Commit Graph

2028 Commits

Author SHA1 Message Date
Ingo Schommer
debd81d380 Merge pull request #2453 from chillu/pulls/escape-3.1.0
Escaping 3.1
2013-09-25 16:02:45 -07:00
Ingo Schommer
c243418597 API Escape form validation messages (SS-2013-008) 2013-09-24 21:54:31 +02:00
Ingo Schommer
2b7a2a289e API Escape form validation messages (SS-2013-008) 2013-09-24 21:41:21 +02:00
Ingo Schommer
f3ef04a432 FIX Auto-escape titles in TreeDropdownField
Related to SS-2013-009. While the default "TreeTitle" was escaped
within the SiteTree->TreeTitle() getter, other properties like SiteTree->Title
weren't escaped. The new logic uses the underlying casting helpers
on the processed objects.
2013-09-24 21:41:21 +02:00
Ingo Schommer
78ce99be09 FIX Escape breadcrumbs in SecurityAdmin (SS-2013-007) 2013-09-24 21:41:18 +02:00
Ingo Schommer
114fb59107 FIX Auto-escape titles in TreeDropdownField
Related to SS-2013-009. While the default "TreeTitle" was escaped
within the SiteTree->TreeTitle() getter, other properties like SiteTree->Title
weren't escaped. The new logic uses the underlying casting helpers
on the processed objects.
2013-09-24 21:40:17 +02:00
Sean Harvey
b383a07f90 BUG Fixing tabindex added to CreditCardField when tabindex is NULL
The tabindex increment *should* only be done if there is a tabindex
that has been set on a CreditCardField already, otherwise it breaks
the tab ordering.
2013-09-24 21:40:17 +02:00
Ingo Schommer
48021e9fd3 Merge pull request #2166 from dhensby/patch-2
FormFields now allow setting of extra CSSClasses en masse
2013-09-24 11:50:01 -07:00
Ingo Schommer
d291a96326 Merge pull request #2152 from dhensby/patch-1
FIX Empty Datefield with defined min or max has non-object error thrown
2013-09-24 11:48:05 -07:00
Ingo Schommer
1bb993b0b3 Form errors in LeftAndMain response negotiation
The session key for form errors changed from "Form_EditForm" to "CMSForm_EditForm",
causing a mismatch. See https://github.com/silverstripe/silverstripe-framework/pull/2084/files#r6338249 for discussion
2013-09-18 14:30:37 +02:00
Simon Welsh
6df6cb719d Revert "Merge pull request #2390 from phptek/2389"
This reverts commit 58da57dd1b, reversing
changes made to 8864256601.
2013-09-13 08:22:32 +12:00
Ingo Schommer
c2b312d76f Merge remote-tracking branch 'origin/3.1.0' into 3.1 2013-09-12 17:24:42 +02:00
Sean Harvey
c309867a1c Merge pull request #2373 from chillu/pulls/treedropdown-searchfield-default
Default TreeDropdown to "Title" search if $labelField isn't in DB
2013-09-10 21:45:40 -07:00
Russell Michell
abcb2ef40b FIX: Modified fix for #2389 to ensure existing tests pass. 2013-09-06 08:48:32 +12:00
Russell Michell
128c33b82c FIX: Fixes #2389
- Prevent circular references in `GridFieldAddExistingAutocompleter` when linking DataObjects whose ID matches the current object to which the gridfield is attached.
2013-09-05 13:55:47 +12:00
Ingo Schommer
1c31c098ee FIX Correct Zend_Locale fallbacks in i18n/DateField/DateTimeField
Due to the recent change of translations to transifex, some
locales changed their names, which prompted a fix to
i18n::get_available_translations() (see 00ffe7294).
This caused a regression where short locales are determined
from the YAML file names (e.g. "en"), but weren't matched up
with fully qualified locales from get_available_translations() (e.g. "en_US").
Since this list is used in the admin/myprofile dropdown for the Member.Locale value,
it didn't match up with any entries and defaulted to the first one ("Africaans").

Note that the behaviour of admin/myprofile is still a bit weird:
It defaults the locale on new members to the one set for the current administrator.
So if a site defaults to en_US in _config.php, but the admin happens to view
his backend in de_DE, all members he creates default to de_DE as well.

Thanks to @tractorcow for contributing and peer reviewing!
2013-08-30 10:18:00 +02:00
Ingo Schommer
20b49e215c Merge pull request #2136 from nedmas/fix-remove-export-button-padding
FIX: GridField button styling
2013-08-30 00:24:21 -07:00
Ingo Schommer
79cab42a91 Default TreeDropdown to "Title" search if $labelField isn't in DB
This is a workaround in order to ensure the field stays operational
for SiteTree and File records with the new $showSearch=true default.
Previously it was necessary to use setSearchCallback(), otherwise
the SQL query would fail. One limitation to keep this change generic
is that "MenuTitle" won't be used to search, since its SiteTree specific,
while the "Title" and "Name" fields are generally regarded as
model conventions (e.g. they're used in DataObject->getTitle() as well).

See https://github.com/silverstripe/silverstripe-framework/pull/2364
2013-08-29 17:12:01 +02:00
Naomi Guyer
8b5f89f3b9 API: Treedropdownfield showsearch default true, provide better ui
Set search option true on treedropdown fields by default, to provide a
fallback solution when trees fail to render (too many children errors)

Provide better indication/more meaningful styling to search (match
chosen styles for consistency)
2013-08-29 16:21:04 +12:00
Ingo Schommer
40c239076b Merge remote-tracking branch 'origin/3.0' into 3.1.0
Conflicts:
	model/Hierarchy.php
2013-08-22 12:55:47 +02:00
Simon Welsh
c66cc952d2 Correct line length and indentation 2013-08-21 21:27:16 +12:00
Simon Welsh
151baeede1 Correct line length and indentation 2013-08-21 18:54:05 +12:00
Ingo Schommer
a6da1f5570 Merge pull request #2294 from wilr/fixgridexport
FIX: Remove limit on GridField export
2013-08-20 14:08:18 -07:00
Ingo Schommer
351c1168b6 Merge pull request #2314 from mateusz/required-attrs
HTML5 required attributes on default fields, add validator to the login form
2013-08-20 06:40:58 -07:00
Ingo Schommer
02cc662aaf More specific entwine rule for delete alert in GridField
The rule didn't apply in Firefox because of how it handles specificity,
so made it a bit more specific (added "button" and ".action")
2013-08-16 16:06:31 +02:00
Ingo Schommer
acc07e67ea Merge pull request #2318 from micmania1/2317-gridfieldfilterheader-duplicate-fields
Added gridField->getName() to field names to avoid duplication
2013-08-15 15:44:17 -07:00
Mateusz Uzdowski
090f07d978 BUG Apply HTML5 required attributes when fields are required. 2013-08-12 09:32:03 +12:00
micmania1
8ce50c3ae6 Added gridField->getName() to field names to avoid duplication 2013-08-09 22:57:48 +01:00
Hamish Friedlander
0918cd2092 Remove SiteTree link tracking out of HtmlEditorField 2013-08-09 11:24:10 +02:00
Will Rossiter
65d96e8d7c FIX: Remove limit on GridField export
Allow DataList::limit() to take a null value to remove the limit.

Added tests for limit(). Note the one failure, currently the ORM doesn't support unlimited values with an offset.
2013-08-05 19:59:12 +12:00
Ingo Schommer
0e7231ff60 API Disable discontinued Google Spellcheck in TinyMCE
Replaced by browser-based spellchecking if available (Chrome, Firefox),
with instructions on how to use PSpell as an alternative.
2013-08-03 16:16:45 +02:00
Hamish Friedlander
d38bd7d5cb Merge branch 'origin/3.0' into 3.1 2013-07-19 14:18:49 +12:00
Ingo Schommer
920edf88e7 Test allowedExtensions in UploadField, return correct HTTP status 2013-07-12 13:16:34 +02:00
Jeremy Thomerson
dbb2efcbb3 FIX: wrong class name being returned
This resulted in an error since the returned class name did not exist.
Note that this only happened when someone subclassed GridFieldDetailForm
and did not subclass GridFieldDetailForm_ItemRequest.
2013-07-09 20:59:56 +00:00
Daniel Hensby
e225cffcf8 FIX Empty Datefield with defined min or max has non-object error thrown
When submitting a Datefield with no value but with a min / max config date, the validate() function attempts to access a function on $this->valueObj (which is a non-object)
2013-07-08 16:07:21 +01:00
Sam Minnée
0173707cd1 Merge pull request #2164 from tractorcow/3.1-datetimefield-fixes
BUG Fixed DateTimeField where time value was being parsed incorrectly.
2013-07-06 19:03:33 -07:00
Mateusz U
3ac22ed638 Merge pull request #2182 from hafriedlander/fix/sanitise
FIX HtmlEditorField not re-checking sanitisation server side
2013-07-04 14:56:37 -07:00
Damian Mooyman
a862b4da99 BUG Fixed missing allowed_actions on UploadField_SelectHandler 2013-07-04 12:38:57 +12:00
Hamish Friedlander
dacb2aa638 FIX HtmlEditorField not re-checking sanitisation server side 2013-07-04 08:53:23 +12:00
Ingo Schommer
d003c96c62 Fixed HTMLEditorField extension call ("updateFieldsForOembed") 2013-07-03 10:15:46 +02:00
Daniel Hensby
336ddf1a55 FormFields now allow setting of extra CSSClasses en masse
Each CSS class passed in to `addExtraClass` or `removeExtraClass` will be set as their own key in the `extraClasses` array

Also make `Form` consistent with `FormField`
2013-06-29 13:27:26 +01:00
Damian Mooyman
feb03f5443 BUG Fixed issue where time value was being parsed incorrectly in some locales 2013-06-28 16:45:33 +12:00
Ingo Schommer
09b31c642f Allow Form->forTemplate() URL access (fixes #788)
Need to specifically whitelist URL-accessible actions now.
Used in "Insert Link" form in HtmlEditorField.
Regression from 1edf45fbed
2013-06-25 16:33:00 +02:00
jonom
ffc764dc3c NEW: Allow configuration of initial insertion width for images and media
Moved default insertion dimensions logic from JS to PHP to allow setting through config API
2013-06-24 14:25:16 -06:00
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Tom Densham
3596892001 FIX: GridField button styling
Remove all top/bottom margins from buttons and apply to GridFieldButtonRow component. Ensure that all buttons are added to a suitable GridFieldButtonRow in ModelAdmin, SecurityAdmin and Group.
2013-06-21 14:22:00 +01:00
Ingo Schommer
da0cc25c3b Merge pull request #2129 from tractorcow/3.1-htmleditor-mediaform-fixes
BUG Fixed issue in file upload via the HTML Editor media dialogue
2013-06-20 02:10:16 -07:00
Damian Mooyman
f47383f52e BUG Fixed issue where file upload via the HTML Editor media dialogue would not prompt users to overwrite existing files 2013-06-20 15:21:18 +12:00
Hamish Friedlander
328467f1b5 FIX: ConfirmedPasswordField used to expose existing hash 2013-06-20 14:09:30 +12:00
Sam Minnée
34287895ef Merge pull request #2099 from chillu/pulls/insert-media-tweaks
Various "Insert Media" dialog tweaks
2013-06-18 21:32:00 -07:00
Ingo Schommer
080da1eefc Removed colons from field labels in "Insert Media" detail screen
We don't use them in other field labels either
2013-06-15 10:13:45 +02:00
Ingo Schommer
91f6255fed Full URL on hover in UploadField detail screen
Works around possible truncation of the URL when it gets too long
2013-06-15 10:13:45 +02:00
Ingo Schommer
4bc2f9bc0d Localization-resilient SCSS selector (fixes #1590) 2013-06-15 10:13:45 +02:00
Ingo Schommer
10a558c882 Hide "delete" button in "Insert Media" dialog 2013-06-15 10:13:44 +02:00
Ingo Schommer
3f295adbdd .field.noborder style, use it in "Insert Media" dialog 2013-06-15 10:13:43 +02:00
Ingo Schommer
7ce9677dcb Moved GridField table padding to buttons
Avoid double padding when no bottom buttons exist
2013-06-15 10:13:43 +02:00
Ingo Schommer
63eb9518d2 Consistent Form setters (returning $this on setHTMLID()) 2013-06-13 07:51:08 +02:00
Ingo Schommer
bfff11eb9c API New CMSForm class to allow validation responses in CMS (fixes #1777)
Thanks to @willmorgan for getting this discussion started
(see https://github.com/silverstripe/sapphire/pull/1814).
2013-06-13 07:51:05 +02:00
Ingo Schommer
ab9e0286f0 Merge pull request #2051 from kinglozzer/candelete-gridfield-fix
Fix: Enable delete button for users with canDelete() but no canEdit() permissions
2013-06-12 02:10:41 -07:00
Mateusz Uzdowski
d1482bee15 Add autocomplete=off switch for the password field.
Some clients require disabling of the browser password handling
mechanisms. Add a switch to make it possible without hacking the core.

No change to default behaviour.
2013-06-12 09:41:18 +12:00
Ingo Schommer
a643f95796 Merge pull request #2080 from tractorcow/3.1-mediadialog-overwrite-hack
BUG Temporarily disable overwrite warning on HtmlEditorField "insert media".
2013-06-11 00:11:39 -07:00
Ingo Schommer
1c150ac3a0 Merge pull request #2044 from jonom/patch-3
FIX #527 : Add Thumbnails to 'Choose another file' dialogue
2013-06-10 05:13:08 -07:00
Damian Mooyman
78bd73d40d BUG Temporarily disable overwrite warning on HtmlEditorField "insert media" dialogue until this feature properly supports validation error recovery. 2013-06-10 15:35:28 +12:00
Damian Mooyman
96023079d5 API Removed user_error when setting missing option on UploadField via setConfig. Added documentation to this function as a replacement for the check. 2013-06-07 14:32:30 +12:00
Loz Calver
dcec30f4e3 Fix: Enable delete button for users with canDelete() but no canEdit() permissions
$form->makeReadonly(); iterates over all fields/actions, disabling the 'delete' button even when the user has permission
2013-06-03 12:31:40 +01:00
jonom
34bc067400 NEW: Add Thumbnails to 'Choose another file' dialogue
Very difficult to choose an image based on file name alone. Added thumbnail and reduced rows from 10 to 8 to compensate for increased height of rows with thumbnail included.
2013-05-31 17:42:03 -05:00
Ingo Schommer
5d97f615ce Merge remote-tracking branch 'origin/3.0' into 3.1 2013-05-31 17:52:24 +02:00
Damian Mooyman
7f057ce343 API UploadField functions on new records
Fixed regression from 1e5d40474d (UploadField::canPreviewFolder).
Merged in pull request #2009 - (6018bdd631).
Merged pull request #1259 (34bfc862ee).
2013-05-27 15:22:59 +12:00
Ingo Schommer
6f2ba3fcac Merge pull request #2009 from sminnee/uploadfield-choose-new-file
NEW 'Choose another file' button on upload field AAS-917
2013-05-25 01:55:26 -07:00
Julian Seidenberg
22c7bbfcd4 NEW UploadField displays a warning before overwriting files (only relevant if config.yml: Upload:replaceFile = true). 2013-05-25 19:07:06 +12:00
jean
6018bdd631 NEW 'Choose another file' button on upload field AAS-917 2013-05-25 18:38:02 +12:00
Simon Erkelens
513270ca48 API: Allow array of fields passed to FieldList::removeByName()
Supports passing an array to removeByName(), which is iterate and then removed. Useful for removing fields from a fieldlist that are not on a tab. Similar to removeFieldsFromTab();
This is cleaner than a new function.
2013-05-25 15:31:30 +12:00
uniun
5596442081 FIX: Form::set_current_action() never gets called. 2013-05-24 11:25:36 +03:00
Ingo Schommer
c85c495848 BUG GridFieldFilterHeader works without non-filterable cols
Previously relied on the presence of a last column which wasn't filterable,
commonly a GridFieldEditButton. If this wasn't present, the filter buttons
were never added, leading to the GridField JS reload request being sent
without the required button form action, so GridFieldFilterHeader->handleAction()
was never called.
2013-05-23 17:48:27 +02:00
Will Rossiter
ddcfcf7bed Update @package, @subpackage labels
Cleanup of framework's use of @package and @subpackage labels and additional of labels for classes missing packages.

Moved all GridField related components to the one name.

Countless spelling fixes, grammar for other comments.

Link ClassName references in file headers.
2013-05-21 22:24:41 +12:00
Ingo Schommer
842dc98681 Added "saves into..." label to UploadField template
CMS users shouldn't need to guess where their files will end up.
2013-05-14 10:39:05 +02:00
Justin Martin
644fa29e41 Include Zend_Locale_Format
Fix Zend_Locale_Format not being included.
2013-05-13 10:55:05 -07:00
Will Rossiter
a99dbae012 FIX: NumericField should work with numbers like 54,6
Fixes http://open.silverstripe.org/ticket/5577.

Uses Zend_Locale_Format::isNumber(). Includes unit test for NumericField. Does not include testing work on DBField underlying NumericField to ensure that works consistently.
2013-05-11 22:51:39 +12:00
Will Rossiter
42cf2a95bd FIX: Add support for multi dimensional source arrays in LookupField (open/6132) 2013-05-11 00:01:39 +12:00
Will Rossiter
94d6b1ccff FIX: Disable autocomplete on ConfirmedPasswordField instances. 2013-05-10 20:32:59 +12:00
Will Rossiter
09fcdb8c31 Coding conventions for ConfirmedPasswordField 2013-05-10 20:23:06 +12:00
Sam Minnée
9672a22166 Merge pull request #1851 from chillu/pulls/form-strict-method-check
Form strict method check
2013-05-08 22:31:40 -07:00
Ingo Schommer
a1216b5e32 Merge pull request #1250 from wilr/gridfield-action-fixes
FIX: Do not blindly pass input values to GridField_FormAction URL's
2013-05-08 04:20:40 -07:00
Ingo Schommer
a9edf47189 Merge pull request #1830 from a2nt/media_dialog_add_url_btn_fix
FIX media dialog add url button fix
2013-05-08 01:42:04 -07:00
Ingo Schommer
14c59be85e API Form::setStrictFormMethodCheck() and strict argument to setFormMethod()
Thanks to @sminnee for getting this started
2013-05-08 10:25:13 +02:00
Simon Welsh
8930304dfc Only set GridField state in request if a value is submitted 2013-05-07 08:15:27 +12:00
a2nt
423c737502 FIX media dialog add url button fix
Use HtmlEditorField.BUTTONADDURL for localization
2013-05-04 03:34:02 +07:00
Ingo Schommer
5ca9db5e5e Limit HtmlEditorField HTMLText casting note to existing fields
This prevents it from failing for proxied values
like BlogEntryForm, where the field name doesn't exist,
and rather gets processed and saved into a different field.
2013-04-29 09:32:05 +02:00
Will Rossiter
a6b0807b9f Merge pull request #1800 from willmorgan/patch-1
Define ConfirmedPassword::$children as a public variable
2013-04-24 16:18:44 -07:00
Will Morgan
9732a7fb3b Fixing typo on Validator exception message 2013-04-24 18:50:40 +02:00
Will Morgan
676aa8de05 Defining $children as a public variable
Defining $children as a public variable (it was previously defined on-the-fly)
2013-04-24 16:25:13 +02:00
Ingo Schommer
7f6671628d "UploadFieldFileButtons" casting (regression from casting changes)
Caused the UploadField rows to show "[Object object]" because
it tried to pass through a PHP object to JS without string casting
(the return used to be a string).
2013-04-18 17:09:56 +02:00
uniun
4d70daa9e2 BUG: HiddenFields and VisibleFields should always return extraFields
HiddenFields() and VisibleFields() should always return extraFields, e.g. HiddenFields doesn't return SecurityID if it is called before Fields().
2013-04-17 20:31:17 +02:00
Sean Harvey
2a65f17542 Merge pull request #1757 from tractorcow/3.1-phone-field-fix
BUG Fixed incorrect variable usage in generation of PhoneNumberField form fields
2013-04-14 14:01:09 -07:00
chiujl
cb463449e8 DatetimeField returns wrong year
This is related to how Zend_Date returns year for YYYY & yyyy format. Detailed explanation is here http://framework.zend.com/issues/browse/ZF-5297

Sample code (adapted the Datetimefield setValue() method) to highlight the problem:

include 'framework/thirdparty/Zend/Date.php';

$userValueObj = new Zend_Date(null, null, 'en_US');
$userValueObj->setTimezone('GMT');
$userValueObj->setDate('2012-01-01', 'YYYY-MM-dd');
$userValueObj->setTime('00:00:00', 'HH:mm:ss');
echo $userValueObj->get('YYYY-MM-dd HH:mm:ss', 'en_US'), "\n"; // returns 2011-01-01 00:00:00
echo $userValueObj->get('yyyy-MM-dd HH:mm:ss', 'en_US'), "\n"; // returns 2012-01-01 00:00:00
2013-04-13 06:26:52 +08:00
Damian Mooyman
0dfc6d5eab BUG Fixed incorrect variable usage in generation of PhoneNumberField form fields 2013-04-12 15:13:58 +12:00
Ingo Schommer
59dc0085d8 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	docs/en/reference/urlvariabletools.md
	tests/forms/CheckboxFieldTest.php
2013-04-12 01:13:32 +02:00
Ingo Schommer
933fbf8ea4 l10n key to make "yes" and "no" translatable (see #1749) 2013-04-12 01:11:24 +02:00
Ingo Schommer
9856fcef21 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	javascript/DateField.js
	model/DataQuery.php
	model/Versioned.php
	tests/forms/RequirementsTest.php
	tests/model/DataObjectLazyLoadingTest.php
	view/Requirements.php
2013-04-09 14:45:35 +02:00
Ingo Schommer
01f46d039f NEW Enforce max node counts to avoid excessive resource usage
Rendering potentially 1000s of nodes can exceed the CPU and memory constraints
of a normal PHP process, as well as the rendering capabilities of browsers.
Set a hard maximum for the renderable nodes, deferring to a "show as list" action
in the main CMS tree. For TreeDropdownField, we don't have the list fallback option,
so ask the user to search for the node title instead.

Also makes both the "node_threshold_total" and "node_threshold_leaf" values configurable
2013-04-09 10:24:18 +12:00