Commit Graph

1126 Commits

Author SHA1 Message Date
Hamish Friedlander
80d4af6b6e
API Apply Framework\ORM Namespace to model 2016-06-29 10:02:32 +12:00
Hamish Friedlander
51d53f4b50 Merge pull request #5646 from open-sausages/pulls/4.0/config-table-name
API Allow table_name to be declared / introduce DataObjectSchema
2016-06-14 15:06:38 +12:00
Daniel Hensby
9e3f76832b
Merge branch '3' 2016-06-13 13:41:20 +01:00
Daniel Hensby
19b9413432
NEW Use injector for MemberLoginForm fields 2016-06-10 22:50:38 +01:00
Damian Mooyman
5e8ae41d47 API Refactor dataobject schema management into separate service
API Allow table_name to be configured via Config
2016-06-08 13:22:56 +12:00
Daniel Hensby
e5f1ca3bbe
Cleaning up Controller::handleRequest
1. Separated responsibility of handleAction so that it no longer bootstraps the controller and cleans up after the request is handled.
2. NEW beforeHandleRequest to take responsibility of bootstrapping the controller
3. NEW afterHandleRequest to take responsibility of cleanup for the controller
4. NEW calling init on controllers deprecated in favour of callInit() which takes responsibility of enforcing that "base init" is called and the before and after hooks
5. NEW Added prepareResponse to Controller for dealing with responses from controllers
6. NEW setResponse added to controller for setting response objects on the controller
2016-05-23 00:21:04 +01:00
Daniel Hensby
cdb0b07345
Merge branch '3' 2016-05-20 14:20:33 +01:00
Stevie Mayhew
b1df9dcb1d BUGFIX: check that we have a token and a UID before attempting a member auto login 2016-05-20 09:19:08 +12:00
Damian Mooyman
574bc6038b Merge 3 into master
# Conflicts:
#	CONTRIBUTING.md
#	admin/css/screen.css
#	admin/css/screen.css.map
#	admin/javascript/LeftAndMain.EditForm.js
#	admin/javascript/LeftAndMain.js
#	admin/scss/_forms.scss
#	dev/Debug.php
#	docs/en/05_Contributing/01_Code.md
#	forms/DropdownField.php
#	model/DataObject.php
#	model/Versioned.php
#	model/fieldtypes/DBLocale.php
#	tests/forms/gridfield/GridFieldExportButtonTest.yml
#	tests/model/MoneyTest.php
#	tests/model/MoneyTest.yml
#	tests/model/SQLQueryTest.php
2016-05-18 18:36:10 +12:00
Damian Mooyman
4d1ddf0e62
BUG Prevent session hijackers from resetting a user password
BUG Member::checkPassword incorrect for default admin
2016-05-16 10:54:18 +12:00
Damian Mooyman
f13e44a265 Merge 3 into master
# Conflicts:
#	admin/javascript/LeftAndMain.Tree.js
#	admin/javascript/lang/cs.js
#	admin/javascript/lang/de.js
#	admin/javascript/lang/en.js
#	admin/javascript/lang/eo.js
#	admin/javascript/lang/es.js
#	admin/javascript/lang/fa_IR.js
#	admin/javascript/lang/fi.js
#	admin/javascript/lang/fr.js
#	admin/javascript/lang/id.js
#	admin/javascript/lang/id_ID.js
#	admin/javascript/lang/it.js
#	admin/javascript/lang/ja.js
#	admin/javascript/lang/lt.js
#	admin/javascript/lang/mi.js
#	admin/javascript/lang/nb.js
#	admin/javascript/lang/nl.js
#	admin/javascript/lang/pl.js
#	admin/javascript/lang/ro.js
#	admin/javascript/lang/ru.js
#	admin/javascript/lang/sk.js
#	admin/javascript/lang/sl.js
#	admin/javascript/lang/sr.js
#	admin/javascript/lang/sr@latin.js
#	admin/javascript/lang/sr_RS.js
#	admin/javascript/lang/sr_RS@latin.js
#	admin/javascript/lang/src/cs.js
#	admin/javascript/lang/src/de.js
#	admin/javascript/lang/src/en.js
#	admin/javascript/lang/src/eo.js
#	admin/javascript/lang/src/es.js
#	admin/javascript/lang/src/fi.js
#	admin/javascript/lang/src/fr.js
#	admin/javascript/lang/src/id.js
#	admin/javascript/lang/src/id_ID.js
#	admin/javascript/lang/src/it.js
#	admin/javascript/lang/src/ja.js
#	admin/javascript/lang/src/lt.js
#	admin/javascript/lang/src/mi.js
#	admin/javascript/lang/src/nb.js
#	admin/javascript/lang/src/nl.js
#	admin/javascript/lang/src/pl.js
#	admin/javascript/lang/src/ro.js
#	admin/javascript/lang/src/ru.js
#	admin/javascript/lang/src/sk.js
#	admin/javascript/lang/src/sl.js
#	admin/javascript/lang/src/sr.js
#	admin/javascript/lang/src/sr@latin.js
#	admin/javascript/lang/src/sr_RS.js
#	admin/javascript/lang/src/sr_RS@latin.js
#	admin/javascript/lang/src/sv.js
#	admin/javascript/lang/src/zh.js
#	admin/javascript/lang/sv.js
#	admin/javascript/lang/zh.js
#	css/GridField.css
#	forms/gridfield/GridFieldExportButton.php
#	javascript/GridField.js
#	javascript/lang/ar.js
#	javascript/lang/cs.js
#	javascript/lang/de.js
#	javascript/lang/en.js
#	javascript/lang/en_GB.js
#	javascript/lang/eo.js
#	javascript/lang/es.js
#	javascript/lang/fi.js
#	javascript/lang/fr.js
#	javascript/lang/id.js
#	javascript/lang/id_ID.js
#	javascript/lang/it.js
#	javascript/lang/ja.js
#	javascript/lang/lt.js
#	javascript/lang/mi.js
#	javascript/lang/nb.js
#	javascript/lang/nl.js
#	javascript/lang/pl.js
#	javascript/lang/ru.js
#	javascript/lang/sk.js
#	javascript/lang/sl.js
#	javascript/lang/sr.js
#	javascript/lang/sr@latin.js
#	javascript/lang/sr_RS.js
#	javascript/lang/sr_RS@latin.js
#	javascript/lang/src/ar.js
#	javascript/lang/src/cs.js
#	javascript/lang/src/de.js
#	javascript/lang/src/en.js
#	javascript/lang/src/eo.js
#	javascript/lang/src/es.js
#	javascript/lang/src/fi.js
#	javascript/lang/src/fr.js
#	javascript/lang/src/id.js
#	javascript/lang/src/id_ID.js
#	javascript/lang/src/it.js
#	javascript/lang/src/ja.js
#	javascript/lang/src/lt.js
#	javascript/lang/src/mi.js
#	javascript/lang/src/nb.js
#	javascript/lang/src/nl.js
#	javascript/lang/src/pl.js
#	javascript/lang/src/ru.js
#	javascript/lang/src/sk.js
#	javascript/lang/src/sl.js
#	javascript/lang/src/sr.js
#	javascript/lang/src/sr@latin.js
#	javascript/lang/src/sr_RS.js
#	javascript/lang/src/sr_RS@latin.js
#	javascript/lang/src/sv.js
#	javascript/lang/src/zh.js
#	javascript/lang/sv.js
#	javascript/lang/zh.js
#	scss/GridField.scss
#	tests/model/ManyManyListTest.php
#	tests/model/SQLQueryTest.php
2016-05-11 15:19:35 +12:00
Damian Mooyman
4f06a43986 Merge 3.3 into 3
# Conflicts:
#	admin/javascript/lang/src/cs.js
#	admin/javascript/lang/src/de.js
#	admin/javascript/lang/src/en.js
#	admin/javascript/lang/src/eo.js
#	admin/javascript/lang/src/es.js
#	admin/javascript/lang/src/fi.js
#	admin/javascript/lang/src/fr.js
#	admin/javascript/lang/src/id.js
#	admin/javascript/lang/src/id_ID.js
#	admin/javascript/lang/src/it.js
#	admin/javascript/lang/src/ja.js
#	admin/javascript/lang/src/lt.js
#	admin/javascript/lang/src/mi.js
#	admin/javascript/lang/src/nb.js
#	admin/javascript/lang/src/nl.js
#	admin/javascript/lang/src/pl.js
#	admin/javascript/lang/src/ro.js
#	admin/javascript/lang/src/ru.js
#	admin/javascript/lang/src/sk.js
#	admin/javascript/lang/src/sl.js
#	admin/javascript/lang/src/sr.js
#	admin/javascript/lang/src/sr@latin.js
#	admin/javascript/lang/src/sr_RS.js
#	admin/javascript/lang/src/sr_RS@latin.js
#	admin/javascript/lang/src/sv.js
#	admin/javascript/lang/src/zh.js
#	javascript/lang/fr.js
#	javascript/lang/src/ar.js
#	javascript/lang/src/cs.js
#	javascript/lang/src/de.js
#	javascript/lang/src/en.js
#	javascript/lang/src/eo.js
#	javascript/lang/src/es.js
#	javascript/lang/src/fi.js
#	javascript/lang/src/fr.js
#	javascript/lang/src/id.js
#	javascript/lang/src/id_ID.js
#	javascript/lang/src/it.js
#	javascript/lang/src/ja.js
#	javascript/lang/src/lt.js
#	javascript/lang/src/mi.js
#	javascript/lang/src/nb.js
#	javascript/lang/src/nl.js
#	javascript/lang/src/pl.js
#	javascript/lang/src/ru.js
#	javascript/lang/src/sk.js
#	javascript/lang/src/sl.js
#	javascript/lang/src/sr.js
#	javascript/lang/src/sr@latin.js
#	javascript/lang/src/sr_RS.js
#	javascript/lang/src/sr_RS@latin.js
#	javascript/lang/src/sv.js
#	javascript/lang/src/zh.js
#	lang/it.yml
2016-05-11 14:06:23 +12:00
Damian Mooyman
8b94dd83df API Add CSRF to Campaign delete 2016-05-09 17:33:10 +12:00
Frank Mullenger
b4cd617ee3 FIX: Renaming to HTMLEditorConfig.
FIX: Renaming to HTMLEditorField*.

FIX: Renaming to HTMLEditorSanitiser*.
2016-05-06 14:16:34 +12:00
Daniel Hensby
d1751e3310
Merge remote-tracking branch '3.2.4' into 3.3.2 2016-05-05 12:33:21 +01:00
Daniel Hensby
cf29b2c146
Merge remote-tracking branch '3.1.19' into 3.2.4 2016-05-05 11:17:45 +01:00
Daniel Hensby
92599727b9
Merge remote-tracking branch 'security/patch/3.1/ss-2016-006' into 3.1.19 2016-05-05 01:01:49 +01:00
Daniel Hensby
7af7f8dd65
Merge remote-tracking branch 'security/patch/3.1/ss-2016-005' into 3.1.19 2016-05-05 01:01:44 +01:00
Daniel Hensby
b11bbffb7d
Merge branch '3' 2016-05-04 23:36:10 +01:00
Daniel Hensby
457931d664
Merge branch '3.3' into 3 2016-05-04 23:32:10 +01:00
Damian Mooyman
2a5ba397e6 BUG Fix SS_HTTPResponse being cast as string (#5413)
Fixes #5335
2016-05-02 08:54:19 +12:00
Daniel Hensby
1ccd3926e3
[SS-2016-001] FIX Properly check backurl on CMSSecurity@success 2016-04-20 23:58:50 +01:00
Daniel Hensby
a6bd22ab2f
[SS-2016-006] FIX dont disable XSS for login forms 2016-04-20 23:57:59 +01:00
Ingo Schommer
19de22f427 API Moved frontend assets into admin/client/
admin/javascript => admin/client
admin/javascript/src => admin/client/src/legacy (mostly)
admin/scss/_variables.scss => admin/client/styles/_variables.scss
admin/scss => admin/client/styles/legacy/
admin/css/editor.css => admin/client/dist/css/editor.css
admin/css/screen.css => admin/client/dist/css/bundle.css
admin/images => admin/client/dist/images
admin/images/sprites/src => admin/client/src/sprites
admin/images/sprites/dist => admin/client/dist/sprites
admin/font => admin/client/dist/font
2016-04-20 21:13:10 +12:00
Daniel Hensby
f32c893546
[SS-2016-005] FIX Apply brute force protection to default admin 2016-04-19 23:20:29 +01:00
Roman Schmid
ca4036b882 Removed Email Subclasses used by the Member class (Member_ChangePasswordEmail and Member_ForgotPasswordEmail).
Added a test for the forgot password email.
Improved the test for the change-password email.
Fixed issue where `SapphireTest::mailer` was cleared during `setUp` by moving instantiation of the mailer at the end of the `setUp` method.
No longer use deprecated i18n method in test-setup.
Replace potentially real Email Address with a fake one.
2016-04-06 09:54:17 +02:00
Damian Mooyman
d8d005d1e2 BUG move test file to correct folder and fix class_exists 2016-03-31 17:06:23 +13:00
Sam Minnee
aeccb8b8e0 API: Move DBField subclasses into SilverStripe\Model\FieldType namespace
API: Deprecate SS_Datetime.

The DBField subclasses are have all been renamed to start with “DB” and
be in the SilverStripe\Model\FieldType namespace. To keep DataObject
definitions concise, the original short variations of their names are
preserved as service definitions. Most of the field generation code
doesn’t need to change, but where field classes are referenced directly,
changes will be needed.

SS_Datetime, which is commonly referenced outside the model system
itself, has been preserved as a subclass of DBDatetime. This has been
marked as deprecated and can be removed in SilverStripe 5.

A few places that referred to $db and $casting values weren’t using
the Injector to instantiate the relevant classes. This meant that the
remapping we have created as part of moving classes into a namespace
didn’t work.
2016-03-22 18:09:30 +13:00
Damian Mooyman
3dada00905 Cleanup trailing whitespace 2016-03-09 10:20:31 +13:00
Ingo Schommer
3b11d73c46 Merge remote-tracking branch 'origin/3'
# Conflicts:
#	forms/gridfield/GridFieldDetailForm.php
#	javascript/GridField.js
2016-03-07 09:26:35 +13:00
Nicolaas
4b5bd2d744 BUG: cleaner can* methods for Member 2016-03-03 21:32:06 +13:00
Damian Mooyman
e1865151c5 Merge pull request #5098 from bummzack/5086-fix-member-validator
Fix for issue #5086
2016-02-26 14:39:53 +13:00
Roman Schmid
f691a5da32 Improve Member_Validator to:
- properly check for existing members.
- allow extensions.
- remove old code and replace with new syntax and add config API.

Fix issue in Group code where Member_Validator was instantiated via "new" which didn't allow injector overrides.
Added unit-tests.

Establish a link between the member and the validator for said member.
2016-02-25 16:10:52 +01:00
Jean-Fabien Barrois
bab1f230bf NEW Cross device "Remember Me" feature
At the moment, using the "Remember me" function on more than one device will only work with the last device used. Previous devices will not auto login.
This PR introduces a new DataObject for storing hashed tokens against multiple devices. Developers can configure if logging out should discard all tokens, or only the one used on the device logging out; token expiry date is 90 days by default but configurable. For added security, the old behaviour can still be enforced if multiple tokens are not desired.
See silverstripe#1574 for additional background
2016-02-10 09:42:08 +13:00
David Craig
2140025c20 Implement RFC-7 JavaScript module loader
- Adds ES6 support via Babel
- Transforms existing JavaScript to UMD modules
- Adds module bundling via Browserify
- Existing JavaScript converted to UMD modules
- lib.js and leftandmain.js are bundled using browserify
- JavaScript minifying of bundles handed by gulp
2016-01-26 11:39:20 +13:00
Damian Mooyman
e77389d0c8 API Standardise SS_List::map() implementation
Fixes #1593
2016-01-25 10:22:47 +13:00
assertchris
c66f973fce Replaced obsolete mime types 2016-01-24 18:15:47 +13:00
Damian Mooyman
bdb1a95758 API Cleanup and refactor of select fields
API Standardise Relation interface
2016-01-21 15:40:19 +13:00
Damian Mooyman
e6b877df27 Merge remote-tracking branch 'origin/3'
# Conflicts:
#	control/Director.php
#	control/HTTP.php
#	core/startup/ParameterConfirmationToken.php
#	docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md
#	docs/en/00_Getting_Started/04_Directory_Structure.md
#	docs/en/00_Getting_Started/05_Coding_Conventions.md
#	docs/en/01_Tutorials/01_Building_A_Basic_Site.md
#	docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
#	docs/en/01_Tutorials/03_Forms.md
#	docs/en/01_Tutorials/04_Site_Search.md
#	docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
#	docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md
#	docs/en/02_Developer_Guides/13_i18n/index.md
#	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
#	docs/en/03_Upgrading/index.md
#	docs/en/changelogs/index.md
#	docs/en/howto/customize-cms-menu.md
#	docs/en/howto/navigation-menu.md
#	docs/en/index.md
#	docs/en/installation/index.md
#	docs/en/installation/windows-manual-iis-6.md
#	docs/en/misc/contributing/code.md
#	docs/en/misc/contributing/issues.md
#	docs/en/misc/module-release-process.md
#	docs/en/reference/dataobject.md
#	docs/en/reference/execution-pipeline.md
#	docs/en/reference/grid-field.md
#	docs/en/reference/modeladmin.md
#	docs/en/reference/rssfeed.md
#	docs/en/reference/templates.md
#	docs/en/topics/commandline.md
#	docs/en/topics/debugging.md
#	docs/en/topics/email.md
#	docs/en/topics/forms.md
#	docs/en/topics/index.md
#	docs/en/topics/module-development.md
#	docs/en/topics/modules.md
#	docs/en/topics/page-type-templates.md
#	docs/en/topics/page-types.md
#	docs/en/topics/search.md
#	docs/en/topics/testing/index.md
#	docs/en/topics/testing/testing-guide-troubleshooting.md
#	docs/en/topics/theme-development.md
#	docs/en/tutorials/1-building-a-basic-site.md
#	docs/en/tutorials/2-extending-a-basic-site.md
#	docs/en/tutorials/3-forms.md
#	docs/en/tutorials/4-site-search.md
#	docs/en/tutorials/5-dataobject-relationship-management.md
#	docs/en/tutorials/building-a-basic-site.md
#	docs/en/tutorials/dataobject-relationship-management.md
#	docs/en/tutorials/extending-a-basic-site.md
#	docs/en/tutorials/forms.md
#	docs/en/tutorials/index.md
#	docs/en/tutorials/site-search.md
#	main.php
#	model/SQLQuery.php
#	security/ChangePasswordForm.php
#	security/MemberLoginForm.php
#	tests/control/ControllerTest.php
#	tests/core/startup/ParameterConfirmationTokenTest.php
#	tests/model/SQLQueryTest.php
#	tests/security/SecurityTest.php
#	tests/view/SSViewerTest.php
#	view/SSTemplateParser.php
#	view/SSTemplateParser.php.inc
#	view/SSViewer.php
2016-01-20 13:16:27 +13:00
Damian Mooyman
8c1cafd1a0 Merge remote-tracking branch 'origin/3.3' into 3
# Conflicts:
#	admin/scss/_forms.scss
#	admin/scss/_style.scss
#	admin/scss/_tree.scss
#	javascript/TreeDropdownField.js
2016-01-19 17:08:26 +13:00
Damian Mooyman
5d240feaec Merge remote-tracking branch 'origin/3.2' into 3.3 2016-01-19 15:08:24 +13:00
Damian Mooyman
46cbe809ac Merge remote-tracking branch 'origin/3.1' into 3.2
# Conflicts:
#	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
#	docs/en/02_Developer_Guides/14_Files/01_Image.md
#	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md
#	docs/en/03_Upgrading/index.md
#	docs/en/05_Contributing/01_Code.md
#	forms/TreeMultiselectField.php
#	security/Permission.php
2016-01-19 14:00:19 +13:00
Denise Rivera
7e32268ede display filtered roles when not an admin 2016-01-11 13:05:10 +13:00
Sam Minnee
3ee8f505b7 MINORE: Remove training whitespace.
The main benefit of this is so that authors who make use of
.editorconfig don't end up with whitespace changes in their PRs.

Spaces vs. tabs has been left alone, although that could do with a
tidy-up in SS4 after the switch to PSR-1/2.

The command used was this:

for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//'
done
2016-01-07 10:15:54 +13:00
Damian Mooyman
21e1e938eb Merge pull request #4893 from dhensby/pulls/member-regenerate-session-id
FIX session_regenerate_id uses config system
2016-01-06 15:16:31 +13:00
Daniel Hensby
00544ff100 FIX session_regenerate_id uses config system 2016-01-05 22:31:58 +00:00
Daniel Hensby
4335d8ed22 FIX Members with no ID inherit logged in user permission 2016-01-05 08:16:18 +00:00
Damian Mooyman
19b10044ec Merge remote-tracking branch 'origin/3.2' into 3 2015-12-22 17:05:07 +13:00
Damian Mooyman
6ac83f02c9 Merge pull request #4819 from SilverStripers/3
parse the string to be converted to group codes.
2015-12-22 16:53:31 +13:00
Damian Mooyman
48a30909f3 Merge remote-tracking branch 'origin/3.2' into 3
# Conflicts:
#	admin/javascript/LeftAndMain.BatchActions.js
#	css/UploadField.css
#	forms/HtmlEditorField.php
2015-12-22 14:07:52 +13:00