tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
4,808 Commits 31 Branches 527 Tags
Commit Graph

15 Commits

Author SHA1 Message Date
Ingo Schommer
0bae1826bb FIX Opt-out pf form message escaping (fixes #2796) 
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.
 2014-08-22 09:08:55 +12:00
Ingo Schommer
294f99d767 ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken() 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113284 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:59 +13:00
Ingo Schommer
e4d3584805 ENHANCEMENT Added SecurityToken to wrap CSRF protection via "SecurityID" request parameter 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113272 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:58 +13:00
Sam Minnee
63096cfefb API CHANGE: Don't generate TestOnly DataObjects in the database immediately; instead let test developers specify them in SapphireTest::$extraDataObjects. 
API CHANGE: Added SapphireTest::resetDBSchema() (from r90054)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96734 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:04 +13:00
Andrew Short
f29eceecff API CHANGE #3724: Unified the Link() method to accept an action parameter. 
From: Andrew Short <andrewjshort@gmail.com>

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@88495 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-10-11 00:07:16 +00:00
Sean Harvey
76b5adc979 Merged from branches/2.3 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75579 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-04-28 23:52:15 +00:00
Ingo Schommer
768fc5a588 BUGFIX Adjusted HeaderField and LabelField implementation to new constructor arguments (see r64421) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64422 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-10-16 13:26:50 +00:00
Ingo Schommer
cb31b1b224 ENHANCEMENT Added unit tests for form session messages and session validation, FormTest->testSessionValidationMessage() and FormTest->testSessionSuccessMessage() 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64236 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-10-14 21:37:51 +00:00
Ingo Schommer
2fbed5b2e1 BUGFIX Adjusted FormTest->testLoadDataFromObject() to new assumptions about changed behaviour on loadDataFrom() from $loadBlanks to $clearMissingFields - which means that form fields are cleared regardless if they have blank values in the passed object or not 
ENHANCEMENT Added FormTest->loadDataFromClearMissingFields() 
ENHANCEMENT Made FormTest fixtures more expressive 


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64001 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-10-09 14:40:13 +00:00
Hayden Smith
3fcb8b518c BUGFIX: Fixed $fixture_file for Ext2fs and other case-sensitive file systems. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@63768 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-10-07 21:19:19 +00:00
Ingo Schommer
f49ed3ee17 ENHANCEMENT Added unit tests for "_unchanged" handling in Form->loadDataFrom() 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@63762 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-10-07 17:44:12 +00:00
Ingo Schommer
1665fd5cf3 ENHANCEMENT Added unit tests for Form->loadDataFrom() 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@63761 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-10-07 17:23:50 +00:00
Ingo Schommer
802317c705 FEATURE Added HTTP method override support to HTTPRequest and Form (through $_POST['_method'] or $_SERVER['X-HTTP-Method-Override']), incl. unit tests 
ENHANCEMENT Added Form->FormHttpMethod()
ENHANCEMENT Added HTTPRequest->httpMethod()
ENHANCEMENT Added HTTPRequest::detect_method()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@63679 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-10-06 14:58:01 +00:00
Ingo Schommer
60860cc1b9 MINOR Unified @package PHPdoc (added where missing, removed duplicates) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@56212 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-06-15 13:33:53 +00:00
Ingo Schommer
e0f6e50c82 Merged revisions 47414 via svnmerge from 
svn://svn.silverstripe.com/silverstripe/modules/sapphire/branches/2.2.0-mesq

........
  r47414 | ischommer | 2007-12-20 18:17:40 +1300 (Thu, 20 Dec 2007) | 1 line
  
  added option to loadDataFrom() for loading values from nested arrays that PHP generated from URL-strings
........

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@52184 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-04-06 03:52:14 +00:00