Commit Graph

1155 Commits

Author SHA1 Message Date
Chris Joe
4ad9ceca6b
Merge pull request #7702 from open-sausages/pulls/4/fix-message-casting-permissions
BUG Fix message casting for html security messages
2017-12-18 15:43:35 +13:00
Damian Mooyman
d9d1e13735
Merge pull request #7707 from gorriecoe/Requirements-javascriptTemplate-ModuleResourceLoader
FIX: Added ModuleResourceLoader to javascriptTemplate
2017-12-18 14:27:32 +13:00
Damian Mooyman
623daed5ab
Merge pull request #6472 from silbinarywolf/feat-fieldlist-nestedfields
feat(FieldList): Add nestedFields() function to return a flat array of all deeply nested fields in a FieldList.
2017-12-18 13:43:36 +13:00
Chris Joe
a892eae4f6
Merge pull request #7705 from open-sausages/pulls/4.0/director-mock-request
BUG Fix incorrect BASE_DIR inferred in CLI
2017-12-18 09:22:11 +13:00
Reece Alexander
9c91e9820e
Returns chainability in setValue from parent 2017-12-17 17:21:42 +10:00
Robbie Averill
cd9695eda9
Merge pull request #7695 from open-sausages/pulls/4/versions-of-atlantis
Update framework docs / phpdoc for versioning changes
2017-12-17 16:33:59 +13:00
Robbie Averill
ea8ed5067d FIX Allow Requirements::block to handle module resource paths 2017-12-17 16:09:22 +13:00
Damian Mooyman
c5bd9bb424
BUG Fix incorrect BASE_DIR inferred in CLI
BUG Fix Director::mockRequest() mocking incorrect $url
Fixes #7689
2017-12-15 17:20:48 +13:00
Raissa North
369653b5df FIX Ensure last GridField column when non sortable has its title displayed 2017-12-15 16:45:46 +13:00
Gorrie Coe
ef74911922 Added ModuleResourceLoader to javascriptTemplate 2017-12-15 11:20:20 +13:00
Daniel Hensby
e4bf9a31ed
Merge branch '4.0' into 4 2017-12-14 21:20:11 +00:00
Daniel Hensby
1c72d6946d
Merge branch '3.6' into 4.0 2017-12-14 21:01:35 +00:00
Jake Bentvelzen
da9c133c1b
ENHANCEMENT Add flattenFields() function to iterate over all deeply nested fields in a form 2017-12-14 14:23:00 +00:00
Damian Mooyman
9170220d2c API Add onAfterSave extension point to GridFieldDetailForm_ItemRequest 2017-12-14 15:08:32 +13:00
Damian Mooyman
a50fd009ca Update PHPDoc 2017-12-14 15:08:32 +13:00
Damian Mooyman
140ed72e2a
BUG Fix message casting for html security messages 2017-12-14 14:49:58 +13:00
Damian Mooyman
529e341dbc
Merge pull request #7699 from open-sausages/pulls/4/html-in-security-msg
ENHANCEMENT Allow html in security failure message
2017-12-14 14:30:09 +13:00
Damian Mooyman
1c8576cee7
Linting cleanup 2017-12-14 14:18:41 +13:00
Damian Mooyman
ed6561d9f5
BUG Fix incorrect merge of associative / non-associative summary fields
Fixes #7696
2017-12-14 14:17:19 +13:00
Damian Mooyman
8b1b9f022b
Fix linting issues 2017-12-14 13:50:52 +13:00
Saophalkun Ponlu
31e04c8491 ENHANCEMENT Allow html in security failure message 2017-12-13 17:10:16 +13:00
Damian Mooyman
a2fa9f0943
Merge pull request #7694 from creative-commoners/pulls/4.0/injection-session
FIX Use Injector to retrieve the current session
2017-12-12 16:47:36 +13:00
Robbie Averill
eb6c1fc6de FIX Allow the current controller as well as injectable HTTPRequest objects 2017-12-12 16:35:53 +13:00
Robbie Averill
097d0697c5 FIX Use Injector to retrieve the current session 2017-12-12 16:03:16 +13:00
Damian Mooyman
2391af5ba7
Fix literal linting 2017-12-12 09:22:18 +13:00
Damian Mooyman
33b2d50d59
Cache warming in InheritedPermissions::getCachePermissions()
Simplify Group::Members() code
Remove cms-only config
2017-12-12 09:01:43 +13:00
Loz Calver
0e1753f33d FIX: Only show table_name warning on dev/build 2017-12-11 17:33:39 +00:00
Aaron Carlino
2be902ef2f Adapt to new MemberCacheFlusher interface 2017-12-11 17:50:11 +13:00
Aaron Carlino
45999e1133 Revisions per robbieaverill 2017-12-11 17:50:11 +13:00
Aaron Carlino
aefb0aeaa8 Make InheritedPermissions use cache and implement cache flushing 2017-12-11 17:50:11 +13:00
Damian Mooyman
ee27329728 Minor linting / style updates 2017-12-11 16:46:59 +13:00
Aaron Carlino
8b429bf47b update docblock 2017-12-11 16:46:59 +13:00
Aaron Carlino
86458941be Refactor to MemberCacheFlusher 2017-12-11 16:46:59 +13:00
Aaron Carlino
4857816c9e Revisions per robbieaverill 2017-12-11 16:46:59 +13:00
Aaron Carlino
eecb9f64d3 Add new InheritedPermissionFlusher extension, CacheFlusher service 2017-12-11 16:46:59 +13:00
Damian Mooyman
71c80d3762
Merge remote-tracking branch 'origin/4.0' into 4 2017-12-11 14:09:41 +13:00
Damian Mooyman
eba6129c07
Merge pull request #7677 from open-sausages/pulls/4/textarea-maxlength
Enable max length for textarea field
2017-12-11 10:34:29 +13:00
Damian Mooyman
69decdf3a4
BUG Don't warn on table name for classes without tables
Fixes #7686
2017-12-11 09:55:57 +13:00
Damian Mooyman
627b496379
Fix linting issue 2017-12-11 09:00:04 +13:00
Saophalkun Ponlu
381ad756f2 Fix tests 2017-12-08 09:58:52 +13:00
Damian Mooyman
6b384f4b35
Merge branch '4.0' into 4 2017-12-07 13:52:00 +13:00
Saophalkun Ponlu
442f2bb762 Enable max length for textarea field 2017-12-07 12:52:28 +13:00
Damian Mooyman
286271a1e1
Merge pull request #56 from silverstripe-security/pulls/4.0/ss-2017-009
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt (4.0 branch)
2017-12-06 18:22:47 +13:00
Damian Mooyman
b46b858847
Merge pull request #48 from silverstripe-security/pulls/4.0/fix-install-redacting
[SS-2017-010] Prevent install.php from disclosing system passwords
2017-12-06 18:22:36 +13:00
Damian Mooyman
e45921b293
Merge pull request #46 from silverstripe-security/pulls/4.0/escape-limit-args
[SS-2017-008] Fix SQL injection in full text search (4.0 branch)
2017-12-06 18:22:24 +13:00
Damian Mooyman
99e772b361
Merge pull request #51 from silverstripe-security/pulls/4.0/ss-2017-007
[ss-2017-007] Ensure xls formulae are safely sanitised on output (4.0)
2017-12-06 18:22:11 +13:00
Chris Joe
0e8d288240
Merge pull request #7667 from open-sausages/pulls/4.0/better-tinymce-locales
BUG Ensure that all tinymce_lang mappings are valid
2017-12-06 11:24:02 +13:00
Damian Mooyman
d290eee217
Merge pull request #7668 from kinglozzer/getviewertemplates
NEW: Add ViewableData::getViewerTemplates()
2017-12-06 11:22:53 +13:00
Damian Mooyman
01b48e2dd7
Merge pull request #7670 from kinglozzer/dataobject-schema-ancestry
FIX: Remove some unnecessary ClassInfo calls in DataObjectSchema
2017-12-06 11:02:49 +13:00
Loz Calver
91bd92df31 FIX: Remove some unnecessary ClassInfo calls in DataObjectSchema 2017-12-05 12:23:10 +00:00
Daniel Hensby
eb55c27124
Merge branch '4.0' into 4 2017-12-05 12:14:22 +00:00
Loz Calver
259ae3f78b NEW: Add ViewableData::getViewerTemplates()
Forms part of the fix for silverstripe/silverstripe-cms#2039
2017-12-05 09:13:28 +00:00
Russell Maclean
3a4c6705c1 Fix db autodiscover comment on loading behavior. 2017-12-02 10:52:49 +10:30
Damian Mooyman
69295a6e22
BUG Ensure that all tinymce_lang mappings are valid 2017-12-01 15:00:39 +13:00
Damian Mooyman
cfe1d4f481
[ss-2017-007] Ensure xls formulae are safely sanitised on output
CSVParser now strips leading tabs on cells
2017-12-01 10:24:49 +13:00
Damian Mooyman
f1dd3d6f03
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt 2017-11-30 17:00:49 +13:00
Thomas Portelange
e729cd2c37
TinyMCE lang is fr_FR for all French languages
"fr" is not a valid tiny mce lang

https://www.tinymce.com/docs/configure/localization/

having "fr" as it is currently prevents loading the language file
2017-11-29 12:54:27 +01:00
Damian Mooyman
9666222637
BUG Fix _configure_database.php being ignored
Fixes #7590
2017-11-29 12:01:24 +13:00
Damian Mooyman
5bfc0c43eb
Merge pull request #7648 from creative-commoners/pulls/4.0/support-some-class-collection
FIX Support self::class text collection
2017-11-29 11:37:06 +13:00
Damian Mooyman
c23d1f3f99
Merge pull request #7649 from kinglozzer/logout-backurl
FIX: Restore BackURL preservation on log out (closes #7636)
2017-11-29 11:31:57 +13:00
Damian Mooyman
62eb531164
Merge pull request #7641 from Sil3ntStorm/patch/display_errors
Reintroduce checking against original php.ini values.
2017-11-28 17:36:50 +13:00
Damian Mooyman
2fe59680e3
Merge pull request #7620 from open-sausages/pulls/4.0/its-too-big-to-fit
BUG Added warning for auto-generated table_name
2017-11-28 09:42:12 +13:00
Loz Calver
c4b366828e FIX: Restore BackURL preservation on log out (closes #7636) 2017-11-27 16:15:28 +00:00
Daniel Hensby
8c4822edd3
Merge pull request #7643 from open-sausages/pulls/4.0/portugal
ENHANCEMENT Promote portugese (portugal) as primary locale
2017-11-27 13:29:38 +00:00
Robbie Averill
b7ea05900e FIX Support self::class text collection 2017-11-27 23:20:29 +13:00
Christopher Joe
cc72b5c852 BUG Added warning for auto-generated table_name for non-test classes 2017-11-27 20:22:37 +13:00
Damian Mooyman
7a79cd039a
[SS-2017-010] Prevent install.php from disclosing system passwords 2017-11-27 18:15:53 +13:00
Damian Mooyman
6e7fb4747e
Restore legacy $ThemeDir support 2017-11-27 15:24:40 +13:00
Damian Mooyman
33a39666ba
ENHANCEMENT Promote portugese (portugal) as primary locale
Fixes #6561
2017-11-27 14:52:51 +13:00
Simon Erkelens
0987003053 Add the ability to redirect a user to a custom page with custom content after changing their password 2017-11-27 14:18:40 +13:00
Sil3ntStorm
0b879d690a
Reintroduce checking against original php.ini values.
Seems to have been accidentally removed in 806ffb934e

Fixes https://github.com/silverstripe/silverstripe-installer/issues/211
2017-11-26 01:36:40 +01:00
Daniel Hensby
0ceb4cfa18
Merge branch '3' into 4 2017-11-25 17:34:24 +00:00
Daniel Hensby
6d5cbe0a0e
Merge branch '4.0' into 4 2017-11-25 17:19:31 +00:00
Daniel Hensby
07a0f75426
Merge branch '3.6' into 4.0 2017-11-25 16:56:50 +00:00
Daniel Hensby
333ecc201c
Merge pull request #7583 from open-sausages/pulls/4/relation-object-navigation
BUG Ensure relObject() safely bails on empty objects
2017-11-23 12:48:57 +00:00
Andrew Aitken-Fincham
3620e57b5b check for apc.enable_cli when running from CLI 2017-11-22 08:50:20 +00:00
Christopher Joe
2b6b877327 Merge branch '4.0' of https://github.com/silverstripe/silverstripe-framework into 4 2017-11-21 15:08:30 +13:00
Damian Mooyman
099a5a3c2d
[SS-2017-008] Fix SQL injection in full text search 2017-11-20 16:53:44 +13:00
Chris Joe
d8ca223e15
Merge pull request #7605 from open-sausages/pulls/4.0/fix-enum-defaults
BUG Fix DBEnum ignoring empty defaults
2017-11-20 11:32:45 +13:00
Damian Mooyman
cbf9e40115
BUG Fix postgres / PDO support 2017-11-17 12:35:55 +13:00
Damian Mooyman
ef58799103
BUG Fix DBEnum ignoring empty defaults
FIxes #7582
2017-11-17 12:35:39 +13:00
Christopher Joe
2bc7edbf47 BUG Fix don't treat zero-date as invalid 2017-11-16 13:30:15 +13:00
Damian Mooyman
6a6cf2f9eb ENHANCEMENT Raise warning if DBField::create_field() would behave unpredictably and improve PHPDoc 2017-11-16 12:55:31 +13:00
Damian Mooyman
c7ab5846df
ENHANCEMENT Don't infer trace if explicitly provided
Requires https://github.com/Seldaek/monolog/pull/1080
2017-11-16 11:03:01 +13:00
Damian Mooyman
eae3d0cfaa
Merge remote-tracking branch 'origin/4.0' into 4 2017-11-16 10:16:44 +13:00
Chris Joe
bbc95eacff
Merge pull request #7600 from open-sausages/pulls/4/dbclassname-base
API Add getShortName to DBClassName
2017-11-15 21:36:21 +13:00
Chris Joe
e78fe401e6
Merge pull request #7601 from open-sausages/pulls/4.0/ensure-assets-writable
ENHANCEMENT Ensure that non-writable assets files are notified during install
2017-11-15 16:37:03 +13:00
Chris Joe
bee3c404fa
Merge pull request #7545 from open-sausages/pulls/4.0/deprecated-each
BUG Remove usage of deprecated each() and use a helper method instead
2017-11-15 16:30:20 +13:00
Damian Mooyman
c9921447b3
Merge pull request #7539 from colintucker/fix-broken-paginated-list
Fixed array/object mismatch bug in PaginatedList
2017-11-15 15:17:15 +13:00
Damian Mooyman
ba86a1dce9
Merge pull request #7595 from andrewandante/pulls/sanitise_select_tag_4
sanitise select tag in DropdownField Docblock
2017-11-15 14:17:55 +13:00
Damian Mooyman
8b063026f0
ENHANCEMENT Ensure that non-writable assets files are notified during install
Fixes #7580
2017-11-15 13:30:19 +13:00
Damian Mooyman
f863573d1c
API Add getShortName to DBClassName
Fixes #7586
2017-11-15 11:27:58 +13:00
Daniel Hensby
cf321895ba
Merge branch '4.0' into 4 2017-11-14 13:24:15 +00:00
Andrew Aitken-Fincham
3274f29c00 sanitise more docblocks 2017-11-14 10:02:24 +00:00
Andrew Aitken-Fincham
25d8795c70 sanitise FormField docblock 2017-11-14 09:52:06 +00:00
Andrew Aitken-Fincham
6cfb0a3d86 sanitise ListboxField docblock 2017-11-14 09:47:39 +00:00
Andrew Aitken-Fincham
e5b3f82f8c sanitise select tag in DropdownField Docblock 2017-11-14 08:17:39 +00:00
Damian Mooyman
ba2c5b48f7
BUG Ensure relObject() safely bails on empty objects
BUG Remove assignment of IDs to singletons
API relation methods can take an optional $id parameter to get relations from specific parents
API Added UnsavedRelationList::relation() method
2017-11-10 15:27:02 +13:00
Russell Michell
bf20d59cb8 FIX: Fixes SapphireTest masking userland coding errors. 2017-11-09 15:39:20 +13:00
Damian Mooyman
f1865cc798
Merge pull request #7557 from sminnee/fix-1396
FIX: Fix ContextSummary behaviour with UTF8 chars
2017-11-09 13:40:43 +13:00
Damian Mooyman
7f27840926
Merge pull request #7573 from dhensby/pulls/4.0/required-fields-docblock
DOCS Improve return tags for requiredfields class
2017-11-09 13:39:15 +13:00
Daniel Hensby
6139de8680
FIX Make sure plain parts are rendered when re-rendering emails 2017-11-08 15:32:51 +00:00
Daniel Hensby
2f9fae32c1
DOCS Improve return tags for requiredfields class 2017-11-08 15:29:15 +00:00
Damian Mooyman
1284ee86d8
Merge remote-tracking branch 'origin/4.0' into 4 2017-11-08 15:29:26 +13:00
Damian Mooyman
8497b9e1e6
BUG Disable directory index with missing slash 2017-11-08 12:12:10 +13:00
Reece Alexander
642cbdafc8 API Allow an array as a param to makeFieldReadOnly() 2017-11-07 15:51:13 +13:00
Colin Tucker
f952ef747b
Fixed array/object mismatch bug in PaginatedList 2017-11-06 11:23:41 +00:00
Sam Minnee
d8b4ca91d9 FIX: Fix ContextSummary behaviour with UTF8 chars
Fixes https://github.com/silverstripe/silverstripe-framework/issues/1396

Ensure that DBTextTest has UTF8 test cases
2017-11-06 12:09:08 +13:00
Damian Mooyman
420041f2b6
Merge remote-tracking branch 'origin/4.0' into 4 2017-11-03 17:04:44 +13:00
Damian Mooyman
1929ec46bb
BUG Prevent logOut() from clearing site stage during bootstrapping due to flushed session 2017-11-03 16:22:11 +13:00
Chris Joe
38f7f87661
Merge pull request #7552 from dhensby/pulls/4.0/session-destroy-on-logout
FIX Sessions must be destroyed on logout
2017-11-03 14:50:48 +13:00
Damian Mooyman
cf381ddf51
Merge pull request #7550 from zanderwar/patch-3
Added missing @deprecated tags
2017-11-03 12:13:33 +13:00
Damian Mooyman
6a73466b41 BUG Fix basicauth 2017-11-03 12:08:38 +13:00
Damian Mooyman
ad36b8f6a9 Use restart instead of destroy 2017-11-03 12:08:38 +13:00
Daniel Hensby
a61ce077c6 FIX Sessions must be destroyed on logout 2017-11-03 12:08:38 +13:00
Damian Mooyman
3298cf061b
Merge pull request #7543 from zanderwar/patch-1
Allow chain-ability on adding and removing fields
2017-11-03 11:15:51 +13:00
Jay Devlin
af9caa4e51 Warn if theme.yml isn't writeable 2017-11-02 11:34:36 +01:00
Reece Alexander
9c836c0d3d
Added missing @deprecated tags
This PR just adds a couple of @deprecated tags where they were missing, where IDE's like PHPStorm immediately alert the user that it's deprecated.
2017-11-02 20:28:01 +13:00
Damian Mooyman
0b3ed7ff15
Merge 4.0 -> 4 2017-11-02 16:52:05 +13:00
Chris Joe
49ca45f6d9
Merge pull request #7548 from open-sausages/pulls/4.0/guzzle-dep
BUG Use parse_str in place of guzzle library
2017-11-02 14:37:02 +13:00
Damian Mooyman
df50c8da03
BUG Use parse_str in place of guzzle library
Fixes #7540
2017-11-02 11:52:39 +13:00
Robbie Averill
897cba55cb FIX Move Member log out extension points to non-deprecated methods 2017-11-02 11:39:02 +13:00
Chris Joe
cd55a039e7
Merge pull request #7520 from open-sausages/pulls/4.0/config-redirect-works
API / BUG - Introduce new request resolver middleware and fix broken forceWWW / forceSSL
2017-11-02 10:01:58 +13:00
Damian Mooyman
5bc4f3d1fc
BUG Remove usage of deprecated each() and use a helper method instead 2017-11-01 16:04:35 +13:00
zanderwar
91f1a58018 ENHANCEMENT: Allow chain-ability on adding and removing fields 2017-11-01 14:24:21 +13:00
Damian Mooyman
0c178f934d
ENHANCEMENT Adjust tinymce footer, remove branding and restore path
FIxes #294
2017-10-31 12:12:59 +13:00
Damian Mooyman
3c8848a090
Update code style and fix tests 2017-10-30 17:34:15 +13:00
Damian Mooyman
9d3277f3d3
BUG Fix forceWWW and forceSSL not working in _config.php
API Introduce CanonicalURLMiddleware
BUG Fix Director::makeRelative() failing on multi-domain sites
2017-10-30 14:42:36 +13:00
Christopher Joe
f6b7cf8889 Feature disable current user from removing their admin permission 2017-10-30 12:34:06 +13:00
Oly Su
4d85da179f 291 checks if ->value is iterable 2017-10-27 10:46:20 +13:00
Damian Mooyman
324bdad48c
ENHANCEMENT Ensure DBVarchar scaffolds text field with TextField with appropriate max length
Fixes #1413
2017-10-26 16:21:51 +13:00
Damian Mooyman
68c3279fd9
BUG Ensure readonly tree dropdown is safely encoded
Removed legacy entwine dead code
Added soft-deprecation to label field
2017-10-26 13:04:30 +13:00
Robbie Averill
da4989e8f6 FIX Do not escape the readonly values since they get escaped when rendered 2017-10-25 17:36:54 +13:00
Damian Mooyman
29af6dbafd
Merge remote-tracking branch 'origin/4.0' into 4 2017-10-25 16:59:19 +13:00
Damian Mooyman
97f9eddf90
Warn if env isn't writable 2017-10-25 15:07:35 +13:00
Damian Mooyman
2f82d08460
BUG Fix env loading in installer 2017-10-25 14:06:57 +13:00
Damian Mooyman
ff992de231 Merge pull request #7493 from kinglozzer/require-me-some-isolation
FIX: Use isolated scope when requiring files for module activation
2017-10-24 14:19:37 +13:00
Dylan Wagstaff
7c354525fb Remove dead code from GridFieldDetailForm
There is no action for 'autocomplete', there is no method 'handleAutocomplete', and out of the box there is no extension that applies it.
Manually testing the URL that would take us through such a handler does not give an exception about missing details from the URI (such as a required query string), but instead gives us an exception on there not being a handler for such.
`[Emergency] Uncaught BadMethodCallException: Object->__call(): the method 'handleAutocomplete' does not exist on 'SilverStripe\Forms\GridField\GridFieldDetailForm'`
@ e.g. `http://localhost/admin/pages/edit/EditForm/1/field/ElementalArea/autocomplete`.

Auto complete should be (and is) handled in it's own component code, such as https://github.com/silverstripe/silverstripe-framework/blob/4.0/src/Forms/GridField/GridFieldAddExistingAutocompleter.php#L210
2017-10-24 12:57:08 +13:00
Damian Mooyman
13afd6f0d5 Merge pull request #7502 from open-sausages/pulls/4.0/i-converted-an-apple-to-an-orange
Fix switch to using the Convert class for decoding
2017-10-24 10:25:53 +13:00
Sam Minnee
4bec62ba51 Merge branch '4.0' into 4 2017-10-20 18:45:16 +13:00
Damian Mooyman
b9cb1e69e6 BUG Replace phpdotenv with thread-safe replacement 2017-10-20 18:43:11 +13:00
Christopher Joe
4caf34506a Fix switch to using the Convert class for decoding 2017-10-20 14:43:19 +13:00
Loz Calver
bb9501797f FIX: Use isolated scope when requiring files for module activation 2017-10-20 09:11:00 +13:00
Damian Mooyman
d0ca9bd17a Merge pull request #7490 from open-sausages/pulls/4.0/my-email-children-deserve-the-best
BUG Fix enable email subclasses to use their respective templates
2017-10-19 16:30:37 +13:00
Christopher Joe
dabdc905ce
BUG Fix enable email subclasses to use their respective templates 2017-10-19 14:44:04 +13:00
Nathan J. Brauer
bcc2cc6a0b Adding 308 HTTP Response as an redirect code
https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
Often times, 308 are preferred over 301 redirects, as they tell the requester to, for example, re-POST a form submission on the final URL.
2017-10-18 12:27:00 -07:00
Christopher Joe
076d7d78c6 BUG cache the cacheKey in TreeDropdownField, so it doesn't need to query for it multiple times in the same request 2017-10-18 11:49:28 +13:00
Chris Joe
cafa3fc29a BUG switch to trigger_error() when a resource is not found (#7468)
* BUG switch to `trigger_error()` when a resource is not found rather than throw an exception

* Add unit test for module url failing
2017-10-16 16:11:42 +13:00
Simon Erkelens
6506a5b958 Don't add a . when there's no extension 2017-10-16 11:56:35 +13:00
Damian Mooyman
7e97f04e47
ENHANCEMENT Allow extensions to intercept incorrect deletes on unpublish 2017-10-13 10:12:08 +13:00
UndefinedOffset
7ff707df73 BUGFIX: Fixed issue on windows where the BASE_URL constant would get set wrong if the site was in a sub-folder of the web root 2017-10-12 10:54:27 -03:00
Chris Joe
d876e36424 Merge pull request #7467 from open-sausages/pulls/4.0/adjust-field-onbeforerender
Adjust FormField::onBeforeRendor so that it can influence both context and passed properties
2017-10-12 12:11:32 +13:00
Damian Mooyman
c3f321459b Merge pull request #7449 from creative-commoners/pulls/4.0-updatebreadcrumbs
Add updateBreadcrumbs hook to GridFieldDetailForm
2017-10-11 12:17:33 +13:00
Damian Mooyman
eff5c28f24
Adjust FormField::onBeforeRendor so that it can influence both context and passed properties
Fixes #7466
2017-10-11 11:43:57 +13:00
Daniel Hensby
c09dec5958 Merge pull request #7456 from open-sausages/pulls/4.0/decimal-scaffolding
BUG Fix decimal scaffolding
2017-10-10 15:46:38 +01:00
Loz Calver
7afab3043d Merge pull request #7461 from open-sausages/pulls/4.0/fix-icon-urls
Fix references to resource paths / urls
2017-10-10 09:08:08 +01:00
Damian Mooyman
6a55dcfc16
Fix references to resource paths / urls 2017-10-10 16:51:47 +13:00
Will Rossiter
dc9307bd99 Add updateBreadcrumbs hook to GridFieldDetailForm 2017-10-10 16:03:20 +13:00
Damian Mooyman
11b2c74533
ENHANCEMENT Improve upgrade experience for beta3 -> beta4 upgrade 2017-10-10 15:27:41 +13:00
Damian Mooyman
fd630a99b0
BUG Fix decimal scaffolding
Fixes #7454
2017-10-10 10:13:26 +13:00
Damian Mooyman
3e6984d5a8
Shift REQUEST_URI mangling into HTTPRequestBuilder::createFromVariables() 2017-10-09 17:35:33 +13:00
Damian Mooyman
199d607a2c Tiny revert 2017-10-09 17:21:43 +13:00
Ingo Schommer
1e913bb938 Remove rewrite-less routing through index.php
It's currently broken (doesn't rewrite subsequent links),
and is of questionable use. It was introduced during a time
when PHP didn't have a built-in webserver (I think).
Virtually ever webserver will have rewriting capabilities these days (even IIS!),
and if you struggle with the setup as a new user, you can just fall back to PHP's built-in webserver.

This doesn't affect installation capabilities, since these are triggered via install.php.
2017-10-09 17:21:43 +13:00
Ingo Schommer
1e051386c6 Simplified request building 2017-10-09 17:21:43 +13:00
Ingo Schommer
bd11bc16c7 Avoid double slash in Director mock URLs
They get faulty results when run through parse_url($url, PHP_URL_PATH)
which we started using in HTTPRequestBuilder
2017-10-09 17:21:43 +13:00
Ingo Schommer
4a94dfe55b Remove "url" query param reliance, use index.php
See https://github.com/silverstripe/silverstripe-framework/issues/7430
2017-10-09 17:21:43 +13:00
Damian Mooyman
311811a261 Merge pull request #7451 from open-sausages/pulls/4.0/whats-temporary-could-turn-path
rename TEMP_FOLDER to TEMP_PATH
2017-10-09 14:16:06 +13:00
Damian Mooyman
994689ab54 Merge pull request #7450 from open-sausages/rename-assertDOS-to-assertList
API Rename assert dos to assert list
2017-10-09 13:47:18 +13:00
Christopher Joe
3560a0418d rename TEMP_FOLDER to TEMP_PATH 2017-10-09 12:41:34 +13:00
Damian Mooyman
313f8c7ac3 Merge pull request #7439 from creative-commoners/pulls/4.0/trim-injector-names
FIX Trim whitespace off names in Injector
2017-10-09 12:31:11 +13:00
Werner M. Krauß
f686b50824 API Rename assert dos to assert list 2017-10-09 11:53:11 +13:00
Chris Joe
566d7baa48 Merge pull request #7437 from open-sausages/pulls/4.0/stateless-extensions
API Extensions are now stateless
2017-10-09 11:45:33 +13:00
Daniel Hensby
d8f49a1bda Merge pull request #7426 from silverstripe/filefield-accept-attr
NEW: Implement accept attribute in FileField (closes #7279)
2017-10-06 15:01:12 +01:00
Ingo Schommer
7406318f03 Merge pull request #7436 from creative-commoners/pulls/4.0/consistent-change-password-api
NEW Ensure changePassword is called by onBeforeWrite for a consistent API
2017-10-06 11:26:37 +01:00
Robbie Averill
3bdc8c7e65 FIX Trim whitespace off names in Injector 2017-10-06 15:52:44 +13:00
Chris Joe
58cd83e4f7 Merge pull request #7434 from open-sausages/pulls/4.0/the-tree-needs-cutting
Fix refactor TreeMultiselectField to be clearable if nothing is selected
2017-10-06 15:16:10 +13:00
Damian Mooyman
b996e2c22c
API Extensions are now stateless
ENHANCEMENT Injector now lazy-loads services more intelligently
2017-10-06 14:53:44 +13:00
Chris Joe
90ce2abecb Merge pull request #7422 from open-sausages/pulls/4.0/flags-in-gridfield
Add gridfield versioned columns
2017-10-06 14:39:02 +13:00
Saophalkun Ponlu
1a324d9d77 Wrap content gridfield cell in another non-td element for styling 2017-10-06 11:47:38 +13:00
Daniel Hensby
16cac4e3bd
Merge branch '3' into 4 2017-10-05 16:40:31 +01:00
Daniel Hensby
96a314f076 Merge pull request #7401 from creative-commoners/pulls/4.0/i18n-collector-fix
FIX Class name in _t() call in installer and run text collector
2017-10-05 10:56:12 +01:00
Robbie Averill
413034f684 Remove psuedo-property SetPassword from Member 2017-10-05 16:55:24 +13:00
Robbie Averill
cdf6ae45a3 NEW Ensure changePassword is called by onBeforeWrite for a consistent API 2017-10-05 16:14:15 +13:00
Christopher Joe
e07658ef50 Fix linting issues and fix doc 2017-10-05 15:28:58 +13:00
Saophalkun Ponlu
6424f4dea0 Changes based on peer review feedbacks 2017-10-05 15:04:46 +13:00
Christopher Joe
a1a8341929 Fix refactor TreeMultiselectField to be clearable if nothing is selected 2017-10-05 14:58:27 +13:00
Robbie Averill
6044579a3f MINOR Separate some areas of logic in LostPasswordHandler to make them more overridable 2017-10-05 14:17:38 +13:00
Damian Mooyman
168db412de Merge pull request #7424 from creative-commoners/pulls/4.0/extensible-change-password
NEW Make Member::changePassword extensible
2017-10-05 13:18:53 +13:00
Damian Mooyman
4dbd727206
BUG Config updates are now applied after middleware not before 2017-10-05 12:30:21 +13:00
Robbie Averill
6b52412693 NEW Make Member::changePassword extensible 2017-10-05 11:18:34 +13:00
Damian Mooyman
1b6d0144c5
BUG Fix resource mapping for TinyMCE
API add ModuleResource::getRelativeResource()
2017-10-04 17:44:04 +13:00
Saophalkun Ponlu
ae930833ad Add gridfield versioned columns 2017-10-04 17:33:15 +13:00
Loz Calver
43ec2f87ed NEW: Implement accept attribute in FileField (closes #7279) 2017-10-03 16:48:49 +01:00
Damian Mooyman
f4a77649a4
Fix requirements tests 2017-10-03 14:21:24 +13:00
Damian Mooyman
5ffe64f024
Fix tinymce plugins 2017-10-03 14:08:24 +13:00
Damian Mooyman
cdefd19091
Ensure HTMLEditor can load vendor css 2017-10-03 13:08:22 +13:00
Damian Mooyman
f64c95b33c
Add new ModuleResourceLoader helper 2017-10-03 12:20:49 +13:00
Ingo Schommer
e1b98d154e Fix tinymce operation for resource paths
It was referencing secondary TinyMCE assets in the vendor/* folder
from its generated files (e.g. skin.min.css).
2017-10-03 09:03:37 +13:00
Ingo Schommer
8e49b563a9 Fix installer paths for vendorised module 2017-10-03 09:03:37 +13:00
Ingo Schommer
85a951584e Update main.php path to support framework in vendor 2017-10-03 09:03:37 +13:00
Ingo Schommer
31b213be7b Allow autoloading from vendor path 2017-10-03 09:03:36 +13:00
Damian Mooyman
b4910e133c Merge pull request #7412 from open-sausages/pulls/4.0/fun-times-in-thumbnails
Enhancement add notice for MigrateFileTask if FileMigrationHelper doesn't exist
2017-10-02 16:59:40 +13:00
Damian Mooyman
17718e3854 Merge pull request #7415 from open-sausages/pulls/4.0/no-cache-in-my-home
Fix typos in FilesystemCacheFactory
2017-10-02 16:53:52 +13:00
Chris Joe
b219e40ff7 Merge pull request #7414 from open-sausages/pulls/4.0/basic-auth-var
BUG Restore SS_USE_BASIC_AUTH env var
2017-10-02 15:11:19 +13:00
Christopher Joe
26f7f0482c Fix typos in FilesystemCacheFactory 2017-10-02 15:10:44 +13:00
Christopher Joe
36397c787c Enhancement add notice for MigrateFileTask if FileMigrationHelper doesn't exist
Enhancement add call to image thumbnail helper to generate thumbnails
2017-10-02 14:54:31 +13:00
Chris Joe
fe98555d0a Merge pull request #7413 from open-sausages/pulls/4.0/member-i18n-speed
ENHANCEMENT Use less expensive i18n defaults in Member::populateDefaulateDefaults()
2017-10-02 13:03:44 +13:00
Chris Joe
ccc24764c4 Merge pull request #7411 from open-sausages/pulls/4.0/superfluous-date-props
Remove superfluous datefield props
2017-10-02 10:24:30 +13:00
Damian Mooyman
e2750c03fc
BUG Restore SS_USE_BASIC_AUTH env var
Fixes #7268
2017-09-29 16:56:56 +13:00
Damian Mooyman
f4b1417612
ENHANCEMENT Use less expensive i18n defaults in Member::populateDefaults()
Fixes #7381
2017-09-29 16:40:17 +13:00
Damian Mooyman
fa57deeba4
ENHANCEMENT Allow vendor modules with url rewriting
API Introduce ModuleResource feature
2017-09-29 10:28:38 +13:00
Damian Mooyman
3011650b5a
Remove superfluous datefield props
Fixes #7397
2017-09-29 10:25:22 +13:00
Damian Mooyman
f574f6d1b2
Reset test state for modified config options 2017-09-28 17:24:32 +13:00
Christopher Joe
90d0361a6c Enhancement update set_themes to not update config 2017-09-28 16:47:13 +13:00
Christopher Joe
7e92b053f4 Enhancement Add setter and getter for certain classes, so that LeftAndMain no longer updates config during init 2017-09-28 16:47:13 +13:00
Damian Mooyman
da27948777 Merge pull request #7373 from dhensby/pulls/4/rate-limit-security
NEW RateLimiter for Security controller
2017-09-28 11:01:37 +13:00
Damian Mooyman
e4fd9b4ff7
Code style fixes 2017-09-28 09:54:29 +13:00
Daniel Hensby
5f739c111e
added ratelimiter tests 2017-09-27 16:42:04 +01:00
Daniel Hensby
51ac297c59
Fixes to ratelimiter and new features 2017-09-27 14:44:38 +01:00
Andrew O'Neil
c7cbbb29f4 Fix links on paginated lists when there are GET vars
Prior to this change, if there were already GET vars on a page
with a PaginatedList, the links would include a mix of '&' and '&'.
2017-09-27 15:41:08 +10:00
Daniel Hensby
28552155c3
NEW Add actWithPermission to SapphireTest for shortcut to perform actions with specific permissions 2017-09-26 13:39:31 +01:00
Robbie Averill
33ae463e5b FIX Class name in _t() call in installer and run text collector 2017-09-26 14:57:16 +13:00
Mike Cochrane
b8e5a2ce32 FIX readonly PermissionCheckboxSetField
A readonly PermissionCheckboxSetField (eg in Security when viewing a member without permission to edit it) can result in calling "getRecord()" on null.  Add is_object check, consistent with line 98.
2017-09-25 15:25:10 +13:00
Loz Calver
1dd0c04891 Tidy up + document SSViewer classes 2017-09-21 17:03:21 +01:00
Damian Mooyman
f1a12e15be
BUG Fix sub-template lookup for includes 2017-09-20 18:04:01 +12:00
Chris Joe
c939737e5c Merge pull request #7386 from open-sausages/pulls/4.0/class-case-fixing
ENHANCEMENT Don't force all class names to lowercase
2017-09-20 16:46:49 +12:00
Damian Mooyman
261302a121
ENHANCEMENT Don't force all class names to lowercase
Speeds up autoloading because composer psr-4 works properly now
2017-09-20 15:14:55 +12:00
Christopher Joe
265f91060c Fix phpcs error 2017-09-20 12:42:45 +12:00
Damian Mooyman
09b3a24f30
BUG Detect, warn, and fix invalid SS_BASE_URL
Fixes #7362
2017-09-20 10:42:13 +12:00
Loz Calver
7431122b58
Make auto login token expiry configurable (closes #7278) 2017-09-18 14:06:13 +01:00
Daniel Hensby
04b1bb816e
NEW RateLimiter for Security controller 2017-09-14 14:23:36 +01:00
Damian Mooyman
7b3286d512 Merge pull request #7374 from dhensby/pulls/4/ci-http-headers
FIX HTTP Headers are case insensitive
2017-09-14 09:52:26 +12:00
Daniel Hensby
9198313658
FIX HTTP Headers are case insensitive 2017-09-13 16:02:12 +01:00
Chris Joe
c3f7165023 Merge pull request #7371 from open-sausages/pulls/4.0/fix-gridfield-print
BUG Fix gridfield print styles
2017-09-13 15:58:05 +12:00
Damian Mooyman
d05d22abc2 Merge pull request #7343 from creative-commoners/pulls/4.0/add-extra-class
NEW Allow GridFieldEditButton to have configurable HTML classes. Change edit icon.
2017-09-13 15:39:38 +12:00
Sacha Judd
c707fccf69 NEW Allow GridFieldEditButton to have configurable HTML classes. Change edit icon. 2017-09-13 13:11:17 +12:00
Damian Mooyman
f8ef97c167
BUG Fix import modal
Fixes https://github.com/silverstripe/silverstripe-admin/issues/251
2017-09-13 12:52:20 +12:00
Damian Mooyman
1892a02076
BUG Fix gridfield print styles 2017-09-13 11:48:42 +12:00
Andrew Aitken-Fincham
6613826ed8 FIX SSViewer::add_themes() to properly prepend 2017-09-12 13:34:56 +01:00
Damian Mooyman
905c4e04d5
BUG Incorrect path for requirements file 2017-09-12 10:36:48 +01:00
Bernard Hamlin
fa86f42ab9
BEM class names for filter-buttons 2017-09-12 10:16:03 +12:00
Damian Mooyman
22e991ef90 Merge pull request #7344 from creative-commoners/pulls/4.0/email-assertion-return
DOCS Update doc block for TestMailer::findEmail to reflect the new key names
2017-09-08 13:08:03 +12:00
Chris Joe
d1df61a19b Merge pull request #7332 from open-sausages/pulls/4.0/installer-env-cleanup
Ensure installer.php works nicely with .env files
2017-09-07 09:47:56 +12:00
Robbie Averill
a4aa59bfdc DOCS Update doc block for TestMailer::findEmail to reflect the new key names 2017-09-06 16:10:55 +12:00
Damian Mooyman
806ffb934e
BUG Ensure installer.php works nicely with .env files
Unenjoyable cleanup of internal logic
2017-09-06 13:52:51 +12:00
Damian Mooyman
40678d5897 Merge pull request #7342 from open-sausages/pulls/4.0/disable-me-a-plus
Fix permission check for admin role
2017-09-06 11:38:01 +12:00
Christopher Joe
25380eb454 Fix permission check for admin role 2017-09-06 10:21:01 +12:00
Chris Joe
1f5644d143 Merge pull request #7340 from open-sausages/pulls/4.0/toolbar-button-margin
Fix toolbar button margin and spacing
2017-09-05 16:07:32 +12:00
Saophalkun Ponlu
2f7f4e73d9 Fix toolbar button margin and spacing 2017-09-05 15:08:05 +12:00
Damian Mooyman
8425533487 Merge pull request #7336 from open-sausages/pulls/4.0/the-uncontained-popover-was-powerful
Fix add schema to the "auto" parts request
2017-09-05 14:01:12 +12:00
Damian Mooyman
4c84f22b2e Merge pull request #7325 from xini/patch-3
use html5 mark tag to highlight search parameter
2017-09-05 13:38:42 +12:00
Christopher Joe
afda58c515 Fix add schema to the "auto" parts request 2017-09-05 13:12:51 +12:00
Florian Thoma
d1f7e6959f update tests and doc 2017-09-05 09:42:08 +10:00
Robbie Averill
f8372ef6dc MINOR Add default value to ArrayData constructor 2017-09-05 09:42:52 +12:00
Daniel Hensby
16416fe15b Merge pull request #7334 from open-sausages/pulls/4.0/destroyed-cleanup
Remove redundant gc_collect_cycles()
2017-09-04 15:03:09 +01:00
Christopher Joe
120c772966 Add TreeDropdownField from React to Entwine 2017-09-04 12:15:41 +12:00
Saophalkun Ponlu
08fa3d6e3d
Enable TinyMCE list buttons 2017-09-04 09:30:07 +12:00
Damian Mooyman
45998444d7
Remove redundant gc_collect_cycles()
Cleanup dead references to DataObject::$destroyed
Fixes #7326
2017-09-04 09:23:07 +12:00
Florian Thoma
0d15cb02cd use html5 mark tag to highlight search parameter 2017-08-30 12:05:11 +10:00
Chris Joe
76f2358f3b Merge pull request #7324 from open-sausages/pulls/4/env-type-docs
DOCS Corrected env type docs (fixes #7290)
2017-08-30 11:44:55 +12:00
Ingo Schommer
64af679c35 DOCS Corrected env type docs (fixes #7290) 2017-08-30 08:35:41 +12:00
Damian Mooyman
98c10b089c
ENHANCEMENT Allow <% include %> to fallback outside of the Includes folder
Fixes #7108
2017-08-29 16:15:46 +12:00
Christopher Joe
e4b506cbe7
Fix add combinedFiles to clear logic 2017-08-29 13:52:14 +12:00
Sam Minnee
8c15e451c6 FIX: Removed unnecessary database_is_ready call.
This shaves about 45ms from every request (PHP 7.1 on a 2013 rMBP), 
cutting down execution time of a “hello world” controller by about 33%.

database_is_ready is still used in dev/build and ?flush=1 to stop people
from people bypassing security by DOSing the database or otherwise
forcing a DatabaseException
2017-08-25 13:06:12 +12:00
Damian Mooyman
d52e972453 Merge pull request #7308 from creative-commoners/pulls/4.0/fix-alternative-db-name-when-session-not-started
FIX Do not try and access sessions when they are not ready
2017-08-24 16:07:52 +12:00
Robbie Averill
5a9131a116 FIX Do not try and access sessions when they are not ready 2017-08-24 14:43:27 +12:00
Robbie Averill
c4ff9df1b0 FIX Use correct bootstrap class or GridFieldDetailForm delete button 2017-08-24 14:34:06 +12:00
Chris Joe
deec9b411b Merge pull request #7300 from open-sausages/pulls/4.0/flush-live-backurl
BUG Capture errors after a reload token redirect to login url
2017-08-24 14:00:33 +12:00
Damian Mooyman
d5b3280498 Merge pull request #7302 from robbieaverill/pulls/4.0/has-class-returns-bool
API Make FormField::hasClass return a boolean instead of an int
2017-08-24 13:19:30 +12:00
Damian Mooyman
80cf096a6e
BUG Prioritise SS_BASE_URL over flakey SCRIPT_FILENAME check 2017-08-24 12:58:04 +12:00
Damian Mooyman
47fced8880
BUG Capture errors after a reload token redirect to login url
Fixes #7289
2017-08-24 12:55:04 +12:00
Chris Joe
8edf070a13 Merge pull request #7303 from open-sausages/pulls/4.0/constant-logging
BUG Fix BASE_URL for CLI
2017-08-24 11:56:10 +12:00
Loz Calver
ecc619248b Merge pull request #7298 from robbieaverill/pulls/4.0/replace-stat-usage
Replace use of Configurable stat() with config()->get(), will be deprecated in future
2017-08-23 10:12:40 +01:00
Robbie Averill
595ba75a50 API Make FormField::hasClass return a boolean instead of an int 2017-08-23 16:23:28 +12:00
Damian Mooyman
1b087221d2
BUG Fix BASE_URL on CLI
Fixes #7256
2017-08-23 14:48:46 +12:00
Damian Mooyman
2c34af72e1
ENHANCEMENT Log user constants during CI for debugging improvements 2017-08-23 14:23:33 +12:00
Damian Mooyman
14761a9246
Remove mcrypt
Use session for alternativeDatabaseName instead
Fixes #7280
2017-08-23 12:13:32 +12:00
Robbie Averill
8ebc13ae4e Replace use of Configurable stat() with config()->get(), will be deprecated in future 2017-08-23 09:42:10 +12:00
Damian Mooyman
9b4d689bb2 Lazy-load custom methods and extensions on CustomMethods and Extensible traits
No longer need constructExtensions()
2017-08-22 15:47:24 +12:00
Damian Mooyman
fc2a603915 BUG Don’t construct extension_instances on objects that never use them 2017-08-22 15:47:24 +12:00
Damian Mooyman
90ba24733d Reduce unnecessary calls to Extension and DataExtension configs 2017-08-22 15:47:24 +12:00
Damian Mooyman
598a2c91e3 Reduce calls to i18n.default_config 2017-08-22 15:47:24 +12:00
Damian Mooyman
179a9fca28 Merge pull request #7292 from sminnee/injector-dependency-speedup
FIX: Prevent repeated lookup of obj.dependencies by Injector
2017-08-22 14:30:35 +12:00
Sam Minnee
c50cd34df6 FIX: Prevent repeated lookup of obj.dependencies by Injector
This unnecessary repeated call to Injector slows down the construction
of frequently instantiated classes.

On admin/pages, this reduced execution from 1.67s to 1.56s, and it
reduced the impact of having an extension added to DBField by 33%
(from 100ms to 67ms)
2017-08-22 12:12:32 +12:00
Christopher Joe
249c7048d9 Fix trim accept header parts 2017-08-21 15:31:13 +12:00
Chris Joe
c8d8adfefe Merge pull request #7287 from open-sausages/pulls/4.0/fix-multi-configs
BUG Fix issue with multiple editors breaking plugins
2017-08-21 10:58:27 +12:00
Daniel Hensby
304889ff2f Merge pull request #7281 from sminnee/test-php72
NEW: Test on php 7.2
2017-08-18 21:22:10 +01:00
Damian Mooyman
ce5e15df6e BUG Fix issue with multiple editors breaking plugins 2017-08-18 16:33:16 +12:00
Daniel Hensby
33c2c7bfe7
Merge branch '3' into 4 2017-08-17 15:06:00 +01:00
Christopher Joe
9dc11eff43 Enhancement Add a path option for the schema data, so a full tree is not required for this data 2017-08-17 16:08:27 +12:00
Damian Mooyman
bbded44056 Upgrade bootstrap class names 2017-08-16 10:50:09 +12:00
Sam Minnee
0926b04512 FIX: Fix latent bug in DataObject
This didn’t show up until we ran tests on PHP 7.3-dev
2017-08-15 11:13:57 +12:00
Daniel Hensby
c0211927aa
Merge branch '3' into 4 2017-08-14 21:18:03 +01:00
Damian Mooyman
323644c7bb
API Implement cascade_deletes 2017-08-09 15:14:00 +12:00
Robbie Averill
5d5fac7450 FIX Throw exception when "value" is used to define indexes. Update docs. 2017-08-09 09:17:28 +12:00
Damian Mooyman
0681567102 BUG Fix flushing on live mode (#7241)
* BUG Fix flushing on live mode
Fixes #7217

* Clarify injector service documentation
2017-08-07 13:53:23 +12:00
Damian Mooyman
f7bebdd8f8
BUG Fix install issue with IIS
Fixes #7218
2017-08-07 10:15:40 +12:00
Chris Joe
6ebc333e00 Merge pull request #7238 from open-sausages/pulls/4.0/flush-tinymce-cache
ENHANCEMENT Ensure flush destroys temp tinymce files
2017-08-03 19:13:54 +12:00
Damian Mooyman
b6a8e45888
BUG Ensure mocked controller has request assigned
Fixes #7237
2017-08-03 15:52:31 +12:00
Damian Mooyman
06efd2ac12
ENHANCEMENT Ensure flush destroys temp tinymce files 2017-08-03 13:21:48 +12:00
Chris Joe
34ca944bd6 Merge pull request #7235 from open-sausages/pulls/4.0/update-installer
Update installer path to match recipe
2017-08-03 10:58:58 +12:00
Damian Mooyman
e64acef53a BUG Fix invalid i18n yaml 2017-08-03 10:13:09 +12:00
Damian Mooyman
24ab3abbea
Update installer path to match recipe 2017-08-03 10:02:55 +12:00
Damian Mooyman
8418011456
Fix linting issues 2017-08-02 14:08:59 +12:00
Robbie Averill
e307f067ed FIX Replace deprecated %s placeholders in translations with named placeholders
* Remove the use of sprintf and %s placeholders in the i18n tests
2017-08-02 13:03:55 +12:00
Damian Mooyman
ae97c15e42
ENHANCEMENT Soft-code CSS explicit height and compute against rows 2017-08-01 15:46:49 +12:00
Damian Mooyman
078a508d71 API Replace legacy tiny_mce_gzip compressor with asset generator
Fixes https://github.com/silverstripe/silverstripe-admin/issues/74
2017-08-01 13:43:30 +12:00
vagrant
f02949fc09 Initially set a default height for the html editor to 350px 2017-07-31 16:49:48 +12:00
Damian Mooyman
9392380dd1 Merge pull request #7225 from silverstripe/pulls/4.0/injector-extension-setters
Use ClassInfo::hasMethod instead of method_exists()
2017-07-31 10:23:10 +12:00
Damian Mooyman
90f6710020 Merge pull request #7219 from silverstripe/pulls/4.0/dbcomposite-properties
BUGFIX: DBComposite doesn't allow arbitrary property assignment
2017-07-31 10:11:58 +12:00
Aaron Carlino
c9cf7b1d75 Use ClassInfo::hasMethod instead of method_exists()
This allows for setters to exist in extension instances.
2017-07-30 22:43:28 +12:00
Aaron Carlino
9903104fb8 Use parent::setField() 2017-07-30 22:39:42 +12:00
Daniel Hensby
1a4211f089 Merge pull request #7222 from kinglozzer/showqueries-pdo
FIX: ?showqueries=inline failed on PDO databases (fixes #7199)
2017-07-28 10:23:57 +01:00
Loz Calver
980d6b7ef7 FIX: ?showqueries=inline failed on PDO databases (fixes #7199) 2017-07-28 09:33:26 +01:00
Aaron Carlino
3ef9ca69d1 BUGFIX: DBComposite doesn't allow arbitrary property assignment
To be more consistent with `ViewableData`, whose `setField()` method will fallback on [assigning properties arbitrarily](https://github.com/silverstripe/silverstripe-framework/blob/4/src/View/ViewableData.php#L213), `DBComposite` shouldn't bail out of `setField` when the field specified isn't in the record.

Arbitrary property assignment is particularly important in injection.

```yaml
SilverStripe\ORM\FieldType\DBComposite:
  dependencies:
    myService: %$Service
```

Right now, that fails, because `$obj->myService = Service` invokes `__set()` which calls `setField()` which refuses the assignment when `myService`is not in the record.
2017-07-27 17:25:29 +12:00
Damian Mooyman
697798b464 Merge pull request #7206 from open-sausages/pulls/4.0/select-them-all-again
Enhancement add support for TreeMultiselectField in react
2017-07-27 13:41:18 +12:00
Damian Mooyman
7f6974e309
Update PHPDoc 2017-07-27 12:08:42 +12:00
Aaron Carlino
74873096bd New getSummary() API for SearchContext 2017-07-27 11:56:37 +12:00
martimiz
b726d64d1d
Fix SearchEngine to use quoted table names
If quotes are omitted, SQLExpression::sql() cannot replace table names
with the proper table for the current Stage.
2017-07-26 13:42:41 +01:00
Damian Mooyman
9bff74bd61
Clean up all fluent property accessors 2017-07-26 18:14:27 +12:00
Christopher Joe
78d4d0d5dd Enhancement add support for TreeMultiselectField in react 2017-07-26 18:14:08 +12:00
Daniel Hensby
884f53e0f2
Merge branch '3' into 4 2017-07-25 16:17:44 +01:00
Damian Mooyman
2c500c79c3 Merge pull request #7201 from kinglozzer/build-perf
Ensure ClassManifest isn't flushed twice on build
2017-07-25 09:51:00 +12:00
Daniel Hensby
6aeab571db Merge pull request #7195 from open-sausages/pulls/4.0/missing-unnested-from
BUG Fix unassigned nestedFrom
2017-07-24 17:07:07 +01:00
Loz Calver
ad2e1cf552 Ensure ClassManifest isn't flushed twice on build 2017-07-24 09:36:03 +01:00
Robbie Averill
392cda15f6 NEW Add updateRules extension point to Director::handleRequest 2017-07-23 22:10:46 +12:00
Chris Joe
6a3c51e072 Merge pull request #7036 from fullscreeninteractive/wilr-patch-1
Fix ImportButton not opening the modal
2017-07-21 14:10:31 +12:00
Damian Mooyman
6fd6a38949
BUG Fix unassigned nestedFrom
Fixes #7194
2017-07-21 08:58:19 +12:00
Damian Mooyman
e77c7fe04c Merge pull request #7188 from dhensby/pulls/4/fix-full-text-search-table-option
FIX FulltextSearchable  DB engine not set correctly
2017-07-20 12:27:30 +12:00
Loz Calver
c41c0a957b Merge pull request #7163 from sachajudd/pulls/4.0/debugview-info-color
NEW add web accessible colours to web view dev/build
2017-07-19 15:01:36 +01:00
Daniel Hensby
8aeec92087
FIX FulltextSearchable DB engine not set correctly 2017-07-19 12:28:15 +01:00
Daniel Hensby
d7095c2213
Merge branch '3' into 4 2017-07-18 14:19:16 +01:00
Daniel Hensby
d59e2dbe5b Merge pull request #7183 from robbieaverill/pulls/4.0/fix-log-in-as-someone-else
FIX Log in as someone else returns user back to login screen
2017-07-18 11:54:33 +01:00
Sacha Judd
f367a0aa62 NEW add web accessible colours to web view dev/build 2017-07-18 22:00:35 +12:00
Robbie Averill
ba9ad55274 FIX Base URL defaults to a slash in currentURL if not defined already 2017-07-18 21:56:21 +12:00
Robbie Averill
a5ca4ecb59 FIX Log in as someone else returns user back to login screen 2017-07-18 17:15:58 +12:00
Damian Mooyman
ed0ed89865 Merge pull request #7055 from robbieaverill/pulls/4.0/polymorphic-has-one-indexes
NEW Ensure polymorphic has_one fields are indexed
2017-07-18 16:39:45 +12:00
Robbie Averill
fb18e441a7 DBIndexable::getIndexSpecs is responsible for returning a DBFields full indexable spec 2017-07-18 15:03:56 +12:00
Saophalkun Ponlu
c2841b6d64 Enhancement Remove "Remove link" button from the editor's main toolbar
Fix behat for selecting link should focus on field
2017-07-18 13:11:27 +12:00
Damian Mooyman
de7b746094 Merge pull request #7180 from robbieaverill/pulls/4.0/remove-config-update-use
Use merge and set instead of update for config calls
2017-07-18 09:16:20 +12:00
Daniel Hensby
be7b2d4970 Merge pull request #7179 from robbieaverill/pulls/4.0/is-cli-for-phpdbg
FIX Ensure phpdbg calls are registered by SilverStripe core as a CLI call
2017-07-17 14:26:39 +01:00
Robbie Averill
da4e46e4de FIX Use merge and set instead of update for config calls 2017-07-17 17:59:40 +12:00
Robbie Averill
ea4181166f FIX Ensure phpdbg calls are registered by SilverStripe core as a CLI call 2017-07-17 16:56:01 +12:00
Robbie Averill
bd5782adca NEW Allow index type to be configured per DBField instance 2017-07-17 14:36:47 +12:00
Robbie Averill
c9c4390619 NEW Ensure polymorphic has_one fields are indexed
* Add tests for config based indexing on composite DBFields
* Allow fields to have "indexed" option passed via field spec
2017-07-17 14:36:29 +12:00
Robbie Averill
1a38feff22 FIX Version provider uses early bound config getter, move LeftAndMain config to admin module 2017-07-16 16:49:10 +12:00
Daniel Hensby
7fd316d405
Merge branch 3 into 4 2017-07-15 13:20:37 +01:00
Daniel Hensby
be0e16d648 Merge pull request #7170 from robbieaverill/pulls/4.0/ignore-exceptions-on-killing-testdb
FIX Ignore exceptions thrown when deleting test databases
2017-07-14 14:53:51 +01:00
Loz Calver
aafd2a573d Update Convert::memstring2bytes() logic 2017-07-14 09:16:05 +01:00
Damian Mooyman
3a7f9e8eb5 Merge pull request #7167 from open-sausages/pulls/4.0/tree-search-in-forest
API TreeDropdown tree parameter
2017-07-14 16:23:30 +12:00
Simon Erkelens
3e97b99e22 [BUG] Fix issues with multiple authenticators for a single task (#7149)
Using multiple 2FA authenticators, logging out, resetting password etc. proved to be handled wrong.
Example scenario:
The result is an error, because the `renderWrappedController` was called, despite the responses being a set of either array with Content or Form, or a redirect action.

The default action should be followed and not try to render if there is nothing to render

Because the logout (or changepassword, or resetpassword, etc.) has already been handled, the first response is the default authenticator's response. This _could_ be a form (in case of logout without valid token), a content set (reset password) or a form (change password).

This edge case only happens when there are multiple authenticators supporting the requested method that is _not_ login.
2017-07-14 09:20:58 +12:00
Robbie Averill
b16896f22b FIX Ignore exceptions thrown when deleting test databases
This will prevent long runnings builds (e.g. code coverage) from failing when the test database connection is gone (MySQL server has gone away) by the time the shutdown handler runs.
2017-07-13 23:33:51 +12:00
Robbie Averill
823e49526f NEW Allow SSViewer and SSViewer_FromString to be injectable 2017-07-13 20:48:58 +12:00
Christopher Joe
ccda816f90 API added flatList argument for generating the json tree list with a context string property 2017-07-13 17:04:35 +12:00
Damian Mooyman
5fcd7d084f
BUG Fix registered shutdown function not handling responsibility for outputting redirection response 2017-07-13 15:32:39 +12:00
Aaron Carlino
2b266276c2 API Implement new module sorting pattern 2017-07-13 10:27:27 +12:00
Daniel Hensby
b2831b809c Merge pull request #7133 from kinglozzer/cache-classname
Cache ClassInfo::class_name() calls
2017-07-10 13:23:45 +01:00
Damian Mooyman
85359ad59e
BUG Ensure that installer can create an initial admin account
Fixes #7124
2017-07-06 13:30:04 +12:00
Loz Calver
e3e16fe835 Cache ClassInfo::class_name() calls 2017-07-05 15:15:08 +01:00
Daniel Hensby
aafa054cf7 Merge pull request #7129 from mfendeksilverstripe/master
Limited nodes with too many children are no longer accessible
2017-07-05 12:37:26 +01:00
Daniel Hensby
2c5e237a93
Merge pull request #7103 from dnadesign/fix-numericfield-null 2017-07-05 11:45:45 +01:00
Daniel Hensby
2f551c91d7 Merge pull request #6922 from kinglozzer/debugview-styles
Update DebugView styles
2017-07-05 11:35:04 +01:00
Loz Calver
713b01ebc7 Update DebugView styles 2017-07-05 09:14:26 +01:00
Aaron Carlino
c836a2e2d2 BUGFIX: Module resource regex does not allow ports 2017-07-05 13:26:30 +12:00
Mojmir Fendek
3f2d217a45 Limited nodes that have more children than allowed limit are no longer accessible to the user. 2017-07-05 11:34:24 +12:00
John Milmine
f14e6bae2c fix numeric field for null values 2017-07-05 07:35:13 +12:00
Daniel Hensby
64005bff91 Merge pull request #6440 from open-sausages/pulls/4.0/json-detection
ENHANCEMENT: Debug class emits plain text for application/json requests
2017-07-04 13:42:42 +01:00
Damian Mooyman
ed26b251c8
ENHANCEMENT: Better output type detection for debugging 2017-07-04 17:33:49 +12:00
Damian Mooyman
4b23205838
Fix unnamespaced i18n keys
Fixes https://github.com/silverstripe/silverstripe-framework/issues/6862
2017-07-04 14:18:47 +12:00
Damian Mooyman
f65e3627dc
BUG Implement or exclude all pending upgrader deltas 2017-07-03 12:21:47 +12:00
Damian Mooyman
92903d883e Allow editor themes to fall back safely 2017-07-03 10:38:50 +12:00
Aaron Carlino
cddaaf1444 Update TinyMCEConfig to use theme CSS 2017-07-03 10:38:50 +12:00
Daniel Hensby
c69a565b08 Merge pull request #7046 from andrewandante/FEAT/add_inGroup_to_Group
add inGroup(s) methods to Group
2017-06-30 16:38:55 +01:00
Andrew Aitken-Fincham
ab60a167e6 add inGroup(s) methods to Group 2017-06-30 12:47:37 +01:00
Damian Mooyman
3633947699
BUG Fix broken installer assets and session crash 2017-06-30 14:50:58 +12:00
Damian Mooyman
ee05c586b6 Merge pull request #7083 from sminnee/get-one-miss-null
FIX: DataObject::get_one() misses return null, not false
2017-06-30 13:08:20 +12:00
Aaron Carlino
ad9d4e6820 Pulls/4.0/shortcode namespacing (#7085)
* New shortcode providers, update config, docs

* Use new ImageShortcodeProvider

* Move tests

* New shortcodes namespace

* Move file and image shortcode registrations from framework to assets
2017-06-29 18:45:17 +12:00
Christopher Joe
061393a098 Fix enable ?flush rather than just ?flush=1 2017-06-29 16:13:38 +12:00
Daniel Hensby
30986b4ea3
[SS-2017-002] FIX Lock out users who dont exist in the DB 2017-06-29 13:58:55 +12:00
Sam Minnee
2c8790ca7d FIX: DataObject::get_one() misses return null, not false
Fixes https://github.com/silverstripe/silverstripe-framework/issues/5441
2017-06-29 13:51:52 +12:00
Daniel Hensby
e7df10dc52
Merge branch '3' 2017-06-28 18:59:08 +01:00
Damian Mooyman
b2f3b218a3
BUG Fix incorrect $database autoinit
BUG Fix missing $request in Installer bootstrapping
2017-06-28 17:59:16 +12:00
Damian Mooyman
8078ee08f2
BUG Fix folder urls getting mtime querystring appended 2017-06-28 16:59:41 +12:00
Sam Minnee
741166e369 API: ModulePath template global now takes any composer package name.
NEW: URL generation now handled by pluggable ResourceURLGenerator service.
NEW: Requirements::javascript() and Requirements::css() now support “vendor/package:resource” syntax.

These changes will make it easier to us to fully abstract:
 - file access from module location
 - file location from URL generation

API: ModulePath template global now takes any composer package name.
NEW: URL generation now handled by pluggable ResourceURLGenerator service.
NEW: Requirements::javascript() and Requirements::css() now support “vendor/package:resource” syntax.

These changes will make it easier to us to fully abstract:
 - file access from module location
 - file location from URL generation
2017-06-28 16:59:28 +12:00
Saophalkun Ponlu
288de2eb14 BUG Add flag on form whether to notify user when there's unsaved changes 2017-06-28 11:14:12 +12:00
Will Rossiter
ecb5d85de0 Support empty SS_DATABASE_PREFIX 2017-06-28 08:18:21 +12:00
Damian Mooyman
f699650b5f Update based on feedback 2017-06-27 13:32:39 +12:00
Damian Mooyman
d20ab50f9d API Stronger Injector service unregistration
BUG Fix up test regressions
FIX director references to request object
API Move all middlewares to common namespace
API Implement RequestHandlerMiddlewareAdapter
ENHANCEMENT Improve IP address parsing
Fix up PHPDoc / psr2 linting
BUG Fix property parsing in TrustedProxyMiddleware
BUG Fix Director::is_https()
2017-06-27 13:32:39 +12:00
Damian Mooyman
7aa67f856b Move files to middleware folder 2017-06-27 13:32:39 +12:00
Sam Minnee
67887febc5 fix - session now uses request 2017-06-27 13:32:39 +12:00
Sam Minnee
69fe166897 API: Director::handleRequest() is no longer static - use a Director service
NEW: Add HTMLMiddlewareAware trait to HTTPApplication, Director, and RequestHandler
NEW: Allow service specs to be passed to Director rules.

This refactor of the controller middlewares takes a service definition
approach rather than a static-method-and-config approach that Director
historically had.

The use of a trait for middleware means that the Middlewares array
property can be defined on RequestHandler, Director, and HTTPApplication
objects in the same way.
2017-06-27 13:32:39 +12:00
Sam Minnee
e92c63c545 API: Remove $sid argument of Session::start()
NEW: Pass HTTPRequest to session
NEW: Pass HTTPReuqest optionally to Director statics

The session handler now expects to operate on a specific
HTTPRequest object.
2017-06-27 13:32:39 +12:00
Sam Minnee
ccc86306b6 NEW: Add TrustedProxyMiddleware
API: SS_TRUSTED_PROXY_HOST_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_PROTOCOL_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_IP_HEADER replace with middleware config
API: Front-End-Https = “on” header no longer supported

This middleware replaces the TRUSTED_PROXY setting and shifts its
configuration out of the env vars and bootstrap and into the Director
flow.
2017-06-27 13:32:39 +12:00
Sam Minnee
c4d038f20d NEW: Add HTTPRequest::getScheme()/setScheme()
NEW: Add HTTPRequest::setIP()
API: Rely on HTTPRequestBuilder to set scheme and IP

These changes tidy up HTTPRequest making it a container for information
and removing special logic from it.

This makes it less feature-rich: it doesn’t contain trusted-proxy logic.
This will be able to provided by a middleware.

The new getScheme() method is designed to be closish to PSR-7’s
getUri()->getScheme() equivalent.

There are no more direct $_SERVER references in HTTPRequest.
2017-06-27 13:32:39 +12:00
Sam Minnee
4d89daac78 NEW: Register Injector::inst()->get(HTTPRequest)
HTTPRequest is provided as a service so that global references for
session, hostname, etc can be facilitated. It’s a bit of a hack and
should be avoided but we’re unlikely to scrub it completely from the
Silverstripe 4 code.
2017-06-27 13:32:39 +12:00
Sam Minnee
10866c0809 API: Replace Director::direct() with Director::handleRequest().
There was no longer any code in direct() and so I opted to expose the
handleRequest() method instead.
2017-06-27 13:32:39 +12:00
Sam Minnee
72a7655e95 NEW: Moved allowed-hosts checking to a middleware. 2017-06-27 13:32:39 +12:00
Sam Minnee
db080c0603 NEW: Move session activation to SessionMiddleware. 2017-06-27 13:32:39 +12:00
Sam Minnee
254204a3a6 NEW: Replace AuthenticationRequestFilter with AuthenticationMiddleware 2017-06-27 13:32:39 +12:00
Sam Minnee
e855622890 NEW: Replace FlushRequestFilter with FlushMiddleware 2017-06-27 13:32:39 +12:00
Sam Minnee
b30f410ea0 API: Deprecate RequestFilter.
NEW: Allow application of HTTPMiddleware to Director.

Director can now use the same HTTPMiddleware objects as the app object.
They can be applied either globally or pre-rule.
2017-06-27 13:32:39 +12:00
Sam Minnee
26b9bf11ed NEW: Allow “%$” prefix in Injector::get()
Injector::get() looks up services by name. In yaml config it can make
things clearer to prefix service names by %$, which is how they must
be prefixed when referencing nested services within service definitions.

This change means that any other system referencing services will
support an optional prefix without needing to specifically code support
in themselves.
2017-06-27 13:32:39 +12:00
Damian Mooyman
17c8e913bc Merge pull request #7053 from creative-commoners/pulls/4.0/restore-extension-constructor
NEW restored Extension::__construct()
2017-06-26 21:39:55 +12:00
Franco Springveldt
d3d426bdfc NEW restored Extension::__construct() 2017-06-26 17:34:43 +12:00
Sam Minnee
3c35d25a64 FIX: Allow DB::setConfig() in _config.php
This wasn’t working because the database was being validated before
_config.php was loaed.

This is how the installer sets config so this is an important fix.
2017-06-26 14:04:20 +12:00
Ingo Schommer
fa568e333e Fixed linting errors 2017-06-23 11:19:16 +12:00
Will Rossiter
ad54e7eb30 Fix ImportButton not opening the modal 2017-06-23 10:10:01 +12:00
Damian Mooyman
3873e4ba00 API Refactor bootstrap, request handling
See https://github.com/silverstripe/silverstripe-framework/pull/7037
and https://github.com/silverstripe/silverstripe-framework/issues/6681

Squashed commit of the following:

commit 8f65e56532
Author: Ingo Schommer <me@chillu.com>
Date:   Thu Jun 22 22:25:50 2017 +1200

    Fixed upgrade guide spelling

commit 76f95944fa
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 16:38:34 2017 +1200

    BUG Fix non-test class manifest including sapphiretest / functionaltest

commit 9379834cb4
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 15:50:47 2017 +1200

    BUG Fix nesting bug in Kernel

commit 188ce35d82
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 15:14:51 2017 +1200

    BUG fix db bootstrapping issues

commit 7ed4660e7a
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 14:49:07 2017 +1200

    BUG Fix issue in DetailedErrorFormatter

commit 738f50c497
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 11:49:19 2017 +1200

    Upgrading notes on mysite/_config.php

commit 6279d28e5e
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 11:43:28 2017 +1200

    Update developer documentation

commit 5c90d53a84
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 10:48:44 2017 +1200

    Update installer to not use global databaseConfig

commit f9b2ba4755
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 21:04:39 2017 +1200

    Fix behat issues

commit 5b59a912b6
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 17:07:11 2017 +1200

    Move HTTPApplication to SilverStripe\Control namespace

commit e2c4a18f63
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 16:29:03 2017 +1200

    More documentation
    Fix up remaining tests
    Refactor temp DB into TempDatabase class so it’s available outside of unit tests.

commit 5d235e64f3
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 12:13:15 2017 +1200

    API HTTPRequestBuilder::createFromEnvironment() now cleans up live globals
    BUG Fix issue with SSViewer
    Fix Security / View tests

commit d88d4ed4e4
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 16:39:43 2017 +1200

    API Refactor AppKernel into CoreKernel

commit f7946aec33
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 16:00:40 2017 +1200

    Docs and minor cleanup

commit 12bd31f936
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 15:34:34 2017 +1200

    API Remove OutputMiddleware
    API Move environment / global / ini management into Environment class
    API Move getTempFolder into TempFolder class
    API Implement HTTPRequestBuilder / CLIRequestBuilder
    BUG Restore SS_ALLOWED_HOSTS check in original location
    API CoreKernel now requires $basePath to be passed in
    API Refactor installer.php to use application to bootstrap
    API move memstring conversion globals to Convert
    BUG Fix error in CoreKernel nesting not un-nesting itself properly.

commit bba9791146
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 18:07:53 2017 +1200

    API Create HTTPMiddleware and standardise middleware for request handling

commit 2a10c2397b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 17:42:42 2017 +1200

    Fixed ORM tests

commit d75a8d1d93
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 17:15:07 2017 +1200

    FIx i18n tests

commit 06364af3c3
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 16:59:34 2017 +1200

    Fix controller namespace
    Move states to sub namespace

commit 2a278e2953
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 12:49:45 2017 +1200

    Fix forms namespace

commit b65c21241b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 15 18:56:48 2017 +1200

    Update API usages

commit d1d4375c95
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 15 18:41:44 2017 +1200

    API Refactor $flush into HTPPApplication
    API Enforce health check in Controller::pushCurrent()
    API Better global backup / restore
    Updated Director::test() to use new API

commit b220534f06
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 22:05:57 2017 +1200

    Move app nesting to a test state helper

commit 603704165c
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 21:46:04 2017 +1200

    Restore kernel stack to fix multi-level nesting

commit 2f6336a15b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 17:23:21 2017 +1200

    API Implement kernel nesting

commit fc7188da7d
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:43:13 2017 +1200

    Fix core tests

commit a0ae723514
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:23:52 2017 +1200

    Fix manifest tests

commit ca03395251
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:00:00 2017 +1200

    API Move extension management into test state

commit c66d433977
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 14:10:59 2017 +1200

    API Refactor SapphireTest state management into SapphireTestState
    API Remove Injector::unregisterAllObjects()
    API Remove FakeController

commit f26ae75c6e
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 12 18:04:34 2017 +1200

    Implement basic CLI application object

commit 001d559662
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 12 17:39:38 2017 +1200

    Remove references to SapphireTest::is_running_test()
    Upgrade various code

commit de079c041d
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 7 18:07:33 2017 +1200

    API Implement APP object
    API Refactor of Session
2017-06-22 22:50:45 +12:00
Loz Calver
5d27dccd60 NEW: Add CSRF token to logout action 2017-06-21 15:42:13 +01:00
Damian Mooyman
306d801258 Merge pull request #6984 from dhensby/pulls/4/default-pdo
NEW DB Driver defaults to PDO
2017-06-18 21:27:32 +12:00
Chris Joe
8c91d48d3a Merge pull request #7033 from open-sausages/pulls/4.0/remove-parse-indexspec
FIX Remove reference to removed method parseIndexSpec
2017-06-16 16:40:51 +12:00
Chris Joe
102eaed36c Merge pull request #6722 from open-sausages/pulls/4.0/requirements-html-cleanup
Better HTML generation behaviour for Requirements_Backend
2017-06-16 13:52:06 +12:00
Damian Mooyman
64e802f795
API Move createTag to HTML class
ENHANCEMENT Better HTML generation behaviour for Requirements_Backend
2017-06-16 12:22:05 +12:00
Damian Mooyman
54879402ce
BUG Removed reserved / removed / invalid country codes
Fixes #6996
2017-06-16 11:38:00 +12:00
Damian Mooyman
957d238caa
FIX Remove reference to removed method parseIndexSpec
Fixes #6968
2017-06-16 11:20:52 +12:00
Damian Mooyman
0f90c5b63f ENHANCEMENT Update style of CMSLogin form 2017-06-15 18:13:14 +12:00
Damian Mooyman
024371c37e
API Change authentication ValidationResult handling to pass by-reference 2017-06-15 17:25:23 +12:00
Damian Mooyman
62d095305b
API Update DefaultAdmin services
API Improve validation of authentication process
2017-06-15 15:53:57 +12:00
Simon Erkelens
576eee72dc Remove DefaultAdmin things from Security and Member into the MemberAuthenticator, unifying and removing duplicate code. 2017-06-15 14:20:29 +12:00
Chris Joe
950b1dfec2 Merge pull request #7010 from flamerohr/pulls/4.0/no-path-to-follow
Enhancement show the path which threw the error
2017-06-12 10:36:46 +12:00
Damian Mooyman
0dcfa5fa9d FIX CMSSecurity doesn't have Authenticators assigned. 2017-06-12 10:10:34 +12:00
Christopher Joe
7178caf4a9 Enhancement show the path which threw the error 2017-06-12 10:08:12 +12:00
Simon Erkelens
3fe837dad7 Fix for CMS Authenticator. Should only apply to CMSSecurity 2017-06-10 14:47:53 +12:00
Simon Erkelens
5c4e55b60d It's not CascadeLogInTo anymore, it's CascadeInTo
I'm mildly surprised this didn't break. I changed it to CascadeInTo, as the logout action needs to cascade into the session as well.
2017-06-10 12:58:22 +12:00
Damian Mooyman
d89bd15330
Move authentication hooks to SapphireTest 2017-06-09 16:25:40 +12:00
Damian Mooyman
62753b3cb1
Cleanup and RequestFilter refactor 2017-06-09 15:07:35 +12:00
Simon Erkelens
5fce3308b4 Move LostPasswordHandler in to it's own class.
- Moved the Authenticators from statics to normal
- Moved MemberLoginForm methods to the getFormFields as they make more sense there
- Did some spring-cleaning on the LostPasswordHandler
- Removed the BuildResponse from ChangePasswordHandler after spring cleaning
2017-06-08 20:09:57 +12:00
Simon Erkelens
082db89550 Feedback from Damian.
- Move the success and message to a validationresult
- Fix tests for validationresult return
- We need to clear the session in Test logOut method
- Rename to MemberAuthenticator and CMSMemberAuthenticator for consistency.
- Unify all to getCurrentUser on Security
- ChangePasswordHandler removed from Security
- Update SapphireTest for CMS login/logout
- Get the Member ID correctly, if it's an object.
- Only enable "remember me" when it's allowed.
- Add flag to disable password logging
- Remove Subsites coupling, give it an extension hook to disable itself
- Change cascadeLogInTo to cascadeInTo for the logout method logic naming
- Docblocks
- Basicauth config
2017-06-08 17:50:20 +12:00
Simon Erkelens
2b26cafcff Separate out the log-out handling.
Repairing tests and regressions
Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()`
Fix for the logout handler to properly logout, some minor wording updates
Remove the login hashes for the member when logging out.
BasicAuth to use `HTTPRequest`
2017-06-07 21:11:58 +12:00
Sam Minnee
f9ea752bae NEW: Add AuthenticationHandler interface
NEW: Add IdentityStore for registering log-in / log-out data
NEW: Add AuthenticationRequestFilter for managing login
NEW: Add Security:setCurrentUser() / Security::getCurrentUser()
NEW: Add FunctionalTest::logOut()
2017-06-07 21:11:55 +12:00
Simon Erkelens
c4194f0ed2 CMS Login Handling
Move to canLogin in the authentication check. Protected isLockedOut

Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken.

logOut could be managed from the Authenticator instead of the member
2017-06-07 21:11:54 +12:00
Sam Minnee
7af7e6719e API: Security.authenticators is now a map, not an array
Authenticators is now a map of keys -> service names. The key is used
in things such as URL segments. The “default_authenticator” value has
been replaced with the key “default” in this map, although in time a
default authenticator may not be needed.
IX: Refactor login() to avoid code duplication on single/multiple handlers
IX: Refactor LoginHandler to be more amenable to extension
IX: Fixed permissionFailure hack
his LoginHandler is expected to be the starting point for other
custom authenticators so it should be easier to repurpose components
`of it.
IX: Fix database-is-ready checks in tests.
IX: Fixed MemberAuthenticatorTest to match the new API
IX: Update security URLs in MemberTest
2017-06-07 21:11:53 +12:00
Sam Minnee
e226b67d06 Refactoring of authenticators
Further down the line, I'm only returning the `Member` on the doLogin, so it's possible for the Handler or Extending Handler to move to a second step.
Also cleaned up some minor typos I ran in to. Nothing major.

This solution works and is manually tested for now. Supports multiple login forms that end up in the correct handler. I haven't gotten past the handler yet, as I've yet to refactor my Yubiauth implementation.

FIX: Corrections to the multi-login-form support.

Importantly, the system provide a URL-space for each handler, e.g.
“Security/login/default” and “Security/login/other”. This is much
cleaner than identifying the active authenticator by a get parameter,
and means that the tabbed interface is only needed on the very first view.

Note that you can test this without a module simply by loading the
default authenticator twice:

SilverStripe\Security\Security:
  authenticators:
    default: SilverStripe\Security\MemberAuthenticator\Authenticator
    other: SilverStripe\Security\MemberAuthenticator\Authenticator

FIX: Refactor delegateToHandler / delegateToHandlers to have less
duplicated code.
2017-06-07 21:11:52 +12:00
Daniel Hensby
856aa79892 Merge pull request #6987 from open-sausages/pull/4.0/3239-consisten-fist-last-returns
Consistent return values for first and last methods
2017-06-06 16:59:04 +01:00
Damian Mooyman
8c0ced311f Merge pull request #6998 from AntonyThorpe/StrictFormMethodCheck
Updated Form.php & 04_Form_Security.md  - strictFormMethodCheck to true
2017-06-06 23:06:11 +12:00
Antony Thorpe
6348f2e3e8 Updated Form.php & 04_Form_Security.md
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
2017-06-06 21:10:49 +12:00
Saophalkun Ponlu
e267d29b9a BUG Consistent return values for first and last methods 2017-06-06 17:22:55 +12:00
Christopher Joe
d12c986dd5
Fixes printing from crashing 2017-06-06 13:31:37 +12:00
Daniel Hensby
9a0e01d4a0
NEW DB Driver defaults to PDO 2017-06-01 11:00:35 +01:00
Daniel Hensby
11de4abe0a Merge pull request #6977 from andrewandante/FIX/move_dotenv_higher
move TRUSTED_PROXY below .env loader
2017-05-30 12:41:09 +01:00
Andrew Aitken-Fincham
8f44b8f0ba move trusted_proxy_ips below .env loader 2017-05-30 12:18:47 +01:00
Damian Mooyman
b27ef810d4 Merge pull request #6974 from colintucker/fix-csv-bulk-loader
Fixes a bug with split file names during CSV import
2017-05-30 16:18:06 +12:00
Damian Mooyman
e7d87add9f API Remove legacy HTMLEditor classes 2017-05-30 11:01:28 +12:00
Nick
acb74a8577 Fix $class variable from being clobbered
The $class variable gets overwritten in the function.

This causes error messages to be less helpful. For example if you setup a has_many but forget the has_one on the other side the error will look something like

`[Emergency] Uncaught Exception: No has_one found on class 'SomeObject', the has_many relation from 'SilverStripe\View\ViewableData' to 'SomeObject' requires a has_one on 'SomeObject'`

fixing this gives a more useful error, like

`[Emergency] Uncaught Exception: No has_one found on class 'SomeObject', the has_many relation from 'Page' to 'SomeObject' requires a has_one on 'SomeObject'`
2017-05-29 20:31:09 +12:00
Colin Tucker
db59e51c4a Fixes a bug with split file names during CSV import 2017-05-29 16:08:23 +10:00
Damian Mooyman
963d9197d3
API Ensure that all DataQuery joins are aliased based on relationship name 2017-05-26 13:38:58 +12:00
Daniel Hensby
893f19a5ea
DOCS Updating index definition examples 2017-05-25 23:29:12 +01:00
Daniel Hensby
3e556b5966
NEW Move index generation to DataObjectSchema and solidify index spec 2017-05-25 23:29:12 +01:00
Damian Mooyman
0cd40ca6e5
BUG Fix minor accessors of legacy ->class property 2017-05-25 11:55:12 +12:00
Damian Mooyman
29f450b1e1 Revert injector type hint to Injector 2017-05-25 11:06:48 +12:00