Daniel Hensby
6139de8680
FIX Make sure plain parts are rendered when re-rendering emails
2017-11-08 15:32:51 +00:00
Damian Mooyman
6a73466b41
BUG Fix basicauth
2017-11-03 12:08:38 +13:00
Damian Mooyman
9d3277f3d3
BUG Fix forceWWW and forceSSL not working in _config.php
...
API Introduce CanonicalURLMiddleware
BUG Fix Director::makeRelative() failing on multi-domain sites
2017-10-30 14:42:36 +13:00
Damian Mooyman
b9cb1e69e6
BUG Replace phpdotenv with thread-safe replacement
2017-10-20 18:43:11 +13:00
Damian Mooyman
d0ca9bd17a
Merge pull request #7490 from open-sausages/pulls/4.0/my-email-children-deserve-the-best
...
BUG Fix enable email subclasses to use their respective templates
2017-10-19 16:30:37 +13:00
Christopher Joe
dabdc905ce
BUG Fix enable email subclasses to use their respective templates
2017-10-19 14:44:04 +13:00
Nathan J. Brauer
bcc2cc6a0b
Adding 308 HTTP Response as an redirect code
...
https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
Often times, 308 are preferred over 301 redirects, as they tell the requester to, for example, re-POST a form submission on the final URL.
2017-10-18 12:27:00 -07:00
Damian Mooyman
3e6984d5a8
Shift REQUEST_URI mangling into HTTPRequestBuilder::createFromVariables()
2017-10-09 17:35:33 +13:00
Damian Mooyman
199d607a2c
Tiny revert
2017-10-09 17:21:43 +13:00
Ingo Schommer
1e913bb938
Remove rewrite-less routing through index.php
...
It's currently broken (doesn't rewrite subsequent links),
and is of questionable use. It was introduced during a time
when PHP didn't have a built-in webserver (I think).
Virtually ever webserver will have rewriting capabilities these days (even IIS!),
and if you struggle with the setup as a new user, you can just fall back to PHP's built-in webserver.
This doesn't affect installation capabilities, since these are triggered via install.php.
2017-10-09 17:21:43 +13:00
Ingo Schommer
1e051386c6
Simplified request building
2017-10-09 17:21:43 +13:00
Ingo Schommer
bd11bc16c7
Avoid double slash in Director mock URLs
...
They get faulty results when run through parse_url($url, PHP_URL_PATH)
which we started using in HTTPRequestBuilder
2017-10-09 17:21:43 +13:00
Ingo Schommer
4a94dfe55b
Remove "url" query param reliance, use index.php
...
See https://github.com/silverstripe/silverstripe-framework/issues/7430
2017-10-09 17:21:43 +13:00
Damian Mooyman
fa57deeba4
ENHANCEMENT Allow vendor modules with url rewriting
...
API Introduce ModuleResource feature
2017-09-29 10:28:38 +13:00
Damian Mooyman
f574f6d1b2
Reset test state for modified config options
2017-09-28 17:24:32 +13:00
Christopher Joe
90d0361a6c
Enhancement update set_themes to not update config
2017-09-28 16:47:13 +13:00
Christopher Joe
7e92b053f4
Enhancement Add setter and getter for certain classes, so that LeftAndMain no longer updates config during init
2017-09-28 16:47:13 +13:00
Damian Mooyman
da27948777
Merge pull request #7373 from dhensby/pulls/4/rate-limit-security
...
NEW RateLimiter for Security controller
2017-09-28 11:01:37 +13:00
Damian Mooyman
e4fd9b4ff7
Code style fixes
2017-09-28 09:54:29 +13:00
Daniel Hensby
5f739c111e
added ratelimiter tests
2017-09-27 16:42:04 +01:00
Daniel Hensby
51ac297c59
Fixes to ratelimiter and new features
2017-09-27 14:44:38 +01:00
Damian Mooyman
261302a121
ENHANCEMENT Don't force all class names to lowercase
...
Speeds up autoloading because composer psr-4 works properly now
2017-09-20 15:14:55 +12:00
Daniel Hensby
04b1bb816e
NEW RateLimiter for Security controller
2017-09-14 14:23:36 +01:00
Daniel Hensby
9198313658
FIX HTTP Headers are case insensitive
2017-09-13 16:02:12 +01:00
Ingo Schommer
64af679c35
DOCS Corrected env type docs ( fixes #7290 )
2017-08-30 08:35:41 +12:00
Damian Mooyman
9b4d689bb2
Lazy-load custom methods and extensions on CustomMethods and Extensible traits
...
No longer need constructExtensions()
2017-08-22 15:47:24 +12:00
Christopher Joe
249c7048d9
Fix trim accept header parts
2017-08-21 15:31:13 +12:00
Robbie Averill
392cda15f6
NEW Add updateRules extension point to Director::handleRequest
2017-07-23 22:10:46 +12:00
Robbie Averill
ea4181166f
FIX Ensure phpdbg calls are registered by SilverStripe core as a CLI call
2017-07-17 16:56:01 +12:00
Robbie Averill
823e49526f
NEW Allow SSViewer and SSViewer_FromString to be injectable
2017-07-13 20:48:58 +12:00
Damian Mooyman
ed26b251c8
ENHANCEMENT: Better output type detection for debugging
2017-07-04 17:33:49 +12:00
Damian Mooyman
f65e3627dc
BUG Implement or exclude all pending upgrader deltas
2017-07-03 12:21:47 +12:00
Christopher Joe
061393a098
Fix enable ?flush rather than just ?flush=1
2017-06-29 16:13:38 +12:00
Damian Mooyman
8078ee08f2
BUG Fix folder urls getting mtime querystring appended
2017-06-28 16:59:41 +12:00
Sam Minnee
741166e369
API: ModulePath template global now takes any composer package name.
...
NEW: URL generation now handled by pluggable ResourceURLGenerator service.
NEW: Requirements::javascript() and Requirements::css() now support “vendor/package:resource” syntax.
These changes will make it easier to us to fully abstract:
- file access from module location
- file location from URL generation
API: ModulePath template global now takes any composer package name.
NEW: URL generation now handled by pluggable ResourceURLGenerator service.
NEW: Requirements::javascript() and Requirements::css() now support “vendor/package:resource” syntax.
These changes will make it easier to us to fully abstract:
- file access from module location
- file location from URL generation
2017-06-28 16:59:28 +12:00
Damian Mooyman
f699650b5f
Update based on feedback
2017-06-27 13:32:39 +12:00
Damian Mooyman
d20ab50f9d
API Stronger Injector service unregistration
...
BUG Fix up test regressions
FIX director references to request object
API Move all middlewares to common namespace
API Implement RequestHandlerMiddlewareAdapter
ENHANCEMENT Improve IP address parsing
Fix up PHPDoc / psr2 linting
BUG Fix property parsing in TrustedProxyMiddleware
BUG Fix Director::is_https()
2017-06-27 13:32:39 +12:00
Damian Mooyman
7aa67f856b
Move files to middleware folder
2017-06-27 13:32:39 +12:00
Sam Minnee
67887febc5
fix - session now uses request
2017-06-27 13:32:39 +12:00
Sam Minnee
69fe166897
API: Director::handleRequest() is no longer static - use a Director service
...
NEW: Add HTMLMiddlewareAware trait to HTTPApplication, Director, and RequestHandler
NEW: Allow service specs to be passed to Director rules.
This refactor of the controller middlewares takes a service definition
approach rather than a static-method-and-config approach that Director
historically had.
The use of a trait for middleware means that the Middlewares array
property can be defined on RequestHandler, Director, and HTTPApplication
objects in the same way.
2017-06-27 13:32:39 +12:00
Sam Minnee
e92c63c545
API: Remove $sid argument of Session::start()
...
NEW: Pass HTTPRequest to session
NEW: Pass HTTPReuqest optionally to Director statics
The session handler now expects to operate on a specific
HTTPRequest object.
2017-06-27 13:32:39 +12:00
Sam Minnee
ccc86306b6
NEW: Add TrustedProxyMiddleware
...
API: SS_TRUSTED_PROXY_HOST_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_PROTOCOL_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_IP_HEADER replace with middleware config
API: Front-End-Https = “on” header no longer supported
This middleware replaces the TRUSTED_PROXY setting and shifts its
configuration out of the env vars and bootstrap and into the Director
flow.
2017-06-27 13:32:39 +12:00
Sam Minnee
c4d038f20d
NEW: Add HTTPRequest::getScheme()/setScheme()
...
NEW: Add HTTPRequest::setIP()
API: Rely on HTTPRequestBuilder to set scheme and IP
These changes tidy up HTTPRequest making it a container for information
and removing special logic from it.
This makes it less feature-rich: it doesn’t contain trusted-proxy logic.
This will be able to provided by a middleware.
The new getScheme() method is designed to be closish to PSR-7’s
getUri()->getScheme() equivalent.
There are no more direct $_SERVER references in HTTPRequest.
2017-06-27 13:32:39 +12:00
Sam Minnee
4d89daac78
NEW: Register Injector::inst()->get(HTTPRequest)
...
HTTPRequest is provided as a service so that global references for
session, hostname, etc can be facilitated. It’s a bit of a hack and
should be avoided but we’re unlikely to scrub it completely from the
Silverstripe 4 code.
2017-06-27 13:32:39 +12:00
Sam Minnee
10866c0809
API: Replace Director::direct() with Director::handleRequest().
...
There was no longer any code in direct() and so I opted to expose the
handleRequest() method instead.
2017-06-27 13:32:39 +12:00
Sam Minnee
72a7655e95
NEW: Moved allowed-hosts checking to a middleware.
2017-06-27 13:32:39 +12:00
Sam Minnee
db080c0603
NEW: Move session activation to SessionMiddleware.
2017-06-27 13:32:39 +12:00
Sam Minnee
e855622890
NEW: Replace FlushRequestFilter with FlushMiddleware
2017-06-27 13:32:39 +12:00
Sam Minnee
b30f410ea0
API: Deprecate RequestFilter.
...
NEW: Allow application of HTTPMiddleware to Director.
Director can now use the same HTTPMiddleware objects as the app object.
They can be applied either globally or pre-rule.
2017-06-27 13:32:39 +12:00
Damian Mooyman
3873e4ba00
API Refactor bootstrap, request handling
...
See https://github.com/silverstripe/silverstripe-framework/pull/7037
and https://github.com/silverstripe/silverstripe-framework/issues/6681
Squashed commit of the following:
commit 8f65e5653276f95944fa9379834cb4188ce35d827ed4660e7a738f50c4976279d28e5e5c90d53a84f9b2ba47555b59a912b6e2c4a18f635d235e64f3d88d4ed4e4f7946aec3312bd31f936bba97911462a10c2397bd75a8d1d9306364af3c32a278e2953b65c21241bd1d4375c95b220534f06603704165c2f6336a15bfc7188da7da0ae723514ca03395251c66d433977f26ae75c6e001d559662de079c041d
2017-06-22 22:50:45 +12:00
