tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
18,349 Commits 31 Branches 527 Tags 162 MiB
6348f2e3e8
Commit Graph

480 Commits

Author SHA1 Message Date
Antony Thorpe
6348f2e3e8 Updated Form.php & 04_Form_Security.md 
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
 2017-06-06 21:10:49 +12:00
Damian Mooyman
e7d87add9f API Remove legacy HTMLEditor classes 2017-05-30 11:01:28 +12:00
Chris Joe
5ec8d40c19 Merge pull request #6957 from open-sausages/pulls/4/react-di-documentation 
Docs for React DI
 2017-05-26 10:59:42 +12:00
Daniel Hensby
893f19a5ea
DOCS Updating index definition examples 2017-05-25 23:29:12 +01:00
Aaron Carlino
bfc373cf0f update docs with new api 2017-05-25 16:34:32 +12:00
Aaron Carlino
75981989b0 Docs for React DI 2017-05-25 14:58:55 +12:00
Robbie Averill
ad43a82923 API Consistent use of inst() naming across framework 2017-05-19 14:38:06 +12:00
Colm McBarron
8666d4abb2 Update YAML format to use namespace 2017-05-16 11:49:39 +01:00
Damian Mooyman
259f957ce8 API Rename services to match FQN of interface / classes 2017-05-16 14:15:49 +12:00
Aaron Carlino
7fa47e234f New API for minified files using injectable service 2017-05-11 10:14:16 +12:00
Ingo Schommer
da3236b0e7 Merge pull request #6887 from open-sausages/pulls/4.0/docs-calendar-year-format 
Doc dateformats with calendar year
 2017-05-09 23:07:25 +12:00
Ingo Schommer
0d9b383631 API Removed legacy form fields (fixes #6099) 2017-05-09 11:16:41 +12:00
Ingo Schommer
20e57e9dec Doc dateformats with calendar year 
https://github.com/silverstripe/silverstripe-framework/issues/3749
http://stackoverflow.com/questions/1978051/zend-datetostring-outputs-the-wrong-year-bug-in-my-code-or-zend-date
https://en.wikipedia.org/wiki/ISO_week_date#Disadvantages
 2017-05-08 22:08:14 +12:00
Sam Minnee
4c772c80c3 FIX: Show detailed errors on CLI for live environments 
API: Add HTTPOutputHandler::setCLIFormatter

Fixes https://github.com/silverstripe/silverstripe-framework/issues/6835

This provides detailed errors (but not warnings or notices) in CLI calls
on live environments.

It does this by adding a 2nd argument to our output handler,
CliFormatter. This formatter will be used when Director::is_cli() is
true.
 2017-05-01 15:28:48 +12:00
Chris Joe
430c7ad79a Merge pull request #6824 from micmania1/patch-13 
DOCS Corrected logger documentation
 2017-04-21 15:18:22 +12:00
Michael Strong
484e15807c DOCS Corrected logger documentation 2017-04-21 13:15:14 +12:00
Michael Strong
649dad526b DOCS Fixed namespace for factory 2017-04-21 10:54:21 +12:00
Damian Mooyman
2548bfba1e API Replace SS_HOST with SS_BASE_URL 
API Remove Director::$test_servers / $dev_servers
API Remove MODULES_PATH / MODULES_DIR constants
ENHANCEMENT Injector backtick syntax now supports environment variables as well as constants
Fixes #6588
 2017-04-20 22:28:57 +12:00
Aaron Carlino
fdd9ad6dbc MINOR: Add documentation for aggregate filters (#6796) 
* MINOR: Add documentation for aggregate filters

* Update 01_Data_Model_and_ORM.md

* Update 01_Data_Model_and_ORM.md
 2017-04-19 15:44:00 +12:00
Simon Gow
5f82997690 Secure Coding - Security Headers, Force HTTPS and Cookies 
- Amending best practices for secure coding to enforce HTTPS
- Add security headers to enforce HTTPS
- Ensure secure cookies are used.
- Added links for testing, changed documentation as part of peer review.
- Arrange headers to work with HTTP interface.
- fixed Cache-Control case
- Added reference to Secure Sessions.
- Replaced Cardinality with unique
- Fixed innacurate reference to decendant.
- Consistent spelling
- Databases over DBMSs
 2017-04-13 13:59:02 +12:00
Simon Gow
8d2a1ba8be Index documentation 
- updating index documentation to give a better description of how to improve performance with silverstripe applications
 2017-04-07 11:27:07 +12:00
Nic
091d355059 DOCS update example to use Config::modify 2017-04-04 19:18:23 -05:00
Ingo Schommer
5b2106ad8a Corrected i18n docs 2017-04-03 20:04:43 +12:00
Ingo Schommer
3b94d14e42 MERGE 2017-04-03 12:11:21 +12:00
Ingo Schommer
326aa37ea4 API HTML5 date/time fields, remove member prefs (fixes #6626) 2017-03-31 15:21:47 +13:00
Daniel Hensby
ac075eaf0b Remove TestListener and rely on PHPUnits APIs 2017-03-30 11:46:58 +13:00
Ingo Schommer
dfc0dec7b3 Require LICENSE in supported modules (no *.md) 
It's more standard to have this file in the webroot.
It's technically markdown compatible text (e.g. asterisk bullet points),
but there's not much point in rendering it via markdown.

If you use the Github "new repo" dialog, it'll create the file without
an extension, so that's pretty much considered the standard.
 2017-03-28 16:12:24 +13:00
Damian Mooyman
54ba08a306 API Replace ManifestCache with ManifestCacheFactory 
API Remove lots of deprecated module code from ClassManifest
 2017-03-21 09:43:48 +13:00
Damian Mooyman
ce14060913 API Apply default logger to all caches 
API Rename ‘Logger’ service name to ‘Psr\Log\LoggerInterface’
API DefaultCacheFactory constructor now takes an array of default arguments
 2017-03-15 15:31:24 +13:00
Jack O'Connor
100e9bf59c Correcting typo 2017-03-13 12:15:07 +00:00
Damian Mooyman
23b92c8187
Documentation and linting updates 2017-03-10 11:59:38 +13:00
Damian Mooyman
bf3383731d Upgrading guide for uploadfield 2017-03-09 13:33:00 +13:00
Christopher Joe
50deb17763 API remove UploadField, AssetField and associated files 
Fixes #6481
 2017-03-09 10:16:46 +13:00
Loz Calver
b9da55c8ab Merge pull request #6659 from robbieaverill/bugfix/quote-constants-in-yaml 
FIX Add quotes to constants in YAML to ensure syntax validity
 2017-02-28 09:19:22 +00:00
Robbie Averill
badf7d3a73 FIX Add quotes to constants in YAML to ensure syntax validity 2017-02-27 21:48:42 +13:00
Damian Mooyman
e2064b5cc8 Update config documentation 2017-02-27 16:54:01 +13:00
Ingo Schommer
d220ca3f67 API Use symfony/cache (fixes #6252) 2017-02-26 13:07:59 +13:00
Ingo Schommer
7e71ef7cb8 Document correct setlocale() use (fixes #6311) 2017-02-17 12:30:52 +13:00
Ingo Schommer
a9f2e9e73d Fixed DateFieldSeparated docs 2017-02-16 08:26:51 +13:00
Damian Mooyman
014f0d23ed
API Create SeparatedDateField 
API Restrict allowed values parsed via DBDate::setValue
API Remove NumericField_Readonly
API Remove DBTime::Nice12 / Nice24
 2017-02-15 11:07:58 +13:00
Damian Mooyman
029a8b9586
API Substitute Zend_Currency with NumberFormatter based solution 
API Substitute Zend_Locale with Locale / NumberFormatter
API Substitute Zend_Date with IntlDateFormatter
API Added DBTIme::Nice12, FormatFromSettings
API Added Short() method to DBDate / DBTime / DBDatetime
API Add Date::getTimestamp()
API Added setSubmittedValue api for FormField
API Add second arg to base FormField::setValue()
API Major refactor of i18n into component data parts
API Implement Resettable interface to reset objects between tests
ENHANCEMENT Changed DBField::create_field return type to `static` to support better type hinting
ENHANCEMENT i18nTextCollector supports __CLASS__
 2017-02-09 15:28:59 +13:00
Daniel Hensby
71383b827d
Merge branch '3' 2017-02-08 12:34:45 +00:00
Daniel Hensby
040ebdb66e DOCS Update routing docs to include FQCN in config 2017-02-03 17:06:02 +00:00
Damian Mooyman
8d5ff9b2fe Merge pull request #6583 from robbieaverill/bugfix/remove-theme-dir 
API Remove ViewableData::ThemeDir, update changelog to reflect suggested replacement
 2017-02-02 12:57:20 +13:00
Andrew Dover
0574cce1c6 Update 01_Syntax.md 
Fixed spelling mistake
 2017-02-02 12:26:30 +13:00
Daniel Hensby
8c8231c03e
NEW Director::host() to determine host name of site 2017-01-31 21:36:04 +00:00
Daniel Hensby
6e096f6172
DOCS Updated environment management docs to use .env file 2017-01-31 21:28:51 +00:00
Robbie Averill
da3db5ff3a DOCS Update Requirements to use the ThemeResourceLoader to find themed javascript and CSS 2017-01-31 17:00:13 +13:00
Robbie Averill
fa5370e4dd Update themes document for SS4 
* Remove module specific subthemes documentation as it's removed
* Added notes about cascading theme configuration
* Update links to Themes listing to point to addons
* Remove references to tarballs, and put composer publishing instructions in place instead
 2017-01-30 15:35:33 +13:00
Daniel Hensby
c81959cce0 Merge pull request #6558 from open-sausages/pulls/4.0/i18n-symfony 
API Replace i18n message localisation with symfony/translation
 2017-01-26 13:11:59 +00:00