silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-27 05:43:54 +02:00

Author	SHA1	Message	Date
Ingo Schommer	fee31c2c6c	DOCS Recommend moving .protected out of webroot Note that it's currently unclear whether Silverstripe Cloud or CWP support this, but it shouldn't block us from recommend this in the open source project. It's documented in the "server requirements", which should make it pretty clear that this requires you to have control over server configuration (or check with those that have). See https://github.com/silverstripe/silverstripe-framework/issues/7710	2020-10-15 17:08:37 +13:00
Ingo Schommer	b6169a87c2	DOCS HTTP header in server requirements	2020-07-29 14:28:20 +12:00
Jackson Darlow	ae1a883b32	Added mention of Session.timeout to secure_coding docs	2020-06-12 14:43:37 +12:00
Maxime Rainville	affd43052a	Merge branch '4.5' into 4	2020-02-17 18:11:23 +13:00
Maxime Rainville	acd7d94167	Merge branch '4.4' into 4.5	2020-02-17 13:07:26 +13:00
Serge Latyntcev	ad1b00ec7d	[CVE-2019-19325] XSS through non-scalar FormField attributes Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. There is no known attack vector for extracting user-session information or credentials automatically, it required a user to fall for the phishing attempt. XSS can also be used to modify the presentation of content in malicious ways.	2020-02-17 09:58:29 +13:00
Loz Calver	f4713d95f6	Merge pull request #9333 from creative-commoners/pulls/4/canonicalurlmiddleware-docs DOCS Add note about applying forceSSL to non-live environments	2019-11-25 11:37:30 +00:00
Garion Herman	bf38997b6e	DOCS Add note about applying forceSSL to non-live environments	2019-11-25 12:14:26 +13:00
Aaron Carlino	6888901468	NEW: Update docs to be compliant with Gatsby site (#9314 ) * First cut * Temporarily disable composer.json for netlify build * POC * New recursive directory query, various refinements * Fix flexbox * new styled components plugin * Apply frontmatter delimiters * Mobile styles, animation * Search * Redesign, clean up * Nuke the cache, try again * fix file casing * Remove production env file * ID headers * Move app to new repo * Add frontmatter universally * Hide children changelogs * Add how to title * New callout tags * Revert inline code block change * Replace note callouts * Fix icons * Repalce images * Fix icon * Fix image links * Use proper SQL icon	2019-11-18 17:58:33 +13:00
Maxime Rainville	d7f5ed3e65	DOC Substituce old apache syntax for Require	2019-09-25 16:59:48 +12:00
Matt Peel	7083f016c1	Update secure coding standards As of SS4.0.0 and the introduction of TrustedProxyMiddleware, the default now if no trusted proxies are defined is that nothing is a trusted proxy, whereas in SS3 a missing declaration was treated as everything being allowed.	2019-09-10 12:55:24 +12:00
Robbie Averill	2d2b0b82f0	DOCS Fix incorrect rendering of note on list item [ci skip]	2019-07-25 12:03:12 +02:00
Robbie Averill	af8d268cc7	DOCS Update documentation for password validation rule configuration	2018-11-13 10:55:26 +02:00
Ingo Schommer	114b0a5ea7	NEW Option for secure "remember me" cookie Fixes #8234	2018-07-30 16:41:49 +01:00
Ingo Schommer	259aa06010	DOCS More resilient example domain myapp.com is owned, example.com is specifically reserved for documentation use cases: https://en.wikipedia.org/wiki/Example.com [ci skip]	2018-06-26 10:13:36 +12:00
Ingo Schommer	2e1e8e07b9	DOCS Consistent app/ folder and composer use - Stronger wording around "use composer" - Consistent domain and email address naming - Removed example for publishing non-composer modules (those shouldn't be encouraged) - Removed instructions for installing modules from archives [ci skip]	2018-06-25 10:40:19 +12:00
Damian Mooyman	3ea98cdb13	Migrate documentation from 3.x	2018-06-13 14:50:02 +12:00
Robbie Averill	1505a89a63	Update to include note about auto redirect to HTTPS for basic auth	2018-04-24 16:42:52 +12:00
Damian Mooyman	cdfb413395	Code block whitespace / formatting cleanup	2017-10-27 15:38:27 +13:00
Aaron Carlino	e7274b0ee4	Add namespaces	2017-10-27 12:45:26 +13:00
Aaron Carlino	50c8a02bff	remove tabs	2017-08-07 15:11:17 +12:00
Aaron Carlino	6c0629f025	Remove more deprecated APIs	2017-08-07 14:01:38 +12:00
Aaron Carlino	e4fba5a7b1	add use statements	2017-08-07 14:01:38 +12:00
Aaron Carlino	84feab5a68	Yeah psr2 functions	2017-08-07 14:01:38 +12:00
Aaron Carlino	4c7a068b28	classes psr2	2017-08-07 14:01:38 +12:00
Aaron Carlino	2414eaeafd	Yay, clean arrays	2017-08-07 14:01:38 +12:00
Aaron Carlino	eb1695c03d	Replace all legacy ::: syntax with GFMD tags	2017-08-07 14:01:38 +12:00
Saophalkun Ponlu	63ba092765	FIX Add namespaces in markdown docs (#7088 ) * FIX Add namespaces in markdown docs * FIX Convert doc [link] to [link-text](link-uri)	2017-07-03 13:22:12 +12:00
Sam Minnee	ccc86306b6	NEW: Add TrustedProxyMiddleware API: SS_TRUSTED_PROXY_HOST_HEADER replace with middleware config API: SS_TRUSTED_PROXY_PROTOCOL_HEADER replace with middleware config API: SS_TRUSTED_PROXY_IP_HEADER replace with middleware config API: Front-End-Https = “on” header no longer supported This middleware replaces the TRUSTED_PROXY setting and shifts its configuration out of the env vars and bootstrap and into the Director flow.	2017-06-27 13:32:39 +12:00
Simon Gow	5f82997690	Secure Coding - Security Headers, Force HTTPS and Cookies - Amending best practices for secure coding to enforce HTTPS - Add security headers to enforce HTTPS - Ensure secure cookies are used. - Added links for testing, changed documentation as part of peer review. - Arrange headers to work with HTTP interface. - fixed Cache-Control case - Added reference to Secure Sessions. - Replaced Cardinality with unique - Fixed innacurate reference to decendant. - Consistent spelling - Databases over DBMSs	2017-04-13 13:59:02 +12:00
Daniel Hensby	6e096f6172	DOCS Updated environment management docs to use .env file	2017-01-31 21:28:51 +00:00
Damian Mooyman	bfd9cb1aca	Rename SS_ prefixed classes (#5974 )	2016-09-09 18:43:05 +12:00
Ingo Schommer	c96e031367	Moved coding conventions docs into contributing folder Also created a contributing/coding_conventions landing page separately from the PHP ones, since we now need to account for JS and CSS conventions as well	2016-06-13 08:30:44 +12:00
Damian Mooyman	d52db0ba34	Merge 3 into master # Conflicts: # .travis.yml # admin/css/ie7.css # admin/css/ie7.css.map # admin/css/ie8.css.map # admin/css/screen.css # admin/css/screen.css.map # admin/javascript/LeftAndMain.js # admin/scss/_style.scss # admin/scss/_uitheme.scss # control/HTTPRequest.php # core/Object.php # css/AssetUploadField.css # css/AssetUploadField.css.map # css/ConfirmedPasswordField.css.map # css/Form.css.map # css/GridField.css.map # css/TreeDropdownField.css.map # css/UploadField.css # css/UploadField.css.map # css/debug.css.map # dev/Debug.php # docs/en/00_Getting_Started/00_Server_Requirements.md # docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md # docs/en/02_Developer_Guides/06_Testing/index.md # docs/en/02_Developer_Guides/14_Files/02_Images.md # docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Extend_CMS_Interface.md # filesystem/File.php # filesystem/Folder.php # filesystem/GD.php # filesystem/Upload.php # forms/ToggleField.php # forms/Validator.php # javascript/lang/en_GB.js # javascript/lang/fr.js # javascript/lang/src/en.js # javascript/lang/src/fr.js # model/Image.php # model/UnsavedRelationList.php # model/Versioned.php # model/connect/MySQLDatabase.php # model/fieldtypes/DBField.php # model/fieldtypes/Enum.php # scss/AssetUploadField.scss # scss/UploadField.scss # templates/email/ChangePasswordEmail.ss # templates/forms/DropdownField.ss # tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php # tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsUiContext.php # tests/forms/EnumFieldTest.php # tests/security/MemberTest.php # tests/security/MemberTest.yml # tests/security/SecurityTest.php	2016-04-29 17:50:55 +12:00
Daniel Hensby	745faebd81	Merge 3.2 into 3.3 Conflicts: .travis.yml	2016-04-26 00:17:09 +01:00
Damian Mooyman	b8e7f9a934	Standardise spelling of "customise" Fixes #3988	2016-03-30 13:17:28 +13:00
Ingo Schommer	f36b110db3	Merge remote-tracking branch 'origin/3.3'	2016-03-04 17:06:04 +13:00
Damian Mooyman	24a6c53645	Merge branch '3.2' into 3.3 # Conflicts: # admin/code/ModelAdmin.php # lang/cs.yml # lang/lt.yml # lang/sk.yml	2016-02-29 17:03:22 +13:00
Damian Mooyman	2c1f837442	Merge branch '3.1' into 3.2 # Conflicts: # docs/en/01_Tutorials/02_Extending_A_Basic_Site.md # docs/en/01_Tutorials/03_Forms.md # docs/en/02_Developer_Guides/00_Model/08_SQL_Query.md # docs/en/02_Developer_Guides/00_Model/10_Versioning.md # docs/en/02_Developer_Guides/03_Forms/Field_types/01_Common_Subclasses.md # docs/en/02_Developer_Guides/03_Forms/Field_types/05_UploadField.md # docs/en/02_Developer_Guides/09_Security/01_Access_Control.md # docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md # docs/en/02_Developer_Guides/14_Files/01_Image.md # docs/en/02_Developer_Guides/14_Files/index.md # lang/cs.yml # lang/fi.yml # lang/sk.yml	2016-02-29 16:59:20 +13:00
Damian Mooyman	3b0a9f4ba2	Merge remote-tracking branch 'origin/3' # Conflicts: # admin/javascript/LeftAndMain.Menu.js # control/HTTPRequest.php # css/GridField.css # css/GridField.css.map # docs/en/02_Developer_Guides/03_Forms/Field_types/01_Common_Subclasses.md # docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md # docs/en/02_Developer_Guides/06_Testing/index.md # docs/en/02_Developer_Guides/14_Files/01_File_Management.md # docs/en/02_Developer_Guides/14_Files/02_Images.md # filesystem/Upload.php # javascript/HtmlEditorField.js # model/Image.php # model/connect/MySQLDatabase.php # model/fieldtypes/Enum.php # model/versioning/Versioned.php # scss/GridField.scss	2016-02-25 14:51:59 +13:00
Damian Mooyman	5f2d3f31d7	Merge remote-tracking branch 'origin/3.2' into 3.3 # Conflicts: # dev/DevelopmentAdmin.php # docs/en/02_Developer_Guides/08_Performance/02_HTTP_Cache_Headers.md # lang/cs.yml # lang/lt.yml	2016-02-24 17:29:06 +13:00
Damian Mooyman	ff5ed6efeb	Merge remote-tracking branch 'origin/3.2.2' into 3.2	2016-02-24 17:03:43 +13:00
Damian Mooyman	06d5050321	Merge remote-tracking branch 'origin/3.1.17' into 3.1	2016-02-24 16:54:18 +13:00
Ingo Schommer	37059eb6b3	[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers	2016-02-24 11:47:16 +13:00
Ingo Schommer	faa94d51d5	[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers	2016-02-24 11:33:54 +13:00
Ingo Schommer	893e49703d	[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers	2016-02-18 17:28:54 +13:00
David Alexander	903379bde2	DOCS 3.2 : fixing api: links now that api: tag parser working fixed a couple of external links fixed a docs link	2016-02-17 18:02:38 -07:00
David Alexander	febbd35b51	DOCS 3.1 : fixing api: links missed one	2016-02-17 03:00:22 -07:00
Damian Mooyman	e6b877df27	Merge remote-tracking branch 'origin/3' # Conflicts: # control/Director.php # control/HTTP.php # core/startup/ParameterConfirmationToken.php # docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md # docs/en/00_Getting_Started/04_Directory_Structure.md # docs/en/00_Getting_Started/05_Coding_Conventions.md # docs/en/01_Tutorials/01_Building_A_Basic_Site.md # docs/en/01_Tutorials/02_Extending_A_Basic_Site.md # docs/en/01_Tutorials/03_Forms.md # docs/en/01_Tutorials/04_Site_Search.md # docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md # docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md # docs/en/02_Developer_Guides/13_i18n/index.md # docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md # docs/en/03_Upgrading/index.md # docs/en/changelogs/index.md # docs/en/howto/customize-cms-menu.md # docs/en/howto/navigation-menu.md # docs/en/index.md # docs/en/installation/index.md # docs/en/installation/windows-manual-iis-6.md # docs/en/misc/contributing/code.md # docs/en/misc/contributing/issues.md # docs/en/misc/module-release-process.md # docs/en/reference/dataobject.md # docs/en/reference/execution-pipeline.md # docs/en/reference/grid-field.md # docs/en/reference/modeladmin.md # docs/en/reference/rssfeed.md # docs/en/reference/templates.md # docs/en/topics/commandline.md # docs/en/topics/debugging.md # docs/en/topics/email.md # docs/en/topics/forms.md # docs/en/topics/index.md # docs/en/topics/module-development.md # docs/en/topics/modules.md # docs/en/topics/page-type-templates.md # docs/en/topics/page-types.md # docs/en/topics/search.md # docs/en/topics/testing/index.md # docs/en/topics/testing/testing-guide-troubleshooting.md # docs/en/topics/theme-development.md # docs/en/tutorials/1-building-a-basic-site.md # docs/en/tutorials/2-extending-a-basic-site.md # docs/en/tutorials/3-forms.md # docs/en/tutorials/4-site-search.md # docs/en/tutorials/5-dataobject-relationship-management.md # docs/en/tutorials/building-a-basic-site.md # docs/en/tutorials/dataobject-relationship-management.md # docs/en/tutorials/extending-a-basic-site.md # docs/en/tutorials/forms.md # docs/en/tutorials/index.md # docs/en/tutorials/site-search.md # main.php # model/SQLQuery.php # security/ChangePasswordForm.php # security/MemberLoginForm.php # tests/control/ControllerTest.php # tests/core/startup/ParameterConfirmationTokenTest.php # tests/model/SQLQueryTest.php # tests/security/SecurityTest.php # tests/view/SSViewerTest.php # view/SSTemplateParser.php # view/SSTemplateParser.php.inc # view/SSViewer.php	2016-01-20 13:16:27 +13:00
Damian Mooyman	5d240feaec	Merge remote-tracking branch 'origin/3.2' into 3.3	2016-01-19 15:08:24 +13:00

1 2

66 Commits