Commit Graph

2282 Commits

Author SHA1 Message Date
3Dgoo
f0c00bfb78 Fixing language typo in docs 2017-06-13 05:37:07 +09:30
Simon Erkelens
2b26cafcff Separate out the log-out handling.
Repairing tests and regressions
Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()`
Fix for the logout handler to properly logout, some minor wording updates
Remove the login hashes for the member when logging out.
BasicAuth to use `HTTPRequest`
2017-06-07 21:11:58 +12:00
Antony Thorpe
6348f2e3e8 Updated Form.php & 04_Form_Security.md
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
2017-06-06 21:10:49 +12:00
Damian Mooyman
9b965ed5fa
Add in missing changelog notes 2017-06-06 11:08:05 +12:00
Ingo Schommer
b137e91998 Internal security process docs 2017-06-02 11:30:12 +12:00
Justin Brown
ac08e16720 Update to 00_CSV_Import.md
Adding further explanation for using a custom CsvBulkLoader in ModelAdmin instead of the default one. I think some people might be able to guess at this, but others (like me) might benefit from making things a bit more explicit. This a follow up from my [question on StackOverflow](https://stackoverflow.com/questions/44271755/adding-custom-csvbulkuploader-to-modeladmin-in-silverstripe).
2017-05-31 09:05:05 -06:00
Ed Linklater
f007fca51f Docs: Correct Stevie's name on committers page 2017-05-31 12:27:06 +12:00
Daniel Hensby
21d2e5cad1
Merge branch '3.6' into 3 2017-05-31 00:12:14 +01:00
Daniel Hensby
becb769167
Merge branch '3.5' into 3.6 2017-05-31 00:11:48 +01:00
Daniel Hensby
294df1320f
Merge branch '3.4' into 3.5 2017-05-31 00:11:18 +01:00
Daniel Hensby
143c4a63cf
Added 3.6.0 changelog 2017-05-30 22:11:03 +00:00
Daniel Hensby
2f7f761a9c
Added 3.5.4 changelog 2017-05-30 22:03:17 +00:00
Daniel Hensby
deca99a5fe
Added 3.4.6 changelog 2017-05-30 21:58:52 +00:00
Damian Mooyman
e7d87add9f API Remove legacy HTMLEditor classes 2017-05-30 11:01:28 +12:00
Nick
318b0248b7 Update 05_Dataobject_Relationship_Management.md
Correct a naffed up code block and a typo
2017-05-29 20:54:50 +12:00
Daniel Hensby
659053a256
Added 3.6.0-rc1 changelog 2017-05-29 00:36:04 +00:00
Daniel Hensby
cda7e8dc39
Merge remote-tracking branch 'security/3.5.4' into 3.6.0 2017-05-29 01:29:05 +01:00
Daniel Hensby
9a38bedd18
Added 3.5.4-rc1 changelog 2017-05-29 00:08:27 +00:00
Daniel Hensby
24166700e8
Merge remote-tracking branch 'security/3.4.6' into 3.5.4 2017-05-29 01:02:35 +01:00
Daniel Hensby
b5ad4bdcc6
Added 3.4.6-rc2 changelog 2017-05-28 23:49:04 +00:00
Daniel Hensby
eeb549faf3
Added 3.4.6-rc1 changelog 2017-05-28 21:34:38 +00:00
Aaron Carlino
06615e3d76 Resample doc images for react di 2017-05-26 11:08:07 +12:00
Chris Joe
5ec8d40c19 Merge pull request #6957 from open-sausages/pulls/4/react-di-documentation
Docs for React DI
2017-05-26 10:59:42 +12:00
Daniel Hensby
893f19a5ea
DOCS Updating index definition examples 2017-05-25 23:29:12 +01:00
Aaron Carlino
bfc373cf0f update docs with new api 2017-05-25 16:34:32 +12:00
Aaron Carlino
75981989b0 Docs for React DI 2017-05-25 14:58:55 +12:00
Christopher Joe
e327bf3c70 Enhancement add contribution notes about releasing to NPM 2017-05-24 17:07:05 +12:00
Damian Mooyman
fba8e2c245 API Remove Object class
API DataObjectSchema::manyManyComponent() return array is now associative array
2017-05-23 13:50:35 +12:00
Damian Mooyman
2aa3b5d5fa Merge pull request #6934 from robbieaverill/pulls/4.0/consistent-instance-method
API Consistent use of inst() naming across framework
2017-05-22 11:57:20 +12:00
Damian Mooyman
4197090e11 Merge pull request #6940 from kinglozzer/randomgenerator
Only use random_bytes() for RandomGenerator (closes #6397)
2017-05-22 10:29:55 +12:00
Loz Calver
e653e90997 Only use random_bytes() for RandomGenerator (closes #6397) 2017-05-19 11:18:56 +01:00
Robbie Averill
f2cbe86f03 Remove CustomMethods::createMethod and create_function implementations, replace with closures 2017-05-19 15:56:44 +12:00
Robbie Averill
ad43a82923 API Consistent use of inst() naming across framework 2017-05-19 14:38:06 +12:00
Ingo Schommer
100048da33 API PSR-11 compliance (fixes #6594) (#6931)
Note that our usage of `$asSingleton` in `get()` is fine. Quote from the PSR:

> Two successive calls to get with the same identifier SHOULD return the same value. However, depending on the implementor design and/or user configuration, different values might be returned, so user SHOULD NOT rely on getting the same value on 2 successive calls.
2017-05-19 13:45:07 +12:00
Daniel Hensby
283e3279be
Merge branch '3.6' into 3 2017-05-18 13:55:07 +01:00
Loz Calver
471166c15e Merge pull request #6169 from open-sausages/pulls/4.0/duplicate-manymany-option
API Duplication of many_many relationships now defaults to many_many only
2017-05-17 09:31:09 +01:00
Damian Mooyman
f5f6fdce12
API Duplication of many_many relationships now defaults to many_many only
Fixes https://github.com/silverstripe/silverstripe-cms/issues/1453
2017-05-16 23:26:39 +12:00
Colm McBarron
8666d4abb2 Update YAML format to use namespace 2017-05-16 11:49:39 +01:00
Damian Mooyman
259f957ce8 API Rename services to match FQN of interface / classes 2017-05-16 14:15:49 +12:00
Damian Mooyman
0b70b008b3 API Implement InheritedPermission calculator (#6877)
* API Implement InheritedPermission calculator

* API Rename RootPermissions to DefaultPermissionChecker
API Refactor inherited permission fields into InheritedPermissionExtension
API Introduce PermissionChecker interface
2017-05-11 21:07:27 +12:00
Aaron Carlino
7fa47e234f New API for minified files using injectable service 2017-05-11 10:14:16 +12:00
Daniel Hensby
9bdce9790d
Added 3.6.0-beta2 changelog 2017-05-10 21:55:25 +01:00
Ingo Schommer
da3236b0e7 Merge pull request #6887 from open-sausages/pulls/4.0/docs-calendar-year-format
Doc dateformats with calendar year
2017-05-09 23:07:25 +12:00
Loz Calver
7ae203908f Merge pull request #6882 from robbieaverill/patch-6
DOCS Fix broken markdown rendering in 03_Template_debugging.md
2017-05-09 09:38:28 +01:00
Sam Minnée
33119a1f36 Merge branch 'master' into pulls/4.0/remove-deprecated-methods 2017-05-09 15:31:53 +12:00
Ingo Schommer
7c2f49d443 API Removed RootURLController:set_default_homepage_link() 2017-05-09 11:38:35 +12:00
Ingo Schommer
cec983b628 API Removed deprecated ModelAsController::find_old_page() 2017-05-09 11:38:35 +12:00
Ingo Schommer
5784a7d2d7 API Removed deprecated Security::set_login_recording() 2017-05-09 11:38:35 +12:00
Ingo Schommer
2a7c76e9e9 API Removed deprecated DatabaseAdmin#clearAllData() 2017-05-09 11:38:35 +12:00
Ingo Schommer
81e5c7ac40 API Removed deprecated Session::set_config() 2017-05-09 11:38:35 +12:00
Ingo Schommer
1d438d3fb5 API Remove deprecated FormAction::createTag() 2017-05-09 11:38:35 +12:00
Ingo Schommer
0d9b383631 API Removed legacy form fields (fixes #6099) 2017-05-09 11:16:41 +12:00
Ingo Schommer
20e57e9dec Doc dateformats with calendar year
https://github.com/silverstripe/silverstripe-framework/issues/3749
http://stackoverflow.com/questions/1978051/zend-datetostring-outputs-the-wrong-year-bug-in-my-code-or-zend-date
https://en.wikipedia.org/wiki/ISO_week_date#Disadvantages
2017-05-08 22:08:14 +12:00
Jake Bentvelzen
ecefcc8f0e DOC Add documentation for how to use alternate ConfigStaticManifest 2017-05-08 17:52:13 +12:00
Robbie Averill
f2b21fb828 DOCS Fix broken markdown rendering in 03_Template_debugging.md 2017-05-08 17:40:02 +12:00
Damian Mooyman
942c0257b7 API Upgrade to behat 3 2017-05-05 14:32:07 +12:00
Damian Mooyman
edcb46bd3a Merge pull request #6836 from sminnee/cli-error-fix
FIX: Show detailed errors on CLI for live environments
2017-05-03 15:49:09 +12:00
Aaron Carlino
dd7777321f Added 4.0.0-alpha7 changelog 2017-05-02 13:16:17 +12:00
Sam Minnee
4c772c80c3 FIX: Show detailed errors on CLI for live environments
API: Add HTTPOutputHandler::setCLIFormatter

Fixes https://github.com/silverstripe/silverstripe-framework/issues/6835

This provides detailed errors (but not warnings or notices) in CLI calls
on live environments.

It does this by adding a 2nd argument to our output handler,
CliFormatter. This formatter will be used when Director::is_cli() is
true.
2017-05-01 15:28:48 +12:00
Damian Mooyman
61388b153f API Rewrite Date and Time fields to support HTML5 2017-04-28 10:06:37 +12:00
Ingo Schommer
a73abbfcb8 unit test cleanup 2017-04-27 09:18:38 +12:00
Ingo Schommer
1ec2abe75f Fixed timezone and normalised ISO handling
A few observations:
- ISO says “T” is optional (https://en.wikipedia.org/wiki/ISO_8601#cite_note-21),
- WHATWG says in the HTML5 spec that it’s optional (https://html.spec.whatwg.org/multipage/infrastructure.html#local-dates-and-times)
- W3C says it’s reqiured in 1997 (https://www.w3.org/TR/NOTE-datetime), but then later says it’s optional in its HTML5 spec (https://www.w3.org/TR/html5/infrastructure.html#floating-dates-and-times).
- Chrome doesn’t parse values with whitespace separators (requires "T")
- DataObject DBDatetime values and database columns use whitespace separators (and will have many devs relying on this format)
- MySQL only supports whitespace separators (https://dev.mysql.com/doc/refman/5.7/en/datetime.html)
- SQLite can parse both ways (https://sqlite.org/lang_datefunc.html)

So the goal here is to retain ORM/database compatibility with 3.x (whitespace separator),
while exposing "T" separators to the browser in HTML5 mode.

Regarding timezones, this fixes a regression where setValue() would not actually
apply the timezone (last $value assignment is ineffective now that sub fields are removed).
2017-04-26 22:55:29 +12:00
Saophalkun Ponlu
507add8566 Update changelogs 2017-04-26 22:45:07 +12:00
Robbie Averill
0391596786 DOCS Remove tabs from JSON examples to fix code blocks 2017-04-23 21:14:12 +12:00
Simon Erkelens
ff3ad6eb6b Use Config for authenticator settings 2017-04-22 14:48:56 +12:00
root
96d323fba1 Added 3.6.0-beta1 changelog 2017-04-21 11:49:44 +01:00
Damian Mooyman
c21f71405f Merge pull request #6823 from open-sausages/pulls/4.0/remove-TeamCityListener
Removed TeamCityListener
2017-04-21 15:56:20 +12:00
Damian Mooyman
629465584e Merge pull request #6825 from open-sausages/pulls/4.0/skip-without-phpunit
Don't fail dev/build without phpunit
2017-04-21 15:38:22 +12:00
Chris Joe
430c7ad79a Merge pull request #6824 from micmania1/patch-13
DOCS Corrected logger documentation
2017-04-21 15:18:22 +12:00
Ingo Schommer
0a55ff9f8c API Remove SapphireTestReporter and CliTestReporter
Was missed from the removal of PHPUnitWrapper:
a16588aac3

Original reason for this: Don't fail dev/build without phpunit
When you install a SilverStripe project with "composer install --no-dev",
the PHPUnit dependency gets skipped. Which means the PHPUnit_Framework_TestListener
interface doesn't exist. The SilverStripe Classloader might still include
SapphireTestReporter which relies on this interface, which then breaks execution.

SS3 fixed this by NOT defining the class in the first place.
This has been removed in 2fdc96a0de (diff-82b3f89e8e5ae090c93e9c3a2ba8aa36L3),
as part of a PHPUnit version upgrade - but without an apparent fix to replace this.
2017-04-21 15:11:59 +12:00
Michael Strong
484e15807c DOCS Corrected logger documentation 2017-04-21 13:15:14 +12:00
Ingo Schommer
60e4c011de Removed TeamCityListener 2017-04-21 12:13:13 +12:00
Michael Strong
649dad526b DOCS Fixed namespace for factory 2017-04-21 10:54:21 +12:00
Damian Mooyman
2548bfba1e API Replace SS_HOST with SS_BASE_URL
API Remove Director::$test_servers / $dev_servers
API Remove MODULES_PATH / MODULES_DIR constants
ENHANCEMENT Injector backtick syntax now supports environment variables as well as constants
Fixes #6588
2017-04-20 22:28:57 +12:00
Aaron Carlino
fdd9ad6dbc MINOR: Add documentation for aggregate filters (#6796)
* MINOR: Add documentation for aggregate filters

* Update 01_Data_Model_and_ORM.md

* Update 01_Data_Model_and_ORM.md
2017-04-19 15:44:00 +12:00
Sam Minnee
9b1baa9503 DOCS: API changes from f862ce71d5 2017-04-18 17:04:40 +12:00
Damian Mooyman
e2b0c56175 Merge pull request #6791 from caffeineinc/master
Documentation: Updated Index & Secure Coding Practices
2017-04-18 11:24:25 +12:00
Damian Mooyman
136b67f597
API Major refactor of Hierarchy into MarkedSet 2017-04-13 16:27:13 +12:00
Damian Mooyman
22b6835537 Move cache upgrade instructions into Upgrading Guide section 2017-04-13 16:23:05 +12:00
Simon Gow
5f82997690 Secure Coding - Security Headers, Force HTTPS and Cookies
- Amending best practices for secure coding to enforce HTTPS
- Add security headers to enforce HTTPS
- Ensure secure cookies are used.
- Added links for testing, changed documentation as part of peer review.
- Arrange headers to work with HTTP interface.
- fixed Cache-Control case
- Added reference to Secure Sessions.
- Replaced Cardinality with unique
- Fixed innacurate reference to decendant.
- Consistent spelling
- Databases over DBMSs
2017-04-13 13:59:02 +12:00
Simon Gow
8d2a1ba8be Index documentation
- updating index documentation to give a better description of how to improve performance with silverstripe applications
2017-04-07 11:27:07 +12:00
Damian Mooyman
92a5e4a057
API Refactor CMS-specific code out of LeftAndMain 2017-04-06 13:26:32 +12:00
Damian Mooyman
5c50ab5884 Added 4.0.0-alpha6 changelog 2017-04-05 16:17:48 +12:00
Damian Mooyman
ed9b2edf7d Added 4.0.0-alpha6 changelog 2017-04-05 16:13:01 +12:00
Sam Minnee
061b71328b Update docs. 2017-04-05 11:06:10 +10:00
Nic
091d355059 DOCS update example to use Config::modify 2017-04-04 19:18:23 -05:00
Damian Mooyman
24d1207eb9 Merge pull request #6769 from sminnee/mssql-community-support
NEW: Downgrade MSSQL from commercially supported to community supported
2017-04-05 10:23:26 +12:00
Ingo Schommer
5b2106ad8a Corrected i18n docs 2017-04-03 20:04:43 +12:00
Sam Minnee
bb880a3257 FIX: Clarify PHP 5.6 support for 4.x 2017-04-03 12:29:34 +12:00
Sam Minnee
8b1c020b9f NEW: Downgrade MSSQL from commercially supported to community supported
As of SS4 I recommend that we clarify the level of support we provide
for MSSQL. The testing coverage of MSSQL and production use of it in
systems supported by the core team both seems very low.

MSSQL support was a lot more important in a pre-cloud-hosting world, but
these days our recommendation is to run SilverStripe on a stack that its
designed to work with rather than trying to fit it into your existing
hosting infrastructure.
2017-04-03 12:29:23 +12:00
Ingo Schommer
3b94d14e42 MERGE 2017-04-03 12:11:21 +12:00
Ingo Schommer
326aa37ea4 API HTML5 date/time fields, remove member prefs (fixes #6626) 2017-03-31 15:21:47 +13:00
Ingo Schommer
4b79940368 API Drop IE10 support (fixes #6321) 2017-03-31 10:50:42 +13:00
Daniel Hensby
ac075eaf0b Remove TestListener and rely on PHPUnits APIs 2017-03-30 11:46:58 +13:00
Ingo Schommer
dfc0dec7b3 Require LICENSE in supported modules (no *.md)
It's more standard to have this file in the webroot.
It's technically markdown compatible text (e.g. asterisk bullet points),
but there's not much point in rendering it via markdown.

If you use the Github "new repo" dialog, it'll create the file without
an extension, so that's pretty much considered the standard.
2017-03-28 16:12:24 +13:00
Sam Minnée
cfa6a36697 Merge pull request #6706 from open-sausages/pulls/4.0/manifest-cache
API Build new ManifestCache based on PSR-16 SimpleCache
2017-03-21 10:29:03 +13:00
Damian Mooyman
480597e5ff Add missing docs to upgrading guide for cache config 2017-03-21 09:43:49 +13:00
Damian Mooyman
3a0099161b API Remove Log class 2017-03-21 09:43:49 +13:00
Damian Mooyman
54ba08a306 API Replace ManifestCache with ManifestCacheFactory
API Remove lots of deprecated module code from ClassManifest
2017-03-21 09:43:48 +13:00
Ingo Schommer
1efa22f9bb Reinstate 7.0 support, clarify policy
We’ve discussed dropping support for 5.6 once it’s EOL on https://github.com/silverstripe/silverstripe-framework/issues/6705.
The same question needs to be asked for 7.0, which goes EOL in the same month. And should be generalised to future PHP versions.
Follow up to https://github.com/silverstripe/silverstripe-framework/pull/6718/
2017-03-21 08:28:08 +13:00