3094 Commits

Author SHA1 Message Date
Sean Harvey
0e07f1a7f5 Merge remote-tracking branch 'origin/3.0' into 3.1 2014-08-22 17:50:36 +12:00
Ingo Schommer
1661213e5b FIX Opt-out pf form message escaping (fixes #2796)
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.
2014-08-22 16:59:34 +12:00
Sean Harvey
8063b349c8 BUG Fixing Director::test() failing on BASE_URL prefixed URLs
Example: you have a site in a sub-directory off the webroot, you call
->Link() on a SiteTree record, which returns "/[sitedir]/my-page", and
you pass this URL to Director::test(). It's a valid URL, but
Director::test() will throw a 404.

Director::test() should be ensuring that all URLs passed to it are
properly made relative, not just in the case where it thinks the URL
is absolute.
2014-08-22 15:21:53 +12:00
Damian Mooyman
aec8430395 Merge pull request #3393 from halkyon/flushable
NEW Provide a consistent way of triggering flush
2014-08-22 10:28:26 +12:00
Sean Harvey
2b316e79e5 NEW Provide a consistent way of triggering flush
Provides an interface for classes to implement their own flush()
functionality. This function gets called early in a request on
all implementations of Flushable when flush=1|all is requested in the
URL.

This fix came out of an issue where Requirements combined files were not
being cleaned up after dev/build?flush=1, due to the fact that flush
would only occur when you called it while on a page that used those
combined files, but not in any other contexts. This will now call flush
on any implementors of Flushable regardless of the context of where
flush was called.
2014-08-22 09:24:27 +12:00
Sean Harvey
61c6dee057 BUG Fixing plural_name messing up singular words ending in "e" (#3251)
This would ideally be fixed with the ability to use an external library
like gettext, but that's an API change. This for now fixes the issue
where a singular like "Page" returns "Pags" for the plural name.
2014-08-20 14:55:40 +12:00
Devlin
4178f7beb0 test all generate methods and formatted image deletetions 2014-08-19 10:12:47 +02:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Sean Harvey
404478b07f Removing @deprecated 3.1 functionality and classes.
Changelog has been updated to include what was removed in terms of
major functionality, and what to use as a replacement.
2014-08-18 16:00:13 +12:00
Sean Harvey
5f1552b365 BUG Custom label set in summary_fields config gets overridden 2014-08-14 14:19:41 +12:00
Mateusz Uzdowski
8bf3853887 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	docs/en/misc/contributing/issues.md
	docs/en/reference/uploadfield.md
	forms/HtmlEditorField.php
	i18n/i18n.php
	javascript/HtmlEditorField.js
	model/DB.php
	model/Image.php
	model/SQLQuery.php
2014-08-14 09:08:26 +12:00
John Milmine
0a36951ab1 adding exclamation mark and question mark to delimiters, made text work the same as HTML Text 2014-08-07 21:01:23 +10:00
Igor Nadj
b3d52de531 ENH making /dev extendable 2014-08-06 16:29:52 +12:00
Marcus Nyeholt
b273f3b524 API Updated aspect proxy service
- Updated AspectProxyService to handle multiple handlers for each proxied
  object's methods.
- Changed BeforeCallAspect to allow for providing a return value that
  should be returned to the caller instead of the proxied return value
- Changed AfterCallAspect behaviour to allow for returning the value of
  the aspect to the caller instead of the proxied return value
2014-08-06 13:48:26 +10:00
Sean Harvey
1759d5d017 API Use "number" HTML5 type for NumericField by default 2014-08-04 14:27:35 +12:00
Damian Mooyman
2c24d51c0b Revert #3358 2014-08-04 12:13:19 +12:00
Sean Harvey
b2dac644a0 BUG Fixed escaping of name/value in options of form fields
DropdownField was currently escaping options, but CheckboxSetField and
OptionsetField were not. This fixes them to be consistent.
2014-08-04 09:55:35 +12:00
Damian Mooyman
a89dbd29e1 Revert #3345 #3323 2014-07-31 17:05:57 +12:00
Daniel Hensby
04e5c11ed9 TEST Empty absolute urls - tests for #3323 2014-07-30 23:22:37 +01:00
Jeffrey Guo
5519a026e8 expand a tree node and check a CMS tab 2014-07-30 17:17:08 +12:00
Stig Lindqvist
333a2aa8f9 BUG: CMS tree filters doesn't count the correct number of children for deleted pages
This is a bug that combines Hierarchy, Versioned and LeftAndMain admins and CMSSiteTreeFilters.

This bug can be reproduced by having a large site tree with enough deleted pages in it so it doesn't
pre load all the children pages when initially opening an admin. Filter by either 'All pages including deleted'
or 'Deleted pages'. For CMS users it will look like deleted pages are gone.

The solution involves a couple of smaller fixes in both CMS and framework modules.

1) Ensure that 'numHistoricalChildren' are used instead of 'numChildren' when dealing with deleted pages
2) LeftAndMain::currentPage() deletes all the 'marking' cache previously built up by Hierarchy::markPartialTree()
3) Use Versioned::get_included_deleted() instead of raw DB queries against the DataObject tables when calculating parents in CMSSiteTreeFilter
2014-07-25 16:19:30 +12:00
Damian Mooyman
0433ba1642 BUG Revert some changes to ManyManyList
BUG Fix incompatibility in Member_GroupList
Fix regressions in merges from 3.1
BUG Fix Security failing on test classes
BUG Fix postgresql compatibility
Clarify sql encoding of table names
2014-07-23 12:38:41 +12:00
Senorgeno
df6a8b6fb6 BUG #3282: Added ability to subselect with in left or inner join 2014-07-17 13:27:28 +12:00
Simon Welsh
c14d58f585 Merge branch '3.1'
Conflicts:
	.travis.yml
	model/ManyManyList.php
	model/fieldtypes/DBField.php
2014-07-16 21:24:02 +10:00
Loz Calver
791ee7171b API: Prevent large images from repeatedly crashing PHP on resize 2014-07-16 09:18:51 +01:00
Damian Mooyman
d8e9af8af8 API New Database abstraction layer. Ticket #7429
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Damian Mooyman
c26df0b3c6 Revert "BUG Config::merge_array_low_into_high() ignores falsey values" 2014-07-09 09:57:25 +12:00
Sean Harvey
16e546300f BUG Config::merge_array_low_into_high() ignores falsey values
Specific case: LeftAndMain::$session_keepalive_ping = true cannot be
set to false in config.yml for some cases because the value is ignored
when merge_array_low_into_high() is processing the config arrays.
2014-07-08 15:18:26 +12:00
Sean Harvey
d1d295056b Merge pull request #3265 from stevie-mayhew/images-force-resample
FEATURE allow force resampling on images
2014-07-07 11:27:16 +12:00
Damian Mooyman
c30111eee3 Better encoding of javascript
Fixes #2988
2014-07-07 09:01:53 +12:00
Stevie Mayhew
1d86fe4f52 FEATURE allow force resampling on images 2014-07-05 14:29:01 +12:00
Damian Mooyman
d3c7e41419 BUG using isDev or isTest query string no longer triggers basic auth 2014-07-02 11:51:51 +12:00
Will Rossiter
2c741fec0c FIX Add support for compositedbfield within many_many_extraFields
Previously selectFromTable would simply try to select the composite field name. This expands the extraField name to include the children field names and uses CompositeDBField::writeToManipulation to generate the correct SQL for the queries.
2014-06-28 10:54:48 +12:00
Damian Mooyman
6ff1d3ccbc Merge pull request #3225 from halkyon/log_constants
Adding some more commonly used SS_Log priority constants.
2014-06-23 13:15:45 +12:00
Sean Harvey
9c2ddd4850 Adding some more commonly used SS_Log priority constants. 2014-06-23 11:50:05 +12:00
Sean Harvey
0ee3a683a5 Better support for overloading start and destroy methods in Session
Move functionality from static start and destroy functions into instance
methods, allowing these to be overloaded. This works the same way as
calling Session::set() which then in turn calls inst_set()

Additionally use Injector to create the default Session instance to
allow the class to be swapped out.
2014-06-20 10:35:53 +12:00
Damian Mooyman
ef03dfdd5b Merge remote-tracking branch 'origin/3.1' 2014-06-17 18:17:24 +12:00
Damian Mooyman
11cc27f700 Merge pull request #2967 from halkyon/formfield_readonly
Fixing FormField not setting readonly attribute on setReadonly(true)
2014-06-17 14:48:56 +12:00
Sean Harvey
b4bfb75a0d Merge pull request #3207 from chillu/pulls/behat-gridfield
Moved table-related feature steps to behat extension
2014-06-17 13:43:33 +12:00
Loz Calver
3d71a22a98 FIX: ClassManifest errors if files contain duplicate class names (fixes #3210) 2014-06-16 22:18:18 +01:00
Ingo Schommer
bb03f6ba2f Merge remote-tracking branch 'origin/3.1'
Conflicts:
	forms/HtmlEditorField.php
2014-06-15 22:50:20 +12:00
Ingo Schommer
415ba11356 Merge pull request #3175 from tractorcow/pulls/3.1/mink-update
Update for Mink 1.6 compatibility (DO NOT MERGE)
2014-06-13 16:34:22 +12:00
Ingo Schommer
a433fa2ec4 Moved table-related feature steps to behat extension
Reused for tables other than GridField.
See https://github.com/silverstripe-labs/silverstripe-behat-extension/pull/51
2014-06-13 15:10:16 +12:00
Damian Mooyman
d516063db7 BUG fix dependency injection stumbling over ViewableData's __isset 2014-06-12 10:08:59 +12:00
Damian Mooyman
4c5de82625 Versioned no longer sets redundant session data 2014-06-11 16:42:22 +12:00
Damian Mooyman
4fdfff8a23 Update for Mink 1.6 compatibility 2014-05-30 15:46:54 +12:00
Simon Welsh
9b3bfb2e10 Merge pull request #3145 from tractorcow/pulls/3.1/fix-choose-stage
BUG Fix access to protected Session::current_session()
2014-05-24 11:07:40 +10:00
Simon Welsh
b020cabc1a Merge pull request #3138 from tractorcow/pulls/3.1/fix-arraylist-sorting
BUG ArrayList failing to respect the SS_Sortable interface
2014-05-24 11:05:25 +10:00
Ingo Schommer
ec325a3c7f API Fix HTTPS proxy header detection
Didn't use the de facto standard HTTP_X_FORWARDED_PROTO or the less standard HTTP_FRONT_END_HTTPS.
Removed the 'X-Forwarded-Proto', since PHP should prefix/underscore all HTTP headers before it hits $_SERVER.

References:
- https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
- https://drupal.org/node/1859252
- https://drupal.org/node/313145
- http://scottwb.com/blog/2013/02/06/always-on-https-with-rails-behind-an-elb/
2014-05-22 18:34:15 +12:00
Devlin
5f7ebd3c23 API UploadField: move replaceFile to the front end config 2014-05-21 12:03:26 +02:00