Commit Graph

300 Commits

Author SHA1 Message Date
Damian Mooyman
1e612607aa Suggested improvements / test case fixes 2014-10-10 09:28:11 +13:00
Daniel Hensby
3b9056fc01 NEW Cookie_Backend for managing cookie state
I've decoupled `Cookie` from the actual act of setting and getting
cookies. Currently there are a few limitations to how Cookie works that
this change mitigates:

0. `Cookie` currently changes the super global `$_COOKIE` when setting
to make the state of an application a bit more managable, but this is
bad because we shouldn't be modifying super globals
0. One can't actually change the `$cookie_class` once the
`Cookie::$inst` has been instantiated
0. One can't test cookies as there is no class that holds the state of
the cookies (it's just held in the super global which is reset as part
of `Director::test()`
0. One can't tell the origin of a cookie (eg: did the application set it
and it needs to be sent, or did we receive it from the browser?)
0. `time()` was used, so testing was made difficult
0. There was no way to get all the cookies at once (without accessing
the super global)

Todos are on the phpdoc and I'd like to write some tests for the backend
as well as update the docs (if there are any) around cookies.
DOCS Adding `Cookie` docs

Explains basic usage of `Cookie` as well as how the `Cookie_Backend`
controls the setting and getting of cookies and manages state of sent vs
received cookies
Fixing `Cookie` usage

`Cookie` is being used inconsistently with the API throughout framework.
Either by not using `force_expiry` to expire cookies or setting them to
null and then expiring them (which is redundant).
NEW `Director::test()` takes `Cookie_Backend` rather than `array` for `$cookies` param
2014-10-06 17:44:51 +13:00
Sean Harvey
563155391f API Cookies set via Cookie::set() are now HTTP only by default 2014-09-24 17:48:13 +12:00
Sean Harvey
07eef2ece2 Removing deprecated class/functions marked for deprecation in 3.0/3.1 2014-08-25 12:06:05 +12:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Mateusz Uzdowski
8bf3853887 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	docs/en/misc/contributing/issues.md
	docs/en/reference/uploadfield.md
	forms/HtmlEditorField.php
	i18n/i18n.php
	javascript/HtmlEditorField.js
	model/DB.php
	model/Image.php
	model/SQLQuery.php
2014-08-14 09:08:26 +12:00
Marcus Nyeholt
b273f3b524 API Updated aspect proxy service
- Updated AspectProxyService to handle multiple handlers for each proxied
  object's methods.
- Changed BeforeCallAspect to allow for providing a return value that
  should be returned to the caller instead of the proxied return value
- Changed AfterCallAspect behaviour to allow for returning the value of
  the aspect to the caller instead of the proxied return value
2014-08-06 13:48:26 +10:00
Damian Mooyman
a89dbd29e1 Revert #3345 #3323 2014-07-31 17:05:57 +12:00
Daniel Hensby
419f308544 FIX Handle empty URLs that are made absolute
When the email sender makes the links absolute, it can't handle empty `href` or `src` attributes as there's no expectation that the string length could be 0
2014-07-25 13:09:47 +01:00
Damian Mooyman
0433ba1642 BUG Revert some changes to ManyManyList
BUG Fix incompatibility in Member_GroupList
Fix regressions in merges from 3.1
BUG Fix Security failing on test classes
BUG Fix postgresql compatibility
Clarify sql encoding of table names
2014-07-23 12:38:41 +12:00
Simon Welsh
c14d58f585 Merge branch '3.1'
Conflicts:
	.travis.yml
	model/ManyManyList.php
	model/fieldtypes/DBField.php
2014-07-16 21:24:02 +10:00
Damian Mooyman
d8e9af8af8 API New Database abstraction layer. Ticket #7429
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Damian Mooyman
d3c7e41419 BUG using isDev or isTest query string no longer triggers basic auth 2014-07-02 11:51:51 +12:00
Sean Harvey
0ee3a683a5 Better support for overloading start and destroy methods in Session
Move functionality from static start and destroy functions into instance
methods, allowing these to be overloaded. This works the same way as
calling Session::set() which then in turn calls inst_set()

Additionally use Injector to create the default Session instance to
allow the class to be swapped out.
2014-06-20 10:35:53 +12:00
Ingo Schommer
bb03f6ba2f Merge remote-tracking branch 'origin/3.1'
Conflicts:
	forms/HtmlEditorField.php
2014-06-15 22:50:20 +12:00
Damian Mooyman
d516063db7 BUG fix dependency injection stumbling over ViewableData's __isset 2014-06-12 10:08:59 +12:00
Ingo Schommer
ec325a3c7f API Fix HTTPS proxy header detection
Didn't use the de facto standard HTTP_X_FORWARDED_PROTO or the less standard HTTP_FRONT_END_HTTPS.
Removed the 'X-Forwarded-Proto', since PHP should prefix/underscore all HTTP headers before it hits $_SERVER.

References:
- https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
- https://drupal.org/node/1859252
- https://drupal.org/node/313145
- http://scottwb.com/blog/2013/02/06/always-on-https-with-rails-behind-an-elb/
2014-05-22 18:34:15 +12:00
Damian Mooyman
ec578e5c8a Merge remote-tracking branch 'origin/3.1' 2014-05-12 11:32:22 +12:00
Ingo Schommer
6d3f7887a6 Merge pull request #3018 from willmorgan/patch-3
FIX change action variable source to getViewer
2014-05-07 08:38:33 +12:00
Damian Mooyman
ae573f829f BUG Fix Versioned stage not persisting in Session. Fixes #962
BUG Disabled disruptive test case in DirectorTest
API RequestProcessor and VersionedRequestFilter now both correctly implement RequestFilter
Better PHPDoc on RequestFilter and implementations
2014-05-06 14:11:44 +12:00
Hamish Friedlander
bbd7bba11f Merge pull request #3058 from tractorcow/pulls/injector-stack-tests
API Injector supports nesting
2014-05-06 11:35:32 +12:00
Damian Mooyman
e9c3ff933f Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
	composer.json
2014-05-06 10:22:09 +12:00
Damian Mooyman
d06d5c113b API Injector supports nesting
BUG Resolve issue with DirectorTest breaking RequestProcessor
Injector::nest and Injector::unnest are introduced to better support sandboxing of testings.
Injector and Config ::nest and ::unnest support chaining
Test cases for both Injector::nest and Config::nest
2014-04-29 08:59:33 +12:00
Damian Mooyman
5e9ae578c3 BUG Fix edge case IE8 / dev / ssl / download file crash
Prevents issue at http://support.microsoft.com/kb/323308 appearing on dev
2014-04-28 09:17:35 +12:00
Damian Mooyman
982ad569b9 Merge remote-tracking branch 'origin/3.1' 2014-04-22 12:09:51 +12:00
Damian Mooyman
a6017a0506 API HTTP 429 Allowed for use with rate limiting methods 2014-04-17 16:35:09 +12:00
Will Morgan
438fe02116 FIX change action variable source to getViewer
Previously we were using the request to get the action parameter. However for custom URL structures and nested controllers, this won't work and causes template selection to break.
2014-04-08 12:55:57 +01:00
Damian Mooyman
d8836fd488 Merge remote-tracking branch 'origin/3.0' into 3.1 2014-04-08 17:10:07 +12:00
Simon Welsh
2566795b59 Merge branch '3.1'
Conflicts:
	view/SSViewer.php
2014-03-30 19:39:18 +13:00
Simon Welsh
c59cf624df Merge branch '3.0' into 3.1 2014-03-30 18:32:54 +13:00
Simon Welsh
241583858a Correct line length 2014-03-30 18:32:40 +13:00
Simon Welsh
fe8dc50ffc Merge branch '3.1'
Conflicts:
	tests/view/SSViewerTest.php
2014-03-30 18:17:24 +13:00
Simon Welsh
f9c44e4ceb Merge branch '3.0' into 3.1
Conflicts:
	model/Versioned.php
	view/SSTemplateParser.php
	view/SSViewer.php
2014-03-30 18:15:12 +13:00
Damian Mooyman
f8e3bbe3ae BUG Fix encoding of JS redirection script 2014-03-27 14:35:14 +13:00
Simon Welsh
ff9d40a60d FIX Escape the redirect URL before outputting
Signed-off-by: Stephen Shkardoon <stephen@silverstripe.com>
2014-03-19 21:34:49 +13:00
Simon Welsh
8f31352039 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
2014-03-16 09:36:48 +13:00
Simon Welsh
6e7195bac5 Merge pull request #2923 from IgorNadj/patch-1
updating comments for HTTPRequest - immutability
2014-03-15 21:48:20 +13:00
Simon Welsh
d1befdd37c Merge pull request #2901 from dhensby/director-test
Making Director::test() ignore URL Anchors
2014-03-15 00:09:06 +13:00
Simon Welsh
d431e98ecf Merge branch '3.1'
Conflicts:
	forms/Form.php
	forms/FormField.php
	security/Member.php
	security/MemberLoginForm.php
2014-03-10 22:58:49 +13:00
Damian Mooyman
0cbad41d3b Rewrote usages of error suppression operator 2014-03-05 15:48:55 +13:00
Damian Mooyman
6d5d3d8cb7 Rewrote usages of error suppression operator 2014-03-05 14:22:19 +13:00
Igor
7f39fb50a6 updating comments for HTTPRequest - immutability
SS_HTTPRequest can be read like an array, e.g. echo $request['a'], but cannot be written like an array, e.g. $request['a'] = 5; Added comment to caution people.

See line 375:
==================================================================
	/**
	 * @ignore
	 */
	public function offsetSet($offset, $value) {}
	
	/**
	 * @ignore
	 */
	public function offsetUnset($offset) {}
==================================================================

Might be good to write something about how you are supposed to modify a request, or what you are supposed to do instead (a redirect?).
2014-03-05 13:21:54 +13:00
Daniel Hensby
5e6c1b902b Making Director::test() ignore URL Anchors
Anchors should never make it to the server when they are in the browser URL bar, however tests are slightly different and some `Link()` functions may return a URL anchor. Instead of every test checking a link and stripping the anchor, I feel the Director::test() function should strip them off.
2014-02-26 12:04:47 +00:00
Ingo Schommer
d8361f9d3f Merge remote-tracking branch 'origin/3.1' 2014-02-18 22:06:59 +13:00
Stig Lindqvist
0077e25352 BUG: Director::test() don't respect port settings in $_FILE_TO_URL_MAPPING
Director::test() don't set the HTTP_HOST with the port number if that has been set.
Later call to Director::makeRelative() will return wrong value because of the strict string matching
(http://localhost/ != http://localhost:8000)

This bug affects all modules that are using Director::test in CLI where the $_FILE_TO_URL_MAPPING
have been set to use a domain with a port in it, i.e. static publishers.
2014-02-17 11:54:10 +13:00
Sean Harvey
9048eab4a2 Merge branch '3.1' 2014-02-12 11:06:54 +13:00
Ingo Schommer
71f6f8afc9 Injector updateSpec() instanciation (fixes #2829) 2014-02-07 17:00:27 +13:00
Ingo Schommer
4af9143d3b Merge remote-tracking branch 'origin/3.1'
Conflicts:
	docs/en/misc/contributing/code.md
2014-02-07 16:43:22 +13:00
Ingo Schommer
457ec9446b Merge pull request #2700 from ajshort/injector-factory
Injector Factory
2014-02-03 16:50:15 -08:00
Ingo Schommer
0d7e9a9692 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	_config/routes.yml
	docs/en/topics/datamodel.md
	forms/DropdownField.php
2014-02-04 08:19:04 +13:00