tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
18,391 Commits 31 Branches 527 Tags 162 MiB
4ad6bdbe7e
Commit Graph

12 Commits

Author SHA1 Message Date
Antony Thorpe
6348f2e3e8 Updated Form.php & 04_Form_Security.md 
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
 2017-06-06 21:10:49 +12:00
Damian Mooyman
fba8e2c245 API Remove Object class 
API DataObjectSchema::manyManyComponent() return array is now associative array
 2017-05-23 13:50:35 +12:00
Robbie Averill
f2cbe86f03 Remove CustomMethods::createMethod and create_function implementations, replace with closures 2017-05-19 15:56:44 +12:00
Aaron Carlino
c99ed2d262 Reorganise i18n keys 2017-05-08 23:34:39 +12:00
Damian Mooyman
0c41a97a8b API Refactor Form request handling into FormRequestHandler 
API Add HasRequestHandler interface
API Refactor Link() and url handling behaviour from Controller into RequestHandler
API RequestHandler classes now must define url_segment to have a default Link()
API Clean up redirectBack()
 2017-03-10 15:04:33 +13:00
Damian Mooyman
029a8b9586
API Substitute Zend_Currency with NumberFormatter based solution 
API Substitute Zend_Locale with Locale / NumberFormatter
API Substitute Zend_Date with IntlDateFormatter
API Added DBTIme::Nice12, FormatFromSettings
API Added Short() method to DBDate / DBTime / DBDatetime
API Add Date::getTimestamp()
API Added setSubmittedValue api for FormField
API Add second arg to base FormField::setValue()
API Major refactor of i18n into component data parts
API Implement Resettable interface to reset objects between tests
ENHANCEMENT Changed DBField::create_field return type to `static` to support better type hinting
ENHANCEMENT i18nTextCollector supports __CLASS__
 2017-02-09 15:28:59 +13:00
Daniel Hensby
664c0eafbe
Merge branch '3' 2016-12-28 14:30:54 +00:00
Damian Mooyman
6e589aac75
API Updates to Form, ValidationResponse, ValidationException 
API Implement form schema "errors" handling
 2016-12-09 14:24:11 +13:00
Sam Minnee
6650561dac Don't use session and FormSchema to manage server-side React validation responses 2016-12-09 10:27:23 +13:00
Daniel Hensby
c6d43b477e
Merge branch '3' 2016-11-29 13:27:49 +00:00
Damian Mooyman
1b1e921e3d
PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
Sam Minnee
7a10c194bd NEW: Move code files into src/ folder. 
This updates framework to be more in keeping with PHP conventions.
 2016-11-01 13:37:24 +13:00