tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-05 19:09:27 +02:00
Code Issues Projects Releases Wiki Activity
15,325 Commits 29 Branches 517 Tags 147 MiB
8865f680e6
Commit Graph

357 Commits

Author SHA1 Message Date
Daniel Hensby
e7ecf6cf15
FIX Bad strpos call in HTTP::register_etag() 2016-09-06 23:32:57 +01:00
Daniel Hensby
56f0b72e8d
FIX ETag header now properly quoted 2016-08-11 15:49:29 +01:00
Daniel Hensby
a0812f987a
Merge 3.1 into 3.2 
Conflicts:
	admin/javascript/LeftAndMain.js
	control/HTTPRequest.php
	docs/en/00_Getting_Started/00_Server_Requirements.md
 2016-04-26 00:09:33 +01:00
Daniel Hensby
817b836870 FIX getIP from behind a load-balancer that adds many IPs to the header 2016-03-01 21:07:48 +00:00
Ingo Schommer
37059eb6b3 [ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers 2016-02-24 11:47:16 +13:00
Ingo Schommer
faa94d51d5 [ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers 2016-02-24 11:33:54 +13:00
Damian Mooyman
302c741b07 Merge remote-tracking branch 'origin/3.1' into 3.2 
Conflicts:
	control/HTTP.php
	forms/Form.php
	tests/view/SSViewerTest.php
 2015-11-16 16:50:40 +13:00
Damian Mooyman
b943a0c6dd Merge remote-tracking branch 'origin/3.1.16' into 3.1 2015-11-16 16:30:24 +13:00
Hamish Friedlander
53b3bc707b [ss-2015-025]: FIX Dont expose class on error 2015-11-11 17:46:46 +13:00
Hamish Friedlander
f290d869e0 [ss-2015-025]: FIX Dont expose class on error 2015-11-11 16:55:23 +13:00
Igor Nadj
f577ecb811 FIX: prevent use cache on browser back button 2015-11-05 16:09:16 +13:00
Patrick Nelson
f192a6ecaf FIX #4392: Ensure headers are checked first before being clobbered by globally maintained state. Also ensuring tests utilize separate responses for isolation. 2015-10-09 13:50:33 -04:00
Damian Mooyman
278caa86f4 Merge pull request #4636 from spekulatius/converting-spaces-to-tabs 
converting spaces as intentation to tabs
 2015-10-06 11:51:45 +13:00
Will Morgan
85654a495f Merge pull request #4635 from spekulatius/adding-space-before-casting 
adding a space before casting into a different type
 2015-09-28 11:17:08 +01:00
Peter Thaleikis
5fda95d951 converting spaces as intentation to tabs 2015-09-28 22:21:30 +13:00
Peter Thaleikis
21216b47ab remove trailing spaces in the codebase 2015-09-28 22:21:08 +13:00
Peter Thaleikis
e6084b7ad2 adding a space before casting into a different type 2015-09-28 22:21:02 +13:00
Damian Mooyman
309ac0d196 Merge remote-tracking branch 'origin/3.1' into 3.2 
Conflicts:
	.travis.yml
	admin/code/CMSProfileController.php
	admin/tests/LeftAndMainTest.php
	control/HTTP.php
	security/Permission.php
	tests/forms/FormTest.php
	tests/model/ArrayListTest.php
	tests/security/PermissionTest.php
 2015-09-09 14:35:29 +12:00
Ingo Schommer
dc650e3cf1 Clarify use of HTTP Pragma response header 
The HTTP Pragma header is obsolete for HTTP 1.1,
and technically only defined for a HTTP request (not response).
Refer to https://www.mnot.net/cache_docs/#PRAGMA
,http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32.
It is superseded by the "Cache-Control" directive.

See HTTP 1.1 spec at https://tools.ietf.org/html/rfc7234#section-5.4:
'Because the meaning of "Pragma: no-cache" in responses is
not specified, it does not provide a reliable replacement for
"Cache-Control: no-cache" in them.'

Sending a "Pragma: nocache" response header is a prudent
backwards compatibility measure for HTTP 1.0 clients.
The intended behaviour is for the majority clients as well as any
intermediary proxies to ignore this header.

Sending an empty Pragma is a known hack
for preventing PHP from adding "Pragma: nocache" to responses
with started sessions (see http://php.net/session_cache_limiter),
since PHP does not allow unsetting existing header() calls.
 2015-09-01 11:45:30 +12:00
Damian Mooyman
4a011303b9 Add missing packages 2015-08-24 16:15:38 +12:00
Damian Mooyman
1686c83826 Revert #3425 #3396 to restore deprecated functionality 
Fixes #4514
 2015-08-24 11:26:25 +12:00
Damian Mooyman
7ee444e08a Merge remote-tracking branch 'origin/3.1' into 3.2 
Conflicts:
	admin/code/LeftAndMain.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	filesystem/File.php
	model/DataObject.php
	model/DataQuery.php
	search/filters/FulltextFilter.php
	search/filters/SearchFilter.php
	tests/core/ClassInfoTest.php
	tests/filesystem/FileTest.php
	tests/model/DataListTest.php
 2015-07-31 11:38:18 +12:00
Daniel Hensby
ffbeac6b7d Ensuring classinfo is case insensitive 2015-07-28 11:17:50 +01:00
Loz Calver
778161931b Merge pull request #4325 from dhensby/pulls/http-fix 
Fixing issues with HTTP cache control
 2015-07-23 14:12:41 +01:00
Daniel Hensby
ca8d0f2818 Merge branch '3.1' into 3.2 
Conflicts:
	dev/Debug.php
	docs/en/05_Contributing/01_Code.md
	forms/FormField.php
	i18n/i18nTextCollector.php
	model/DataQuery.php
 2015-07-20 10:48:01 +01:00
Daniel Hensby
33d93c2a31 Fixing issues with HTTP cache control 2015-06-29 22:16:02 +01:00
Damian Mooyman
e14f743bf0 Set deprecation level for all changes in 3.x to 4.0 2015-06-19 13:07:41 +12:00
Damian Mooyman
78a3f703f2 Merge pull request #4178 from dhensby/pulls/cookie-name-normalisation 
NEW Cookie names with dots are now handled more gracefully
 2015-06-15 11:35:39 +12:00
Daniel Hensby
eaec2ad9a8 Safe unnesting of Config and Injector 2015-06-15 00:23:40 +01:00
Jeremy Shipman
e766658ee3 API: Allow HTTP Cache Headers to be customized 2015-06-13 12:16:56 +12:00
Damian Mooyman
8331171f2c Merge remote-tracking branch 'origin/3.1' into 3 
Conflicts:
	.scrutinizer.yml
	admin/javascript/LeftAndMain.Panel.js
	core/startup/ParameterConfirmationToken.php
	dev/Debug.php
	dev/FixtureBlueprint.php
	docs/en/00_Getting_Started/05_Coding_Conventions.md
	docs/en/00_Getting_Started/index.md
	docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
	filesystem/File.php
	filesystem/Folder.php
	forms/FieldList.php
	forms/LabelField.php
	forms/MoneyField.php
	forms/TextField.php
	forms/TreeDropdownField.php
	forms/Validator.php
	forms/gridfield/GridField.php
	forms/gridfield/GridFieldExportButton.php
	lang/de.yml
	lang/fi.yml
	model/DataObject.php
	model/SQLQuery.php
	parsers/ShortcodeParser.php
	security/ChangePasswordForm.php
	security/Security.php
	tests/control/DirectorTest.php
	tests/core/startup/ParameterConfirmationTokenTest.php
	tests/dev/FixtureBlueprintTest.php
	tests/forms/FieldListTest.php
	tests/forms/MoneyFieldTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
 2015-06-02 19:13:38 +12:00
Damian Mooyman
0a8f328947 Fix merge / test regressions 2015-05-28 16:59:05 +12:00
Damian Mooyman
75137dbab2 Ensure only trusted proxy servers have control over certain HTTP headers 2015-05-28 10:12:46 +12:00
Damian Mooyman
22a35e48a9 BUG Fix malformed urls redirecting to external sites 2015-05-28 10:12:18 +12:00
Daniel Hensby
ce5a8f2b41 NEW Cookie names with dots are now handled more gracefully 2015-05-12 10:49:58 +01:00
Stevie Mayhew
0d94cf15a5 UPDATE: change all instances of $this->request to use appropriate getter/setter 2015-04-30 11:04:08 +12:00
Daniel Hensby
060c550d75 Merge pull request #4039 from jacobbuck/httpresponse-isfinished-status 
Add more 3xx status codes to SS_HTTPResponse::isFinished() method
 2015-03-31 21:21:00 +01:00
Damian Mooyman
43f49e8434 Merge remote-tracking branch 'origin/3.1' into 3 
Conflicts:
	admin/code/ModelAdmin.php
	control/Director.php
	model/SQLQuery.php
	security/Member.php
	tests/control/HTTPTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
	tests/view/SSViewerTest.php
 2015-03-31 19:54:15 +13:00
Sean Harvey
a7d3f89136 BUG Check for existence of HTTP_USER_AGENT to avoid E_NOTICE error. 
In some cases, a request may not have an HTTP_USER_AGENT. This should
check the variable exists before attempting to check it. The specific
case where it failed for me was Active Directory Federation Services
sending a web request to a SilverStripe site, but failing because it
doesn't have an agent string.
 2015-03-26 12:17:22 +13:00
Jacob Buck
03ec9e80f0 Add more 3xx status codes to SS_HTTPResponse::isFinished method 2015-03-26 11:48:24 +13:00
Damian Mooyman
ee9bddb808 BUG Fix SS-2015-010 2015-03-20 17:30:37 +13:00
Daniel Hensby
f568052044 Testing empty absolute urls and more thorough tests 2015-03-13 13:56:14 +00:00
Damian Mooyman
dff65867cc Merge remote-tracking branch 'origin/3.1' into 3 
Conflicts:
	control/HTTP.php
	control/HTTPResponse.php
	docs/en/05_Contributing/01_Code.md
	forms/CompositeField.php
	forms/FormAction.php
	forms/FormField.php
	forms/InlineFormAction.php
	forms/NumericField.php
	forms/TreeDropdownField.php
	forms/TreeMultiselectField.php
	templates/forms/TreeDropdownField.ss
	tests/core/CoreTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataDifferencerTest.php
 2015-02-20 10:17:19 +13:00
Fred Condo
5047143e7b Correct return statements in SS_HTTPResponse 
- setBody failed to return a value; it now returns $this as related methods do
- getHeader had an extra, unreachable return statement; removed
 2015-02-18 10:32:33 -08:00
jaredkipe
de09bffd84 Update Controller to allow extension in handleAction() 
Controller's parent class (RequestHandler) has two extensions in its handleAction() method that are obscured by Controller's implementation.
 2015-02-08 19:43:44 +13:00
Damian Mooyman
70e0d60f93 BUG Fix developer output in redirection script 2015-02-05 11:32:31 +13:00
John Milmine
06b142a1e5 adding config variable to cancel ajax caching 2015-01-29 14:19:08 +13:00
Pedro Rodrigues
77f2c81e3d Minor typo on HTTPRequest.php 2015-01-24 21:07:40 +01:00
Damian Mooyman
0b1f297873 Merge remote-tracking branch 'origin/3.1' 
Conflicts:
	.travis.yml
	README.md
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/screen.scss
	api/RestfulService.php
	conf/ConfigureFromEnv.php
	control/injector/ServiceConfigurationLocator.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	core/Object.php
	css/AssetUploadField.css
	css/ComplexTableField_popup.css
	dev/CSSContentParser.php
	dev/DevelopmentAdmin.php
	docs/en/changelogs/index.md
	docs/en/misc/contributing/code.md
	docs/en/reference/execution-pipeline.md
	filesystem/GD.php
	filesystem/ImagickBackend.php
	filesystem/Upload.php
	forms/Form.php
	forms/FormField.php
	forms/HtmlEditorConfig.php
	forms/gridfield/GridFieldDetailForm.php
	forms/gridfield/GridFieldSortableHeader.php
	lang/en.yml
	model/Aggregate.php
	model/DataList.php
	model/DataObject.php
	model/DataQuery.php
	model/Image.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	model/fieldtypes/HTMLText.php
	model/fieldtypes/Text.php
	scss/AssetUploadField.scss
	search/filters/SearchFilter.php
	security/Authenticator.php
	security/LoginForm.php
	security/Member.php
	security/MemberAuthenticator.php
	security/MemberLoginForm.php
	security/Security.php
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
	tests/control/HTTPTest.php
	tests/control/RequestHandlingTest.php
	tests/filesystem/UploadTest.php
	tests/forms/FormTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataListTest.php
	tests/model/DataObjectTest.php
	tests/model/TextTest.php
	tests/security/MemberAuthenticatorTest.php
	tests/security/SecurityDefaultAdminTest.php
	tests/view/SSViewerCacheBlockTest.php
	tests/view/SSViewerTest.php
 2014-11-18 12:45:54 +13:00
Simon Welsh
73b591a79d Correct regression around ?flush 
?flush used to work. There's no reason why it shouldn't.
 2014-10-30 20:51:05 +11:00