Commit Graph

10759 Commits

Author SHA1 Message Date
Hamish Friedlander
7afcd64418 FIX Make ShortcodeParser obey error_behavior in attribute scope 2013-02-22 11:34:15 +13:00
Hamish Friedlander
1ee01c39d4 FIX ShortcodeParser producing bad output after escaped tag
Also tightens up matching of shortcodes so we dont match on invalid shortcodes
2013-02-22 10:30:51 +13:00
Sean Harvey
8a70019e78 Merge pull request #1213 from silverstripe-rebelalliance/feature/shortcodes
FIX issues with new shortcode parser
2013-02-19 14:12:28 -08:00
Hamish Friedlander
76fdb2a2d6 FIX ShortcodeParser#parse in < PHP 5.3.6 where saveHTML doesnt take arg 2013-02-20 10:57:06 +13:00
Hamish Friedlander
cbef44b8d6 FIX Make ShortcodeParser#parse passthrough not error on invalid HTML 2013-02-20 10:57:06 +13:00
Hamish Friedlander
5bbf94d2f4 FIX HTML5 parser not tracking context correctly 2013-02-20 10:57:06 +13:00
Ingo Schommer
876c660018 Merge pull request #1195 from chillu/pulls/deprecate-scheduled-tasks
API Deprecated ScheduledTask and subclasses
2013-02-19 01:01:53 -08:00
Ingo Schommer
aa0d4e6c90 Merge pull request #1202 from roed/3.1
fixed error property $ of object is not a function
2013-02-19 00:25:52 -08:00
roed
396af557df fixed error property $ of object is not a function
changed $ to jQuery, because without it the system would generate the following error:

Uncaught TypeError: Property '$' of object [object Window] is not a function
2013-02-19 09:20:29 +01:00
Will Rossiter
d00fa67f3e Merge pull request #1196 from Instagraeme/patch-1
Correct exception message in form constructor
2013-02-18 14:44:13 -08:00
Graeme Smith
a1114b8fcb MINOR: Correct exception message in constructor 2013-02-18 15:01:48 +00:00
Ingo Schommer
fe04753be2 Merge branch '3.1.0-beta2' into 3.1 2013-02-18 15:37:35 +01:00
Ingo Schommer
14dcc82e76 BUG Find Form actions in CompositeFields for access checks
This bug was introduced with the new nested CMS actions
around December 2012, but wasn't noticed until now
because checkAccessAction() would wrongly return TRUE
before the dataFieldByName() check was reached.
2013-02-18 15:30:36 +01:00
Ingo Schommer
a86e4ee00c Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	tests/injector/InjectorTest.php
	tests/travis/before_script
2013-02-18 14:15:42 +01:00
Ingo Schommer
6c30b80257 Hardcode travis branch on dependencies, otherwise breaks pull request builds
Pull requests are always on a branch, and this branch
typically is not present on the installer.

This changes means we need to be careful when merging into 3.1
and master, but that's a necessary evil.
2013-02-18 14:14:30 +01:00
Ingo Schommer
9e2e050f20 Hardcode travis branch on dependencies, otherwise breaks pull request builds
Pull requests are always on a branch, and this branch
typically is not present on the installer.

This changes means we need to be careful when merging into 3.1
and master, but that's a necessary evil.
2013-02-18 14:13:07 +01:00
Ingo Schommer
88867cdd23 API Deprecated ScheduledTask and subclasses
Base CliController or BuildTask instead, with custom cron job intervals.
2013-02-18 14:01:15 +01:00
Ingo Schommer
2b3098a3f4 Merge pull request #1194 from ARNHOE/patch-4
Create nl_NL.js for framework admin
2013-02-18 03:15:20 -08:00
ARNHOE
924c76ccb1 Create nl_NL.js 2013-02-18 03:13:09 -08:00
Ingo Schommer
2ee57eb715 Merge pull request #1193 from ARNHOE/patch-3
Update javascript/lang/nl_NL.js
2013-02-18 03:11:47 -08:00
ARNHOE
823b2acda3 Update javascript/lang/nl_NL.js 2013-02-18 12:09:38 +01:00
Ingo Schommer
89f963c468 Merge pull request #1191 from ARNHOE/patch-1
Create nl.js for ssbuttons
2013-02-18 02:26:33 -08:00
Ingo Schommer
32943dff1b Merge pull request #1192 from ARNHOE/patch-2
Create nl.js for ssmacron
2013-02-18 02:25:58 -08:00
ARNHOE
7e88e67621 Create nl.js 2013-02-18 02:20:50 -08:00
ARNHOE
70d20ada3a Create nl.js 2013-02-18 02:20:02 -08:00
Simon Welsh
b81386a431 Correct check for File subclass 2013-02-18 17:35:17 +13:00
Hamish Friedlander
7ec8ebbf9e Add 3.1.0-beta2 changelog 2013-02-18 17:09:22 +13:00
Hamish Friedlander
baf894d84a FIX CDATA sections in HTML5 are invalid so remove from test 2013-02-18 17:02:11 +13:00
Hamish Friedlander
1f4c8174e6 FIX new ShortcodeParser handling of empty strings and escapes 2013-02-18 17:00:42 +13:00
Sean Harvey
db56d17056 Merge pull request #1190 from silverstripe-rebelalliance/feature/shortcodes
NEW Make shortcode parser more clever about placement
2013-02-17 19:00:14 -08:00
Hamish Friedlander
9ecea763c3 Merge pull request #1186 from nyeholt/injector_configged_create
FIX issue with Injector::create not passing args
2013-02-17 18:38:24 -08:00
Hamish Friedlander
f4f2862188 Fix up /dev/build which should really have ever worked, but used to 2013-02-18 15:08:15 +13:00
Hamish Friedlander
4b54383d68 API change request handling to be more orthogonal
RequestHandler#handleAction now exists. It takes the request, and
the action to call on itself. All calls from handleRequest to call an action
will go through this method

Controller#handleAction has had it's signature changed to
match new RequestHandler#handleAction

RequestHandler#findAction has been added, which extracts the
"match URL to rules to find action" portion of RequestHandler#handleRequest
into a separate, overrideable function

GridField#handleAction has beeen renamed to handleAlterAction and
CMSBatchActionHandler#handleAction has been renamed to handleBatchAction to
avoid name clash with new RequestHandler#handleAction

Reason for change: The exact behaviour of request handling depended heavily
on whether you inherited from RequestHandler or Controller, and whether the
rule extracted it's action directly (like "foo/$ID" => 'foo') or dynamically
(like "$Action/$ID" => "handleAction"). This cleans up behaviour so
all calls follow the same path through handleRequest and handleAction, and
the additional behaviour that Controller adds is clear.
2013-02-18 14:56:04 +13:00
Hamish Friedlander
5fd55a50f2 API Tighten up allowed_actions
allowed_actions is now only allowed to reference public methods defined
on the same Controller as the allowed_actions static, and
the wildcard "*" has been deprecated
2013-02-18 14:53:33 +13:00
Hamish Friedlander
7efae6b95f Merge remote-tracking branch 'origin/3.0' into 3.1 2013-02-18 14:31:57 +13:00
Ingo Schommer
37b8034462 Fixed changelog 2013-02-18 01:34:51 +01:00
Ingo Schommer
ad9f26a00f Updated changelog 2013-02-18 01:29:30 +01:00
Ingo Schommer
eafafb31e3 Fixed screen.css (wrong compilation) 2013-02-18 01:28:17 +01:00
Ingo Schommer
62987139d4 Updated changelog 2013-02-18 01:19:33 +01:00
Ingo Schommer
d3d0b21e80 Updated translations 2013-02-18 01:17:30 +01:00
Ingo Schommer
30096ee730 BUGFIX Keep Member.PasswordEncryption setting on empty passwords
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
2013-02-17 23:30:41 +01:00
Ingo Schommer
d51e0bc2ec Improved docs on $allowed_actions
Added section to "Controllers" and "Form" topics,
added $allowed_actions definitions to all controller examples
2013-02-17 23:30:40 +01:00
Ingo Schommer
f06ba70fc9 BUG Undefined $allowed_actions overrides parent definitions, stricter handling of $allowed_actions on Extension
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.

Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
2013-02-17 23:30:36 +01:00
Ingo Schommer
303352926b 3.0.4 changelog update 2013-02-17 23:28:22 +01:00
Ingo Schommer
f8bbc0a726 BUGFIX Escape HTML in DropdownField and ListboxField
Fixes reflected XSS in Group titles when using
in group selections (e.g. in "New Member" form).
2013-02-17 23:27:15 +01:00
Ingo Schommer
604ede30a4 BUGFIX Escape HTML in CMS status messages 2013-02-17 23:27:15 +01:00
Ingo Schommer
7bb0bbff0e BUGFIX Fixed XSS in admin/security and "My Profile" forms 2013-02-17 23:27:15 +01:00
Hamish Friedlander
2335c074b3 NEW Make shortcode parser more clever about placement
Shortcodes have traditionally had a problem that they are inside <p> tags,
but generate block level elements. This breaks HTML compliance.

This makes the shortcode parser now mutate the DOM based on the "class" attribute on
the shortcode to insert the generated block level element at the right place in the DOM

 - for "left" and "right" elements it puts them just before the block level
   element they are inside

 - for "leftAlone" and "center" elements it splits the DOM around the shortcode.

The trade off is that shortcodes are no longer "text level" features. They need
knowledge of the HTML they are in to perform this transformation, so they can
only be used in (valid) HTML
2013-02-18 10:49:52 +13:00
Ingo Schommer
7830b5d1b1 Merge remote-tracking branch 'origin/2.4' into 3.0 2013-02-17 22:43:56 +01:00
Ingo Schommer
ede381326b BUG Secure composer files from web access (fixes #8011)
Already applied to root .htaccess, but required for dynamically
generated file from installer as well. Also added upgrade instructions.
2013-02-17 22:33:04 +01:00