboxSetField (thanks martijn, #4527)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85758 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-05 00:05:02 +00:00
Julian Seidenberg
8b73690f23 ENHANCEMENT: Ticket #3910 - MySQL Time Zone support (alternative time zone to that of the website to which the server is set to)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85716 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-04 01:38:29 +00:00
Will Rossiter
1063e5048c MINOR: set template comments to be off by default. Ticket #3726
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85715 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-04 01:31:40 +00:00
Julian Seidenberg
fcd7511bbb MINOR: Ticket #4333 - Fixing dodgy 'Save & Publish' in en_GB translation
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85711 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-04 00:43:53 +00:00
Julian Seidenberg
2cf002e333 ENHANCEMENT: added option to truncate (clear) database table before importing a new CSV file with CSVBulkerLoader and ModelAdmin.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85709 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-04 00:31:08 +00:00
Will Rossiter
ebce107d07 MINOR: added check for exec() and fixed the path for the wordlist file. Ticket #4428
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85701 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-03 23:36:45 +00:00
Julian Seidenberg
43e27fd596 ENHANCEMENT: Ticket #4297 - Use Director::baseFolder instead of relative links in sapphire/core/Image.php
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85700 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-03 23:30:08 +00:00
Julian Seidenberg
844853ab10 BUGFIX: Ticket #4220 - Copying of uploaded files from temp to assets folder fails on IIS installs; simple patch fixes it
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85696 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-03 22:45:15 +00:00
Ingo Schommer
5e3cffec1f BUGFIX More robust URL handling in SecurityTest to avoid failing on custom /admin redirects
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85514 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-01 06:48:31 +00:00
Geoff Munn
e031478576 MINOR FIX: column names escaped
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85451 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-31 06:06:44 +00:00
Geoff Munn
a1207e4b94 MINOR FIX: Column names quoted properly
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85419 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-31 00:22:10 +00:00
Geoff Munn
95e50bd78f MINOR FIX: column names quoted properly
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85418 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-31 00:21:46 +00:00
Ingo Schommer
42d12d75b8 MINOR Wording
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85396 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-30 20:59:32 +00:00
Ingo Schommer
04ae6d0f55 MINOR Added SiteTreePermissionsTest->testRestrictedEditLoggedInUsersDeletedFromStage(), which verifies that previous fixes in r85335 and r85336 apply the correct permissions
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85338 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 06:56:13 +00:00
Ingo Schommer
fec369531c MINOR Added SiteTree::reset() to unset any in-memory caches (see DataObject::reset()). Using reset() in SapphireTest to avoid caches persisting across multiple tests
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85337 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 06:55:32 +00:00
Ingo Schommer
1193aed711 BUGFIX Fixed SiteTree::can_edit_multiple() and canEdit() to collect permissions from different Versioned tables, which fixes querying a SiteTree record which has been deleted from stage for its permissions (e.g. in SiteTreeActionsTest)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85336 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 06:53:28 +00:00
Ingo Schommer
1a7418c18b BUGFIX Disabled PHPUnit backup of global variables, which caused i18n::_t() calls in subsequent test cases to fail because of a cached empty global
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85330 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 04:45:58 +00:00
Ingo Schommer
83aa90f1b2 MINOR Returning a HTTPResponse object from RedirectorPage_Controller to avoid generating output in TestRunner
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85328 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 04:44:27 +00:00
Ingo Schommer
2767592d9f MINOR Removed debug code
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85327 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 04:43:40 +00:00
Ingo Schommer
685cd996a6 MINOR More robust RedirectorPageTest implementation that doesn't rely on _t() calls which are mysteriously failing on all subsequent calls in PHPUnit
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85311 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 03:10:13 +00:00
Ingo Schommer
f073fd9f5b BUGFIX Limiting i18n::include_by_locale() to scan directories only
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85310 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 03:09:34 +00:00
Ingo Schommer
3b3e5e1ec1 MINOR Hide <legend> tag in Form.ss if no $Legend value is set (#4520, thanks nicolaas)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85280 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-26 20:56:55 +00:00
Normann Lou
a1773eac3d MINOR: fine tuning behavior of selected radio in SelectionGroup
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85194 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-25 22:38:52 +00:00
Ingo Schommer
6f4ee0f878 MINOR Adding $Name css class to every <td> in TableListField_Item.ss to make them referenceable by column in the same way that <th> already works
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85174 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-25 08:24:14 +00:00
Sean Harvey
87bb1acadb BUGFIX #3713 Escape HTTP request URL properly in DebugView::writeError() using htmlentities()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85136 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-25 03:11:22 +00:00
Normann Lou
5a39ad8a94 BUGFIX: merge r 85079 from branches/iss to fix Payment Validation of php side when submit a OrderForm
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85130 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-25 01:51:56 +00:00
Normann Lou
c8753a99d3 BUGFIX: Fix the bug in buildSQL() by trying to join an table with non-exsiting composite db field like "Money"
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85120 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-24 23:51:53 +00:00
Sam Minnee
e4ca69dc3f BUGFIX #4463: Set AuthorID and PublisherID correctly
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85086 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-24 07:35:05 +00:00
Sam Minnee
e3d31f1bdd BUGFIX: Use default File classname in Folder::syncChildren()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85085 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-24 07:21:08 +00:00
Sean Harvey
a1d20b8ae9 BUGFIX #3228 Fixed undefined offset error in Text::BigSummary() if trying to summarise text that is smaller than the requested word limit
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85076 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-24 06:16:56 +00:00
Sam Minnee
19769e3841 API CHANGE: Added DataObjectSet assertions to SapphireTest
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85073 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-24 06:14:54 +00:00
Normann Lou
a75169a8ca BUGFIX: SelectionGroup.js typo, prevAl()l change to nextAll()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85039 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-24 03:36:58 +00:00
Sam Minnee
d34963df8a API CHANGE: Added comparison argument to SSLog::add_writer()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85028 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-24 03:21:12 +00:00