Commit Graph

28 Commits

Author SHA1 Message Date
Damian Mooyman
d8e9af8af8 API New Database abstraction layer. Ticket #7429
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Damian Mooyman
2e73dcb891 API Remove swf,html,htm,xhtml,xml as default allowed upload able file types 2014-04-29 11:09:30 +12:00
Damian Mooyman
997077ae83 API Security.remember_username to disable login form autocompletion 2014-04-11 09:05:25 +12:00
Ingo Schommer
1930add745 Note about SiteTree.ExtraMeta in security docs 2014-02-18 16:07:50 +13:00
sanjay
a0abeab6d5 Update secrity.md
The following line is repeated in the section "Don't allow access to .yml files "

See [Apache](/installation/webserver) and [Nginx](/installation/nginx) installation documentation for details 
specific to your web server
2013-11-29 14:45:53 +05:30
Devlin
5ea314d012 FIX PasswordValidator->characterStrength() Documentation 2013-10-15 12:44:50 +02:00
Ingo Schommer
9872a52a8d SecurityToken docs 2013-09-05 12:54:31 +02:00
Ingo Schommer
d4a1e6d294 BUG Prevent clickjacking in CMS and Security controllers (fixes #2215) 2013-07-14 22:44:09 +02:00
Ingo Schommer
b58e2dbe3a Member.lock_out_delay_mins configurable, password security docs 2013-07-11 09:47:28 +02:00
Hamish Friedlander
7b7982969b Add some docs about admin-side HTML sanitisation 2013-07-10 16:44:51 +12:00
Hamish Friedlander
dacb2aa638 FIX HtmlEditorField not re-checking sanitisation server side 2013-07-04 08:53:23 +12:00
Ingo Schommer
14c59be85e API Form::setStrictFormMethodCheck() and strict argument to setFormMethod()
Thanks to @sminnee for getting this started
2013-05-08 10:25:13 +02:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
99ca0471f7 Merge remote-tracking branch 'origin/2.4' into 3.0
Conflicts:
	control/RequestHandler.php
	core/control/ContentController.php
	dev/CsvBulkLoader.php
	docs/en/changelogs/index.md
	docs/en/reference/execution-pipeline.md
	docs/en/topics/commandline.md
	docs/en/topics/controller.md
	docs/en/topics/form-validation.md
	docs/en/topics/forms.md
	docs/en/topics/security.md
	model/MySQLDatabase.php
	security/Security.php
	tests/control/ControllerTest.php
	tests/control/RequestHandlingTest.php
2013-03-19 13:56:04 +01:00
Ingo Schommer
d51e0bc2ec Improved docs on $allowed_actions
Added section to "Controllers" and "Form" topics,
added $allowed_actions definitions to all controller examples
2013-02-17 23:30:40 +01:00
Ingo Schommer
3e27d27f7a Improved docs on $allowed_actions
Added section to "Controllers" and "Form" topics,
added $allowed_actions definitions to all controller examples
2013-02-17 23:16:25 +01:00
Hamish Friedlander
acfc0be471 Document that yaml files shouldnt be served directly 2013-01-29 14:11:52 +13:00
Ingo Schommer
868d3697fd Fixed usage of DataList etc in docs (fixes #7518) 2012-06-27 16:09:31 +02:00
Ingo Schommer
3a11c690ed MINOR Updated security documentation (phpdoc and markdown) around new DataList and SQLQuery APIs, additional automatic escaping on some stricter inputs like column names 2012-05-16 11:59:22 +02:00
Ingo Schommer
40d73127ae MINOR Using late static binding instead of Object::create() calls 2012-04-04 17:10:31 +02:00
Philipp Krenn
a67c6ce936 ENHANCEMENT Added section on security ratings, moved security process description from 'contributing' to 'release process' section 2012-02-01 11:10:10 +01:00
Ingo Schommer
04a10a4265 MINOR Updated coding conventions to require the 'public' keyword for class methods and variables 2012-01-30 23:13:42 +01:00
Ingo Schommer
73cca09960 BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping 2011-09-15 14:43:34 +02:00
Ingo Schommer
c776a1cd67 BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping 2011-09-15 14:24:46 +02:00
Michael Andrewartha
f3ac57394d Small text changes, added api links, cont. updating images for tutorials, fixed tutorials from member feedback 2011-03-21 11:53:06 +13:00
Michael Andrewartha
626980acb5 Small text changes, added api links, cont. updating images for tutorials, fixed tutorials from member feedback 2011-03-09 10:05:51 +13:00
Ingo Schommer
8bd01d62c4 ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) 2011-02-07 19:55:13 +13:00
Ingo Schommer
b1c36ce0a4 ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) 2011-02-07 19:48:44 +13:00