Antony Thorpe
6348f2e3e8
Updated Form.php & 04_Form_Security.md
...
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting. In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf ) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]." The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)
).
Why not make this the default behaviour? Is there a scenario where this would cause a problem? Have manually tested in the CMS (alpha7) and is working fine.
Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8
.
2017-06-06 21:10:49 +12:00
Ed Linklater
f007fca51f
Docs: Correct Stevie's name on committers page
2017-05-31 12:27:06 +12:00
Damian Mooyman
e7d87add9f
API Remove legacy HTMLEditor classes
2017-05-30 11:01:28 +12:00
Nick
318b0248b7
Update 05_Dataobject_Relationship_Management.md
...
Correct a naffed up code block and a typo
2017-05-29 20:54:50 +12:00
Aaron Carlino
06615e3d76
Resample doc images for react di
2017-05-26 11:08:07 +12:00
Chris Joe
5ec8d40c19
Merge pull request #6957 from open-sausages/pulls/4/react-di-documentation
...
Docs for React DI
2017-05-26 10:59:42 +12:00
Daniel Hensby
893f19a5ea
DOCS Updating index definition examples
2017-05-25 23:29:12 +01:00
Aaron Carlino
bfc373cf0f
update docs with new api
2017-05-25 16:34:32 +12:00
Aaron Carlino
75981989b0
Docs for React DI
2017-05-25 14:58:55 +12:00
Christopher Joe
e327bf3c70
Enhancement add contribution notes about releasing to NPM
2017-05-24 17:07:05 +12:00
Damian Mooyman
fba8e2c245
API Remove Object class
...
API DataObjectSchema::manyManyComponent() return array is now associative array
2017-05-23 13:50:35 +12:00
Damian Mooyman
2aa3b5d5fa
Merge pull request #6934 from robbieaverill/pulls/4.0/consistent-instance-method
...
API Consistent use of inst() naming across framework
2017-05-22 11:57:20 +12:00
Damian Mooyman
4197090e11
Merge pull request #6940 from kinglozzer/randomgenerator
...
Only use random_bytes() for RandomGenerator (closes #6397 )
2017-05-22 10:29:55 +12:00
Loz Calver
e653e90997
Only use random_bytes() for RandomGenerator ( closes #6397 )
2017-05-19 11:18:56 +01:00
Robbie Averill
f2cbe86f03
Remove CustomMethods::createMethod and create_function implementations, replace with closures
2017-05-19 15:56:44 +12:00
Robbie Averill
ad43a82923
API Consistent use of inst() naming across framework
2017-05-19 14:38:06 +12:00
Ingo Schommer
100048da33
API PSR-11 compliance ( fixes #6594 ) ( #6931 )
...
Note that our usage of `$asSingleton` in `get()` is fine. Quote from the PSR:
> Two successive calls to get with the same identifier SHOULD return the same value. However, depending on the implementor design and/or user configuration, different values might be returned, so user SHOULD NOT rely on getting the same value on 2 successive calls.
2017-05-19 13:45:07 +12:00
Loz Calver
471166c15e
Merge pull request #6169 from open-sausages/pulls/4.0/duplicate-manymany-option
...
API Duplication of many_many relationships now defaults to many_many only
2017-05-17 09:31:09 +01:00
Damian Mooyman
f5f6fdce12
API Duplication of many_many relationships now defaults to many_many only
...
Fixes https://github.com/silverstripe/silverstripe-cms/issues/1453
2017-05-16 23:26:39 +12:00
Colm McBarron
8666d4abb2
Update YAML format to use namespace
2017-05-16 11:49:39 +01:00
Damian Mooyman
259f957ce8
API Rename services to match FQN of interface / classes
2017-05-16 14:15:49 +12:00
Damian Mooyman
0b70b008b3
API Implement InheritedPermission calculator ( #6877 )
...
* API Implement InheritedPermission calculator
* API Rename RootPermissions to DefaultPermissionChecker
API Refactor inherited permission fields into InheritedPermissionExtension
API Introduce PermissionChecker interface
2017-05-11 21:07:27 +12:00
Aaron Carlino
7fa47e234f
New API for minified files using injectable service
2017-05-11 10:14:16 +12:00
Ingo Schommer
da3236b0e7
Merge pull request #6887 from open-sausages/pulls/4.0/docs-calendar-year-format
...
Doc dateformats with calendar year
2017-05-09 23:07:25 +12:00
Sam Minnée
33119a1f36
Merge branch 'master' into pulls/4.0/remove-deprecated-methods
2017-05-09 15:31:53 +12:00
Ingo Schommer
7c2f49d443
API Removed RootURLController:set_default_homepage_link()
2017-05-09 11:38:35 +12:00
Ingo Schommer
cec983b628
API Removed deprecated ModelAsController::find_old_page()
2017-05-09 11:38:35 +12:00
Ingo Schommer
5784a7d2d7
API Removed deprecated Security::set_login_recording()
2017-05-09 11:38:35 +12:00
Ingo Schommer
2a7c76e9e9
API Removed deprecated DatabaseAdmin#clearAllData()
2017-05-09 11:38:35 +12:00
Ingo Schommer
81e5c7ac40
API Removed deprecated Session::set_config()
2017-05-09 11:38:35 +12:00
Ingo Schommer
1d438d3fb5
API Remove deprecated FormAction::createTag()
2017-05-09 11:38:35 +12:00
Ingo Schommer
0d9b383631
API Removed legacy form fields ( fixes #6099 )
2017-05-09 11:16:41 +12:00
Ingo Schommer
20e57e9dec
Doc dateformats with calendar year
...
https://github.com/silverstripe/silverstripe-framework/issues/3749
http://stackoverflow.com/questions/1978051/zend-datetostring-outputs-the-wrong-year-bug-in-my-code-or-zend-date
https://en.wikipedia.org/wiki/ISO_week_date#Disadvantages
2017-05-08 22:08:14 +12:00
Damian Mooyman
942c0257b7
API Upgrade to behat 3
2017-05-05 14:32:07 +12:00
Damian Mooyman
edcb46bd3a
Merge pull request #6836 from sminnee/cli-error-fix
...
FIX: Show detailed errors on CLI for live environments
2017-05-03 15:49:09 +12:00
Aaron Carlino
dd7777321f
Added 4.0.0-alpha7 changelog
2017-05-02 13:16:17 +12:00
Sam Minnee
4c772c80c3
FIX: Show detailed errors on CLI for live environments
...
API: Add HTTPOutputHandler::setCLIFormatter
Fixes https://github.com/silverstripe/silverstripe-framework/issues/6835
This provides detailed errors (but not warnings or notices) in CLI calls
on live environments.
It does this by adding a 2nd argument to our output handler,
CliFormatter. This formatter will be used when Director::is_cli() is
true.
2017-05-01 15:28:48 +12:00
Damian Mooyman
61388b153f
API Rewrite Date and Time fields to support HTML5
2017-04-28 10:06:37 +12:00
Ingo Schommer
a73abbfcb8
unit test cleanup
2017-04-27 09:18:38 +12:00
Ingo Schommer
1ec2abe75f
Fixed timezone and normalised ISO handling
...
A few observations:
- ISO says “T” is optional (https://en.wikipedia.org/wiki/ISO_8601#cite_note-21 ),
- WHATWG says in the HTML5 spec that it’s optional (https://html.spec.whatwg.org/multipage/infrastructure.html#local-dates-and-times )
- W3C says it’s reqiured in 1997 (https://www.w3.org/TR/NOTE-datetime ), but then later says it’s optional in its HTML5 spec (https://www.w3.org/TR/html5/infrastructure.html#floating-dates-and-times ).
- Chrome doesn’t parse values with whitespace separators (requires "T")
- DataObject DBDatetime values and database columns use whitespace separators (and will have many devs relying on this format)
- MySQL only supports whitespace separators (https://dev.mysql.com/doc/refman/5.7/en/datetime.html )
- SQLite can parse both ways (https://sqlite.org/lang_datefunc.html )
So the goal here is to retain ORM/database compatibility with 3.x (whitespace separator),
while exposing "T" separators to the browser in HTML5 mode.
Regarding timezones, this fixes a regression where setValue() would not actually
apply the timezone (last $value assignment is ineffective now that sub fields are removed).
2017-04-26 22:55:29 +12:00
Saophalkun Ponlu
507add8566
Update changelogs
2017-04-26 22:45:07 +12:00
Robbie Averill
0391596786
DOCS Remove tabs from JSON examples to fix code blocks
2017-04-23 21:14:12 +12:00
Simon Erkelens
ff3ad6eb6b
Use Config
for authenticator settings
2017-04-22 14:48:56 +12:00
Damian Mooyman
c21f71405f
Merge pull request #6823 from open-sausages/pulls/4.0/remove-TeamCityListener
...
Removed TeamCityListener
2017-04-21 15:56:20 +12:00
Damian Mooyman
629465584e
Merge pull request #6825 from open-sausages/pulls/4.0/skip-without-phpunit
...
Don't fail dev/build without phpunit
2017-04-21 15:38:22 +12:00
Chris Joe
430c7ad79a
Merge pull request #6824 from micmania1/patch-13
...
DOCS Corrected logger documentation
2017-04-21 15:18:22 +12:00
Ingo Schommer
0a55ff9f8c
API Remove SapphireTestReporter and CliTestReporter
...
Was missed from the removal of PHPUnitWrapper:
a16588aac3
Original reason for this: Don't fail dev/build without phpunit
When you install a SilverStripe project with "composer install --no-dev",
the PHPUnit dependency gets skipped. Which means the PHPUnit_Framework_TestListener
interface doesn't exist. The SilverStripe Classloader might still include
SapphireTestReporter which relies on this interface, which then breaks execution.
SS3 fixed this by NOT defining the class in the first place.
This has been removed in 2fdc96a0de (diff-82b3f89e8e5ae090c93e9c3a2ba8aa36L3)
,
as part of a PHPUnit version upgrade - but without an apparent fix to replace this.
2017-04-21 15:11:59 +12:00
Michael Strong
484e15807c
DOCS Corrected logger documentation
2017-04-21 13:15:14 +12:00
Ingo Schommer
60e4c011de
Removed TeamCityListener
2017-04-21 12:13:13 +12:00
Michael Strong
649dad526b
DOCS Fixed namespace for factory
2017-04-21 10:54:21 +12:00