Commit Graph

3111 Commits

Author SHA1 Message Date
Damian Mooyman
c30111eee3 Better encoding of javascript
Fixes #2988
2014-07-07 09:01:53 +12:00
Damian Mooyman
d3c7e41419 BUG using isDev or isTest query string no longer triggers basic auth 2014-07-02 11:51:51 +12:00
Damian Mooyman
ef03dfdd5b Merge remote-tracking branch 'origin/3.1' 2014-06-17 18:17:24 +12:00
Loz Calver
3d71a22a98 FIX: ClassManifest errors if files contain duplicate class names (fixes #3210) 2014-06-16 22:18:18 +01:00
Ingo Schommer
bb03f6ba2f Merge remote-tracking branch 'origin/3.1'
Conflicts:
	forms/HtmlEditorField.php
2014-06-15 22:50:20 +12:00
Ingo Schommer
ec325a3c7f API Fix HTTPS proxy header detection
Didn't use the de facto standard HTTP_X_FORWARDED_PROTO or the less standard HTTP_FRONT_END_HTTPS.
Removed the 'X-Forwarded-Proto', since PHP should prefix/underscore all HTTP headers before it hits $_SERVER.

References:
- https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
- https://drupal.org/node/1859252
- https://drupal.org/node/313145
- http://scottwb.com/blog/2013/02/06/always-on-https-with-rails-behind-an-elb/
2014-05-22 18:34:15 +12:00
Damian Mooyman
ec578e5c8a Merge remote-tracking branch 'origin/3.1' 2014-05-12 11:32:22 +12:00
Ingo Schommer
a05d8113af Merge pull request #3103 from simonwelsh/configstatic_nextstring
Adds to nextString() method to ConfigStaticManifest
2014-05-09 16:08:19 +12:00
Simon Welsh
3602ce2db8 Adds to nextString() method to ConfigStaticManifest
This is used to get the classname out of the tokens, rather than assuming that
the class name is a single T_STRING.
2014-05-06 15:35:37 +10:00
Will Morgan
9cbfd14d9d FIX TemplateManifest prevent cache collision 2014-05-02 17:57:28 +01:00
Damian Mooyman
d06d5c113b API Injector supports nesting
BUG Resolve issue with DirectorTest breaking RequestProcessor
Injector::nest and Injector::unnest are introduced to better support sandboxing of testings.
Injector and Config ::nest and ::unnest support chaining
Test cases for both Injector::nest and Config::nest
2014-04-29 08:59:33 +12:00
Simon Welsh
1d5706f15c Correct line length and indentation 2014-03-30 21:11:56 +13:00
Simon Welsh
dde90dc346 Correct line length and endings 2014-03-30 19:51:38 +13:00
Simon Welsh
2566795b59 Merge branch '3.1'
Conflicts:
	view/SSViewer.php
2014-03-30 19:39:18 +13:00
Simon Welsh
ac1546eb97 Correct line length and indentation 2014-03-30 19:37:54 +13:00
Simon Welsh
fe8dc50ffc Merge branch '3.1'
Conflicts:
	tests/view/SSViewerTest.php
2014-03-30 18:17:24 +13:00
Ingo Schommer
023641e263 Merge pull request #2776 from ryanwachtl/fix-get-candidate-template
FIX Overriding of theme templates in project folder
2014-03-25 23:08:36 +13:00
Sam Minnee
346d3edb37 Merge branch '3.1' 2014-02-13 17:58:30 +13:00
Ingo Schommer
5e29249593 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	search/filters/PartialMatchFilter.php
2014-02-12 15:18:27 +13:00
Ingo Schommer
4af9143d3b Merge remote-tracking branch 'origin/3.1'
Conflicts:
	docs/en/misc/contributing/code.md
2014-02-07 16:43:22 +13:00
Nik Rolls
d1c68e6020 Fix autocompletion on ::create and ::strong_create
This ties in with IDEs that can autocomplete the LSB class when you @return static.
2014-02-04 15:36:24 +13:00
Ingo Schommer
457ec9446b Merge pull request #2700 from ajshort/injector-factory
Injector Factory
2014-02-03 16:50:15 -08:00
Simon Welsh
ed4d32581d $manifest needs to be global for Deprecation. 2014-02-04 12:26:28 +13:00
Ingo Schommer
0d7e9a9692 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	_config/routes.yml
	docs/en/topics/datamodel.md
	forms/DropdownField.php
2014-02-04 08:19:04 +13:00
Andrew Short
4ac5a749b0 Register config as a service. 2014-02-03 11:30:39 +11:00
Simon Erkelens
412cbbccc8 Don't show next for anything above TotalPages
Bots often have the habit of trying a next page, even if there isn't one.
Thus, using CurrentPage < TotalPages, prevents from unwanted next-links being shown.
2014-02-02 21:13:48 +01:00
Ingo Schommer
ab070944d5 Merge branch 'pulls/apidocs-package-list' of https://github.com/madmatt/silverstripe-framework into madmatt-pulls/apidocs-package-list
Conflicts:
	view/SSTemplateParser.php
	view/SSTemplateParser.php.inc
2014-01-31 15:15:59 +13:00
Ryan Wachtl
5f87d344f1 FIX Overriding of theme templates in project folder
Fixes issue of templates not being found when a Page's main/Layout templates are split between the project and theme folders. Adds more expansive testing for template loading.
2014-01-14 15:05:24 -06:00
Andrew Short
b7b041b435 FIX: Only unregister the relevant class when adding an extension.
This fixes an issue where the Config instance could not be injected, as
it would be immediately cleared.
2013-12-01 22:25:19 +11:00
madmatt
bebe0f6e37 Updating @package and @subpackage doc tags 2013-11-29 17:49:30 +13:00
Daniel Hensby
be4ff501f7 Making ConfigStaticManifest::parseStatic error more meaningful
The error thrown by `parseStatic` when there's an unexpected token is now more meaningful as it states the type of token that was encountered as well as the class that it was found in.
2013-11-13 10:49:55 +00:00
Andrew Short
bedf292612 Merge branch '3.1'
Conflicts:
	docs/en/reference/execution-pipeline.md
	lang/nl.yml
2013-11-11 18:18:25 +11:00
Hamish Friedlander
e161439340 Merge pull request #2470 from sunnysideup/patch-19
more meaningful error message in ConfigStaticManifest.php (depth < 0)
2013-11-04 17:58:10 -08:00
Sean Harvey
07b15db3eb Allow ASSETS_PATH to be overridden like ASSETS_PATH (via jthomerson) 2013-11-01 11:27:03 +13:00
Will Morgan
ceab35a0be Strict type check for null cache values
Previously, generated cache results that returned 0, '', array() etc
were being ignored. This change narrows it down to just false.

Ideally we would use a EmptyCacheHit object to be very specific for
these cases, but perhaps this approach is a bit overkill.
2013-10-24 18:01:20 +01:00
Ingo Schommer
b56ca812dc Merge remote-tracking branch 'origin/3.1'
Conflicts:
	tests/security/MemberTest.php
2013-10-23 14:53:29 +02:00
Will Morgan
18cb8d721c Making cacheToFile key more resilient against mixed/nested types 2013-10-17 17:36:07 +01:00
Craig Lyons
27b139bc75 Add backwards compatibility for has_extension 2013-10-11 10:18:00 -04:00
Damian Mooyman
f67b549b77 BUG Fixed cross-platform issues with test cases and file utilities 2013-10-04 13:54:33 +13:00
Damian Mooyman
4b850fb41c BUG Fixed cross-platform issues with test cases and file utilities 2013-10-03 14:49:18 +13:00
Damian Mooyman
fb5bb646fe BUG Fixed cross-platform issues with test cases and file utilities 2013-10-02 17:31:06 +13:00
Nicolaas
5af97aa885 more meaningful error message in ConfigStaticManifest.php (depth < 0)
Changed error from: Fatal error: Hmm - depth calc wrong, hit negatives in /var/www/tangoio.maori.nz/framework/core/manifest/ConfigStaticManifest.php on line 242 

... to .... 


Fatal error: Hmm - depth calc wrong, hit negatives, see: /var/www/mysite.maori.nz/mymodule/code/MyClass.php in /var/www/mysite.maori.nz/framework/core/manifest/ConfigStaticManifest.php on line 240

The first error is completely meaningless and impossible to debug...
2013-09-30 16:02:11 -10:00
Ingo Schommer
455e550d9a Merge remote-tracking branch 'origin/3.1'
Conflicts:
	docs/en/topics/testing/create-silverstripe-test.md
	forms/Form.php
	i18n/i18n.php
	model/Image.php
2013-09-27 19:22:14 +02:00
Ingo Schommer
07db2e1fd1 Only allow positive start values in PaginatedList
Otherwise the ORM query will fail.
2013-08-28 17:34:40 +02:00
Ingo Schommer
a4c6ae3e90 Merge remote-tracking branch 'origin/3.1' 2013-08-22 13:56:33 +02:00
Ingo Schommer
a592c36adf Merge remote-tracking branch 'origin/3.0' into 3.1.0
Conflicts:
	docs/en/changelogs/index.md
2013-08-20 20:49:01 +02:00
Hamish Friedlander
4a7aef0e25 FIX Double slashes in ParameterConfirmationToken 2013-08-19 11:35:34 +12:00
Ingo Schommer
2a35f2f928 Merge remote-tracking branch 'origin/3.1' 2013-08-07 17:34:11 +02:00
Hamish Friedlander
2110493466 Merge branch '3.0' into 3.1 2013-08-07 09:43:52 +12:00
Hamish Friedlander
5f9387c42c FIX Constants magic_quotes handling needs function from Core 2013-08-05 14:58:44 +12:00
Hamish Friedlander
041466fe02 FIX Token redirect where in IIS a / needs adding between host & url 2013-08-05 09:15:11 +12:00
Hamish Friedlander
342058742c FIX Flush on memory exhaustion and headers sent 2013-08-02 09:41:16 +12:00
Hamish Friedlander
d44024b1cf Merge branch 'origin/3.1' 2013-07-24 13:29:55 +12:00
Hamish Friedlander
541436feb0 Merge branch 'origin/3.0' into 3.1 2013-07-24 12:09:44 +12:00
Hamish Friedlander
a1ea905ca8 FIX Nice errors and allows flush on module removal 2013-07-24 09:57:01 +12:00
Hamish Friedlander
84011aa736 FIX Only suppress fatal errors 2013-07-22 14:48:16 +12:00
Hamish Friedlander
604d9bf7dc Split Core.php into Constants.php and Core.php and adjust main.php startup
The recent flush filter fix had a problem that you couldnt set a custom
BASE_PATH in _ss_environment because that file didnt get included until
after checking the confirmation token. This patch pulls the part of Core.php
that defines BASE_PATH into a seperate file that can be included earlier
in the startup sequence so that ParameterConfirmationToken can access it.

Core.php includes Constants.php with a require_once call, so for startup
scripts that dont pull in Constants.php themselves (like cli-script.php)
no change is needed.
2013-07-22 13:52:00 +12:00
Hamish Friedlander
0a79ac3592 Merge branch 'origin/3.1'
Conflicts:
	templates/forms/CheckboxSetField.ss
	templates/forms/FormField_holder.ss
	templates/forms/OptionsetField.ss
2013-07-19 16:25:38 +12:00
Hamish Friedlander
bed25a7a79 Merge branch 'origin/3.0' into 3.1 2013-07-19 15:51:54 +12:00
Hamish Friedlander
a312cd08e1 FIX: Ignore invalid tokens instead of throwing 403 2013-07-19 14:47:05 +12:00
Hamish Friedlander
036c36a7dd FIX: Have ParameterConfirmationToken work regardless of include path 2013-07-19 14:33:56 +12:00
Hamish Friedlander
d38bd7d5cb Merge branch 'origin/3.0' into 3.1 2013-07-19 14:18:49 +12:00
Hamish Friedlander
1298d4a5bd FIX Prevent DOS by checking for env and admin on ?flush=1 (#1692) 2013-07-19 12:24:32 +12:00
Andrew Short
8a62593754 Merge branch '3.1' 2013-07-10 18:27:19 +10:00
Cam Spiers
b44641336b FIX ConfigManifest regenerating every request if variantKeySpec is an empty array() 2013-07-10 11:53:44 +12:00
Andrew Short
bfdf14fafa Merge branch '3.1' 2013-07-09 13:42:32 +10:00
Cam Spiers
2d30592f72 Improve memory performance when generating config static and class caches 2013-07-08 21:24:14 +12:00
Cam Spiers
0aeb2293bb Allow module directories to be named with more valid characters ensuring that module names in fragment meta-data are correct.
Unit tests for ConfigManifest reference path parsing
2013-07-06 14:16:59 +12:00
Simon Welsh
fbce9fd7cd Merge branch '3.1'
Conflicts:
	.travis.yml
	docs/en/misc/contributing/code.md
	javascript/HtmlEditorField.js
2013-07-05 10:22:58 +12:00
Simon Welsh
9deb11f9a0 Use preg_replace_callback over preg_replace with e modifier 2013-07-05 09:08:58 +12:00
Hamish Friedlander
5484283a25 FIX changing environment in config.php changes matched yaml rules 2013-07-02 13:21:27 +12:00
Hamish Friedlander
e74c002647 FIX Only and Except rules in Configs not working 2013-07-01 15:47:37 +12:00
Hamish Friedlander
03aa9e4b41 FIX ConfigManifest caching to not use existing cache from wrong $base 2013-06-28 11:25:14 +12:00
Simon Welsh
e55be50783 FIX: ConfigStaticManifest not handling multipart namespaces
Fixes #2126
2013-06-26 16:01:55 +12:00
micmania1
49835c3bb1 Updated calls to methods instead of firect properties in PaginatedList 2013-06-23 13:20:38 +01:00
Ingo Schommer
94b4237372 Merge remote-tracking branch 'origin/3.1' 2013-06-19 11:17:33 +02:00
Ingo Schommer
690f1c1570 BUG Manually require SS_DAG in Core.php
Avoids errors when manifest needs to be built,
e.g. after faulty test runs. SS_DAG is depended on by ConfigManifest.
2013-06-18 23:00:32 +02:00
Ingo Schommer
5a1d476e8d Merge branch 'idvalidattr' of git://github.com/wilr/sapphire into wilr-idvalidattr 2013-05-31 19:27:19 +02:00
Will Rossiter
736bde8fe5 FEATURE Add Convert::raw2htmlid() 2013-05-26 11:11:53 +12:00
Jeremy Thomerson
071d5b6fa0 FIX: error message doesn't always include class name
When a method was not found on UnsavedRelationList I was getting the following error:
Object->__call(): the method 'nameOfMethod' does not exist on ''
(nameOfMethod has been replaced here since it was a method I added via an extension)
2013-05-25 14:43:40 +12:00
Stephen Shkardoon
aa3699ff0a Deprecate magic_quotes and fix bad install opts
Change the in_array call to not do bad things with strict casting off
Add a deprecated message if you run with magic_quotes on
Change the requirement for magic_quotes to an error
2013-05-25 12:42:52 +12:00
Daniel Hensby
bc9567c9ef FIX Environment file finder logic
Fixing the logic that searches for environment files so that warnings
due to open_basedir are suppressed and both the 'realdir' and the server
path are spidered for the environment file.
2013-05-22 14:35:33 +01:00
Will Rossiter
ddcfcf7bed Update @package, @subpackage labels
Cleanup of framework's use of @package and @subpackage labels and additional of labels for classes missing packages.

Moved all GridField related components to the one name.

Countless spelling fixes, grammar for other comments.

Link ClassName references in file headers.
2013-05-21 22:24:41 +12:00
Damian Mooyman
6e0e3564e1 NEW Added beforeExtending, afterExtending, and beforeUpdateCMSFields to allow user code better control over interaction with extending methods 2013-05-16 10:34:45 +12:00
Sam Minnee
b401d39aec NEW: Move temp data into a user-specific subfolder, to stop temp-permission bugs from occurring.
Anyone who has run "sudo -u www-data ./framework/sake dev/build" knows that SilverStripe's temp
folder permissions can be very brittle.  This patch resolves this by making the temp folder
user-specific.

To minimise directory pollution it first creates a chmod 777 parent folder with the same name
as the current folder.  It then creates a subfolder of this with the same name as the current
user.

The positive impact of this change is that sake can be used without fear of messing up file
permissions.  This means, among other things, that we can put a Composer post-update-cmd into
the installer to run dev/build.  Progress!

The negative impact is that you will get two caches if you run sake as a different user.  However,
that is much better than the current situation - which is a bunch of bugs - and if you're concerned
about that, you still have the option of running sake as www-data.
2013-05-15 12:54:55 +02:00
Daniel Hensby
9a6a6ec75d Arbitrary placement of _ss_environment.php in parent folders
Removes hardcoding to three levels
2013-05-14 13:39:43 +02:00
Will Rossiter
718108969b API: Add ArrayLib::flatten($array, $preserveKeys) 2013-05-11 00:00:31 +12:00
Will Rossiter
7a9f142c97 FIX: ensure config variables exist 2013-05-08 21:36:49 +12:00
Loz Calver
429ac17a0f NEW Allow setting of ASSETS_DIR in _ss_environment.php 2013-05-07 10:06:34 +02:00
Simon Welsh
835aefbe83 FIX Handle PHP 5.4's short array notation everywhere arrays are parsed. 2013-05-05 13:27:42 +12:00
Ingo Schommer
5efae23cb2 FIX Template discovery on themed Layout templates
Was failing when 'main' template only exists in theme,
but 'Layout' template only exists in module.
2013-04-30 15:41:26 +02:00
Loz Calver
0384369acb FIX: _config/ directories are now correctly detected as modules (fixes #1762)
DO NOT MERGE: to be reviewed. Only i18n & Deprecation classes use
->getModules() as far as I can see. Given that the method still simply
returns an array of modulename => modulepath, I don't think it's really
an API change
2013-04-18 14:08:03 +01:00
Ingo Schommer
ae09301c8c Revert deprecation of Object::add_extension() usage
This reverts commit 14b997eea3.
Its just not practical to use the Config API as it stands,
the add_extension() wrapper does more than just a Config->update().

Most use cases can be covered via YML, but any conditional
additions (e.g. in unit tests) can still benefit from the
add_extensions() shorthand.
2013-04-11 11:40:53 +02:00
Ingo Schommer
14b997eea3 API Deprecated Object::add_extension() usage (as of 3.2) 2013-04-09 15:00:34 +02:00
Ingo Schommer
1cfc159f1a Un-deprecated Object::add_extension() non-LSB usage (fixes #1710)
Its usage is too common to force-remove it just for a shortcut.
We still recommend adding extensions through YAML of course.
2013-04-09 14:56:26 +02:00
Will Rossiter
1427a0637b FIX: remove_extension should work on parameterized extensions 2013-04-06 19:29:03 +13:00
Ingo Schommer
ebca1a64ed Merge pull request #1299 from silverstripe/user-specific-temp-folder
NEW: Move temp data into a user-specific subfolder, to stop temp-permission bugs from occurring.
2013-04-02 02:44:53 -07:00
Ingo Schommer
a415db91d4 FIX Clone Config_LRU incl. objects in array
Caused key confusions when using Config::nest()/unnest()
2013-03-26 12:47:52 +01:00
Hamish Friedlander
600d9cff53 API Make Object::config use late static binding
Can now be used in instance scope, like:
  $this->config()->db
and in static scope, like:
  Page::config()->db
2013-03-26 00:37:47 +01:00
Ingo Schommer
4ea98ae440 Removed Object::*_extension() non-LSB deprecation
Its just a simplication, and unnecessarily complicates
module compatibilities.
2013-03-26 00:31:25 +01:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
69ae1f338f FIX Clean cache on Config->remove() 2013-03-24 17:20:36 +01:00
Ingo Schommer
bb52f2a214 FIX Allow FALSE in Config API, call remove() will NULL key on update() 2013-03-24 17:20:36 +01:00
Sam Minnee
5779097939 NEW: Move temp data into a user-specific subfolder, to stop temp-permission bugs from occurring.
Anyone who has run "sudo -u www-data ./framework/sake dev/build" knows that SilverStripe's temp
folder permissions can be very brittle.  This patch resolves this by making the temp folder
user-specific.

To minimise directory pollution it first creates a chmod 777 parent folder with the same name
as the current folder.  It then creates a subfolder of this with the same name as the current
user.

The positive impact of this change is that sake can be used without fear of messing up file
permissions.  This means, among other things, that we can put a Composer post-update-cmd into
the installer to run dev/build.  Progress!

The negative impact is that you will get two caches if you run sake as a different user.  However,
that is much better than the current situation - which is a bunch of bugs - and if you're concerned
about that, you still have the option of running sake as www-data.
2013-03-24 18:39:50 +13:00
Ingo Schommer
bfab74ac6e Merge pull request #1321 from silverstripe-rebelalliance/feature/config
FIX ConfigStaticManifest persisting access level after parsing a static
2013-03-22 02:25:54 -07:00
Sean Harvey
9f35b13b48 Merge pull request #1322 from ajshort/pulls/class-spec-parsing
FIX Incorrect parsing of T_STRING values in class spec parsing
2013-03-21 21:20:35 -07:00
Andrew Short
d3e4863f52 FIX Incorrect parsing of T_STRING values in class spec parsing
* Due to missing break, the T_STRING case would fall through to array.
* The values were being added to the wrong variable.
* Added missing support for missing null values.
2013-03-22 14:37:55 +11:00
Hamish Friedlander
47edbfe8fc FIX ConfigStaticManifest persisting access level after parsing a static 2013-03-22 14:26:48 +13:00
Ingo Schommer
81a51331d6 IX Load _config.php's after static config manifest
This allows more sophisticated handling of config alterations
in _config.php. One example is additions to DataObject::$db
based on configuration which requires some processing.

See https://github.com/unclecheese/TranslatableDataObject/blob/master/TranslatableDataObject.php
2013-03-21 00:16:36 +01:00
Ingo Schommer
eb9a8d6e6e Require Config.php in core to avoid fatal errors when building manifest 2013-03-20 14:45:43 +01:00
Ingo Schommer
06ff9f72b1 Increased recent deprecation warnings from 3.1 to 3.2
The deprecations are supposed to denote the release where
the functionality will be removed, as opposed to the one where
its deprecated. Having 3.1 as a target for recent changes
in popular methods like Object::add_extension() causes
too many short-term hassles, there's no "grace period".
2013-03-20 10:00:51 +01:00
Andrew Short
b8a51c3792 Merge branch '3.0' into 3.1 2013-03-19 22:27:09 +11:00
Ingo Schommer
8629985115 Mark private static deprecation notice for 3.2
Its too intrusive for 3.1 at the moment
2013-03-19 10:39:11 +01:00
Stephen Shkardoon
9ac104b8c7 BUG $_COOKIES is not un-magic_quotes'd
Added stripslashes_recursively to $_COOKIE (fixes #6309)
2013-03-19 22:13:07 +13:00
Hamish Friedlander
3543a93623 FIX SplFixedArray causes segfaults in old versions of PHP 2013-03-18 10:22:11 +13:00
Ingo Schommer
e0be520fef Require config manifests in Core.php to avoid upgrading issues
They need to be present for the autoloader to rebuild
the manifest in the first place.
2013-03-14 11:40:00 +01:00
Ingo Schommer
321f2e43bd Merge pull request #1287 from silverstripe-rebelalliance/feature/config
Don't use Zend_Cache in manifests
2013-03-14 11:37:01 +01:00
Hamish Friedlander
252e6bce28 FIX Make multiple TemplateManifests not corrupt each other 2013-03-14 12:49:03 +13:00
Hamish Friedlander
168f071499 API Make HTMLValue replace-able via DI
Extracted common code out to SS_HTMLValue and made abstract, then
put HTML 4 specific code in SS_HTML4Value. Its now possible to
replace HTMLValue with one designed for HTML 5 or XHTML

Requires a code change from new SS_HTMLValue to
Injector::inst()->create(HTMLValue)
2013-03-14 12:49:02 +13:00
Hamish Friedlander
beafcf38db Don't use Zend_Cache in manifests
The overhead of Zend_Cache in manifests is too high - we don't
need LRU or tags, just somewhere to dump a bunch of data that
persists

You can replace the class used by defining SS_MANIFESTCACHE
to be a class that implements the ManifestCache interface
(we can't use the Config system to set this, as it isn't
initialised yet).
2013-03-14 12:07:07 +13:00
Hamish Friedlander
d8a1df4312 Further secure eval call in ConfigStaticManifest
It shouldnt be possible to get ConfigStaticManifest to parse
a user uploaded file, and if you could it shouldnt be possible
to form PHP that token_get_all could parse which would end
up executing any code.

However just in case it is, this changes the eval to assign to a
static, so the eval will give a syntax error if an attacker
manages to make $value look like `ls` or some other expression
2013-03-13 12:42:48 +13:00
Hamish Friedlander
53595dc930 FIX Parsing docblock comments in ConfigStaticManifest 2013-03-13 11:59:49 +13:00
Hamish Friedlander
60b72edfba FIX Parsing heredoc, nowdoc & comments in ConfigStaticManifest 2013-03-13 11:26:49 +13:00
Hamish Friedlander
e6352dffbb FIX Static polution with informational fields 2013-03-12 17:14:12 +13:00
Hamish Friedlander
7f58730904 FIX Avoid get_parent_class in ConfigStaticManifest (was loading all classes) 2013-03-12 16:52:11 +13:00
Hamish Friedlander
943b5cf3a4 Remove debug message, any still unexpected token is an error 2013-03-12 15:40:12 +13:00
Hamish Friedlander
a6f1a200b6 Some micro-optimisations for Config 2013-03-04 09:25:23 +13:00
Hamish Friedlander
024a0b90a9 Add ability to create temporary Config copies 2013-02-28 09:43:33 +13:00
Hamish Friedlander
6b986cb17d Extract statics via code analysis rather than introspection 2013-02-28 09:43:33 +13:00
Hamish Friedlander
c98621977c Cache the merged version of any Config value in an in-mem LRU cache 2013-02-28 09:43:33 +13:00
Hamish Friedlander
904fd2d5dc API Make Object::config use late static binding
Can now be used in instance scope, like:
  $this->config()->db
and in static scope, like:
  Page::config()->db
2013-02-27 15:13:59 +13:00
Robert Curry
cc1a5824f2 Fix deprecated use of has_extension 2013-02-07 14:30:46 +13:00
Daniel Hensby
be78098065 Arbitrary placement of _ss_environment.php in parent folders
Removes hardcoding to three levels
2013-01-21 22:33:54 +01:00
Ingo Schommer
c11b3918fc Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/css/screen.css
	admin/scss/_style.scss
	core/PaginatedList.php
	email/Mailer.php
2013-01-21 11:14:57 +01:00
Jeremy Thomerson
a70df3e472 BUG PaginatedList deprecated method was calling non-existent method 2013-01-15 13:25:16 -06:00
Simon Welsh
c56a80d6ce Use preg_replace_callback over preg_replace with e modifier 2012-12-20 13:40:42 +13:00
Simon Welsh
94be5c6d87 FIX Handle namespaced classes in Object::parse_class_spec() 2012-12-18 15:00:45 +13:00
Simon Welsh
b0121b541c Add codesniffer that ensures indentation is with tabs. 2012-12-12 17:33:31 +13:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Will Rossiter
683db8dc1d API Explicitly load project template files after modules
Resolves an issue where if not using the themes directory (i.e just a single app folder) you cannot override module templates.
Changes the SS_TemplateManifest constructor with a new $project argument.
2012-12-04 10:47:37 +01:00
Ingo Schommer
c55c7c33f8 Merge branch '3.0'
Conflicts:
	admin/code/CMSProfileController.php
	composer.json
	tests/model/DataObjectTest.php
2012-11-22 23:51:28 +01:00
Sean Harvey
7042d87fd1 Remove deprecated Object::set_uninherited() 2012-11-16 14:34:20 +13:00
Ingo Schommer
e4d71c2a20 Add Composer autoloader
Mainly to get PHPUnit going as a composer requirement
rather than through PEAR (which is easier to set up).
2012-11-15 13:40:09 +01:00
Sean Harvey
b6870add90 Removing deprecated Core.php functions 2012-11-15 14:43:13 +13:00
Sean Harvey
b5ee9f9cbe Removing ClassInfo::is_subclass_of(), use is_subclass_of() instead 2012-11-15 14:43:13 +13:00
Sean Harvey
78311c9ca6 Remove deprecated PaginatedList::getPageLimits() and setPageLimits()
Use the individual getters on PaginatedList instead.
2012-11-15 14:43:13 +13:00
Andrew O'Neil
0c8de0a1de APICHANGE: Use late static binding for Object::has_extension() 2012-11-07 11:07:55 +13:00
Andrew O'Neil
6dd6a5c188 APICHANGE: Use late static binding for Object::remove_extension() 2012-11-07 11:07:55 +13:00
Andrew O'Neil
fdea5321c7 APICHANGE: add_extension() is now called directly on the class, instead of on Object 2012-11-07 11:07:55 +13:00
Ingo Schommer
a5fd3cf985 BUG Inspect current directory for include_path
This fixes problems where require/include calls rely
on the relative file path, e.g. in i18n.php.

Followup from https://github.com/silverstripe/sapphire/pull/904
2012-11-01 10:10:06 +01:00