Commit Graph

4724 Commits

Author SHA1 Message Date
Ingo Schommer
562eeee790 ENHANCEMENT Session::start() forces PHPSESSID cookies to be httpOnly (no access by JS) to improve clientside security
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114567 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-06 00:28:27 +00:00
Ingo Schommer
ead9dce351 MINOR Documentation in SS_Cache
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114551 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 19:46:21 +00:00
Sam Minnee
df08da0f49 MINOR: Blocking unnecessary revisions
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114550 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:46:15 +00:00
Sam Minnee
51ee52c7ab BUGFIX Using RandomGenerator class in SecurityToken->generate() for more random tokens (from r114500)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114549 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:45:42 +00:00
Sam Minnee
6de3e90527 FIX: Revert last commit (from r114464)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114548 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:45:20 +00:00
Sam Minnee
aaf56e190f FIX: Revert last commit (from r114463)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114547 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:44:37 +00:00
Sam Minnee
8638221adb MINOR: Added exception handling if ClassName is null in search results (from r114454)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114546 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:44:20 +00:00
Sam Minnee
1fc8bef1ce BUGFIX Including template /lang folders in i18n::include_by_locale() (implementation started in r113919) (from r114208)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114545 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:43:38 +00:00
Sam Minnee
b34286caab MINOR Reverted r108515 (from r114079)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114544 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:43:10 +00:00
Sam Minnee
05d6df2193 MINOR Fixed php tag in SecurityTokenTest, should be "<?php" not "<?" (from r114016)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114543 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:41:38 +00:00
Sam Minnee
312c7aec07 BUGFIX #6201 Use of set_include_path() did not always include sapphire paths in some environments (from r113976)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114542 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:40:28 +00:00
Sam Minnee
e340ccb1ad MINOR Fixed PHP strict standard where non-variables cannot be passed by reference (from r113968)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114541 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:39:31 +00:00
Sam Minnee
edc7a46d21 MINOR Fixed spaces with tabs in Core (from r113924)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114540 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:37:31 +00:00
Sam Minnee
567c0b4939 MINOR Fixed spaces with tabs for Core::getTempFolder() (from r113923)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114539 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:37:15 +00:00
Sam Minnee
68747773ae MINOR Updated cs_CZ and sk_SK translations in sapphire/javascript (fixes #6085, thanks Pike) (from r113690)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114538 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:36:57 +00:00
Sam Minnee
b7777cd67d BUGFIX ErrorPage::requireDefaultRecords() case where no assets directory causes an fopen() error. Ensure assets directory is created before attempting to write error page files (from r113590)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114537 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:36:05 +00:00
Sam Minnee
a2475141c6 MINOR Fixed output spelling mistake and formatting in SapphireTest::delete_all_temp_dbs() (from r113450)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114536 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:35:48 +00:00
Sam Minnee
400157c8bf MINOR Fixed RSSFeedTest which should put test configuration code into setUp() and tearDown() methods. If the test fails halfway through, these will get called to clean up the state (from r113430)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114535 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:35:33 +00:00
Sam Minnee
1a3897ab1a ENHANCEMENT Validation for uploaded files (from r113420)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114534 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:35:06 +00:00
Sam Minnee
c24ed58d2d BUGFIX Better checking of file validity (#6093) Thanks Pigeon (from r113419)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114533 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:34:42 +00:00
Sam Minnee
100e50c700 BUGFIX Ensure that SearchForm searchEngine() call properly escapes the Relevance field for ANSI compliance (from r113295)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114532 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:30:51 +00:00
Sam Minnee
854e0e30b4 ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken() (from r113284)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114531 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:30:32 +00:00
Sam Minnee
770281b65c BUGFIX Clear static marking caches on Hierarchy->flushCache() (from r113277)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114530 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:26:40 +00:00
Sam Minnee
38601b96f8 BUGFIX Fixed ComplexTableField and TableListField GET actions against CSRF attacks (with Form_SecurityToken->checkRequest()) (from r113276)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114529 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:26:03 +00:00
Sam Minnee
5c0b2182ae API CHANGE Added security token to TableListField->Link() in order to include it in all URL actions automatically. This ensures that field actions bypassing Form->httpSubmission() still get CSRF protection (from r113275)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114528 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:24:58 +00:00
Sam Minnee
c63b00f92a MINOR Using SecurityToken in ViewableData->getSecurityID() (from r113274)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114527 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:24:37 +00:00
Sam Minnee
3f8a0ede40 BUGFIX Using current controller for MemberTableField constructor in Group->getCMSFields() instead of passing in a wrong instance (Group) (from r113273)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114526 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:24:12 +00:00
Sam Minnee
9ec31acacb ENHANCEMENT Added SecurityToken to wrap CSRF protection via "SecurityID" request parameter (from r113272)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114525 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:22:57 +00:00
Sam Minnee
ecaa735db2 BUGFIX ModelViewer doesn't work due to minor bug introduced by making $_CLASS_MANIFEST keys lowercase (fixes #6144, thanks daniel.lindkvist) (from r113249)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114524 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:20:33 +00:00
Sam Minnee
662f581b24 BUGFIX Fixed month conversion in DateField_View_JQuery::convert_iso_to_jquery_format() (fixes #6124, thanks mbren and natmchugh) (from r113247)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114523 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:20:13 +00:00
Sam Minnee
c3fa7406ab MINOR Documentation (from r113241)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114522 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:18:58 +00:00
Sam Minnee
24f2c51fa2 BUGFIX: removed taiwans province of china (from r113193)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114521 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:17:34 +00:00
Sam Minnee
75c6c4941c BUGFIX: Use correct language code for jquery-ui date picker for en_US (from r113107)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114520 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:17:16 +00:00
Sam Minnee
e3d109763a MINOR: updated typo in comment for Cache. (from r112982)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114519 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:16:59 +00:00
Sam Minnee
fc869c1d86 MINOR: Fix to SapphireInfo for git-svn checkouts. (from r112962)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114518 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:06:29 +00:00
Ingo Schommer
3e8704c882 BUGFIX Escaping $locale values in Translatable->augmentSQL() in addition to the i18n::validate_locale() input validation
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114515 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 05:23:37 +00:00
Ingo Schommer
531fa04d7d BUGFIX Limiting usage of mcrypt_create_iv() in RandomGenerator->generateEntropy() to *nix platforms to avoid fatal errors (specically in IIS)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114510 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 04:41:49 +00:00
Ingo Schommer
50f823697c MINOR Fixed regression from r114504
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114505 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:43:10 +00:00
Ingo Schommer
a0a88af255 BUGFIX Using RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of 'RememberLoginToken' and 'AutoLoginHash' fields to 1024 characters to support longer token strings.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114504 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:39:25 +00:00
Ingo Schommer
1dddd5252d BUGFIX Using RandomGenerator class in PasswordEncryptor->salt()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114503 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:37:35 +00:00
Ingo Schommer
8b220b923a ENHANCEMENT Using RandomGenerator in Form->getExtraFields() "SecurityID" token creation
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114498 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:18:48 +00:00
Ingo Schommer
c378448f19 ENHANCEMENT Added RandomGenerator for more secure CRSF tokens etc.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114497 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:18:19 +00:00
Sam Minnee
6cec0a083e BUGFIX: Don't include web.config in the assets tracked in the File table.
MINOR: Add documentation to File::$allowed_extensions explaining that there are config files to edit in assets/ (from r112961)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114496 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:05:05 +00:00
Jean-Fabien Barrios
5dbddba41b BUGFIX File upload not working when open_basedir is set #5547
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114471 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-03 00:28:30 +00:00
Ingo Schommer
396f297acb API CHANGE Using i18n::validate_locale() in various Translatable methods to ensure the locale exists (as defined through i18n::$allowed_locales)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114470 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-03 00:28:24 +00:00
Ingo Schommer
17ac4753fd BUGFIX Check for valid locale in i18n::set_locale()/set_default_locale()/include_locale_file()/include_by_locale() (as defined in i18n::$allowed_locales). Implicitly sanitizes the data for usage in controllers.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114469 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-03 00:27:41 +00:00
Ingo Schommer
640b504ebe BUGFIX Don't allow HTML formatting in RequestHandler->httpError() by sending "Content-Type: text/plain" response headers.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114444 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-02 08:03:17 +00:00
Ingo Schommer
07b6d1870a MINOR Checking for class_exists() before SapphireTest::is_running_tests() to avoid including the whole testing framework, and triggering PHPUnit to run a performance-intensive directory traversal for coverage file blacklists
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114332 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-11-30 05:13:09 +00:00
Geoff Munn
a5fff6deab ENHANCEMENT: new schema constant supported, used by Postgres at the moment
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114184 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-11-25 03:50:11 +00:00
Ingo Schommer
16a80b3808 MINOR: Remove empty legend on search form. It should be description or no tag at all
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114141 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-11-24 06:23:53 +00:00