Commit Graph

798 Commits

Author SHA1 Message Date
colymba
4131f574fd BUG backtrace now filters MySQLi arguments
Add MySQLi functions mysqli() and select_db() to the list of filtered
function arguments to avoid exposing sensitive data
2013-10-30 12:36:07 +02:00
Stephen Shkardoon
696e6f65ab MINOR typo where display_errors wasn't checked properly 2013-10-23 16:32:31 +13:00
Ingo Schommer
5235a3f3a2 Installer regression from dd49834 2013-10-16 11:29:44 +02:00
Sean Harvey
dd49834b9e BUG Fixing installer not checking display_errors correctly.
Fixes issue #2479. Installer sets display_errors on, but it checks
the changed value and not the original one set in php.ini.
2013-10-04 10:05:28 +13:00
Simon Welsh
c66cc952d2 Correct line length and indentation 2013-08-21 21:27:16 +12:00
Ingo Schommer
c0f5007d57 Create folder if required in dev/generatesecuretoken 2013-08-07 16:59:18 +02:00
Ingo Schommer
b159284c6c Fixed "session started" error on install.php 2013-08-07 16:28:54 +02:00
Hamish Friedlander
a685a8dee9 FIX Include flushtoken when install redirects to successfullyinstalled 2013-08-02 11:00:26 +12:00
Ingo Schommer
c2c8498c64 BehatFixtureFactory 5.3.8 compat (wrong usage of is_a()) 2013-07-11 15:13:37 +02:00
Craig Weber
d8b106e6ee FIX: TestRunner was not cleaning up DB on failure
When a unit test being run by PHPUnit encountered a fatal error,
TestRunner::tearDown was never being called. This resulted in tmpdb schemas
littering the database from failed test runs. This changeset fixes the issue
by registering TestRunner::tearDown as a shutdown function, so that it gets
called even in the event of a PHP Fatal Error.
2013-06-24 01:15:09 +02:00
Ingo Schommer
f8b1c08c67 Behat: Copy fixture identifier to "Name" or "Title" by default
This makes fixture setup less verbose, particularly for behat
tests (e.g. with "Given a page 'About Us'")
2013-06-05 14:32:42 +02:00
Sam Minnée
f6fbd78cd9 Merge pull request #1786 from colymba/3.0-htaccess-fix
vendor folder is blocked only if outside themes
2013-05-24 23:50:41 -07:00
Daniel Hensby
9a6a6ec75d Arbitrary placement of _ss_environment.php in parent folders
Removes hardcoding to three levels
2013-05-14 13:39:43 +02:00
Ingo Schommer
ced199b877 Direct writing of "Security.token" through dev/generatesecuretoken 2013-05-09 10:31:49 +02:00
Fred Condo
68cf2f5db7 Use the correct variable as the key into $record
It was using $fieldName, which is the CSV field name, not the database
field name. This prevents duplicate detection from working. It now
properly uses $SQL_fieldName
2013-04-29 17:25:16 -07:00
colymba
41c0f8080e FIX Only block root vendor folder
Use RewriteRule instead to take in account any subfolder via RewriteBase. Deny ss-cache and composer via RewriteRule too.
2013-04-27 16:03:35 +03:00
Ingo Schommer
9a52dae207 Removed LOLCAT locale from installer (fixes #1457) 2013-04-04 11:18:40 +02:00
Sean Harvey
a99c829ed1 Ensure composer files aren't accessible using IIS 2013-04-03 15:59:14 +13:00
Ingo Schommer
99ca0471f7 Merge remote-tracking branch 'origin/2.4' into 3.0
Conflicts:
	control/RequestHandler.php
	core/control/ContentController.php
	dev/CsvBulkLoader.php
	docs/en/changelogs/index.md
	docs/en/reference/execution-pipeline.md
	docs/en/topics/commandline.md
	docs/en/topics/controller.md
	docs/en/topics/form-validation.md
	docs/en/topics/forms.md
	docs/en/topics/security.md
	model/MySQLDatabase.php
	security/Security.php
	tests/control/ControllerTest.php
	tests/control/RequestHandlingTest.php
2013-03-19 13:56:04 +01:00
Stephen Shkardoon
143317cc86 BUG SQL Injection in CsvBulkLoader (fixes #6227)
Diff should speak for itself, looks like this will have to be implemented in all supported branches.
2013-03-20 00:45:05 +13:00
Ingo Schommer
0c6ac1960e Fixed whitespace usage 2013-02-18 15:43:52 +01:00
Ingo Schommer
92458d9f43 Fixed line lengths 2013-02-18 14:41:49 +01:00
Ingo Schommer
ede381326b BUG Secure composer files from web access (fixes #8011)
Already applied to root .htaccess, but required for dynamically
generated file from installer as well. Also added upgrade instructions.
2013-02-17 22:33:04 +01:00
Sam Minnee
b43bf68f9c MINOR: Minor fixes to FunctionalTest 2013-01-29 18:03:48 +01:00
Sam Minnee
6fcbad1a31 BUGFIX: Updated SilverStripe error handler so that log_errors still works. 2013-01-29 18:03:48 +01:00
Sam Minnee
d8bfc0bb48 API CHANGE: Added Security::set_login_url() so that you can define an alternative log-in page if you have made one yourself. 2013-01-29 18:03:47 +01:00
Sam Minnee
b7a1db7ce3 FIX: Set up the test mailer before loading the fixture, in case fixture-creation causes emails to be generated. 2013-01-29 18:03:45 +01:00
Sam Minnee
5e6f5f9f7e NEW: Allow configuration of send_all_emails_to, ccs_all_emails_to, and bcc_all_emails_to via the config system. 2013-01-29 18:03:27 +01:00
Hamish Friedlander
bec5ae1886 Include code to block yaml files in installer generated .htaccess 2013-01-29 14:20:12 +13:00
Damian Mooyman
f5749795a1 BUG Exception handling and email notification mechanism now correctly considers the stacktrace as provided by the exceptionHandler function, instead of attempting to perform a debug_backtrace further down the reporting chain (which ends up generating an unnecessarily nested stacktrace). Debug was cleaned up so that errorHandler and exceptionHandler both act consistently. As a result, the LogErrorEmailFormatter class could be simplified.
This was required to fix a bug in which exceptions would not have a visible stacktrace when handled by the email logger.
2013-01-24 09:36:42 +01:00
Hamish Friedlander
45eb0f99f7 FIX PHPUnit latest not working with composer installed builds
When using composer, we must rely on the composer autoloader to
load in PHPUnit and not try do to so ourselves, as the old
PHPUnit\Autoload.php file doesnt understand how to find things
in vendor
2013-01-23 14:30:08 +13:00
Ingo Schommer
e8bfc241fd Setting SapphireTest::is_running_test() in PHPUnit bootstrap
Otherwise conditional logic will only succeed
when run through "sake dev/tests", not when
run through phpunit directly (which is the recommended way now)
2013-01-09 23:31:10 +01:00
Sean Harvey
b63e55a77a Merge pull request #993 from halkyon/htaccess_fix
Fixing .htaccess to ignore rewriting PHP files directly
2013-01-06 17:24:49 -08:00
Ingo Schommer
6bcffd66ad Merge pull request #1063 from drzax/log-file-formatter-fix
BUGFIX Ensure  has length before using string index access.
2012-12-20 10:19:03 -08:00
Ingo Schommer
9ffd25225e Don't complain about pre-replaced YAML fixture relations 2012-12-20 12:46:56 +01:00
Simon Elvery
1a4eaaaf04 BUGFIX Ensure has length before using string index access. 2012-12-20 12:27:09 +10:00
Ingo Schommer
e8f3e7b36e Only reset test state in SapphireTest if its previously been set
That's not the case e.g. if the *first* test in a suite
is skipped, so setUp() is never executed completely.
2012-12-17 11:44:08 +01:00
Ingo Schommer
f41f307118 Fixed spacing 2012-12-14 00:09:30 +01:00
Ingo Schommer
c6b1d4aa6b API Storing alternative DB name in cookie rather than session
Session is not initialized by the time we need to use
the setting in DB::connect(). Cookie values get initialized
automatically for each request.

Tightened name format validation to ensure it can only
be used for temporary databases, rather than switching
the browser session to a different production database.

Encrypting token for secure cookie usage.
Added dev/generatesecuretoken to generate this token.
Not storing in YML config directly because of web access issues.
2012-12-13 23:21:48 +01:00
Sam Minnée
b618909220 Merge pull request #1007 from simonwelsh/indent-sniff
Add codesniffer that ensures indentation is with tabs
2012-12-11 20:46:47 -08:00
Ingo Schommer
e8fbfc0bd1 NEW FixtureFactory separated out from YamlFixture
Enables more generic use of the fixture facilities
without dependency on the YAML format, for example
when creating fixtures from Behat step definitions.

Note: The YamlFixture class needs to be created via
Injector::inst()->create('YamlFixture') now,
direct instantiation is no longer supported.
2012-12-11 17:06:27 +01:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Ingo Schommer
3be9499c3a Fixed HTML syntax in config-form.html 2012-12-04 17:27:05 +01:00
Ingo Schommer
d1e65b5657 Support for composer-created themes dir structure
Due to git limitations, we can't check out the blackcandy
"parent" theme into themes/blackcandy/ directly, since that
would require sharing paths with git repositories of other themes.
2012-12-04 17:21:53 +01:00
Sean Harvey
449cce95a7 Fixing .htaccess to ignore rewriting PHP files directly 2012-12-04 14:36:59 +13:00
Ingo Schommer
aa72425e84 Fixed PHPUnit assertions for incomplete tests in core
Avoid PHPUnit throwing "test didn't run any assertions"
notices in PHP. If nothing else, it keeps test output
looking less broken by default, making it more likely
that actual errors do get noticed.
2012-11-23 15:16:39 +01:00
Ingo Schommer
453d04e4ba BUG Reset DataObject caches in SapphireTest->resetDBSchema()
This became a problem with fdcd7a2e where $custom_database_fields
were cached, but never reset. It lead to extensions not applying
correctly in SapphireTest->setUpOnce().
2012-11-23 11:14:02 +01:00
Ingo Schommer
a3cd7ddc09 BUG Force SapphireTest schema reset for extension changes
Previously changes to $requiredExtensions and $illegalExtensions
didn't cause a reset unless there was also other schema-altering
settings like $extensionsToRemove or $extraDataObjects
2012-11-23 11:12:03 +01:00
Damian Mooyman
0d7816b55d BUG Fixed issue with Deprecation failing to extract the module from a stacktrace, especially on non-unix systems
API Added Convert::nl2os function to normalise end of line characters across systems with tests
BUG Fixed i18n unit tests in non-unix systems constantly failing
BUG Fixed problems with HTMLCleaner tests failing in non-unix systems
2012-10-17 11:57:16 +13:00
Simon Welsh
4ff8cff262 Minor PHP5.4 fixes
Explictly excludes E_STRICT from live error level and handle arrays in a backtrace
output, rather than trying to convert to string.
2012-10-16 23:37:30 +13:00