Commit Graph

25 Commits

Author SHA1 Message Date
Ingo Schommer
4c74f45361 API CHANGE Disallow methods/actions in RequestHandler->checkAccessAction() which are implemented on parent classes (e.g. ViewableData and Object), unless access is controlled through $allowed_actions. This limits information exposure from getters used in template contexts.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@102003 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:10 +13:00
Sean Harvey
2a583d9320 BUGFIX RequestHandler::handleRequest is now compatible with Controller::handleRequest in that SS_HTTPRequest is the type hint for the $request parameter
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100919 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:57 +13:00
Andrew Short
79773042be API CHANGE: Renamed conflicting classes to have an "SS_" namespace, and renamed existing "SS" namespace to "SS_". The affected classes are: HTTPRequest, HTTPResponse, Query, Database, SSBacktrace, SSCli, SSDatetime, SSDatetimeTest, SSLog, SSLogTest, SSLogEmailWriter, SSLogErrorEmailFormatter, SSLogErrorFileFormatter, SSLogFileWriter and SSZendLog.
MINOR: Replaced usage of renamed classes with the new namespaced name.

From: Andrew Short <andrewjshort@gmail.com>

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90075 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-26 03:06:31 +00:00
Ingo Schommer
b930149c3a BUGFIX Fixed RequestHandler->allowedActions() lowercasing of actions - was applying the logic, but not writing it back to the $actions array.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89163 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-15 21:50:02 +00:00
Sam Minnee
68279be998 BUGFIX: Fix regression in r88521 that prevented the index action from being explictly disabled by setting the * key in allowed_actions
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@88523 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-11 09:15:51 +00:00
Sam Minnee
1fce2e614b BUGFIX: Ensure that the index action works even if allowed_actions is set.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@88521 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-11 05:16:18 +00:00
Andrew Short
72592d8c14 FEATURE: Added RequestHandler->allowedActions() to return a unified representation (including extensions) of all allowed actions on a controller.
BUGFIX: Updated Controller->hasAction() to use RequestHandler->allowedActions() so that extension actions are recognised.

From: Andrew Short <andrewjshort@gmail.com>

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@88508 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-11 00:07:26 +00:00
Andrew Short
da4b65c749 FEATURE: Added RequestHandler->hasAction() and Controller->hasAction() to check if a specific action is defined on a controller.
ENHANCEMENT: Updated ContentController->handleRequest() to use Controller->hasAction() to check whether to fall over to a child page, rather than relying on an error response from Controller->handleRequest().

From: Andrew Short <andrewjshort@gmail.com>

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@88505 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-11 00:07:23 +00:00
Ingo Schommer
3f751a2cb8 BUGFIX Don't lowercase permission codes contained in $allowed_actions in RequestHandler->checkAccessAction(). Permission checks are case sensitive.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86085 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 07:02:54 +00:00
Ingo Schommer
fc03a8608a API CHANGE Don't exempt 'index' controller actions from $allowed_actions check - they might still contain sensitive information (for example ImageEditor). This action has to explicitly allowed on controllers with $allowed_actions defined now.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86002 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 01:37:44 +00:00
Ingo Schommer
e9d25ca2ce MINOR Moved documentation about Controller and RequestHandler to the right places
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85775 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-07 00:14:11 +00:00
Sam Minnee
2b7572e21a BUGFIX: Removed some code that needed Extension to extend from Object.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@84162 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-11 08:50:32 +00:00
Sean Harvey
82a68dd3bd MINOR Merged from branches/2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@81997 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-07-16 03:44:15 +00:00
Sam Minnee
e2dcc48d48 ENHANCEMENT ajshort: Allow a HTTPResponse to be encapsulated in a HTTPResponse_Exception, which can be later caught by the request handler.
MINOR ajshort: Updated RequestHandler->httpError() to interrupt the execution flow by throwing an exception.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@80226 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-06-27 08:48:44 +00:00
Sean Harvey
1168bf07c6 MINOR Removed comment that no longer applies in RequestHandler
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@79423 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-06-17 06:20:58 +00:00
Sean Harvey
a39822712b Merged from branches/2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75659 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-29 07:28:53 +00:00
Sean Harvey
a5e82ddff1 Merged from branches/2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75590 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-29 01:20:24 +00:00
Normann Lou
eb0b76840c BUGFIX: RequestHandler::checkAccessAction() breaks when $this->class is null, this happens when you delete a DataObject from ResultForm (list view) in DataAdmin. We use safer call get_class($this) instead.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@74633 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-16 22:41:14 +00:00
Ingo Schommer
e0ec30dcc8 ENHANCEMENT Allowing usage of global settings via asterisk (*) in RequestHandler->$allowed_actions
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@74009 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-02 16:34:27 +00:00
Ingo Schommer
b12a00c391 MINOR phpdoc documentation
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73509 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-22 22:59:14 +00:00
Sam Minnee
a28ea0a69e ENHANCEMENT: Added Object::combined_static(), which gets all values of a static property from each class in the hierarchy
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73473 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-21 05:10:05 +00:00
Sam Minnee
020a92eda8 BUGFIX #2992: Fixed T_PAAMAYIM_NEKUDOTAYIM error in RequestHandler
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65250 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-05 01:59:27 +00:00
Sam Minnee
ba4a1acc68 BUGFIX: Don't allow calling of magically added methods via URL unless explicitly listed in allowed_actions
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64981 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-31 02:16:25 +00:00
Sam Minnee
132957b5c2 API CHANGE #2922: RequestHandler:: now inherit
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64958 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-30 22:28:01 +00:00
Sam Minnee
cd699e3d89 API CHANGE #2857 - Renamed RequestHandlingData to RequestHandler
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64953 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-30 22:03:21 +00:00