Commit Graph

178 Commits

Author SHA1 Message Date
Damian Mooyman
1e612607aa Suggested improvements / test case fixes 2014-10-10 09:28:11 +13:00
Daniel Hensby
3b9056fc01 NEW Cookie_Backend for managing cookie state
I've decoupled `Cookie` from the actual act of setting and getting
cookies. Currently there are a few limitations to how Cookie works that
this change mitigates:

0. `Cookie` currently changes the super global `$_COOKIE` when setting
to make the state of an application a bit more managable, but this is
bad because we shouldn't be modifying super globals
0. One can't actually change the `$cookie_class` once the
`Cookie::$inst` has been instantiated
0. One can't test cookies as there is no class that holds the state of
the cookies (it's just held in the super global which is reset as part
of `Director::test()`
0. One can't tell the origin of a cookie (eg: did the application set it
and it needs to be sent, or did we receive it from the browser?)
0. `time()` was used, so testing was made difficult
0. There was no way to get all the cookies at once (without accessing
the super global)

Todos are on the phpdoc and I'd like to write some tests for the backend
as well as update the docs (if there are any) around cookies.
DOCS Adding `Cookie` docs

Explains basic usage of `Cookie` as well as how the `Cookie_Backend`
controls the setting and getting of cookies and manages state of sent vs
received cookies
Fixing `Cookie` usage

`Cookie` is being used inconsistently with the API throughout framework.
Either by not using `force_expiry` to expire cookies or setting them to
null and then expiring them (which is redundant).
NEW `Director::test()` takes `Cookie_Backend` rather than `array` for `$cookies` param
2014-10-06 17:44:51 +13:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Mateusz Uzdowski
8bf3853887 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	docs/en/misc/contributing/issues.md
	docs/en/reference/uploadfield.md
	forms/HtmlEditorField.php
	i18n/i18n.php
	javascript/HtmlEditorField.js
	model/DB.php
	model/Image.php
	model/SQLQuery.php
2014-08-14 09:08:26 +12:00
Damian Mooyman
a89dbd29e1 Revert #3345 #3323 2014-07-31 17:05:57 +12:00
Daniel Hensby
04e5c11ed9 TEST Empty absolute urls - tests for #3323 2014-07-30 23:22:37 +01:00
Simon Welsh
c14d58f585 Merge branch '3.1'
Conflicts:
	.travis.yml
	model/ManyManyList.php
	model/fieldtypes/DBField.php
2014-07-16 21:24:02 +10:00
Damian Mooyman
d3c7e41419 BUG using isDev or isTest query string no longer triggers basic auth 2014-07-02 11:51:51 +12:00
Sean Harvey
0ee3a683a5 Better support for overloading start and destroy methods in Session
Move functionality from static start and destroy functions into instance
methods, allowing these to be overloaded. This works the same way as
calling Session::set() which then in turn calls inst_set()

Additionally use Injector to create the default Session instance to
allow the class to be swapped out.
2014-06-20 10:35:53 +12:00
Ingo Schommer
bb03f6ba2f Merge remote-tracking branch 'origin/3.1'
Conflicts:
	forms/HtmlEditorField.php
2014-06-15 22:50:20 +12:00
Ingo Schommer
ec325a3c7f API Fix HTTPS proxy header detection
Didn't use the de facto standard HTTP_X_FORWARDED_PROTO or the less standard HTTP_FRONT_END_HTTPS.
Removed the 'X-Forwarded-Proto', since PHP should prefix/underscore all HTTP headers before it hits $_SERVER.

References:
- https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
- https://drupal.org/node/1859252
- https://drupal.org/node/313145
- http://scottwb.com/blog/2013/02/06/always-on-https-with-rails-behind-an-elb/
2014-05-22 18:34:15 +12:00
Damian Mooyman
ec578e5c8a Merge remote-tracking branch 'origin/3.1' 2014-05-12 11:32:22 +12:00
Ingo Schommer
6d3f7887a6 Merge pull request #3018 from willmorgan/patch-3
FIX change action variable source to getViewer
2014-05-07 08:38:33 +12:00
Damian Mooyman
d06d5c113b API Injector supports nesting
BUG Resolve issue with DirectorTest breaking RequestProcessor
Injector::nest and Injector::unnest are introduced to better support sandboxing of testings.
Injector and Config ::nest and ::unnest support chaining
Test cases for both Injector::nest and Config::nest
2014-04-29 08:59:33 +12:00
Damian Mooyman
1dcaf36c9b Fix merge regressions 2014-04-22 13:28:44 +12:00
Damian Mooyman
982ad569b9 Merge remote-tracking branch 'origin/3.1' 2014-04-22 12:09:51 +12:00
Will Morgan
c6797f52ea Test nested controller actions and Controller->getViewer
Adds tests and supporting classes for testing that the correct action is passed to Controller->getViewer inside Controller->handleRequest.
2014-04-16 13:34:09 +01:00
Damian Mooyman
d8836fd488 Merge remote-tracking branch 'origin/3.0' into 3.1 2014-04-08 17:10:07 +12:00
Simon Welsh
1d5706f15c Correct line length and indentation 2014-03-30 21:11:56 +13:00
Simon Welsh
dde90dc346 Correct line length and endings 2014-03-30 19:51:38 +13:00
Simon Welsh
2566795b59 Merge branch '3.1'
Conflicts:
	view/SSViewer.php
2014-03-30 19:39:18 +13:00
Simon Welsh
ac1546eb97 Correct line length and indentation 2014-03-30 19:37:54 +13:00
Daniel Hensby
5e6c1b902b Making Director::test() ignore URL Anchors
Anchors should never make it to the server when they are in the browser URL bar, however tests are slightly different and some `Link()` functions may return a URL anchor. Instead of every test checking a link and stripping the anchor, I feel the Director::test() function should strip them off.
2014-02-26 12:04:47 +00:00
Ingo Schommer
b56ca812dc Merge remote-tracking branch 'origin/3.1'
Conflicts:
	tests/security/MemberTest.php
2013-10-23 14:53:29 +02:00
Ingo Schommer
d7e10e620a Merge pull request #2537 from wilr/membervalidator
FIX: Use Injector API for managing Member_Validator instance.
2013-10-23 03:01:15 -07:00
Ingo Schommer
25b6175e67 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
	forms/FormField.php
2013-10-20 13:52:56 +02:00
Will Rossiter
813d34b15e FIX: Use Injector API for managing Member_Validator instance.
Updates the CMS profile page and SecurityAdmin to give developers a few ways to customise the required fields.

Added extension hook updateValidator for getValidator for things like modules to inject required fields to go along with Injector for replacing the entire class for project specific use.
2013-10-16 11:29:43 +13:00
Marcus Nyeholt
7bcb180f27 BUG Director::test now calls RequestProcessor
This fixes https://github.com/silverstripe/silverstripe-framework/issues/2517
and provides some testing around the use of RequestProcessor in general.
2013-10-15 07:53:34 +11:00
Ingo Schommer
c7f656cd00 API Removed "PastMember" cookie and template getter
The functionality is easy to replicate in custom controllers,
and is too rarely used to be placed in core.

This also removes the `Member::is_repeat_member()` getter
and the `PastMember`/`IsRepeatMember` template globals.

See https://groups.google.com/forum/#!topic/silverstripe-dev/b8K3wU64TXg
2013-09-27 20:06:25 +02:00
Ingo Schommer
455e550d9a Merge remote-tracking branch 'origin/3.1'
Conflicts:
	docs/en/topics/testing/create-silverstripe-test.md
	forms/Form.php
	i18n/i18n.php
	model/Image.php
2013-09-27 19:22:14 +02:00
Ingo Schommer
5b3f8bc04d Merge pull request #2435 from hafriedlander/fix/join_links_query_params
FIX Use last of duplicate query params in join_links
2013-09-20 02:27:49 -07:00
Hamish Friedlander
a8c1dd7f53 FIX Use last of duplicate query params in join_links
When using Controller::join_links to join two links with identical query
params, both query params would be used in the result, ending up with
links that look like `../edit/show/14?locale=en_NZ&locale=mi_NZ`

This patch eliminates duplicate query params, so only the last one
for any key is present in the output.
2013-09-20 11:33:03 +12:00
Ingo Schommer
a4c6ae3e90 Merge remote-tracking branch 'origin/3.1' 2013-08-22 13:56:33 +02:00
Ingo Schommer
40c239076b Merge remote-tracking branch 'origin/3.0' into 3.1.0
Conflicts:
	model/Hierarchy.php
2013-08-22 12:55:47 +02:00
Simon Welsh
c66cc952d2 Correct line length and indentation 2013-08-21 21:27:16 +12:00
Simon Welsh
151baeede1 Correct line length and indentation 2013-08-21 18:54:05 +12:00
Andrew Short
bfdf14fafa Merge branch '3.1' 2013-07-09 13:42:32 +10:00
Hamish Friedlander
2886f6ee14 FIX Session was started every time, even if no data set
Session tracks the user agent in the session, to add some detection of
stolen session IDs. However this was causing a session to always be
created, even if this request didnt store any data in the session.
2013-07-07 09:12:10 +12:00
Simon Welsh
fbce9fd7cd Merge branch '3.1'
Conflicts:
	.travis.yml
	docs/en/misc/contributing/code.md
	javascript/HtmlEditorField.js
2013-07-05 10:22:58 +12:00
Damian Mooyman
11f4b2c620 API HTTP::urlRewriter with (string)$code deprecated in 3.1. Fixed regressions and CSS urls.
urlRewriter will expect a callable as a second parameter,
but will work with the current api and simply raise a deprecation error.

HTTP::absoluteURLs now correctly rewrites urls into absolute urls. Resolves introduced in c56a80d6ce

HTTP::absoluteURLs now handles additional cases where urls were not translated.

Test cases for HTTP::absoluteURLs added for both css and attribute links.

Cleaned up replacement expression and improved documentation.
2013-07-05 09:08:58 +12:00
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Ingo Schommer
2160fb8000 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/javascript/LeftAndMain.js
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsUiContext.php
	tests/control/ControllerTest.php
2013-06-19 14:03:43 +02:00
Ingo Schommer
94b4237372 Merge remote-tracking branch 'origin/3.1' 2013-06-19 11:17:33 +02:00
Sam Minnee
526b40414a FIX: Ensure that actions inferred from templates with the "_action" suffix also respect allowed_actions.
FIX: Ensure SSViewer::hasTemplate() is aware of themes.

To do this, RequestHandler::definingClassForAction() has been created, splitting out the code that looks up the class that defines a given action into its own method.  This is then overridden in Controller to look at templates.
2013-06-19 20:11:50 +12:00
Ingo Schommer
1d402dd513 Unset test state in DirectorTest
This broke RSSFeedTest when running through 'sake'
2013-06-18 23:24:22 +02:00
Ingo Schommer
71a5615213 Test $allowed_actions on controllers with template name=action conventions 2013-06-10 12:33:30 +02:00
Ingo Schommer
88536998b9 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
2013-05-31 18:08:59 +02:00
Stephen Shkardoon
d6c2c2e07f Fixes #1892 - Stop session hijacking with UA check 2013-05-25 19:29:08 +12:00
Sam Minnee
d97ca43cd0 Merge branch '3.1'
Conflicts:
	README.md
	dev/install/install.php5
	forms/ConfirmedPasswordField.php
	tests/forms/FormTest.php
2013-05-23 19:01:58 +12:00
Jeremy Shipman
d21fd1f0bb FIX: Don't rewrite urls to be absolute, if they are a URI with a protocol.
This is determined in this fix by the existence of a colon ':', to show the uri has a protocol.
2013-05-20 11:59:04 +12:00