Commit Graph

23 Commits

Author SHA1 Message Date
Serge Latyntcev
ca56e8d78e [CVE-2019-12246] Denial of Service on flush and development URL tools 2019-06-10 17:23:56 +12:00
Damian Mooyman
6b68495c0d
Rename ETagMiddleware to ChangeDetectionMiddleware 2018-06-14 11:16:52 +12:00
Damian Mooyman
687d0a6af1
Refactor everything out of HTTP and into separate middlewares 2018-06-13 17:56:47 +12:00
Damian Mooyman
aa1ba0ef90
Fix inverted condition
Remove unnecessary yml block
Deprecate HTTP::set_cache_age()
2018-06-13 13:56:47 +12:00
Damian Mooyman
76bf2ab21a WIP of cache middlware 2018-06-13 11:33:45 +12:00
Damian Mooyman
9d3277f3d3
BUG Fix forceWWW and forceSSL not working in _config.php
API Introduce CanonicalURLMiddleware
BUG Fix Director::makeRelative() failing on multi-domain sites
2017-10-30 14:42:36 +13:00
Damian Mooyman
3a7c8fd0d7
Adjust YML conditionals 2017-09-28 09:15:00 +13:00
Daniel Hensby
51ac297c59
Fixes to ratelimiter and new features 2017-09-27 14:44:38 +01:00
Daniel Hensby
04b1bb816e
NEW RateLimiter for Security controller 2017-09-14 14:23:36 +01:00
Andrew Aitken-Fincham
dc240ce7f3 FIX use correct namespaces for middleware injection 2017-09-06 17:04:31 +01:00
Damian Mooyman
0681567102 BUG Fix flushing on live mode (#7241)
* BUG Fix flushing on live mode
Fixes #7217

* Clarify injector service documentation
2017-08-07 13:53:23 +12:00
Daniel Hensby
5bf9ccc235
FIX Deprecated yml syntax 2017-07-21 15:41:44 +01:00
Damian Mooyman
f65e3627dc
BUG Implement or exclude all pending upgrader deltas 2017-07-03 12:21:47 +12:00
Damian Mooyman
d20ab50f9d API Stronger Injector service unregistration
BUG Fix up test regressions
FIX director references to request object
API Move all middlewares to common namespace
API Implement RequestHandlerMiddlewareAdapter
ENHANCEMENT Improve IP address parsing
Fix up PHPDoc / psr2 linting
BUG Fix property parsing in TrustedProxyMiddleware
BUG Fix Director::is_https()
2017-06-27 13:32:39 +12:00
Sam Minnee
69fe166897 API: Director::handleRequest() is no longer static - use a Director service
NEW: Add HTMLMiddlewareAware trait to HTTPApplication, Director, and RequestHandler
NEW: Allow service specs to be passed to Director rules.

This refactor of the controller middlewares takes a service definition
approach rather than a static-method-and-config approach that Director
historically had.

The use of a trait for middleware means that the Middlewares array
property can be defined on RequestHandler, Director, and HTTPApplication
objects in the same way.
2017-06-27 13:32:39 +12:00
Sam Minnee
ccc86306b6 NEW: Add TrustedProxyMiddleware
API: SS_TRUSTED_PROXY_HOST_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_PROTOCOL_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_IP_HEADER replace with middleware config
API: Front-End-Https = “on” header no longer supported

This middleware replaces the TRUSTED_PROXY setting and shifts its
configuration out of the env vars and bootstrap and into the Director
flow.
2017-06-27 13:32:39 +12:00
Sam Minnee
72a7655e95 NEW: Moved allowed-hosts checking to a middleware. 2017-06-27 13:32:39 +12:00
Sam Minnee
db080c0603 NEW: Move session activation to SessionMiddleware. 2017-06-27 13:32:39 +12:00
Sam Minnee
e855622890 NEW: Replace FlushRequestFilter with FlushMiddleware 2017-06-27 13:32:39 +12:00
Damian Mooyman
ac3a9c9e6e API Split out SilverStripe\ORM\Versioned into new module 2017-03-27 11:03:39 +13:00
Damian Mooyman
8dd644d25d
API Namespace all classes
Namespace all templates
Move difflib and BBCodeParser2 to thirdparty
Remove deprecated API marked for removal in 4.0
2016-09-08 10:23:17 +12:00
Sean Harvey
2b316e79e5 NEW Provide a consistent way of triggering flush
Provides an interface for classes to implement their own flush()
functionality. This function gets called early in a request on
all implementations of Flushable when flush=1|all is requested in the
URL.

This fix came out of an issue where Requirements combined files were not
being cleaned up after dev/build?flush=1, due to the fact that flush
would only occur when you called it while on a page that used those
combined files, but not in any other contexts. This will now call flush
on any implementors of Flushable regardless of the context of where
flush was called.
2014-08-22 09:24:27 +12:00
Andrew Short
156bb87d57 FIX: Move stage choosing into a pre-request filter.
This ensures that the correct stage is selected, even if the request
does not come through the model as controller system. This fixes an
issue where custom controllers would always be on the "Stage" stage.
2013-10-23 18:29:13 +13:00