Daniel Hensby
56f0b72e8d
FIX ETag header now properly quoted
2016-08-11 15:49:29 +01:00
Daniel Hensby
a0812f987a
Merge 3.1 into 3.2
...
Conflicts:
admin/javascript/LeftAndMain.js
control/HTTPRequest.php
docs/en/00_Getting_Started/00_Server_Requirements.md
2016-04-26 00:09:33 +01:00
Daniel Hensby
817b836870
FIX getIP from behind a load-balancer that adds many IPs to the header
2016-03-01 21:07:48 +00:00
Ingo Schommer
37059eb6b3
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-24 11:47:16 +13:00
Ingo Schommer
faa94d51d5
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-24 11:33:54 +13:00
Damian Mooyman
302c741b07
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
control/HTTP.php
forms/Form.php
tests/view/SSViewerTest.php
2015-11-16 16:50:40 +13:00
Damian Mooyman
b943a0c6dd
Merge remote-tracking branch 'origin/3.1.16' into 3.1
2015-11-16 16:30:24 +13:00
Hamish Friedlander
53b3bc707b
[ss-2015-025]: FIX Dont expose class on error
2015-11-11 17:46:46 +13:00
Hamish Friedlander
f290d869e0
[ss-2015-025]: FIX Dont expose class on error
2015-11-11 16:55:23 +13:00
Igor Nadj
f577ecb811
FIX: prevent use cache on browser back button
2015-11-05 16:09:16 +13:00
Patrick Nelson
f192a6ecaf
FIX #4392 : Ensure headers are checked first before being clobbered by globally maintained state. Also ensuring tests utilize separate responses for isolation.
2015-10-09 13:50:33 -04:00
Damian Mooyman
278caa86f4
Merge pull request #4636 from spekulatius/converting-spaces-to-tabs
...
converting spaces as intentation to tabs
2015-10-06 11:51:45 +13:00
Will Morgan
85654a495f
Merge pull request #4635 from spekulatius/adding-space-before-casting
...
adding a space before casting into a different type
2015-09-28 11:17:08 +01:00
Peter Thaleikis
5fda95d951
converting spaces as intentation to tabs
2015-09-28 22:21:30 +13:00
Peter Thaleikis
21216b47ab
remove trailing spaces in the codebase
2015-09-28 22:21:08 +13:00
Peter Thaleikis
e6084b7ad2
adding a space before casting into a different type
2015-09-28 22:21:02 +13:00
Damian Mooyman
309ac0d196
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
.travis.yml
admin/code/CMSProfileController.php
admin/tests/LeftAndMainTest.php
control/HTTP.php
security/Permission.php
tests/forms/FormTest.php
tests/model/ArrayListTest.php
tests/security/PermissionTest.php
2015-09-09 14:35:29 +12:00
Ingo Schommer
dc650e3cf1
Clarify use of HTTP Pragma response header
...
The HTTP Pragma header is obsolete for HTTP 1.1,
and technically only defined for a HTTP request (not response).
Refer to https://www.mnot.net/cache_docs/#PRAGMA
,http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32 .
It is superseded by the "Cache-Control" directive.
See HTTP 1.1 spec at https://tools.ietf.org/html/rfc7234#section-5.4 :
'Because the meaning of "Pragma: no-cache" in responses is
not specified, it does not provide a reliable replacement for
"Cache-Control: no-cache" in them.'
Sending a "Pragma: nocache" response header is a prudent
backwards compatibility measure for HTTP 1.0 clients.
The intended behaviour is for the majority clients as well as any
intermediary proxies to ignore this header.
Sending an empty Pragma is a known hack
for preventing PHP from adding "Pragma: nocache" to responses
with started sessions (see http://php.net/session_cache_limiter ),
since PHP does not allow unsetting existing header() calls.
2015-09-01 11:45:30 +12:00
Damian Mooyman
4a011303b9
Add missing packages
2015-08-24 16:15:38 +12:00
Damian Mooyman
1686c83826
Revert #3425 #3396 to restore deprecated functionality
...
Fixes #4514
2015-08-24 11:26:25 +12:00
Damian Mooyman
7ee444e08a
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
admin/code/LeftAndMain.php
control/injector/SilverStripeServiceConfigurationLocator.php
core/ClassInfo.php
filesystem/File.php
model/DataObject.php
model/DataQuery.php
search/filters/FulltextFilter.php
search/filters/SearchFilter.php
tests/core/ClassInfoTest.php
tests/filesystem/FileTest.php
tests/model/DataListTest.php
2015-07-31 11:38:18 +12:00
Daniel Hensby
ffbeac6b7d
Ensuring classinfo is case insensitive
2015-07-28 11:17:50 +01:00
Loz Calver
778161931b
Merge pull request #4325 from dhensby/pulls/http-fix
...
Fixing issues with HTTP cache control
2015-07-23 14:12:41 +01:00
Daniel Hensby
ca8d0f2818
Merge branch '3.1' into 3.2
...
Conflicts:
dev/Debug.php
docs/en/05_Contributing/01_Code.md
forms/FormField.php
i18n/i18nTextCollector.php
model/DataQuery.php
2015-07-20 10:48:01 +01:00
Daniel Hensby
33d93c2a31
Fixing issues with HTTP cache control
2015-06-29 22:16:02 +01:00
Damian Mooyman
e14f743bf0
Set deprecation level for all changes in 3.x to 4.0
2015-06-19 13:07:41 +12:00
Damian Mooyman
78a3f703f2
Merge pull request #4178 from dhensby/pulls/cookie-name-normalisation
...
NEW Cookie names with dots are now handled more gracefully
2015-06-15 11:35:39 +12:00
Daniel Hensby
eaec2ad9a8
Safe unnesting of Config and Injector
2015-06-15 00:23:40 +01:00
Jeremy Shipman
e766658ee3
API: Allow HTTP Cache Headers to be customized
2015-06-13 12:16:56 +12:00
Damian Mooyman
8331171f2c
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
.scrutinizer.yml
admin/javascript/LeftAndMain.Panel.js
core/startup/ParameterConfirmationToken.php
dev/Debug.php
dev/FixtureBlueprint.php
docs/en/00_Getting_Started/05_Coding_Conventions.md
docs/en/00_Getting_Started/index.md
docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
filesystem/File.php
filesystem/Folder.php
forms/FieldList.php
forms/LabelField.php
forms/MoneyField.php
forms/TextField.php
forms/TreeDropdownField.php
forms/Validator.php
forms/gridfield/GridField.php
forms/gridfield/GridFieldExportButton.php
lang/de.yml
lang/fi.yml
model/DataObject.php
model/SQLQuery.php
parsers/ShortcodeParser.php
security/ChangePasswordForm.php
security/Security.php
tests/control/DirectorTest.php
tests/core/startup/ParameterConfirmationTokenTest.php
tests/dev/FixtureBlueprintTest.php
tests/forms/FieldListTest.php
tests/forms/MoneyFieldTest.php
tests/model/SQLQueryTest.php
tests/security/SecurityTest.php
2015-06-02 19:13:38 +12:00
Damian Mooyman
0a8f328947
Fix merge / test regressions
2015-05-28 16:59:05 +12:00
Damian Mooyman
75137dbab2
Ensure only trusted proxy servers have control over certain HTTP headers
2015-05-28 10:12:46 +12:00
Damian Mooyman
22a35e48a9
BUG Fix malformed urls redirecting to external sites
2015-05-28 10:12:18 +12:00
Daniel Hensby
ce5a8f2b41
NEW Cookie names with dots are now handled more gracefully
2015-05-12 10:49:58 +01:00
Stevie Mayhew
0d94cf15a5
UPDATE: change all instances of $this->request to use appropriate getter/setter
2015-04-30 11:04:08 +12:00
Daniel Hensby
060c550d75
Merge pull request #4039 from jacobbuck/httpresponse-isfinished-status
...
Add more 3xx status codes to SS_HTTPResponse::isFinished() method
2015-03-31 21:21:00 +01:00
Damian Mooyman
43f49e8434
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
admin/code/ModelAdmin.php
control/Director.php
model/SQLQuery.php
security/Member.php
tests/control/HTTPTest.php
tests/model/SQLQueryTest.php
tests/security/SecurityTest.php
tests/view/SSViewerTest.php
2015-03-31 19:54:15 +13:00
Sean Harvey
a7d3f89136
BUG Check for existence of HTTP_USER_AGENT to avoid E_NOTICE error.
...
In some cases, a request may not have an HTTP_USER_AGENT. This should
check the variable exists before attempting to check it. The specific
case where it failed for me was Active Directory Federation Services
sending a web request to a SilverStripe site, but failing because it
doesn't have an agent string.
2015-03-26 12:17:22 +13:00
Jacob Buck
03ec9e80f0
Add more 3xx status codes to SS_HTTPResponse::isFinished method
2015-03-26 11:48:24 +13:00
Damian Mooyman
ee9bddb808
BUG Fix SS-2015-010
2015-03-20 17:30:37 +13:00
Daniel Hensby
f568052044
Testing empty absolute urls and more thorough tests
2015-03-13 13:56:14 +00:00
Damian Mooyman
dff65867cc
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
control/HTTP.php
control/HTTPResponse.php
docs/en/05_Contributing/01_Code.md
forms/CompositeField.php
forms/FormAction.php
forms/FormField.php
forms/InlineFormAction.php
forms/NumericField.php
forms/TreeDropdownField.php
forms/TreeMultiselectField.php
templates/forms/TreeDropdownField.ss
tests/core/CoreTest.php
tests/forms/NumericFieldTest.php
tests/model/DataDifferencerTest.php
2015-02-20 10:17:19 +13:00
Fred Condo
5047143e7b
Correct return statements in SS_HTTPResponse
...
- setBody failed to return a value; it now returns $this as related methods do
- getHeader had an extra, unreachable return statement; removed
2015-02-18 10:32:33 -08:00
jaredkipe
de09bffd84
Update Controller to allow extension in handleAction()
...
Controller's parent class (RequestHandler) has two extensions in its handleAction() method that are obscured by Controller's implementation.
2015-02-08 19:43:44 +13:00
Damian Mooyman
70e0d60f93
BUG Fix developer output in redirection script
2015-02-05 11:32:31 +13:00
John Milmine
06b142a1e5
adding config variable to cancel ajax caching
2015-01-29 14:19:08 +13:00
Pedro Rodrigues
77f2c81e3d
Minor typo on HTTPRequest.php
2015-01-24 21:07:40 +01:00
Damian Mooyman
0b1f297873
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
README.md
admin/code/LeftAndMain.php
admin/css/screen.css
admin/scss/screen.scss
api/RestfulService.php
conf/ConfigureFromEnv.php
control/injector/ServiceConfigurationLocator.php
control/injector/SilverStripeServiceConfigurationLocator.php
core/ClassInfo.php
core/Object.php
css/AssetUploadField.css
css/ComplexTableField_popup.css
dev/CSSContentParser.php
dev/DevelopmentAdmin.php
docs/en/changelogs/index.md
docs/en/misc/contributing/code.md
docs/en/reference/execution-pipeline.md
filesystem/GD.php
filesystem/ImagickBackend.php
filesystem/Upload.php
forms/Form.php
forms/FormField.php
forms/HtmlEditorConfig.php
forms/gridfield/GridFieldDetailForm.php
forms/gridfield/GridFieldSortableHeader.php
lang/en.yml
model/Aggregate.php
model/DataList.php
model/DataObject.php
model/DataQuery.php
model/Image.php
model/MySQLDatabase.php
model/SQLQuery.php
model/fieldtypes/HTMLText.php
model/fieldtypes/Text.php
scss/AssetUploadField.scss
search/filters/SearchFilter.php
security/Authenticator.php
security/LoginForm.php
security/Member.php
security/MemberAuthenticator.php
security/MemberLoginForm.php
security/Security.php
tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
tests/control/HTTPTest.php
tests/control/RequestHandlingTest.php
tests/filesystem/UploadTest.php
tests/forms/FormTest.php
tests/forms/NumericFieldTest.php
tests/model/DataListTest.php
tests/model/DataObjectTest.php
tests/model/TextTest.php
tests/security/MemberAuthenticatorTest.php
tests/security/SecurityDefaultAdminTest.php
tests/view/SSViewerCacheBlockTest.php
tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Simon Welsh
73b591a79d
Correct regression around ?flush
...
?flush used to work. There's no reason why it shouldn't.
2014-10-30 20:51:05 +11:00
Gabriele Brosulo
2cf11abecb
Session keys are case sensitive
2014-10-24 09:59:28 +02:00