Ed Wilde
da56fa785b
DOC: fix invalid syntax on link
...
Fixing the markdown syntax for the link to HTTP Cache Headers.
2021-02-12 16:11:36 +13:00
Ingo Schommer
fee31c2c6c
DOCS Recommend moving .protected out of webroot
...
Note that it's currently unclear whether Silverstripe Cloud or CWP support this,
but it shouldn't block us from recommend this in the open source project.
It's documented in the "server requirements", which should make it pretty
clear that this requires you to have control over server configuration (or check with those that have).
See https://github.com/silverstripe/silverstripe-framework/issues/7710
2020-10-15 17:08:37 +13:00
Ingo Schommer
b6169a87c2
DOCS HTTP header in server requirements
2020-07-29 14:28:20 +12:00
Jackson Darlow
ae1a883b32
Added mention of Session.timeout to secure_coding docs
2020-06-12 14:43:37 +12:00
Maxime Rainville
affd43052a
Merge branch '4.5' into 4
2020-02-17 18:11:23 +13:00
Maxime Rainville
acd7d94167
Merge branch '4.4' into 4.5
2020-02-17 13:07:26 +13:00
Serge Latyntcev
ad1b00ec7d
[CVE-2019-19325] XSS through non-scalar FormField attributes
...
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
Loz Calver
f4713d95f6
Merge pull request #9333 from creative-commoners/pulls/4/canonicalurlmiddleware-docs
...
DOCS Add note about applying forceSSL to non-live environments
2019-11-25 11:37:30 +00:00
Garion Herman
bf38997b6e
DOCS Add note about applying forceSSL to non-live environments
2019-11-25 12:14:26 +13:00
Aaron Carlino
6888901468
NEW: Update docs to be compliant with Gatsby site ( #9314 )
...
* First cut
* Temporarily disable composer.json for netlify build
* POC
* New recursive directory query, various refinements
* Fix flexbox
* new styled components plugin
* Apply frontmatter delimiters
* Mobile styles, animation
* Search
* Redesign, clean up
* Nuke the cache, try again
* fix file casing
* Remove production env file
* ID headers
* Move app to new repo
* Add frontmatter universally
* Hide children changelogs
* Add how to title
* New callout tags
* Revert inline code block change
* Replace note callouts
* Fix icons
* Repalce images
* Fix icon
* Fix image links
* Use proper SQL icon
2019-11-18 17:58:33 +13:00
Maxime Rainville
d7f5ed3e65
DOC Substituce old apache syntax for Require
2019-09-25 16:59:48 +12:00
Matt Peel
7083f016c1
Update secure coding standards
...
As of SS4.0.0 and the introduction of TrustedProxyMiddleware, the default now if no trusted proxies are defined is that nothing is a trusted proxy, whereas in SS3 a missing declaration was treated as everything being allowed.
2019-09-10 12:55:24 +12:00
Robbie Averill
2d2b0b82f0
DOCS Fix incorrect rendering of note on list item
...
[ci skip]
2019-07-25 12:03:12 +02:00
Robbie Averill
af8d268cc7
DOCS Update documentation for password validation rule configuration
2018-11-13 10:55:26 +02:00
Ingo Schommer
114b0a5ea7
NEW Option for secure "remember me" cookie
...
Fixes #8234
2018-07-30 16:41:49 +01:00
Ingo Schommer
259aa06010
DOCS More resilient example domain
...
myapp.com is owned, example.com is specifically reserved for documentation use cases:
https://en.wikipedia.org/wiki/Example.com
[ci skip]
2018-06-26 10:13:36 +12:00
Ingo Schommer
2e1e8e07b9
DOCS Consistent app/ folder and composer use
...
- Stronger wording around "use composer"
- Consistent domain and email address naming
- Removed example for publishing non-composer modules (those shouldn't be encouraged)
- Removed instructions for installing modules from archives
[ci skip]
2018-06-25 10:40:19 +12:00
Damian Mooyman
3ea98cdb13
Migrate documentation from 3.x
2018-06-13 14:50:02 +12:00
Robbie Averill
1505a89a63
Update to include note about auto redirect to HTTPS for basic auth
2018-04-24 16:42:52 +12:00
Damian Mooyman
cdfb413395
Code block whitespace / formatting cleanup
2017-10-27 15:38:27 +13:00
Aaron Carlino
e7274b0ee4
Add namespaces
2017-10-27 12:45:26 +13:00
Aaron Carlino
50c8a02bff
remove tabs
2017-08-07 15:11:17 +12:00
Aaron Carlino
6c0629f025
Remove more deprecated APIs
2017-08-07 14:01:38 +12:00
Aaron Carlino
e4fba5a7b1
add use statements
2017-08-07 14:01:38 +12:00
Aaron Carlino
84feab5a68
Yeah psr2 functions
2017-08-07 14:01:38 +12:00
Aaron Carlino
4c7a068b28
classes psr2
2017-08-07 14:01:38 +12:00
Aaron Carlino
2414eaeafd
Yay, clean arrays
2017-08-07 14:01:38 +12:00
Aaron Carlino
eb1695c03d
Replace all legacy ::: syntax with GFMD tags
2017-08-07 14:01:38 +12:00
Saophalkun Ponlu
63ba092765
FIX Add namespaces in markdown docs ( #7088 )
...
* FIX Add namespaces in markdown docs
* FIX Convert doc [link] to [link-text](link-uri)
2017-07-03 13:22:12 +12:00
Sam Minnee
ccc86306b6
NEW: Add TrustedProxyMiddleware
...
API: SS_TRUSTED_PROXY_HOST_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_PROTOCOL_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_IP_HEADER replace with middleware config
API: Front-End-Https = “on” header no longer supported
This middleware replaces the TRUSTED_PROXY setting and shifts its
configuration out of the env vars and bootstrap and into the Director
flow.
2017-06-27 13:32:39 +12:00
Simon Gow
5f82997690
Secure Coding - Security Headers, Force HTTPS and Cookies
...
- Amending best practices for secure coding to enforce HTTPS
- Add security headers to enforce HTTPS
- Ensure secure cookies are used.
- Added links for testing, changed documentation as part of peer review.
- Arrange headers to work with HTTP interface.
- fixed Cache-Control case
- Added reference to Secure Sessions.
- Replaced Cardinality with unique
- Fixed innacurate reference to decendant.
- Consistent spelling
- Databases over DBMSs
2017-04-13 13:59:02 +12:00
Daniel Hensby
6e096f6172
DOCS Updated environment management docs to use .env file
2017-01-31 21:28:51 +00:00
Damian Mooyman
bfd9cb1aca
Rename SS_ prefixed classes ( #5974 )
2016-09-09 18:43:05 +12:00
Ingo Schommer
c96e031367
Moved coding conventions docs into contributing folder
...
Also created a contributing/coding_conventions landing page separately from the PHP ones, since we now need to account for JS and CSS conventions as well
2016-06-13 08:30:44 +12:00
Damian Mooyman
d52db0ba34
Merge 3 into master
...
# Conflicts:
# .travis.yml
# admin/css/ie7.css
# admin/css/ie7.css.map
# admin/css/ie8.css.map
# admin/css/screen.css
# admin/css/screen.css.map
# admin/javascript/LeftAndMain.js
# admin/scss/_style.scss
# admin/scss/_uitheme.scss
# control/HTTPRequest.php
# core/Object.php
# css/AssetUploadField.css
# css/AssetUploadField.css.map
# css/ConfirmedPasswordField.css.map
# css/Form.css.map
# css/GridField.css.map
# css/TreeDropdownField.css.map
# css/UploadField.css
# css/UploadField.css.map
# css/debug.css.map
# dev/Debug.php
# docs/en/00_Getting_Started/00_Server_Requirements.md
# docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md
# docs/en/02_Developer_Guides/06_Testing/index.md
# docs/en/02_Developer_Guides/14_Files/02_Images.md
# docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Extend_CMS_Interface.md
# filesystem/File.php
# filesystem/Folder.php
# filesystem/GD.php
# filesystem/Upload.php
# forms/ToggleField.php
# forms/Validator.php
# javascript/lang/en_GB.js
# javascript/lang/fr.js
# javascript/lang/src/en.js
# javascript/lang/src/fr.js
# model/Image.php
# model/UnsavedRelationList.php
# model/Versioned.php
# model/connect/MySQLDatabase.php
# model/fieldtypes/DBField.php
# model/fieldtypes/Enum.php
# scss/AssetUploadField.scss
# scss/UploadField.scss
# templates/email/ChangePasswordEmail.ss
# templates/forms/DropdownField.ss
# tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
# tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsUiContext.php
# tests/forms/EnumFieldTest.php
# tests/security/MemberTest.php
# tests/security/MemberTest.yml
# tests/security/SecurityTest.php
2016-04-29 17:50:55 +12:00
Daniel Hensby
745faebd81
Merge 3.2 into 3.3
...
Conflicts:
.travis.yml
2016-04-26 00:17:09 +01:00
Damian Mooyman
b8e7f9a934
Standardise spelling of "customise"
...
Fixes #3988
2016-03-30 13:17:28 +13:00
Ingo Schommer
f36b110db3
Merge remote-tracking branch 'origin/3.3'
2016-03-04 17:06:04 +13:00
Damian Mooyman
24a6c53645
Merge branch '3.2' into 3.3
...
# Conflicts:
# admin/code/ModelAdmin.php
# lang/cs.yml
# lang/lt.yml
# lang/sk.yml
2016-02-29 17:03:22 +13:00
Damian Mooyman
2c1f837442
Merge branch '3.1' into 3.2
...
# Conflicts:
# docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
# docs/en/01_Tutorials/03_Forms.md
# docs/en/02_Developer_Guides/00_Model/08_SQL_Query.md
# docs/en/02_Developer_Guides/00_Model/10_Versioning.md
# docs/en/02_Developer_Guides/03_Forms/Field_types/01_Common_Subclasses.md
# docs/en/02_Developer_Guides/03_Forms/Field_types/05_UploadField.md
# docs/en/02_Developer_Guides/09_Security/01_Access_Control.md
# docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
# docs/en/02_Developer_Guides/14_Files/01_Image.md
# docs/en/02_Developer_Guides/14_Files/index.md
# lang/cs.yml
# lang/fi.yml
# lang/sk.yml
2016-02-29 16:59:20 +13:00
Damian Mooyman
3b0a9f4ba2
Merge remote-tracking branch 'origin/3'
...
# Conflicts:
# admin/javascript/LeftAndMain.Menu.js
# control/HTTPRequest.php
# css/GridField.css
# css/GridField.css.map
# docs/en/02_Developer_Guides/03_Forms/Field_types/01_Common_Subclasses.md
# docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md
# docs/en/02_Developer_Guides/06_Testing/index.md
# docs/en/02_Developer_Guides/14_Files/01_File_Management.md
# docs/en/02_Developer_Guides/14_Files/02_Images.md
# filesystem/Upload.php
# javascript/HtmlEditorField.js
# model/Image.php
# model/connect/MySQLDatabase.php
# model/fieldtypes/Enum.php
# model/versioning/Versioned.php
# scss/GridField.scss
2016-02-25 14:51:59 +13:00
Damian Mooyman
5f2d3f31d7
Merge remote-tracking branch 'origin/3.2' into 3.3
...
# Conflicts:
# dev/DevelopmentAdmin.php
# docs/en/02_Developer_Guides/08_Performance/02_HTTP_Cache_Headers.md
# lang/cs.yml
# lang/lt.yml
2016-02-24 17:29:06 +13:00
Damian Mooyman
ff5ed6efeb
Merge remote-tracking branch 'origin/3.2.2' into 3.2
2016-02-24 17:03:43 +13:00
Damian Mooyman
06d5050321
Merge remote-tracking branch 'origin/3.1.17' into 3.1
2016-02-24 16:54:18 +13:00
Ingo Schommer
37059eb6b3
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-24 11:47:16 +13:00
Ingo Schommer
faa94d51d5
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-24 11:33:54 +13:00
Ingo Schommer
893e49703d
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-18 17:28:54 +13:00
David Alexander
903379bde2
DOCS 3.2 : fixing api: links now that api: tag parser working
...
fixed a couple of external links
fixed a docs link
2016-02-17 18:02:38 -07:00
David Alexander
febbd35b51
DOCS 3.1 : fixing api: links
...
missed one
2016-02-17 03:00:22 -07:00
Damian Mooyman
e6b877df27
Merge remote-tracking branch 'origin/3'
...
# Conflicts:
# control/Director.php
# control/HTTP.php
# core/startup/ParameterConfirmationToken.php
# docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md
# docs/en/00_Getting_Started/04_Directory_Structure.md
# docs/en/00_Getting_Started/05_Coding_Conventions.md
# docs/en/01_Tutorials/01_Building_A_Basic_Site.md
# docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
# docs/en/01_Tutorials/03_Forms.md
# docs/en/01_Tutorials/04_Site_Search.md
# docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
# docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md
# docs/en/02_Developer_Guides/13_i18n/index.md
# docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
# docs/en/03_Upgrading/index.md
# docs/en/changelogs/index.md
# docs/en/howto/customize-cms-menu.md
# docs/en/howto/navigation-menu.md
# docs/en/index.md
# docs/en/installation/index.md
# docs/en/installation/windows-manual-iis-6.md
# docs/en/misc/contributing/code.md
# docs/en/misc/contributing/issues.md
# docs/en/misc/module-release-process.md
# docs/en/reference/dataobject.md
# docs/en/reference/execution-pipeline.md
# docs/en/reference/grid-field.md
# docs/en/reference/modeladmin.md
# docs/en/reference/rssfeed.md
# docs/en/reference/templates.md
# docs/en/topics/commandline.md
# docs/en/topics/debugging.md
# docs/en/topics/email.md
# docs/en/topics/forms.md
# docs/en/topics/index.md
# docs/en/topics/module-development.md
# docs/en/topics/modules.md
# docs/en/topics/page-type-templates.md
# docs/en/topics/page-types.md
# docs/en/topics/search.md
# docs/en/topics/testing/index.md
# docs/en/topics/testing/testing-guide-troubleshooting.md
# docs/en/topics/theme-development.md
# docs/en/tutorials/1-building-a-basic-site.md
# docs/en/tutorials/2-extending-a-basic-site.md
# docs/en/tutorials/3-forms.md
# docs/en/tutorials/4-site-search.md
# docs/en/tutorials/5-dataobject-relationship-management.md
# docs/en/tutorials/building-a-basic-site.md
# docs/en/tutorials/dataobject-relationship-management.md
# docs/en/tutorials/extending-a-basic-site.md
# docs/en/tutorials/forms.md
# docs/en/tutorials/index.md
# docs/en/tutorials/site-search.md
# main.php
# model/SQLQuery.php
# security/ChangePasswordForm.php
# security/MemberLoginForm.php
# tests/control/ControllerTest.php
# tests/core/startup/ParameterConfirmationTokenTest.php
# tests/model/SQLQueryTest.php
# tests/security/SecurityTest.php
# tests/view/SSViewerTest.php
# view/SSTemplateParser.php
# view/SSTemplateParser.php.inc
# view/SSViewer.php
2016-01-20 13:16:27 +13:00