Commit Graph

53 Commits

Author SHA1 Message Date
Hamish Friedlander
dacb2aa638 FIX HtmlEditorField not re-checking sanitisation server side 2013-07-04 08:53:23 +12:00
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Sean Harvey
726e4c313e Merge pull request #2084 from chillu/pulls/cmsform
Handle ValidationException on CMS forms
2013-06-18 14:41:51 -07:00
vikas srivastava
2f16d93d48 Update 3.1.0.md
I was trying 
Member:
  extensions:
    MyMemberExtension

And it didn't work then someone on IRC pointed that I need to put a '-' before values. So this works.
Member:
  extensions:
    - MyMemberExtension
Hope will help someone else.
2013-06-17 14:21:46 +05:30
CheeseSucker
091e34e2e8 [MINOR] Typo 2013-06-15 02:49:52 +03:00
Ingo Schommer
9d4b8f61ca Note about IE10 support 2013-06-13 10:27:19 +02:00
Ingo Schommer
bfff11eb9c API New CMSForm class to allow validation responses in CMS (fixes #1777)
Thanks to @willmorgan for getting this discussion started
(see https://github.com/silverstripe/sapphire/pull/1814).
2013-06-13 07:51:05 +02:00
Damian Mooyman
163917b83e Fixed scrutiniser issues 2013-05-27 15:42:10 +12:00
Damian Mooyman
7f057ce343 API UploadField functions on new records
Fixed regression from 1e5d40474d (UploadField::canPreviewFolder).
Merged in pull request #2009 - (6018bdd631).
Merged pull request #1259 (34bfc862ee).
2013-05-27 15:22:59 +12:00
Simon Welsh
e90012787d Merge branch 'hackfest_may_2013' of https://github.com/NightJar/sapphire into 3.1
Conflicts:
	docs/en/changelogs/3.1.0.md
2013-05-25 20:07:54 +12:00
Nightjar
5ec8158977 Check that Webserver is not Apache/1.x in light of installer assets/.htaccess alterations 2013-05-25 20:03:36 +12:00
Stephen Shkardoon
5e5b892043 Note for magic quotes change 2013-05-25 20:02:51 +12:00
Damian Mooyman
6e0e3564e1 NEW Added beforeExtending, afterExtending, and beforeUpdateCMSFields to allow user code better control over interaction with extending methods 2013-05-16 10:34:45 +12:00
Ingo Schommer
d877c1063d Updated changelog, moved "statics in Page.php" to top
Its going to be a fatal error on every upgrade unless tended to,
so we need to ensure people don't overlook it in the guide.
2013-04-18 18:28:09 +02:00
Ingo Schommer
ae09301c8c Revert deprecation of Object::add_extension() usage
This reverts commit 14b997eea3.
Its just not practical to use the Config API as it stands,
the add_extension() wrapper does more than just a Config->update().

Most use cases can be covered via YML, but any conditional
additions (e.g. in unit tests) can still benefit from the
add_extensions() shorthand.
2013-04-11 11:40:53 +02:00
Ingo Schommer
14b997eea3 API Deprecated Object::add_extension() usage (as of 3.2) 2013-04-09 15:00:34 +02:00
Ingo Schommer
baca12bf37 3.1 changelog summaries 2013-04-09 13:36:39 +02:00
Ingo Schommer
01f46d039f NEW Enforce max node counts to avoid excessive resource usage
Rendering potentially 1000s of nodes can exceed the CPU and memory constraints
of a normal PHP process, as well as the rendering capabilities of browsers.
Set a hard maximum for the renderable nodes, deferring to a "show as list" action
in the main CMS tree. For TreeDropdownField, we don't have the list fallback option,
so ask the user to search for the node title instead.

Also makes both the "node_threshold_total" and "node_threshold_leaf" values configurable
2013-04-09 10:24:18 +12:00
s-m
6a95db0eff API: Support inequalities in templates
This adds support for <, <=, >, >= in templates
2013-04-08 17:07:39 +02:00
Ingo Schommer
f296439a24 NEW Hints for scaffolded date/time fields 2013-04-08 19:38:50 +12:00
Ingo Schommer
828ac7fe4f API Replaced SSViewer.custom_theme with SSViewer.theme_enabled
Since we can't influence the setting of configuration values,
we also can't set/unset the 'custom_theme' value based on which
theme is set. This means the 'custom_theme' value goes stale,
and we can't rely on it e.g. in FilesystemPublisher.

The 'theme_enabled' toggle is a cleaner solution to the same problem,
since the 'custom_theme' was really just a way to remember the original
theme, while still disabling it. The toggle makes this more explicit,
but also requires users of the 'theme' setting to check for it.
2013-04-07 23:59:10 +02:00
Ingo Schommer
e97c034922 API i18n::$common_languages and i18n::$common_locales converted to Config API
They are now accessed via the Config API, and contain associative rather than indexed arrays.
Before: `array('de_DE' => array('German', 'Deutsch'))`, after: `array('de_DE' => array('name' => 'German', 'native' => 'Deutsch'))`.

Also fixed a i18n.js_i18n config accessor
2013-03-27 20:42:46 +01:00
Ingo Schommer
8b4fb6ef0f Clarified 3.1 upgrading docs 2013-03-26 19:01:36 +01:00
Ingo Schommer
4ea98ae440 Removed Object::*_extension() non-LSB deprecation
Its just a simplication, and unnecessarily complicates
module compatibilities.
2013-03-26 00:31:25 +01:00
Ingo Schommer
7470f5e0b6 More upgrading notes about 3.1 and statics 2013-03-25 22:09:21 +01:00
Ingo Schommer
c8f26e673a 3.1 changelog improvements 2013-03-25 09:52:55 +01:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
81a51331d6 IX Load _config.php's after static config manifest
This allows more sophisticated handling of config alterations
in _config.php. One example is additions to DataObject::$db
based on configuration which requires some processing.

See https://github.com/unclecheese/TranslatableDataObject/blob/master/TranslatableDataObject.php
2013-03-21 00:16:36 +01:00
Ingo Schommer
5b83de4049 Added note about deprecations to 3.1 upgrading guide 2013-03-20 10:28:39 +01:00
Ingo Schommer
250834d9d2 Updated browser requirements, dropping IE7 support
See https://groups.google.com/forum/?fromgroups=#!topic/silverstripe-dev/GahZfDLvb-I
2013-03-18 14:33:43 +01:00
Hamish Friedlander
a2845735b0 Update 3.1.0 upgrading notes for casting changes 2013-03-14 12:49:34 +13:00
Sam Minnée
09377f0ba4 Added upgrade note for config static immutability
Config statics are now immutable for performance, this requires an upgrade change.
2013-03-13 11:22:41 +13:00
Ingo Schommer
53e988bb09 Merge remote-tracking branch 'origin/3.1.0-beta2' into 3.1 2013-03-12 10:45:44 +01:00
Ingo Schommer
43fb566388 Note about RestfulService SSL verification in upgrading guide 2013-02-18 15:59:15 +01:00
Ingo Schommer
88867cdd23 API Deprecated ScheduledTask and subclasses
Base CliController or BuildTask instead, with custom cron job intervals.
2013-02-18 14:01:15 +01:00
Hamish Friedlander
5fd55a50f2 API Tighten up allowed_actions
allowed_actions is now only allowed to reference public methods defined
on the same Controller as the allowed_actions static, and
the wildcard "*" has been deprecated
2013-02-18 14:53:33 +13:00
Ingo Schommer
f72a024af5 Updated changelog notes 2012-12-18 10:40:05 +01:00
Ingo Schommer
75b0c3ec8f Added 3.1.0-beta1 changelog 2012-12-17 00:47:36 +01:00
Ingo Schommer
1848d7e90a API Check model permissions in GridField 2012-12-17 00:46:51 +01:00
Ingo Schommer
6f9d01f621 API FormField->setDescription() visible in default template
Renders into <span class="description"> instead of "title" attribute
2012-12-14 01:58:04 +01:00
Ingo Schommer
b65180a7f6 Changelog update for grouped CMS buttons 2012-12-14 01:56:24 +01:00
Hamish Friedlander
27113f82c3 API Make DataList and ArrayList immutable
In 3.0 there was some confusion about whether DataLists and ArrayLists
were mutable or not. If DataLists were immutable, they'd return the result, and your code
would look like

  $list = $list->filter(....);

If DataLists were mutable, they'd operate on themselves, returning nothing, and your code
would look like

 $list->filter(....);

This makes all DataLists and ArrayList immutable for all _searching_ operations.
Operations on DataList that modify the underlying SQL data store remain mutating.

- These functions no longer mutate the existing object, and if you do not capture the value
returned by them will have no effect:

  ArrayList#reverse
  ArrayList#sort
  ArrayList#filter
  ArrayList#exclude

  DataList#dataQuery (use DataList#alterDataQuery to modify dataQuery in a safe manner)
  DataList#where
  DataList#limit
  DataList#sort
  DataList#addFilter
  DataList#applyFilterContext
  DataList#innerJoin
  DataList#leftJoin
  DataList#find
  DataList#byIDs
  DataList#reverse

- DataList#setDataQueryParam has been added as syntactic sugar around the most common
cause of accessing the dataQuery directly - setting query parameters

- RelationList#setForeignID has been removed. Always use RelationList#forForeignID
when querying, and overload RelationList#foreignIDList when subclassing.

- Relatedly,the protected variable RelationList->foreignID has been removed, as the ID is
now stored on a query parameter. Use RelationList#getForeignID to read it.
2012-12-14 13:30:35 +13:00
Ingo Schommer
644cc79ebb API Removed methods previously deprecated in 3.0 2012-12-14 01:16:47 +01:00
Ingo Schommer
5fed5b91c9 API Moved email bounce handling to new 'emailbouncehandler' module 2012-12-12 23:36:42 +01:00
Ingo Schommer
548ad503ed API Removed keyed arrays for title/value setting in SelectionGroup
Use SelectionGroup_Item class instead. Necessary because
of removal of array key support from ArrayList (see d12b49702).
2012-12-11 11:06:06 +01:00
Ingo Schommer
fb076c0396 API Deprecated global email methods, moved to Mailer class
Code reorganization to reduce global scope pollution.
Removed non-functional `$inlineImages` option for sending emails.
2012-12-09 22:09:35 +01:00
Sean Harvey
4ea5bc5679 adding notes about deprecated things in the core 2012-11-16 11:57:53 +13:00
Sean Harvey
078a8e9c2b Adding note about Object::add_extension() and has_extension() changes 2012-11-07 11:07:56 +13:00
Ingo Schommer
a3295e2a37 API File->canEdit() returns TRUE by default (not checking CMS perms)
This is a measure to support form fields and controllers
interacting with files in different contexts,
for example an UploadField used in a ModelAdmin,
or a website frontend. The check for 'CMS_ACCESS_AssetAdmin'
was too restricting. This wasn't a problem in 2.x simply because
the old FileField/Upload classes didn't respect File->can*()
permissions.
2012-10-12 15:42:06 +02:00
Ingo Schommer
38e7df2e91 NEW Enable SiteTree::$nested_urls by default 2012-10-08 17:05:05 +02:00